Page 1


VOL/06 | ISSuE/09



Veneeth purushotaman’s BI project for HyperCITy Retail raked in cash and taught him valuable lessons.

The Trouble wiTh

B.I Surviving nine of the most crucial rounds in a BI fight. Page 44

y 15, 2011 | `100.00 www.CIO.IN

BYoD: Bring it on Essar takes on the personal devices of 5,000 users.

View from the top Gagan Rai on how IT tracks assets the size of India’s GDP.

Page 78

Page 66

From The Editor-in-Chief

Publisher, President & CEO Louis D’Mello E d i to r i a l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR Gunjan Trivedi Features Editor Sunil Shah Senior Copy Editor Shardha Subramanian Senior correspondents Anup Varier, Sneha Jha, Varsha Chidambaram Correspondent Debarati Roy Trainee Journalists Jay Anil Maniyar, Shweta Rao, Shubhra Rishi Product manager Online Sreekant Sastry

No Fight Required

Keep your strategy simple, your team sharp, and delegate while staying in control—that’s an ancient path to success.

Custo m Pu b l i s h i n g

“Those who are skilled in combat do not become angered, those who are skilled at winning do not become afraid. Thus the wise win before the fight, while the ignorant fight to win” – Zhuge Liang

Wisdom knows no limitations, specially not those of time. I’ve reflected upon this many times recently while re-reading a translation of a Chinese epic. The Romance of the Three Kingdoms is a 14th Century historical novel, which deals with China of the first and second century A.D. Much like the Mahabharata, this epic too is a complex tale with many sub-plots. One of my favourite sections deals with the Battle of the Red Cliffs and the role played by Zhuge Liang, a key military and political strategist. Through determined effort and the able handling of people, Liang was able to help defeat an army four times bigger at the Red Cliffs. I’ve found valuable lessons in this for everyone—me and you included. His first precept is to employ capable people, assign them tasks they are best suited to and then evaluate them without allowing personal prejudice to get in the way. He next focuses on uniting the hearts of his troops before entering a battle. While Liang is all for gathering intelligence and puts a value on information, he puts equal emphasis on ensuring that his troops are aware of his aims and that his instructions are clear and easy to understand. Interestingly, one of his recommended strategies is to reach out to as many people as possible and avoid making unnecessary enemies. Liang’s other diktat, that can make a significant difference to anyone’s efforts, is to take full responsibility for all endeavors. Over the distance of the centuries, the veracity of Liang’s advice calls out to us: Stay focused on goals, delegate to capable people, keep your directions simple and clear, reach out and build bridges with people and take the lead in everything. Do you think Zhuge Liang’s strategy will work for you? Write in and let me know.

Principal Correspondents Aditya Kelekar, Gopal Kishore, Trainee Journalist Vinay Kumar Design & Production Lead Designers Jinan K V, Jithesh C.C, Vikas kapoor Senior Designers Pradeep Gulur, Unnikrishnan A.V. Designers Amrita C. Roy, Sabrina Naresh, Lalita Ramakrishna Production Manager T. K. Karunakaran Ev e n t s & A u d i e n c e D e v e l op m e n t Vice President Events Rupesh Sreedharan Sr. Managers projects Ajay Adhikari, Chetan Acharya, Pooja Chhabra Asst. manager Tharuna Paul Senior executive Shwetha M. Management Trainees Archana Ganapathy, Saurabh Pradeep Patil, Sales & Marketing President Sales & Marketing Sudhir Kamath VP Sales Sudhir Argula Asst. VP Sales Parul Singh AGM Marketing Siddharth Singh Manager Key Accounts Kalyan Basu, Minaz Adenwala Sakshee Bagri Manager Sales Varun Dev Asst. Manager Marketing Ajay S. Chakravarthy Associate Marketing Dinesh P. Asst. Manager Sales Support Nadira Hyder Management Trainees Anuradha Hariharan Iyer Arpit Mudgal Benjamin Anthony Jeevan Raj, Javeed Budhwani, Rima Biswas Finance & Admin Financial Controller Sivaramakrishnan T. P. Manager Accounts Sasi Kumar V. Asst. Manager Credit Control Prachi Gupta

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief 2

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

7/11/2011 7:00:29 PM

The data that drives our world is evolving. Innovations in virtualisation, cloud computing, automation and sustainable IT aren’t just transforming your data centre — they’re opening up a new universe of possibilities for your business. Because when there’s no centre, everything is within reach.

DATA HAS NO CENTRE StarHub is keeping pace with rapid data growth thanks to a 10-year partnership with Hitachi Data Systems. A virtualised infrastructure mitigates costs and allows StarHub to deliver high-availability services to its customers — no matter how much data they create. Learn how at:

© Hitachi Data Systems Corporation 2011. All Rights Reserved.

From The governing board

Gov e rn i n g BOARD Alok Kumar VP & Global Head-Internal IT& Shared Services, TCS

A Circle of Handshakes Using a project champion from the business to get user buy-in is a great strategy, but it also needs to be thought through. It’s a well-known fact that the lack of user acceptance is behind many a botched IT project. That’s why, today, finding a way to win user acceptance is a pre-requisite for CIOs. Yet, it’s easier said than done. From years of doing this, I have plotted a multipronged strategy that’s increased my chances of success manifold. First, whenever I initiate a project, I select one enthusiastic user as a project owner or champion. This works like magic. The trick, however, is finding the right person. We exercise a great deal of circumspection in selecting a champion. I ask department heads to recommend people from within their departments who are enthusiastic, can influence others, and have an intimate understanding of business requirements. Finding someone who fits all these criteria isn’t easy, but it’s the best way to get buy-in for enterprisewide technology implementations. Start with this premise and half the battle is won. It doesn’t end there. These evangelists have to drive change within their departments to ensure the continued success of a project as it progresses. And for this they need to involve their peers early and often. To help, we explain the rationale of a project and how it will ease their burden and increase efficiency. Here’s a tip: The more stakeholders in the room the merrier. There’s a psychological dimension to winning people over. When users own and track the progress of a project it acts as a huge motivator for both. It also makes them less dependent on IT from a functional perspective. On IT’s side, I empower them by helping them understand each system end-to-end. It helps if, like us at JWT, you work with the young guard. Imbibing new technology is second nature to them. But this has a flip side: I cannot disregard their opinions. It’s a two-way street. It means that I need to be very open-minded, receptive, and attentive to their needs. The final step toward user acceptance is training. We invest in training both onsite and off-site. With large-scale training sessions, we select user champions to train people down the line. I also believe that you must celebrate after a good implementation and laud user efforts publicly. Implementation is not the be-all and end-all, user acceptance is.

Amrita Gangotra Director-IT (India & South Asia), Bharti Airtel Anil Khopkar GM (MIS) & CIO, Bajaj Auto Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group C.N. Ram Group CIO, Essar Group Devesh Mathur Chief Technology & Services Officer, HSBC Gopal Shukla VP-Business Systems, Hindustan Coca-Cola Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints Murali Krishna K SVP & Group Head CCD, Infosys Technologies Navin Chadha IT Director, Vodafone Essar Pravir Vohra Group Chief Technology Officer, ICICI Bank Rajeev Batra CIO, Sistema Shyam Teleservices (MTS India) Rajesh Uppal Executive Officer IT & CIO, Maruti Suzuki India S. Anantha Sayana Head-Corporate IT, L&T Sanjay Jain CIO & Head Global Transformation Practice, WNS Global Services Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu Group CIO, ITC

Bangalore: Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Phone: 080-3053 0300, Fax: 3058 6065

Sunil Mehta is Sr. VP & Area Systems DirectorCentral Asia, JWT

Delhi: New Bridge Buisness Centers, 5th and 6th Floor, Tower-B, Technolopolis. Golf Course Road, Sector 54 Gurgaon- 122002, Haryana Phone: 0124-4626256, Fax: 0124-4375888 Mumbai: 201, Madhava, Bandra Kurla Complex,Bandra (E), Mumbai 400 051, Phone: 022-3068 5000, Fax: 2659 2708


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Content,Editorial,Colophone.indd 4

7/11/2011 7:00:34 PM

con nten ntts jULy ULy 15, 2011 | VOL/6 | ISSUE/09 UL

Case Files 78 | essar group bYod Say BYOD, and CIOs cringe. They complain of security, supporting a flood of devices and losing control. But the CIO of Essar Group just proved his peers wrong. Here’s how. Feature by debarati roy

82 | mSm auTomaTion How broadcasting company MSM’s digital content transfer strategy saved it over a crore a year. Feature by sneha Jha


84 | nilkamal

4 4

inTegraTion Nilkamal’s attempt to boost the effectiveness of its sales people with Salesforce was being stymied by an inability to efficiently link the SaaS-CRM tool with Nilkamal’s ERP. Could IT find a way? Feature by Varsha Chidambaram

more »

44 | Analyze This

6 6

Cover STorY | buSineSS inTelligenCe If you think you know what you’re getting into with a business intelligence project, think again. Feature by anup Varier and gunjan trivedi t

94 | R.I.P. IT Value FeaTure | iT value Business outcomes from technology investments are all that really matter. The CIO’s challenge is finding new ways to prove IT’s worth. Feature by stephanie Overby vieW From The ToP:

more »

VOL/6 | ISSUE/09

“we need to lower costs to facilitate financial deepening. and that’s only possible with the help of it,” says gagan rai, md & CeO, nsdl.

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1



(cont.) departments 2 | From the editor-in-Chief No Fight Required By Vijay Ramachandran

4 | From the Governing Board User Acceptance | A Circle of Handshakes Sunil Mehta, JWT

11 | trendlines

5 7 4

Innovation| Your ID in Your Hands, Literally! Quick Take | Patent Wars Voices | The CIOs Role in Corporate Espionage Web Threats | Riddled by Spear Phishing Devices | Galaxy Tabs Get Onboard Mobile Apps | Life Saver App Internet |The Chronicles of Indians Online Social Media | Joining the Forces Security | Virtual Combat Technology | Computing in its DNA Career | 4 Tips to Tackle Failure in an Interview By the Numbers| Get that Mobile Out of Here

22 | alert

74 | Start-up Style


FeaTure innovaTion Groupon, SlideShare,, and Zendesk are employing novel IT technologies and practices to propel their growth. What you can learn from them. Feature by Juan Carlos Perez

Mobile Security|Smart Phone Blocks Data Breach |Breach Blast Radius: Staying Safe

101 | essential technology Private Cloud| Heading to the Cloud Risk Mitigation | Access Denied

112 | What We’re reading

Columns 28


Book Review | The Other Side of Innovation By Vijay Ramachandran

| Choice Paralysis

Cloud ComPuTing With vendors flooding the market with a surplus of cloud options, it's no wonder that IT leaders prefer to wait and watch. Column by Bernard Golden


| broken Windows in the boardroom

underCover oFFiCer It’s the CSO’s job to clearly articulate expectations about corporate behavior and establish accountability. Column by Anonymous


| move over mr. Know-it-all

Cio role As the role of the CIO takes a new shape—that of a business partner— CIOs need to be careful to not step on the business’ toes. Column by Mike Hugos

6 j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

4 0

alTernaTive vieWS: tech adoption: generation gap? There are the veterans and then there are the superusers. Does this generation gap impact technology adoption?

VOL /6 | ISSUE/09



Thermax Reduces Storage Costs Using HP Storage The HP EVA Storage Systems helped Thermax defer storage capacity upgrades in line with actual business usage and save operating costs.


hermax Limited, a leader in energy and environment management, is one of the few companies in the world that offer integrated solutions in the areas of heating, cooling, power, water and waste management, air pollution controls and chemicals. The sustainable solutions Thermax develops for client companies are environment friendly and enable efficient deployment of energy and water resources. Headquartered in Pune, Thermax’s international operations span 75 countries, through 19 international offices, 12 sales and service offices and four manufacturing facilities — three of which are in India and one in China.

SEEKING IMPROVED STORAGE MANAGEABILITY Thermax was looking for a storage solution which could offer high performance and availability across heterogeneous servers and applications. They also needed to control their storage costs by enabling a higher level of utilization and eliminating storage waste. According to Avinash Chaudhari, Divisional Manager - Thermax Ltd. (India), the right storage hardware and storage software are critical to an organization’s information infrastructure in order to handle all the new information that is created. The company also wanted to reduce the overheads on its

“The HP Storage Solution reduces administrative overheads and helps us focus on innovation” AVINASH CHAUDHARI Divisional Manager Thermax Ltd. (India)

storage administrators as they were spending more time managing and provisioning storage and less on productive and innovative tasks. The manufacturing industry’s requirements for its different applications vary from time to time. In the earlier storage framework, the applications which needed better performance had to be supported with more disks. This resulted in uneven distribution of storage capacity across all the applications, recalls Chaudhari.

MOVING TO STORAGE VIRTUALIZATION Thermax was already using HP’s Blade servers running on the Converged Infrastructure platform. It decided to go for the HP EVA6400 Storage for its ERP and non-ERP applications like Lotus Notes, File Services, in-house applications, etc. With the HP EVA6400 the problem of mixed workloads is handled easily by its unique virtualization capabilities. It allows everything to be virtualized and to provision storage even as applications continue to grow. “We are able to add virtual servers and Enterprise Virtual Arrays (EVAs) to dynamically build a complete virtualized IT environment — virtual storage for virtual servers tuned to our unique environment,” says Chaudhari. The performance needs of specific applications are also handled fairly easily, since adding a bunch of disks to the SAN Storage increases the performance of all the applications because of its wide striping functionality. They also implemented the HP BladeSystem Matrix solution, which has helped deliver the benefits of shared services, an ideal foundation for a private cloud.

BENEFITS With thin provisioning, storage capacity utilization efficiency can be automatically

AT A GLANCE Company Thermax Ltd. (India)

Industry Manufacturing Offering Sustainable Solutions, Energy and Environment driven upwards with very little administrative overheads. Thermax can now purchase less storage capacity upfront, defer storage capacity upgrades in line with actual business usage and save operating costs (electricity and floor space) associated with keeping unused disk capacity spinning. When more physical storage is needed, the administrator can non-disruptively install additional physical disks. The decoupling of physical resource acquisition and management from application provisioning simplifies storage management, reduces application outages, saves time and keeps costs down. The HP EVA Storage Solution allows the administrator to focus on innovation by reducing the amount of management resources needed to support provision and maintain their storage environment. “Most importantly, the HP Storage Solution has removed the guesswork from our purchasing decisions,” says Chaudhari.

This feature is brought to you by IDG Custom Solutions Group in association with

Cio online

.in CIO adverTiSer index

Alcatel lucent - EMG


Avaya India

your information hunt stops here

Extreme Networks India

Dell India

If you're like most people, your interests lie in a few specific areas. That is why we've created interest zones on cio. in. We have six zones including virtualization, BI, cloud, security, datacenter, communications.

76 & 77 1 16, 17,19 & Belly Band 35

Hitachi Data Systems India


HP Converge Infrastructure


HP Networking

42 & 43

HP Storage

7, 13 & 112

IBM India


juniper Networks India

30 & 31



SAS Institute (India)


Schneider Electric


Symantec Software Solutions


Tata Consultancy Services Tata Teleservices



does age Come in the way of tech adoption?

Conversation starter

We invited two CIOs to kick-start a debate on career strategy. Read all about it in Alternate Views (page 40). Which side are you on? We also have more debates for you on Who Should Enable Change? IT Vs Business Is Now a Good Time to Move to the Cloud? Ayes Vs Nays >>

85 to 92

9, 10, 38, 39 72 & 73

Trend Micro


Tulip Telecom


Tyco Electronics Corporation India


Books have been known to spark conversations and on page 112 you can find the genesis of one. learn what your peers think of a book and then visit the all new CIO Book Club section online and join the conversation with your peers.


[ BYO D ] bring it On

Find out how a CIO from the technology-averse manufacturing sector dared to create a ByOD strategy that conquered security worries and controlled a flood of devices.

>> must read @ 8

>> Alert: yyear of the Hacker >> Column: Don't Step on Business' Toes >> Feature: Start-up Style

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL /6 | ISSUE/09

EDITED BY sharDha suBramanIan






Your ID in Your Hands, Literally! Research shows that patient identification errors are not uncommon. At Langone, two or more patients share the same first and last names more than 125,000 times. With the new system, a patient places his or her hand on a small black box and a unique identifying palm portrait automatically registers and accesses his or her EHR, reducing the chances of misidentification and minimizing the need to present other identifying information such as a driver's license, etcetera after initial enrollment. If a patient arrives unconscious or unable to communicate, the biometric scanner automatically brings up the patient's medical record and alerts healthcare workers to the patient's medical history. —By Lucas Mearian

I n n o v a t I o n New York University's Langone Medical Center says it uses a biometric infrared scanning system that converts a digital palm image into a unique patient ID. The technology, called PatientSecure is a biometric reader that uses an infrared light to map an image of the blood-flow pattern through the veins in a person's palm. That digital image is then converted into a unique patient ID that can be used with the medical center's electronic health record (EHR) system. Patients are offered an opt-in clause to use the technology. "Vein patterns are 100 times more unique than fingerprints," says Dr. Bernard A. Birnbaum, SVP of hospital operations at NYU Langone. "PatientSecure provides a safe, secure, easy and fast way for our patients to register for care at the hospital."


patent wars: what to watch out For

The increasing frequency of patent wars between technology providers—Oracle and Google recently, and Apple and Amazon—is worrying tech enterprises. Anup Varier spoke to Sudhir Reddy, VP & CIO, MindTree Consulting, about how organizations can protect themselves from patent infringement. LegaL

Do patent wars between technology providers bother you? Vendor companies suing each other can be an issue if the vendor company that a CIO is involved with folds up due to a lawsuit filed against it. But usually these battles drag for a very long time, are hard to predict and are, more often than not, settled out of court. How can enterprises protect themselves from patent infringement? It is necessary to have a very clear IP protection roadmap. It starts with the basics, like implementing software asset management, tracking whether all the products used

Vol/6 | ISSUE/09

in the organization are licensed and working within the boundaries of license agreements. And at organizations that involve coding, CIOs need to understand what goes into the code because—as heads of IT—they are liable. There are implications of copying and pasting code because it may be protected by copyright. At MindTree, developers cannot use any external code and even the use of Open Source is tightly regulated.

How can an organization protect its customers from the ill effects of a lawsuit? Every company needs to have a legal team and every time a contract is signed you need to ensure an indemnity. Also, organizations should not accept unlimited liabilities. This ensures that the effects of a lawsuit do not percolate down to the customers of the defender in the lawsuit. The customers then don’t inherit the losses due to their association with the defender. CIOs should not sign a contract without due diligence with their legal teams. Sudhir Reddy REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


The CIO’s Role in Corporate Espionage vOICEs:

KIRAn BELsEKAR, Sr. Group Manager-IT Infra. & ISO, IndiaFirst Life Insurance trendLInes

"Criminals are increasingly using cutting-edge technology to launch attacks, install spyware and break into a company’s records for data. CIOs have a huge role to play not just for app and data security but also when it comes to physical security within their premises."

KAUshAL K. ChAUDhARy, VP & CISO, NIIT Technologies "Corporate espionage is a big treat to the organizations that thrive on their IP. Hence, becoming proactive is necessary for survival. Though CIOs can ensure that there are sufficient controls to guard IP, these controls need to be continuously monitored and effectively enforced by business leaders and hR."

sUBODh DUBEy, Group CIO, Usha International "The CIO is the one in charge. I drive exercises to identify where sensitive information lies. I conduct a risk assessment to identify physical vulnerabilities as well. This includes DlP and mobile device data monitoring. We have also created a training calendar for data security for IT staff and other employees.


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Riddled by spear Phishing w e b t h r e a t s It’s official. Hackers are no longer interested in breaking into your company’s network. Why would they when they can spear phish one of your employees into opening the front door for them? The recent spate of spear phishing attacks started in March 2011 with RSA. It was followed by Epsilon, and JP Morgan Chase, Sony, and Oak Ridge National Laboratory in April, and Lockheed Martin in May. Citi Group, Gmail, and The IMF became victims in June. All were attacked using spear phishing. Some analysts say the trend started earlier. “The current trend of targeted cyber attacks really started to escalate from early 2010 and in the last 18 months we have seen more malware developed than the previous 20 years combined,” says Michael Sentonas, VP and CTO, Asia Pacific, McAfee. Many blame social media sites for arming cyber criminals. “Hackers are increasingly adopting social media sites to gather profile information, and impersonate friends to launch attacks,” says Hugh Thompson, program committee chairman for the RSA Conference. “And people’s ability to choose what to trust is blurred because attackers have an abundance of personal information that they use to lend credibility to an attack.” The numbers point to the same conclusion. According to the Data Breach Investigations Report 2011, cyber criminals are relying increasingly on personal touch with victims, with 78 percent of hacking cases involving in-person contact. “While lots of companies have social media policies, I'd be willing to bet that over 95 percent of them never do any real digging to see what is out there,” says Shane MacDougall, principal partner at Tactical Intelligence. MacDougall is currently preparing for a Social Engineering contest to be held at the DEFCON, the world's longest running hacking conference. “Just by trolling LinkedIn and Facebook I've been able to identify over 15,000 employees at my target company, with many of them inadvertently leaking information that I am sure will let me successfully penetrate them on the day of the contest.” “The reality is, you can train your employees over and over again, but like the shirt at DEFCON says, "there's no patch for human stupidity,” says MacDougall. —By Debarati Roy and Shweta Rao

Vol/6 | ISSUE/09

Imag E by ph m

s e c u r I t y For months, India Inc has woken up to the news of another security breach at another reputed organization in another part of the world. Then in June, India’s Finance Minster, Pranab Mukherjee, confirmed that an adhesive-like substance was recovered from his office which might have been used to implant electronic listening devices. As a member of the C-suite what is the role of the CIO, especially in organizations where they double up as CISOs? Debarati Roy finds out:

Must stay open 24/7 24/ ! Need redundant data centre power & cooling that fits my budget!

Business & IT is growing! Need more power & cooling on the fly for 10 new servers today!

IT is complex enough! Need _ _ an easy to operate data _ centre solution from concept to deployment!

At last, your data centre can grow with your business! Only InfraStruxure delivers the triple promise of 24/7/365 availability, speed, and efficiency-driven cost savings Introducing Next Generation InfraStruxure

Whether your company just doubled its sales or staff, you need to make sure that its data centre can support such business growth—not hinder it. All too often, though, businesses feel constrained by the capabilities of their information technology (IT) and supporting infrastructure. Is there enough rack space to handle more servers? Can power capacity accommodate larger IT loads? Today, APC by Schneider Electric™ eliminates these hurdles with its proven high-performance, scalable, and complete data centre architecture solution: InfraStruxure™.

InfraStruxure data centres mean business!

We say that InfraStruxure data centres mean business. But what does that mean to you? The answer is simple. A data centre means business when it is always available, 24/7/365, and performs at the highest level at all times, is able to grow at the breakneck speed of business, continues to achieve greater and greater energy efficiency—from planning through operations, and is able to grow with the business itself. What’s more, InfraStruxure is an integrated solution that can be designed to your exact requirements at the start, while still being able to adapt to your company’s changing business needs in the future.

The triple promise of InfraStruxure deployment

InfraStruxure fulfils our triple promise of superior quality, which ensures highest availability; speed, which ensures easy and quick alignment of IT to business needs; and cost savings based on energy efficiency. What better way to ‘mean business’ than to enable quality, speed, and cost savings—simultaneously?

Business growth Data centre scaling Years

InfraStruxure data centres mean business! Availability: 24/7/365 uptime is made possible through best-in-class critical power with ’snap-in’ modular power distribution units, close-coupled cooling, and proactive monitoring software. Speed: Deployment is fast and simple because all system components are designed to work together ‘out of the box’ and the system can grow at breakneck business speed. Efficiency: True energy efficiency and savings are achieved via advanced designs, including three-stage inverters in UPS units and variable speed fans in cooling units. Manageability: InfraStruxure Management Software Portfolio enables you to see and manage capacity and redundancy levels of cooling, power, and rack space for optimal data centre health. Agility: Flexibility comes from enclosures with any-IT vendor compatibility and whole system scalability for both power and cooling.

Data Centre Projects: Growth Model

> Executive summary

Contents 1 2 7 7 9 10

Plan your data centre growth simply and effectively! Download White Paper #143, ‘Data Centre Projects: Growth Model’, today for guidance. Visit Key Code 92615t Call 1800-4254-877/272

©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. email: • 132 Fairgrounds Road, West Kingston, RI 02892 USA • 998-3811_IN

EXECUTIVE VIEWPOINT JOSEPH KREMER President, Public-Large Enterprise, APJ and Managing Director, Australia and New Zealand Kremer has more than 20 years of experience in the Information Technology industry. He has held senior management positions with Dell in the United States and other major vendors and distributors across a variety of sales, marketing and finance functions. He also plays an instrumental role in Dell’s recycling and corporate-social responsibility initiatives.

ENTERPRISE STORAGE WITH THE FUTURE BUILT IN From affordable and intelligent data management solutions to providing simple answers to previously complex issues, Kremer talks about how enterprises can manage data differently


What do you think are the storage pain points in emerging markets like India? In the virtual era, how we consume information has changed, and it is changing organizations too. Having said that, in storage, I know for sure that reducing costs is the key priority. Data integrity, availability and security continue to be of paramount importance as well. Security will be the focus, especially as cloud computing gains momentum, while consolidation remains a challenge. Of course, storage systems should also interact well with heterogeneous hosts and applications. How is Dell helping customers address these pain points? Our open, capable and affordable Intelligent Data Management (IDM) solutions ensure that enterprises achieve enormous storage efficiencies. IDM actually helps to prioritize and classify stored content and direct it more securely and efficiently to the right storage asset. IDM is now delivered with Dell Compellent’s Fluid Data architecture, and for many customers, Fluid has changed the way they experience storage. We ensured a very strong foundation when building the IDM architecture with strategic acquisitions like EqualLogic, Exanet, Ocarina Networks and, notably, Compellent. Today, our storage focus is well recognized. In fact, we feature in the Gartner’s Leader Quadrant. What makes Dell Compellent unique? Compellent is a big step in our efficient enterprise storage strategy. Fluid Data redefines the data center, optimizing efficiency, agility and resilience for enterprises and cloud. Being a leader in storage innovation, Compellent comes with a rich feature set that saves both Capex and Opex. It is just one model with no forced end of life. Compellent offers eight important features for the IT Director. Fluid Data architecture that enables the flow of enterprise data Storage virtualization which creates a flexible pool of storage for all servers Thin provisioning that fully optimizes the utilization of disk capacity Automated tiered storage that dynamically classifies and migrates data Snapshots which provide data protection and quick recovery

Thin replication that protects multi-site data with configuration flexibility A unified user interface that simplifies storage resource management An open, agile hardware platform which scales on demand What role can fluid data play in a virtualized environment? Fluid data creates a smart, shared pool of storage resources to change, shift, or dynamically scale virtualized environments without any disruptions. This shared pool of resources eliminates the guesswork of capacity planning and simplifies storage provisioning for any number of servers.

Fluid Data redefines the data center, optimizing efficiency, agility and resilience for enterprises and cloud. Compellent’s storage virtualization is the perfect complement to any leading virtual server platform. Compellent is the ideal storage platform for VMware virtualized server environments. By virtualizing both server and storage resources, users can establish a flexible, ultra-efficient data center that cuts cost, time and risk. How does Dell help enterprises cut storage costs and focus on innovation? It is a known fact that today’s IT budgets are shrinking, but data center demands continue to skyrocket. At Dell, with Compellent, we radically reduce the cost of storage by enabling our customers to purchase and manage with fewer disk drives than other systems. Compellent automatically optimizes capacity utilization to maximize performance, minimize power consumption and cut costs by 80%. The advanced thin provisioning built into every system helps our customers save upfront by purchasing only the required capacity to store their data. Expanding sys-

tems on demand, adding the right capacity at the right time as business requirements change is a big plus. Our customers can even reclaim capacity that is no longer used by applications. We have brought to the industry futuristic simplicity – simple answers to previously complex issues. The time and effort saved is considerable, allowing our customers to focus on innovation. What kind of support and service does Compellent offer? Copilot support, which we offer for Compellent is very popular with our customers. At Dell, we clearly understand that data is one of the most vital assets of any organization. Obviously, supporting systems that manage data is high priority. I think that having a number to call is not just enough. Your support team should function as an extension of your own, proactively uncovering and addressing threats to your data center. With Copilot, Compellent does this better than anyone else. Copilot provides a single point of contact for the entire storage infrastructure, with the added benefit of an immediate response. To quote one of our customers, “Knowing that I can pick up the phone and have someone on the other end within a couple minutes is good. Having that same person proactively call me before I even know about an issue is even better.” – this is from Janssen Jones at Indiana University. Let me explain what being proactive is all about, Copilot makes twice as many outbound calls than they receive calls, to alert customers of any possible issues. In fact Storage Magazine has ranked Copilot as the best support provider in the industry.

This interview is brought to you by IDG Custom Solutions Group in association with

Online Marketing: Joining the Forces

presence in social networks, who lives near where the truck will be located. It then offers that person a coupon for its ice cream and asks them to tell their audience that the truck will be in the neighborhood. Small businesses are in the best position to experiment with

Virtual Combat A model of the Internet where the Pentagon (the headquarters of the US Department of Defense) can practice cyberwar games—complete with software that mimics human behavior under varying military threat levels—is due to be up and running by this time next year, according to a published report. Called the National Cyber Range, the computer network mimics the architecture of the Internet so military planners can see the effects of cyberweapons by acting out attack and defense scenarios, Reuters says. The description of the range, as issued by Defense Advanced Research Projects Agency (DARPA), calls for a flexible test bed that can mimic government, military and commercial networks as well as "human behavior and frailties." The human behavior simulation has to be able to respond as a person would under defense readiness condition and information operations condition as well as carry out execution of war plans. Cyber Range plans call for the ability to simulate offensive and defensive measures of the caliber that nations might be able to carry out. DARPA wants the range to support multiple tests and scenarios at the same time and to ensure that they don't interfere with each other. "The Range must be capable of operating from unclassified to top secret, special compartmentalized information and special access program with multiple simultaneous tests operating at different security levels and compartments," according to DARPA's announcement of the project. G a mi n g

—By Tim Greene


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Trendline_July011.indd 18

these methods to see what works, says Michael Martin, senior SEO strategist for Covario. "A large retailer may struggle to do a simple test because it's complex for them to [train] retail staff on how to handle a redemption," he says. A smaller business can simply tell its 10 cashiers that a customer may walk in and ask to redeem a coupon on their mobile phone. Businesses should keep an eye out for new types of services that are continually emerging in mobile and location-aware contexts, says Nicola Smith, vice president of business development for Performics. For instance, she's been seeing services that let users "check in" to conversations about brands or products, rather than physical locations. "We're seeing this phenomena evolve and expand to other places beyond location-specific check-ins," she says. With so many new services emerging, it can be hard for companies to keep up with what's available. "You need to look at services that will help aggregate them," Smith says. For instance, Local Response is a service that aggregates check-ins across different services. One way that companies might combine social with local in the future is by offering targeted coupons to individuals who are part of a group, Ling says. For example, a person who just completed a running race might post a message to other runners suggesting they meet in a restaurant. A company could see that message and respond by offering a coupon to anyone from the race that comes to its restaurant.

il lust rat ion by p radeep gulur

t r e n d li n e s

s o c i a l m e d i a Combining social media with location services and mobile phones represents the next generation of online marketing. Combining the three tools is simply an evolution of how they are being used individually, says Mac Ling, director of mobile at digital marketing company iCrossing. "We're just now starting to see, as with the Internet, a new medium, a new way of talking to customers, " he says, referring to a mobile phone. Jennifer Grappone, a partner with Gravity Search Marketing, offers an example. Cool Haus, which operates ice cream trucks in a few cities, uses what she calls "geotargeted flattery." Cool Haus knows a few days in advance where it will park its truck in Los Angeles. It looks for a "social influencer," or someone with a big

—Nancy Gohring

Vol/6 | ISSUE/09

7/11/2011 5:48:53 PM

Computing in its DNA researchers from the california Institute of t technology have built what they claim is the world's largest computational circuit based on dna (deoxyribonucleic acid), using a technology that they say could easily scale to even greater complexity. the development of the new approach is a significant step in the march toward controlling biological systems with standard information-processing techniques. one day, dna computing could execute logical functions much like regular silicon-based computers do today. but dna computers would be much smaller and more easily integrated into biological systems, such as the human body. For example, biological circuits could be directly embedded in cells or tissues to detect and treat diseases. caltech altech researchers Erik Winfree and lulu Qian published an account of their work in Science. While simple dna computational systems have been built before, this demonstration system is larger than other prototypes to date. the he researchers



formed 130 different synthetic dna strands that can be used to compose logic circuits. From this source material, they created one 74-molecule, four-bit circuit that can compute the square root of any number up to 15 and round down the resulting answer to the nearest integer. In their setup, the multi-layered strands of dna are fashioned into biochemical logic gates that can perform the basic boolean and, or and nor operations executed by today's transistorand based computer processors. like the silicon-based integrated circuits, these molecular logic gates produce binary, or on-or-off, output signals, using binary signals as inputs. computational omputational operations are conducted by dna sequence binding and replication. the pre-engineered dna molecules are immersed in a solution in a test tube. When they bump into one another, they can bind and produce offspring molecules that can connect to other strands of dna, producing a logic chain. the he researchers have also developed a compiler, which maps user-manipulated logic operations to the dna circuits. — by Joab Jackson

CIOs who experience some kind of enterprise IT failure in the course of their careers—whether a high-profile security breach, massive network outage, or multi-million dollar ERP boondoggle—the incident can feel like a career killer. Here are four tips for addressing the fiascoes that occurred on your watch with prospective employers and executive recruiters. Fess up. Don't ever try to hide failure; you won't get away with it. If an employer doesn't already know about, say, the ERP catastrophe at your previous employer, they will find out about it eventually. Better you be the source of that information than someone else. "A good offense is the best defense," says Mark Polansky, senior client partner and MD, Korn/Ferry




j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

International's Information Officers practice. "Always bring it up. Doing so gives the candidate credibility and shows that he or she has the confidence and sincerity to broach the subject of the failed project head on." Anticipate prospective employers' concerns. When framing how you discuss your failure, put yourself in your prospective employer's shoes, advises Peter Handal, president and CEO of Dale Carnegie Training. For example, employers will want to be assured that such a failure will not occur inside their company. They'll also want the details around what happened, why it happened, what you learned from the experience, and how you will prevent similar events from occurring in the future, says Polansky.

Accentuate the positive. One failed project among 10 successful ones is no big deal, says Handal. He advises CIOs to put any failures they've experienced in the context of their larger successes."Explain that a particular project didn't go well," says Handal. "State the reason, and if you made a mistake, explain what you learned. Then point out all the other successful things you did." Offer references. Make sure your references will corroborate your explanation of events when employers and recruiters call them. Executive recruiters and employers will contact the references the candidate provides as well as individuals they know in the candidate's industry to vet the candidate's story. —By Meridith Levinson

to find the hottest jobs in the Indian market visit

Vol/6 | ISSUE/09

ImagE by ph

4 Tips to Tackle Failure in an Interview

c o m p i l ed by d e b a r at i r oy

Best Practices

Get that Mobile Out of Here


t r e n d li n e s

A majority of Indian businesses believe that the risks of allowing the use of personal mobiles outweigh the benefits.


Do the benefits of enterprise mobility ring like sweet music to your ears? Think twice because a majority of Indian businesses disagree: 47 percent of Indian enterprises believe that the risks of employees using personal mobile devices for work outweigh its benefits. Only 20 percent say that mobility has more advantages than risks, according to ISACA’s annual IT Risk/Reward Barometer Survey 2011. What’s worse is that enterprise-supplied devices, believe respondents, represent a larger risk than employee-owned ones. In contradiction to the logical belief that organization-owned mobility devices can be more controlled—and therefore more secured—than employee-owned devices, 55 percent of respondents believe that work-supplied smartphones, laptops, netbooks, tablets, flash drives, and broadband cards hold more risk and those that employees bring. The riskiest practices that employees engage in when using mobiles are:Storing confidential company data in an unsecured manner (43 percent), keeping passwords stored in a file or as a contact on the device (15 percent), and leaving Bluetooth or Wi-Fi access on unsecured (11 percent). Despite the potential benefits of mobiles—and risks—few enterprises seem to have well thought-out governance policies. Only 21 percent of Indian businesses have a policy to control all features on personal smart devices. And only 18 percent have a policy that allows for encryption and management of organizational data.

Conduct an audit to profile users by function and determine user needs for specific groups. Remember, blanket policies and standardized technology don't apply to all workers.


Plan a long-term mobile risk strategy—not one merely woven around a specific, immediate need. If mobile polices are not built keeping the larger picture in mind, gaps will soon appear.


Educate users about secure behavior, inculcate best practice, and communicate the risks they put their organizations in when they indulge in risky mobile behavior.

CIOs: Personal Mobile Devices Aren't Worth the Risk Riskiest employee behavior with a mobile device.

CIO view on personal mobile devices at work.

Store company data in an unsecured manner


Lose the device


Keep passwords stored in a file or as a contact on the device


Leave Bluetooth or WiFi access on and unsecured


Access dangerous or risky web sites


Disable the lock feature




The benefits outweigh the risks.

Which mobile devices represent the greatest risk. 36% Any employee-owned mobile device

21% Work-supplied laptops/netbooks

19% 47%

The risks outweigh the benefits

Work-supplied flash drives

8% Work-supplied smart phones

4% Work-supplied broadband cards The risks and benefits are appropriately balanced

3% Work-supplied tablets

Source: ISACA’s IT Risk/Reward Barometer Survey 2011

Vol/6 | ISSUE/09

Trendline_July011.indd 21

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 5:48:56 PM


Enterprise Risk management

Smartphone Blocks



ave your smartphone; buy a latte. Sounds great, doesn’t it? But before running off to participate in Silicon Valley’s next new thing, you might want to think about a scary downside to mobile commerce: The vulnerability of smartphones to hackers. A new report by McAfee, a vendor of anti-virus software, says that better security around networks has prompted hackers to seek new targets, and the mobile app store is one of the most tempting. Because the market for Android apps is less controlled than Apple’s iTunes store, security researchers have seen a rash of attacks against that platform this year. With the exception of phones using the long-established Symbian platform, Android devices were the most likely to be targeted during the first three months of this year, according to the report. In March, a researcher who posts on the Reddit security site under the name Lampolo found that more than 50 applications available via the official Android Market contained malware; the booby-trapped apps may have been downloaded up to 200,000 times. One nasty trick that Lampolo noticed involved pulling a legitimate app off the Android Market, inserting malware into it and then publishing it on another site with a similar name. Super Guitar Solo for example was originally Guitar Solo Lite, a legitimate app. It’s worth noting that Google removed the bogus app from the Android Market very quickly and posted a tool to help users recover from the attack.

After Google created a tool to remove the DrdDream infections, a hacker gang created malware that masqueraded as the tool, which in turn created a backdoor to let the hackers into the phone and steal data, the McAfee researchers said. It doesn’t appear that the Android platform is inherently less secure than iOS, which powers iPhones and iPads. Why then has it been attacked so much? Hackers have used one of Android’s most attractive features, its openness, against it. “In the case of Android apps, most phones allow the ‘side-loading’ of apps and are not restricted to getting them from a centralized app store, as they must with Apple. This openness means that Android app developers, or others, could post Android apps on their web sites and attempt to attract users to install them,” the report says.

How to Be Safe Adam Wosotowsky, a McAfee Labs researcher who worked on the report, has a few suggestions that mobile users should keep in mind. Don’t jailbreak your iPhone. Apple’s tight control over the iPhone and the apps on its store is a strength of the platform. However, owning a device that someone else has so much control over annoys some users who then “jailbreak” their iPhones. Be warned. Jailbreaking—using a software download that changes and opens the operating system— leaves your phone vulnerable to numerous hacks that would otherwise be repelled by the locked phone.

fi n din gs

Top Four Reasons for SMB Downtime: On average, SMBs experience about six outages a year costing about Rs 5.6 lakh a day. Yet half of all SMBs don’t have a plan because they don’t think IT is critical to business (52 percent), it never occurred to them (41 percent), or it isn’t a priority (40 percent). Cyber attacks Power outages Employee error Upgrades


Of SMBs worldwide don’t have a disaster recovery plan.

Source: Symantec SMB Disaster Preparedness Survey 2011 (Global results). SMBs = 5 to 1,000 employees.


Alert.indd 18

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Vol/6 | ISSUE/09

7/11/2011 3:57:53 PM

#1 in Server Security

Cloud. Virtual. Physical. Securing your Journey to the Cloud

By providing security “from the cloud” with our Smart Protection Network, and security “for the cloud” with our server, data storage and encryption technologies, Trend Micro is the clear leader in securing Physical, Virtual and Cloud environments, and the best choice for Securing Your Journey to the Cloud. For more information Call : 1800 103 6778 email : Delhi : 91-11-42699000 Mumbai : 91-22-26573023 Bangalore : 91-80-40965068

30-31_vodafone_ad.indd 28

7/26/2011 12:40:43 PM


EntErPrisE risk managEmEnt

[ iCloud ]

Cloud: Not a Haven apple’s icloud isn’t leaving cios thrilled.

PrH ot By SrivatSa

When apple unveiled its icloud service to cheers, cios weren’t so thrilled. How will icloud impact enterprise security? this question needs to be answered. “Professionally, icloud will provide a lot of enterprise challenges,” says cio rob rennie of Florida State college at Jacksonville, an early iPad enterprise adopter. apple has been busy building a massive datacenter to be a “digital hub” for itunes tunes users, called icloud. the service will t automatically sync and store data on iPod t touches, iPads and iPhones. the apple devices will no longer need to be tethered to a Pc or mac for syncing to itunes tunes on the desktop. t For companies, icloud represents a new computing paradigm for iPads and iPhones, whose rapid rise in the enterprise has been well-documented. How it will manage ioS devices and apps-not to mention securing data-in the icloud environment is anyone’s guess. Data security looms as a significant problem. there is a good chance iPad-toting employees will upload sensitive work data to icloud, which, in turn, will automatically sync to all of the user’s ioS devices. Some of those devices might not be authorized by it; they might be used by friends or family. the risk of data loss can mushroom with icloud. “there’s many-to-many multi-user, multi-device situations, work versus personal synching to the cloud,” rennie says. “We’ll be spending some time as more info becomes available figuring this out.” —By Tom Kaneshige

Bank with authorized apps only. Online banking and bill pay is a great convenience, and being able to do it with a mobile device could be even more convenient. But if you opt to do so, only use apps supplied by your bank, cautions Wosotowsky. Otherwise you could go to the ATM and find that you’ve got zero money in your account. Only download popular apps. This sounds pretty stodgy but there’s a reason for it. Apps that have been downloaded a lot aren’t likely to be poisoned. For that matter, they’re likely to be worth downloading—if you believe in the wisdom of crowds, that is. Wostowsky says the threshold of safety is about 150,000 downloads. Download from reputable publishers. If you’re uncertain about an app, do a quick search under the publisher’s name. If you find a number of apps with good reviews and lots of downloads, chances are you’re dealing with an OK outfit. Keep an eye on your wireless bill. Some rogue apps do things like make expense calls to foreign numbers to fatten the bank account of various intermediary sites at your expense. Often the calls happen in the background or at times when you don’t realize your phone is doing something. Even if you haven’t been infected, you may have unwittingly subscribed to one of those annoying services that automatically bill you every month for things like ring tones, so check the bill every month; it only takes a few minutes. Those are solid tips. But shouldn’t the app stores do a better job looking out for their customers? They should, agrees Wostowsky. App stores should do more automated scans of apps to find malware before it can be downloaded. Be sure that reviewers of apps are real people, not bots, and narrow the access to system functions that many apps now require, or ask for. CIO Bill Snyder is based out of San Francisco. Send feedback to

[O OnE LinEr nE :: Lin L inE Er]

“the new rules of the it act classifies passwords, financial and biometric data, etcetera, as confidential. But any information that makes a person identifiable, that is, name, address, date of birth, could be considered confidential by my customers. Does the amendment take into consideration cultural dynamics?” —Pawan Kumar Singh, CiSO, TuliP TeleCOm


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

vol/6 | i SSue/09




New media brings with it a sea of data, but CIOs must use smart analytics tools if they are to make the most of it. What kind of industries can use analytics? We have seen analytics being embraced across various verticals, however, the motivation for doing so varies from industry to industry. For example, the banking and financial segment embraces analytics for areas like compliance and customer churn. Telecom organizations leverage analytics for campaign management, customer retention and acquisition. Government organizations deploy analytics for analyzing Big Data in areas like taxation, statistics, homeland security and providing superior citizen services. Manufacturers apply analytics in the areas of warranty, supply chain, spare parts optimization etc. Businesses in India often rely on experience and ‘gut feelings’ to make business decisions. How can you change this mindset and show that analytics does add value to their decisionmaking abilities? With business scenarios getting more complex by the day, gut feelings and hunches no longer suffice. Successful responses to threats & opportunities now depend on rapid and smart execution, and analytics is the key to achieving these challenging objectives. Information about the most important facets of the business – customers, processes, employees, competition – needs to be analyzed and acted upon. The power of analytics is allowing businesses to be a lot more agile than they were earlier.

data. Compared to just analyzing historical information and using gut instinct, analytics is allowing enterprises to predict effectively, giving them competitive advantage, lowering their risks and providing the insights needed to plan. SAS is working with various customers across industries and has demonstrated the value of embracing analytics in their organizations. Customer relationship management and delivery models are seen by most companies as a key differentiating factor and a USP of their business. How can BI help in this area? Today’s customers have access to multiple media and information, and they can now easily compare a company’s offerings with its competitors’ and publish opinions that sway millions of other online consumers. The new digital media and enhancements in the existing media that empower customers are also providing marketers with volumes of customer data along with the potential for deeper customer insights and smarter decision making. However, this will happen only if marketers are able to turn that ocean of data into usable customer intelligence. SAS’s BI and Customer Intelligence solutions help thousands of companies apply science to the art of marketing by harnessing the data that allows them to know their customers, do more with less, and establish and strengthen their brand.

Analytics is allowing businesses to be a lot more agile.

A recent IDC report says analytics are ‘Hot’ for 2011. Do you see evidence of this in the Indian markets. How is SAS helping companies in India? Yes, analytics is one of the fastest growing areas on the back of robust growth of digital

How can SAS help companies manage fraud, secure online transactions and also address compliance issues? In today’s economic environment, “good enough” is no longer enough. For example,

SUDIPTA K SEN Regional Director – SEA; CEO & MD – SAS Institute (India) Pvt Ltd Sen joined SAS in October 2004 and since then has established SAS as a market leader in the Analytics and Business Intelligence market of the country and under his leadership, SAS India has registered consistent growth year-on-year.

in fraud analysis, knowing what happened yesterday and stopping the same thing from happening tomorrow is only step one. With advanced analytics, organizations can now identify fraudulent claims before they write a cheque or refund money. Many companies are evaluating cloudbased solutions. What is the roadmap you have for your existing customers if they want to move to a cloud model? There is definitely interest in customers to understand how they can leverage cloud infrastructure. Many customers are currently carrying out a due diligence about the same. SAS has anticipated the need and has made the right investments in setting up a cloud infrastructure to serve its global customers.

This interview is brought to you by IDG Custom Solutions Group in association with

Enterprise Risk management

Breach Blast Radius: Staying Safe


las, another day, another data breach. Last month, word broke that the hacker group LulzSec broke into and gained access to 1 million user accounts (the group apparently posted details for 50,000 accounts online). If you have a Sony Pictures account, the bad news is that your personal information may be out there. You can’t change that fact, but you can take a few steps to limit the potential for damage. Even if you or your employees are not unfortunate customers, you need to be aware of how to protect yourself and them from a data breach because the odds are, there’s a data breach coming near to you soon. The tips offered here are intended to be general and are not specific to this particular hack, so they’re good to keep in mind in case of any data breach. Change your passwords. This should be the first thing you do: Change your password for your account on the impacted site. If you used the same login information for any other sites, you should change your password on those sites too. And this may be a good time to change your approach to passwords. Watch for phishing attempts, malicious e-mail. If your e-mail address gets exposed in a data breach, scammers, spammers, and malware authors may try to send malicious e-mails to you—well, more than usual, anyway—so you may see a spike in spam. As always, be on the lookout for any suspicious-looking e-mail. Don’t open attachments you weren’t expecting—even from people you know. Don’t click links in e-mail messages. The same goes for snail mail. If street addresses were compromised in a hack, it’s possible that cybercriminals 26

Alert.indd 22

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

may send you scam mail via the postal service. Keep your guard up. Be suspicious of anything that asks for money or personal information. Keep an eye on your financial statements. Even if your information wasn’t compromised in a major data breach, criminals can still get at your credit card and bank account information. It could get taken via malware on your PC, a tampered ATM or credit card payment terminal, lost or improperly disposed documents containing sensitive information. Even an unscrupulous employee at that place you ate lunch at last week could be a problem. Given that, you should always keep a close watch on your bank balance and credit card statements. Question any suspicious charges. See if your bank or financial institution provides e-mail alerts that notify you whenever someone uses your credit card. You may even

Year of the Hacker


want to close your existing accounts and open new ones if you believe your account information may have been stolen—contact your bank or financial institution for the best course of action. Put a fraud alert on your credit report. This is a must if you’re a data breach victim: This tells the major credit agencies that your identity may have been stolen, and that they should be on the lookout for anything suspicious, such as new credit card or bank accounts opened under your name. A fraud alert lasts 90 days; after that, you can extend it by contacting the credit agencies. You may not be able to stop data breaches, but you can do something about it to protect yourself. Be vigilant, be on the lookout for anything suspicious at all times, and don’t let your guard down. CIO

Nick Mediati is a writer for PCWorld. Send feedback to

Here’s a look at four high profile online break-ins and foiled attacks that are turning 2011 into the Year of the Malicious Hacker. IMF: How hackers were able to penetrate the IMF’s network is still unknown. But it appears the intrusion may have been the result of a spear phishing attack. This kind of attack typically works by tricking an employee into clicking on a link to a malicious website or downloading a file loaded with malware. CitiGroup: The personal details of about 210,000 CitiGroup cardholders were recently stolen after a security breach via Citi’s web portal. The malicious hackers were able to get away with cardholders’ names, account numbers, and contact information such as e-mail addresses. Google: On June 1, Google said it had discovered a campaign originating from Jinan, China to steal Gmail user names and passwords of hundreds of users including. Google isn’t certain (or saying) how the attacks were carried out, but suspects that spear phishing played a role. The search giant says its internal systems were not affected by the attacks. Sony: Of course, the most famous attacks in recent months are those aimed at Sony and its subsidiaries. At last count, at least 13 Sony sites have been hit around the world. The hacks resulted in a variety of customer data breaches including names, e-mail addresses, home addresses, phone numbers, and, in some cases, credit card numbers. —By Ian Paul

Vol/6 | ISSUE/09

7/11/2011 3:58:01 PM

Next-generation reputation-based technology The fastest, most effective endpoint protection anywhere Built for virtual environments

Symantec Endpoint Protection 12 TM

It takes just seconds for today’s polymorphic malware to mutate into millions of threats, but now it has met its match. Introducing Symantec Endpoint Protection 12—simply the fastest, most effective reputation-based protection ever created.* Improve the security of your information, devices, and employees. Download the Symantec Endpoint Protection 12 trialware

* Sources: PassMark Software, “Enterprise Endpoint Protection Performance Benchmarks,” February 2011. AV-Test GmbH, “Remediation Testing Report” and “Real World Testing Report,” February 2011. Copyright © 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. VeriSign is a registered trademark of VeriSign, Inc.

Bernard Golden

Cloud computing

Choice Paralysis With vendors flooding the market with a surplus of cloud options, it's no wonder that IT leaders prefer to wait and watch.


n his book Predictably Irrational, Dan Ariely cites a study conducted at an upscale Menlo Park grocery store. The study examined behaviors of shoppers when viewing a display of jams. When there were only six types of jams, shoppers purchased one flavor 30 percent of the time. However, when 24 jams were on display, only 3 percent of shoppers purchased a jar of jam. The researchers concluded that too much choice caused people to refuse to make a decision, preferring to not have any jam rather than make a choice that somehow might leave an even better choice unselected. By the way, the paper, based on the study was called Choice is Demotivating. I'm reminded of that study during conversations I have with people who work at cloud computing vendors. Nearly all of them acknowledge that there is terrible confusion about cloud computing present in end-user organizations; IT leaders feel overwhelmed by the options and therefore choose to put off making any decision. This reaction is completely understandable. The incessant bombardment by vendors would cause anyone to feel drowned.

Illustration by Pradeep gulur

Cloudwashed and Overwhelmed Vendors bear a lot of the responsibility for this. The flood of new (or re-branded) products characterized as cloud computing seems ludicrous. The overreach of vendors to get on the cloud computing bandwagon has led to the coining of the term 'cloudwashing', indicating a product that has had cloud terminology inserted into its description in hopes of somehow increasing sales. Faced with such a ridiculous deluge of cloud computing products, IT buyers respond by being reluctant to take any meaningful steps in any direction, fearful that today's choice might be made obsolete by tomorrow's option marketed by a new vendor. 28

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Coloumn_Spoilt_by_choice.indd 26

Vol/6 | ISSUE/09

7/11/2011 5:56:33 PM

Bernard Golden

cloud computing

Much like the shoppers faced with a multitude of jam choices, IT executives opt to put of a decision in favor of more study, hoping that more data will lead to a correct selection.However, most IT executives face a much worse situation than a jam shopper. While too many choices of jam caused internal anxiety and a reluctance to choose, the downside of making the wrong choice was pretty minor: The cost of a jar of jam. Imagine, by contrast, the anxiety associated with trying to choose the 'right' cloud computing product when the selection might cost millions of dollars and, perhaps, dictate the success or failure of one's career. It would be enormous—and the motivation to wait for the 'perfect' product might prove irresistible. The temptation to wait until things settle down and the winners emerge might also seem irresistible. There's only one drawback to this temptation: It may be unsustainable in the face of pressure to do something about cloud computing. In his blog, well-known commentator David Linthicum points out: "IT's cloud resistance is starting to annoy businesses." He notes that "a new study from Accenture and the London School of Economics and Political Science's Outsourcing Unit shows that there's a gap between business and IT. Businesspeople see the excitement and business benefits of cloud computing, so they're pushing for it. However, IT people see cloud computing as causing issues with security and lock-in, so they're pushing back." And that, says Linthicum, is causing frustration among business units. Certainly one can relate to this. I had the misfortune of participating in a cloud computing panel that included a security expert and I have to say his endless repetition of security 'issues' and 'challenges' (that could be addressed, needless to say, merely by engaging him to consult on the topic) reminded me of a famous Winston Churchill quotation: "A fanatic is one who can't change his mind and won't change the subject." Nevertheless, it seems to me that, despite the tireless, endless recitation of cloud computing security issues, there exists a genuine concern on the part of IT organizations regarding cloud computing security and privacy. Which raises the topic of asymmetric risk. In looking at the opportunity to adopt cloud computing for a particular initiative, the rewards and risks associated with that decision are asymmetrically divided between business and IT. The business unit, which typically presses a reluctant IT organization to get with the program and adopt cloud computing, stands to gain most of the benefits associated with a successful rollout of the initiative. The quicker response to customers, Raining on the Cloud increased revenues, reduced costs, all adhere to the business unit. Any Read what's holding back the positive outcomes will redound cloud in Are Security Issues to the lucky business unit, and Delaying Cloud Computing? on the motivation to press for cloud c computing are significant.

Vol/6 | ISSUE/09

Coloumn_Spoilt_by_choice.indd 27

Meanwhile, should any security or privacy problems develop with a cloud computing initiative, responsibility will overwhelmingly fall upon the IT organization. The business unit executive will, quite reasonably, point out that ensuing the security and privacy of the application must lie with the experts: IT. It makes perfect sense that IT would be extremely cautious about cloud computing. Asymmetric risk/reward distribution practically guarantees that the different parties associated with a decision will focus on different factors and be motivated to behave differently. And one can't say that IT delay in adopting cloud computing is therefore irrational or petulant. It's a natural reaction to an environment in which negative outcomes fall disproportionably upon IT. Regarding cloud computing, IT organizations might, quite reasonably enough, avoid absorbing additional risk as long as possible. It's not clear how the problem of asymmetric risk can or should be addressed. The proper reaction to one group (business units) over-enthusiastically embracing a technology without considering its risk is not to prescribe that the group charged

Faced with a ridiculous deluge of cloud computing products, IT leaders feel overwhelmed by the multitude of options and therefore choose to put off making any decision. with evaluating risk also join the party and throw caution to the winds. On the other hand, I see many IT organizations citing security and privacy concerns as reasons to not move forward with cloud computing when, I suspect, they are really suffering from the surfeit of choices facing them. It would be better to acknowledge the 'choice paralysis' and address it rather than citing security and privacy as justifications for delaying moving forward. That's why I recommend IT organizations to begin working with cloud computing knowing that the initial choice of cloud computing platform might very well not be the long-term selection. Given that perspective, it makes sense to move forward aggressively with some choice, while architecting the initial applications so that migration to other clouds is possible. The learning generated by actually implementing and rolling out a cloud computing application far outweighs anything that can be grasped through meetings, webinars, sales meetings, conferences, and the like. CIO Bernard Golden is CEO of consulting firm HyperStratus. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date. Send feedback on this feature to

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 5:56:33 PM


Network Fabrics for the

Modern Data Center In a very real sense, the network created today’s data center; now, in an ironic twist, modern

data centers require a new network - one that can help herald the data center into a new era.

s business requirements drive information technology in new directions, the network is defining the data center of the future. The early mission of providing user access to applications remains, but modern networks are also connecting systems and even data centers to create cloud computing infrastructures that share a common set of global processing, storage, and application resources. Storage networking is exploding as enterprises look to merge their storage environments with their data center networks. Interprocess communications (IPC), the glue that binds service-oriented architectures (SOA), is also growing as a network application, to the point where it rivals user connectivity. Networks and data centers are entering into a new, tighter, and more exciting partnership.

Fabric technology dramatically simplifies data center network, thus reducing costs.

Enterprise sensitivity to delay and packet loss is spreading horizontally to all sectors. Virtualization, cloud computing, SOA, and the ever-expanding operational demands to improve productivity using information technology are all driving the data center into a new era. Applications, information, storage, processing, and networking are now equally important elements in the data center, and each must evolve to optimize and support the others. New requirements create new demands, and new network capabilities open avenues for improvement in IT process costs and efficiencies.

Old Architecture Cannot Support New Requirements Unfortunately, networking technology hasn’t kept pace with the other innovations in the data center. LAN technology, and Ethernet in particular, have traditionally provided the connectivity required to support the growing number of applications used in business operations. However, Ethernet switches don’t have an infinite number of ports or infinite backplane capacity. Therefore, enterprises were forced to build hierarchical “tree structure” data center networks with switches arranged in layers to provide the necessary port densities, creating a “north-south” traffic pattern. Traffic between ports in the same rack could be carried by a single switch. But as the number of racks grew, the number of switching layers involved in every transaction increased phenomenally. This network model has a distinct deficiency: it needs multiple switch transits to achieve universal connectivity. Every time a data packet for an application passes through a switch, it must be read in, decoded and routed, then written out.


Every such passage imposes additional latency and subjects the data packet to random collisions with other traffic that can cause even more delays or packet loss. Network architects have sought to limit these problems by ensuring that the output connections for switches—the “trunk”— were ten times the speed of the port or input connections. That favorable output ratio was maintained by closely monitoring utilization and adding additional capacity when traffic levels crossed the 30% threshold. The evolution of the data center network has largely been driven by the data center’s mission - which is to connect users to applications. While this mission is essentially responsible for the current hierarchy-ofswitches architecture, it has also helped hide that architecture’s deficiencies. However, some vertical markets such as finance are now suffering from the limitations of the multilayer switch hierarchies.

New Traffic Patterns Drive New Network Designs SOAs, virtualization, and cloud computing have had such an impact on data center traffic patterns that today, approximately 75% of the traffic can be characterized as east-west. In order to optimize the performance of data center traffic, the traditional tree structure must be abandoned in favor of an any-to-any storage/server mesh that can eliminate the need for traffic to travel north-south before it can flow east-west. While most enterprises still use specialized storage switches like Fiber Channel to link servers with storage devices, there is growing interest in consolidating storage networks with the rest of the data center network. This can help realize efficiencies of scale and reduce the number of siloed networks that need to be maintained and managed. The current trends toward virtualization and cloud computing are likely to accelerate this shift, and this means that storage traffic will be added to user and application traffic in the data center. Application components and pool resource management processes also need to be connected in order to coordinate their interactions. This type of traffic is “invisible” to the user in that it’s not something client systems and their users are directly

BENEFITS OF FABRIC TECHNOLOGY Flattening the network reduces the number of layers and weaves the remaining components into a common “fabric” that provides any port with dependable, high capacity connectivity to any other port, from any location. Fabric technology enables multiple networking devices such as switches to be operated and managed as a single, logical device. By fundamentally reducing the number of networked devices to manage, fabric technologies dramatically reduce the cost and complexity associated with large data center networks, while improving performance and efficiency. By reducing switching layers, a fabric will also reduce the number of switches that traffic has to pass through, eliminating the primary sources of delay and packet loss present in today’s hierarchical networks. Since a fabric is also managed and provisioned as a single device, it vastly reduces the operational complexity of the data center network, accelerates application and user provisioning, and reduces common errors associated with switch configuration management that can impact application availability.

involved with. However, the way this traffic is handled may be a major factor in the user’s experience with key applications, which means a change in traffic management can impact productivity.

The New Network Requirements

Simplification: Enterprises report that errors and problems related to application setup, device changes, scheduled maintenance, and failure response account for as much as one-third of application downtime. Manual provisioning of data center networks is growing impossibly

complex, but the tools used to automate the provisioning process are themselves subject to errors—caused by the very network complexity these tools are designed to support. Low Latency, High Bandwidth and Low Congestion: No matter how good or how fast an individual data center switch may be, a multi-tiered hierarchical collection of those switches will induce complexity and performance problems.

The New Network Requires a Scalable Network Fabric Creating a common network fabric requires interconnecting the individual, independent devices that currently populate the data center so that they “collectively emulate” the behavior of a single, logical device that reflects the following characteristics: Any-to-any connectivity: A true fabric must provide a direct connection between any two ports. Flat: A fabric must support single step/ lookup-based processing. Simplified management: A fabric must present itself as a single entity with a single point of management. Single, consistent state: Regardless of its various components, a fabric must appear on the outside as a single, logical device with a single, consistent state. The fabric concept is not new; switches have always had a fabric in the form of a backplane that connects all of the ports on the switch. The key is to extend that perswitch fabric to achieve full connectivity, deterministic performance, and unified operations throughout the entire data center. To accomplish this, it is essential that the devices that comprise a fabric behave more like a single logical device than a set of switches connected in the traditional hierarchical model.

This Section is brought to you by IDG Custom Solutions Group in association with

Undercover Officer


Broken Windows in the Boardroom It’s the CSO’s job to clearly articulate expectations about corporate behavior and establish accountability.



’ve long heard it said in public-safety circles that if a broken window in a building is left unrepaired, the rest of the windows will soon be broken as well. In other words, neglect is a signal that no one cares and will ultimately only invite more disorder. I’m sure the notion of order maintenance could apply to the way we police our businesses. But instead of broken glass or graffiti, our indicators are unclear expectations, a lack of accountability and a willingness to simply look the other way. Yet shareholder and employees have the right to expect a safe, predictable environment that malfeasance and poor ethical hygiene sometimes threaten. Imagine, if you will, a particularly talented software engineer engaged in a high-visibility project that has CEO interest and strong financial support. A routine audit of his travel reveals several months of false expense claims involving entertaining fellow employees at bars and adult clubs. For fear of derailing the project, his manager tells audit, “It has been taken care of,” and merely scolds the employee. Or what if an investigation confirms a clear case of embezzlement by a highlevel finance employee who eventually admits to years of theft involving a half million dollars? Management declines to prosecute to avoid adverse press and merely fires the employee after partial restitution. The employee is hired by another

j u LY 1 5 , 2 0 1 1 | REAL CIO WORLD

Anonimous_colunm.indd 2

company in a similar position shortly thereafter. What’s the big deal, you ask? These aren’t instances of great corporate crime or front-page scandal. In larger companies especially, the damage is lost in the rounding. Has anyone really been hurt? How many names do you want? In the past two decades, many big businesses world over have been involved in numerous scandals and high-level wrongdoings. At first glance, you might think they were fat cats playing it fast and furious with the books that their problems weren’t caused by trivial matters. Kind of like comparing a bank robbery with stealing books from the library, right? Well, don’t kid yourself. These stories of shame started with broken windows, and that’s why these big companies are in trouble today. But how to vet trust in a company’s integrity in addition to its financial opportunity? One way is to have a comprehensive security program, grounded in accepted policy, visibly supported by senior management and led by a highly competent CSO. Within that charter is a clear mandate to manage a system of controls Vol/6 | ISSUE/09

7/11/2011 5:59:06 PM

Undercover Officer


and safeguards that measurably contribute to the ethical hygiene of the organization. The CSO can be a key player in the corporate governance team and in the reputational risk management of the organization. But how do we build the program to make that connection? The devil is in the details. Let’s assume you and I are on a team to review and recommend a business conduct policy framework for our organization. We’ve been asked to build the framework within an established set of corporate values that has integrity as its center-piece. The chairman and the board have made it clear that we are an ethical company where our shareholders and employees can be assured that we will do “the right thing.” Having been on that team, I’ll tell you that you don’t start by thinking about felonies and misdemeanours. You don’t ask the difference between naughty misconduct and outright bad behavior. At its core, it’s about good hygiene and individual accountability. Companies are selective in deciding what is right or wrong. If a top executive pads his expenses once in a while, it might be overlooked, but if a temporary employee or some hourly worker did it, I bet she’d be gonzo in a heartbeat. Yet it shouldn’t be about big shots and blue collars, plaques on the wall and speeches about values. It’s about a culture where accountability for doing the right thing is the way things are done. Period. Of course, it makes a great sound bite, and it’s easy to say. But it’s very, very difficult to implement. To make integrity a cornerstone of a company’s culture, you need to make a clear business case. That starts with a commonsense acceptance that, without

Mr. Moral Police To learn more about the CSO’s role, read The New CISO: How the Role Has Changed on www.


Anonimous_colunm.indd 4

j u LY 1 5 , 2 0 1 1 | REAL CIO WORLD


Integrity shouldn’t be about big shots and blue collars, plaques on the wall and speeches about values. It’s about a culture where accountability for doing the right thing is the way things are done. the trust of the shareholder, the customer and the employee, there is no business. In other words, trust has an economic as well as an altruistic value. WhoYa Gonna Call? Ultimately, who is responsible for setting the standard of ethical behavior? For looking for the broken panes in the various corporate windows? First and foremost, of course, are the board and CEO, who together set the tone and reinforce the values at every opportunity. They demonstrate the commitment to integrity in daily business conduct. The policy infrastructure becomes a constant reference point for business conduct. My company has more than 30 core business conduct policies published on its intranet and scores of related, more technical policies within various elements of the company. A critical element in the program is a module in the various manager training and development programs. The local business executive, preferably the first-line manager, is also paid to know the neighbourhood and work the streets. He becomes the agent of the culture and the behavior model. Show me a manager who demonstrates the wrong values and I will guarantee his work group has other problems that would interest security and others. After the first-line manager comes a team of governance, oversight and administrative resources security, audit, ethics, compliance, legal, HR, finance and others. They are in unique positions to see anomalies, failures or flaws in controls, lessons from various incidents, opportunities for improvement and feedback to management. Once employees see management’s

commitment to a system of processes, procedures and safeguards that assure their concerns will be protected, you’ll start to see order restored. Security, legal and HR departments are keys to that element of the integrity infrastructure. Once you connect the dots, you start to realize that it isn’t that you have a bad guy in production, it’s that he has a bad manager who set a bad behavior standard that created a problem in the first place. And it doesn’t stop there. Why didn’t that manager’s manager realize the emerging issue? Where was human resources in the exit interviews, in the daily interactions? What about the internal audits? After a significant internal incident, when you peel the layers back, you find evidence everywhere. The post-mortem has to find the root causes so that you’re not destined to repeat those mistakes. If the CSO has unique linkages to his governance peers and proper access to the top, he can put the disparate pieces from the multi-departmental findings together and end up with a picture of internal risk dynamics that’s not available elsewhere. You might say that CSOs have the means to eliminate plausible denial. Effectively connected CSOs have a bird’s-eye view of those and other disparate pieces of data on corporate hygiene. They connect the dots that others don’t even see. As such, they are critical to corporate integrity. CEOs and other senior executives need to make room for this perspective if they hope to positively affect corporate strategy. CIO This column is written anonymously by a real CSO. Send feedback on this column to editor@

Vol/6 | ISSUE/09

7/11/2011 5:59:06 PM



OPEN FABRIC DATA CENTER AND ITS IMPACT ON CLOUD COMPUTING Virtualization and cloud computing are transforming the data center landscape. Broad adoption of virtualization and storage convergence have led to network fabrics contributing to services in support of these technologies. What is driving the changes in data centers? The cost of 10 Gigabit Ethernet connections is dropping rapidly, and virtualization and storage convergence are driving more bandwidth directly from the server edge. As a result, more powerful networks – or network fabrics – are on the horizon. Several of the key drivers are the migration of server connectivity from 1 to 10 Gigabit Ethernet and network aggregation connectivity from 10 to 40 Gigabit Ethernet, with plans for future 100 Gigabit Ethernet deployments. What is a network fabric? A network fabric in its simplest manifestation is a mechanism to interconnect various components in a simple, efficient, scalable and cost-effective manner. With the broad adoption of virtualization, as well as the move towards storage convergence, network fabrics are taking on a new dimension of providing services in support of virtualization, storage and other emerging applications.

date newer applications and technologies is also becoming important. Are network fabrics capable of supporting open technologies? Absolutely. Most organizations, whether they are private or service provider-based, do not want to get locked into a vendor specific proprietary technology, particularly in view of the fact that the technology landscape is changing so rapidly. They want to control costs and enable feature and deployment options going forward. And if you look at the technology landscape, the pieces that allow you to build high performance fabrics are available in an open standards based approach. How does Extreme Networks fit in? We have recently announced the Extreme Networks® Open Fabric Data Center solutions, a portfolio of cloud-scale data center switches that allow organizations to build highly scalable, mobile and virtualized networks more cost-effectively. These solutions feature market-leading performance, low latency and energy efficiency. They leverage standards-based technologies, preserving existing investments while bringing new innovations that drive cloud-scale networks. Just as importantly, the solutions help drive down both capital and operational costs, reduce complexity of network design, and provide customers a roadmap to transition from physical to virtual to cloud based models, without forcing a “rip and replace” philosophy.

The ability to deploy and support newer applications and technologies is becoming important.

What are some attributes of a network fabric? First, a fabric must provide high-speed, low-latency interconnectivity. It should be non-blocking, in other words, non-oversubscribed. There must be multiple active paths with fast failover to maintain service levels. These attributes tend to be those of mesh topologies, so mesh connectivity would be preferred over a typical tree topology. Then, as with any network, simple management, configuration and provisioning are very desirable. As mentioned earlier, the ability to provide extensibility to accommo-

SHEHZAD MERCHANT Vice President of Technology, Extreme Networks Shehzad Merchant serves as VP of Technology at Extreme Networks, where he drives strategy and technology direction for advanced data center networking. With over 17 years of experience, and an engineering track record that is highlighted by the achievement of several technology patents, Shehzad is a veteran of wired and wireless Ethernet and communications.

What are Extreme Networks Open Fabric advantages? The Extreme Networks Open Fabric Data Center solutions leverage our ExtremeXOS operating system end-to-end and emphasize wire-speed switching of up to 128,000 Virtual Machines, intelligence to automate Virtual Machine mobility through our XNV solution, plus standards-based, non-blocking high density 10 Gigabit Ethernet server connectivity and non-blocking high density 40 Gigabit Ethernet fabric interconnect with multi-path forwarding that is also designed to evolve for 100 Gigabit Ethernet. It also enables network and storage convergence, and simplifies network provisioning through support for standards-based OpenFlow technology. Just as importantly, it is an open standards-based solution. This Interview is brought to you by IDG Custom Solutions Group in association with

Mike Hugos


Move Over Mr. Know-it-All As the role of the CIO takes a new shape—that of a business partner—CIOs need to be careful to not step on the business’ toes.



ith many traditional IT functions moving to the cloud and technology changing so fast there is a lot of talk about what CIOs and their IT groups should do now. There are a lot of ideas for how IT groups should retrain and re-orient themselves to be part of what is happening in business. Today, CIOs are expected to know what the business wants and are increasingly being considered as business partners. According to the State of the Indian CIO 2010, 30 percent of CIOs believe that business leaders perceive IT as a trusted business partner, that’s 8 percent more than IT leaders who felt business perceives IT as a cost center. At a conference, I was part of a group discussing what the role of the CIO is today and what is expected of him. In the group was an eager new CIO with big ideas, a CIO who had been in the job for a while, an IT industry analyst and a senior consultant. And all of them had their own take on what makes a CIO tick today. It was lunch time and we were sitting in the dining area next to the vendor exhibits at the conference. The eager new CIO said, “I think the most important thing for CIOs today is to find ways to use IT to make money. Cost cutting is fine, but if IT remains a cost center it will inevitably be outsourced.” He said this as he looked around at the vendor display booths. “More than half these vendors are pushing new SaaS and cloud offerings. It makes me nervous; the writing’s on the wall.” “You should be nervous,” observed the IT industry analyst. “Free market dynamics relentlessly push companies to focus on their core competencies—those things their customers pay them for—and it pushes companies to outsource support


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

VO l/6 | ISSUE/09

Mike Hugos

CIO Role

CIOs have to let the business lead or at least think they are leading, and they need to look like the perfect partner all the while. Otherwise, business will look at you as a trespasser. activities that are just cost centers. And running datacenters is a big cost center in most companies.” The eager new CIO said he knew that and went on to say, “Every product and service my company makes needs IT as part of the mix and I see all sorts of ways to enhance our products. I’m training my people in agile development so we can deliver systems faster. We’re going to develop a bunch of new services that our customers will pay us for.” The veteran CIO who had been quietly listening to this exchange put down her cup of coffee and said to the eager new CIO, “I don’t want to rain on your parade, but remember, you need to partner with the business; don’t think you know best. I made that mistake. I went off on my own and launched some projects thinking I’d show them what I could do.” “And what happened?” asked the senior consultant. “Let’s just say I wasn’t welcomed with open arms,” she replied. “I stirred up some serious resentment.” The senior consultant followed up with another question, “But there are all these new technologies; you have to keep trying new things,” he said. “If you wait for the business to understand what they can do you’ll never get anything innovative done. I’m always telling my clients about things they can do with all this new stuff.” “And how’s that working for you?” she asked with a smile. “It’s hard to get people to listen to me actually,” said the senior consultant. “People sort of turn off when I start telling them about all the things they can do.” “Maybe you’re being too pushy. Maybe you’re coming off like a know-it-all.” Then the IT industry analyst chimed in with the assertion that technology leaders must engage with their business peers and educate them on what’s happening. IT needs to take a step back and ensure it doesn’t cross the line with business. But CIOs still needs to bring case studies to the executive team and ally themselves with business execs to gain consensus and support. He advocated using metrics and logical presentation of facts to create agreement. “Only then, will the CIO be successful in bringing value and therefore succeed in being Mind the Gap considered part of the team. And that’s important if CIOs want to To read more about business-IT be perceived as strategic business alignment read Transforming partners,” he said. Your Role on But to be a strategic business c partner, CIOs need to provide the

Vol/6 | ISSUE/09

Coloumn_know_it_all.indd 27

business with ideas to generate revenue and—perhaps—get out of the cost-cutting mind-set. There was a pause and then the veteran CIO asked a question: “Is the role of IT to grow revenue or cut costs?” She answered her own question and said, “The answer is yes to both; but be a partner—never attempt to force your ideas; you have to be really responsive.” Otherwise, she said, business will look at you as a trespasser. The eager new CIO agreed right away and launched into a list of things he was going to do to help his company make money. He reiterated how he was training his people in agile development and described more of his ideas, “Cloud computing, social media, mobile computing; I’m working on ways to link those technologies with our internal systems so we can connect with customers and empower users and drive new business models.” The veteran CIO looked at the eager new CIO and said, “Yes develop your staff, integrate new technology and tell the business what you can do. But remember: You don’t lead, they do.” “But I can’t just wait for people to come to me, I have to make things happen,” replied the eager new CIO. “Be careful,” said the veteran CIO, “you have to let the business lead or at least think they are leading, and you need to look like the perfect partner all the while.” We sat there thinking that’s a pretty tall order. How can a CIO do that? Then, as if reading our minds, she said, “Consider this: Who got top billing—Fred Astaire (an American actor, singer and dancer) or Ginger Rogers (an American actress, singer and dancer)?” We shook our heads not knowing where she was going, and turned to her with questioning looks. She answered, “Well Fred was good and he got top billing, but Ginger did everything he did, only she did it backwards and in high heels. So who was leading who—do you see what I mean?” CIO

Mike Hugos is CIO-at-large and agility mentor at Center for Sytems Innovation. He is also the co-author of CIO Best Practices: Enabling Strategic

Value with IT. Send feedback on this column to

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 5:55:51 PM

for_fullpage_and_spreads.indd 26

7/26/2011 12:47:02 PM

for_fullpage_and_spreads.indd 27

7/26/2011 12:47:03 PM

Alternative Views

staff management

Does Age Come in the Way of Technology Adoption? There are the veterans and then there are the superusers. Does this generation gap impact technology adoption? Two CIOs debate.


always factor in the age demographics of my end users while devising the organization’s IT strategy. Innovative IT initiatives engage a vast range of employees, both young and old. And that’s important to watch because the success of technology initiatives lies in accurately predicting, changing, and responding to the ways people think and act. Hence, we need to slice and dice our user groups to comprehensively understand their age demographics, analyze their technology maturity patterns, and predict their response to change. This helps in efficiently handling the people side of technology. Only then can we generate maximum business value. No matter how robust your IT strategy is if you do not take age into account, your strategy could fail.

There is a technology generation gap in my organization too. Senior management is over 40-years-old and at times it might not be inclined to adopt every new technology. But Gen Y is more technically oriented, and on some occasions, it has also acted as a change agent and infused new ideas. It’s my job to try and mine this generation gap and find a middle path. You can’t have a ‘one size fits all’ approach. If we are to introduce new technologies, we need to bear their adoption and usability in mind. And that’s where analyzing age demographics can help. They ensure that new initiatives are accepted quickly and also make change more palatable for users. If you don’t slice and dice your user groups, your project might veer off track and people could choose to go back to old ways of working.

”You can’t have a ‘one size fits all’ approach. You need to understand the users’ age demographic, analyze technology maturity patterns and predict their response to change.” —Rohan Deshpande, CTO, Ogilvy & Mather 40

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Alternative_Views.indd 34

Vol/6 | ISSUE/09

7/26/2011 11:28:43 AM

staff management


he te c h n o l o gy generation gap does not affect my IT implementation strategy in a very big way. But if it crops up, it is the IT department’s job to overcome change management issues. We need to have a robust strategy in place to educate, orient, and train the users. Having said that, going down to the level of categorizing users based on their age demographics is not vital. If business imperatives and benefits drive a project then we can let generation difference take a back seat. In the meanwhile, we can work with users to decode how a project will impact them. Whenever new technologies initiatives are in line with business strategy and the expected ROI is very high then technology gap and age demographics can be overcome by providing training to the end user. And if it is not an immediate imperative and is more of a good-to-have then the decision is taken in consultation with functional teams. If there are immediate intangible benefits and long-term tangible benefits, then the project is implemented. I do not slice and dice my user groups according to their age profile to understand user acceptance before

“If business imperatives and benefits drive a project then the technology generation gap needs to take a back seat.” —T.S. Purushothaman, VP-Corporate IT, Reliance BIG Entertainment initiating my projects. We do not base our decisions on age of people. It is based on the contribution and interest taken by the individual in the project to drive the project and derive benefits out of the project. We ensure that all support is given to the user (irrespective of age) in terms of training and consulting. While crafting my IT adoption strategy, I am not concerned about how users of different age groups will respond to change. In my opinion, IT adoption is based on an individual’s interest in the project rather than his age. Sometimes even two people of the same age group do not show the same level of interest. Therefore, it is based on the individual’s interest and inclination to learn and get involved. CIO

As told to Sneha Jha. Sneha Jha is senior correspondent. Send feedback to


G<ECH;<>H8=7=CHF 5DD@=75G=CBC:=G



Alternative_Views.indd 35

P hotos by fotocorp

Alternative Views

85| BANKING ON BRANCHES SBI introduces NextGen banking with its initiative to transform its branches.

90 | IT + BUSINESS = BUSINESS SENSE Projects need to be seen as a business-IT project to succeed, says Ujjwal Mathur of TCS .


7/26/2011 11:28:47 AM


the rules of networking with the power of convergence.

reSHAPING NeTWOrK ArCHITeCTUre FOr TOdAy’S dATA CeNTerS Subhodeep bhattacharya, Director, HP Networking, India.

The sheer scale of today’s data centers is fundamentally changing the rules of building the supporting networks. New technologies that stretch those networks across multiple, physical sites are in demand. Can legacy data centers cope with the requirements of the new on-demand world? New application architectures and software deployment models are fundamentally transforming the data center. Server virtualization, cloud computing and XaaS imperatives are altering data center traffic flows, escalating bandwidth and performance demands and introducing new security and service orchestration requirements. Legacy data center networks

are simply too complex, costly and rigid to meet the needs of the new on-demand world. Tomorrow’s virtualized data center demands more agile, efficient and scalable networking solutions. What has given rise to today’s new ‘mega data centers’ and how are they different from those of yesteryears? For many enterprise customers, the Data Center is the business. With mission-critical applications and services deployed

to provide the foundation for day-to-day operations and delivery of end-customer services, the data center must deliver unquestioned availability and meet stringent service level agreements. Exploiting server virtualization and low-cost computing power, customers are deploying more and more sophisticated applications on a larger scale. Furthermore, to reduce the sheer complexity and improve operations of these deployments, customers are seeking to consolidate fragmented, dispersed facilities into fewer, centralized locations. These new ‘mega data centers’ are fundamentally challenging how networks must be built. Today’s networks must be designed to deliver much higher levels of performance, scalability, and availability than before to meet service-level agreements and maintain continuity of opera-

HP NetworkiNg

tions. Beyond sheer performance, these data center networks must quickly recover from hardware- or software-related faults and protect against server, storage, network, and application vulnerabilities to ensure continued performance and minimize service disruptions. The traditional boundaries between network and server administration are being redefined? What is causing this? The adoption of increasingly powerful multi-core-processor servers, higherbandwidth interfaces and BladeSystems is dramatically increasing the scale of data center deployments. Now, thousands of virtual machines can be deployed in a single data center to consolidate infrastructure and streamline operations. These largescale solutions are dramatically increasing network performance requirements at the server edge and across the extended network. Likewise, virtualization and VMotion/Live Migration tools for moving virtual servers are introducing high-volume machine-to-machine traffic flows and impacting existing administrative practices creating a new “virtual edge” that blurs the traditional boundaries between network and server administration. What are some of the new application architectures and what are their requirements? Traditional client-server software and infrastructure deployment models are being displaced by new application architectures and service delivery models that are reshaping the data center. Web 2.0 mashups, SOA solutions and other federated applications are being widely deployed to deliver integrated, contentcorrelated, context-specific information and services to end-users within the enterprise and beyond. These deployments drive new, bandwidth-intensive traffic flows within the data center and demand low-latency, high-performance server-toserver and intra-server, virtual machine-

to-virtual machine connections. At the same time, cloud computing and XaaS initiatives are introducing more stringent service level and security demands and driving requirements for a more agile and dynamic infrastructure. How are companies benefiting by employing server virtualization? Beyond driving the need for better serverto-server connections, server virtualization provides customers flexible tools for migrating virtual machines within the data to optimize operations and improve availability.

Network resiliency and high availability take on a new, heightened level of importance. ”

With hundreds or even thousands of virtualized applications now in play across multiple, consolidated data centers, network resiliency and high availability take on a new, heightened level of importance. Network platforms and designs must be able to recover quickly from hardware and software faults to maintain continuity of service. Server virtualization also provides the means to dramatically improve business agility and continuity across a multi-site enterprise infrastructure. Today most enterprises implement cold or warm standby solutions in which applications and data are backed up at a secondary site for disaster recovery purposes. An entire shadow infrastructure sits dormant most of the time.

Can conventional Layer 3-oriented WAN solutions meet the performance expected in distributed workload scenarios? Enabling distributed workloads and replicating data and applications across multiple, geographically-dispersed data centers are a challenge. Conventional Layer 3-oriented WAN solutions cannot meet the stringent performance and latency requirements, and server virtualization technologies require contiguous network domains. Customers wishing to extend and connect Layer 2 networks across data centers require connectivity and technologies that stretch those networks across multiple, physical sites. Are HP’s networking solutions flexible enough to meet diverse customer requirements? How? At the core of HP’s approach to building data center networking solutions, HP Networking platforms are built using open-standards technologies and built to interoperate with the entire range of 3rd party server interfaces and standardsbased switches and routers across Layer 2, Layer 3, IPv4, IPv6, MPLS, and VPLS protocol deployments. This ensures compatibility with existing network equipment and provides flexibility to integrate best-in-class third-party capabilities. HP offers flexible network designs to meet diverse customer requirements. Customers looking to protect investments in legacy core infrastructures can implement a three-tier traditional network design, and deploy cost-effective HP A-series Top-of-rack server edge and aggregation platforms that interoperate with their existing core switches. This approach allows customers to protect existing investments and gradually migrate to a more agile network design. At the same time they will be able to enjoy the benefits of IRF switch virtualization and cost-effective, energy-efficient HP A-series switches in the server edge and aggregation layers.

Cover Story

Business Intelligence

Analyze l lyze

This If you think you know what you’re getting into with a BI project, think again.

By Anup Varier and Gunjan Trivedi

That promise is driving the Indian market for BI software to grow a snappy 15 percent during 2010, according to Gartner. Despite that, India will account for less than a percent of the $10.8 billion (about Rs 49,500 crore) expected global revenues for BI in 2011. The reasons for this anomaly are aplenty. It is an open secret that most business decisions in India are based on instinct. While this method cannot be dissed entirely, there is an important role that BI can Reader ROI: play. Another reason for its low adoption is that the technology is only expected to Challenges that can reach its tipping point once the ERP, CRM and SCM systems have been stabilized. blindside a BI project And Indian enterprises are still in the process of maturing these. The dangers of But in the meanwhile, business is getting more complex. According to estimates, not seeing BI as a Indian organizations create 2.5 quintillion bytes of data everyday. An increasing number business project of enterprises believe that this staggering number masks hidden opportunities. And Why BI is a work in more are willing to do what it takes—no mean feat—to create BI systems that will help progress them produce what they couldn’t have previously imagined. If you are one of them, this is a great place to start. A number of Indian CIOs leading successful BI projects and experts, offer advice on the challenges you will face before, during and post a BI project. Time to parry, gear up. Vol/6 | ISSuE/09

P hoto By ro hIt GuPta

Business intelligence (BI) means many things to many people but there is one thing that it is most definitely not: an oxymoron. While it isn’t a tool that will come up with new ideas on your behalf, BI, when used correctly, offers insights that can be turned into what is called actionable intelligence and used to advance the business.

Cover Story

Business Intelligence

Veneeth Purushotaman, Head-Technology, HyperCITY Retail, says itâ&#x20AC;&#x2122;s vital to moderate BI vendor pitches to senior management.

Vol/6 | ISSUE/09

Coverstory_BI.indd 45

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 4:15:02 PM

Cover Story

Business Intelligence

Pre project BI is a thoroughly misunderstood term. Get to what it means and why you need it. A true understanding of business intelligence (BI) starts with an appreciation of what it is not. BI is not about Excel-based reporting presented snappily on a Webbased platform. In fact, it is not about reporting at all. At HyperCITY Retail, a leading player in India’s burgeoning retail segment, business leaders realized this early on. They figured that their Excel-based reports continuously fell short of their wish to empower every decision maker in the organization. This made them shift to multi-dimensional information cubes provided by BI platforms. “We realized that it’s not about the number of reports you deliver. If that were the benchmark, then all you needed was an OLTP (online transaction processing) or an MIS (management information system),” says Veneeth Purushotaman, head-technology, HyperCITY Retail. The move would prove to be crucial, especially in the highly competitive sector HyperCITY operates in. The visibility that the BI platform lent the business enabled HyperCITY to draw insights from customers’ buying patterns and introduce targeted customer promotions that were different from all others and were something customers looked forward to. This double whammy lowered costs (that they would have otherwise incurred on mass media advertisements) and also helped the retailer substantially increase revenues from promotions. If you’re wondering how much an impact a BI system can have on revenues, then figure this. Through insight s delivered to them by BI, HyperCITY realized that there were a lot of customers who enrolled into their loyalty programs but visit the store for several months. That idea was the seed behind a promotional offer, which saw a 21 percent response rate and translated into Rs 2 million worth of sales. “BI helps us get insights by providing the capability to look into multiple aspects of data,” says Purushotaman. There is no end to the directions a business can take with a piece of

A board-level sponsor for BI is like a ‘cheerleader’ who boosts the project. Without such a sponsor business interest will fade fast. 46

Coverstory_BI.indd 46

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Getting Ready for BI

data. “But in an MIS system all you will ever know is the numbers against each department,” says Purushotaman. Moreover, reporting can only provide a business with static information and, as a result, gives the user only a descriptive ability. But with BI, users also get analytical, prescriptive, and predictive abilities. “For example, a sales report may well describe that sales for certain products are dropping suddenly. However, when a sales director tries to explore the causes to rectify the situation, these reports might not be of much help,” says Dr. Darshan Desai, professor of management, Berkeley College, New York. India Infoline, a large brokerage firm that deals in a range of financial services and caters to almost a million customers, also realized why MIS reports just wouldn’t cut it. CIO Sankarson Banerjee, says they were unable to figure out the reason behind poor sales during a certain period or the factors that influenced the successful performance of specific funds from the reports that they had. It was true that they didn’t find it difficult to deal with onedimensional questions of department-wise sales numbers and the likes with an MIS but sooner than later the queries that were being sent to the IT department began to get increasingly complex. “The reality is that you don’t always know the questions to which you are looking answers for. When it came to the harder questions we realized that we needed a more intelligent way of digging for answers,” says Banerjee. And the BI system was the answer. It provided them with much needed visibility, which, in turn, helped boost revenues. And that anchor in the business is also why BI can’t be treated as a traditional app development project. “BI requires a greater understanding of the business and its drivers,” explains Cindi Howson, founder, BI Scorecard and author of Successful Business Intelligence: Secrets to Making BI a Killer App.

Senior management tends to think of BI as a magic wand. But a wand is only as good as the sorcerer who wields it. There are generally two ways business leaders are exposed to BI: Through a vendor demonstration that’s organized by the CIO or via seminars. In either case, at the time of their presentations, most BI vendors showcase multiple features, which business leaders generally fall for. What they don’t realize, however, is the shallowness of the data that the demo is conducted on. “If vendor presentations are being moderated by you then you have some amount of control on what is being showcased in front Vol/6 | ISSUE/09

7/11/2011 4:15:02 PM

Cover Story

Business-IT Alignment

of senior management,” says Purushotaman. “But if they have come across the idea at a seminar then you need to inform them of the ground realities and how an implementation at your organization would have different results from what they’ve seen. In our case, though the vendor’s presentation was moderated by us, we had to do multiple sessions with the business to come to a consensus regarding the scope of the project.” Rationalizing the scope of a BI project and presenting a realistic picture to senior management at the very outset is important. According to Purushotaman, the best way of doing this is by producing a proof of concept. “It was a challenging task and takes a lot of effort. The whole procedure has to repeated for the actual implementation, but it helps bring expectations closer to reality,” he says. While implementing HyperCITY’s BI solution, Purushotaman also realized that few vendors initially talk of the components that go into a BI stack, which is, in fact, very high. A BI tool bought off the market is just an application layer that sits on top of a proper data layer. This in turn is backed by proper data warehousing, an

Vol/6 | ISSUE/09

Coverstory_BI.indd 47

ETL layer, and the hardware that will support it. None of this comes cheap. “So we looked at the stack in its entirety while presenting it to senior management because we knew that a piecemeal approach was unlikely to succeed,” says Purushotaman. In order to keep expectations real, it is also necessary to present the advantages of BI in broad-based overviews. “Much of the promise of BI is based on great examples from other organizations,” says Banerjee. “We clearly informed business leaders at India Infoline that results are not just a consequence of the quality of the tool but also depend largely on the users who handle it.” There’s another lesson Banerjee learnt early on: The more the number of variables, the greater the number of insights. “If your organization functions only on six to seven streams of incoming data then there is very little scope for a BI tool to bring out exceptional insight. But a stock broking firm like ours encounters hundreds of thousands of different streams of data and there is a lot of exciting opportunities to extract something interesting,” he says. REAL CIO WORLD | j u ly 1 5 , 2 0 1 1

P hoto by FOTO CORP

Dr. Mudit Kulshreshtha, former ED for EA and BIA at Angel Broking, says a BI project needs to be backed by champion with clout at the board level.


7/11/2011 4:15:09 PM


CIO100 is proud to present the musical genius of Colonial Cousins—the Duo of Leslie Lewis and Hariharan—who collaborated in 1996 to win several awards including the Best Album at the Channel [V] viewer’s choice award for their unique style of music.

26-27 AUGUST 2011 THE MARRIOTT, PUNE By Invitation Only



Cover Story

Business Intelligence


By its very nature, BI is not a CIO’s baby. “A CIO who simply acts as a gatekeeper to the data is not a good BI sponsor,” says Howson. It needs someone at the very top, ideally the CEO, to drive home the enterprisewide ramifications of a BI project. A board-level sponsor for BI can loosely be called the ‘cheerleader’ whose job is to boost the project forward. Without such a sponsor it is likely that business interest will fade quickly. Angel Broking, a stock-broking and wealth management company, for example, was keen to protect its customers by implementing a system that flagged fraud in real time and allowed business users to stop it. A BI project could accomplish that but it called for large investments, changes to core business processes, and the creation of new roles. “So the sponsor had to be someone at the board level who was suitably empowered to take calls across departments and cut across divisional boundaries,” says Dr. Mudit Kulshreshtha, who until recently was ED for enterprise applications and business intelligence

Project time Business units are surprisingly less willing to part with information than you think—and not always intentionally. A fundamental aim of all BI projects is to bring more clarity about the business to its leaders. At the Braj Binani Group, bottom line pressures that the company, like all cement players faced, led to a realization that growth would come from increased transparency, accountability, and the ability to take better informed decisions faster. But it also meant that a lot of people would need to give up whatever they might be withholding. And that, Rajesh Mohan, joint presidentIT and systems, learnt, was easier said than done. The information platform at Binani provides users with a basis to investigate the business process inefficiencies and execute quick and effective corrections. “These corrections affect both the top line and the bottom line quite directly in some of our businesses,” says Mohan. However, as the head of the group’s business analytics initiative, Mohan realized that believing that IT had access to all of the company’s data was a misconception. “Despite a top-down mandate, we still needed to get buy-in from users who knowingly or unknowingly put away information in silos. We only had access to information that was shared with us and was part of structured systems,” he says. 50

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

In order to convince a sponsor, CIOs need to establish a clear link between BI initiatives and the strategic goals that matter most to senior executives. Also, remember that it is important to estimate the tangible and intangible benefits of a BI project because the more the number of benefits, the greater the executive sponsorship and business commitment that will be required to see the project through. – Dr. Desai, Prof. of Management, Berkeley College, New york

and analytics at Angel Broking. “In our case,” says Purushotaman, “the CEO chose to be the strategic head, so we needed someone a level below him to handle the project at a tactical level. So the selection of a sponsor depended on the departments that we planned to initially target with the BI project and was based on the scope of the project that we had chalked out. While a CIO can play the role of catalyst and implementer, the sponsor has to drive it.”

In the Ring

A case in point is Mohan’s experience with Binani’s internal marketing department. “They believed that they had benchmark standards for the industry based on what the CMA (Cement Manufacturers Association) provides,” says Mohan. But this did not even include information from major players in the industry who were not part of the association, which skewed their data. “That apart, this information was not even made part of SAP because the moment they put it in, their performance would be measured against those benchmarks,” he says. At his old job at Angel Broking, Kulshreshtha faced a similar hurdle with his HR department. During a BI implementation, the HR department had a problem submitting all the data points the new system required because they did not have accounting skills to do the job. “Hence bringing out a multi-dimensional monthly balance sheet which included information from HR was difficult to produce and even when it was brought out it was not very accurate,” he says. Similar cases can come up with other departments and need a sponsor to arrange for training. But, at the same time, there is a danger in swinging to other end of the information sharing pendulum. Care must be taken as to what information is shared with shareholders—especially regulators and auditors. “The business needs to be ensured that information being fed into the system is meant to work for them Vol/6 | ISSuE/09

P hoto By kaP Il ShroFF

A BI project without a senior sponsor is like a ship without a captain.

Rajesh Mohan, Joint President-IT & Systems, Braj Binani Group, says IT is under the misconception that it has access to all of a companyâ&#x20AC;&#x2122;s data.


Alvin Lee—inventor, author, motivational speaker and entrepreneur from Singapore—will share his story of why it is important to ‘Build Castles in the Air’. He gave up a career to pursue a dream and went on to win the prestigious US Oppenheim Toy Portfolio Gold Award for his invention, BeachWorks.

26-27 AUGUST 2011 THE MARRIOTT, PUNE By Invitation Only



Cover Story

Business Intelligence

and that they will continue to remain in control. Losing control is an immense fear,” says Mohan.

If you think you have staff that’s qualified to handle BI, think again. A BI project is a potpourri of sorts. It involves a large number of factors that the IT team could be faced with for the first time. During a BI implementation there is a lot of unstructured data that comes to the fore which technology folk are not used to dealing with. “In our experience with the marketing department, our team wasn’t trained to understand the importance and relevance of data that was either intentionally or unintentionally being withheld from them,” says Mohan. His advice to CIOs who think that BI is a technology project: Be warned, you could face large skill-set gaps. A CIO would be ill-advised to believe that outsourcing eases all skill-set worries. “You will need the right skill sets within the organization to handle a BI implementation,” says Purushotaman. If nothing else, a CIO will need skilled database architects, ETL architects, and business analysts. “Despite using an outsourced model, we still had a team that knew exactly what was required by the business and had the project management skills to keep a tab on the system integrator’s progress,” he says. Mohan seconds that thought. “I know that the actual project will be run by a partner since I don’t have the in-house resources. But I still needed people within who will manage my partners and map the expectations of senior management and business users. Since BI is not just about technology, I am hiring business consultants with a track record of being transformational, while my technology team helps with the backend,” he says. In either case, in-house or outsourced, it is advisable to have a dedicated internal team working on the project. “As BI is a resourceintensive project, in the case of an established organization, a wide variety of legacy systems require the integration of multiple devices. So I tried to keep my team constant without too much shuffling around,” says Kulshreshtha. “Program management, an analytical know-how, domain expertise, and business process mapping are key skills to have in your team,” he says. An understanding of the business is a Embracing a BI solution requires key requirement for developing skills in communication someone to be a part and collaboration because of a BI project. “Staff organizations will resist when a BI team with the presented with the destabilizing right people, put a nature of BI. All aspects of a business-IT hybrid in business can be affected, especially a leadership position, company hierarchy, marketing and then ensure that strategies and processes, and a BI team comprises compensation structures. both business and IT —olivia Parr rud, Founder and resources,” says BI President, oliviaGroup Scorecard’s Howson.


Cindi Howson, author of Successful Business Intelligence, says that an understanding of the business is a key requirement for someone to be a part of a BI project.

The insights you seek to reveal are hidden within reams of data that are at best unclean and at worst missing. Another roadblock is dirty data: Data that is incomplete, inaccurate, incorrect, outdated, redundant or misleading. “A lot of money is spent on a correctly modeled data warehouse or well-implemented BI will be totally pointless,” says Desai. As a first step toward this, Purushotaman gathered folk from the various business units and asked them for the rules by which they would like data to be inputted into the system. This prompted them to come up with a detailed set of rules. “Then we took their own data and it failed to meet the standard. That opened their eyes,” he says. Getting business units to acknowledge that there is a problem with unclean data is a primary requirement. Mohan was faced with a different challenge at Binani. “Consultants came in and told us that everything—right from our transaction engine to our CRM systems—lacked the necessary fields and data-points; essentially the whole thing needed to be changed,” says Mohan. Mohan scoffed at the idea because he knew the importance of protecting his existing investments. “Instead, I took a top-down approach to fixing data. If transaction systems didn’t provide the view that senior management wanted then we initiated smaller projects to add the required functionalities,” he says. And as the process kept maturing they continued to clean data and add new features. Vol/6 | ISSuE/09

Cover Story

Business Intelligence

According to Berkeley College’ Desai, in order to business enhance the quality of data, it is important to discern which data is wheat and which is chafe; what’s needs, the only thing to do is to break a BI project down worth using for actions, profiling and predictions into four or five mini-releases spread across the year.” and what needs to be discarded. “Many times, being Bhavish Sood, Research Director, Gartner India data-driven, companies require a shift in culture, and, for that purpose everyone should be on the defined authoritative data stores and all subsequent information same page about the relevance of data,” says Desai. Hence, it is channeled into it. While it was not possible to clean up the is important to create a policy of data governance. “Developing existing database because many other applications accessed data governance policy is not a very easy task; it involves clear, it. We ran a constant clean up so that new DB had information step-by-step definition of the whole process of data cleaning; within five minutes of it entering the old DB,” says Banerjee. and it is important to involve both IT and business users in this The key is to identify major areas of data errors, clean them process,” she says. to exacting standards, and fix processes at the source to avoid The more legacy, the more complex an organization’s data further occurrences. Even after the go-live there may be issues. cleaning issues. Getting the design of a data warehouse right is “However, it is important to remember that good quality data is very important as it helps be clear about the variables on which not an ideal; good quality data won’t always ensure good quality questions business is going to ask will be based on. “At the point decisions,” says Desai. when we invested in BI, we also invested in the clean-up tools. We

“To cater to ever-changing

Post Project The revelations you’ve delivered are no longer what the business wants. If you are a non-believer, it would be advisable to join a flock of the faithful. “Pray there are no changes,” says Purushotaman with a chuckle. “Because if changes do present themselves after an implementation, then no matter how difficult it may seem, you have to be ready to incorporate them.” One way to avoid this is being thorough upfront. “At HyperCITY, we went ahead with the entire set of information and did not leave out any data points in the rush to finish the project,” says Purushotaman. “But if an entirely new set of data points comes into the picture due to added applications, then it needs to be pushed to the concerned people. A fresh ETL layer has to be created to include this,” he says. This problem reinforces the needs to own in-house skills sets. “If your functional team understands the business then it ensures that whatever requirement the business has overlooked, it can be brought to light before it’s too late,” says Purshothaman. The dynamic needs of business also ensures that a big-bang approach to BI also doesn’t work. “In order to cater to ever-changing business requirements, the only thing to do is to avoid mega-releases and break a BI project down into four or five mini-releases spread across the year,” says Bhavish Sood, research director, Gartner India. He suggests taking a cue from the telecom industry, which breaks down their service offerings into smaller bits and makes them available at regular intervals. “That is more or less the direction which the IT

Vol/6 | ISSUE/09

Coverstory_BI.indd 51

Dealing With BI Burn

industry will also have to take,” say Sood. This has become especially pertinent post the slowdown where no CIO can ask for a year or two to bring out a new solution. “So prioritizing the needs of each unit and taking it one department at a time is the way to go,” says Sood.

You will waste a lot of intelligence to prove nonsense if you don’t have a dedicated analyst team. Mastering the art of analytics is no walk in the park. No matter how fancy the user interface is, the tools, for a non-tech-savvy user, are complex. “And to draw the intelligence out of business still requires human judgment and imagination,” says Banerjee. Purushotaman agrees. “Analytics is the next step of BI and it’s not inherently a part of the tools out there in the market. So you need people who understand data and are capable of using these tools to interpret it.” Once the BI is in place, the IT team should no longer cater to report requests. Business analysts and statisticians working on the data should be the ones in charge of actionable intelligence. “And when they are backed by senior management, like in our case, it ensures that their insights are put to fruitful use,” says Purushotaman. One of the ways in which HyperCITY utilized such insight was when food purchases from one of its store dipped below its all-store average. Based on that observation, HyperCITY targeted customers (whose food shopping bill was below the average) with REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 4:15:33 PM


Hear the CEO perspective on how technology is playing a critical role in redefining business models, and why it is imperative that CIOs understand ITâ&#x20AC;&#x2122;s importance in transforming business.

26-27 AUGUST 2011 THE MARRIOTT, PUNE By Invitation Only



The experience of Sankarson Banerjee, CIO, India Infoline, underscores how tough it is to measure the success of a BI project.

Success, especially in the case of BI, is illusive and largely immeasurable. Even once you have made reasonable progress with a BI implementation, experts suggest holding your breath for spectacular results. If nothing else, that could lead to asphyxiation. In spite of having the best BI tool it is possible that while you are looking for patterns in the data, a particular pattern just might not exist for you to figure out. “In the risk metrics, for example, it is very possible that through your analysis you are unable to catch a fraud because, to begin with, there was no instance of fraud to catch,” says Banerjee. “Attributing say a certain increase in sales to the insights from a BI project is possible ex post facto. But even this recognition comes after due enA BI implementation is never dorsement by respec‘finished’. Some BI projects do not tive business units,” reach their full potential because says Banerjee. And BI the business and IT do not partner does not always crein this ongoing success. There ate something new. needs to be continued dialogue More often than not on what is working, what can be it lets you do, what improved, and ways to align BI you have already with the decisions that drive the been doing, better. business value. This again adds to —Cindi howson, Founder, BI the intangibility of its Scorecard and author of Successful success. “So we got Business Intelligence. the business to back


Vol/6 | ISSuE/09

Future Factors for BI Depending on your industry, taking a look at the various new additions to business intelligence (BI) may be worth your while. For starters, self-service BI tools, which help users to get ad hoc BI reports and bypassing the IT department, are gaining in popularity. While this brings its own set of user accessibility management issues, it takes quite a load off the IT department. With the seemingly unstoppable advances of social networking, the day is not far when social media analytics are clubbed with BI and becomes a permanent fixture in the offerings. This is especially relevant to those in the business of wooing customers from what is now dubbed the ‘Facebook Generation’. yet another wave that can only be ignored at one’s own peril is the growth of Internet capable terminals, from smartphones to tablets. This enhanced mobility clubbed with location-based services is empowering BI with mapping capabilities and helping organizations recognize the spatial elements of their data. And with the onset of a cloudy future for enterprise technology in general, the SaaS models of BI will endow medium- and smaller-sized companies with the firepower to take on the big boys. So while keeping your eyes open to the minefields of BI, a CIO would be well-advised to watch for the ever evolving tricks of the trade. — A.V.

our claims. If the business units acknowledge the contribution of BI in their performance improvements then you have a very strong case,” says Purushotaman . “One best practice that I recommend is the use of the balanced scorecard performance management system to design a set of strategically aligned measures that help to gauge performance,” says Howson. Desai suggests another alternative in what Dr. James Thomann proposed in his webinar titled Determining the Success of Your BI Initiative. According to Dr. Thomann, there are three types of measures of BI success: Political, technical, and business-level. The political metrics show that the application usage is healthy with measures like number of users and number of requests for enhancements. The technical metrics show how well the application itself is performing measured in response time, down time, etcetera. These metrics are relatively easy to use, but they do not tell the whole story. The more important one how ever is the business-level measure that shows the business success of the implementation. These measures are generally some form of ROI. “Since BI is kind of an enabler, contribution to revenue and even to indirect expenses will be imprecise estimates. However, reasoned allocations of these streams can give a good idea of the contribution of BI to the bottom line,” says Desai. CIO Send feedback on this feature to

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


Photo By SrIVatSa ShaN DIlya

incentives. The move garnered a 31 percent response and resulted in incremental sales of over Rs 7 lakh for the store. “After investing in the analytics layer, we now have an outsourcing partner who comes out with insights, works with the business and executes them. It is their core competence and it makes life easier for the organization,” he says. And when asked if third-party information is taken more seriously, Purushotaman makes no effort to deny the fact. “In the Indian context, you essentially pay outsourcers to say what you want to hear but it is thought to be more reliable,” he says. At HyperCITY, every team is clearly told that they need to utilize the expertise delivered by the analyst team and come out with deliverables that are mapped to an individual’s KRA. This ensures that inputs are not taken lightly. “A percentage of an employee’s KRA is focused on executing promotions that you drive based on insights derived from the system,” says Purushotaman . While Banerjee agrees with the need for a separate team, he also feels that power users are best left to use the tool themselves. “Investment bankers or financial analysts, who are comfortable with technology and perform analysis on their own, are equipped with the tools while others are helped by a competency team that shows them the way forward,” he says. “By using both business and technical experts working together in an analyst team, it can be possible to see outcomes sooner and better,” says Desai.


CIO, in partnership with Dell, is proud to introduce a new special award that honors 5 CIO s for their stellar role in using IT as the backbone for building an Efficient Enterprise.

26-27 AUGUST 2011 THE MARRIOTT, PUNE By Invitation Only



Cover Story

Business Intelligence

It’s rare to find a technology like business intelligence. CIOs love the concept, it piques their interest and it tops their priority lists year after year. Yet, when you ask them what they are doing with it, they run in the opposite direction. You can’t really blame them. The complex—and expensive—nature of BI outweighs its potential. Because ROI isn’t an immediate benefit, CIOs struggle to communicate the technology’s value. And that’s just the tip of the iceberg. But all isn’t lost yet, says Olivia Parr Rud. As the President and Founder of the OliviaGroup—a BI consulting firm—Rud has over 20 years of experience in BI and advanced analytics. She is also a renowned speaker and author of Business Intelligence Success Factors and Data Mining Cookbook. Rud says CIOs who want to implement BI—and do a good job of it—need to start small and show the business its real value.

R ad Re

Between the th he Nu Num umber mbers BI is a complex beast. It’s a tussle between long-term value and short-term Rud, president and founder of the OliviaGroup, a BI consulting ROI. Olivia Rud firm, says CIOs should start small and help business decode BI’s true value. By Anup Varier


Is BI just about reporting? What else can it do for an organization? Reporting and online analytical processing are still the most common BI activities. However, over the last few years, organizations have shifted their focus to advanced analytics. This includes data mining, predictive analysis, complex SQL, statistics and artificial intelligence. Advanced analytics provides organizations with a competitive advantage as it allows them to detect and model patterns and trends in all areas of their business such as market shifts, supply chain economics, cost fluctuations, etcetera. Successful organizations will embrace advanced analytics to help them adapt and thrive. However, to be successful, it must be partnered with a large data management strategy.


Is it possible to bring out a ‘single view of truth’? While a ‘single view of truth’ is an important goal, it is difficult to achieve for a majority of organizations. If the economy was static, it would be achievable. But with the constant need


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Vol/6 | ISSUE/09

Olivia Rud, Founder & President, OliviaGroup, says showing direct ROI in BI projects is challenging. But when BI data is used to feed advanced analytics, the ROI can be extraordinary.

Vol/6 | ISSUE/09

Coverstory_BI_interview.indd 51

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/26/2011 11:55:47 AM

Cover Story

Business Intelligence

to adapt to market and technology changes, it’s good to keep a balanced perspective. An alternate solution is to create a composite view using a software technology called Enterprise Information Integration (EII). This allows CIOs to focus on a ‘single view of truth’ while providing data that is accessible and actionable for specific uses.


Do you believe CIOs fall into the trap of overcommitting on BI projects? Yes, this is a common occurrence especially when an organization is in the nascent stages of implementing BI. Enterprise BI holds so much potential that, eventually, it (BI) is necessary to stay competitive. However, its complex nature and level of investment make it treacherous to undertake. So the CIO is wise to take on small projects, perhaps at the business unit level, to show proof of concept.


How should CIOs approach BI projects in their organizations? The CIO plays a variety of roles in an organization’s BI and analytics strategy. And with the push towards advanced analytics, BI projects require a more global view than the one that’s offered through conventional business-IT synergies. At first, the CIO should play the role of a chief inquiry officer. At the onset, the role of the CIO’s team is to ask lots of questions so as to understand the reporting and analytical needs of the various business units. Next, the CIO should become the chief collaborator. This involves gathering a team of stakeholders and thought leaders to devise a strategy. This approach can be resource-intensive at first. But in the

“By showing business stakeholders how they can reduce costs, improve operational efficiencies, and stay competitive, CIOs can attract sponsors that will champion business intelligence projects from beginning to end.” — Olivia Rud,, Founder & President, OliviaGroup long run, the solutions are better formulated and the stakeholders in an organization become the most powerful advocates for enterprise adoption of the new system. Business needs are often dynamic. How should CIOs and their IT departments tackle these needs? This is where a highly adaptable and scalable BI solution can improve productivity. If a company is continually rolling out new, niche products and services, it must invest in a system that will grow with it. Once the system is in place, CIOs must also create a culture of collaboration. This culture fuels efficiency as well as innovation. However, it is critical that everyone bears the burden of collaboration and that collaborative efforts are rewarded.

value and short-term ROI. A good first step is to find areas within the company where data integration and reporting are already successful. This builds trust and engages those who are already doing good work. Next, assess your organization’s challenges and liabilities such as data quality, compliance, data or process redundancies, competitive pressures, etcetera. Look for sponsors who embrace a future driven by data and analytics, and are natural leaders and influencers. They must also have the authority to drive change. By showing business stakeholders how they can reduce costs, improve operational efficiencies, and stay competitive, CIOs can attract sponsors that will champion the project from beginning to end. It is important to focus on how it will benefit them. Talk in terms of the business rather than the technology.




Why is it difficult to find a business sponsor for BI initiatives? Enterprise BI is a complex beast and requires long-term investment. That’s why sponsors are often torn between long-term


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Why is it hard for CIOs to communicate the value of BI? Showing direct ROI is challenging for a few reasons. Like I said earlier, enterprise-level BI is very complex. And there can be high Vol/6 | ISSUE/09

Cover Story upfront costs while most benefits are realized later on in the process. For example, the upfront investment in gathering and integrating data doesn’t show immediate ROI. But when this data is used to feed advanced analytics like predictive models, the ROI can be extraordinary. Like I said earlier, one way for CIOs to communicate BI’s value is to take one or two small projects at a business unit level that show good potential. This could be used as a proof of concept for the organization at large.


CIOs often face resistance during the course of a BI implementation from different business units. How should CIOs handle this? Initially, CIOs should get each business unit involved in the planning process. It is an imperative for CIOs to get them to agree on the benefits that each business unit will receive. Then, during the implementation of the project, IT leaders should remind the business unit heads of these benefits. This is when CIOs should leverage the advocacy of the sponsors.


What are some key parameters to select the right BI implementation partner? When considering a BI implementation partner, look for a proven track record in a variety of industries. Consider exploring open source software. Some groups offer a blend of proprietary and open source software which has the potential for considerable cost savings. Interview the team with whom you’ll be working to get a sense of their ability to communicate and translate your need into a viable solution.

Business Intelligence


Post-implementation, what are some of the metrics for measuring the success of a BI project? To ensure enterprise-level acceptance of any BI implementation, the measures for success should be explored and agreed upon during the planning phase. Some good measures are improvements in productivity and/or profitability. These are typically measured at the business unit level against historical data. Other useful measures evaluate adoption of the project, such as usage rates, both initial and repeat, as well as requests for enhancements. Some organizations create employee surveys to measure satisfaction and detect problems. I like the balanced scorecard approach. It’s very comprehensive and strikes a balance between competing interests.


Why is it necessary to have a separate team of analysts for best results and forward-looking insights? Since advanced analytics is the new frontier for enterprise BI, a dedicated analyst team is essential. If analysts are spread around the organization with competing duties, the day-to-day demands will diminish the focus on BI. This team will ultimately drive the value of the BI platform by using historical information, Web and social media data, and economic trends to predict future opportunities. The collaboration and focus that a dedicated team enables is critical for driving efficiency and innovation. CIO

Anup Varier is senior correspondent. Send feedback on this interview to anup_varier@

Cloud Zone Brought to You by

At the Cloud Zone on you can dive deep into the latest in the world of Cloud Computing and stay updated on issues like public & private clouds, SaaS, PaaS, IaaS, DaaS, Managed Services and more.

Get In the Zone Today!

Everything Cloud Computing Vol/6 | ISSUE/09

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1



from the TOP

Gagan Rai, MD & CEO, NSDL, shares IT’s role in running an institution that’s in charge of assets the size of India’s GDP.


Big IT By Sneha Jha

Trustworthy. Innovative. Instantaneous. Infinitely scalable. Supremely flexible. 100 percent reliable. The weight of these expectations bears down heavily on the IT departments of most enterprises. At NSDL, India’s largest central depository, these are not expectations. They represent business as usual. As a central depository, NSDL holds securities (shares, debentures, bonds, government securities, etcetera) of investors in electronic form. It also provides services related to security transactions like account maintenance, dematerialization, and the settlement of trades.

What do CEOs and other C-level executives expect from you? Read all about it in View from the top. Visit


VFTT_July2011.indd 86

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

At last count, NSDL had 1.17 crore accounts, holding securities worth Rs 63,99,388 crore—about the size of India’s GDP. Oops! isn’t a word you hear around here. Yet, despite NSDL’s focus on stability, it has spearheaded many innovations like the Tax Information Network. None of this, says Gagan Rai, the 57-year-old MD and CEO of NSDL, is possible without IT. NSDL’s reliance on IT is only growing, especially as it lowers prices to open up the capital market to the bottom of the economic

pyramid—and makes it possible for Indian investors to hold stocks listed in overseas stock exchanges and vice-versa.

CIO: You’ve been with NSDL since its inception. What did NSDL learn on the way to becoming India’s largest depository?

Gagan Rai: When we started in 1996, NSDL was the first venture of its kind. We were the first depository in India and even

Vol/6 | ISSUE/09

7/11/2011 4:52:38 PM

Gagan Rai expects I.T. to: Provide robust data integrity

Photo by k apil Sh ro ff

today we are the largest. The challenge was that we did not have any precedents to follow. We knew that we would have to chart our own course, learn from our own untiring efforts, and set our own benchmarks. How many times could we approach international depositories and ask them for advice? So we created closed user groups in the market that comprises intermediaries like custodians, banks, stock brokers and R&T (registrar and transfer) agents, who constantly told us what they wanted from us. We also started investor depository seminars

Vol/6 | ISSUE/09

VFTT_July2011.indd 87

from day one during which we distributed slips of paper and asked investors for their suggestions. Based on these suggestions, we created a databank and all the developments that we have carried out so far are based on investor feedback. Understanding and fulfilling the needs of customers is the best strategy to put a business on a firm footing. We learnt the importance of customer centricity to our business. It has helped us gain first-mover advantage and bag many prestigious and first-of its-kind projects.

Support huge volumes of transactions Be agile in adapting to the requirements of dynamic markets and regulators

The other learning is that this is a business of trust. We have 1.17 crore account holders who hold dematerialized stocks worth Rs 64 lakh croreâ&#x20AC;&#x201D;which is around the GDP of the country. Thatâ&#x20AC;&#x2122;s why investor trust is of paramount importance. The system must function smoothly. Investors must be able to see transactions they have undertaken with a complete record of date and time. We also learnt that IT is a lifeline to our operations. Technology is as important for a depository as a production plant is to a manufacturing company. IT is not

REAL CIO WORLD | J u ly 1 5 , 2 0 1 1


7/11/2011 4:52:42 PM

View from the Top

a mere support function but the engine through which services are delivered. The sheer volume of our transactions is possible only because of the robust, scalable, and flexible platform that IT provides. We have 1.17 crore accounts today and process about 10 million messages a day. We emphasize on things like data integrity, audit trails, reconciliation, sending out SMS alerts, etcetera. These factors foster investor trust in the depository system and this can’t be done without the help of IT.

Those are huge numbers. What’s the backend that manages such volumes? There is a very significant involvement of IT in our business. While our core depository system maintains a database of all investors, the Depository Participant Module (DPM) system maintains a database of the respective clients of depository participants (intermediaries between depositories and investors). These databases remain synchronized through a messaging layer and there is a system-enforced reconciliation. Volumes in the capital market are unpredictable. Yet, being a capital market infrastructure just like exchanges, we have to be prepared to service market demand. Regulators and customers expect us to handle any scale of transaction. So ensuring flexibility and scalability is key. Therefore, we have made investments in infrastructure and have the ability to scale up in the shortest possible time. We have also made significant investments in setting up an identical IT infrastructure for our disaster recovery (DR) site. We actually operate from our DR site once in every six months. When we shift our production to the DR site, the main site starts working as a backup and this continues for one full week. Recently, we rewrote our entire software called the New Depository System (NDS) under the guidance of IIT. We implemented the software without disrupting business activities. It was like changing an aircraft’s engine in mid-air. The market did not 68

VFTT_July2011.indd 88

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

“We need to lower costs to facilitate financial deepening. And that’s only possible with the help of IT.” —Gagan Rai

even notice that such a huge change was taking place. The NDS architecture affords 10-fold incremental horizontal and vertical scalability. Further, the system launched for our depository operations is platform-agnostic. Our system works on a mainframe with DB2 as a database but it has also been tested to work efficiently on Unix and Oracle platforms. We also keep assessing the capacity of our infrastructure on a daily basis. If there is a surge in transaction volumes on a sustained basis, we augment capacity. Since 1996, we have upgraded our capacity on five occasions and there has been 40- fold capacity upgrade.

How does IT help enhance investor protection and boost confidence? IT gives us a complete audit trail. In that manner, the depository system is safer than banking system. If you give a bearer check to somebody, he withdraws the amount

and goes away. It is difficult to catch him. With a depository, there is nothing to be withdrawn. In a demat account there are shares which can only be transferred to somebody else or sold in the market. So when you transfer to somebody and he transfers to the broker, there is a complete audit trail that is maintained and that’s possible only because of IT. Second, whenever there is a debit from an account, we send an SMS alert to the investor. Technology is the backbone of our business. We lay a great deal of stress on data integrity and reconciliation

When does IT appear on a business plan? From the conceptualization stage. Rajesh Doshi who heads the IT department at NSDL is our senior executive director and acts as CIO. He is involved in all major business decisions. It is not like the business will raise a demand and then IT will come into the picture to fulfill that demand. From the beginning, in any project or any module, IT is involved. Business and IT work in close collaboration with each other.

NSDL has lead many government projects like the Tax Information Network. How do you keep delivering high-impact projects? One of the best ways to ensure that is to choose the right kind of partners. Our first business partners were depository participants. Similarly, we have also chosen business partners called TIN facilitation centers. We choose our business partners well and then train them on a continual basis. We have undertaken a lot of training and investor education. There are very few entities in the market who educate investors at this scale. We also train our participants and intermediaries because they provide services on our behalf. A depository participant cannot go live on production unless and until he is trained by us. After that, all centers where they provide their

Vol/6 | ISSUE/09

7/11/2011 4:52:45 PM

View from the Top

services must have at least one person trained by NSDL. We also go to the extent of training all internal auditors of DPs. Then we also have a training program for system administrators. There is another training program for compliance officers. There is a very high focus on training, which helps us successfully maintain an ecosystem that enables the organization to undertake and deliver on such highimpact projects continuously. IT plays a very critical role. We have a policy that makes the CIO a very important member of our senior management and other committees. Whenever we get a project on behalf of a particular client, no discussion starts with them unless the head of IT is sitting in the room. He appreciates the business requirements and then works in conjunction with the business team.

How is NSDL ensuring that Indians can hold stocks listed in overseas stock exchanges and vice-versa? At present, we have arrangements in the form of MOUs with various international depositories. As of now, these MOUs are only for the exchange of knowledge and for training of personnel. Since the government has announced that Indians can make investments abroad, and the foreigners can invest in India in mutual funds, collaboration and connectivity with international depositories will be very important. We have two options: Either we connect to the depository of each country or we connect with an international depository which handles transactions for many countries. The second option seems to be better. Here again, there are two options. One is doing it through nostro vostro. The other way is through custodians. But whatever way we choose, IT is going to play an important role. Ultimately, it has to be all STP (straight through processing). No papers are going to be exchanged between our depository and their depository.


VFTT_July2011.indd 90

J u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

The retail investor base is a small fraction of India's population. What’s NSDL doing to tap into this opportunity?


National Securities Depository ESTAbLISHED:



Transaction convenience is equally important. In this regard, one of facilities that NSDL provides is the speed-e facility through which somebody sitting at home can carry out transactions via the Internet. Thus, with the help of IT, customers can debit their accounts and sell securities sitting at home or at the office.

Mumbai Our saving rate is 36 percent of GDP. At the same EmPLOYEES (INDIA): 500 time, income and wealth inequalities are very high mD & CEO: in India. Therefore, a large Gagan rai chunk of the population CIO: does not want to invest in Going forward, rajesh Doshi the capital market. Instead, what’s the most they invest in gold or fixed significant business deposits. We have to go to them and challenge NSDL needs to fix? explain the benefits of investing in the One of the challenges we have always had stock market; maybe initially through is the uniqueness of this business. We are mutual funds. We need to enhance the neither a bank nor a stock exchange nor an IT investor education initiatives many-fold. organization, but we are similar to all the three. A depository account looks like a bank account. IT is the backbone of a depository. And in some How do you think IT can ways, we resemble a stock exchange because help increase financial we do transaction settlements. The challenge inclusion? has been in retaining the right kind of people I believe that for a country like India, and training them. When a staff member shifts financial inclusion is the way forward. between banks, the bank does not have to impart Banking and financial services should a great amount of basic training. But when be offered to people at the bottom of the somebody comes to NSDL, their orientation and pyramid. Around 83 percent of India’s training is very important. pincodes are covered in the addresses of One way we have been able to keep our investors of NSDL. attrition rate low is the large number of Second, we need to lower costs to facilitate new projects that keep coming our way on financial deepening. And lowering cost is a continual basis. Every two years, a new, only possible with the help of IT. The days of entirely different project comes to us. Take warm banking are gone. The time is coming for example, the Central Record Keeping when ATMs have to be at all places. Slowly, Agency system for New Pension Scheme we are progressing towards off-the-shelf which we developed for the Pension Fund banking. Transactions should be online Regulatory and Development Authority. and automatic and IT facilitates that. It also Then there are the GST and UID projects. brings down the cost of each transaction. For The excitement of doing something new instance, NSDL has reduced settlement fees keeps people interested and involved. CIO charged to participants eight times in the last 14 years. Today, the per transaction cost (cost per debit) is only Rs 4.50 irrespective of the value of a transaction. Even if you transfer one million shares of Reliance, our Sneha jha is senior correspondent. Send feedback on charge is only Rs 4.50. this interview to sneha_jha@idgindia.comv

Vol/6 | ISSUE/09

7/11/2011 4:52:46 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners



PASSPORT SEVA PROJECT The Passport Seva Project network roll out was going to affect the prospects

of thousands of citizens. Reliability was key and TTL knew that.

assport offices are widely concentrated around big cities, making it cumbersome for the rural population to visit these centers multiple times for successful completion of the passport application process. The process itself is highly complex and may take a couple of weeks for successful completion â&#x20AC;&#x201C; and possibly further delays due to manual errors caused while processing the application. Hence, there was a pressing need to bring down the total time required for processing passport applications. Realizing this need, the government stepped in with a plan to expedite the process. The Passport Seva Project was a direct outcome. The project, which is one of the projects under the National e-Governance Plan (NeGP), was initiated by the Ministry of External Affairs in May 2019 to provide passport and consular services to citizens. The project is based on a public private partnership (PPP) model and was envisioned to deliver passport services to the citizens in a timely, transparent, more accessible and reliable manner.


Passport Seva Project’s challenges and requirements

Tata Teleservices Limited’s (TTL) MPLS solutions helped the government set up over 800 Passport Offices in B & C Class towns, taking the facility closer to citizens and bringing cheer to them. The system allows citizens the convenience of online application submission and status checks.

Putting passports on the fast track Among the things planned in the Passport Seva Project are setting up of 77 Passport Seva Kendras across the country, a multilingual call center, a data center, a disaster recovery center and a centralized nationwide computerized system for issuance of passport. Until early 2010, the application processing was carried out by 37 regional passport offices, 15 passport application collection centers, 495 district passport cells and 1154 speed post centers that collect applications. NeGP comprises of 27 Mission Mode Projects (MMP), encompassing ten central, ten state and seven integrated MMPs spanning multiple ministries and departments. The Passport Seva Project envisages connecting 192 links across 77 passport facilitation centers throughout the country. On successful completion of the project, which is expected to happen within six years, 77 Passport Seva Kendras would be opened. Earlier, the passport issuance process was extremely complex and required 3045 days for completion.

The government wanted to shorten this window in the online process. At the same time, the government wanted to create a centralized database to upload citizens’ information in digital format to aid decision making in various government projects. Increasing accessibility by increasing delivery channels of government-toconsumer services across the country was another goal. Digitization of data was also expected to reduce manual error instances and improve process efficiency.

Network provides a strong backbone TTL’s MPLS network provided redundant network links, facilities, routes and termination points throughout the network. The redundancy built into the system improves the reliability of the network infrastructure. Multiple paths ensure continued connectivity during network outage by reducing overall down time. A reliable network has meant all stake holders receive information in real-time. By consolidating data networks by reducing the number of vendors, TTL was able to lower billing management costs. Excellent relationship management has

Email us at

induced confidence in the management of Passport Seva Project, paving way for strategic relationships. The scalable solution has supported the pan-India expansion of the project. The network, deployed across 77 locations, is delay sensitive. It is capable of accommodating a manifold increase in traffic volume arising from increased passport applications. TTL showed that its solution has helped the Passport Seva Project to reduce its network costs by 10%. Compared to point-to-point vanilla connectivity, there was a ten fold reduction in the network costs. Till date, the network has experienced 99.99% uptime. Moreover, digitization of data resulted in increased efficiency through reduction in manual error instances and processing time from 30 to 45 days to around 3 days.

This feature is brought to you by IDG Custom Solutions Group in association with

Call-Toll Free 1800 266 1800

SMS <EBS TTEB> to 58888



Groupon, SlideShare,, and Zendesk are employing novel IT technologies and practices to propel their growth. What you can learn from them.


uccessful technology start-ups are usually keen to draw attention to their hot products, not their internal use of IT. But companies like Groupon,, Zendesk and SlideShare can offer CIOs lessons from what they’ve accomplished with limited resources, a blank slate for IT infrastructure and their finger on the pulse of the latest IT tools and services.

Start-up: Groupon Lesson: Integrate IT with business strategy.


roupon, the online coupon phenomenon founded in 2008, considers it crucial to its success that its 74

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Feature_start_up_style.indd 50

IT officials establish close and frequent collaborations with business managers. “We try to create a very collaborative environment, getting engineering embedded with the business,” says Ivan Moscoso, Groupon’s director of engineering. “There are never really strong divisions between our departments. We keep things fairly fluid.” By having a lot of “face time” with managers in departments like sales, editorial, and customer service, IT staffers can develop IT services and tools that truly support the efforts and goals of the company, Moscoso says. To accomplish this, Groupon is very selective when hiring IT professionals. It looks for candidates who are strong on a

technical level, but also able to understand the company’s business needs and to communicate well with non-IT colleagues. “To get that close collaboration between the business and engineering means selecting the right people who can be both extremely technical and open to working with mixed, multidisciplinary teams,” Moscoso says.

Start-up: Zendesk Lesson: Better manage application developement collaboration.


endesk, which makes Web-based help desk and support software, holds internal “hackathons” for its app developers, which helps spur innovative thinking and gets valuable projects under way quickly. The company holds brief “stand up” meetings for its application developers. Those last between 15 and 20 minutes and give the team a chance to discuss what’s new and bring up issues that need to be addressed. Vol/6 | ISSUE/09

7/11/2011 4:59:14 PM

p Style By Juan Carlos Perez

For example, Sutton is in charge of the company’s internal application development environment, and of a VMware project. “There are a lot more things I have bandwidth to do. It gives me more time to focus on new technologies,” he says. Aaron Levie,’s CEO and cofounder, says the company looks for cloudbased applications for everything, especially for standard IT needs. “We want to free up resources to solve the higher-order issues around technology,” Levie says. This has also allowed to grow its Start-up: Box.Net staff very rapidly, sometimes doubling it from Lesson: Goto the cloud for lean one year to the next, without having to hold infrastructure investments. back for fear of having its IT infrastructure buckle or collapse. “One of the breaking he use of cloud-based applications and points when an organization grows like IT infrastructure services also tends this is that their IT infrastructure begins to to be popular and broad among technology have challenges. We try to remove as many start-ups, which say that it has allowed them of those kinds of limits as possible from how to keep purchasing and maintenance costs quickly we can grow,” Levie says. down, while letting them focus on developing Like, Zendesk also uses a broad their unique commercial products. array of cloud applications and IT services,, a provider of hosted content and that has allowed the 70-employee management, collaboration and file sharing company to not even have one person applications, had until recently only one devoted exclusively to IT. person devoted exclusively to IT matters— “We can do that is because of the technology supporting 150 employees—thanks to choices we’ve made, because of the cloud,” its liberal and savvy use of cloud-based Urlocker says. “We run most of our business applications and infrastructure services. off hosted, cloud-based software.” “I’m working on things I would have In addition to using its own cloud-based never worked on before if we didn’t have this application, Zendesk also uses business cloud infrastructure. I’d be doing repetitive software from, maintenance tasks,” says Jeff Google,, AmSutton,’s IT lead, and Reader ROI: azon Web Services, Rackuntil recently the company’s IT management space and Yammer, in addionly IT staffer. The company lessons from start-ups tion to Skype for most of its just hired a second IT How to be as agile as a voice communications. professional recently. start-up But for real sit-down collaboration, there are the hackathons, where developers work on manageable projects that can be completed in 24 hours, says Zack Urlocker, Zendesk’s chief operating officer. “You don’t want to necessarily do that all the time, but sometimes that’s a nice way to get a bunch of small projects finished all at once and give people that sense of accomplishment,” he says.


Vol/6 | ISSUE/09

Feature_start_up_style.indd 51


Asked about concerns many CIOs and IT managers still feel about cloud apps and services, Urlocker says cloud vendors have significantly improved their security, reliability and performance. “Things have really matured in the last few years. It’s not the Wild West anymore,” he says. CIOs may find that the reliability and security they get from their commercial cloud vendors often exceeds what they get from their own IT departments, he says. Urlocker recommends starting small and slow. “Organizations should start and take a few steps in this direction and try a few projects,” he says. “If you have an IT organization that isn’t running any cloudbased software, that’s really behind the curve,” he adds.

Start-up: SlideShare Lesson: Software as a work in progress.


lideShare, a site for posting and sharing presentations, has perfected the art of constantly tweaking its software and pushing out multiple changes per day based on continuous and exhaustive analysis of user behavior. SlideShare’s CTO and cofounder, Jonathan Boutelle, recommends an approach of constant iteration with respect to software development. “When you chop work into small enough chunks it becomes much less intimidating,” he says. This approach is much less risky than the conventional philosophy of spending six months or more on a major IT project and then deploying it in full one fine day in a “big bang” manner, he says. “We don’t like big bangs. We like to constantly make small changes and feel that’s a great way to reduce risk,” he says. SlideShare is at the point now that it tweaks its Web-based application dozens of times per day. “The combination of having very good measurement of user behavior with the ability to make small changes to the site means we can iterate extremely quickly,” he says. CIO

Send feedback on this feature to

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 4:59:18 PM



Businesses need to begin fluid conversations throughout the enterprise by shifting from their historical two-party, voice-only communications to those that are multi-party, multi-device and multi-media.


nnovations are changing how we communicate and our expectations of the same. Today, in the consumer world, social media is making multiparty interaction the norm. Mobile device proliferation has reached a stage where users communicate with smartphones and tablets, in addition to their desk phones and laptops. Smartphones have become highly personalized devices that support a myriad of applications. Video is maturing to a point where both fixed line and mobile users can communicate with perfectly acceptable picture and sound quality. These capabilities are rushing headlong into the enterprise environment. Typically, businesses have been very prescriptive with the devices and applications they allow on their networks. Also, they have been voice focused in their outlook and provide the means for one-to-one communication rather than multi-party (which requires connection to a specific conference bridge or service). Businesses need to embrace multi-party communication technologies to get an edge over their competitors and to engage with their employees and customers. Businesses also need to ignite collaboration by shifting from their historical two-party, voice-only communications to true conversations, which are multi-party, multi-device and multi-media.

MULTI-PARTY PROVISIONING With its conferencing paradigm, ensures that participants can be simply added and removed as required.

MULTI-DEVICE PLATFORM Gives users the choice and control of how they want to communicate at that particular time, and simply picking up one of the available communicating devices enables seamless transfer of communication to it.

MULTI-MEDIA COMMUNICATION Allows addition of text, data, voice and video to the communication mix with a simple mouse-click To meet these requirements, Alcatel-Lucent has launched a new architecture, the AlcatelLucent OpenTouch Communications Suite. The OpenTouch suite is a SIP-based, converged, multimedia platform which leverages decades of Alcatel-Lucent experience and expertise in enterprise communications, customer service and carrier communications, enabling employees and customers to take advantage of native multimedia, multi-device, and multiparty communications. OpenTouch addresses the complexity of these evolving communications requirements by: Providing a Unified Management that dramatically simplifies the provisioning of

users and devices, thus reducing the total cost of ownership. Being open to communication end-points (Over 70 today), carrier SIP connections (Over 60 today) and exposing APIs and SDKs to support innovations coming from the consumer world (15,000 developers in their eco-system). Providing flexibility and choice of deployment where one can choose among customer premise, hosted, cloud or hybrid (any mix of these) deployment models. Alcatel-Lucent provides access to all these communication elements with a user experience that is intuitive, user centric and simple to use. Communication can start, for example, through an instant message (IM) and seamlessly escalate to voice, video or data sharing, thus transitioning between devices or media at the touch of a button. For example, a user may be talking on his/her mobile phone, walk into the office and take the call instantly from a MyIC desk phone and be able to share the call hands free with colleagues. He/she can then engage in a web sharing session that can be done by simply adding the PC to session. The goal of OpenTouch is to make every conversation productive, improve business processes and meet the requirements of enterprises by improving their employee and customer engagement. OpenTouch enables businesses to embrace innovation from the consumer world in a manner that is manageable, controllable and affordable, without compromising on rich user experience. For further information please contact us at:

This feature is brought to you by IDG Custom Solutions Group in association with

casefiles real people

* real problems * real solutions

Bring It


Say BYOD, and CIOs cringe. They complain of security, supporting a flood of devices and losing control. But the CIO of Essar Group just proved his peers wrong. Here’s how.

By Debarati Roy If there’s anything that’s defined our political and corporate lives in recent times, it’s people power. So much so that it’s beginning to influence how countries are run and how business is done. Ask IT leaders of corporate India, who are in the midst of a consumer-powered IT revolution, under the less sexy title, BYOD (Bring Your Own Device). According to a 2010 IDC-Unisys report, consumer-powered IT is being touted as the principal driver behind the fourth wave of corporate productivity. The first wave was inspired by Henry Ford's invention of the assembly line (between 1908 and 1915). The Japanese collaborative model, Kaizen, was the second wave. The third was driven by the Chinese model of mass production, low prices and global domination. Today, the fourth wave is driven by a network of constantly connected workers. A network connected by mobiles, laptops, smartphones and the like. It’s a market that’s exploding. IDC predicts that the smartphone market will grow by nearly 50 percent in 2011, taking the number of smartphone users to over 450 million. It's only a matter of time, say experts, before a large number of these consumer devices find their way into enterprises. But that’s a problem. While employees are enthused at the prospect of bringing their preferred device to work, CIOs aren’t too excited about losing control. An IDC report points out that 95 percent of employees use self-purchased technologies for work,


Case Files.indd 56

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Vol/6 | ISSUE/09

7/11/2011 4:19:49 PM

but a majority (70 percent) of CIOs still want to buy standardized technologies for their employees. But one CIO in the minority—and from the not-so-technology-savvy manufacturing sector—set out to prove that the majority isn’t always right.

N. Jayantha Prabhu, Head-IT Infrastructure and Technology, Essar Group, created a foolproof BYOD strategy that supports over 5,000 users at the company.

p hoto by srivatsa shan dilya

The Essar Way In early 2010, BYOD was still a new kid on the block, but N. Jayantha Prabhu, head-IT infrastructure and technology, Essar Group, was picking up early signs of this disruptive trend. It was a trend that was hard to ignore in an organization where the average age of employees ranges between 28 to 30 years. Prabhu realized that this squad of power users was far ahead of their peers when it came to adopting whiz-bang technology. “The younger generation may not mind putting in an extra hour of work, but they expect the freedom to work from anywhere they wish, on devices that they are comfortable with,” says Prabhu. “Denying them that freedom could possibly lead to an unpleasant dissatisfied-users situation.” At the same time, Prabhu was also being pushed to provide C-level business users with anytime, anywhere access to data. And Prabhu realized that allowing people to bring and manage their own devices would help IT too. It would allow the IT team to focus on strategic innovation instead of fixing IT issues. Keeping the IT team enthused is an imperative at a time when attrition is rampant and work pressure is mounting. According to the Mid Year Review 2011, 46 percent of CIOs say that their IT departments are shrinking in size and about 18 percent state that their team sizes are likely to remain the same. Worse— especially for Prabhu—46 percent of CIOs in the manufacturing sector confess to significantly increasing work pressure. For all those reasons, this was the right time for Prabhu to come up with a BYOD strategy. “It would free my IT resources from managing non-strategic assets and help me

Vol/6 | ISSUE/09

Case Files.indd 57

focus on high business value initiatives. It would also provide a more attractive and flexible workplace environment for employees and increase user productivity,” says Prabhu. But what Prabhu set out to do would defy conventional wisdom. And that would take fighting the three devils of BYOD: Security, infrastructure and a flood of devices.

Setting the Stage First steps are hard. They shake you out of your comfort. For Prabhu, it meant stepping out of the four walls of his airconditioned cabin. A walk down the work stations at Essar gave Prabhu a picture of employees’ work profiles. He tried to figure out the kind of devices they were likely to adopt, and the

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 4:20:00 PM

Case File | Essar Group

applications that were critical to them. Based on user inputs, Prabhu sketched two different tables. One table listed the kind of devices that were the most common and likely to be adopted by a large number of users. Essar had an existing footprint of 3,500 company-owned Blackberries that were being managed by 15 Blackberry Enterprise Servers. Additionally, Prabhu chose the top three and most popular mobile platforms: iPhone OS, Blackberry and Android. In the second table, he prioritized the applications that needed support, starting with basics like e-mail, collaboration, productivity, and communications. And later, he would layer on more complex applications like BI dashboards and MIS reporting as per user requirements.


Case Files.indd 58

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Prabhu’s seven-man technical innovation team set up a lab to test eight different devices at the same time. These devices included a desktop, a thin client, laptop, and a mix of various tablets and smartphones. “Every time a new device, OS or application enters our IT systems, we like to assume that the device is hostile till proven otherwise,” says Prabhu. In early 2011, the team began testing the company’s applications on various mobile platforms. Over the next one-and-a-half months, the IT team tested latency lags and developed user friendly interfaces. Finding its feet at Essar, Prabhu’s BYOD strategy was just beginning to feel at home. Now it was time for some real action.

Enter the Devices The BYOD concept is simple: Everyone is invited. But that makes life complicated for CIOs who struggle to support different devices, looking for ways to standardize. To handle these devices in their various avatars, says Prabhu, he would require a team of in-house experts to incessantly monitor every new OS and, “make adequate changes to make our applications compatible,” he says. But that contradicted with one of the basic advantages of BYOD. The resources that Prabhu would have freed would now have to be directed towards managing application support— not actively engaging in innovation. Prabhu found a way out. Because

he was an early mover, Prabhu noted that most technology providers were eager to develop and test mobile and tablet-friendly versions of their products and check their compatibility with the enterprise. “Over the years, these organizations have built the kind of infrastructure, R&D, support and skill-sets that would help us during the nascent stage of application, platform and infrastructure testing,” says Prabhu. Companies like SAP and Apple readily agreed to Prabhu’s proposal of constant knowledge sharing with the technical innovation team for app development, eliminating the need for an extensive in-house team. “It’s a quid-pro-quo relationship. With active help from our technology partners, the actual amount of development done by us is minimal and the partners also get a platform to test how enterprise friendly their solutions are,” says Prabhu. But handing the ropes of app development to his providers wasn’t enough. To make his BYOD strategy successful, Prabhu also needed to ensure he fulfilled all user needs. Like checking if users could multitask on their devices. So, his team tested a Blackberry Playbook with four windows open simultaneously, each one performing an independent task. They played a phantom movie, accessed e-mail, played a Need for Speed game and ran a local app, all at the same time. It worked like a charm. But Prabhu was yet to confront BYOD’s biggest enemy.

Don’t Leave the Door Open ‘Anything that can go wrong, will go wrong,’ that’s Murphy’s Law and a party pooper for BYOD. Because the one thing that can go terribly wrong and scares CIOs away from BYOD is security. Prabhu was certain that he wouldn’t go ahead with BYOD till he was sure that, “the security from our end was the closest to absolute,” he says. That’s a concern voiced by many of his peers. According to ISACA’ 2011 IT RiskReward Barometer report, 47 percent of businesses feel that the risks associated with employees using personal mobile devices

Vol/6 | ISSUE/09

7/11/2011 4:20:07 PM

Case File | Essar Group

for work activities outweigh the benefits. Prabhu knew that he needed a new weapon to fight security. And he didn’t have to look further than desktop virtualization. “The surest way in which I could secure data transfer on mobile devices is through

Though VDI managed to reduce security issues, it replaced that with a different problem: Bandwidth. Many businesses have come to rely on leased lines to link remote offices back to the datacenter over the WAN. And these links are often shared by multiple

“Every time a new device, OS or application, enters our IT system, we like to assume that the device is hostile till proven otherwise.” —N. Jayantha Prabhu, Head-IT Infrastructure and Technology, Essar Group

VDI because this prevents enterprise data technologies within the enterprise. Prabhu from being stored on the user’s personal brought in WAN optimization and managed device,” says Prabhu. to reduce projected bandwidth requirement But VDI is expensive and it’s often difficult by 50 percent. Not only that, he had another for CIOs to prove ROI and get management smart move up his sleeve to put an end to buy-in. Fortunately for Prabhu, the year bandwidth worries. He ensured that users 2010 was refresh cycle time for over 15,000 accessed their e-mails and applications from users at Essar. Done the conventional way, a local VDI server sitting at their location the refresh cycle would lead to an investment and, “It’s only when users travel that they are of Rs 37.5 crore and the IT team would spend directed to access VDI over WAN,” he says. months securing data. And worse, the whole But VDI alone can’t shield an enterprisewide rigmarole would have to be repeated during BYOD project. Prabhu needed to increase his the next refresh cycle. troops on guard. And those came in the form A VDI implementation would checkof Mobile Data Management (MDM), DLP mate all of Prabhu’s woes. It would save and remote wipe tools. Essar from a large investment during A digital certificate is installed on each the refresh cycle, all the while putting an mobile device for authentication purposes. end to security problems hindering his Two- factor authentication allows users to BYOD plans. gain secure access via a VPN and gives IT With VDI, a client hypervisor sitting a record of user access behavior patterns. on a user’s device generates a partition in Applications other than e-mail may require the device, creating two virtual devices additional forms of authentication. completely alienated from each other. While these security tools take care of The user logs into the Essar system from authentication and access, MDM efficiently one virtual partition and gains access to manages mobile data through its lifecycle. enterprise and work related data. However, It takes care of asset inventory, application this partition prohibits users from saving deployment, patch management, data and any corporate data on their device due to voice usage and remote wipe. It also enables restrictions enabled on the IT to deploy security enterprise’s virtual image. policies on devices Case Studies The other partition acts as grouped by device type the user’s personal device and OS. To read how organizations are independently allowing Prabhu also empowering their staff read SAP the user to download, enjoys the freedom Reigns In iPads on multi-task and, run mustread. c to customize security personal applications. policies like application

Vol/6 | ISSUE/09

Case Files.indd 59

restriction, password restriction and camera usage. He also deployed DLP tools that use a combination of keywords and file property of a document to block sensitive information from leaving the organization. Prabhu didn’t ignore the basics—like data encryption—either. This ensured that data from one end user device is not read on other devices due to device-specific encryption. But at the same time, Prabhu and his team acknowledge the fact that hardware and software are just one layer of security policy. Most security threats boil down to people, who become the weakest link. So, Prabhu wanted to devise a policy framework that encapsulates and communicates security guidelines to end users. Today, mobile device usage at Essar is governed by a contract. Users are required to sign the contract before they can add their devices to the enterprise’s system. And that’s extremely crucial for CIOs contemplating BYOD. “CIOs should make it clear to users that the complete management of their devices, patching, upgrades and managing SLAs with their OEMs rest with the users,” he says. To strengthen Essar's security posture, the IT team frequently shares in-mails and sends reminders to users, warning them of possible security threats. Currently, the project is being rolled out to about 5,000 users at Essar. In the coming six months to one year, Prabhu plans to extend more core applications like BI to mobile devices. Prabhu aims to allow employees to do much more on the devices they choose, from places they like to work, in a style that suits them best. “But most importantly, I wanted to build a forward looking organization for the younger employees, to provide them a work environment that does not restrict them from following harmless desires of freedom and endless opportunities,” says Prabhu. CIO

Debarati Roy is correspondent. Send feedback on this feature to

REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 4:20:07 PM

Multi screen media

How broadcasting company MSM’s digital content transfer strategy saved it over a crore a year. Ajay Kumar Meher, Sr. VP-IT & New Media, MSM, created a strategy that enabled the broadcaster to repurpose content.


Case Files.indd 60

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

The Organization: MSM, popularly known as SET India, is the television business of Sony Pictures Television International in India. Its bouquet of channels includes Sab TV, Set Max and Sony Pix. It operates in a segment (media and entertainment) that, according to the latest FICCIKPMG report, is expected to grow at a CAGR of 16 percent and touch Rs 63,000 crore by 2015. But in 2010, a perfect storm of circumstance eroded MSM’s ability to bite deep into that pie.

* By Sneha Jha

The Business Case: Despite operating in an industry characterized by creativity and innovation, some of MSM’s business processes plodded. Take the way it transferred its content, for example. “We used to send over 30 hours of fresh content (about 250 GB) including episodes, promos, and TV commercials to our broadcast center in Singapore everyday-via courier. The content was sent on about 45 digital tapes,” says Ajay Kumar Meher, sr. VP-IT and New Media, MSM. This approach had limitations. For instance, it left no scope for content repurposing and it made it impossible for MSM’s creative team to make last minute changes to its programming. At the same time, the cost of the tapes and the courier service was high. The problem was compounded when changes in custom regulations made it practically unfeasible for MSM to use the services of a courier. The alternative of flying staff to Singapore was expensive. “For the next four to five months, MSM Mumbai hand-couriered its tapes to Singapore everyday. We were shelling out between $800-1000 (about Rs 36,000-Rs 45,000) a day,” says Meher. The Solution: It was time to take decisive action. Meher knew he could help by digitizing MSM’s content and using a WAN to transfer programming to Singapore.

It was an idea whose time had come. According to a FICCI-KPMG report, digitizing content is a current and pronounced trend in the Indian television industry. That’s due to two reasons: The increasing cost of content storage using tapes, and the ability to move digital data seamlessly across the production chain without high overhead costs and logistical challenges. In January 2010, Meher chose a solution called Digital Rapid that would help with the digitizing. Using a WAN, however, wasn’t as easy a solution. It’s cost was prohibitive. MSM required 45 MBps to transfer content. Meher decided to have a word with his service provider, Airtel. “I told them that we would use bandwidth only at night. They saw a benefit in this deal because they could get a price for their unutilized bandwidth,” he says. The Benefits: The new system went live on April 15, 2010. And it started saving money immediately. “It resulted in cost savings to the tune of Rs 6 lakh a month. We saved over Rs 1.2 crore in a year,” says Meher Better still, it opened up a new revenue stream for MSM. “We are now digitallyenabled to repurpose our content. Our syndication team can monetize this and resell content,” says Meher. CIO Send feedback to sneha_jha@

Photo by srivatsa shandi lya


Vol/6 | ISSUE/09

7/11/2011 4:20:15 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners

Nilkamal’s attempt to boost the effectiveness of its sales people with Salesforce was being stymied by an inability to efficiently link the SaaS-CRM tool with Nilkamal’s ERP. Could IT find a way? The Organization: Nilkamal is a Rs 1,500-crore company best known for its almost iconic plastic chairs. But less known is the company’s other business including plastic crates, containers and bins, and metal pallets for manufacturing and retail companies. In April 2010, about 45 percent of it's revenues were generated by this part of the business. Business Case: Nilkamal’s businesses are driven by a 300-strong sales force spread across the country. As Nilkamal’s feet on the street, they meet with product managers from, say, a manufacturing company who would purchase plastic crates from them. With a vision of empowering the sales team, Karan Doshi, who leads IT initiatives at Nilkamal, purchased 200 Salesforce. com licenses for the company’s key sales agents.


Case Files.indd 62

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD


* By Varsha Chidambaram

But he soon realized that Salesforce alone wasn’t going to get the job done. The SaaS-CRM offered mobility for reporting, a useful thing especially for a sales force that wasn’t expected to be office-bound. But Salesforce didn’t have access to critical business information sitting within the company’s ERP. And without that sales people had their hands tied. The Project: “For a sales guy to be able to make a sale, he needs to know a client’s latest delivery status, pending payments, etcetera. All of this information resided within the ERP,” says Doshi. As a result, despite having a cloudbased CRM model, Nilkamal’s sales found itself spending a disproportionate amount of time talking with managers at head office over lengthy, longdistance calls. That manual dependency negated some of Salesforce’s advantages. First Steps: Doshi had to take a call that most CIOs dread: Integrating middleware with his ERP. His earlier tryst with SAP PI was a disappointment, he says. “We were running SAP PI to integrate our ERP with Salesforce for one of our retail outlets. It was excruciatingly slow.” Months of research lead him to middleware vendor Fiorano, whose ESB solution was exactly what Nilkamal needed, says Doshi. It was fast, allowed bi-directional access, and integrated beautifully with SAP.

Karan Doshi, Manager, Nilkamal, found a novel way to integrate SAP with Salesforce.

The Challenge: Integrating the middleware was easy, says Doshi. According to him, Fiorano went live in 45 days, against the projected 60 days. The real challenge, however, was integrating various ERP databases. “ERP is a complex giant. Unless you have a dedicated team of ERP experts such an exercise is impossible. For any successful ERP integration project you need to invest in the right skill sets,” says Doshi. The Benefits: Fiorano essentially acts as the link between Salesforce and SAP. When a sales agent sends a query on Salesforce, it, in turn, queries Fiorano which

then talks to Nilkamal’s ERP. It then throws back all the relevant information to Salesforce. And this happens both ways. “Unlike traditional point-to-point coding systems, this is a multi-point visual code that seamlessly transfers information across disparate systems. The tool can integrate not only with SAP but with other applications that Nilkamal may decide to integrate in the future,” says Doshi. Doshi expects the middleware to achieve ROI in less than a year. CIO Send feedback to varsha_

Photo by kap il shroff


Vol/6 | ISSUE/09

7/11/2011 4:20:23 PM



PLUS Globally, ‘brick and mortar’ banking exists as a key channel to increase business per employee and enrich customers’ experience. SBI branch banking transformation is about changing branches from just servicing customers to enhancing their branch banking experience.

INTERVIEW Ujjwal Mathur, Head (Sales) - TCS, India talks about what it takes for an IT project to succeed.


Company State Bank of India Industry Banking Offering Next Generation Branch Transformation

Globally, ‘brick and mortar’ banking exists as a key channel to increase business per employee and enrich customers’ experience. SBI branch banking transformation is about changing branches from just servicing customers to enhancing their branch banking experience.


BI, the ‘banker to every Indian’, has long believed that the branch is the only place where customer relationships can be built and nurtured. Taking this belief forward, SBI built an extensive branch network across India. This has made SBI the second-largest bank in the world in terms of number of branches — at more than 19,500 branches and 25,000 ATMs for the State Bank Group as on June 2011. To meet changing customer demands and increasing competition from the private-sector players, SBI began the largest implementation of a centralized Core Banking System (CBS) ever undertaken in the banking industry, in 2002. With CBS Implementation and connecting all the branches and ATMs on a single large network, SBI transformed itself from ‘BranchBased Banking’ to ‘Bank-Based Banking’. However, implementing CBS was only the beginning of the journey and the bank’s senior management realized that business process re-engineering was essential to reap the benefits of such a move. So, SBI decided to utilize one of its biggest assets – its branch network across the country — to lead the business process reengineering initiative. “We realized that by repositioning the branch network, we can use this asset more effectively. It is now about embarking on a paradigm shift in digitizing the branch with a layer of intelligence to epitomize the new era of banking. SBI branch transformation is about changing branches from just servicing customers to enhancing their branch banking experience,” says C Narasimhan, Deputy Managing Director - Corporate Strategy and New Businesses at SBI.

CHALLENGES With the number of customers visiting the branch increasing everyday, SBI had an opportunity to provide greater value to its customers and enhance their banking experience and help increase revenue per employee. This could only be achieved by addressing the dual challenge of transforming

SBI had to take into consideration that many of its customers were not tech-savvy and still preferred the human touch.

The objective is to popularize self service banking so that we can decongest the counters at our branches.” PRATIP CHAUDHURI, Chairman, SBI

the branch and transforming the mindset of the customers and tellers. SBI had to take into consideration that many of its customers were not comfortable with technology and still preferred the human touch that the teller provided at the branch. On the other hand, the teller mindset had to be changed from transactionoriented banking to relationship-based banking. “The idea is to help familiarize customers with technology and help eliminate the fear of not having human support for every transaction. Since most of our customers are not very tech-savvy, this is being done by re-engineering processes in such a way that technology is subtly embedded while the presence of human touch is ensured,” says Narasimhan. The GenNext Branch Banking is all about innovation and making each system in the branch intelligent. By seamlessly integrating different systems and processes such as transaction processing system, information and customer management, operations, analytics system etc, SBI will be able to intelligently capture customers’ needs and behavior to design tailor-made offerings and services. “However, for this to be completely successful, we are working on improving the tellers’ efficiency. Most importantly, we want to enrich our customers’ branch banking experience by making the teller a seller and an advisor” he adds. T h e o t h e r c h a l le n g e i s t h e b r a n c h transformation. This has to be unique to each branch, as one solution does not fit all. The uniqueness of the branch would be determined based on the customer’s profile, geographical location of the branch and the business focus of that particular branch. It shall be achieved by optimizing processes, changing the ambience,


SBI embarks on a paradigm shift in digitizing the branch with a layer of intelligence to epitomize the new era of banking.” C NARASIMHAN Deputy Managing Director - Corporate Strategy and New Businesses, SBI

bringing in new, innovative technologies and empowering employees. Hence, the challenge is to design a customized solution of global standards to be implemented locally. SBI’s corporate strategy team had been constantly thinking out of the box. It had to move away from traditional banking systems and procedures to provide an innovative solution focused on technology, processes, people and operations. In order to overcome these issues, SBI sought to redefine its strategies and differentiate itself in not only the way it serves its customers but also in the way its customers bank with it. “Traditionally, branches have defined the role of banks in a society and were associated with the trust and security that individuals invested in their bank. But, with the rise of new delivery channels and the drive towards reducing the cost per transaction, questions were raised about the future of the branch,” says Narasimhan.

branches. A GCC allows customers to withdraw and transfer funds up to Rs 40,000 by just swiping their ATM card without filling any forms. The operation is simple. One just walks into a branch and handles a Transaction Processing Device (TPD), which is similar to Point of Sales (PoS) machine. The machines are kept in exclusive green channel counters within the branch. The channel facilitated digitization of information at its inception, resulting in straightforward processing and elimination of errors. The popularity of the channel resulted in 1.6 million transactions in less than a year, resulting in saving more than 6,61,091 A4 size sheets of paper - equivalent to about five trees. SBI believes that, with the GCC at all major branches, they should be able save many more trees. This year, on State Bank Day, SBI launched another offering for its customers - the Self Service Kiosk (SSK), which combines the strengths of all banking channels. The solution, designed on the principle of simplified banking, gives rise to ‘Do It Yourself Banking’, where customers use the SSK the way they use the ATM. With the help of their debit cards, they can perform most of the transactions on the kiosk, which are available on other channels such as the internet, ATM and the branch. SBI was looking for a solution which would enable customers to perform routine transactions on their own and reduce the burden on the tellers so that they could serve customers better. This new channel would not only enable customers to print

KEY INITIATIVES Though branches are here to stay, it is evident that the customer experience in a branch needs to undergo radical transformation. While transformation efforts in banks have primarily focused on transactional processing capabilities, the need of the hour is to become customer-centric. This would enable a bank to foster longstanding profitable customer relationships. The Green Channel Counter (GCC) is an example of an initiative aimed at changing the customers’ mindset and innovatively designing a process to change the way they bank in a branch. According to SBI’s Chairman Pratip Chaudhuri, the bank has started 11,500 such counters across 5000

SELF BANKING Self Service Kiosks are extremely popular as customers can perform various banking functions quickly and easily.


passbooks, open fixed deposit accounts, manage funds transfer requests within and outside the bank, but also facilitate bill payment at their ease and convenience. Such fee-based transactions will help SBI generate additional income. In future, railway bookings , SBI Life payments and a few other things will be added to self-service kiosks. “In fact, we have identified more than seventy high frequency transactions in the branch which can be provided on the SSK, thus helping customers to bank with ease. SBI branch transformation is about empowering customers to fulfill routine transactions themselves and use the interaction with bank personnel for value addition,” he adds. Another initiative towards branch transformation included addressing cash-oriented transactions. SBI installed cash depositing machines which empowered customers to deposit cash in a selfservice mode and update their CBS account real-time. SBI has successfully deployed these machines across various branches and they are used by customers frequently, thereby reducing the time spent at the branch. “We aim to help our customers become comfortable with the concept of swiping their cards for performing a transaction, and these initiatives are already paying off handsomely,’’ says Narasimhan. SBI launched the “State Bank Freedom’, a mobile banking service which is rapidly gaining popularity among the customers. At present, 1.5 million customers conduct more than 70,000 average transactions per day on this platform. “What would differentiate SBI from other banks is our goal to integrate each channel intelligently with the branch as part of our branch transformation initiative,” says Narasimhan. For example, a customer will be able to request a demand draft from his mobile banking application and collect it at a particular time, from a particular branch. These are just some of the initiatives which SBI has taken to enrich its customers’ experience.

WHAT NEXT SBI is considering introducing an Integrated Payment Hub (IPH) - a single, centralized and reusable application for end-to-end management of all electronic (non-cash) payments across the enterprise. The benefits of an IPH include elimination of point-to-point interfaces, real-time monitoring and reconciliation, cross-channel view of payments transactions, reduction of operational risk, reduction of time to market new products, reduced customization of CBS for payment related functionalities and facilitating a single customer view for payments transactions. This single view of a customer would help tellers in the

EASY BANKING A customer making a transaction at the Green Channel Counter with a swipe of his SBI debit card

branch to know the customer better and provide personalized offerings based on their financial and banking needs. SBI’s GenNext branch will also seamlessly integrate all the branch technology devices and processes with other channels to provide a single view of the bank to customers. This integration will also help SBI reduce transaction cost, increase business per employee, increase branch officials’ efficiency, optimally utilize branch resources, enhance customer experience and contribute to the environment and society “SBI has also set up its first ever innovation lab at its corporate office. The whole idea is to replicate the future of banking and how the customers would experience banking,” says Narasimhan. The innovation lab would design solutions and processes which would address not only the existing business problems, but also those of the next generation banking customer. “Innovation has become a practice and a culture, and it would play a crucial role for SBI to redefine banking,” he adds. The next step is to have a one-stop shop for all the customers’ banking and financial needs – virtual tellers and remote experts for advisory services. “SBI has the best technology in the world and with our GenNext Branch Banking, we would be the preferred bank for every Indian” Narasimhan says.


IT + Business =


SENSE As long as a project is seen not just as an IT project, but as a business-IT project, it will succeed. Thatâ&#x20AC;&#x2122;s the credo Ujjwal Mathur, Head (Sales) - TCS, India, believes in.

UJJWAL MATHUR Head of Sales Tata Consultancy Services, India


How can CIOs achieve better IT-business alignment? How do they set their priorities right? It is no longer possible for IT departments to work in silos or for CIOs to take decisions without business involvement. The CIO is now an essential part of the team that forms the business strategy. He must participate in business planning and have an IT strategy that blends well with the organization’s plans. CIOs must prioritize projects, keeping in mind the priorities of business. More and more businesses are trying to involve the IT department to ensure they have a strategy that leverages IT very well. Unless the goals of the IT organization are aligned with those of the business, the results of the IT projects will leave much to be desired. Do you think running IT like business helps? What can be done to help increase the success rate of projects? It is imperative to link the goals of any unit within the structure with the final goals of the overall organization. Running IT as a business will definitely help .If IT can help achieve the business goals, it will be a winwin situation for the overall organization. As long as it is seen not just as an IT project, but as a business-IT project, the project has a stronger possibility of success. At every stage of the project, the business benefits need to be reviewed keeping in mind the market changes and competition. The balanced score card of the IT organization has to be linked to that of the business. All the stakeholders in the project have to be involved and must play an active role in the execution of the project. Entrusting the project only to IT or business will not be productive. How do you get an organization to change its outlook with regard to IT? In today’s world, IT plays a very important role in the success of the company. IT has to be construed as a mainline function and not a support function. This has to be ingrained in the organization and must become a part of the organization’s DNA. How can business use IT to gain a competitive edge and increase revenue? Today, most businesses use IT for gaining an edge over competition. IT has helped business extend its market reach, decrease time-to-market, get better insights into customer data using analytics, focus better on marketing, and use social networking to its advantage. Chief executives of companies now have the latest data on their finger tips and this helps them take

quick decisions to change business strategy to remain competitive. The organization should have a mindset for continuous technology enablement. New technologies like cloud, mobile, etc need to be seriously considered for this enablement. Business roles are ever-changing. Do you see the CIO’s role evolving too? Today, CIOs are no longer pure technology players. Most of them are business technologists. They monitor the business trends in the market and ensure that the changes are incorporated in the IT strategy of the organization. There are several instances where CIOs are people from business who understand technology. Understanding the business need and translating it into technology has become one of the key functions of the CIO. What is the scope for innovation in businesses? Can an organization succeed without innovation? It is difficult for any business to grow without constant innovation. History has shown that organizations which do not innovate or adapt to changes in environment eventually do not succeed. Innovation also needs to be in the DNA of the organization. Ideas not only need to be generated but also implemented so as to acquire a competitive edge. Most organizations have units focusing on Quality, HR and so on; similarly, they should also have a unit focusing on innovation. This unit needs to explore new ideas from within the organization as well as from without. Innovation cannot be a one-off instance and should be institutionalized. What, according to you, are the parameters to measure success of IT projects? An IT project will have succeeded if the businessstated ROIs are met or if the project seems to be heading towards meeting them. There may be projects that are delivered on time, but if they don’t bring the required business benefits, they aren’t deemed successful.

Transformers is brought to you by IDG Custom Solutions Group in association with

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners

IT Value

R I P I.T. VALUE Business outcomes from technology investments are all that really matter. The CIO’s challenge is finding new ways to prove IT’s worth.


By Stephanie Overby

and good. But alignment, it turns out, is not the ultimate end for he end of IT-business alignment is nigh. And no one corporate IT. In fact, says Dave Aron, VP and fellow in Gartner’s CIO is happier about it than the business-focused CIO. Research group, the language of IT-business alignment—encouraged “If you stand in front of an audience of CIOs and and endorsed for more than a decade by industry analysts and start talking about IT-business alignment, at best you consultants—is now dangerously counterproductive get eye rolls, and at worst you get people walking out CIOs must change the conversation. IT value is dead. Business of the room,” says Shawn Banerji, a New York-based outcomes are the real and only measure of IT worth. CIO recruiter with Russell Reynolds Associates. “Today it’s less about, ‘I don’t understand your cost structure. I “Alignment has been a big trend for quite some don’t understand what you’re delivering,’ and more time and—as with most trends—it about, ‘How can I leverage technology to deliver new has gotten a lot of lip service. But Reader ROI: products and services?’” says Dave Codack, VP of the ability to move beyond that into the practical Why IT-business employee technology and network services for TD manifestation of IT and the business being one is a alignment is not enough Bank. “That’s forced us to look at the ways in which progressive reality for a lot of organizations today.” How CIOs can generate we measure technology. We’ve been inadequate in The strategies IT leaders have employed to more revenue for their our ability to define technology value in concert with closely connect the technology organization to organizations the values of the business. It’s difficult.” the larger enterprise—embedding IT staff within Importance of building But IT leaders who want to remain relevant—and business units, understanding business processes, a strong businessfocused IT team employed—have no choice. “The next step on the communicating with end users—have been all well


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

VOl/6 | ISSUE/09

Measuring value is a constant discussion among CIOs, says Louie Ehrlich, CIO of Chevron and president of Chevron IT. â&#x20AC;&#x153;I think some of us get paralyzed. But you have to just do it.â&#x20AC;?

IT Value

Richard Boocock, VP and CIO of Air Products and Chemicals, sold a virtualization project by comparing unused server capacity to idle manufacturing plants.

journey is to move from alignment to engagement,” says Aron, “treating the rest of the business as partners, creating business value together.” According to Gartner, by 2015, the primary factor determining incentive compensation for the CIO will be the amount of new revenue generated from IT initiatives. “IT began in the back office, it moved to the front, and now it has deeply penetrated all aspects of the business,” says Louie Ehrlich, CIO, and president-IT, Chevron. Yet shifting the focus from IT outcomes to business performance isn’t easy. Calculating IT value using business terms is an evolving art. So where to begin? Anywhere. Just get started. “Our profession has such an engineering mindset: Define, test, try, retest, try again. But you will never find a perfect way of doing this,” says Ehrlich. “There’s value in just trying to articulate IT value in business terms. There’s value in just getting in the game.”

internal decision making and interacting with customers. His clients are asking him to find CIOs who share this vision for IT. “The ability to aggregate data and information assets and convert [them] into actionable knowledge—whether it’s for financial forecasting, sales forecasting, more precise understanding of markets, how they manage risk—is central to the business.” That’s highlighted “the importance of IT leaders really being leaders in the company, not just leaders in IT,” says Richard

CIOs must change the conversation. IT value is dead. Business outcomes are the real and only measure of IT worth.


There Are No IT Projects (Really!) or years, the goal for CIOs has been a seat at the executive table. “Then half of them got there and said, ‘Oh my God! what am I doing here? I’m a functional operating person. I’m not equipped to take this on,’” says Russell Reynolds’ Banerji. The other half, however, were better at business strategy than most of their C-suite peers, thanks to their broad view of business information. In the past eighteen months, says Banerji, organizations have been moving to a more data-and-analytics-driven approach to


j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Feature_RIP_IT.indd 52

Boocock, VP and CIO of Air Products and Chemicals. Boocock has spent 28 years at Air Products doing everything from selling hydrocarbon-processing facilities to rolling out SAP. “We live or die on creating customer value. There is only business value.” Of course, if you had a dime for every time a CIO talked about how there are no IT projects, there are only business projects, you’d be retired by now. The difference is “people really mean it now,” says Edward Hansen, a partner in the law firm Baker and McKenzie, who helps CIOs structure and negotiate transformational IT and outsourcing deals. Look at something as traditionally tactical as telecom services, says Hansen. The focus during negotiations for telecom services used to be cost per minute; now it’s networking and sales and “all the socio-economic implications associated with it.” Discussions cover needs as diverse as networking, social Vol/6 | ISSUE/09

7/11/2011 6:30:45 PM

IT Value media and voice and data convergence, according to Hansen. What used to be a purely technical function has evolved into a strategic service. That business leaders appreciate the crucial role IT plays makes it easier to gather the momentum necessary to shift from IT to business value, says Ehrlich. “How do you decide what to put your energy and dollars into when the opportunity set is just endless?” Ehrlich says. “What better way to do that than to put it in business terms and make decisions that make the most money for your company?” That’s difficult to do in an IT department that is merely aligned with business. “In the world of alignment, the customer is the business, and the business is always right,” says Gartner’s Aron. CIOs used to measure their personal value by budget or headcount and their team’s value by delivering on time and on budget. “That’s an arcane approach to measure your relevance,” Banerji says. “Historically, they’ve talked about alignment because that’s all they could possibly hope for.” Today, CIOs are more likely to be rewarded for overall business performance than for some technology project or initiative, Banerji says. “This goes beyond alignment exercises. You need to understand if there has been an impact on the business,” says Ehrlich, “And the question becomes: How do you measure that?”


It’s Everyone’s Money ust over a year ago, when Brian Hardee took over as CIO of Oxford Industries, a holding company that owns such retail brands as Tommy Bahama, Ben Sherman and Lilly Pulitzer, it was clear where IT stood. “IT was just a utility—storage, e-mail, phone,” says Hardee. “And if you don’t talk to the business in the terms of the business they’re still going to continue to perceive you as a utility.” Previous IT leaders had reported metrics like apps supported or total headcount, which meant nothing to the business. “The biggest measure for the previous CIO was the average tenure of his employees,” Hardee says. “That doesn’t drive business value.” A veteran IT consultant, Hardee gave his CEO the bottom line: Oxford Industries was spending 100 percent of its IT budget on sustaining the business and zero on innovation. “That was a compelling number to the CEO,” he says. “You’re spending all that money, and you’re getting nothing of value.” Since then, Hardee has been making progress, first reevaluating telecom expenses (saving hundreds of thousands of dollars) and then developing a list of new projects based on business strategy and value. For every new investment, Hardee creates a business case and manages it using a onepage project overview document. He explains the purpose of the project, the objectives, how it’s aligned to business strategy, and the expected business results—for example, how a new piece of software will not only cut costs but increase sales and reduce risk. Next, he hopes to develop a set of initiatives to extend the customer reach of Oxford Industries’ retail brands by using more analytics and new e-commerce systems.

Vol/6 | ISSUE/09

Feature_RIP_IT.indd 53

You Take the Lead Forrester Research says IT needs to get ahead of the business. Forget about IT and business alignment. We can’t sit around waiting for the business to set strategy and then build an IT strategy for it. That’s the message from Sharyn Leaver, CIO practice leader at Forrester. IT professionals “need to be out ahead of the business,” she says. Forrester research among business leaders highlighted the scale of the challenge, with 35 percent of those surveyed saying they did not rely on IT to generate innovation and that 65 percent have budgets to buy IT without involving the IT function. Forrester says company marketing departments are most likely to bypass the IT department, so analysts quizzed chief marketing officers about why they did so. “They said they value speed over everything else and they believe IT doesn’t get it,” according to Leaver. A second driver for bypassing the IT department was the proliferation of business ready self-service technologies and the fact that business leaders are more tech savvy than ever before. A survey of Gen Y staff found that 64 percent downloaded unauthorised apps or used an external website to get their job done at least once a week. Of these, some 40 percent said that they do this at least once a day. Gen Y now make up less than 10 percent of workforce, but in ten years it will be half. “These people will truly topple IT status quo,” she says. Their view of what is required to do the job has changed—they are resourceful and go out and get it.” IT, Leaver insists, needs to reinvent itself to remain relevant.

— By Mike Simons

CIOs further along in their efforts to measure business impact are putting IT-centric measures like uptime on the back burner to focus on business goals like customer retention and operating efficiency. Dee Waddell is group information officer of marketing, sales and customer service with Amtrak. Waddell meets with his business partners once a year to discuss expectations and develop business-focused SLAs for IT to meet. His IT group also publishes an annual report of its business results. Traditional technical metrics like network use and apps supported are still tracked, but Waddell doesn’t use them to elucidate IT’s business contribution. At TD Bank, call centers are no longer a cost to be contained; they’re now revenue generators. “When you focus on metrics that define value, it’s a very different conversation than the one you would normally have about [doing things] faster and cheaper,” Codack says. “It’s about IT’s contribution to those sales metrics. What has technology done to drive that revenue?” REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 6:30:49 PM

IT Value Business executives have increased expectations for IT, says Codack, driven largely by the value they’ve reaped from technology at home. “There’s been a rapid onslaught of technology that provides real value for them in their personal lives,” Codack says. If IT doesn’t provide similar value at work, they won’t hesitate to look elsewhere for it. “We can’t be naïve and say we’re all one team and don’t have to define and drive our contribution [to the business],” Codack says. “Everyone spends a fair amount of time [working] to improve gross and margin. You have to defend [IT costs], but it’s more about your contribution versus your spend.” The goal is to move toward an “increasingly common vocabulary,” says Boocock. Take a seemingly technology-centric decision: When to upgrade an operating system. “In the past, that was purely an IT decision,” Boocock says. “But upgrades cost a lot of money and they take resources away from other initiatives. It’s still my decision to make, but it needs to be framed in business terms.” Instead of saying the upgrade needs to happen because the existing version is no longer supported, he explains the increased operating risk that the company will be exposed to and its inability to build new capabilities without the investment. Or consider the typical infrastructure reliability metric— 99.9 percent uptime. “We used to celebrate meeting that,” says Chevron’s Ehrlich. “And while we were celebrating, there was a business leader saying, ‘Oh yeah, where were you that Saturday when we couldn’t collect credit card payments?’” The old operational measures are necessary, but not sufficient. Chevron IT created a business incident index to track the number of IT service issues that affected business and the impact of each in terms of revenue and reputation. Ask Ehrlich if it was hard to figure out a way to quantify that impact and he lets out a “Heck, yeah!” In a decentralized company with a presence in more than 100 countries, thousands of transactions are taking place every minute. “To get that insight isn’t easy, and we’ve tried a bunch of different things,” he says. They ultimately settled on ranges—low, medium and high—defined by financial impact. The farther away an IT investment is from the front lines, the harder it is to frame in business terms. Network assets, for example, could be used in 101 different ways, says Ehrlich. “How do you quantify the business impact of that?” He doesn’t. “That’s where we’ve landed,” he says. “Some things are just a utility that we run as cost effectively and efficiently as we can.” Those investment decisions are still made strategically. They’re just tied to IT rather than business strategy. That’s not a bad place to be, says Gartner’s Aron. “Treat runthe-business, regulatory or risk investments as a tax—checking [that] the business is taxed the right amount,” he advises. “Treat

value-generating, IT-intensive projects like all investments, and optimize based on outcomes.” Sometimes, all you need is a little finesse. Consider datacenter virtualization. Boocock knew that in the absence of virtualization, just 15 percent of a typical server farm is used. Air Products has hundreds of production plants around the world, and the company’s leaders would be irate if only 15 percent of any of them was being used. That industrial production corollary made for the shortest IT sales pitch Boocock has ever made. “The philosophy of business value has to be applied across the whole continuum [of IT services],” he says.


Start Somewhere espite IT’s efforts to measure business impact, its universe—including vendors, service providers, and even some business partners and customers—may be slow to adapt. “The world may not be changing at the same pace the CIO is changing—even within organizations,” says Hansen of Baker and McKenzie. “There is an education process that needs to take place.” For instance, if you’re serious about making decisions based on business value, you also need an IT team that is up to the task. But it takes time to build staff that knows how to think about revenue and customer engagement in addition to development costs and system performance. Oxford Industries’ Hardee winnowed his already small IT group from 35 people down to 14 who could take IT decision making and communications in a new direction. “We didn’t have the right resources,” he says. Now he’s looking for cross-functional capabilities. “Even if I’m hiring a business analyst, I’m not just hiring a financial business analyst,” Hardee says. “I want a financial supply chain business analyst.” “It’s critical to build a strong, business-focused set of leaders that have future potential both within and outside of IT,” Waddell says. “The leadership and management of IT must become more attractive for strong leaders that come from the business side, have the aptitude to understand the strategic value of technology, and can relate with technical personnel.” Business rotations are a requirement for even the newest additions to IT at Air Products. “Future leaders will need to have a broad portfolio of skills and capabilities, not to the level that they’re [business function] experts, but to what I would call having a strong appreciation for it—how we do business, who our customers are, what markets we serve and if and how I bring that into play as a leader.” New hires fresh out of school do a stint outside the technology group in materials or finance, for example. “In the past, taking a new IT professional and, within a year, moving them outside of IT to gain experience elsewhere would have been considered career suicide” for the new hires, he says. Now it’s the cost of doing business in IT, not to mention critical for technologists’ career survival. Some veteran technology professionals can’t adjust. “There are some people who actually just like to do certain things in the IT space,” Boocock explains. “But if

According to Gartner, by 2015, the primary factor determining incentive compensation for the CIO will be the amount of new revenue generated from IT initiatives. 98

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Feature_RIP_IT.indd 54

Vol/6 | ISSUE/09

7/11/2011 6:30:49 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners Partners

IT Value

What Business Value Looks Like

we’re not going to be doing those things [internally] anymore, that’s not going Traditional IT metrics may keep technology operations humming, but to be an option.” tracking business outcomes is the only way to show how IT benefits Hardee says that as a your company. Here are some examples: result of prior IT leadership, business leaders within his company haven’t IT Operation Traditional Metric Business Outcome Metrics understood the value of IT End-user satisfaction as a competitive weapon, Help-desk Resolution Time Business impact of fewer which ironically confounds incidents his efforts to promote a business-oriented view. “If Overall service availability you’re relying on your brand Datacenter System uptime Financial impact of service to carry you to the next level interruptions as opposed to innovating Operating risks averted Level of support for old and connecting in terms Hardware or software upgrades equipment or applications New capabilities enabled of analytics, you’re fooling Revenue generated yourself. I’m trying to Schedule and budget goals for communicate that to them,” New system implementation Change in market share individual projects he says, by explaining to Productivity improvement them how technology can Overall project schedule and reduce inefficiencies and Use of service delivery best budget goals generate revenue. practices (such as the Capability Service delivery Speed and efficiency as His new hire is a marMaturity Model) compared to competitors keting communications professional. He is also partnering with everyone he can. He recently set up a meeting with the marketing teams Measuring the business value of technology at Amtrak is also at Lilly Pulitzer and Ben Sherman, which Oxford Industries aca work in progress, based on the understanding that business quired in December, to introduce them to a new social media lisleaders care more about customers than servers. SLAs for the tening tool. Lilly Pulitzer had its own CIO, but Ben Sherman’s CIO website include the percentage of time that bookings can be made didn’t engage with business or marketing employees. Hardee now successfully or that train statuses can be retrieved. “These are serves as the brand’s acting CIO. “They were so happy with the availability metrics,” says Waddell, “but much more relevant to fact that a CIO reached out and was trying to help impact [busiour business customers.” They will serve as stepping stones to ness] results,” Hardee says. more advanced measures of business value, such as the number Fundamentally changing the way IT decisions are made and of bookings. “It is absolutely imperative that IT become versant IT value is measured takes time. Ehrlich, Waddell, and Boocock in the business and is an enabler for the business to deliver to are over three years in. Codack has been at it for just under two. external customers,” Waddell says. Hardee is just getting started. And they all agree it’s probably a At Chevron, the IT group is “nowhere near where we ought to decade-long process. be,” says Ehrlich. There are pockets of excellence, but also pockets “If we’re talking about the CIO as a pure business person, we’re of absence when it comes to measuring IT in business terms. Some not completely there,” says Banerji of Russell Reynolds, who parts of the organization are great at it; others are struggling. “I’d estimates that about a third of IT organizations are aggressively like to get us all up that maturity curve more so that if you ask moving in this direction. “There are a few organizations that do it them what is the value of IT, they explain it to the business in the very well and certain IT leaders do better than others. But it’s not terms of the business.” pervasive yet. The first movers are setting the tone and others will It’s not perfect, but it’s progress. “How do you measure value? scramble to catch up.” It’s a constant discussion among CIOs, and I think some of us At TD Bank, “the awareness is there. The acceptance is there. get paralyzed,” says Ehrlich. “But you have to just go for it. Do it We have a lot of testing and trials going on,” says Codack. “It will wrong. Just do it. What’s the worst thing that could happen?” CIO be a number of years before we settle on what works.” The goal is to create a new value framework, figure out what metrics work best, and use them as benchmarks to figure out how to increase the business impact of IT over time. Send feedback on this feature to 100

Feature_RIP_IT.indd 56

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Vol/6 | ISSUE/09

7/11/2011 6:30:49 PM


technology image by

A CLOSER LOOK AT cloud computing

Organizations looking to deploy private clouds must understand where they're headed. A development cloud is an appropriate start, but consider these three scenarios for how use of your cloud will evolve.

Vol/6 | ISSUE/09

Essential_Tech.indd 81

Heading to the Cloud By Bernard Golden

Private Cloud | It is by now a truism that most IT organizations are planning an IT infrastructure strategy that includes cloud computing and that an internal cloud (a.k.a. private cloud) is a fundamental part of that strategy. While trying to avoid getting sucked into the vortex that is defining cloud computing, it's safe to say that a cloud computing environment includes the ability for IT resource consumers like application developers to self-service resource requests, along with automated provisioning (a.k.a. orchestration) of computing resources like virtual servers, network connectivity, and storage. The mere deployment of virtualization enabling support of multiple virtual servers on a single physical server, while admirable and useful in itself, is not cloud computing. In talking to a number of informed people, it's clear that private cloud implementations are moving forward in many organizations, with RFPs to vendors out with an aim of contract award in 2011 and implementation in 2012. The question is, how will that private cloud be used, and what are the downstream effects of moving to a private cloud? There are a number of scenarios, some of which make sense, some of which don't make sense, and some of which are incomprehensible. It might be useful to see some of the ways private clouds will be used by those organizations implementing them. REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 6:40:22 PM

essential technology

A planning assumption is that no organization is going to insert a full-blown cloud infrastructure into their existing production application environment. There are some reasons for this assumption. A key principle of CIOs everywhere is don't mess with something that's in and working. Change introduces the potential for disruption and failure. So why insert an entire new infrastructure into one in which applications are quite happily humming along? Note: This does not imply that existing environments will not have virtualization brought in. One of the most felicitous aspects of virtualization is that it provides great benefit—cost reduction via server consolidation—without introducing much change at the application level. Most existing applications won't benefit from being placed into a cloud computing

and change of moving to cloud computing. Just the fact that a new term—development operations—needed to be created to describe how IT has to operate in a cloud environment should provide a clue about this. So, to summarize: Putting cloud computing into an existing production environment is disruptive and expensive, and doesn't provide many benefits. This should explain our assumption that most IT organizations will not retrofit cloud computing into their production computing environments. Given this, many IT organizations are directing their initial private cloud initiatives at serving developers, which makes a lot of sense. Developers are typically underserved by existing processes, and offering them a selfservice option helps productivity and, crucially, avoids many issues associated with production private clouds, like how to integrate existing

Overall, organizations looking to deploy private clouds should thoroughly understand what they're signing up for. A development cloud is an appropriate start, but is not sufficient for a long-term plan. environment. They are written with static topology and manual administration assumed, so they can't take advantage of selfservice and automated elasticity. Therefore, inserting a cloud computing infrastructure into the production environment is going to provide little improvement for these apps. In any case, the leisurely march of virtualization into production environments should call into question the belief that IT organizations are going to, overnight, disperse cloud computing capabilities throughout their production infrastructure. Another assumption is that cloud computing is expensive and disruptive to IT organizations. We constantly see organizations that underestimate the cost 102

Essential_Tech.indd 82

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

heavyweight processes. Moreover, developers are pretty expens ive employees, and avoiding long waits for resources reduces costs. The question is, if an organization's initial foray into a private cloud is aimed at developers, what are the subsequent use scenarios? In other words, once developers begin using the private cloud for development (and, of course, testing) purposes, what happens? Here are common use scenarios and their implications: Scenario One: Agile Development, Static Operations In this scenario, software and QA engineers are provided a private cloud for development purposes, but when the time comes for production deployment, the application

Private Clouds Rule Public clouds have a long way to go if they want to be the top choice of businesses looking to put resources in a shared, centralized computing environment, according to a poll of 1,200 IT leaders. Just 7 percent of respondents say they'd most likely use public cloud services while 47 percent say they would make a private cloud their first pick, according to the CDW 2011 Cloud Tracking poll. Overall, security concern was the major deterrent to adoption with 41 percent of respondents indicating it's a worry. But nearly as many, 40 percent, say cost is a concern as well. Coming in a distant third with 26 percent was privacy and compliance concerns. The cost worries are more pronounced among IT professionals that haven't actually tried cloud services yet, the poll finds. Asked whether cloud applications cost less than traditional applications, 36 percent say yes. But when those actually using at least some cloud applications were asked whether they were saving money by moving applications to the cloud, 84 percent say yes. Overall, based on cloud services and technology available now, all those polled say on average 42 percent of their IT services and applications theoretically could be run in the cloud. Of the 320 respondents that actually use cloud computing in some way, 73 percent started by using a single cloud application. Ranked from one to six, the categories of applications most often placed in a cloud environment are: e-mail, file storage, office productivity, Web conferencing, online learning and video conferencing. — By Tim Greene

Vol/6 | ISSUE/09

7/11/2011 6:40:22 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners

essential technology

is operated according to the existing processes (which were, remember, created to manage static topology, inelastic applications in an often-process heavy ITIL-like environment). The satisfaction level to this strategy depends upon what proportion of newlydeveloped applications assume and use the elastic automation associated with cloud computing. Selecting this approach might depend upon organization-specific projections of future application elasticity requirements. If the proportion of applications requiring elasticity is rather low, this scenario might be perfectly acceptable. For the majority of newlydeveloped applications, static operation techniques would be appropriate. For the minority of applications that require elasticity, an exception to provide a more agile operations environment could be made and pertinent measures taken. The challenge with this scenario is that it is in conflict with the increasingly common nature of future applications; that is, the nature of applications is changing, with more highly variable workloads, much larger scale, and more complex deployment topologies that are more difficult to manage in a manual fashion. In a phrase, there is an impedence mismatch between the future of applications and the operational assumptions of this scenario. Scenario Two: Agile Development, Semi-Agile Operations In this scenario, new applications are placed into production in an operations infrastructure that can support elasticity, complex topologies, and automated administration, while the existing applications continue to operate in the older, static operations environment. One might think of this as building an add-on to the existing datacenter environment, which operates by new rules. In a way, this scenario is consistent with the history of computing. New computing platforms don't displace what already exists; the platforms accrete to what's in place. What commonly happens is that most new applications are deployed on the new 104

Essential_Tech.indd 84

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

platform, while existing platforms are limited to minor upgrades to existing applications. And, of course, over time the new platform represents the vast preponderance of the total number of applications. This is an attractive scenario, in that it reduces overall disruption and provides a good deployment option for cloud-developed and-based applications. It avoids the challenges associated with the impedence mismatch of the previous scenario. Two things to watch out for in this scenario: First, the disconcerting way in which applications edge from "development" to "production" without an official recognition or acknowledgement. IT operations may find itself responsible for applications that it had no idea were going to move into production, requiring agile, elastic infrastructure. That is to say, IT operations may find themselves challenged to provide a production cloud environment well before planning to do so. This premature â&#x20AC;&#x153;productizationâ&#x20AC;? will inevitably cause problems and accelerated catch up. Second, it's easy to underestimate the change necessary to operate an agile infrastructure. End-to-end automation carries implications well beyond installing a cloud software stack and declaring "open for cloud business." Just as it's traditional that new platforms accrete around old ones, it's also traditional for IT organizations to over-emphasize technology and underrate

When confronting a disruptive innovation, like the cloud, organizations attempt to forcefit it into existing processesâ&#x20AC;&#x201D; usually unsuccessfully.


The number of Indian CIOs that say a private cloud model will work best for their organizations. Source:State of the CIO 2010

people and process. The outcome of this situation is that the cloud application will suffer many problems when put into production as the operations group learns on the fly how to manage an automated, elastic application. Scenario Three: Agile Development, Bypassed Operations This scenario presents an existential challenge to the mainstream infrastructure operations organization and, indirectly, a threat to the financial underpinnings of the entire IT organization. In this scenario, developers attempt to use the private cloud but, for various reasons, find some element of the environment unsatisfactory and choose to develop or deploy in a public cloud environment. An example of why this might come to pass can be illustrated by an example. Consulatants suggested an infrastructure to deploy resource user self service. The manager was fine with greater agility but the request for resources had to be forwarded to an operation administrator who would evaluate the request and, should it be appropriate, would provision the resources himself and then forward information back to the developer sufficient to begin using the resource. He really didn't understand the difference between true self-service and e-mailenabled resource requests.

Vol/6 | ISSUE/09

7/11/2011 6:40:22 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners Partners

This response is typical of organizations responding to innovative developments. When confronting a disruptive innovation, like the cloud, organizations commonly attempt to force-fit it into existing processes and assumptions—usually unsuccessfully. In this scenario, developers quite happily begin to use the private cloud, but, when confronted with unwillingness on the part of operations to support self-service, application elasticity, etcetera, become dissatisfied with the offering and choose to either: Deploy the application outside of the internal datacenter; or more worryingly, turn their back on the private cloud and choose to develop and deploy in a public cloud environment. This kind of situation can be blunt or subtle, but, in the end, falls short of what developers want. It is important to understand that cloud computing reduces the friction in obtaining and using computing resources—discarding the endless requests, meetings, telephone calls, e-mails, escalations, not to mention the often heavy-handed rationing of resources. Putting an unresponsive production infrastructure behind an agile development environment may end up investing in a development cloud that ends up unused. Even worse, this scenario can hold the potential for stranded investment, as expensive production environments lie fallow while applications are deployed into public clouds that support low friction interaction. Overall, organizations looking to deploy private clouds should thoroughly understand what they're signing up for. A development cloud is an appropriate start, but is not sufficient for a long-term plan. It's inevitable that a development cloud will be the first step toward implementing a larger production environment capable of supporting self-service, elastic provisioning, and agile operations fully committed to cloud computing characteristics. Anything less will, in the end, fall short. CIO

cloud Budget

Money Grows on Clouds cloud strategy | Cloud computing is practically mainstream, according to the latest CIO Economic Impact survey of 291 IT leaders. In fact, nearly half (48 percent) of the CIOs surveyed say they have adopted a ‘cloud first’ policy, which means they will evaluate cloud options first, over traditional IT approaches, before making any new IT investments. Cloud budgets reflect this shift, with 48 percent of IT leaders putting more money toward cloud, up from 44 percent in November 2010 and 38 percent in August 2010. More than half (53 percent) of CIOs say they expect to increase their IT budgets overall, up 5 percent from a year ago. Roberto Dolci, CIO of manufacturer System Logistics, moved his company's payroll system to the cloud, which he says has increased the business's agility and allowed him to "squeeze more out of the same amount of money." However, while Dolci plans to evaluate other cloud options, he says he'll hold off on moving over more mission-critical applications. The public cloud is "still immature, and that's an understatement," he says. While 27 percent of survey respondents sayshifting to cloud services could result in decreases in IT headcounts in the next three years, 49 percent of CIOs expect their staffing numbers to remain the same. Scott Van Vliet, CTO at Mattel, says moving to the cloud won't affect his company's IT headcount, but it will "present an opportunity to reinvest in areas that are lacking focus. People will become more focused on creating value-added features for the business." Use of mobile applications is also growing, with 67 percent of respondents planning to increase their budgets in this area, up from 53 percent in November 2010. Some 79 percent of CIOs say increased employee productivity is driving the adoption of mobile devices in the enterprise. — By Lauren Brousell

image by

essential technology

Send feedback on this feature to


Essential_Tech.indd 86

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

Vol/6 | ISSUE/09

7/11/2011 6:40:28 PM

essential technology

Access Denied The recent outages at cloud providers has everyone questioning the reliability of infrastructure-as-a-service offerings. Here are seven tips for protecting your data in the event of cloud services failure. By Stephanie Overby

Risk Mitigation | One of CIOs' biggest concerns about the infrastructureas-a-service model has been the loss of control over assets and management that enterprises might experience upon moving into a multi-tenant environment. While analysts and early adopters of infrastructure-as-a-service offerings have argued that such apprehension is rooted

decision makers to take pause. Before rushing into any new cloud infrastructure deal, take the following seven steps to mitigate the risk of infrastructure-as-aservice failure. Plan to fail. Develop detailed cloud breakdown scenarios and perform recovery run-throughs. "Put your riskmitigation strategy firmly in place before

image by

Putting one service integration provider in charge of a multi-sourced arrangement will give you "one throat to choke" in the event of a failure. more in fear than fact, Amazon's and other recent public datacenter debacles have given everyone good reason to question the reliability of the public cloud. The cloud outages may not slow the long-term growth of cloud computing significantly, but it should cause IT

Vol/6 | ISSUE/09

Essential_Tech.indd 87

moving into the cloud environment," says Phil Fersht, founder of outsourcing analyst firm HfS Research. Heather McKelvey, vice president of engineering and operations for Mashery, an API management services provider, agrees. "A lot of people think 'get it up and

running' and then we'll put in the design for failover," she says. "You can't do that. [Others] assume that a cloud will failover to another cloudâ&#x20AC;&#x201D;or one datacenter to another datacenterâ&#x20AC;&#x201D;but there are varying degrees of where problems can happen, and you need to architect and build for all levels of failure in your system, not just the high level." Keep some expertise in house. One of the allures of cloudsourcing is the notion that you no longer have to maintain internal knowledge of the technologies that support as-a-service solutions. However, captive know-how comes in handy when you need to prepare for and react to cloud problems. "I don't see CIOs having much option but to increase in-house knowledge of cloud underpinnings," Fersht says. If you lack in-house capabilities, ask your provider for help, or consider hiring consultants to create a disaster recovery and business continuity plan. "Even a small investment in third-party risk oversight is worth the investment, if it helps negate a potential disaster in the event of a long outage," Fersht says. Test that plan. Then test it again. "The cloud is the perfect place to test failures in a completely staged environment," says Donald Flood, vice president of engineering for Bizo, a business-tobusiness advertising network provider and Amazon Web Services customer. "You can easily create a staged environment that mirrors production and test your systems by killing running services and evaluating how your system performs under failure." Create internal back-up options. It took about two days for Amazon to locate and repair the problems at its REAL CIO WORLD | j u ly 1 5 , 2 0 1 1


7/11/2011 6:40:30 PM

essential technology

datacenter in northern Virginia. But as soon as US Tennis Association CIO and Amazon Elastic Cloud Compute (EC2) customer Larry Bonfante began to notice application sluggishness, he and his team migrated the USTA's critical systems to their own server. IT leaders must maintain internal contingency capabilities, Bonfante advises. Re-examine your sourcing strategy. IT leaders have embraced multisourcing, but that model can make cloud continuity confusing. "The dominoeffect ramifications of an outage are very complex to manage and resolve," says Fersht. For example, as more services get built on top of cloud computing

in the cloud. Major Amazon Web Services customer Netflix, on the other hand, says it experienced no issues because its cloud computing model assumed one of the datacenters in Amazon's four regions would go down. The company had "taken full advantage of Amazon Web Services' redundant cloud architecture," says a Netflix spokesperson. Critical data should be replicated across multiple availability zones or regional datacenters. It should be backed up or live replicated across regions. Active servers should be distributed geographically, and there should be enough active capacity to shift locations should one datacenter implode, advises Thorsten Von Eicken,

One of the allures of cloudsourcing is the notion that you no longer have to maintain internal knowledge of the technologies that support as-a-service solutions.That's not true. infrastructures, a seemingly isolated outage can have a domino effect, taking down many services or an entire application environment, he adds. Putting one service integration provider in charge of a multi-sourced arrangement will give you "one throat to choke" in the event of a failure, according to Fersht, but it can also prove problematic. "They are likely to develop an institutional knowledge of your IT processes that would be very tough to transfer in the future if you wanted to maintain a healthy competitive environment," Fersht says. "You need to have your own IT staff get smart about how cloud works, or you really do risk potentially losing control over your own IT environment." Don't be cheap. The ROI of redundancy investments skyrockets in cloud collapse scenarios. Many of the companies affected by public cloud failure could not—or would not—pay to run parallel systems 108

Essential_Tech.indd 88

j u ly 1 5 , 2 0 1 1 | REAL CIO WORLD

CTO and co-founder of cloud management vendor RightScale. "Of course all this has costs, so each business needs to determine which costs are justified for each service being offered," he adds. Bizo, for example, runs its services in two availability zones in each of the four Amazon regions it utilizes. When the eastern region went south last week, the company redirected that traffic to the western region. Put your provider on the hook. Make sure your cloud vendors have some skin in the game with a contract that ties outages to service levels. "If you are subcontracting to a third-party cloud provider, ensure they are responsible for these outages and can't [absolve] themselves of responsibility," Fersht says. CIO

Insecure at the Top Concerns about the security of cloud applications are keeping a significant number of organizations from going further with deploying more of the technology, according to CDW 2011 Cloud Tracking poll. A number of those who are using cloud applications say they are not pursuing further cloud implementation due to security worries. The survey found that 32 percent of cloud-using organizations name security concerns as a roadblock to further implementation, compared to 45 percent of IT management at non-cloudusing organizations. Skepticism is high at more than half of the organizations with 53 percent of CIOs expressing security concerns and stating their organization's management does not trust the cloud's data security. Approximately 40 percent of CIOs say they do not believe the cloud is as secure as their own facilities. Applications most commonly operated in the cloud are commodity applications such as e-mail (50 percent of cloud users), file storage (39 percent), Web and video conferencing (36 and 32 percent, respectively), and online learning (34 percent), according to CDW. Respondents estimate that, on average, only 42 percent of their current services and apps have potential to operate in the cloud. Even the respondents who identified themselves as cloud users—currently implementing or maintaining cloud computing—say they expect to spend no more than onethird of their IT budget (34 percent) on cloud computing by 2016. Non-cloud users say they expect to spend slightly more than one-quarter of their IT budget (28 percent) on cloud computing by 2016, and to save 23 percent by using cloud computing resources and applications.

—By Joan Goodchild Send feedback on this feature to

Vol/6 | ISSUE/09

7/11/2011 6:40:30 PM

August 26-27, 2011. The Marriott, Pune Visit CIO100 Partners





CIO magazine, in association with Websense, spoke to several CIOs to understand how enterprises can leverage the power of new communication, collaboration and social web tools while having protection from malware, new web-based attacks, inappropriate content, and confidential data loss. eb-enabled technologies are reshaping the modern enterprise. Powerful cloud-based business tools offer new ways to create, share, and manage information. These innovations enable a new breed of borderless enterprise — faster, nimbler and more responsive than ever before. Yet they also introduce dangerous new security risks. Sites built upon dynamic Web 2.0 content — including most of today’s top online destinations — are uniquely vulnerable to aggressive, fast-moving security threats. CIO magazine, in association with Websense, spoke to several CIOs to understand how enterprises can leverage the power of new communication, collaboration, and social web tools

while having protection from malware, new web-based attacks that evade antivirus software, inappropriate content, and confidential data loss.

New Opportunities, New Risks Recalling several recent attacks that have targeted enterprises such as Sony, Citibank, Epsilon and even the Iranian nuclear program, Arun Kumar, VP and Global Head of Internet –IT at Tata Consultancy Services says that online threats are being launched at record speed. The industry is experiencing a deluge of attacks — each more targeted than the last. The masterminds, often, are criminal organizations motivated by data and money, and


not fame and mischief as in years past. “In the end, it is the enterprise’s job to protect its content”, he adds. Enterprises must protect against these new and blended threats by having complete visibility into the traffic entering and leaving the network. Unfortunately, traditional security solutions are not enough. URL filtering and reputation-based tools may catch yesterday’s threats, but they lack the speed and agility to identify threats associated with dynamic online content or attacks against legitimate Web 2.0 sites, says Tarun Pandey, VP – IT at Aditya Birla Financial Services Group. For instance, the security solution at his company was blocking e-mail and websites which used the term ‘Sensex’ – simply because it had the word ‘sex’. “This had to be corrected manually,” he adds.

“The increased use of wireless networks and collaboration technologies—combined with increasing usage of mobile devices amplify the risk of data leaks from within.“ PARESH PUJARA

Group CIO, Adani Enterprises

“Current security solutions can prevent breaches in a closed enterprise environment. Legacy security solutions are not designed to deal with the new threats in a borderless business environment.“ DR. NEENA PAHUJA,

CIO, Max Healthcare Institute

Creating a Powerful Security Framework The biggest challenge for organizations is to protect confidential data against such attacks without inhibiting legitimate business activities says S.S. Mathur, GM IT at Centre for Railway Information Systems. In order to achieve this fine balance, Charanjit Singh Sodhi - Chief of Security Plans and Policies at Bharti

“An organization’s security is only as strong as its weakest human link. “ JOHN MCCORMACK, President, Websense

Airtel, says that organizations must identify key business data sources to comply with external regulations and with internal data security policies. Then they must monitor the business processes that pose the greatest risk to data security and protect this data against unauthorized access or use. “Once the security framework is in place, it needs to be reviewed periodically so that an organization stays ahead of the ever-evolving onslaught of threats,” says Dr. Neena Pahuja, CIO of Max Healthcare Institute. Organizations also need to reduce data loss risks involving cases where existing IT resources are not capable of meeting employee needs. Alison Higgins-Miller, VP, APAC Sales at Websense affirms that as more users work with large files, they may encounter problems with storage quotas on a company’s file servers, FTP servers, or email systems. “Out of frustration and necessity, users turn to online storage sites or email services for large file attachments.,” she adds. While these services meet legitimate user needs, companies that lack visibility into these services or control over the data being stored face serious data security risks. According to Bhupendra Pant, Head IT at Larsen & Toubro – EWAC, a single incident of data loss can tarnish brand reputation and erode a business’ competitive advantage. Hence, protecting intellectual property assets is given the highest priority at his company.

A majority of the CIOs were of the opinion that employee training is the key to make sure that data does not get out of the company. However, John McCormack, President of Websense says that many security solutions rely on human adherence to company policy. That means an organization’s security is only as strong as its weakest human link and hence the risk of exposure is high, both from intentional acts or unfortunate mistakes. He adds that organizations should try to prevent intrusions, however, this is not always possible. Once the intrusion is detected, it should be impossible for the intruder to get out of the network. He calls this the TombRaider strategy to security. The consensus was that enterprises need multiple detection mechanisms and content classifiers with high accuracy and granular control. They need to eliminate false positives and false negatives, responding immediately to legitimate loss events with the right tactics — whether that’s blocking, quarantining, or encrypting traffic. There’s just too much at stake not to take data loss seriously, especially in a borderless enterprise.

This event report is brought to you by IDG Custom Solutions Group in association with

bookclub club whAt we’Re ReAdINg

by Vijay RamachandRan


Innovation Sutra Two gurus help you avoid the traps, while creating an organization that’s innovative yet predictable. IN SUMMARY: Czech author Milan

ed by Support

Kundera once said that as far as he was concerned business had only two functions—marketing and innovation. But Vijay Govindrajan and Chris Trimble observe that the issue with business organizations is that they are built for efficiency and not innovation. Most organizations aim for predictable outcomes, results and profits quarter on quarter on quarter. That seems a fair enough goal to aspire for. However, the authors do point that the pressure to get this aspect of the business right converts the entire entity into a “Performance Engine”—the stronger it gets, the healthier a company gets. And this damns the process of innovation—since it’s seldom repeatable or predictable, the two attributes of a good “Performance Engine.” So how does an organization balance the need for keeping the lights on with fostering innovation? You’ll find a good many ways to answer that in this book. In a blog post discussing the book, Prof. Govindarajan asks: “Can businesses really change the world?” His reply: “Yes—but only if they adjust.” Read on for excerpts from reviews of this book from two of your peers who recommend it as heartily as me: Organizations across the world struggle to constantly innovate whilst trying to meet existing product or

customer needs with efficiency. I believe that the fundamental finding of the authors is right on the first page of the preface: “The limits to innovation in large organizations have nothing to do with creativity and nothing to do with technology. They have everything to do with management capability.” It is important for CIOs to realize that successful innovations will need new ideas and good execution. The book walks the reader through a series of case studies mixed with some management paradigms that showcase various facets of how to successfully execute innovation projects. The book also helped me formulate a model for some of the projects that we are working on. The exercises at the end of the book complete the learning. This is a must read for those who want to act as catalysts of change. MANISH CHOKSI, Chief-Corporate Strategy & CIO, Asian Paints The need for competitive edge through innovation carries a strong appeal. However, the real challenge lies in execution. This dichotomy in

CIO Book CLUB log on to to get YOUR FRee COpY p . Also, read pY reviews and post comments.


the OtheR SIde OF INNOvA vAt vA AtION: Solving The

Execution Challenge by Vijay Govindrajan & Chris Trimble Publisher: Harvard Buisness Review Press Price: Rs 695 the objectives of today’s organizations makes it difficult to convert ideas into reality. The need for balance and partnership between the two is brought out very well by the authors. Every innovation needs a unique implementation strategy. There is no secret sauce to deal with the challenges; but the simple tools, questionnaires and templates provided by the authors help to make things a lot more structured. While providing case studies from BMW, Infosys, and Dow Jones, the authors have listed myths, traps, and biases that are a great help for CIOs. I was curious when I opened the book; real life examples from global organizations, and compilation of rich experiences and a decade of research by the authors whetted my appetite and made it an interesting read. SUNEEL ARADHYE, CIO, Essar Steel Sounds interesting? We invite you to join the CIO Book Club. CIO Send feedback to

Vol/6 | ISSUE/09

Run applications up to 50x faster.

What IT performance can be. With WAN optimization solutions from Riverbed®, you can increase application performance up to 50 times faster over the WAN, delivering LAN-like performance just about anywhere — from remote offices to the data center to the cloud. Learn more at For any queries, please contact

© 2011 Riverbed Technology. All rights reserved.

July 2011  

Technology. Business. Leadership.