Making it in 2014 december 15 2013 issuu by Sreekanth Sastry

VOL/09 | ISSUE/02

BUSINESS

TECHNOLOGY

LEADERSHIP

CIO YEAR AHEAD SURVEY: TECHNOLOGIES TO WATCH OUT FOR IN 2014

MAKING IT IN

2014

It took courage, grit, and guts to wade through 2013. Brace yourself, 2014 could be tougher. Here’s how to beat the odds. Page 26

DECEMBER 15, 2013 | `100.00 W WW.CIO.IN

FROM THE EDITOR-IN-CHIEF

PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L

Cirrus, Alto, Stratus

Yet whichever path gets chosen, it leads to one inescapable destination—the here, now and future of the cloud is hybrid. A lonely impulse of delight Drove to this tumult in the clouds; I balanced all, brought all to mind… —W.B. Yeats

When I first wrote an edit on cloud computing six years ago, an enterprise-class cloud was little more than vapourware. You’d think that after so many moons and increased maturity, cloud would be gathering momentum. Many conversations that I’ve been having with a host of CIOs point to a new trend emerging. Data from the CIO|14: The Year Ahead Survey (Page 50) bears witness that India Inc. is seeing a slowdown in investments into the private cloud, with a hybrid first model emerging. Take today’s business demands of efficiency, agility and speed, add the blurry business horizon, with a generous helping of business end-goals and stir in the acute shortage of IT talent and you’re staring at a recipe for catastrophic business failure. CIOs, in trying to avoid this, would have few options than to move some workloads to the public cloud, while keeping the more critical ones within the perimeter. Increasingly, however, I observe organizations begin the move to the public cloud early. Earlier than even putting a ‘private cloud’ in place! Yet whichever path gets chosen, it leads to one inescapable destination—the here and now and future of the cloud is hybrid. Companies might choose to keep some data and applications at home to escape issues with latency or compliance, the rest will need homes elsewhere—homes that will be rented. This will distress those who swear by ‘private clouds’. But, let’s be honest without twoway secure bursting a reality, the private cloud is essentially a foundation layer for the cloud without any of its agility or scale. The higher business velocity and cost efficiency that hybrid models offer seem to indicate that managements will lean that way. How about you?

EDITOR-IN-CHIEF MANAGING EDITOR EXECUTIVE EDITOR ASSOCIATE EDITORS FEATURES EDITOR SPECIAL CORRESPONDENTS

Vijay Ramachandran T.M. Arun Kumar Gunjan Trivedi Sunil Shah,Yogesh Gupta Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya PRINCIPAL CORRESPONDENTS Anup Varier, Debarati Roy, Sneha Jha, Varsha Chidambaram SENIOR CORRESPONDENTS Aritra Sarkhel, Eric Ernest, Ershad Kaleebullah, Shubhra Rishi, Shweta Rao SENIOR COPY EDITORS Shreehari Paliath, Vinay Kumaar LEAD DESIGNERS Pradeep Gulur, Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER-KEYACCOUNTS MANAGER MARKETING MANAGER-SALES SUPPORT SR. MARKETING ASSOCIATES

MARKETING ASSOCIATE

LEAD DESIGNER SENIOR DESIGNER

Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Runjhun Kulshrestha, Sakshee Bagri Ajay Chakravarthy Nadira Hyder Archana Ganapathy, Benjamin Jeevanraj, Rima Biswas Arjun Punchappady, Cleanne Serrao, Lavneetha Kunjappa, Margaret DCosta, Nikita Oliver, Shwetha M. Jithesh C.C. Laaljith C.K.

O P E R AT I O N S VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION SR. MANAGER IT MANAGER OPERATIONS MANAGER CREDIT CONTROL SR. ACCOUNTS EXECUTIVE

Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Chetan Acharya, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Satish Apagundi Dinesh P., Tharuna Paul Prachi Gupta Poornima

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/02

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

contents DECEMBER 15, 2013 | VOL/9 | ISSUE/02

MAKING IT IN

CIO TASK FORCE | THINK TANK Renowned CIOs share lessons, id eas, and insights on the four most challenging issues in IT today.

28 | Customer Outreach 34 | The Evolving Role of CIO 40 | Outcome-based IT 46 | Handling User Delight

THE WAY

AHEAD 2 6

112 | Where India’s IT

Roadmap Got Decided EVENT| 2014: THE YEAR AHEAD Move over crystal balls and expert predictions. If you were at the CIO Year Ahead 2014 held at Kochi, you wouldn't need much else to see the future if IT in 2014. Here are some highlights of the three-day event.

114 | The Discussions 116 | The Conference 124 |The Task Forces more »

26 | Making it in 2014: The Way Ahead

COVER: COVER DESIGN BY VIKAS KAP OO R & UN NIKRISHN AN

FEATURES | IT STRATEGY New technologies will open new doors of opportunity in 2014 and to make the most of it, here's a list of 11 technologies that should be on your radar.

5 0

2 D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

THE YEAR AHEAD SURVEY Analytics and big data, cloud computing, and consumerization and mobility. These trends will manifest more acutely in 2014. We take a look at the numbers.

VOL/9 | ISSUE/02

contents

(cont.) DEPARTMENTS

1 | From the Editor-in-Chief Cirrus, Alto, Stratus By Vijay Ramachandran

7 | Trendlines

5 7 4

12 | Alert Cloud Security | Dangers of Rogue Clouds Crime | Women More Vulnerable to Phishing

131 | Essential Technology

Columns 16

Social Network | Social Media Ideas

136 | Endlines

| The CEO’s New Job

THINK TANK It used to be that CEOs could palm off customer experience down the line. Not anymore. To survive, CEOs need to become customer experience evangelists. Column by Mark Hurd

| Fear is the Key

Innovation | Bye Bye Battery? By Evan Dashevsky

FRANKLY SPEAKING Microsoft seems to be putting the fear of losses and lost revenue opportunity into the hearts of the Indian public sector banks’ managements. Seems to be an interesting strategy—if you can’t convince them, scare them. Column by TM Arun Kumar

| Seeing Double

FUTURE TECH Conventional wisdom says smartphones cause car accidents, and Google Glass is already getting banned. But is there a double standard at play? Column by Mike Elgan

1 2 8 4 D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VIEW FROM THE TOP “IT is as critical as finance, sales or marketing. We've seen clear benefits from our investments in IT, ” says Qimat Rai Gupta, CMD, Havells India.

VOL/9 | ISSUE/02

CIO Online

.in CIO ADVERTISER INDEX

Canon India

[ Yea r Ahead Spec ial ]

IBC, 30 & 31

Delta Power Solutions(India)

Looking Forward

Emerson Network Power India HP EG Converged Infrastructure

22 & 23

As we pull the shutters down on 2013 and welcome the new year, new technologies and opportunities are waiting to be explored. CIO has created special spotlight zones to give you a peek into the year ahead.Visit cio.in

HP Entereprise Services

68 & 69

HP Storage

Video Library From case studies to peer-to-peer advice, and from new technology developments to international events, our videos cover everything that affects you. To keep yourself abreast of the happenings in the IT world around you, watch our online videos. cio.in/videos

[ S l i des hows ] From buzzwords in 2014 to other tech projects, view our slideshows.

IBM India

Konica Minolta Business Solutions India IFC Lenovo India Ricoh India SAS Institute (India) Vodafone India Wipro Limited

[ CI O TV ]

BC 51 59 3 & Insert 97

[ Su r veys ]

By the Numbers Our surveys are a treasure trove of technology, staffing, security trends and beyond. They mirror economic realities and how they impact you. Visit the By the Numbers section online. cio.in/by-the-numbers

[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.

Don't receive our newsletters? Log on to our website to subscribe today!

>> cio.in/news

Read More@ cio.in

>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events

6 D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL/9 | ISSUE/02

EDITED BY SHARDHA SUBRAMANIAN

NEW

HOT

UNEXPECTED

Mercedes: A Spa, Touchscreen, and the Works

simulate the massage styles. You activate the massage and customize the treatment from the touchscreen display. The massage feature is also available to rear passengers with the car’s optional Executive package. Oh yeah, the S550 also offers some new technical marvels that affect the actual operation of the vehicle. A feature called Distronic Plus with Steering Assist that keeps the car centered in your lane automatically. It works at speeds up to 124mph. The technology is one of the leading precursors to future autonomous driving.

If that’s not enough to help you drive more confidently, the car can brake automatically in an intersection to avoid a side collision, maintains your speed using adaptive cruise control, and can fully brake at city speeds below 31mph if it detects an object or person on the road. A new suspension feature called Magic Body Control scans the road ahead and adjusts the suspension accordingly—making a rougher patch of road more bearable. —By John Brandon

TRENDLINES

I N N O V A T I O N Cross a luxury car with a spa, and you might get something like the 2014 MercedesBenz S550. This high-end car now offers touchscreen control over some surprising creature comforts. Do we need this stuff? No, of course not. Is it fun to think about even if you could never afford this car? Absolutely. The S550 lets you activate a scentcontrol system to “perfume” the interior. Mercedes-Benz offers specially created scents including Sports Mood, Nightlife Mood, and Downtown Mood. All of the scents are intended to be subtle fresheners. While driving fatigue seems unlikely in a car this luxurious, the S550 also offers optional massage chairs for the driver and passenger that can simulate a hot-stone massage. There are six massage styles available in total. Fourteen different air chambers within the seats inflate and deflate to

Map Gives Your Business Direction

VOL/9 | ISSUE/02

that wants to price out its premiums more quickly by seeing whether a client lives in a high-risk area. The idea is to help companies get more value out of the location-based data they already have. If that data can be plotted on a map, it will be easier for business owners to make decisions, Google executives said. It’s taking “the consumer experience with Maps, but bringing a more powerful form of mapping to successful business owners,” said Brian McClendon, VP of Google Maps. With Maps Engine Pro, companies can import data such as addresses,

names, office locations and sales leads from various file formats onto a map, which can then be edited and shared among any number of people working at the company. The maps can be customized, too. For example, companies can use different colored pins to show various points of interest or add text to parts of the map. Businesses can share their maps with as many people as they want, just like regular Google Docs files. But the data behind the maps is secure, according to Google.

IMAGES BY MAST ERFILE.CO M

Google wants to turn business owners into cartographers with a new mapping tool designed to visualize their companies’ data. It recently launched Google Maps Engine Pro, a cloud-based software tool designed to let businesses organize data such as shipping routes, warehouse locations and sales territories when just a clunky spreadsheet won’t do. It’s about solving geo-related problems: Picture a company that wants to better design its shuttle routes by looking at where its employees live on a map, or an insurance company

MOBILE APPS

—By Zach Miners REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Differently-abled Web

The Web promises to deliver information to all, but those with disabilities are often unable to access the content on many websites. Amaze is changing that.Deque Systems developed Amaze as a way to more easily make websites accessible to people with disabilities. The technology works by looking for patterns inside an application and replacing pieces of the code in real time with HTML code that is accessible or that makes the application accessible to a variety of assistive technologies. Deque Systems uses the following example to explain how it works: A website has a “Submit” button that is invisible to a customer who is blind and using a screen reader. The traditional approach to correcting this problem would entail pulling up the source code, reprogramming the form and then testing to confirm that the bug has been fixed. Even after testing, the correction might not happen until the website is scheduled for a revision. This means the organization that owns the website would remain non-compliant with accessibility guidelines, while disabled users would continue to have problems accessing information on the site or using its functions. Further complicating the situation, many organizations use third-party content and applications on their websites and wouldn’t have access to any faulty source code, meaning they wouldn’t have the ability to fix inaccessibility issues. But with Amaze, users can create an accessibility overlay that fixes bugs on third-party content or applications immediately, without having to reprogram a single line of source code. Moreover, the Amaze Accessibility Overlay can be used as a guide to update source code when making scheduled revisions to a website. Amaze provides real-time remediation on a massive scale without impacting load times, and it is capable of complying with stringent security requirements without impeding effectiveness. It is a fully developed software tool that Deque Systems has offered to clients since its launch in November 2012. Amaze is already being used as part of the US Department of Veterans Affairs’ compliance program. The VA is using the Amaze Accessibility Overlay to make all VA Web content, including all of the third-party content it uses on its websites, accessible while code is being remediated. The VA’s use of Amaze will directly help more than 50 million disabled individuals who use VA services by ensuring that the agency’s website is accessible. — By Mary K. Pratt

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

The Smart Desk has Arrived Ever heard of a smart desk, one that learns from your habits whether you’d rather sit or stand at any given moment, and can prompt you to switch with minimal disturbance? It’s here. Stir, a small LA-based startup, has come out with the Kinetic Desk. JP Labrosse, founder and CEO of Stir, was part of the original iPod team, which operated in such secret inside Apple that he said it was like working at a startup— down to everyone having their own desks, even some early adopters of the standing desk that’s enjoying its moment these days. The Kinetic Desk is the culmination of Labrosse’s fascination with the form. The desk looks like it’s been touched by a magic wand that makes everything resemble an iPod fresh out of the box— gleaming white, minimalist design, an embedded iPod touchlike screen in the left-hand corner just begging to be swiped and tapped. A single plug powers the built-in power strip and USB charging ports, cleverly hidden in the desk’s top corners. The compartments are big enough to store power bricks and excess cable, leaving no wires dangling under the desk that might inhibit you from changing positions whenever you feel the urge. Under the hood, the Kinect Desk sports a thermal proximity sensor as well as a 3-axis accelerometer to detect when you’re in front of the desk, so it can start logging your sitting and standing time. So the desk can tell if you’re standing (or sitting) at it, and at any time, you just double-tap the touchscreen to switch between standing and sitting heights. But if you tend to get engrossed in your work, a button on the front of the desk puts it in Active mode. In this mode, the desk will actually prompt you to change positions—every once in a while, the desk will subtly raise about an inch, then lower back down. No noise (except the quiet hum and vibration of the motor), no light, no annoying beep. —By Susie Ochs

DEVICES

VOL/9 | ISSUE/02

IMAGES BY MAST ERFILE.COM

TRENDLINES

TECHNOLOGY

2020 Olympics: Let Technology Begin

Top Asian CXO Management Priorities I T M A N A G E M E N T It is interesting to note that India is the only country in the region that is making enterprise IT security a priority.

Indonesia

India Aligning IT and business goals Enterprise IT security Controlling costs

1 2 3

China Aligning IT and business goals Controlling costs Improving user satisfaction

Aligning IT and business goals Improving user satisfaction Controlling costs

Malaysia

1 2 3

Aligning IT and business goals BC/Risk management IT-enabled process improvement

Source: State of the Asian CXO Survey

VOL/9 | ISSUE/02

The sensors, cameras, and radar systems that already make today’s cars smarter have plans—big plans—for expansion. Recently, at its spanking-new facility in Mountain View, California, automotive parts supplier Delphi showed off its next generation of smart technology, and all its tricks focus squarely on what’s happening inside the cabin. There’s still plenty of room for tech that looks outward at traffic and the road ahead, but Delphi is focusing inward—at the driver and passengers—to improve safety, comfort, and even your in-car infotainment needs. Of course, today’s cars are already stuffed with nanny controls to manage things like braking and stability, but what Delphi demonstrated goes way beyond your tires’ contact patches with the road. Delphi’s MyFi Connecting with Safety system uses a combination of interior and exterior sensors and cameras to focus on you, and whether you’re paying attention to traffic. MyFi is the name of Delphi connected infotainment system, which includes voice recognition, touchscreens, and reconfigurable displays. The Connecting with Safety element monitors the driver’s awareness and locks down certain parts of the MyFi system based on driver focus and traffic conditions. Delphi showed it off on a Volvo XC60. Here’s how it works: A small camera is mounted on the dashboard near the bottom of the instrument cluster. This camera focuses on your face, and uses an algorithm to determine whether you’re looking straight ahead at the road. If you look away from the road for more than two seconds, a bright orange light flashes near the windshield. The light bounces off the windshield like a head-up display. It’s bright enough to grab your attention—and, hopefully, force your eyes back on traffic. If you ignore the warning flash, the Connecting with Safety system takes more extreme measures and locks you out of the center console’s touchscreen. The screen dims and you can no longer press buttons or change radio stations. As soon as you glance back to the road, the screen brightens and unlocks. The Connecting with Safety system is dynamic, which means its alerts and functionality change with the traffic environment. The system connects to radars, sensors, and cameras on the outside of the car to determine whether you’re driving in a heavy traffic environment. And if there is a lot of traffic, the system can lock you out of the touchscreen, start flashing the orange light whenever you glance away from the road. —By Sarah Jacobsson Purewal

AU TO

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

IMAGE COURTESY: HUFFIN GTO NP OST.COM

—By Martyn Williams

New-age Nanny: Your Car

TRENDLINES

T E C H N O L O G Y October’s awarding of the 2020 Olympic Games to Tokyo could be great news for technology. Pushed by a desire to showcase their expertise to the world, some of Japan’s biggest companies are targeting 2020 as the ideal time to deploy new technologies that could revolutionize mobile telecommunications, consumer electronics, automobiles and even the way people watch the Olympics on TV. Consider what happened last time Japan hosted the Olympics, in 1964. Back then, technology wasn’t nearly as pervasive as it is today, but those games were notable as the first to be broadcast overseas via satellite and in color. Television might get another Olympic push forward in 2020. While TV makers are currently promoting “4K” or “Ultra HD” sets, which offer four times the level of detail of current 8HDTVs, Japan’s national public broadcaster, NHK, is close to beginning trial service of a system with 16 times the level of detail, called Super Hi-Vision or 8K. Test transmissions are due to begin in 2016. For its part, NTT DoCoMo, Japan’s biggest mobile telecommunications network operator, is targeting 2020 for the introduction of a 5G cellular phone service. Designed to work in outdoor, urban areas like Tokyo, the system will boast data rates of between 1Gbps and 10Gbps.

Reinventing the Wheel Biking is fun! Biking uphill is not as much fun. Neither is biking to work on a hot day and arriving all sweaty and red-faced, or having to bike home (uphill, probably) when you’re already exhausted, or pushing your bike up the street because it’s too hilly or you’re too tired. And the least fun of all is having your bike stolen. FlyKly wants to fix these problems. The company launched a Kickstarter campaign for its FlyKly Smart Wheel. The Smart Wheel packs a super-thin motor into a tough plastic casing that fits on the spokes of a bike rim. You’re only buying the wheel, so you can put it on whatever bike you already own and love. FlyKly will produce 26- and 29-inch versions in eight colors, and you supply the bike, inner tube, and tire. The motor can propel you up to 20 miles per hour for up to 30 miles, so you get the same pedal-assistance magic as a “real” electric bike, but with less weight, less cost, and some really cool smart features too. Electronics inside the wheel talk to your smartphone via Bluetooth 4.0—FlyKly has apps for iOS, Android, and even the Pebble watch. The apps let you set the top speed for the motor, plus they display data on your speed, distance, and how the wheel’s battery is faring. (It charges as you pedal or ride downhill, or you can plug it in between rides.) All you have to do is set the speed, hop on, and start pedaling—as soon as the Smart Wheel realizes you’re moving, the motor kicks in with a satisfying whir. It could not be

TRENDLINES

POPULAR SCIENCE

simpler. Stop pedaling, and the motor coasts too. You can even pedal backward to make the motor start up again, if you insist on making the motor do all the work instead of just assisting. The Smart Wheel even has GPS built in, and the app can show your location on a map and provide bike-friendly directions. But that’s not the only reason FlyKly crammed a GPS in there. The app also lets you lock your wheel between rides, and once the wheel is locked, the only way to move the bike would be to pick it up and carry it. But if that happens, your phone will alert you that your bike is walking away, and track its location on a map for you. Brilliant! —By Susie Ochs

This Smartphone’s Boneless! M O B I L I T Y Not to be outdone by Samsung, LG says it’s ready to mass produce its first flexible OLED display panel for smartphones. LG claims that its flexible panel is “vertically concave from top to bottom,” curving on a 700 mm radius. In other words, it would only form a full circle if the screen was about 14.5 feet long. For a six-inch display, that translates to about 0.16 inches of concavity at the top of the arc. The panel is also among the world’s slimmest and lightest, LG claims, measuring 0.44 mm thick and weighing 7.6 grams with a 6-inch panel. The phone may be known as the G Flex, and would have a 6-inch display according to CNET. Both Samsung and LG are using plastic instead of glass in their displays. This should allow them to get to market earlier, given that flexible glass displays may still be years away. However, LG and Samsung differ in the direction of their respective curves; while LG’s display

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

flexes from top to bottom, Samsung’s version curves from side-to-side, allowing the screen to bend around the edges of the phone. Aside from the cool factor of having a curved phone, the advantage of either display will be increased durability (LG uses the term “unbreakable”). Curved screens could also be useful for wearable devices, such as smartwatches, giving the screen a bit of contour around the body. Exciting as that sounds, it’s worth noting that LG isn’t talking about prices or battery efficiency, and Reuters has noted that both cost and heat resistance have been barriers to the mass production. Although curved displays could be the next big thing for portable electronics, don’t get too caught up in the hype until we’ve seen some actual products. —By Jared Newman

VOL/9 | ISSUE/02

COMPILED BY SHUBHRA RISHI

Best Practices

The Unstoppable Millennials

TRENDLINES

A survey of Indian millennial employees underscores the needs to create tighter security frameworks and more stringent monitoring.

Millennials are giving CIOs sleepless nights. Based on findings from a Fortinet India Survey, up to 58 percent of 21- to 32 year-old Indian millennial employees say they would contravene company policies that restrict the use of personal devices, cloud storage, and wearable technologies at the workplace. The survey shows that—against company policy—43 percent of Indian millennial employees would bring personal devices to work, 42 percent would store critical data on a personal cloud service, and 58 percent would use emerging technologies such as smart watches. Over 63 percent of Indian millennial staffers trust cloud applications like Dropbox and Evernote with work data. Just over 15 percent say they have used a cloud service to store financial data related to work, 22 percent for ‘critical private documents such as contracts, and 33 percent have used a cloud service to store customer data. They might be indifferent to the rules, but Indian millennial employees are certainly not threat-illiterate, and fully comprehend the meaning of terms such as hacking, malware, phishing and APT among others. The survey reveals that over 55 percent millennial employees’ computers have been compromised, and over 96 percent agree that they have an obligation to understand the security risks that their personal device pose to their organizations.

EDUCATE EMPLOYEES on threats and their impact. The more employees are educated, the more likely they will abide by enterprise rules.

GET TO KNOW YOUR WORKFORCE BETTER. Device a strategy that embraces new modes of working since their arrival will change business radically.

SECURE AT THE NETWORK LEVEL. There’s a need for security intelligence to be implemented at the network level in order to enable control of user activities based on devices, applications being used and locations.

The Reckless Millennials Staffers Personal Cloud Services Millennials Use for Work India

Worldwide

Webmail (Gmail, etc)

49%

70%

Google Drive

41%

59%

Dropbox

25%

36%

SkyDrive

19%

22%

iCloud

14%

16%

YouSendIt (Hightail)

13%

11%

Evernote

12%

17%

Other Cloud Services

None

15%

VOL/9 | ISSUE/02

Millennials: Level of Trust in the Cloud

63%

32% I fully trust the cloud with my data and will store any type of data in my cloud app

30%

57% I understand there are security risks and only store data that I don’t worry could get lost

6% I don’t trust the cloud and do not use it to store any data

6% I don’t know

INDIA WORLD

SOURCE: FORTINET

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

alert

ENTERPRISE RISK MANAGEMENT

Dangers of Rogue Clouds I

IMAGES BY MASTERFILE.COM

n the world of IT security, public cloud services themselves are not rogues as the classic dictionary definition would put it: “Unprincipled, deceitful, unreliable, scoundrels or rascals.” It is employees who are, in effect, “going rogue” by using those services without the permission or even knowledge of IT departments. However, whatever the semantics and whoever is at fault, most security experts say rogue clouds or the rogue use of clouds can be a major threat to corporate data security. For starters, if an employee stores company data on a file-sharing service like Dropbox, if that employee leaves the company, he is likely to have all that information still under his control. Experts have a list of other risks as well: Possible cloud infections; breaches of data compliance requirements; exposure of confidential information through hacking, since the cloud service has, in effect, now become the

end user of the data; theft of goods or services; account takeover; and possible defacement of web properties. Yet rogue cloud deployments are increasingly popular. One Symantec survey found that 77 percent of all businesses have experienced rogue cloud situations, or unauthorized use of cloud services, over the past year. The survey also found that 40 percent of organizations where the rogue use of clouds exists, “have in fact experienced the exposure of confidential information. Other issues include theft of goods or services, account takeover and even defacement of web properties, experienced by more than one-quarter of businesses.” That trend is continuing, according to Kevin O’Brien, enterprise solutions architect at Cloudlock. He said his firm

sees two key trends when it analyzes third-party applications enabled within company cloud environments. “The number of untested third party applications has risen by more than 60 percent over the past 12 months, and the amount of data being moved through those applications has risen in lockstep with their increase in adoption,” he said. This, he added, creates something of a “shadow IT,” where department heads and line staff, “make technical decisions, such as whether to trust and allow access to a third-party software tool, without adequate oversight or information.” O’Brien said there are two categories of rogue cloud apps: Those that handle and transfer data and those that are more personal such as video games and personal productivity or social tools.

Obstacles to Improving Strategic Effectiveness of IS FINDINGS

It is interesting to note that the insufficient funding is not seen as a barrier to improving information security. Leadership: CEO, President, Board, or equivalent

31%

Leadership: CIO or equivalent

22%

Lack of an effective IS strategy

27%

Absence or shortage of in-house technical expertise

20%

Lack of an actionable vision or understanding of how future business needs impact IS

27%

Insufficient capital expenditures

20%

Leadership: CISO, CSO, or equivalent

25%

Insufficient operating expenditures

13%

Poorly integrated or complex information and IT systems

12%

SOURCE: Global Information Security Survey

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

alert

ENTERPRISE RISK MANAGEMENT

He said his firm sees more of the latter, namely entertainment and productivity apps that have a significant amount of access to critical business data. “We’ve seen a rise in the number of our customers who are banning apps like Angry Birds, MailBox and other such personal apps which have been installed by their staff.” Kent Christensen, virtualization practice manager at Datalink, said one benefit of the Symantec report and other media attention to rogue cloud use is that at least there is increased awareness of the risks. He adds that “many are planning a strategy to help repatriate some of the application loads but have not done so yet. [Others] have cried foul and brought stuff back into the fold due to compliance and security or cost.” But he and others say the expanded rogue use of clouds points to a failure on the part of IT departments to provide employees with the tools they need. Dropbox, one of the most frequently mentioned sites when rogue clouds are under discussion, “is likely the most common since it is so simple and useful,” Christensen said. “In this case the organization is demanding the ability to collaborate and IT has not provided a solution. So users download Dropbox and do it on their own. It is a consumerized application—very

simple to procure and use—being used in the corporate setting.” Mark Diodati, technical director in the office of the CTO at Ping Identity, agrees, saying employee frustration with IT is the primary reason they turn to the rogue use of cloud services. “They don’t want to wait 18 months for somebody to set up a VM,” he said. “IT has to start thinking on business time, which means faster than infrastructure time.” Dropbox did not respond to a request for comment, but pointed to pages on its website that list its security, privacy and compliance features. Those include SSL and AES-256 bit encryption and available two-step verification. It complies with the U.S.-E.U and U.S.Swiss Safe Harbor Frameworks, but does not yet have HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001 or PCI certifications. But Christensen said there are plenty of alternatives to popular cloud services, if IT took the time to vet them and make them available. “Dropbox or GoogleDrive are really applications that were not initially designed for commercial organization use,” he said. “Other applications, like HDS, EMC, NetApp and others are designing Dropbox-like services that are more secure and compliant. Some even allow the data to remain in the private cloud and accessed via a secure corporate

network, but still allow collaboration between authenticated users.” Andrew Jaquith, CTO of SilverSky, takes it even further, saying that a report done by his firm, “showed the business application that has the most cloud adoption is e-mail, at 40 percent That means 60 percent of the market hasn’t adopted it yet. Does that make e-mail a ‘rogue cloud’? I don’t think anyone would argue that. What we are talking about is just a question of degree,” he said. “When we talk about ‘rogue clouds,’ all we mean is that it is something that does not have the blessing of IT. But that’s no different than PCs were at first: Unsanctioned devices. IT should seek to understand honestly why these alternatives to traditional services are being used. They are IT’s competition. If IT can’t provide something internally that solves the needs that these alternative solutions fulfil, it should find the next best version that meets their assurance and security requirements.” “IT needs to address the root cause of the problem—find ways to review, analyze and empower users, not to cast aside all concerns about security and regulatory compliance,” says Kevin O’Brien. CIO Taylor Armerding writes for CSO Online. Send feedback on this feature to editor@cio.in

[ONE LINER:]

“Companies used traditional safeguards like firewalls, etcetera. But they are now are also using analytics to analyse threats. However, India is still behind in the use to such techniques to check intrusions.” — SIVARAMA KRISHAN , PWC INDIA LEADER (INFORMATION TECHNOLOGY RISK MANAGEMENT) TO ECONOMIC TIMES

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

alert

ENTERPRISE RISK MANAGEMENT

Women More Vulnerable to Phishing

VOL/9 | ISSUE/02

personality assessment) categorized as neurotic were also found to be the likeliest to fall for a phishing scam. Interestingly, there was no correlation between men’s personality types and their vulnerability to phishing. Moreover, the student’s knowledge of computer security also didn’t factor into their level of vulnerability. “These results tell us that personality characteristics may exert considerable influence when it comes to choices about online behavior, and that they may even override awareness of online threats,” Lewis explained. It’s important to note that the researchers point that their study sample was small and further investigation is needed. Such investigation may offer

LivingSocial Horror

new report from the Polytechnic Institute of New York University has linked susceptibility to phishing scams to personality traits, noting that women may be more vulnerable to men. In a paper published by the Polytechnic Institute of New York University, three researchers sampled 100 students from an undergrad psychology class, most of them science or engineering majors. The undergrads were given a questionnaire asking about their online habits and beliefs, including details on the type of information, as well as the volume of said information, shared on Facebook. In addition, they were asked to rate the likelihood of negative things happening to them personally online, such as stolen passwords, before answering a short version of a commonly used multidimensional personality assessment survey. The answers given established a base, and from there the researchers used the email addresses given by the undergrads to conduct phishing assessments. The phishing e-mail attempted to trick the students into clicking a link in order to enter a prize raffle and to fill out a form requesting personal information. In order to keep things as close to the real deal as possible, the phishing e-mail used a fake FROM: address, and the body of the message contained spelling and grammatical errors. These intentional mistakes were used in order to see if those with a technical grounding would spot the scam before it became an issue. “We were surprised to see that 17 percent of our targets were successfully phished—and this was a group with considerable computer knowledge,” said James Lewis, instructor in the NYU-Poly Department of Science, Technology and Society. Most of those who feel for the scam were women. Those women who were (based on the questionnaire and

important insights into how personality traits impact decision-making online, and it may aid in the design of more effective computer interfaces, as well as security training and education. “Research on gender and decisionmaking are very mixed, and once you throw in personality traits, it becomes even more complex. In general, research has found that there tend to be more women than men who rate higher in the trait of neuroticism—so is it really gender, or is it really the personality trait that is affecting the outcome,” said Michele Fincher, the Chief Influencing Agent at Social-Engineer.com.” CIO Steve Ragan writes for CSO Online. Send feedback on this feature to editor@cio.in

A recent cyber attack on the Internet deal site LivingSocial that forced it to reset the passwords of some 50 million users has elements of what’s becoming an all too familiar storyline. Along with the names, birth dates, and e-mail addresses of some of the site’s users, the intruders also accessed those users’ passwords. The passwords could have been used to access user accounts on LivingSocial, but the online deals firm says it doesn’t believe any accounts have been compromised. Neither was the database containing credit card information touched. However, if a hacker compromised a user’s account, they could still run up charges on the payment card associated with that account. Since LivingSocial hashes and salts passwords stored on its system, any data thief will have to work to unscramble the passwords. “Hashing” involves scrambling the password with an algorithm. That hash is then “salted” with random characters to make it even more difficult to crack by an unauthorized party. How difficult they are to crack is a subject of debate. LivingSocial used a hashing scheme called SHA1, which some in security circles feel is too weak to withstand the kinds of brute force attack that can be mounted by a byte bandit today. — By John P. Mello Jr.

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Mark Hurd

THINK TANK

The CEO’s New Job It used to be that CEOs could palm off customer experience down the line. Not anymore. To survive, CEOs need to become customer experience evangelists.

onventional wisdom has lately been taking a terrible beating from modern technology as today's natively social and mobile generation relegates big chunks of traditional business strategy to the junk-heap of irrelevance. For example, classic business school thinking always told us that when your customer-satisfaction numbers hit 95 percent or even 98 percent, it's a waste of money to try to push beyond that because some customers are just grumpy and implacable by nature and you can't do a thing about that. So move on, we were told. And that was okay back in the old days when the seller was in control of everything, from what the customer could buy and how the product would be fulfilled to the options that would or would not be available. But today, that model's got about as much vitality as the local video store. In today's global marketplace, buyers are empowered by modern technology and are fully in control of the buyer-seller relationship. And with that new dynamic in place, much of the conventional business wisdom that has served CEOs nicely for the past several decades needs a complete overhaul.

AVoice for the Minority ILLUST RATION BY MASTERF ILE

Unhappy c]ustomers—even if it's only two percent of your total customer universe—now have the voice and the authority to exact a painful price on companies they believe have missed the mark on product selection or availability or fulfilment channels or afterpurchase service and support. Social media and mobile computing advances have given those consumers powerful platforms through which to influence the purchasing decisions of dozens or hundreds or even thousands of other potential buyers. 16

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Mark Hurd

THINK TANK

For CEOs, the good news is that you and most other high-level business leaders are fully aware of this dual challenge and opportunity: 97 percent of executives surveyed say that delivering great customer experiences is essential to their success. But the bad news for a lot of CEOs is that only 63 percent of companies have appropriate customer experience systems and processes. So about one-third of businesses are giving nothing but lip service to delivering superb experiences to customers— how can those companies expect to compete? Or even survive?

Disconnected Social Media Strategy Clearly, social media has become an indispensable platform in helping customers engage with businesses and in fostering enduring and mutually beneficial relationships. However, we're once again finding that there's a jarring discrepancy between what companies say they should be doing with regard to social media, and what in fact they are doing: While 81 percent of executives surveyed say they realize that active social-media processes and culture are essential to their success, only 65 percent offer social channels for sales and service! So what's causing this disconnect? Respondents spread the blame equally across three culprits: Inflexible technology that can't handle modern social tools, siloed organizations that can't adapt to rapid external disruptions, and insufficient funding. As I look at those three obstacles—core technology, organizational structures, and budget priorities—it's clear that they can't be overcome by a feisty social team, or a hard-charging sales leader, or even by a forceful finance chief. No, those barriers to becoming a truly social business that can deliver superb customer experiences can only be knocked down by the CEO.

time. They tell me that their customer satisfaction numbers are slipping, and that they're spending almost all of their IT budget on old stuff in the basement that isn't delivering any real value or helping address these new and urgent challenges. And after listening, I'll ask, "How old are your core business applications?" Often, the answer is 15 years old or even 20. That means that the company's mission-critical business processes, that are managed by the underlying business applications, are based on software that today should be regarded as prehistoric because it was written before the Web became popular; before consumer search engines; before smartphones; and certainly before social media and social engagement and social business. The result is a massive technological mismatch that manifests itself in out-of-synch information flows and missed opportunities, incomplete visibility and misaligned organizations and a frustrated and under-equipped workforce—one that might be fully willing to win in the marketplace, but simply doesn't have the tools to do so. Those 15-year-old or 20-year-old apps were never intended to function in today's modern world—it's the equivalent of taking a tricycle to a Formula One race. That's why CEOs have to make it their mission to completely re-architect how they think about the core applications that run their core business processes, from purchasing all the way out to

Many of today’s core business applications are 15- to 20-years –old. Those apps were never intended to function in today's modern world— it's like taking a tricycle to a Formula One race.

Customer-experience Evangelist And that's why in my meetings with customers across the country and around the world, I tell CEOs that they need to become customer-experience evangelists. It's not enough for CEOs to bless some plans for which others will be champions, or to ask the CFO to see if he can reallocate some funding to kickstart a customer experience campaign. Instead, CEOs need to make customer experience a top priority across the company, and make customer experience a central goal of transformational efforts that attack those three obstacles that today only look like inconveniences, but that tomorrow will manifest themselves as dangerous and devastating threats. Let me focus an impediments I think is the most serious: Inflexible and outdated technology. At many of the companies I visit, CEOs tell me their organization is not nimble enough and they can't get the right information to the right people at the right VOL/9 | ISSUE/02

customer experience. Because the demographics of business have been turned upside down. And, it won't be enough for CEOs just to play catch-up, because the pace of change and innovation isn't slowing down—in fact, it's accelerating. What changes in mobile experiences and online payments and Web commerce will emerge over the next two or three years? How can CEOs help future-proof their companies from being blindsided by those? It's a complex set of problems, to be sure, but I would recommend that the best approach for CEOs is to begin by focusing on the customer and what they want and how they buy, and how those are likely to evolve in the coming few years. CEOs need to build organizations and cultures and processes that let their companies move as fast as their customers and, in turn, can engage with those customers via whatever channels or combination of channels those customers choose. And that's why the CEO needs to become a hair-on-fire customer experience evangelist. The journey won't be easy, but it will surely be worth it. CIO

Mark Hurd is the President of Oracle. Send feedback on this feature to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

TM Arun Kumar

FRANKLY SPEAKING

Fear is the Key Microsoft seems to be putting the fear of losses and lost revenue opportunity into the hearts of the Indian public sector banks’ managements. Seems to be an interesting strategy—if you can’t convince them, scare them.

IMAGE BY MAST ERF IL E

ith barely five months remaining before Microsoft stops all support of its 12-year old Windows XP operating system, the company seems to be adopting scaremongering techniques to coerce users to upgrade from XP. At least that’s what it seems so, with the latest research sponsored by Microsoft suggesting that some 34,115 Indian PSU bank branches are at risk due to the continued use of Windows XP. The report also notes that letting such a situation continue could result in loses of a whopping Rs 1,100 crore worth of business opportunity a day for banks. The report, titled Strategic Impact of End of Support of Windows XP on Banks in India, states that banks could see a loss of income to the tune of Rs 300 crore over a period of three days—given that it takes that long for a major incident to be resolved and the system to be up and functioning normally. Essentially, through this report, Microsoft seems to be putting the fear of losses and lost revenue opportunity into the hearts of the Indian public sector banks’ managements. Seems to be an interesting strategy—if you can’t convince them, scare them. Now, let’s understand one thing. The CIOs or the IT decision makers in the Indian banks are not fools and would be well aware of Win XP’s end of support deadline and the risks it poses to their operations. The fact is organizations, more often than not, calculate the benefits that new software purchases or upgrades would provide against the risks of not doing so before making any purchase decision. Now, it’s not as if Indian PSU banks haven’t upgraded from Windows XP at all. Of the estimated 70,000 branches, the

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

TM Arun Kumar

Is Your IT Organization World-Class? http://dlvr.it/4Gz31F FRANKLY SPEAKING

report states that about 34,000 branches—or about half the total number of branches—are at risk. But, of these 34,000odd branches that still have some PCs—and not all—that run Windows XP, between 30 and 60 percent of the PCs have been already upgraded and surely some more upgrades would be on their way. Also, these estimated 70,000 bank branches put together have over 500,000 PCs between them—with the smaller rural branches having as little as four PCs per branch and the bigger branches in metros having tens of PCs in each branch. Of these, a little over 100,000 PCs—or less than a quarter of the total PCs—are estimated to be running on Windows XP. This is a less scary situation than what the Microsoft-funded report portrays. So, the fact that some PCs in some branches still haven’t been upgraded from XP till now perhaps indicates that the benefits of not upgrading have far outweighed the risks associated with not doing so. Essentially, the Indian PSU banks—and their CIOs—have voted with their wallet and sent a clear message to Microsoft that it’s not time yet to upgrade. So, why is Microsoft adopting in this alarmist approach? The answer seems simple enough: The opportunity to sell thousands of licenses of its latest operating systems. And Microsoft is realizing that this is the right time to crank up the volume. And there is nothing wrong in that, it obviously has a business to run. But the question is what was Microsoft doing till now? Why hasn’t it been able to convince Indian PSU banks to upgrade the remaining PCs from XP to Vista or Win 7 or Win 8 till now? Is it that Microsoft hasn’t been able to show the value of upgrading them from XP? Now, these are questions that executives at Microsoft ought to ponder over. With Windows Vista being a dud as far as market acceptance is concerned and the jury being still out on Windows 8, what Microsoft is essentially doing is scaring the PSU banks to upgrade to at least Windows 7, which apart from being a few years old would in most cases also require a hardware upgrade. So, for the banks, it’s not just a question of software upgrade, it would also mean a hardware refresh. So, by touting the worst case scenario as a highly likely scenario and calculating the loss of business based on that, Microsoft seems to be attempting to create a panic in the minds of the banks and thus push upgrades. Like selling life insurance, is Microsoft just scaring users to upgrade from XP to its latest operating systems or at least the next generation? At least the message and its timing from Microsoft seem to suggest so. CIO

Enterprise #SocialMedia Fosters Generation of Path-Breaking Ideas: Sebastian Joseph, CTO, DDB Mudra http://dlvr.it/4H3ZzN

#cloudcomputing Fails to Deliver Promised Cost Savings, CIOs Say http://dlvr.it/4GcZky

How Toyota Financial Turns Failure Into Innovation http://dlvr.it/4DqrdB

Software-Defined Data Centres aren't Enough, says Forrester http://dlvr.it/4GyFfp

Arun has covered the IT industry in India since the time 80386 was cutting edge, MS DOS was the predominant desktop OS, and Internet was still a few years away. Follow him on twitter @aruntm

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Mike Elgan

FUTURE TECH

Seeing Double Conventional wisdom says smartphones cause car accidents, and Google Glass is already getting banned. But is there a double standard at play?

ILLUST RATION BY MASTERF ILE

totaled my car when I was 16. Here's what happened: It was the middle of the day, and I was listening to the car radio while driving. I started fiddling with the radio while I headed toward an intersection with a green light. The second I looked down at the radio, the light changed. By the time I looked up, I was sailing into the intersection. My car smashed into a brand-new Cadillac crossing from my right. Upon impact, both cars slid toward a corner, pinning a third car against the curb. I was lucky. Nobody was hurt. Insurance paid for everything. But I learned a lesson that would keep me from ever getting into another car accident: Distracted drivers are dangerous. So let's ban gadgets for drivers, right? It seems possible to me that it's the distracted drivers (like the 16-year-old me) that cause accidents; the accidents are not caused by whatever object it is that distracts those drivers. In other words, yes, distraction by text messaging causes accidents, but those same distracted drivers would probably find something else to be distracted by if they weren't texting. I've seen people texting while driving. But I've also seen people reading the newspaper, putting on makeup, eating food, poking at GPS devices, arguing with passengers, reaching into the back seat to interact with children, lighting cigarettes and so on. Drivers who do those things are careless about attention, don't understand the risks or simply don't care. I think making laws that minimize accidents caused by distracted drivers is a good idea. However, I'm bothered by an obvious bias against technology. It seems like the more advanced the technology, the stronger the bias. And this bias itself might be dangerous. More advanced technology might very well help to reduce distractionrelated car accidents.

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

EXECUTIVE VIEW POINT

The mantra for CIOs should be processes, tools, and methodology. CIOs should be willing to seek help and expertise with partners who can help them transition to a more agile, modular and open standards-based infrastructure.

FAISAL PAUL Director - Marketing & Solution Alliances, Enterprise Group, HP India

ESTABLISHING A NEW STYLE OF IT Paul Faisal talks about how HPâ&#x20AC;&#x2122;s new strategy for the New Style of IT spans across hardware, software, and services to provide comprehensive integrated solutions delivering across cloud, security, big data, and mobility. By Gopal Kishore

CUSTOM FEATURE HP

How can CIOs take advantage of emerging technologies and ready their infrastructure to benefit the enterprise? The landscape is shifting as we see the rise of mobility, social networking, big data, and cloud computing. In order to navigate the powerful, yet disruptive forces that these technologies bring, CIOs need to adapt their infrastructure to new technologies, making it frictionless, software-defined, and intelligent. The future of the datacenter requires adept flexibility and investment protection across heterogeneous environments, and hence, aligning with open standards based infrastructure is extremely important. Another key consideration is to keep the infrastructure modular, which will allow CIOs to integrate new technologies with existing investments without having to start over. This approach also gives you the ability to extend new capabilities and scale capacity over time with common modular components across the datacenter. CIOs need to ensure that they start small and in the right direction, build a road map taking into account what the business needs are, and give innovation the highest priority. So what kind of innovation are we talking about? What does it take for CIOs to break the rigidity they are straddled with? A legacy IT architecture perpetuates silos and complexity through an overload of products and tools that lack interoperability. A business and its applications and services can’t run in silos, and neither can IT. Furthermore, a rigid infrastructure makes it difficult to innovate in the ways a business needs to compete. Innovation starts by freeing assets trapped in operations that establishes a services-oriented IT organization that better aligns IT with the wide variety of fluctuating business demands. The modular approach allows IT to integrate new technologies with existing investments, and provides infrastructure extensibility for the future. The modular approach should remain open, so that special-purpose or existing infrastructure investments from multiple vendors can be managed under a common umbrella, and share resources with other elements of the pool. This is exactly what the Converged

Infrastructure does. It integrates technologies into pools of interoperable resources so they can deliver operational flexibility. HP Converged Infrastructure is built on modular design principles based on open standards, allowing for interoperability. We also have innovative solutions across servers, networks, and storage. For instance, HP’s Moonshot is the world’s first software defined Web server that will accelerate innovation while delivering breakthrough efficiency and scale. These low power servers share management, power, cooling, networking, and storage. Compared to traditional servers, they use up to 89 percent less energy and 80 percent less space, are 77 percent less expensive and are 97 percent less complex. HP’s networking solutions simplifies, integrates and automates networking so organizations can focus on their core competencies. Lastly, storage complexity can be an ROI killer. Only HP’s 3PAR storage solutions eliminates fragmented and complex silos with a single interoperable set of tier-1 data services across mid-range, enterprise, and performance optimized all-flash arrays. But how can CIOs deal with the downsides of implementing new technologies? Virtualization and cloud projects have delivered many of the promised benefits, such as improved service delivery and application workload handling, but can sometimes cause increased management complexity and, in some cases, higher operational costs. It is important to move human capital from operations to innovation by increasing the automation of application, infrastructure, and facility management. The mantra for CIOs should be processes, tools, and methodology. CIOs should be willing to seek help and expertise with partners who can help them transition to a more agile, modular and open standards-based infrastructure. If CIOs start small, leverage the partner ecosystem, build a road map for about three years, and use the resources that are currently available, they can reap massive benefits. Unlike others that are rigid and lock you in, HP is committed to providing open solutions that protect your investments in heterogeneous environments. The creation of a complete ecosystem around convergence ensures you

receive value from leading software vendors and other hardware partners. HP delivers the best of both worlds, the optimal balance between a fully integrated stack that maximizes performance versus a more heterogeneous solution that maximizes current infrastructure and investment. How can converged infrastructure help CIOs and their IT infrastructure? At the heart of HP Converged Infrastructure is the ultimate end state of having any workload, anywhere, anytime. It’s all about a common way to get things done and is what we mean by delivering the datacenter of the future, right now. This is achieved through a systematic approach that brings all server, storage, and networking resources together into a common pool. This approach also brings together management tools, policies, and processes so resources and applications are managed in a holistic, integrated manner. And it brings together security, and power and cooling management capabilities so systems and facilities work together to extend the life of the data center. With HP Converged Infrastructure, resources can be dynamically provisioned and shared by many applications and managed as a service as business needs change. It does so by making it much easier for your IT organization to rapidly replicate applications, generate economies of scale, and optimize your environment for energy efficiency, high availability, and increased utilization. Converged Infrastructure is the ideal approach for enabling cloud computing, consolidation, protecting mission-critical workloads, upgrading or converging applications, extending virtualization across the data center, or increasing energy efficiency.

This Interview is brought to you by IDG Services in association with HP

Mike Elgan

FUTURE TECH

Criminalizing Google Glass The most advanced technology I use is Google Glass. It's so advanced that it doesn't even exist yet, at least as a generally available consumer product. Various people with anti-technology biases can't wait to ban Glass for drivers. For example, it has already been formally banned in the UK. And just recently, a woman in San Diego named Cecilia Abadie was ticketed for wearing Google Glass while driving. (She was also ticketed for speeding.) The cop didn't make up a law against wearing Glass. He cited her for a real law that essentially makes illegal the use of any kind of video screen while driving. It's far more likely that he pulled her over, saw Glass, experienced a moment of what journalist and professor Jeff Jarvis calls ‘techno panic’ and cited her for being distracted by her advanced technology. My beef is with the bias against technology. If looking at a screen is illegal, why not cite every driver using a GPS? And why is the law biased against ‘screens’? How are digital displays more distracting than analog knobs, buttons and controls? And why are electronically-based distractions banned while non-electronic ones are not? Let's say there's an accident and police find in the wreckage a newspaper, a radio, a GPS device, a passenger, a halfeaten sandwich and a smartphone with a recent incoming text. They'll probably attribute the cause of the accident to texting while driving, for no other reason than a bias against technology. Remember the "hang up and drive!" movement, with associated bumper stickers? Before texting was as popular as it is now, everyone was apoplectic about the distraction caused by talking on mobile phones. However, a study conducted by the Carnegie Mellon University and the London School of Economics analyzed more than 8 million car accidents and road fatalities of all kinds, looking for (among other things) correlations between drivers talking on mobile phones and the accidents. To their surprise, they found no correlation. When the number of phone calls went up, for example, the number of car accidents did not go up. So, it's possible that our assumptions about technology may be wrong. And the impulse to ban super advanced technology, such as Google Glass, may be wrong as well.

they remain perfectly legal. In this argument, Google Glass is a surrogate for two broad categories of technologies that will soon be widely used: Wearable computing and heads-up displays. Within three years, millions of people will be using wearable computers—mostly smartwatches—while they drive. Many people will want to wear Google Glass, as well. Cars will increasingly get heads-up displays, where car and contextual data will appear not on the dash, but overlaid on the edges of the windshield itself. Some luxury cars already have this. These heads-up displays are better because they're less distracting; you can perceive them with your peripheral vision, rather than having to take your eyes off the road to look at them. Or even if you do actually glance at the display, the distance your eyes travel is shorter than it would be with other technologies. And this is precisely the argument for why a driver wearing Google Glass may be safer than one who isn't wearing it. Glass doesn't cover the eyes. Worn while driving, the display is significantly higher than, say, the rear-view mirror. Your vision is unobstructed and, unlike a mirror, Glass can be moved with a simple movement of your head. Google Glass information is hypersimplified and short, and you can perceive it with a glance that's quicker than, say, reaching down and looking at the phone on the passenger seat.

Let's all resist the urge to ban new distractions because they're new. Let's keep an open mind, and base laws on fact and reason, rather than bias and techno panic.

Is Google Glass the Solution? The UK ban on Glass was enacted without evidence or study— in fact, to the best of my knowledge, without a single report of Glass causing a single accident. Meanwhile, the distractions I listed earlier are known to have caused fatal car crashes, yet VOL/9 | ISSUE/02

That might be true of a smartwatch, too. With your hands at the 10 and 2 positions on the steering wheel and your eyes on the road, you could mentally register an incoming alert to the watch with a tiny turn of your wrist and a half-second glance. If this action replaces fumbling for a phone, sliding on the screen and looking down at it, then the world might be a safer place. Advanced technologies like high-end smartphones, Google Glass and smartwatches can also know you're driving, and behave accordingly. My Moto X smartphone, for example, autoswitches to voice mode for some notifications when it detects I'm in the car. If I get a text in the car, the phone asks whether I want it to read the message aloud. If I do, I can just say "send text" and the phone will reply with a message from me telling the other person that I'm driving and I'll contact them later. It's almost certain that wearable technologies will do this, too. So let's all resist the urge to ban new distractions because they're new. Let's keep an open mind, and base laws on fact and reason, rather than bias and techno panic. It's very likely that drivers careless enough to be distracted are the root cause of accidents blamed on texting while driving. CIO Mike Elgan writes about IT and tech culture. Send feedback to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

CUSTOM FEATURE DELTA POWER SOLUTIONS

CASE STUDY

Powering a Million Hours of Flight Training When Gurgaon-based Flight Simulation Technique Centre needed a strong power supply system to support its advanced flight simulators, it found an able companion in Delta Power Solutions. Here’s how the academy benefited from this collaboration. Established with the objective of offering integrated training solutions and services to commercial airlines and individual pilots, Flight Simulation Technique Centre (FSTC) at Gurgaon is the first state-of-theart aircraft simulator training centre in north India. The company provides more than a million hours of training each year to pilots, technicians, and other aviation professionals from all across India. As is known well, a flight simulator is a device that artificially recreates aircraft flight and the environment in which it flies, to enable easy and effective pilot training. Using simulators instead of actual aircrafts offers safer flight training, fuel conservation, elimination of aircraft for training, reduction in adverse environmental effects, and reduced cost of training. “The Full Flight Simulators installed at the premier DGCA-approved FSTC are of the highest level of certification, and boast of high fidelity of motion, visual, and sound cues to give near-perfect replication of actual aircrafts,” says Dilawer Singh Basraon, director, FSTC. Professionals are given hands-on training on how to operate these simulators which feature the latest advancements in aircraft fidelity technology and replicate the characteristics of aircraft flight accurately.

competitor—failed to meet FSTC’s requirements. That’s when an SOS call was signaled to Delta. On the Runway: To provide robust backup power to the nearly Rs 200 crore-worth machines at FSTC, Delta conducted a load study and proposed Ultron NT 260 KVA for the application. After load study, instead of going for a transformer-less UPS system, Delta suggested deploying a transformer-based one due to repetitive heavy jerk loads. Delta’s new systems at FSTC have been providing steady support to the two simulators.

“Delta Power Solutions’ prompt, on-site support ensures peace of mind and high level of satisfaction. The Ultron NT UPS is the most reliable product for industrial application.” -Dilawer Singh Basraon Director, Flight Simulation Technique Centre

Takeoff Troubles: Thousands of people travel by aircrafts everyday, and it is therefore imperative that aircraft cockpits are handled only by trained professionals. FSTC’s primary goal is to impart this world-class training to such professionals, by means of simulators. Each simulator at FSTC is worth Rs 60 crore. To provide adequate protection and uninterrupted power to the two highly expensive simulators, a power solutions vendor had installed a 75 KVA UPS system. Unfortunately, the solution provided by the vendor—one of Delta Power Solutions’

With Flying Colors: Following the failure of the previous power system that ran on the 75 KVA UPS, the FSTC simulators were running on diesel generators, as a result of which the fuel costs shot up astronomically. The installation of Delta Ultron NT has now reduced FSTC’s operational costs to a great extent. “Delta Power Solutions’ prompt, on-site support ensures peace of mind and high level of satisfaction. The Ultron NT UPS is the most reliable product for industrial application,” says Basraon. FSTC is envisaging large scale growth and development in the coming months, which will increase its scope of expansion of co-operation with Delta. This would be a breakthrough for Delta in a unique application.

This feature is brought to you by IDG Services in association with Delta Power Solutions

MAKING IT IN THE WAY AHEAD BY TEAM

CIO

Reader ROI:

Customer Outreach

Pg 28

The Evolving Role of CIO

Pg 34

Outcome-based IT

Pg 40

Handling User Delight

Pg 46

Year Ahead Survey

Pg 50

Striking it Rich

Pg 56

Come Rain or Shine

Pg 64

I.A.M to the Rescue

Pg 72

Showing the Door to Shadow IT

Pg 78

3 Big Social Media Bloopers to Avoid Pg 82

The top 11 technologies of the coming year

SDDC Goes to Work

Pg 85

How to tackle the four biggest IT management issues in 2014

A Datacenter Legoland

Pg 90

Toward Hybrid Pricing

Pg 94

Locking Up Your Data

Pg 99

In Techâ&#x20AC;&#x2122;s Safe Hands

Pg 102

What the numbers say about the year ahead

3 Key Issues for Secure Virtualization Pg 109 80

F E B R U A R Y 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/8 | ISSUE/04

MOVE OVER PREDICTION PUNDITS.

THEY WONT HELP YOU GET THROUGH 2014.

A SLEW OF NEW TECHNOLOGIES AND A

BUNCH OF COOL IT CONCEPTS WILL. HERE’S HOW. Were you standing when the rupee fell? Were you driving to work when companies folded around you? Did you have a job when your peers had pink slips? If your answer to these questions is yes, congratulations! You are lucky to have survived 2013. True to its nature, ’13 wasn’t one of the best years that IT has seen. As markets crashed, inflation mounted, and an unstable economy shook businesses around the world, 2013 earned a bad name. And there’s no doubt that it’ll go down in history as a ‘bad year.’ Be that as it may, the fact remains that you, the CIO, still made it. With a little bit of luck, loads of innovation, and a world of hard work, you found a means to beat the odds, to force your way through bad times, and break a few rules. A job well done. But, guess what? You gotta do all that and more once again. As you bid 2013 a relieved goodbye, 2014 is smirking around the corner. So don’t thank your lucky stars just yet. The good news is you can take heart from the fact that the coming year will empower you with technologies that are slowly coming of age, like mobility, analytics, cloud and social media. Couple it with new technologies like SDx (software-defined everything), and big data and you have a winning combination. At the same time, it’ll also unearth novel strategies to handle user delight and introduce concepts like outcome-based IT. Armed with the power of technologies and the new concepts in IT, 2014 shouldn’t come as an unpleasant surprise. And to ensure that that doesn’t happen, CIO magazine has put together a package of stories from around the world to give you a glimpse of the future, now. We bring you 11 technologies that will lay the foundation for 2014, four IT concepts that’ll help you handle IT management issues like user delight, connecting with customers, the evolving role of CIO, and outcome-based IT. We brought together 40 top Indian CIOs— to create what we call the task forces (page XX)—to chart out a strategy to deal with these IT management issues. And if that isn’t enough, our 2014 Year Ahead Survey (page XX), will throw light on what technologies you need to watch out for and how they will impact you in the coming year. You survived 2013 with aplomb and now you have what it takes to make it big in 2014. All the best!

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Task Force Objective: To Improve Customer Outreach

TOWARDS GREATER

CUSTOMER CONNECT With the blast of SoCLoMo technologies, IT is increasingly being utilized to generate leads, improve outreach, and tap into customer needs.

Traditionally, organizations have not been very sophisticated users of technology for customer outreach. Marketing tended to depend on print ads, outdoor banners, and the off e-mailer. However, that’s changing. And how! More, if not most, enterprises are now transitioning to actively using social media, the public cloud, CRM, analytics and mobility-based targeting of customers. That brings us to the big question: Who should be leading these initiatives? Should it be IT, given that many of these services are based on technology? Or should it be marketing, given that they are the business users? Or—and this is tricky—should it be a combined effort? Reaching out to the end-customer, building new channels for customer engagement, growing customer loyalty have all always been marketing prerogatives. Traditionally, it has been the marketing and the sales departments that have been out there in the market checking the pulse of the customer,

BY VA RS H A C H I DA M BA RA M

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

designing campaigns, and strategizing to expand customer outreach and improve service, and evaluating the competition and outpacing them. Only now, they increasingly depend on technology to help them do that. IT, on the other hand, is sitting on a wealth of customer and non-customer data. In the old days, this data was structured and clearly belonged to marketing. Think customer names, address, phone numbers, among others. Today, this treasure trove has expanded to a sea of unstructured data originating from social and mobile interactions. And that’s where the murkiness starts to creep in. The IT department is seen as the only department that can contextually co-relate unstructured big data with historical data to develop a unique profile of the customers, something that was hitherto impossible to have. The task is so technology-intensive that it’s moved into a no-man’s land between IT and marketing. Both departments make a strong case. While everyone agrees that it’s important to understand the customer better, who should lead the way, is a tougher question to anwer. The trick for enterprises, today, say a growing number of CIOs, is to carefully enable collaboration between marketing and IT such that neither steps on the other’s shoes and yet works together in the best interest of the enterprise. That’s easier said than done.

Build Business Engagement Teams There are things marketing wants to know but doesn’t know where or how to find. There are things the CIO knows but doesn’t know how to use. Business engagement teams can bridge the gap between the two. Sounds easy right? Not so much. At that strategic level, it’s hard to see the differences that can crop up between the two departments. Take, for instance, IT’s insistence on

VOL /9 | ISSUE/02

clean data, while marketing only cares about actionable insights. “The role of the CIO and the technology team is to keep emphasizing on the merits of keeping the data clean. They also need to constantly highlight the various input processes which should be watched and controlled for data to be clean,” says Veneeth Purushottaman, business head-technology and supply chain, HyperCITY Retail. Marketing doesn’t necessarily care for that kind of stuff. They just want the right information, at the right time. They want new insights. They want actionable data. Why? Because that’s what marketing success is gauged on. This gap in needs is precisely, says CIOs, enterprises need to build business engagement teams. “Bring in people from outside IT; people who understand business enough to deploy IT to make a difference wherever required,” says Sumit Chowdhury, CIO, Reliance Jio Infocomm. “We need to have these engagement teams asking intelligent questions.” The real job of the business engagement teams should be to provide actionable insights. “Today, we’re sitting on a wealth of a cross-sectional data. How are we going to analyze unstructured big data? How can I make it visually available to my marketing team? How can I overlay their plans and do co-relation analysis? These are the questions this team needs to answer,” says Chowdhury. When Reliance Life Sciences wanted to design a digital marketing survey, it roped in bio-statisticians to design and analyze marketing data. According to Gopal Rangaraj, senior vice presidentinformation technology, Reliance Life Sciences, the engagement produced one of the most successful digital marketing initiatives in the company. Being subject matter experts, bio-statisticians knew the right questions to ask, and their knowledge of technology helped them do it right, and do it fast.

Task Force Members Avinash Arora New Holland Fiat

Dhiren Savla VFS Global

Gopal Rangaraj Reliance Life Sciences

N. Nataraj Hexaware

Sanjay Saraswat Reliance Globalcom

S.S. Sharma JK Tyre & Industries

Sumit Chowdhury Reliance Jio Infocomm

T.G. Dhandapani TVS Motor Company

Veneeth Purushottaman HyperCITY Retail Virender Pal SpiceJet

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Apart from saving costs and enhancing security, we have also incurred several Green IT benefits. The solution has increased overall convenience and improved productivity substantially. ANAND SINHA Head-IT, Airtel Center& Retail

CONSOLIDATING FOR

CONVENIENCE Being the fourth largest in-country mobile operator in the world and the sixth largest in-country integrated telecom operator in the world is not an easy task. Here is how Bharti Airtel created an efficient document management system to overcome an outdated printing system. By Gopal Kishore Company

Bharti Airtel

Industry

Telecommunication

Headquarters

New Delhi

Customer Base 280 Million

Countries of Operation 20

Bharti Airtel is a leading global telecommunications company with operations in 20 countries across Asia and Africa. The company offers mobile voice and data services, fixed line, high speed broadband, IPTV, DTH, turnkey telecom solutions for enterprises, and national and international long distance services to carriers. The telecom giant, which recently became the fourth largest mobile operator in the world, has over 280 million customers across its operations.

BUSINESS SITUATION Over the years, to support its growth and to keep up with the huge amount of documentation and archiving requiredâ&#x20AC;&#x201D;owing to the nature of the businessâ&#x20AC;&#x201D;Bharti

Airtel had acquired a proliferation of output devices such as printers, copiers, fax machines, and scanners. This had significantly contributed to a huge increase in document output, volume, and cost overrun in nonnetworked copiers, inkjet and laser desktop printers, and fax machines which were bought from various vendors for different departments over a period of time. With the passage of time, the IT department also realized that the costs associated had started to increase gradually, and that excessive wastage was slowly turning into a major issue. Stacks of unclaimed printouts would sit on printers throughout the day until they were eventually discarded. Besides the steady and uncontrollable increase in wastage,

CUSTOM SOLUTIONS GROUP CANON

THE BENEFITS

User Experience : Implementing a Managed Document Service ensure that documents follow users to the printers of their choice, reducing costs, improving employee efficiency, and document security. Increased Security: Documents are only printed once users authenticate themselves. Robust Audit Trail: Ensures accountability on the scanning paths of all confidential documents in the office. Simplified & centralized IT Administration: Controlling print environment with lower costs management by improving the level of service delivered to users. Reduction of Service and Maintenance: Using fewer printers and reducing wasted print jobs leads to less maintenance hassles. Less Paper Wastage: Users can collect their documents when and where they want without using too many papers, thereby saving time and money, and protecting the environment.

defined a long-term document workflow strategy that would optimize institutional fitness, deliver greater cost controls, and reduce waste. The initial check-up included an evaluation of current spending and usage to establish a baseline to help assess different solutions. The goal of the systemic diagnosis was to define a long-term document workflow strategy that would optimize institutional fitness, deliver greater cost controls, and reduce waste. To accomplish these goals, the team used a combination of Canon’s imageRUNNER and Color imageRUNNER MFP devices, which promised to efficiently fulfill the document production needs. In an effort to complement its current proximity card infrastructure, the Canon Professional Services division installed the uniFLOW Output Manager Suite as well. The IT team organized awareness programs such as the “Do You Know” campaign which aimed to educate employees about the new system. The training helped the staff members and faculty become aware of the new devices’ ease of use.

USER BENEFITS From the very first day post-implementation, Bharti Airtel was able to benchmark its savings. The system facilitated electronic document workflows to eliminate hard copies, reduced per-print costs considerably, and provided customized quick access buttons for users. “The integrated MDS solution routed the print job to the most appropriate device, and users were able to securely and easily authenticate right at the MFP to receive their output. The use of a software suite significantly reduced the burden on IT staff. “Users can now utilize the same set of credentials to access the building and their desktop computers to access the printers. The software also provides secure printing capabilities by intelligently routing print jobs to the most efficient device and releasing them following authentication to reduce waste, help protect confidential information, and help in meeting stringent HIPAA privacy requirements. The suite delivers detailed information and usage statistics by the department to help monitor costs in terms of accuracy, measurement, control, and enable them to be charged against the proper budget. Apart from the cost saving and enhanced security benefits, solutions such as ‘Follow me’ printing offer a great deal of convenience to our users. The solution has increased overall convenience and improved productivity substantially,” says Sinha.

THE ROAD TO GREEN IT there were other potential privacy and security problems as well. Anand Sinha, head-IT, Airtel Center and Retail, says, “Manageability of the disparate printing devices was a big concern. There was a lot of distribution printing happening, which, in turn, raised the associated costs and resultant wastage, eventually adding more burden on the IT expenditure. Another challenge that we faced was cost of device maintenance, support, consumables, and supplies.” Sinha adds, “We planned to set up a new office premise in Gurgaon with the products that would meet the demands of office equipment in terms of quality and efficiency. This would enable our employees to get maximum benefits as well as ease of use with the new system and infrastructure.” According to Sinha, the department had to stock up on a large inventory of peripherals, toners, cartridges, papers, and other printing materials, which were all different for different machines. They also had to be well aware of the mechanics and operational requirements, software-related knowledge for the upkeep and maintenance across these different types and genres of machines installed.

SOLUTION The IT team at Airtel decided to change this situation. To overcome this complex situation and bring down printing and associated costs, Bharti Airtel’s IT team

The printing intelligence report provides a detailed investigation of the document output to help increase print efficiency, reduce paper wastage, and minimize environmental impact through a balanced deployment of printing technology. The implementation has resulted in a decrease in the total number of devices that require IT staff support, along with greater uptime and reliability. This has resulted in significant electricity savings. Participation among staff was strong and total output has also decreased to a large extent. When output was needed, nearly half the jobs were printed duplex, resulting in the annual reduction of several lakh sheets of paper,” concluded Sinha.

This feature is brought to you by IDG Services in association with Canon

2014

The CIO Task Force

Make ROI Tangible Marketing doesn’t always lend itself to hard ROI figures. (Sounds like IT, right) A lot of it can be fuzzy and intangible; in fact, CMOs often find it harder than IT to justify marketing spends. Traditional marketing approaches have relied on loyalty programs, such as

customer cards, feedback and surveys, campaigns and reward programs for continued engagement with customers. But often the results are nonquantifiable. However, the technology options available today go beyond these “card tricks” and conventional methods of engagement, says Rangaraj.

Towards Greater Customer

Experience

Forrester’s CIO analyst Nigel Fenwick believes CIOs can act as a change agent within the enterprise to drive greater customer connect. CIOs need to make a number of changes to the IT function in order to deliver better customer experience for the enterprise, says Forrester’s CIO analyst Nigel Fenwick. Fenwick says that customer experience hasn’t typically been on the CIO agenda—but this is changing with the emergence of digital technologies and the ability for customers to share their experiences of a company on social media. He says that consumers are much more empowered to shift loyalties between brands and companies and can easily tell a huge amount of people about their experiences. “Whether they are digital, telephony, or in person, the touch points (when a customer engages with a company) are supported by technologies. The customers that are really excelling at customer experience, they understand the customer journey, the customer touch points and the systems that support these,” says Fenwick. “More often than not they are implementing new applications on top—systems of engagement—such as digital mobile apps, which touch employees and customers directly. However, they do sometimes have to go further down the stack and dig deep,” he says. Fenwick’s research into the role of the CIO and companies that successfully use IT to improve customer experience, all have five common elements: Design, empower, measure, organize and speed, or DEMOS. Design. Forrester argues that IT should play a role in the user interface (UI) design. It should advise the customer experience team on design points, so that applications are not only user friendly, but can scale. Empower. Companies that successfully use IT to improve customer experience all have CIOs that empower their employees to have a say in customer experience. “The IT employees [at 32

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

“Putting in tangible marketing measures, rather than a mere digital presence will be key to an effective deployment of these initiatives,” he says. He highlights some effective examples how IT can help marketing more effective. IT can automate and improve conventional customer facing

successful companies] felt like they weren’t just there to code, they felt like they were there to offer suggestions on how to improve the customer experience,” he says. Measure. Companies should be obsessive about measuring customer experience, down to a very granular level. They should look at customer touch points and measure experiences to understand the data (how a retailer should measure checkout times, for example). This will allow CIOs to measure their employees not just on things like budget and performance, but on customer experience improvement metrics. Organize. In all the organizations that are excelling at customer experience, they had pivoted the IT function to allow for all customer facing applications to be under one team; separating out enterprise architecture into a different team. “By doing this they are able to take a customer journey view of the technology, so they can see all of the technologies that support it,” says Fenwick. Speed. Companies should be focused on speed. Apps should be regularly updated with rapid development cycles and technology teams should be using agile development methodologies. “Even when you look at things like app performance, Web page loads, the successful companies are really focused on how fast things happen and engineering IT towards speed,” says Fenwick. Forrester recognizes that improving customer experience isn’t just the responsibility of the IT department and the whole company needs to reposition itself towards improving the experiences at each of the customer touch points. However, Fenwick argues that the CIO can play a critical role. “Very few have got this right. The vast majority are not there, but the companies that excel get most of these things (DEMOS) in place. We expect great customer experience and when we don’t get it we are more willing to change quickly to another supplier,” he says. “It’s not an easy transition to make at all, it’s a huge change management challenge and can take five to 10 years. But CIOs need to recognize that they have a role to play and can be a change agent for the rest of the executive team to recognize how important this is.”

— By Derek du Preez VOL/9 | ISSUE/02

processes, including extending CRM solutions, enhancing sales and customer analytics, and augmenting existing customer enabling solutions. IT can also help extend marketing initiatives and customer access touch points through mobility solutions, social media presence, search engine optimization, and creating programs for better customer contact. Another way technology can aid marketing is by innovating a completely new method of engaging with customers across the marketing lifecycle—from the prospecting stage to becoming a devoted customer—wherein the new initiative is not limited to customer outreach and engagement but becomes a new business model of doing business with the customer. All these can produce hard ROI results when deployed the thorough help of IT.

purchase mix is food). The idea worked and the company saw many of these customers coming back to it. It’s a shining example of what can happen when IT and marketing work hand in hand.

Beware of Shadow IT As nice as it is to hear stories of successful IT and marketing collaboration, it’s a known fact that marketing and IT teams haven’t shared the best of relationships. It’s common for marketing teams to complain of being ignored by the IT team. The general sense is that IT focuses a lot more of its resources and time on finance, operations or products—making marketing feels like its getting stepchild treatment. The other big irritant for marketing has been IT’s insistence on data quality. “The tech guy is concerned about the

Purushottaman believes that cost has been a real game changer and has, in recent years, made organizations and their CMOs look at social media and digital solutions to reach out to the customer. “Marketing spends are typically the second largest spends in a retail business, the first being manpower. The CMO and the marketing team therefore start looking for cheaper modes of reaching out to the customers.” And therein lies the problem, point out CIOs. “No digital marketing initiative can be successful with free tools. Cheap stuff will only get you cheap results,” says Chowdhury. Chowdhury adds that external IT services can only give you information, but it will not interpret it for you. “Don’t get into social media if you cannot analyze the results. Otherwise you will

A big irritant for marketing is IT’s insistence on data quality. The tech guy is concerned about the integration between the various systems and the business team says that should be hygiene. That’s what Purushottaman did at HyperCITY Retail with great success. “Based on customer buying data we analyzed and put customers into various profiles. The good part is that based on their purchase frequency and buying basket size we could either go after the customer to increase their spend or frequency. For every such scheme we ran, we tracked the conversion and it was a good 30 percent,” he says. Encouraged by these results, HyperCITY Retail also reached out to other customers who had come once or twice and then not come to its stores for six to eight months. HyperCITY Retail sent them a ‘Miss You’ mailer with an offer on the category they had bought the most, (mostly food as 50 percent of their

VOL/9 | ISSUE/02

integration between the various systems and the consistency of information flow and the business team does not want to think about all these as they feel it should be hygiene,” says Purushottaman. But the truth is that dealing with cloud computing, mobility, and social media can open up a lot of compliance issues. “There can be very serious ramifications and compliance issues, when dealing with customers in social media,” points out Rangaraj. These are finer nuances marketing fails to see and invariably starts to blame IT for being a hindrance. The result? Often marketing seeks IT services outside their own IT departments. After all, they say, these services are cheaper, easier to deploy, and don’t require to be vetted by the stringent IT policies.

be bringing in a lot of junk into your organization that you wouldn’t know what to do with,” he adds. That IT and marketing must collaborate for effective customer outreach is a given. But, it brings us to the questions we raised in the beginning. Should IT drive it or leave it to marketing? “In my opinion it’s best driven by the business,” say Rangaraj. “IT can be the enabler. But who stands on the podium and says we achieved increased customer conversion rate? Who takes credit for increase in sales or reduced the cost of something? It is the business. If you let the marketing guys have it, the success of the initiative is guaranteed.” CIO Varsha Chidambaram is principal correspondent. Send feedback on this feature to varsha_ chidambaram@idgindia.com

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Task Force Objective: To Study the Evolving Role of CIOs

TAKING THE

CIO ROLE TO THE NEXT LEVEL While IT has established its strategic importance within the business, the CIO role itself still has a long way to go. A CIO think-tank discusses the way forward.

The CIO role is having a bit of a mid-life crisis. According to CIO columnist Thornton A. May, the CIO role completes 32 years of being in existence this year. The title is probably not more than a decade and a half old in India. Youâ&#x20AC;&#x2122;d think it is a bit pre-mature for the role to be in a serious crisis. After all, the CIO role is still the new-kid-on-block compared to the more established titles of CMO and CFO. But now consider these trends: The growth of IT as-a-service, new cloud delivery models, and the increasing maturity of technology providers, have all transformed IT. From a feared black box that could be operated by only the most skilled technologists, IT has become a user-friendly service that can be paid and used as per business needs. Increasingly, businesses are deeming it fit to bring someone with a business background to head IT for them. Cases of shadow IT, where other departments bypass IT to get their job done, are also on the rise. On the other hand, CXOs are becoming so tech-savvy that IT is lapsing into merely executing tasks, with the vision and strategy driven only by the business.

BY VA RS H A C H I DA M BA RA M

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Add to that the fact that—even after 32 years—the CIO doesn’t have a seat at the board and that a majority of IT leaders are still more comfortable talking about technology and the datacenter than business goals. And most tellingly, IT budgets are shrinking and are being embedded into line-of -business budgets— making business users the deciders of the IT roadmap of the enterprise. Sounds like a crisis. So, what’s a CIO do? “There is no one magic formula or a recipe that can be applied to this situation,” says Arun Gupta, CIO, Cipla, who has blogged actively on the subject of the CIO role. “The answers varies depending on two things primarily. The first is the person playing the role of the CIO and his standing in the company. The second is the culture of the organization.” That IT is strategic to business is a given. However, the CIO role still needs to ensure that it takes on the same strategic hue that IT has acquired. And there are more than one ways of getting there. Here are some.

Get a Line Responsibility One of the most tried-and-tested ways of breaking the CIO role’s identity conundrum is by taking on additional nonIT responsibilities. “One way to make the role of the CIO more strategic is to take on an additional responsibility besides IT. This could be the leadership role of a department or function within the business or it could be even the membership of a committee tasked with an important mission,” says Anantha Sayana, vice president and headcorporate IT at L&T. “If it’s a profit center responsibility, even better.” But as Gupta points out, the additional role only makes sense if you believe that that IT by itself does not bring enough to the table even when executed well. It also suggests that the CIO has spare time despite the complexities involved in running the IT organization and managing projects. Why is this being expected from the CIO when most of the other CXOs are accepted doing just their role?

VOL /9 | ISSUE/02

That’s because the CIO is not the CMO or a CFO, despite being a peer. The CIO does a great job of enabling the business, but a very bad job of talking about it. Taking additional responsibility is a great way of demonstrating the value of IT and its impact on business outcomes and saves the role from being relegated to that of an adviser or executer of projects, or worse, as a ‘support’ to the business. Taking on additional responsibility is an opportunity for CIOs to talk business and be heard. It is the means to an end— the end being a seat at the management board. “If given a responsibility or a new or additional role, then there is clear accountability and maybe rewards, too, albeit based on an outcome,” says Sunil Mehta, senior VP and area systems director (Central Asia), JWT. And that brings us to the second point.

Get a Seat at the Table How do you get an invite to sit at the management board is the million rupee question. “The invitation will not come by itself, it needs to be earned. You need credibility that’s built over years, expertise that’s demonstrated repeatedly with past projects, and networks within the enterprise that are nurtured,” says Sayana. It is about having a good track record. But it’s also about having an understanding of the business. Not just a process-oriented understanding, but knowledge of the real issues that impact revenue, an enterprise’s brand, and the customers of the business. Did the CIO come out with solution that gave the business an extra? Did the CIO increase revenue or improve cost advantages or expand the customer base, while lowereing marketing costs? Did the CIO proactively demonstrate the value that IT could deliver to business? Did he come out with an annual report that talks about the investments in IT and the value it gave back to the enterprise—in business terms? If you’re CEO thinks you did any of the above, she will need you by her

Task Force Members Anantha Sayana Larsen & Toubro

Arun Gupta Cipla

Jai Menon Bharti Enterprises

K.T. Rajan Allergan

Manish Choksi Asian Paints

Muralikrishna K. Infosys

Rajesh Uppal Maruti Suzuki

S. Ramasamy Indian Oil

Shalabh Raizada Safexpress

Sunil Mehta JWT

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

The CIO Task Force

side when she takes the next important business decision. Getting on the board is a huge boost to a CIO’s career, but it comes with a set or responsibilities and power. And like Mehta says, it’s not like a seat at the UN Security Council which is permanent.

One needs to keep proving themselves to retain that seat.

Get Cozy with Other CXOs Getting a seat at the table will get you closer to the CEO. But before that CIOs needs to communicate and sell the

Finding the

Futurestate CIO

Do CIOs need to morph into chief innovation and operation officers? IT has fast become a vital part of the internal mechanics of most enterprises. This has made the chief information officer’s role more important than ever as the quality of technology implementations often has a direct result on an organization’s revenue potential and can even make or break reputations. So does this mean that CIOs will need to morph into chief innovation and operation officers in the coming years? John Roberts, research vice-president of Gartner’s CIO and executive leadership research team, says there a few possibilities. These include IT simply being an engine room to run datacenters, crunch numbers and maintain applications. Or the IT organization becomes a service global provider and plays a larger role in creating process and information architectures, even leading business process design, he says. “Another scenario is where everyone accesses IT [from the cloud]. In that future, the CFO, for example, can simply access software-as-a-service and run everything from the cloud so the role of IT almost becomes a broker for these services. The answer is likely to be somewhere in the middle,” Roberts says. Allan Davies is the long-time Asia-Pacific CIO at global logistics systems supplier, Dematic. He says of all executives within an organization, the CIO is one who—in more cases than not—has an intimate understanding of the business process across the organization and is in a good position to provide some guidance. However, he doesn’t see the CIO becoming the “information architect” because the CIO doesn’t own the business processes. “My experience has shown that unless the process owner takes responsibility for the automation, they can be reluctant to use the end product as they see it as an IT solution,” he says. “CIOs can help business process owners challenge the status quo, challenge them to think past their immediate requirement and think long term.” 36

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

‘business case of IT’ to their peers. The CIO has always been considered a ‘lesser’ CXO. That’s not a perception shared by the other CXOs alone, it’s also driven by the inherent insecurities of the CIO himself. This insecurity stems largely from their inability to speak the language of the

Peter Nevin, who has been a CIO for more than 20 years, agrees that we are seeing a greater degree of automation of business processes across many organizations, which means CIOs need to become process architects. He says the CIO should be affecting business processes and client interactions inside the organization and “if they haven’t got that sorted out by now, they probably shouldn’t be there.” But the influence of the CIO on these things will depends on a company’s size, segment and industry, says Nevin. “The health industry, for example, is very customer-focused. [But in] a knowledge working industry, it is very difficult for the CIO to get to a point where they affect the client relationship because that’s what the knowledge worker does.” There has always been a need for CIOs to be involved in business and process development and strategy and every new generation of managers needs to “learn the lessons all over again,” says IT industry analyst, Graeme Philipson. “This whole idea of IT and business alignment is a journey, not a destination—no-one ever gets there,” he says. “There is always this divide between IT and business and if an organization with different personalities and people bridge that gap to a greater or lesser extent but it’s always there.” CIOs are different from other C-level executives because they are “spanning many, many things simultaneously” says Nevin. “The complexity used to be [around the] hardware and that was incredibly difficult, and then over time it was the system; now [the complexity is around] understanding all of the organization’s business processes,” he says. He adds that a good CIO can have enormous benefit to any organization, much more so than in the past. “Unfortunately, the reverse is true, a bad CIO can utterly take out the organization; they can spend massive amounts of money, they can damage culture, more so than they used to be able to. “I [the CIO] can affect the culture of the organization by the nature of the technology I roll out and the way I control that technology.” While the role may be getting harder for some, Dematics’ Davies is hoping his future involves something significantly more relaxing. “How I would like to see it [my role] evolve in the future involves the Mediterranean and a 20-metre yacht,” he says.

— By Byron Connolly VOL/9 | ISSUE/02

business, which in turn alienates them in the eyes of their peers. “Not only does the CIO need to create such opportunities (demonstrate business value, take on additional responsibilities, etcetera) they also need to garner support from the rest of the enterprise to succeed. Based on past experience, such a move (taking non-IT responsibilities) is often resisted strongly by other parts of the company who would like you to remain relegated to the technology/support/enabler role,” says Gupta. “That has a lot to do with the inherent insecurities of the CIO, given that it is a relatively new role that has grown in importance fairly quickly.” says Gupta. Therefore the CIO has a lot of proving to do. “Have a casual chat with your line of business heads and understand his pain points. And then suggest how IT can help,” advices Tarun Pandey, vice president-IT, Aditya Birla Financial Services. “It may not be easy to have this conversation, but the initiative has to be made by the CIO. After

all, he’s the new kid on the block without any friends.”

Develop Business-IT Expertise within Your Staff Another thing CIOs have not been particularly good at is developing a clear succession strategy. If you are going to move to greener pastures, you need to have a contingency plan as to who will fill your shoes. This will accomplish multiple things. First, it will prepare the CIO to take on more responsibility outside of IT. Second, it will keep the CIO out of pure, ‘hands-on’ tech. And third, it will build a succession plan for the IT team that will make it easier for the CIO to make the leap to business. “If you don’t have a succession plan, you will stay where you are because you are critical to the role,” says Gupta. “A leader is as good as his or her team. If you have stars, they will shine and you will bask in the light. If they are dark holes, they will suck up energy and create crisis for you to manage,” says Gupta.

He believes this is the right time for CIOs to push the concept of business relationship managers. The idea of embedding IT staff members into the business isn’t new, in fact, it’s been abused in the past. But, when it’s executed well, it can reap great rewards. “My experiments in this direction in my previous company resulted in growth for all of them (IT staffers) as well as higher satisfaction among the business. That said, the CIO has to sometimes reign in the team when they want to run away with their enthusiasm or want to please everyone,” he says. If the CIO cannot let go and disassociate himself from the humdrum of technology he—and the role—will stagnant. And the CIO will be easily replaceable. Is the CIO role strategic enough? Will it grow out of IT? Or will it perish ? Only you can tell. CIO Varsha Chidambaram is principal correspondent. Send feedback on this feature to varsha_chidambaram@ idgindia.com

Where Opinions Come Alive!

WWW

V I D E O S

Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos

Murli has over 18 years of strong, cross functional experience in the Indian software industry. In his role, he is responsible for leading the software portfolio and driving growth for Dell’s India market. He brings in the right skill sets in the critical areas of Sales, Operations and Marketing that are very relevant to Dell’s Emerging Software business in India. — Murli Mohan General Manger, Dell Software India

TRANSFORMATION BEGINS

WITH SOFTWARE Murli Mohan talks about how Dell Software can transform, Connect, Inform and Protect the enterprise G O PA L K I S H O R E

2014

CUSTOM FEATURE DELL

How is Dell Software going to create the edge for Dell?

Dell Software organization is a part of Dell’s transformation story in becoming an end to end solutions provider. Since 2011, Dell has made several acquisitions and investments to build its capability as a Software provider to address the growing interest in Cloud Information Management, Mobility and Security. The group will deliver solutions to the entire spectrum of customers from end users to large and mid-size enterprises across the country. Dell Software will play a large role in preparing customers for future complexities in their business environments by enabling them to Transform, Connect, Inform and Protect to drive market differentiation. The Software business accounts for $1.5 billion of Dell’s global revenue and has over 90 per cent of the world’s Fortune 1000 companies as its customers. In India the Software group will play a key role in elevating Dell’s strong enterprise solutions capabilities while accelerating profitable growth and further differentiating the company. Dell Software helps clients move workloads to the cloud, mitigate security risks, simplify complex data environments and reduce mobility obstacles associated with the new trends in information technology today. What are Dell’s software capabilities?

Dell recognizes that cloud, data, mobility and security are major factors in today’s complex business environment. Its solutions are designed to offer a roadmap to manage and migrate data across physical, virtual, and cloud environments, gain insights into data with analytics, embrace BYOD without sacrificing IT imperatives and secure IT operations and data. What are the mega trends in software that Dell plans to offer to customers?

Over the course of next few years, we believe strongly that two mega trends are going to change the way enterprise businesses are viewed upon. One of the most important forces driving the change in enterprise business is mobility with extensive usage of mobile and social technology to interact in new ways. The second one is cloud and big data which are becoming enablers for business success. The tremendous scalability and agility enabled by the cloud and the new insights made possible with big data can help businesses today get ahead of the competition and tap into new sources of revenue. These two elements are becoming a competitive differentiator for business. What differentiates Dell software from others?

In approaching our customers who need solutions for their IT needs, Dell Software follows a four step approach to ensure that every aspect of their enterprise solution needs is dealt with.

These four steps are: Transform Connect Inform Protect: Transform: Dell Software enable its customers to transform their datacenter in what that increases IT agility while lowering costs Connect: Dell Software enable its customer to increase productivity by enabling the next generation workforce to work securely from anywhere, anytime and on any device. Inform: Dell Software enable its customers to control their data deluge and use it to drive insights to gain a competitive advantage. Protect: Dell Software enable its customers to protect themselves from organized attacks to cyber theft. Can you highlight some offerings from Dell’s comprehensive software solutions portfolio?

Scalable, integrated business and enterprise software solutions from Dell make it easy to secure and manage networks, applications, systems, endpoints, devices and data to help your business deliver on the full promise of technology. For the last 30 years, changes in technology have created new ways to create business value, and put at risk the old ways of doing things. What’s different today is the size and scale of changes due to the explosion of data and the multitude of devices accessing and generating that data. And we have the ability to address all of these trends that aligning into a perfect storm. In the domain of Data Center and Cloud Management, we offer Application & Service Management, Administration, Automation, Physical and Virtual Infrastructure Management. For data protection, we take care of data Backup and Recovery, Virtual Environments, Critical Applications and Disaster Recovery. When it comes to Information Management, we have offerings which include Business Intelligence & Big Data Analytics, Database Management, Application and Data Integration.

This Interview is brought to you by IDG Services in association with DELL

2014

Task Force Objective: To Understand Outcome-based IT

IT SOURCING

BLOOPERS TO AVOID Business outcomes from technology projects are all that matters to businessesâ&#x20AC;&#x201D;and CIOs are finding themselves at the center of this change.

During the financial downturn of 2008-09, Gartner asked leading IT companies and CIOs to do something unusual and rather counterintuitive. Even as the financial world crumbled and businesses went belly up, Gartner advised IT leaders to start preparing for business growth. It was imperative businesses did this, Gartner said, if they wanted to avoid falling behind their competitors once the recession ended. At the time, one of Gartnerâ&#x20AC;&#x2122;s analysts said that CIOs must step forward and offer longer-range, innovative ideas for IT to support the future of their firms. However, a McKinsey Global Survey conducted in December 2009, showed that IT leaders were taking a more immediate approach to helping their businesses. According to its report, corporate and IT leaders say IT was an important player in capturing efficiencies across the enterprise. In fact, the survey showed that over 45 percent of IT leaders expected IT investments to grow soon! This at a time when capex pools were drying up everywhere.

BY S H U B H RA R I S H I

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

How did these IT leaders manage this incredible feat? Probably by focusing on projects that had well-defined outcomes; projects that showed hard ROI; projects, in short, that were hard to say no to. The logic was simple: As long as there was clear payback, businesses were willing to invest. (Many of the IT investments made during that time, according to the report, were geared toward improving business operations, both to lower costs and improve effectiveness.) And that’s something that the recession (and the slowdown in India) changed, pretty much, forever. While businesses have always looked for clear ROI and clear outcomes before okaying an IT—or any other—project, the amount of scrutiny got a lot higher with the slowdown. And once the bar was raised, it stayed there. Outcome-based IT had reached a tipping point within the enterprise and there was no going back.

Easier Said Than Done This stress on outcomes-before-investment might surprise many. After all, isn’t it common sense to make sure you pump money into something that will get you returns? Not so much. The truth is, there are other variables at play when making a decision to invest in a project. For example, many of us, says Satish Das, VP-Sales (India) at Cognizant Technology Solutions (and former CSO), make decisions based on the amount of effort required to accomplish a defined outcome. Plus, he says, goals can change. Then there is the fact that metrics of success aren’t always black and white. “We forget that we can get questioned if these defined outcomes—which change a lot during execution—are not realized depending on perception, or bias. Therefore, it isn’t easy moving from an input (efforts) based decisionmaking approach to an outcome-based one,” he says. While it may be a tough job to make the transition, says Alok Kumar, vice

VOL /9 | ISSUE/02

president and global head, Internal IT and Shared Services, TCS, it’s not impossible. In the past, traditional IT governance models delivered business value like improving internal efficiency, productivity and controlling cost. So what is outcome-based IT really? Kumar shares some examples. Take, for instance, he says, IT-driven payroll processed on-time with zero errors. That’s a business outcome for the human resources department. Or, in the case of a telecom service provider, a business outcome could be the number of correct bills generated within a well-defined SLA, he says. All these projects, he says, will be driven by ROI, he says, meaning that the only reason for commencing these projects would be because there’s an ROI attached to it.

The Strategic Question Caught in this transition to an outcomebased model are strategic projects. More often than not these initiatives may not demonstrate clear financial returns but are still key business drivers for the business. Think of projects surrounding data security, compliance, or projects that lead to greater user satisfaction. And the fact is that a large number of IT projects driven by CIOs fall in a strategic bucket. In fact, strategic projects are what many CIO reputations are built on. “The truth is that often IT leaders are mired between return on money invested against strategic initiatives,” says Tamal Chakravorty, director IT & Test at Ericsson Global Services India. “Typically, all IT initiatives are ROI and benefit-driven,” says Kumar from TCS. “However, we should also focus on the qualitative aspect so as to measure how it can create more business value, enable regulatory compliances, enhance brand value and realize direct tangible returns. These projects pose a dilemma for CIOs. For years, organizations have implemented different systems to capture various types of transactions and the

Task Force Members Alok Kumar TCS

Hitesh Arora Max Life Insurance

Mahesh Kumar Aurobindo Pharma

Satish Das Cognizant Technology Solutions S.C. Mittal IFFCO

Shashi Kumar Ravulapaty Reliance Capital

S.T. Sathiavageeswaran Hindustan Petroleum Tamal Chakravorty Ericsson Global Services India

Vijay Sethi Hero MotoCorp

Yogesh Zope Bharat Forge

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

The CIO Task Force

process of enumerating benefits becomes complex as these would typically contribute in ‘improving quality of decision making’, ‘giving companies a business edge in relation to competition’, says S.T. Sathiavageeswaran, executive director-Information Systems, Hindustan Petroleum, something that Gartner calls as “systems of differentiation.” For instance, systems like ERP, CRM and BI are some of the initiatives which don’t result in hard ROI numbers for business.

Chakravorty suggests breaking up projects. “For large business transformation projects, the ideal way is to realize an outcome in phases,” he says. There is also the question of who decides whether an outcome is good enough. A CFO might have a different understanding of project success. A CFO could look at business outcomes from the point of immediate ROI, whereas a CEO would be bothered more about strategic outcomes.

IT Sourcing Gets Easier in

2014

Switching IT outsourcing providers will get easier and less expensive in the coming year. Until recently, the decision to change IT outsourcing providers almost always came at a high cost. But the advantage that incumbent IT service providers once had is disappearing as transitioning from one vendor to another becomes less painful. “Back in the day, with the big ‘one-neck-to-choke’ model, when you switched providers you had to switch everything,” says Thomas Young, partner with outsourcing consultancy Information Services Group (ISG). “But as the services supply chain continues to fragment by tower all the way down to out-tasking and implementing point solution, customers are much more likely to switch out those components,” Young says. “It’s the difference between switching out the stereo in your car and switching out the whole car.” Some other factors are contributing to an environment where outsourcing clients are more likely to jump to a competing outsourcing vendor than in the past. As buyers move from the very structured and prescriptive request-for-proposal model to a more open-ended, collaborative purchasing process, they’re able to obtain more standardized services from outsourcers. Thus, “the actual mechanics of switching involves less disruptive change,” Young says. “If the old agreements were like marriages, these new agreements are more like dating. They have an easy-on, easy-off mechanism that’s implicit in that kind of relationship,” Young says. In addition, some new pricing propositions may tempt customers to stray from their existing relationships. For the past year or two, labor automation has increased, enabling outsourcers to offer customers deals that are as much as 60 percent cheaper than in the past, says Young. Clients locked into deals with higher 42

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

According to Gartner’s 2013 CFO Technology Study, the CFO’s influence over IT is growing. About 39 percent of IT organizations report to the CFO’s office, which continues to have a significant influence over IT investments. TCS’ Kumar says that who you report to isn’t as important as having continuous dialogues with them to ensure that the IT project portfolio is in line with business outcomes. He suggests starting by

labor costs may find a compelling economic case to provider-hop. Indeed, 2014 should be a record year for customers changing providers, says Young. “The game is on for service providers stealing work from one another.” While most service providers will be able to poach customers from their competitors with their own new, more automated service offerings, they’re unlikely to want to lower the cost base for their existing customer. So “as they steal work, others will be coming in the back door to steal their work,” Young says. Those vendors that stand to lose the most from this new dynamic are offshore outsourcers. “The providers that have the most at risk have business models based on a competitive advantage that’s anchored in labor arbitrage,” says Young. “The services supply chain of the tomorrow relies less and less on labor.” Young calls the further automation of outsourcing “service-assoftware”—a virtualizing of the physical outsourcing environment. “I’m seeing a lot of innovation in this area, with some vendors reducing workloads to the point where they need half the staff,” he says. That trend is most pervasive in networking and datacenter work today, but will eventually hit end-user computing, he says. But big providers also stand to lose. “It sounds counterintuitive, but size is a liability at this point,” says Young. “They’re at risk not because they won’t be able to put new solutions in place, but because they may not do it fast enough for the market.” Smaller, more nimble providers will have the advantage. The big providers would also rather try to extend the old pricing on contracts for even an extra quarter or two to manage this shift, but those customers could jump ship. “That’s the risk,” Young says. “It takes a while to turn a big ship.” Customers are already taking advantage of such opportunities, and Young predicts that will accelerate as we enter next year. “The trend will be toward the easy-on, easy-off deal,” says Young. “At some point as the market matures, it won’t make sense to have these casual relationships and this churn. But we’re at the point right now where it’s advisable.”

— Stephanie Overby VOL/9 | ISSUE/02

collecting business priorities from the CEO or the CFO and then setting out to define and rationalize the IT project portfolio and align it with business priorities. Chakravorty says that CFOs perhaps are only custodians of budget versus spend. To meet the CFOs requirements, he says, an IT project should have short timelines, and nearly immediate paybacks. To be able to do that, IT alone won’t be able to write a project document and, therefore needs many patrons. “If one of them happens to be a CFO and he is the final authority, he will be easier to convince since other people would have already promised benefits,” he says. Gartner’s CFO study recommends that when the CFO is approving projects, it’s important to become a key strategic partner with finance or the CFO to steer the IT function. They stress on building the mindset that there are no IT projects—only business projects.

rationale behind having this discussion at all. “The truth is that one may perform fantastic ROI computations,” says Sethi, “but these are generally forgotten once project goes live. Very few companies do real follow-up on the benefits of a project.” Therefore, he says, “I think one needs to take a holistic view and realize that not all projects will give a quantified ROI. There are projects that are strategic initiatives and could act as building blocks for other projects,” he adds.

Moving Ahead “I think all this talk about business outcomes is only making the CIO role more important,” says Hero MotoCorp’s Sethi. “There’s one area that we need to focus on,” he says, “and that’s benefit realization post a project go-live over a period of time. It’s important that we make this a formal mechanism.”

based IT will help ensure IT is streamlined, trimmed and made easily accessible to the last line without each person trying to figure out how he should go about things. Meanwhile, developing business expertise within the IT team is an important initiative as it will develop a greater appreciation of business strategy and business understanding among the IT team. “IT should have a team of business analysts or business processes experts who understand business as well as the end customer,” says TCS’ Kumar. The milieu could work out business benefits for each initiative, manage project execution, monitor it post implementation, and communicate back to the business all benefits achieved, he says. It’s eventually a CIO’s onus to put in place a framework for people to work for outcomes while taking into account existing business processes. “If the CIO is seen as a

The truth is that one may perform fantastic ROI computations but these are generally forgotten once a project goes live. Very few companies do real follow-ups on the benefits of a project. Big Fuss Over Nothing As important as the topic of outcomebased IT (or outcome-based anything) has become, and despite the amount of focus it is getting, there are some CIOs who believe that it’s old news. Hitesh Arora, director and head-IT at Max Life Insurance, says the concept of outcome-based IT is equivalent to benefit realization and therefore, he says, is old wine in a new bottle. Vijay Sethi, VP and CIO at Hero MotoCorp, agrees. He recalls how even 15 years ago, while implementing an ERP solution, a lot of time was spent in evaluating and justifying the benefits and ROI. Then Sethi throws in an idea that questions the

VOL/9 | ISSUE/02

Citing an example of outcome-based IT, Chakravorty says, in the 1990s, a logistics company invested a lot of time training its external customers how to track orders online. Two decades later, they are more focused on creating new services without worrying about the customer. All IT projects, he says, ideally should be based on how a company acquires new customers. Operational stability will only be useful to retain old customers. A CIO’s focus should be more towards delivering projects towards operations or sales. “It keeps us relevant. For instance, today if I talk about a sales funneling tool that will be delivered in a matter of five days, people sit up and listen,” he says. He adds that outcome-

trusted advisor by business leaders, then outcome-based system will take off without a hassle,” says Cognizant’s Das. This approach towards deployment, which probably started four years ago is here to stay. Going forward, expect to see more project prototypes which only commence only once CIOs and business leaders identify a business outcome attached to implementing a project. At least, there’s one thing that came out of the not-so-good old recession. CIO

Shubhra Rishi is senior correspondent. Send feedback on this feature to shubhra_rishi@idgindia.com

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Phillip Beniac has over 25 years experience in the Business Analytics. He is responsible for managing sales, marketing, expert services, alliances and channels that support the rapidly growing number of Corporations and Government Departments deploying QlikView as their Business Discovery platform. â&#x20AC;&#x201D;Phillip Beniac Regional Vice President QlikTech, Asia Pacific

DISCOVER

DECIDE AND DO Phillip talks about how QlikViewâ&#x20AC;&#x2122;s business discovery platform are built to overcome technology constraints and empower users. G O PA L K I S H O R E

2014

CUSTOM FEATURE QLIKVIEW

How can CIOs empower business users to explore data, make discoveries, and uncover insights to solve problems in new ways?

Can you tell us more about the technology that powers QlikView’s business discovery platform?

QlikView has always been a pioneer in software designed for humans. It incepted simple concepts such as Associative and Natural Analytics in its QlikView Business Discovery platform that were before their time. With the speed of in-memory, technology limitations of linear queries went away. With processing speed increasing, associative queries were possible which enables organizations to get not only insights on the questions they asked but also answers to questions they did not ask. We’re driving this approach to software design through what we call Natural Analytics. It’s for people who don’t just seek answers to questions but seek the next question –or a better question. Natural Analytics taps into our natural ability to detect patterns, compare information, and make decisions. It aims to complement the brain’s higher level thinking, not replace it, with the power of technology. It enables and encourages browsing and exploration, categorization and other decision making processes. Curiosity is one of our greatest natural strengths, and its human instinct to ask the question “Why?” It’s the one question that shatters barriers, solves mysteries, and shapes our future. So we ask it now. Why doesn’t technology let business people do what they do best? People achieve amazing things when they do what comes naturally. That’s why we envisioned Natural Analytics as a way to tap into your innate ability to detect patterns, compare information, and make predictions.

Today, we are drowning in information, while starving for wisdom. Data is redundant unless it can be analyzed and converted in to intelligence to drive fact-based decisions. In today’s organization, insight creation as well as decision-making is not just dependent on an individual or a department. Every member is an integral part of this process. With this shift in the organizational landscape, it becomes pertinent that everybody is able to not only get the data, but also are able to analyze, slice & dice and collaborate that information within the organization. With this trend of democratization of data, you need tools/ solutions that are easily understood & used by everyone. Business users want BI tools that empower them, letting them get what they need rapidly and precisely. QlikView enables all users to gain business insights by understanding how data is associated, enabling users to conduct direct and indirect searches across all data, anywhere. This is what is driving the trend for adoption of user-driven BI or what we call Business Discovery; rather than what the traditional approach has been. Business Discovery is a whole new way of doing things that puts the business user in control.

Why would an enterprise opt for the business discovery model?

One of the most crucial asks from BI and Analytics today is how it permeates across the organization. For QlikTech it is more like an opportunity than a challenge. QlikTech has always believed that information can change the world and that “every” business user contributes to that transformation. The traditional BI approach tends to be departmental with IT being the supplier of that information meaning that there was a lot of dependency on IT to churn out information for various departments and owners. QlikTech believes that IT is a strategic function rather than just the supplier of information. With our QlikView Business Discovery & Natural Analytics approach, the power of analysis is with everyone. Business Discovery enables everyone to create insight. It’s about workgroups, departments, and entire business units having access to the data they need to make better decisions. Traditional BI tools are difficult to use, slow to deploy, or are not giving businesses the fast time to value they need to react to fast-changing market conditions. By the time reports are churned out by IT, it’s too late for them to react or proactively make a decision that will drive their business. We need to give users a Business Discovery platform, a user-driven BI solution because that’s the future – users are going to seek out their own solutions anyhow. They need to be empowered to make decisions and modern enterprises that want to succeed, not just survive, will have to move in this direction.

What are the exciting innovations that we can expect in the domain of business discovery and analytics?

Because we were a “visionary” in this self-service BI revolution, we learned a lot about how to design Business Intelligence & Analytics for human use, not for technology capabilities. As the leader in Business Discovery, we know what the modern workforce needs—and it’s not another tool that puts a new face on the same old data. Instead, QlikView Business Discovery is a complete technology platform surrounded by an ecosystem of people, services, and applications that reinvents BI. Add to this our concept of Natural Analytics that marries user-driven BI and the innate ability with which humans analyze information. QlikView has always and will continue to with its innovation, empower everyone to unearth new insights, supporting how they naturally ask questions and pursue answers. They’ll be able to collaborate, discuss analysis, and persuade others with data presented visually in interactive apps. And everyone will have access to data anytime, anywhere so they can confidently engage in decision-making that always feels like a natural part of the business process. It’s where BI is headed. And QlikView being disruptive is at the forefront of it.

This Interview is brought to you by IDG Services in association with Qliktech

2014

Task Force Objective: To Create User Delight

THE REAL

POWER OF USER EXPERIENCE One of the major reasons for the failure of IT projects is user resistance. As mobility and social media come of age in 2014, it could be the best time to shift your focus to user experience.

This isn’t a story about Steve Jobs. But it is about what Jobs once famously said: “You’ve got to start with the customer experience and work backwards to the technology.” And in the world of technology, when it comes to user experience, the spotlight is on CIOs—the spin doctors who are expected to turn this experience into “delight.” In this new world of VUCA (volatility, uncertainty, change, agility) the expectation from IT is no less than the expectation from superheroes in a fantasy world. Their roles in the last few years have undergone tremendous change. Their evolving roles today demand less of developing and maintaining made-to-order functional applications and more of creating a seamless experience for their users, both internal and external. Let’s admit, it’s a tough job to do. And that’s primarily because users are spoilt for choice. This user is also a consumer. He’s bred in a world of technology that’s transforming people’s lives in such a way that we no longer can distinguish between the surreal and real. It’s the same

BY S H U B H RA R I S H I

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

technology that’s delivering a whole host of smartphones, cloud and mobile apps, and social and collaboration software at breakneck speed. This breakthrough in the consumer space is changing the way organizations do business, both inside and outside of the enterprise. “Users have become used to good things in the consumer space,” says Sudhir Reddy, VP and CIO, Mindtree. By good, he means, apps that are intuitive, fast, fun, and accessible from any device. He says, the use of cloud has allowed users to update once and consume many times and on many devices. Therefore, it’s upto CIOs to determine how steadfast they are in driving consumer-centric design principles. It’s true that the consumerization of IT has introduced new workflows, governance processes, and methods of decisionmaking according to changing employee behavior. Companies such as NIIT have latched on to this trend. “With the consumerization of IT, users are now experiencing the user interface (UI) of devices that they buy and use outside the enterprise. One has to develop UI of applications in a way that they exceed expectations of both internal and external customers,” says Sunil Sirohi, SVP-IT, NIIT. The arrival of consumer technologies in the workplace and the advent of social media have to take the blame for setting new UI benchmarks. As a result, employees and customers now expect software to be easy to use. While that’s understandable, it’s also true that CIOs are more concerned about handling risk than creating user experience. Businesses are still focused on scope and getting the specifications right. They are still delivering business requirements and not engaging with the users for whom these applications are being deployed. According to Gartner, companies are no longer developing applications for an exclusive user base over which one can exert

VOL /9 | ISSUE/02

standards and control. This development is leading to the need for IT to look into the techniques and practices of what Gartner calls “global class” computing— an approach to designing systems and architectures that extend computing processes outside the enterprise and into the culture of consumers, mobile workers and business partners. Further, the research agency adds that it’s important to recognize that trends such as BYOD, bring your own application (BYOA), and cloud computing are leading indicators of a long-term structural change occurring in the industry—this is not the demands of a few errant staff demanding their favorite brand of technology. Therefore, CIOs need to learn and adapt quickly and at the same time, push their teams to give their best shot at enhancing user experience because believe it or not, it’s the need of the hour.

Getting Users on Board One of the main reasons for Marico’s growing profits has been its focus on understanding consumer needs before introducing new products into the market. Its IT-Head, Girish Rao insists that instead of getting into the rut of standard SDLC, demystifying the unspoken needs of the users is extremely important while deploying an application. “We employ a connect-and-deploy approach which involves spending more time and riding along with end-users in order to understand what they want,” he says. Rao learned the importance of connecting with users after Marico rolled out a sales force app with a geo-tagging feature for its fieldforce to identify the GPS location of the user where a particular order was getting booked. Instead of getting favorable results, the company’s orders started dipping. It was only when the team visited the shop with a sales user that it realized that mobiles weren’t catching the GPS signal inside the shop while the order was being booked. Had the IT team not realized that, the problem wouldn’t have been fixed.

Task Force Members Ajay Meher Multi Screen Media

Girish Rao Marico

Rajeev Batra Sistema Shyam Teleservices (MTS)

Sanjay Malhotra Amway

Sebastian Joseph Mudra

Sudhir Reddy Mindtree

Sunil Sirohi NIIT

V. Subramaniam OTIS

While ride-alongs are a great way to know your users’ needs, V. Subramaniam, director IT and CIO, Pacific Asia Area, Otis Elevator Company, says getting users involved from the conceptualization stage is a great way to create better deliverables

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

The CIO Task Force

and get buy-in. To be able to do that, Subramaniam is using an agile framework called Rapid Prototyping. This helps him get quick feedback and makes it easier for the IT team to understand and address business needs, customer needs, and usability. Once that’s done, Subramaniam says, every solution that’s deployed is first

used by the company’s internal team and only then the application is rolled out for external use. Being a consumer of your own services is a principle that Ajay Meher, SVPIT and post production, Multi Screen Media, also swears by. Being a media organization, Meher says experience

UX Specialists Are

Hot Commodities

As the digital world shrinks down to a screen the size of your hand, demand for user experience designers explodes. Roberto Masiero remembers vividly the moment in 2011 when it became clear to him that designing a mobile application was considerably different than designing a desktop application. As head of the innovation labs for ADP, a payroll services company, he managed the engineering team tasked with creating ADP Mobile, a version of the company’s human capital management application tailored to mobile devices. “We started out with a list of 100 features that we thought were awesome,” Masiero remembers, but his team’s enthusiasm ran smack into the collective disdain of user experience designers brought in from an outside firm. The consultants deemed feature after feature irrelevant for mobile users, arguing that so many options would confuse people. By the time the designers were done, they had whittled away 80percent of the features. “Their message was simple: Less is more,” says Masiero. In a mobile application, it’s better to neatly provide the 20 most important pieces of information than it is to force users to navigate through 100 features that they might never use. “You have to drop completeness in the name of usefulness,” he says. What’s more, Masiero, like a lot of other IT leaders, realized that in this age of mobility and user-driven technology, IT shops that don’t have a user experience expert onboard need to get serious about begging, borrowing or stealing to find one—and that’s an increasingly difficult proposition. Developers with user interface (UI) and user experience (UX) expertise are hot these days, according to Shane Bernstein, managing director of QConnects, a Culver City, California-based digital recruitment firm. And this is a fairly recent development, he says. From 2010 to 2011, QConnects saw a 25 percent increase in the number of requests for UX designers; from 2011 to 2012, the increase was 70 percent. The Creative Group, a division of staffing firm Robert Half Technology that specializes in design, marketing and interactive 48

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

is critical when it comes to UI design. “Sometimes the look matters more than the functionality,” he says. His team consists of UI designers who create simple design templates (PSDs) of user interface to get user feedback of the look and feel of an application before its being rolled out to the end users.

talent, began tracking UX designers separately in its annual salary survey in 2011. Salaries for those professionals went up 6.2 percent in 2012, and the firm expects another 4.8 percent increase in 2013.

Users Expect Perfection In design parlance, the user interface is what the user sees and the user experience is how the application behaves. Both recruiters and practitioners stress that the latter is as important as the former. Therefore, designers need to concentrate not only on how an app looks, but on the whole “wireframe” of the application, and where requests are going into the back end of the system. What’s driving the demand for such skills? Many people lay the credit—or perhaps blame—on Apple, with its near-fetishistic attention to how design, hardware and interface intersect. “Now people expect everything they interface with to have the ease of use of an iPhone,” says Matt Miller, CTO at technical recruiting firm CyberCoders. “Apple forces everybody to match their aesthetic,” agrees Masiero. “The image of your brand is at stake in your mobile application now. Companies that have great design, whether they’re a restaurant chain or a car manufacturer, have a more valuable brand,” he says. Moreover, as mobile computing explodes, a company’s entire customer base will demand a consumer-like experience with its products. As Masiero notes, 10 years ago ADP’s sole audience was the HR department. That’s no longer true. “With mobile devices becoming ubiquitous, we have to serve 30 million users, from somebody on a construction site to an airline pilot to a hotel manager. And you have to create a design so that the experience is accessible to everyone, while still providing them with a sense of uniqueness,” he says.

High Tech, High Touch UX specialists are hard to find in part because the position requires expertise in multiple disciplines: design, programming and human behavior. “We do a little bit of market research, a little bit of psychology,” says Whitney Quesenberry, who runs a UX design firm in High Bridge, N.J., and has done work for Novartis, Siemens, Dow Jones and Eli Lilly, among other companies. “UX is like programming—there’s not just one job involved.” Donna Farrugia, The Creative Group’s executive director, insists that the more cross-disciplined UX designers are, the better. They ideally

VOL/9 | ISSUE/02

The Jobs Way

echoed in Apple as it sold 6.1 million units over five quarters. MSM’s Meher says Apple’s iPhone would never have been created if Jobs would have taken into account user requirements. “If you ask users what’s the experience they are looking for, they wouldn’t be able to spell it out for you.” Instead, use IT, he says, to continuously work should have good design and layout chops as well as technology on a solution to build skills that include HTML and JavaScript expertise. “The ideal is that experience. this hybrid person who’s both right-brained and left-brained, NIIT’s Sirohi says high tech and high touch,” says Farrugia. users only know That pretty closely describes Michael Beasley, a designer as much as what at Internet marketing agency Pure Visibility in Ann Arbor, Mich. they have already He got a bachelor’s degree in both English and music from the experienced. University of Michigan and then stayed to get a master’s degree There are two things in human-computer interaction from Michigan’s School of to delivering a great Information in 2005. user experience, he “That’s where I got my approach to interface design,” Beasley says, one is the app says. “The multidisciplinary approach taught me design, human that is expected to hold cognition and usability principles and methods. I also got a good flawless content and understanding of how organizations work and information flows. functionality, and the That made me a pretty well-rounded person.” other is UI design. In That kind of background sits well with IT managers like Masiero, an enterprise where for whom good design goes deeper than rounded corners on icons. applications are built “I want you to be a wizard of understanding the mental model of to last forever and dethe user and translating that into the behavior of the application. liver higher ROI yearYou have to always think about making the user comfortable, about on-year, it becomes difnot creating any friction between what the user expects to happen ficult to sustain user and what the application expects from the user.” experience. “Designers who understand human interaction are one step Sirohi says, for such ahead of everyone else,” says Farrugia. apps, repackage the presentation layerELook for Homegrown UX Talent and build new apps With so much riding on the success of mobile apps these days, seeking the help of most companies feel they have to find UX talent in-house instead skilled UI designers of waiting for colleges and vocational schools to churn out more and deliver customergraduates with the ideal mix of design and coding sensibilities. focused design princiMany are forming multidisciplinary teams because they ples such as easy naviknow it’s unlikely they’ll find one perfect UX expert. “A designer gation, device-specific might not be able to program, but they should be able to have a delivery, user impact, reasonable conversation with a programmer so they understand and engaging use the impact of a design decision,” says Quesenberry. of imagery. Beasley concurs. “A really creative designer may help While getting users involved is a great thing to do, CIOs will agree with what Jobs once said: “People don’t know what they want until you show it to them.” Jobs was talking about his own ability to communicate the benefits of his own design to consumers. And as a result, the term ‘user delight’

[the organization] make big leaps to a whole new level of quality. But the quantitative side is just as important,” he says. “Designers would do well to get more comfortable with the technical side, to build up those skills and knowledge.” —Howard Baldwin

VOL/9 | ISSUE/02

entwined with the users to deliver more than what they hoped for. For instance, Rao says, when the company needed an Excel-based system to assimilate a screen that would capture 22 data points, Rao and his team worked with end users only to find out that they needed only 4 data points for the purpose of decision-making in real-time. Marico’s Rao says the art lies in simplifying the process and the user screens. That’s a challenge that UI designers as well as app design developers need to take up. “But truth be told, the lesser you make the millennial generation do, the happier they are”, he says. Otis’ Subramaniam says that user delight breeds on simplification and user involvement. “Involving the users during design phase resulted in unleashing the creativity of the users and delivering a great application packed with features and a great user interface,” he says. In order to unburden CIOs from the pressure of user delight, NIIT’s Sirohi says enterprises need to setup an IT environment (infrastructure and apps) that is always on and always available. Collaboration, he says, is the name of the game and the new-age collaboration tools will help users, customers, vendors, and partners to be connected to the enterprise which will inspire, engage, and amaze them. Going forward, applications will become more and more personalized and will be designed for individuals but aimed at utilizing the power of groups. Organizations that are leveraging that are going to change their users’ experience to delight. And that’s something Steve Jobs would approve. CIO

Users Rule As far as understanding requirements go, Rao and his team are

Send feedback on this feature to shubhra_rishi@ idgindia.com

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It With Data

THE YEAR AHEAD

SURVEY Analytics and big data, cloud computing in its different forms, and consumerization and mobility. All of these phenomena are going to manifest more acutely in the coming year. We take a look at the numbers behind the trends.

Survey Methodology The Year Ahead Survey 2014 was administered online over two weeks in November 2013. Three hundred eighty-six Indian IT leaders participated. Twenty-two percent of respondents were from organizations with annual revenues of over Rs 10,000 crore; 32 percent from enterprises between Rs 2,000 crore and Rs 9,999 crore; 23 percent from organizations between Rs 500 and Rs 1,999 crore. A cross-section of Indian industry participated. CIO editors ensured all participants are bonafide IT leaders. All responses were gathered using a secure server with all individual data kept confidential. The degree of error is +/- 5.5 percent at a 95 percent confidence level.

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

The DC: CHANGES AT THE HEART OF IT The datacenter is where IT strategy rubber hits the road. As CIOs try to keep their datacenters up with the times, they continue to face challenges.

What's Increasing DC Complexity Indian CIOs were asked to rate the following on a scale of 1-5 (1 being the highest). Growth in data volume

2.2

Rising number of business-critical apps

2.5

Inadequate budgets

3.3

Server virtualization

3.4

Cloud computing

3.5

Strategies to Tackle Rising Demands on DCs A significant number of Indian CIOs are turning to the cloud to take the stress off their datacenters.

71% Server virtualization and consolidation

45% Upgrading legacy IT equipment for greater power efficiency

40% Moving less critical systems to cloud services

30% Expanding useable floor space within existing facilities

The Effects of DC Complexity

29%

A fifth of CIOs say that DC complexity has no impact on their organizations.

Outsourcing datacenter requirements completely

20% 23%

Moving less critical systems out to co-location

17%

Higher cost

Constructing new datacenter facilities

15%

Longer lead times to provision compute resources

Modifying cooling systems to supplement hot spots

15%

11%

Reduced agility

Retrofiting new power and cooling systems to existing facilities

9% Missed SLAs

Issues with Running Mission-critical Apps in a Virtual Environment

Compliance incidents

Over 40 percent of CIOs say that they have no issues with running mission-critical apps in a virtual environment.

Higher downtime

4% Security breaches

32% Some applications are not good candidates for virtualization

23%

Top 3 DC Pain Points

Increased latency and performance issues

23%

Backup and recovery lifecycle

34%

Application workload difficult to define

Single points of failure increasing the level of risk

31%

Inadequate in-house skill sets necessary for the migration

Management complexity due to multiple tools

29%

19% 16% Problems with back-up

Level of Server Virtualization Within Indian Enterprises 16%

Less than 10% virtualized 52

14%

Between 10% and 20%

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

18%

Between 20% and 30%

16%

Between 30% and 40%

37%

More than 50%

VOL/9 | ISSUE/02

Cloud Computing: RISING ON THERMALS As more Indian organizations embrace cloud computing in its multiple forms, CIOs are finding new benefits and lower resistance.

Hurdles to Private Clouds

Foggy on the Legalities Over 42% of CIOs are not sure or don't know their company's legal obligations where cloud computing is concerned.

42% Integrating existing IT products

41% Updating our current infrastructure

31%

34% Not Sure

Making the business case for a private cloud

58% Yes

25% Acquiring employee skill sets

23% Acquiring cloud software and hardware

8% No

23% Managing automation

Private Cloud Benefits

Public Cloud Benefits

A year ago, 70% of CIOs said a private cloud's greatest benefit was its ability to leverage existing assets and increase efficiency.

The top benefit of public clouds (it's ability to increase business agility) has not changed since the last year.

55%

53%

52%

45%

46%

44%

40%

37%

38%

34%

36%

Builds in better scalability

Increases business agility

Ability to leverage existing assets and increase efficiency

Reduces Total Cost of Ownership

Reduces time to deliver applications to the business

Helps us take advantage of the latest technology

Reduces total cost of ownership

Reduce infrastructure costs

Maximizes compute resources, but is a high cost option

Better support for remote and mobile workers

Leverages investment in existing infrastructure

Converts capital expenditures to operating expenses

Top Public Cloud Concerns

Cloud Direction

Across every risk item, fewer CIOs have concerns with the public cloud. 2014

2013

Unauthorized access to or leak of our customersâ&#x20AC;&#x2122; data

53%

54%

Vendor lock-in

50%

56%

Security defects in the technology itself

48%

52%

Unauthorized access to or leak of proprietary data

47%

52%

Integration of cloud data with our internal systems

43%

53%

Business continuity and DR readiness of provider

27%

Application and system performance

25%

26%

Business viability of provider (risk company will fail)

25%

29%

VOL/9 | ISSUE/02

CIOs were asked to select which cloud model their organizations are using or would like to use. 48% 42%

38%

2013

42%

2014

17%

Hybrid Cloud

Private Cloud

14%

Public Cloud

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Big Data SMALL STEPS Big data might be making big waves, but the approach of most Indian organizations to analytics hasn't changed too much in the last year.

BI Tools Maturity Scale Note that the more mature a solution is, the more likely it's not being used extensively. Used Extensively

Limited Use

Plan to Use

Spreadsheets / Microsoft Excel

75%

20%

Reports

74%

19%

Dashboards

40%

38%

18%

Query and analysis software

31%

41%

20%

Scorecards

19%

37%

30%

Alerts

30%

38%

24%

Embedded BI

18%

39%

Mobile (smartphone- or tablet-based) dashboards / data visualizations

20%

55%

Barriers to Analytics Adoption

Do You Use Big Data Tools?

The top three challenges haven't changed in the last year. 9% Yes

55% Data quality problems

38% Software licenses are too expensive

35% Integration/compatibility issues with existing/multiple platforms

34% BI/analytics talent is too expensive to hire

41% Not yet, but we have plans to do so or are in the process of implementing

50% No

28% No clear ROI

26% Challenges scaling the technology across the entire organization

Big Data Understanding CIOs were asked whether their organizations distinguish “data” from “big data,” and use distinct tools for higher volume, complexity and dynamic data processing.

Which Tools? 31% Hadoop Distro

28% NoSQL Data Store

47%

28% Real Time Event Processing Tools

38%

25% Columnar Databases

20% 15% Yes

Not sure

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

HPCC (High Performance Computing Cluster)

11% MapReduce framework/architecture

VOL/9 | ISSUE/02

Consumerization and MOBILITY As more staffers bring their own devices (mainly mobiles) into organizations, two trends have begun to merge: Mobility and the consumerization of IT.

56%

Personal Devices Employees Use at Work

OF INDIAN ORGANIZATIONS ALLOW EMPLOYEES TO USE PERSONAL DEVICES AT WORK

At 77%, Android is the most popular mobility platform supported by enterprises. 75%

Consumerization of IT: Concerns 44%

Only 7% of Indian CIOs have no concerns regarding the consumerization of IT.

33%

55% Potential theft of intellectual property Smartphones

Tablets

Laptops / Notebooks

54% Difficulty meeting compliance requirements

52%

What They Are Doing

Potential network security breaches

CIOs were asked what business tasks were performed by staffers using personal devices.

Additional overhead to support devices

90%

49% 46% Possible loss of customer data

81% Phone calls

38%

Benefits of Consumerization of IT Less than 10% of CIOs believe that the risks associated with the consumerization of IT outweigh any benefits.

Social media apps

31% Collaboration

18% ERP

17% CRM

9% Other enterprise apps

Higher employee productivity

64%

Enhanced employee access to information

54%

Better internal collaboration

44%

Improved customer service

41%

Better employee satisfaction

39%

Policy For Personal Devices at Work Just under a fifth of CIOs say their organizations do not support personal devices at work.

Provide support for any device

VOL/7 | ISSUE/02

36%

Support a limited list of devices

33%

Plan to put a policy in place

No plans to implement a policy

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 1

F E B R U A R Y 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/8 | ISSUE/04

2014

BROUGHT TO YOU BY

Making It with Analytics

RICH STRIKING IT

Intel, UPS, and Express Scripts are reaping huge rewards and eye-popping results from data analytics. Here’s what your company might be missing out on.

Simply put, data is the lifeblood at Express Scripts, a $44 billion (about Rs 264,000 crore) pharmacy benefits management company. The Fortune 100 company processes close to 1.5 billion prescriptions for some 300 million consumers per year, all the while analyzing the wealth of information that accompanies each order. “As we track a prescription through data entry and the pharmacy process and into the fulfilment system, we’re tracking all sorts of information that gets fed to an analytics team that is focused on process improvement,” says CTO Jim Lammers. Internally, it’s how the company speeds delivery and cuts errors, he says. But Express Scripts also processes more than 1 billion pharmacy insurance claims annually, and they represent a gold mine of information that could help cut healthcare costs and address the multibillion-dollar healthcare problem created by people who don’t take their medications as prescribed, says Lammers. Computers, mobile phones, tablet devices, sensors, tweets, texts and posts to social

BY J U L I A K I N G

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with Analytics

networks, not to mention run-of-the-mill retail and registration transactions online, are all generating potentially valuable data. A lot of data. By 2020, IDC estimates that the number of business-tobusiness and business-to-consumer online transactions will reach 450 billion per day. We look at three organizations that are ahead of the curve in generating big business value from big data and analytics technology. At the top of their lists of lessons learned: A deeply-rooted culture of analytics and a relentless focus on cost efficiency and process improvement are invaluable.

The Win: Lower Healthcare Costs At Express Scripts, claims data can show whether patients are filling their prescriptions in the most cost-effective way, which is frequently by mail order. If they aren’t, Express Scripts can intercede by providing the patient with additional cost information and offer to switch delivery fulfilment methods for them with a minimum of hassle. “If they’re taking a maintenance medication for high cholesterol and we know they’ve been taking it but they’ve been taking it from a retail pharmacy, we know if they move to a mail order, they can save,” Lammers says. “We’ll do proactive e-mails and drive the patient to our website and use specific messaging to get them to make [a mail order] decision.” What it boils down to is “doing the data analysis, creating the interaction and getting out the right message so that the patient can make a different choice,” Lammers explains. “One of the key tenets is that if we offer people the right choice, they’ll take the right path.” It sounds easy, but behind the seemingly effortless redirection is a massive amount of technology, not to mention a strict culture of analytics that permeates virtually all of Express Scripts’ operations. One of the company’s largest IT investments has been in master data management software, which is critical to creating a single record that connects all of a customer’s actions, regardless of whether a transaction is made via e-mail, on the Web, by phone or in person at a retail pharmacy. “One of the biggest challenges is linking all information together across all these different sources,” says Lammers. “We’ve made very heavy investments in master data management. We invested early on and we’ve been through two or three iterations.” Express Scripts also created what Lammers calls a federated analytics model that includes a business analytics team embedded in each key functional operation, such as supply chain, sales and finance. A single data warehouse and centralized data governance are two other keys to the company’s analytics success, he says. “With a centralized core, everyone is looking at the same data,” Lammers notes. With a proven data governance model and a data management foundation in place, Express Scripts recently expanded into predictive analytics, introducing an application called Screen Rx that’s designed to reduce the problem of patient non-adherence to prescriptions for chronic conditions such as diabetes and high 58

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Xxxxxxxxx xxxxxxxxx xxxxxxxxx xxxxxxxx xx x xxx xxxx x x xxxxxx xxxxxxxxx xxxxxxxxxx

Style Making It Intel

Intel uses analytics to drive manufacturing efficiencies, and uncover new revenue sources.

Intel IT created a new reseller sales tool that worked to increase the its revenue by enabling its sales team to identify, then strategically focus on, larger-volume resellers. The software engine mines large sets of internal and external data, then applies a predictive algorithm to pinpoint the most promising resellers. So far, it has helped identify three times as many highpotential resellers in the Asia-Pacific region as manual methods typically would have uncovered. That translates to about $20 million (about Rs 120 crore) in potential new and incremental sales.

cholesterol. At a cost of more than $317 billion (about Rs 1,902,000 crore) annually, non-adherence is the most expensive healthcarerelated problem in the US, according to Express Scripts. For example, skipping doses of a prescribed cholesterol medication might trigger heart attacks for some patients. Using predictive modeling based on 400 factors, such as a patient’s location, family situation and the number of medications involved, Express Scripts can now identify, and proactively intervene with, patients who are likely to skip doses. Interventions might include a timely reminder to the patient to take his medication or a referral to a patient assistance program to help him pay for his medications. A third option is a referral to a clinical pharmacist who can assist with questions or concerns about a drug’s side effects.

VOL/9 | ISSUE/02

2014

Making It with Analytics

“This is really one of the key things we’ve been building to—to change behavior,” says Lammers. He adds that striving to foster healthy behaviors in patients is especially important in light of impending healthcare reform as millions of people gain access to consistent healthcare for the first time. “We have to train them to take care of themselves,” he says. “When we can put Screen Rx into a population that hasn’t had consistent access to healthcare, we can get them to get the right stuff right away.”

The Win: Fuel Savings and Better Driver Safety Transportation and logistics giant UPS, which has annual revenue of $54 billion (about Rs 324,000 crore), invests roughly $1 billion (about 6,000 crore) per year in IT, and a very hefty portion of that is devoted to data analytics, according to Juan Perez, vice president of information services. The goal—for now—is to improve business processes, cut costs and increase efficiency.

Style Making It UPS

Transportation and logistics giant UPS drives to greater success with analytics.

UPS, which has annual revenue of $54 billion (about Rs 324,000 crore), invests roughly $1 billion (about 6,000 crore) per year in IT, and a very hefty portion of that is devoted to data analytics, according to Juan Perez, vice president of information services. Using analytics, UPS as eliminated 5.3 million miles from its routes, reduced engine idling time by almost 10 million minutes, saved 650,000 gallons of fuel and reduced its carbon emissions by more than 6,500 metric tons by analyzing a continuous stream of sensor data from its delivery trucks.

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

The effort has been a success. By analyzing a continuous stream of sensor data from its thousands of delivery trucks, the global company has eliminated 5.3 million miles from its routes, reduced engine idling time by almost 10 million minutes, saved 650,000 gallons of fuel and reduced its carbon emissions by more than 6,500 metric tons. At the heart of these eye-popping metrics is ORION, which stands for On-Road Integrated Optimization and Navigation, a dataintensive system that lays out the most efficient routes for individual drivers to deliver their loads via a series of complex algorithms. Additionally, the system taps into the mountain of sensor data to predict when a truck part might fail so that preventive maintenance can be scheduled and completed. ORION also lets UPS managers peer into the habits of individual drivers, pinpointing, for example, the number of times a driver backs up a truck or makes a U-turn. This information can be used to identify drivers who need additional training. “We have sensors that capture information about the vehicle and the driver’s behaviors. We marry that information to delivery and acquisition information, and we can get a complete picture of how a driver is completing his work, day in and day out,” Perez says. “That has incredible consequences for the way we manage the business across the board.” Now, the company’s appetite for data is extending outward. Its goal is to get closer—much closer—to its millions of customers with another analytics-intensive service called UPS My Choice, which lets people set individual preferences for how they interact with the company. Customers using the service can, among other things, give specific instructions about how and precisely where to deliver their packages to specific addresses, reroute packages if they change locations, and sign up to receive status alerts. “What we’ve done is take a new approach to managing personal supply chains. Having that level of connectivity with our customers is going to change our business now and in the years to come. The integration with consumers is what is enabling revenue growth,” says Perez. In the first year UPS My Choice was available, more than 2 million customers signed up for the service, and more than 25 million packages were delivered under its auspices. Data about customers’ delivery preferences helps UPS to continue to refine its internal processes in response to those preferences “so we can build a one-to-one experience,” Perez says. But even more critical is the insight that the data provides into what new products and services to offer. “All of the [tracking and delivery] notifications we provide and how customers respond to notifications tell us what they want so we can create the products and services they want. It’s a lot of data to define new products and services.” The next step, as Perez sees it, is to tie everything together and create a graphic picture of UPS’s various big data systems so the company can uncover new uses for the data—and thereby derive more business value from it.

VOL/9 | ISSUE/02

The Win: Millions in Added Sales Traditional business intelligence is alive and well at Intel, but big data mining and predictive analytics are the forces driving design and manufacturing efficiencies, and uncovering new revenue sources that added up to tens of millions of dollars in a single year alone. “It starts with believing that you can change outcomes,” says CIO Kim Stevenson of the chip manufacturer’s massive success with analytics. That, she says, requires less time spent on historical questions, which is the purview of traditional BI, and more focus on the future, which is what predictive analytics is all about. Predicting the future at Intel requires analyzing massive amounts of data to discern patterns and then applying predictive algorithms to solve high-value business problems. In 2012, for example, Intel IT created a new reseller sales tool that worked to increase the chip maker’s revenue by enabling its sales team to identify, then strategically focus on, larger-volume

“

“To get the business to focus on the future and ask better questions that would lead to better outcomes, we knew we would have to do things quickly,” she explains. “We were coming out of a traditional BI environment where solving master data is the unsolvable problem. People work on it forever and the business doesn’t see the value.” So Stevenson came up with the “six months and $10 million” rule. “A $10 million problem solved in six months is important. Any general manager would say they’d invest six months if we could save them $10 million,” she says. (At Intel, business managers must support and fund IT projects.) Stevenson recruited five-person teams made up of a business expert, a statistician, a predictive modeler, a machine learning expert and a data scientist. “Each person on the team had a slightly different perspective on the problem we were trying to solve. Doing it in six months was our way of earning the right to prove the capability was there to really change the way we do things,” she says. In addition to the projects that reduced testing time and pinpointed lucrative resellers, 13 other analytics projects have been completed using that approach. So Stevenson has upped the ante by finding $100 million problems and challenging teams to solve them.

“

“It starts with process improvements, but once you start tying all of this together, it can mean very big changes in the business,” Perez says. “That’s what we’re getting at.”

A $10 million problem solved in six months is important. Any GM would say they’d invest six months if we could save them $10 million. —Kim Stevenson, CIO, Intel

resellers. The new software engine mines large sets of internal and external data, then applies a predictive algorithm to pinpoint the most promising resellers. So far, it has helped identify three times as many high-potential resellers in the Asia-Pacific region as manual methods typically would have uncovered, according to Stevenson. That translates to about $20 million (about Rs 120 crore) in potential new and incremental sales. More gains are expected as the tools are rolled out to other geographies. On the manufacturing front, Intel is using a predictive analytics tool to reduce microprocessor testing time. The company saved about $3 million (about Rs 18 crore) in testing during a proof-ofconcept period. By this year, as the tool is implemented more widely, Stevenson expects it to rack up another $30 million (about Rs 180 crore) in savings companywide. Intel’s analytics success has been fast-tracked, to say the least. The key, Stevenson says, is tackling big-money problems with relatively small and swift-acting teams.

VOL/9 | ISSUE/02

“When you have a track record, you can ratchet up,” she says. Other ongoing projects include a predictive engine for streamlining Intel’s chip design and debugging process and another to predict new information security threats. But Stevenson cautions enterprises not to underestimate the skills required for analytics initiatives and the time it may take to nurture those skills. “When I think about our learning curve with Hadoop and some of the more advanced presentation layers that are very different from SAP or traditional BI, I’d emphasize that there is a learning curve there for technical skills that isn’t insignificant,” she warns. Her other piece of advice: “Develop an appetite for experimentation,” especially since analytics technology is still evolving. “The winners and losers on the tech side are not completely shaken out yet,” she says. “Keep your aperture wide.” CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Sudipta is responsible for setting the company’s strategic direction and leading its growth as a leading provider of Business Analytics solutions in the country. Under Sudipta’s leadership since 2004, SAS has established itself as a market leader in Business Analytics market in the country and registered constant double digit growth. —Sudipta K Sen, Regional Director – South East Asia, Vice Chairman and Member of Board, SAS Institute (India)

DELIVERING ACTIONABLE

INTELLIGENCE Sudipta Sen talks about what it takes to deliver value-driven business analytics in the enterprise. G O PA L K I S H O R E

2014

CUSTOM FEATURE SAS

Is it feasible to focus on visible, actionable intelligence today? What role does SAS play in creating the right product rather than making the product right?

It is important that IT products and solutions are built by keeping customers at the centre and technology around it. Organisations have to leverage data and feedback that comes from different customer or industry constituencies. These feedbacks help in envisaging different business case and hence the pain areas. SAS is driven to solve customer business problems. Therefore, we always keep customers at the centre of our innovation and product development. For instance, SAS HighPerformance Analytics is built around one of the biggest challenge which industry faces today â&#x20AC;&#x201C; transforming big data into big business value. SAS High-Performance Analytics helps analyse billions of rows of data in its entirety and not just subsets. It helps in giving quick, predictive insights, which can enable organisations in forecasting and optimising outcomes, to drive breakthrough benefits. How can CIOs address the challenge of proving a direct causal link between a BI investment and its result?

When an organisation embarks on an analytics or BI journey, it is important for them to set the right matrices and objectives. Many times, the focus is on the direct ROI, which is certainly important. It is however, even more important to focus on the long-term sustainable advantage and intangible valuable outcomes. BI solutions should be used as an enabler that helps IT teams and business decision makers to collaborate for optimising outcomes, foreseeing trends and taking factbased decisions in near real-time. By doing so, organisations can drive a culture of data-driven decision making across departments and lines of business. This is where the real value of BI solutions comes in. How is SAS helping businesses get the right mix of resources to do analytics right?

Data is emerging as a new asset class and at the vanguard of this big data wave are the organisations that leverage data to make forward-looking decisions and enhance business outcomes. Being a leader in the analytics market, SASâ&#x20AC;&#x2122; comprehensive offerings in Data Management, High-Performance Analytics and Data Visualisation, helps organisations in building a quality, integrated data, deriving insights from it and presenting it in a form that is easy to understand and accessible via mobile devices. SAS utilises its decades of experience across industries and geographies, to build solutions that are industry-specific and helps solve business challenges. SAS High-Performance Analytics Solutions are based on an in-memory architecture, which can be used on commodity hardware. It helps users in analysing billions of rows of data in seconds or minutes, instead of hours or days; empowering near real-time decision making.

How can IT ensure that Business Analytics & Intelligence initiatives be championed by business?

Analytics or BI is no longer an IT project, but a continuous process. Analytics has become an industry-wide strategic imperative. It is important for IT teams to work on a three-staged model: Identify, Demonstrate and Communicate. IT teams need to identify the business unit where they would want to implement BI/analytics solutions and demonstrate success by solving business challenges and attaining better outcomes. For instance, An IT team at a bank could implement such a project for their internal call centre. IT teams can empower the users of this division with analytics and interactive dashboards, which helps them gain a complete view of every customer who calls-in, his relationship history with the bank, life-stage needs, etc. This can help call centre executives in servicing customers well and at the same time up-selling and cross-selling. Such value needs to be communicated with the management and other business groups. This creates a drive amongst different business units to replicate success and hence drives a culture of data-driven decision making. How can organizations garner talent that can efficiently interpret BI data and putting it into the right context?

With more and more organisations embracing analytics and datadriven decision making, globally there has been a strong demand for analytical talent. SAS works closely with premier B-Schools and engineering colleges across the globe, to create analytical talent who understand both data and business. In India, we work with IIMs, ISB, IITs, etc. to help institutes impart analytical knowledge to students. It should also be noted that, there has also been a transformation in the way analytics is adding value. For instance, with SAS Visual Analytics non-technical business users from any department can slice and dice their data, create reports easily and collaborate with peers to enhance value. At the same time, IT teams can maintain data security and minimise their intervention in day-to-day tasks. This transformation will gradually change the role of a data scientist in a way that they will be needed to closely engage with business users to address business challenges and growth opportunities. This is driving a strong demand for managers who can understand both business and data. SASâ&#x20AC;&#x2122; alliance with premier B-Schools around the world, is built around the vision to fulfil this rising demand.

This Interview is brought to you by IDG Services in association with SAS

2014

Making It with Big Data

Shine COME RAIN OR

By analyzing a wealth of weather information, multiple industries can adjust inventories and marketing schemes based on the shifting winds of Mother Nature.

That itch in your throat and those watery eyes? Merck, which makes the allergy pill Claritin, anticipated your hay fever and—a year ago— started making plans to capitalize on it. With a subscription to specialized weather forecasts, Merck knew way back last July that this March would be unseasonably cold in most of the US, leaving many allergens dormant. Then, quite quickly, May would bring lots of warmth, pollen and spores. Merck shared its weather intelligence, based on temperature and moisture data correlated to customer behavior by ZIP code, with Wal-Mart. Together they decided to boost promotions and supplies of Claritin and other allergy products at the time when you were desperately ready to buy. “The upside is potentially millions of dollars in additional sales,” says Debbie Sonnentag, Merck Consumer Care’s director of category development for Wal-Mart. Companies in all corners of the economy are factoring weather data into their business strategies, hoping to turn a profit on Mother Nature. Sears monitors weather

BY SA N D RA G I T T L E N

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Making It with Big Data

nationwide from a crisis command center, figuring out how to stock enough snow blowers in a winter storm and air conditioners in a heat wave. Home insurer EMC Insurance analyzes hailstorm history to catch false claims. Westar Energy in Kansas schedules power-line repair crews with an eye on severe weather in other states, in case distant outages require their help. DHL Express, a division of the $73 billion (about Rs 459,900 crore) global delivery company, uses weather data to make minuteto-minute decisions that affect 3,000 flights per day worldwide. Weather, says Travis Cobb, VP of hubs, gateways and network control for DHL’s Americas region, “is the million-dollar question.” Yet weathermen have a bad reputation for a reason: Getting it right is hard. The Weather Channel, for example, every day processes 20 terabytes of data about wind, rain, sleet, snow, temperature, tornadoes, air pressure, moisture, earthquakes, hurricanes, wave heights, lightning and ice, says CIO Bryson Koehler. And much more. Plus business customers can buy custom information created by analytics. Insurers might want to see rain accumulation modeled against auto insurance claims.

“

derivatives that companies buy to offset expenses incurred as the result of weather. Dominating the market for weather forecasting services are The Weather Channel and AccuWeather, with market shares of 51 percent and 14 percent respectively, according to researcher IBISWorld. Both provide consumer weather forecasts and both vie fiercely for big-name business customers. The Weather Channel has Home Depot and American Airlines; AccuWeather has Lowe’s and Union Pacific. Smaller firms, such as Weather Trends International and CustomWeather, specialize in corporate accounts. Boutique weather companies focus on narrow markets, such as agriculture or energy. IT vendors such as CoreLogic and Planalytics offer weather information with analysis tools and services to integrate data from ERP, manufacturing and other IT systems. Most of these companies scoop up free data from the National Weather Service, whose mission is to protect life and property and enhance the national economy. But that’s just a starting point. The companies supplement that information with data collected

“

2014

The upside of analyzing weather data is potentially millions of dollars in additional sales.”

— Debbie S., Director, Category Development, Merck

Pharmaceutical companies can buy maps of air stagnation patterns to understand patient respiratory distress. Consumer packaged goods companies, logistics businesses, restaurants, railroads, amusement parks, financial services firms—the list of weather watchers goes on. Some analyze how past weather influenced customer behavior, hoping to discover useful tidbits for the next marketing campaign. For others, anticipating future weather can reveal worthy risks to take and ways to avoid problems that competitors don’t foresee. “Weather is the original big-data problem,” Koehler says.

Hot Competition Weather provides no shortage of business opportunities because it affects everyone. Demand will probably never ebb. As a result, the world of weather data is competitive, niche-y and expensive. Google recently patented a robotic device that analyzes weather and a personalized navigation system that suggests changes to driving routes based on the weather. Some players even sell weather 66

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

from their own systems and sensors, as well as from niche players. Then they run it through secret algorithms, interpret it and create new products. For example, AccuWeather’s Weather-Triggered Marketing service supplies a stream of data to help companies choose the best periods to offer a discount or increase inventory, for example, or to help them post social media updates that make sense given local weather conditions. Facebook friends in Miami don’t want to be bothered with Wisconsin’s ice storm. Custom services include analyzing item-level point-of-sale data against weather events to see patterns. AccuWeather says it can find relationships among local sales data and up to 200 weather variables. One gem: The topselling food during hurricanes is blueberry toaster pastries. This analysis requires a different kind of IT department. “Research and development is a huge piece of IT here,” says Steve Smith, chief digital officer of AccuWeather. Smith stacks his staff with data-scientist types who become experts on specific industries, such as railroads, retail or commodities trading.

VOL/9 | ISSUE/02

The posturing by these companies can be entertaining. In marketing material touting its forecasts of February’s snowstorm in the Northeast, AccuWeather dissed rival Telvent DTN for describing what turned out to be a record-setting storm as “brisk.” The Weather Channel, which holds 77 patents, proclaims, “The only thing more powerful than the weather is our ability to help you profit from it.” Still, there’s lots that can’t be foreseen about weather, and companies rightly worry about it. Satellites 23,000 miles up and sensors all over the ground—on portable weather stations, buildings, vehicles, mobile devices— take millions of observations at regular intervals that are analyzed by public and private weather organizations. But the band of space between Earth’s surface and orbiting satellites is where the wild stuff happens. Two thousand to 10 thousand feet up, weather changes. Winds die or cold fronts break up. Precipitation evaporates or the air warms. Conditions in the lower atmosphere make all the difference, says Randy Bass, a member of the aviation weather research team at the Federal Aviation Administration. The three to five inches of snow a broadcaster predicts for Wednesday turns into a foot dumped on an area where the temperature unexpectedly dropped 10 degrees. Then everyone says the weatherman blew it. Airline pilots and weather balloons transmit reports from that mystery band, but they aren’t enough. “There’s no good way to get data from there in the amount and with the timeliness we need,” Bass says. All of which makes weather a favorite scapegoat for companies that miss financial expectations. In recent conference calls with Wall Street, various executives cited weather as the reason behind disappointing sales of sandals, green beans, doughnuts, books, airline tickets and auto parts. In its latest annual report, FedEx issues a broad warning to investors: “We are particularly vulnerable to the physical risks of climate change that could affect all of humankind, such as shifts in weather patterns and world ecosystems.” Nothing like covering every base. But with so much data available, often for free from the federal government, and with so much computing power on hand to crunch it, companies won’t be able to claim to be surprised by the weather anymore, says Al DeChellis, a supply-chain consultant and former VP at Alberto-Culver. “If you’re selling seasonal products and you’re not using weather data, you’re not doing your job.”

Seeing Through the Fog At Alberto-Culver, which is now owned by Unilever Group, DeChellis pioneered the use of weather data 8 years ago to sell one product: Static Guard. The spray can of chemicals to get rid of annoying static cling is a seasonal product, but not in the way people assume, he says. Cold weather isn’t the culprit; relative humidity is. If humidity sinks to 50 percent for at least three weeks, static electricity builds to levels that make a skirt stick to a woman’s pantyhose.

VOL/9 | ISSUE/02

YOU

Weather Forecasts for

Real-time analytics will enable customized weather reports anytime, anywhere.

Lots of mobile phones come pre-loaded with weather apps from AccuWeather or The Weather Channel. But the companies want to go beyond local forecasts, which anyone can get by typing in a ZIP code. They want to combine sensors and geolocation technology to provide personal weather reports. Using real-time analytics, weather companies intend to combine data about where someone is standing with other information, such as the air pressure and temperature, collected by sensors in the phone. The result will be a forecast tailored to the mobile phone customer as he moves around during the day. He could also query the data to find out, for example, the chance of rain at the company softball game he’s about to play. First, however, systems for data collection and the speed of analytics will have to improve to make personal weather forecasts possible, says Steve Smith, chief digital officer of AccuWeather. But his company is working on it. Smith also envisions collecting weather data from cars in motion, such as when wipers go on and when anti-lock brakes kick in.“That’s how you get to something actionable and relevant to you,” Smith says. “We change weather from a commodity to something of value.”

DeChellis’ team worked with Planalytics to correlate dry air to consumer sales by geography and convinced some retailers to pay more attention to Static Guard, he says. In the Chicago market, REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

MANAGING CONVERGENCE

Survey - CIO YA - 2014

Data center virtualization, cloud computing, and advanced services are all converging; and the result is a management mess. CIOs and their teams are grappling with this complex environment. One way out is to connect key network and IT performance indicators to real business metrics, and to do so over a single dashboard that monitors and helps isolate problems. Of course, barriers exist in the form of legacy integration, skilled resources, and budgets.

WHAT ARE THE BUSINESS AND OPERATIONAL OBJECTIVES OF YOUR ENTERPRISE NETWORK?

WHAT DO YOU EXPECT NETWORK MANAGEMENT AND MONITORING TOOLS TO ADDRESS?

15% Increase revenue by enhancing availability and performance

Fault and availability monitoring

19% Reduce expenses with better resource utilization

14%

15% Reduce risk with compliance

Change, configuration & compliance automation

19%

Performance Monitoring

46%

9% Prove accountability by meeting SLAs 15%

Automated administration

13%

Manage change without disruption 27%

All of the above

66%

use multiple tools to manage and monitor network

WHILE

22%

use a single, comprehensive tool to manage their networks

BUT

89%

of enterprises use single, comprehensive tool to monitor and automate IT operations

WHAT ARE THE BARRIERS TO MAXIMIZING ROI FROM EXISTING TOOLS? 19% Inadequate skilled resources 20% Unused functionalities 9% Effort to run multiple tools 26% Legacy integration 11% Need to upgrade Infrastructure 2% Others 13% No barriers

40%

of CIOs felt cost is the biggest barrier to switch to a different network management solution

DO YOUR COMPREHENSIVE TOOLS LEVERAGE AUTOMATION, COLLABORATION, INTELLIGENCE, AND UP-TO-DATE DATA IN SUCH A WAY THAT VALUABLE RESOURCES ARE USED WHERE THEY ADD THE MOST VALUE? Yes

43%

40%

92% of CIOs say that a single dashboard that monitors all IT operations speeds up the time to isolate and fix a problem

No single tool provides such functionality

17%

84%

DOES YOUR ORGANIZATION BUDGET FOR CONSOLIDATING DISPARATE IT TOOLS AND INTRODUCING STANDARDIZED PROCESSES?

CIOs would invest in a solution which dynamically and automatically discovers and correlates different data that impact business services and metrics to indicate availability and performance

28%

72%

Yes

WHICH FACTOR IS THE MOST CRITICAL FOR YOUR TEAM TO PRIORITIZE EVENT HANDLING?

This Survey is brought to you by IDG Services Group in association with HP

23%

77%

Time taken for resolution

Business impact

2014

Making It with Big Data

for example, salesmen sometimes convinced retailers to promote Static Guard two or three times per year, rather than just once. “We considered it a major win,” he says. Scott Jean, chief actuary at EMC Insurance, is something of a weather detective. He knows hail is a big deal in the Midwest. So are homeowners’ claims of hail damage: Hail accounts for about 30 percent of the company’s homeowners’ claims, and payouts have been increasing, he says. As the recession hit the US in 2009, Jean noticed an uptick in hail claims. He suspected the involvement of storm-chasing opportunists who call on homeowners after a bout of hail and, for a fee, inspect their roofs and help file damage claims. “They will find something wrong with a roof that could have been there 10 years before we insured the homeowner,” Jean says. With hail data supplied by CoreLogic and Doppler radar material pinpointing hailstorms to specific dates and locations, EMC Insurance can catch errant claims. But the insurer drills down further to consider the size and intensity of a hailstorm as well as the age of the roof. “Pea-size hail won’t do damage to a good

facilitate access to useful data, but they can also help the company create new products or services. Or help streamline operations. No one can predict the weather correctly all the time, but getting a peek at what’s coming can help the business, Davenport says. “You can’t control it, but you can control for it.”

When Disaster Strikes Sears faces troubles in retail overall, but the national chain brought its size, experience, business relationships and technology to bear in its successful response to the Nemo winter storm in February. As Nemo developed, the crisis command center at Sears headquarters jumped into action, says Raj Penkar, president of supply chain at Sears Holdings. Established in 2010, the command center runs seven computer monitors tracking various data and information. From local and national news feeds, Google Earth and other sources, Sears created maps of the affected areas, color-coded according to expected severity. Red is bad, and there was a lot of red on Sears’ Nemo map. Staff members from the risk management, facilities, corporate communications, inventory management,

Using real-time analytics, weather companies intend to combine data about where someone is standing with other information, such as air pressure, collected by phone sensors. The result will be a forecast tailored to the customer as he moves around during the day. roof, but a storm chaser will say otherwise,” he explains. “We can argue reasonably that it didn’t occur.” Whether the guy who inspected the roof is dishonest or just mistaken, EMC Insurance doesn’t want to pay bad claims. Homeowners insurance isn’t usually profitable for insurers, but Jean thinks it can be, with judicious and methodical analytics, of which weather is a key piece. “We should be able to be profitable without overcharging consumers,” he says. Advances in analytics technology in the last several years, combined with plentiful weather data, allow such analytical creativity and exactitude, says Tom Davenport, senior adviser to Deloitte Analytics and professor at Harvard Business School and Babson College. IT organizations are good at excavating data from internal systems and using technology tools to combine it with outside information. But some IT groups aren’t as good at understanding the context in which the material will be used, he cautions. With weather data, such insight is important. Not only do CIOs want to 70

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

logistics, transportation and IT departments together made decisions about employee safety and store operations, Penkar says. As reports about Nemo made it clear the storm would be a whopper, Sears scanned its inventory, store and warehouse systems to get the latest data on product stock levels. The crisis team figured out what extra inventory would be needed and how to move it closer to the trouble spots. Sears put extra snow blowers and generators, among other “recovery” products, in or just outside affected areas, ready to go to individual stores as Nemo passed. In some areas, once the roads were clear, Sears asked suppliers to truck inventory directly to Sears stores in New England, bypassing the usual stops at regional distribution centers. Of course, Home Depot and other competitors were doing the same thing, Penkar notes. “When something like this happens, everybody needs trucks and vendors,” he says. “Not to be negative, but we all try to help customers and at the same time, we’re all trying to run a business.” In the days leading up to Nemo, Sears had a supplier reroute

VOL/9 | ISSUE/02

four truckloads of generators in Atlanta up to the Northeast. A supplier in Wisconsin held six trucks of generators for Sears to pick up. The evening before Nemo hit full-on, Sears issued a press release about stores stocked with the right equipment. The release also noted that people could expect two inches of snow per hour and winds of 50 mph, and that Sears offers convenient in-store pickup of online orders. Each day, Sears managers received several “LogHot” e-mail alerts showing the severity of the storm. The alerts included maps of the storm’s predicted path and the number of stores and distribution centers that could be affected. Key personnel carried special cellphones reserved for storm communication. Field employees updated a private wiki with on-the-scene information. Entries from staff at Sears’ Gouldsboro distribution center, for example, included notes on roads that had been shut down, regional delivery centers that had been closed and stores whose delivery trucks weren’t unloaded due to the storm. Sales figures from that period are one way to assess Sears’ agility in handling the storm, Penkar says, but more importantly, “The right product [was] there, that our customer needed.” DHL Express prides itself on its intense focus on how weather affects customer satisfaction. DHL analyzes feeds and data from, among other sources, the National Weather Service, partner airlines, airports, AccuWeather, The Weather Channel, and a hive of organizations that specialize in weather as it affects flying. Its three network control centers in Cincinnati, Germany and Hong Kong are staffed 24/7. The data never stops. Of course, Mother Nature can be tricky. “Sometimes you can look at it too closely and make decisions off one 5-minute data set, and the next thing you know, the weather’s gone,” says Mark Becker, director of the network control group at DHL Express. What guards against that? “Experience,” Becker says. Most of his duty managers and controllers have 20 or more years on the job. Visibility, as you might imagine, is DHL’s watchword as it manages the 3,000 flights per day carrying packages to its customers in 220 countries. Betting correctly that airports would be a mess in the Northeast after Nemo, DHL flew its planes out of major airports before the storm, keeping them at its hub in Cincinnati. The contingency routing decisions were based on experience, terabytes of data, and IT systems to model scenarios. The process is worlds better than it was years ago when weather information was scarcer, says Cobb, the VP of hubs, gateways and network control. In the past, “you would see the 6 o’clock news, the 11 o’clock news and make decisions,” he says. Even now, working with incomplete and sometimes wrong information can’t be helped, he says. “Each situation is unique. What we try to do is mitigate risk.” DHL faced its most unusual weather challenge in 2010. A large volcano in Iceland started to erupt in April of that year, after 200 years of quiet. Soon a giant cloud of ash covered surrounding countries, at times up to seven miles high. Government officials shut down most of northern Europe’s air space for eight

VOL/9 | ISSUE/02

days in April while the cloud lingered, and sporadically in May as parts of it drifted back. Worldwide, 104,000 flights were canceled during that period, up to 19,000 per day. As the cloud broke up and parts of it drifted unpredictably, air safety officials had to react to the changing situation. Even when they opened the skies to planes, DHL had to determine for itself whether and how to fly. “That was dynamic,” Cobb says, understating the tension of those days. A DHL plane was one of the first to fly into western European airspace when the sky cleared, a move worth a lot to its reputation and, therefore, its business, Cobb says. “The passion of this company is to be the last out, first in,” he says, adding that the company’s market share increased afterwards.

Removing the Emotional Factor Making the best decisions in the moment with imperfect information challenges even the smartest managers, Davenport says. You try not to sully the statistics with biases or inaccuracies as you use them to conjure scenarios and play out ideas, he says. But that’s a particular danger when using weather data, says Koehler, CIO at The Weather Channel. “Telling the story of weather,” as he puts it, is often how even the most accurate forecasts get mangled. The Weather Channel has written a lexicon to translate weather numbers into language that consumers of the information can understand. For example, when the probability of precipitation is 60 percent or more, forecasters say “likely.” When it’s below 60 percent, they say “chance.” Back at Merck, Sonnentag cautions her team not to get carried away adding subjectivity to the weather data they use. People “tend to be emotional” about the weather, she says. Before Merck used weather facts, people would attribute up or down sales to whatever local weather they happened to experience, she says, “even though that was based on a single market, sometimes a single day.” Hard data removes subjectivity. Meanwhile, she hopes her second bet, on a prolonged allergy season this autumn, will pay off. For about the same amount of time that spring weather was delayed by this year, nice days are expected to continue into the fall in the Northeast. Look for a warm October, they say. So Merck plans to promote Claritin more than it normally does in the autumn months. Sonnentag has faith in her weather data. Planning for the summer core of allergy season “is easy: Have everything everywhere,” she says. “But stepping into and out of the season, we’re really finessing that this year.” The risk is that weather will shift and Merck will have overstocked Wal-Mart’s distribution centers. Merck could lose money if it has to truck a lot of unsold Claritin back home and throw out expired lots, she says. She’ll know in a few months. CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Making It with BYOD

2014

Rescue I.A.M TO THE

With the arrival of BYOD, security leaders are turning to IAM technologies to ensure that lost or stolen smartphones and tablets can’t be misused.

hat do smartphones and corporate credit cards have in common? Very soon, both will be monitored by employers in an effort to detect abnormal or otherwise suspicious patterns of activity. In the age of bring-your-owndevice (BYOD) policies, companies are turning to techniques like these to manage access from smartphones and tablets to their internal systems and to confirm the identities of the people using them. Intel estimates that almost 30,000 employee mobile devices access its systems daily. To keep that growing crowd under control, the chip maker’s IT department early this year adopted a new approach to mobile device authentication that uses what’s known as the “granular trust model.” When an employee attempts to log in to company applications from a mobile device, the system takes into consideration where the user is, what device he’s using and what the employee is trying to access—basically calculating a ‘risk rating’ for the request. Using a trust calculation, the technology determines whether the requested

BY STACY C O L L E T T

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with BYOD

“

Credit card companies look at my patterns as a buyer and how far out of those normal patterns I am, and they may send me a fraud alert. We want to do the same things over time with our compute infrastructure.

“

—Malcolm Harkins, Chief Security and Privacy Officer, Intel level of access is appropriate. So far, 9,000 devices are using Intel’s trusted application portal, which allows users to access applications and supports the granular trust model. That number is growing weekly. “Credit card companies look at my patterns as a buyer and how far out of those normal patterns I am, and they may send me a fraud alert,” says Malcolm Harkins, vice president and chief security and privacy officer at Intel. “We want to do the same things over time with our compute infrastructure and leverage the patterns of where you’re at and what you’re trying to do—what device you’re on and to some extent what you’ve done before as a way to manage the risk and enable the user. We’re at the beginning stages of that journey.” Growing and diverse security threats, along with the proliferation of personal mobile devices in the workplace, are pushing IT departments to find unique approaches to identity and access management. So far, there’s been strong demand for products with strong multifactor authentication and federated or single sign-on capabilities in the $4.8 billion (about Rs 28,800 crore) identity and access management (IAM) systems market, which is expected to grow to almost $6.4 billion (about Rs 38,400 crore) by 2016, according to IDC. The research firm calls these types of offerings “bring your own identity” systems. “We’re seeing a shift from impressed to expressed identity,” says IDC analyst Sally Hudson. “The devices [we] use tell about the behaviors we choose to exhibit and define us in various settings. So you can collect a rich identity profile on somebody just by being able to profile what they access most often, their geolocation, what products they buy, what services they use and their social connections.” Intel’s granular trust model is somewhat unique because it integrates multiple technologies, such as risk-based authentication and geolocation. Gartner analyst Gregg Kreizman says lots of vendors have products with some of those capabilities. 74

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Proximity to Replace Ppasswords Intel’s next goal is to eliminate passwords by using so-called proximity technologies. Maintaining multiple passwords across multiple sites and applications is a beast of an issue for Intel, but Harkins is starting to see emerging technologies that could enable IAM products to use contextual data to verify users’ identities with the help of voice, biometric and facial recognition systems. “If my phone is proximal to my laptop, my wireless is on in the building, I badged in this morning to the building, the [laptop] camera sees me, the mic can hear me—why even ask me for a password?” Harkins says. “When you start tying those elements together, I think that ends up being a stronger multifactor authentication that’s more resistant to advanced persistent threats or misuse by someone who’s gained physical control of the deviceand a much better user experience because I don’t have to remember all of those passwords or go through all that complexity.” If an employee wanted access to highly sensitive data on a system, a policy setting could be put in place that authenticates the employee but still asks for an extra level of security, such as a onetime password sent to his smartphone that can be used as another authentication mechanism, Harkins adds.

Preventing Against Device Loss and Theft Proximity technology could even prevent devices from being lost, stolen or tampered with, Harkins says. Many employees forget to lock their computer screens when they leave their desks. With proximity technology, Harkins foresees screens locking automatically when an employee walks 10 feet away. The device would know that the employee was out of range because her employee badge or smartphone would go with her. When the employee gets 100 feet away, the device would be automatically encrypted. Such technology exists today. It’s now a question of integrating multiple technologies and coupling that into the company’s infrastructure for policy decisions.

VOL/9 | ISSUE/02

“We’re moving toward more contextual and adaptive-based authentication,” Kreizman says. “Things that mobile devices now help support—such as cameras in the phone or tablet, the voice interface and voice biometrics, GPS, touchscreen interfaces, cell tower location, IP address—are coming together to reduce the friction for users, and we’re moving toward this notion of not having to overtly authenticate.”

Rules to Follow There are still some wrinkles that need ironing out. For starters, IAM systems aren’t easy to deploy at companies with BYOD policies because not all devices, operating systems and platforms are created equal. “If I’ve got Handheld A, and I don’t trust it as much [as other devices] then I’m going to let it have access to [only] certain apps and data,” Harkins explains. Employees must also agree to some oversight of their devices. At Intel, employees have to sign a service agreement before using

Blues BYOD

What’s a CIO to do when employees leave? We tell you.

The bring your own device (BYOD) trend is gaining steam, thanks to the cost benefits and increased productivity that can come from allowing employees to provision their own technology. Mobile workers are more likely to put in more hours, so if your employees want to buy their own equipment and do more work on their own time, it’s a win for the company. At least, a BYOD-practicing workforce seems like a win right until you have to let one of your BYOD workers go and there’s no easy way to ask if you can please see their tablet for a moment because you want to check if there’s anything on their personal device that doesn’t belong to them. As more workplaces embrace BYOD practices, they’ll increasingly confront the question of how to balance the benefits of a selfprovisioned workforce against the risks of company assets walking out the door when workers are let go. What can IT departments currently do to minimize risk when BYOD-practicing employees are laid off? What practices and policies can they put in place to make future departures as smooth as possible? What You Can Do Now It’s a fact that some data always walks with the employees: E-mail

VOL/9 | ISSUE/02

a personal device at work. They must agree to the company’s terms for conduct, software licensing and information security policies. Employees are also warned to keep personal data separate from corporate data by creating separate partitions or data containers. “If it’s lost or stolen, or if they leave the company, we’ll have to remotely wipe it—which could be a problem if they’ve mingled corporate stuff with personal stuff,” Harkins says. Employees must also equip their devices with special apps that can be download from an internal application portal—much like an app store, but with guidelines on what they can download based on their use history and what additional security features they might need if they will be using the device to access sensitive company data.

Federated and Single Sign-on Sales of Web single sign-on and federated systems, or single signon systems for partners or regular outside visitors to a network, are

addresses of business contacts, or knowledge of the organization’s key business practices and initiatives. In the old days, people slipped files into their briefcases. Digital files just mean that copying and moving information can be done quickly. Rick Veague, CTO of IFS Technologies, says that you can sift structured communications data into three distinct categories: E-mail, files that could contain company information, and mobile data. Once you’ve sifted out the data, you can figure out whether your soon-to-beex employee is really in danger of walking out with the company’s assets on a tablet. “Mobile data is a big problem, so it’s time to start compartmentalizing risks. This way, you can find a balance between the benefits of a [BYOD] workforce and the risks,” Veague says. Plan for the Future If your company is in the happy position of not having to lay anyone off in the near future, then you have time to get a game plan together. Here is a rundown of policies and practices you should consider implementing to make the unfortunate event go more smoothly, while mitigating company risk. Have a written BYOD policy. This is a simple idea in theory, but not an easy one in practice. For managers looking to establish a BYOD policy, here are some of the issues to consider: Defining “acceptable business use” for the device, such as which activities are determined to directly or indirectly benefit the business. Defining the limits of “acceptable personal use” on company time, such as whether employees will be able to play Angry Birds or load their ebook collection. Defining which apps are allowed or which are not.

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with BYOD

Defining which company resources (e-mail, calendars, and so on) may be accessed via a personal device. Defining which behaviors won’t be tolerated under the rubric of doing business, such as using the device to harass others on company time, or texting and checking e-mail while driving. Listing which devices IT will allow to access their networks. It helps to be as specific as possible with models, operating systems, and versions. Determining when devices are presented to IT for proper configuration of employment-specific applications and accounts on the device. Outlining the reimbursement policies for costs, such as the purchase of devices and/or software, the worker’s mobile coverage, and roaming charges. Listing security requirements for devices that must be met before personal devices are allowed to connect to company networks. Listing the what-ifs, including what to do if a device is lost or stolen, what to expect after five failed logins to the device or to a specific application, and what liabilities and risks the employee assumes for physical maintenance of the device. Try to Keep Data Off Local Devices When choosing applications and services, make sure a lot of data can’t be downloaded and saved to local devices. One of the keys to minimizing risk in a BYOD workplace is restricting user access to networks and central repositories. You’ll want to find tools that can sync

expected to reach $1.5 billion (about Rs 9,000 crore) this year and make up about one-third of all IAM system purchases by 2016. At HMS, which offers information and services to help healthcare providers minimize erroneous payments, CSO Scott Pettigrew knew a security upgrade was inevitable because the company has grown rapidly. Security requirements spelled out in regulations governing the healthcare industry mandate that every account be automatically disabled every 30 days, requiring the help desk team to spend much of its time reissuing access rights to temporary staffers. The company used to manually keep tabs on the access rights of its portal users. But the portal is used by almost 20,000 outsiders, including more than 500 temporary employees working on Medicare claims and verifications, so provisioning processes began to take up a lot of time and it became nearly impossible to remain compliant with the Health Insurance Portability and Accountability Act. “To meet those regulations, you’ve got to have some sort of identity management suite to make sure you’re deleting people off your systems and taking away their access [in a timely way],” says Pettigrew. 76

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

all user data to a central account that an administrator controls access to. You’ll also want to find ways to place intermediary technologies between the company network and employee devices. It will ultimately reduce IT’s workload and add a layer of security to the company’s networks. “If you mobile-enable users and they have access to your enterprise data in an unrestricted fashion, you have to actively manage that device, which is difficult to do,” Veague says. You’ll also want tools that let an administrator remotely wipe or delete an account. This way, former workers can maintain their device, yet they will no longer have access to their old accounts in certain apps. Find applications that minimize the amount of data that’s downloaded to any mobile device, Veague suggests, and follow this rule of thumb: “If you can’t access the app, you can’t access the data.” If this rule is followed, then all an IT admin has to do when an employee leaves is shut off the individual user account; the data remains safe. Do Sweeps Regularly One of the downsides of a self-provisioning workforce is that not every worker is going to be as assiduous about application updates, security measures, and backups as a dedicated IT professional is. So have IT step in and do regular security check-ups on any devices that are allowed to access company networks. Because security requirements will be written into any BYOD policy, users will know that their devices are going to be scanned and updated regularly.

—By Lisa Schmeiser

Today, HMS is working through a more than three-year overhaul of its IAM structure that combines identity, governance and federation capabilities. The new identity system is a central point for access requests at HMS. To manage external contractors, HMS is deploying two-factor authentication to close a gap in access by self-certifying users through access to registered e-mail. Users will be locked to one external device after being auto-enrolled in two-factor authentication. The process leverages existing identity information and technologies with two-factor certificates to maintain control of resources for non-captive users. Today, nearly 500 accounts are automatically provisioned or de-provisioned every month, and even the accounts of employees who leave the company are automatically disabled as names are removed from the payroll—a process that safeguards security by eliminating orphan accounts. “I feel like we’re ahead of the game” in terms of bleeding-edge IAM solutions in the healthcare industry, Pettigrew says.

Making a ROI Case While the benefits—safety, efficiency and simplicity—make IAM

VOL/9 | ISSUE/02

seem like a no-brainer, the cost of such systems can be hard to justify, says Pettigrew. “You can argue that you’re saving money, but the bigger [issue] is you’re not going to end up on the front page of the newspaper for violating some regulation and being fined millions of dollars,” he says. Indeed, in financial circles it’s a game of reducing fraud and paying less for technology than you could lose in a security breach or fine, Kreizman says. Depending on their companies’ security needs, IT departments will have to go beyond basic IAM implementations and link different channels together or monitor transaction behaviors, and that gets expensive, he adds. At HMS, Pettigrew is confident that password self-service and automated access tools are cutting labor costs, but he says the savings are still hard to quantify. To help sell the $4.5 million (about Rs 27 crore) project, he divided it into manageable phases, and the IT team showed some benefit to the business at the end of each phase. Intel has been able to measure some productivity improvements from BYOD and IAM. Harkins says most employees who use their own mobile devices report gaining an hour of productivity per week. He compares this ROI challenge to the transition from desktops to laptops. Companies transitioned to laptops “around the faith and belief that agility, flexibility and mobility would

enable creativity and enable the company to move faster, and it certainly has,” he says. But even in that case, he adds, “the financial ROIs were those semi-qualitative things.”

Privacy Issues Loom As more biometric ID systems, cameras, mics and GPS tools are used to authenticate users, privacy concerns will inevitably follow. “Privacy and security are like magnets,” Harkins says. “When they’re turned the right way, they’re perfectly binding because you need security to have privacy. But if you start turning one of them a different way, there’s a polarization that occurs because security can encroach upon privacy. That’s going to be the challenge: How do you reconcile the potential polarization between security and privacy?” CIO

Send feedback on this feature to editor@cio.in

Where Trends Come Alive!

WWW

V I D E O S

2014

Making It with Consumerization

SHOWING THE DOOR TO

Shadow IT IT, mobile, and security experts offer advice on how to minimize the risks associated with third-party apps and services as well as with employees using their mobile devices in the workplace.

ith the increase in cloud computing and BYOD in the workplace, it’s become increasingly difficult for IT departments to keep track of and manage software and hardware—and maintain a secure environment. So what can CIOs and other IT leaders do to identify and manage Shadow IT— software and hardware not directly under the control of IT—and mitigate the potential risks? Dozens of IT, mobile and cybersecurity professionals come together to find out. Here are their top six tips for managing Shadow IT in the enterprise.

BY J E N N I F E R LO N O F F SC H I F F

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Making It with Consumerization

Monitor Your Network

You need to keep an eye on your network to find out if or where you have a Shadow IT problem. “Regardless of whether employees use company-issued or personal (that is, BYOD) hardware, organizations need to identify where all their data resides—[in house], in the datacenter, at the edge or in the cloud,” says Greg White, senior manager, product marketing, CommVault, a provider of data and information management software. Then, “to quickly identify Shadow IT, you need to continuously monitor your network for new and unknown devices, comparing the list between scans to determine when new devices appear,” says Dwayne Melancon, CTO, Tripwire, a network security firm. “This can be incorporated into routine enterprise vulnerability scanning, a widely adopted security best practice,” Melancon says. “This approach will enable you to gather information about where new devices are on your network and detailed information on what kind of device they are.”

“

Establish Guidelines

Create rules around BYOD and apps/cloud services. “To accommodate the needs of business units, IT can create and share a list of approved software/applications beyond the standard issue software,” says Chris Smith, CMO, Zenoss, a provider of IT monitoring and management solutions. “This would enable business units making their own purchase decisions to be assured that the introduction would not cause compatibility or security issues,” Smith says. In addition, “IT should put processes in place that allows it to quickly approve/ disapprove new applications actively sought by business units.” “At BT, we have made a point of sharing the details of our BYOD strategy with our workforce so it’s clear what we can support and what areas we have to tread carefully due to business risk,” says Jason Cook, chief architect and CTO, US and Canada and CPG, BT Global Services. This allows workers to know upfront what is permitted and mitigates the risk of unapproved apps and devices being used, as well as security risks.

“

2014

Hold an amnesty on Shadow IT. A noconsequences, ‘stand up, own up and be counted’ strategy, without fear of retribution works. —Orlando Cowley, Security & Compliance Evangelist, Mimecast

Similarly, “you can process the log data from your current firewalls, proxies, SIEMS and MDM products to identify the cloud services being used outside of IT’s purview,” notes Rajiv Gupta, CEO of Skyhigh Networks, a cloud access security company. “This data can tell you which services are being used, who uses them, how often and how much data is uploaded and downloaded.”

Prioritize Risk

“Not all software/services used outside of IT control is bad,” says Gupta. “Leverage an objective and comprehensive registry of cloud services to identify the highest risk services in use and address those first,” he suggests. “Prevent access to these high-risk services by blocking them via your existing infrastructure (that is, firewalls, proxies, MDM solutions) or by identifying users and requesting they cease using the services.” 80

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Offer Alternatives

“Today’s workers expect to be able to find, view and use their data across locations and devices,” says White. “If enterprises don’t provide a secure solution for access to corporate data remotely, employees will find their own ways to manage information to work efficiently by using consumer products that can put the organization at risk,” he says. “By providing employees with secure, IT-controlled anywhere, anytime access to information on-the-go, they can reduce the risk of employees deploying outside products that are beyond the awareness, discovery and control of IT,” White says. “Your employees are using iOS and Android-based devices to access their work content remotely,” says Jeetu Patel, general manager, EMC Syncplicity. “So make sure that you give users mobile alternatives that either work with your existing mobile management platform or

VOL/9 | ISSUE/02

provide extensive security and policy controls to protect data on lost or stolen devices.” “IT organizations shouldn’t ignore BYOD, but should address this up-front with a solution that enables these employees to do all of their work securely on personal devices,” says Tyler Lessard, chief marketing and product officer, Fixmo, a mobile device software company. “If they don’t, they expose themselves to the risk of users working around policy and finding other ways to forward corporate documents, etcetera to their mobile devices,” Lessard warns. “Address [Shadow IT] head-on, in a strategic way, saying ‘yes’ to BYOD and giving employees a proper way to securely do work, rather than forcing them to find workarounds.”

Restrict Access to Third-party Apps

“Restrict your users’ access to applications such as Dropbox, SharePoint and SkyDrive among others,” says Christophe Boudet, managing director, Akita IT Services. “Most IT policies will prevent individual users from choosing the applications they are able to install anyway,” he says. “Further, clearly state in your IT policy that these services are not permitted, and provide your staff sufficient training so that the message is clear to them.” However, “blocking is not always the best approach,” argues Gupta. “Sometimes it can be more effective to identify the

users, help them understand the risks and suggest a low-risk alternative with equivalent functionality. People tend to find ways to get to sites and services they feel unjustly blocked from.”

Offer Amnesty on Shadow IT

“When identifying the threats of Shadow IT, you have two choices: First, your IT department can identify the traffic to and from third-party cloud solutions that deliver Shadow IT, like Skype, Box and Dropbox,” says Orlando Scott-Cowley, Messaging, Security and Compliance Evangelist at Mimecast, which provides e-mail management, compliance and archiving solutions. “However, this process is time-consuming, inaccurate and blocking entirely is almost impossible,” Scott-Cowley says. The better option: “Hold an amnesty on Shadow IT. A noconsequences, ‘stand up, own up and be counted’ strategy, without fear of retribution works—especially if you give users an opportunity to explain why they needed a third-party app and why your corporate platforms weren’t up to the job.” CIO

Send feedback to editor@cio.in

Where Insights Come Alive!

WWW

V I D E O S

2014

Making It with Collaboration

3 BIG SOCIAL MEDIA

BLOOPERS TO AVOID Many businesses fight an uphill battle in their enterprise social network deployment. Here are the three most common obstacles businesses face and tips for how you can avoid them.

According to research firm Gartner, 80 percent of social business efforts will fail through 2015—a disconcerting statistic for the 50 percent of all large businesses expected to deploy social networks in the next three years. A few of the reasons for the failures, according to Gartner Research Director Larry Cannell: Adoption and ROI expectations and a lack of executive support, he says. “Too many people just assume that an enterprise social network [ESN] deployment is going to be simple and that people will pick it up quickly,” Cannel says. “And that’s just not the case. Social is different from any other project you may have deployed, and you need to put in place certain measures to be successful.” Here’s a look at the three most-common enterprise social network mistakes and what you need to do to avoid making them.

BY K R I ST I N BU R N H A M

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

Assuming Adoption Will Grow Organically

“Just because an enterprise social network is simple and easy to use doesn’t mean you can build them and people will come,” Cannell says. “These tools are going to change how people work and you need to prepare them for that.” In the early planning stages, Cannell says, you need to determine how people are currently working and how an ESN will change that. “Partner with business leaders to understand what their jobs are,” Cannell says. “What information do they need to do their jobs and who do they work with.” Then, define clear reasons why employees will benefit from such a drastic—and sometimes uncomfortable—change in process.

Style Collaboration O&M

Rolled out enterprisewide, O&M’s collaboration tool has 20,000 employees, consultants and partners. That number is only increasing. We pursue knowledge,” advertising pioneer David Ogilvy once said, “in the way a pig pursues truffles.” Naturally when the IT team at the eponymous Ogilvy and Mather built a global knowledge-management platform in 1999, they called it Truffles. The system, containing every major client case study going back decades, became the foundation for day-to-day business at the agency, which is part of the WPP Group. But over time, technology passed Truffles by. Fewer and fewer of the company’s 18,000 employees used it. Those who did consulted it as a simple directory for phone numbers or client information. Instead of upgrading Truffles, CIO Yuri Aguiar and his team did a little digging of their own, and the result is a collaboration system honored with a 2013 CIO 100 award. First, IT and corporate communications interviewed 120 users around the globe and found that employees wanted a system that worked like their favorite social media tools. Ogilvy’s digital strategy group, which works with the agency’s clients, then identified several key requirements, including the ability to create groups with varying levels of security and privacy, and the ability for users

VOL/9 | ISSUE/02

“It’s not like you can just turn on a Yammer or Chatter network and people will come. Employees need to know what they’re used for and why they should care,” Cannel says. “They need motivation and an understanding of why they should want to participate.” A clear understanding of this, he says, is key to gaining adoption. Another key to success is embedding the social network into everyday workflow. Managers need to ensure the tools are part of how they get their jobs done every day, Cannell says, rather than just being destination sites. When business analytics company SAS deployed a pilot of Socialcast, it found itself in an enviable position: Adoption unexpectedly went viral as more than 1,400 employees signed up to use it. The reasons, according to its team: Executives were excited about the project, they properly trained their employees and

to post content without pre-approval from headquarters. Aguiar and his team built what they call their Social Intranet on Liferay’s open-source portal, hosted in Ogilvy’s private cloud. “We were able to bring in social media capabilities but make sure that when we shared things, it was in a controlled fashion,” says Aguiar. Top-Secret Sharing Rolled out enterprisewide in February, the system operates in multiple languages, with communities based on geography, client accounts and other interest groups. There are also differing levels of security controls. For example, open, searchable groups allow anything except licensed content to be shared. Some administered groups require employees to request access, like one for digital marketing analytics. Top-secret groups, like one that could include a new client’s pre-production smartphone design, allow only a handful of employees to join. “Those don’t even show up in search,” says Aguiar. To get employees to use the new system, Aguiar highlighted internal case studies, like the CEO of Ogilvy PR who moved one of his video blogs to the Social Intranet. Today 20,000 employees, consultants and partners are on the system, he says. Usage is up 600 percent compared to recent activity on Truffles. Improvements include multi-language search, so if you’re looking for a fuel expert, for example, the system knows to look for “gas” in the US and “petrol” in the UK. The intranet is also a gateway to key corporate applications. Aguiar is most proud of the teamwork: Business requirements from users worldwide, IT from California, architecture design in New York and North Carolina, alpha testing in England, development and testing in Mumbai and New York, language testing in Germany and China, and creative design in Singapore and New York. “We used global collaboration to get global collaboration.”

— By Stephanie Overby REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with Collaboration

promoted the project heavily within the company, they made it accessible to everyone, and they trusted their employees to use it properly.

Setting the Wrong Parameters for ROI

Any IT project needs to deliver ROI, but the one associated with an enterprise social network needs to be considered differently. “Your ROI argument is tied to how you expect to deploy the software,” Cannell says. “Sure, you can focus on things like how many people sign up and post, and that’s OK. But if you focus on the individual deployments and making employees actually like the tool, then more relevant metrics come into play.” Some of these more difficult-to-measure metrics may include things like handling more work with fewer people, streamlining processes and spending less time on trivial things like searching an intranet for an answer to a question. “You might not be able to anticipate what some of the most important benefits might be, but you can get the business to express them more broadly after they’ve gone through it,” Cannell says. At TD Bank Group, one of the most significant ROIs was realized with its deployment of a solution to 50,000 users: Some business units saw a drastic reduction in e-mail, by as much as 40 to 1, according to Wendy Arnott, TD Bank’s vice president of social media and digital communications.

Underestimating the Power of Executive Support

Gaining executive buy-in and using their participation in the enterprise social network to set an example for the rest of the company is essential to the success of the project, Cannell says. But this can be challenging. “If you’re starting small and building the system out, these projects don’t usually start out as a big line on an exec’s radar,” he says. “But business execs need to understand the goals and support them. Senior management is key to motivating people to participate in these communities,” he says. At Rosetta Stone, for example, CIO Pradeep Mannakkara had full support from executives when he deployed Salesforce’s Chatter tool. When Mannakkara pitched the project to the executive team, he focused on it as a communication tool that would achieve better productivity. He highlighted how employees wanted to hear more from the executive team, and this was an easy way to get the job done. “Part of it is just having executives get exposure to the technology and others who have seen it work,” he says. “Then they’re not as afraid of the technology.” CIO

Send feedback on this feature to editor@cio.in

Where Research Comes Alive!

WWW

IN ASK A QUESTION

WEBINARS

2014

BROUGHT TO YOU BY

Making It with SDx

SOFTWARE DEFINED

Datacenter GOES TO WORK eBay and PayPal, undergoing rapid change in their DNA, adopt OpenStack and network virtualization to attain new levels of agility. Could this be your datacenter soon?

When eBay wanted to build a software-defined datacenter for its internal cloud, it chose OpenStack to help manage it. Just two years after the Open-source cloud management software was introduced, eBay decided it was ready for deployment, at least on a trial basis. “We’d been looking to virtualize our network for a while,” says JC Martin, cloud architect for eBay Marketplaces, who selected one of the vendors with the OpenStack. “A community-supported solution that can automate end-to-end creation of a private cloud with virtual networks was just what we were looking for.” They started by building a small experimentation environment for eBay Marketplaces, enabling developers to spin up test networks on demand, then deprovision them when they were no longer needed. eBay software from OpenStack members to create virtual private clouds for different classes of users—for example, one for developers, another for external experimentation with full access to and from the Internet, says Martin. Each virtual private cloud has different capabilities depending on which virtual network they have access to. “Based on the class of service, we can filter out traffic and enable or disable features,” he says. “We can also allow

BY DA N T Y N A N

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

Making It with SDx

other organizations within eBay to have their own isolated private cloud environment and define what kind of access or control they want for their users. It’s a way for us to implement the equivalent of physical environments on top of a shared infrastructure.” By the end of six months, more than 1,500 eBay developers were accessing the internal cloud. Soon, eBay plans to have a large percentage of its internal infrastructure on the new platform, says Martin.

PayPal catches the wave Martin’s colleagues at eBay’s sister company PayPal couldn’t help but notice the small revolution underway across the virtual halls. OpenStack also fit neatly into many of PayPal’s guiding principles: It is open source and thus would not lock the online payments company to a particular vendor. It had a strong

“

provisioning, is seven days. And while using software to automate provisioning played a big part, it wasn’t the only factor. The team also simplified and eliminated process handoffs between multiple teams, with the goal of offering a self-service option to developers enabling them to execute in minutes.

Completing the Virtualization Puzzle eBay’s and PayPal’s move to SDN is part of an enormous paradigm shift that began with the rise of virtual machines. Virtualization has already revolutionized the compute and storage pieces of the IT puzzle. Now it’s networking’s turn. Open source cloud management platforms have typically been used by telcos, cloud service providers, and labs and universities; now they’re starting to gain traction in the enterprise, says Aneel Lakhani, a research director at Gartner.

“

2014

We are trying to make a datacenter operating system agnostic of compute, storage, network, and hypervisor. Our goal is to make a platform that enables agility, agility, agility. —Saran Mandair, Sr. Director, Platform Engineering & Ops, PayPal

development community following industry best practices, and deploying it would allow PayPal to leverage eBay’s investment and growing expertise. “We saw OpenStack as a way to help us get products to market faster than our competition,” says Saran Mandair, senior director of platform engineering and operations at PayPal. “We’ll do whatever we need to do to enable agility, availability, and choice to accelerate innovation for our business and developers.” PayPal is still piloting its first software-defined networks, but it has already put OpenStack to work, running its digital wallet and other customer-facing apps on an Open- Stack-managed cloud since January of 2013. “At PayPal we handle $5,277 in total payment volume (TPV) every second in Q1 2013,” says Mandair. “The front-end Java application stack is currently powered by OpenStack. There are ongoing execution plans to extend this to the rest of the infrastructure in PayPal this year.” But it was on its internal development network where PayPal saw the most profound changes. In 2012, it took the company an average of 49 days to provision infrastructure for new applications in production, says Mandair. Now, running on the OpenStack cloud, the average onboarding time, including infrastructure 86

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

“We’re beginning to see enterprises do pilots and small-scale deployment of open source cloud platforms, with a few leadingedge orgs already at large scale,” he says. “The main driver is economics. It can be cheaper over the long haul in certain use cases to do it yourself than rely on public cloud providers or pay license fees for proprietary commercial software.” The integration of software-defined networking is a significant maturing point for any open source platform, he adds. “The ability to cheaply replicate a Web-scale cloud environment, as well as recent support for multiple networking and storage options, makes it much more interesting to customers.” “The main reason we are using OpenStack Quantum is to provide an abstraction on top of the capabilities of SDN,” says Martin. “We have a multi-vendor policy at eBay. We regularly evaluate our technology providers and want to keep our options open.”

Cloud Formation At this point only a handful of large enterprises have deployed SDN and OpenStack on as large a scale as eBay and PayPal. That means the pair had to blaze a path through some unknown territory. For PayPal, the biggest technical hurdles it encountered were availability and performance at scale, says Mandair.

VOL/9 | ISSUE/02

“We had to build some custom solutions to meet our highavailability needs,” he says. “And some performance tuning issues that aren’t visible when running OpenStack on a small environment become more evident as it scales. There was not a lot of help available from the community on that, so we had to chug through most of that ourselves.” Still, technical barriers were outweighed by business, process, and cultural issues. Adopting automation software is a nice way to automate your network and infrastructure, says Martin, but it isn’t enough. You also need to reengineer your business and software processes. “The main hurdle is to solve your process issues first,” says Martin. “I like to say, simplify first, automate next. If you try to take an as-is situation and make it self service or otherwise automate it, you can run into a lot of issues.” For example, Martin says in order to automate its processes eBay had to revise how it performed change management. Originally, every change request was required to go under review; now instead, the software making the change has to be approved. “That’s the type of reengineering we had to do to enable automation and agility,” he adds. It also meant reengineering eBay’s IT workforce and thinking outside traditional organizational boundaries. “When you need to debug a problem on virtual network, you need expertise in servers, networking, and security,” says Martin.

“The question is, do you ask people from those three organizations to collaborate, or do you find people who are proficient in all three domains? We’ve found it’s more efficient to have well-rounded people who have a good understanding of all three layers.”

Agility is Key Mandair says the key to a successful deployment is to think big, but execute small. “From a technology perspective, I think you should have huge aspirations, but when it comes to execution you want to narrowly define your focus,” he says. “Our initial plan was to take one specific app from our site and automate it end to end. We didn’t try to do it for 10 apps at once. Once you exercise that muscle, you can expand it to other applications. But if you start out with too broad a focus, your execution won’t be as smooth.” The ultimate goal is to enable businesses to stay competitive by moving at the speed of innovation. For most enterprises, the bottleneck isn’t computing power or creativity, it’s inflexible infrastructure. “We are trying to make a datacenter operating system agnostic of compute, storage, network, and hypervisor,” says Mandair. “Our goal is to make a platform that enables agility, agility, agility.” CIO

Send feedback on this feature to editor@cio.in

Where Discussions Come Alive!

WWW

WEBINARS

Parag has over 20 years industry experience of which nearly 17 years has been with HP, Compaq and Digital Equipment. In his last role with HP, Parag was heading the public sector. An alumnus of National Institute of Technology, Kurukshetra, Parag has also headed verticals such as telecom, media and entertainment at HP India. â&#x20AC;&#x201D;Parag Khurana Managing Director - India & SAARC F5 Networks

CREATING BUSINESS

DIFFERENTIATION F5 promises to speed application rollouts and simplify deployment, even if enterprises havenâ&#x20AC;&#x2122;t adopted SDN. BY G O PA L K I S H O R E

2014

ADVERTORIAL AND PROMOTIONAL FEATURE F5 NETWORKS

F5 recently announced Synthesis. What’s the premise of this solution?

Increasingly, there’s a need for dynamic, agile, and flexible environment where applications can be deployed with just a click. Therefore, we have witnessed tremendous amount of work that has happened in virtualizing application space, storage and compute. It’s only now, that network has started to join the fray with concepts like SDN. However, the impetus still lacks in the stack from Layer 4 through Layer 7. To complete the vision of agile, flexible software-defined datacenter, services also need to be provisioned in these layers. It is this consolidation of Layer 4 to 7 services, helping enterprises move away from managing devices, is what we’re targeting. Why is it strategic to F5?

Our customers tell us that they are aware that there still is some ground to cover before something as this can be delivered. But as we’ve been developing point products like TMOS and iRules and BIG-IQ - our orchestration automation system - we’ve also been integrating the whole thing around a complete value proposition. F5 can now offer that capability to CIOs to quickly deploy apps wherever – in cloud, across global datacenters – and secure them well enough. We believe that orchestration is critical. The BIG-IQ was a critical stepping stone for us to that effect. We’ve also been introducing simplified business models and licensing as well, which is very much associated with the whole concept. What does this allow CIOs to do in the data center that they can’t do today?

Though there are different solutions for network virtualization in the market, CIOs should be able to orchestrate their environments seamlessly. They would be able to design their environment and instantly deploy all the application services tied to that application and network. And this environment can be up and running in minutes, whether on cloud or on-premise. From the technology perspective, we consolidate the services. Our technology packs in multiple services inside that relate to performance, availability, security, mobility and more. Depending on service and application needs, we can automatically stitch these services together in one instance. This reduces device sprawl phenomenally. It also reduces the cost of infrastructure and overheads to manage several devices. Our TCO models show that depending on the solution, CIOs can get anywhere from 50 percent to 80 percent total cost of ownership reductions. Will this help CIOs create a business differentiation and get ahead of the curve?

It really comes down to four things. One is the business benefit of

application velocity, helping customers deploy apps quickly. But obviously, that means that they have to be available, reliable, secure. They need to perform in all those characteristics. The second thing we do is really increasing IT capability. We give you a platform that is hardware, software and cloud, so that allows you to deploy your applications wherever you want and you’re not making a hardware or software decision. You have a common platform, and you can deploy or let your apps sit, if you will, where they work best. We talked a little bit about the third benefit, which is reduced total cost of ownership. The fourth major benefit is really the future-proof environment. What I mean by that is we not only work with open industry standards and open technologies, but we are highly extensible. We open up our control plane, our data plane and our management plane. So if you need to do something, you need to build a service that doesn’t exist, that a vendor hasn’t delivered, we allow you to do that. One of the technologies we use is called iRules. Over a third of our customers tend to deploy iRules when we look at sample data. So that means you yourself can create business differentiation. Where the industry may not be doing it, you can do it for yourself. SDN is a fairly emerging trend, although it gets a lot of press. Is there value for them in this Synthesis architecture before they even get to SDN?

Definitely. Take the DDoS reference architecture that we’re talking about. That doesn’t need to be in an SDN world. I mean that can be basically in data centers today. The beauty about having that sitting on top of Synthesis is that it allows us to really talk to the customer in terms they understand, about things they have issues with and relate to. It also makes it easier to implement. We’re not waiting on product being available from our partners to do this. This is something that can happen in the data center today. As customers deploy SDN, it gets even better, because it makes that deployment even easier from a customer perspective, because that extends into the Layer 2-3 world as well. To put a little bit more context around it, since we abstract ourselves from the network, [it works] any which way you can get a network to us. That could be a physical port off of a switch, that could be a VLAN, or the new generations of software-defined networks. Any way you get a network to us, we provide the services on top. So all of these reference architectures are available for traditional networking solutions. This Interview is brought to you by IDG Services in association with F5

2014

Making It with Datacenters

A DATACENTER

Legoland New breed of modular datacenters are built quickly with flexibility in mind. And a growing number of CIOs have begun toying with the idea.

A few years ago LexisNexis, a supplier of legal resources for lawyers around the country, needed to expand its West Coast presence. In the past, the way that Terry Williams would have handled such a task as vice president of managed technology solutions for the company would be to find a collocation provider, rent out some space, then buy servers and configure them. Even though a collocation facility provides the power, cooling and building infrastructure, Williams says it still take months to configure the system just the right way. Then, if changes are needed, either more space needs to be rented out or the system has to be reconfigured. There had to be a better way, Williams thought. Williams found a company that specializes in modular datacenters. The units made by the company at its Arizona factory are about the size of a tractor trailer truck container and are all built the same way. Customers like Williams buy the boxes, plug them in and fill them up with whatever technology equipment they like.

BY B RA N D O N BU T L E R

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

2014

Making It with Datacenters

Unlike most collocation facilities though, these modular datacenters can change dynamically based on the needs of the workloads. Williams, for example, has set up some of his boxes to be for high-density workloads, which require extra power and cooling. Another section of the modular datacenter is for lowerdensity workloads, which doesn’t need the backup power capacity or as much cooling. These modular datacenters allow a single unit to support both environments, and be controlled by a software

Building the Immortal

Datacenter

Gartner analyst David Cappuccio shares some secrets to extending the life of your datacenter.

If your datacenter is reaching capacity and you’re thinking about cracking open the corporate piggy bank to fund a new one, stop right there. By following some simple best practices, you may be able to take your existing datacenter and retrofit it to last pretty much forever, says Gartner analyst David Cappuccio. “If you do it right, there’s a good chance you could live in a fairly well designed datacenter for decades,’’ Cappuccio says. First, identify the goals of the infinite datacenter. It needs to be energy efficient. It needs to be economical to build. It needs to be able to adapt to new technologies. And it needs to be able to support continuous growth. The first step is to build up the density of your server racks. If your racks are at 50 percent or 60 percent capacity, then consider increasing the density to 80 percent or even 90 percent, says Cappuccio. Increasing density allows you to run your existing workloads on a smaller footprint and to create space for future growth. The reasons datacenter managers don’t run their server racks at 90 percent capacity relates mostly to the concern that the servers will run too hot. Cappuccio recommends that datacenter managers analyze the different types of activities running on those servers and to create high density, medium density and low density zones. Throwing up walls and creating a separate room for high density servers allows you to deliver the requisite cooling to that room, but then allows you to run your storage devices and telecom gear, for example, in a zone that doesn’t require state-of-the-art cooling systems. Creating these speciality zones can save companies up to 40 percent in operating expenses, Cappuccio says. The next step is to embark on a slow, systematic refresh cycle. Buy a new rack of state-of-the-art 1U servers and methodically move workloads onto this new rack until it’s up to 80 percent or 90 percent capacity. 92

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

inside the systems that provide Williams with the flexibility to make changes whenever he needs to based on the capacity LexisNexis needs at the time. “It’s hard for me to imagine someone actually going out and spending millions of dollars upfront on these large traditional datacenter build outs,” he says. “The modular approach just gives you so much more flexibility.” Williams says he spent more time thinking about whether he would go with a modular approach

Cappuccio argues that the energy efficiency of the new server will pay for itself over time, compared to running older, energy inefficient servers. Cappuccio estimates that the energy savings can fund 80 percent of refresh costs. As you move workloads to the new server, you can decommission older server racks and free up additional space. This becomes an ongoing process that allows you to continue to improve the efficiency of your existing datacenter without ever having to construct a new building. There are other tips and tricks for building datacenter efficiency, Cappuccio says. He recommends keeping the datacenter at 78 degrees. If you’re currently running your datacenter at 72 degrees, Cappuccio points out that you save 2 percent to 3 percent in cooling costs for each degree that you raise the average temperature in the datacenter. He also says that there are better ways to approach the cooling issue. Many datacenters today have hot aisles and cold aisles. This requires an extensive system of cold air being forced up through the floor and pushed through the servers via fans. Then the hot air comes out the back and is sucked up into the ceiling, where it is cooled and circulated through the loop. Cappuccio says it makes more sense to build a smaller, selfcontained high-density room within the datacenter for the racks that need it, and then to have lower density zones that don’t require the same level of cooling. He also says there are new, liquid cooling technologies that could help cool servers more efficiently. These liquid cooling techniques, which include putting refrigerator coils on the server door itself, are much more expensive, but pay for themselves in the long run. And the final component to the infinite datacenter plan is the cloud. Cappuccio says companies should think about moving non-critical workloads, like testing or archiving, to a cloud provider. Eventually, companies will create a hybrid cloud strategy where certain workloads live in the cloud, thus freeing up space in the immortal datacenter.

—By Neal Weinberg

VOL/9 | ISSUE/02

than the about 120 days it took between ordering the system and having it in production. Williams believes these are the datacenters of the future: Rows and rows of these modular units stacked next to each other, each one finely-tuned to the specific needs of the workloads running inside of it, and fully customizable based on the resources needed at the time. Is this how datacenters will be built in tomorrow-land? Not everyone is quite as optimistic as Williams and modular datacenter manufacturers, but Gartner datacenter analyst David Cappuccio says modular datacenters are catching on in the market, after being around for more than a decade. “The first eight years, I didn’t get a single phone call from people asking about this approach,” he says. “In the last couple of years, interest has really picked up.” Modular datacenters offer some unique advantages for datacenter operators at large organizations. Most specifically, they are quick to deploy. “Instead of 15 to 20 months for a new datacenter build out, you can get more capacity in 15 to 20 weeks,” Cappuccio says. That’s quite appealing to a variety of customers. Colleges and universities that have grant-funded research and need capacity

down a beer, you don’t crank up the air conditioning in your entire house—you put it in the refrigerator. In a modular datacenter, you don’t have to high-capacity cooling and double-sourced power supplies to the entire facility all the time, only the aspects that really need it. Modular datacenters have a software interface for controlling which areas of the container get which resources, while also monitoring the system for anomalies in usage and alerting users of potential security breaches. That’s a break with the past, when datacenters were dumb components of IT; they’re fundamentally buildings where hardware sits. Smart datacenters design plus software designed to run it make these systems respond automatically to the needs of the organization. Modular datacenters from some providers can either be shipped to customer sites, or can be host it at one of the provider’s campuses. Cappuccio says the advent of modular units are part of a broader trend in the industry to have more responsive datacenter designs. “Datacenter design is finally catching up with reality,” he says. A similar system that has certain zones for high-density workloads with extra cooling and redundant power and be built

Modular datacenters have software interfaces to control which areas of the container get which resources, while also monitoring for anomalies in use and alerting users for security breaches. quickly can spin these units up. Organizations that have a lot of remote sites can deploy individual units across their organization and grow the capacity as needed by just adding another unit, if necessary. Hyper-scale datacenter operators have found a use for them as well. Microsoft, for example, uses modular datacenters to roll out new capacity at some of its datacenters based on customer demand for its services, Cappuccio says. The units come preconfigured with a couple thousand servers installed and ready to go; Microsoft plugs in the container and is off and running. Another modular datacenter provider provides just the container and customers source the materials for the inside. “The real driver here is if you need something quick,” Cappuccio says. Williams, with LexisNexis, enjoys the flexibility they provide in granularly controlling the operations of the datacenter. Highdensity workloads can have redundant power supplies; a sandbox environment may get more power and cooling as the developers spin up and down resources. The CIO at one of these providers equates it to a home: On a hot summer day when you want to cool

VOL/9 | ISSUE/02

within a traditional datacenter too; it’s jus that some providers are taking a container-based approach. Cappuccio says typically there is not a major cost advantage compared to a regular build out because power and cooling infrastructure still have to be supplied to the unit, but he says discounts from manufacturers right now to entice customers into the market are making it an attractive pricing option. Modular datacenters are expected to increasingly be used as a component in a broader datacenter build out strategy. A company may have a traditional-type datacenter, but perhaps one that is built with new design components that would take into account that some areas of the datacenters need to be built to different specifications than others. The organization may use a cloud or managed hosting service as well for very dynamic workload needs, and a modular datacenter might be used for a remote site, for example. “People are beginning to realize there is a more efficient way to build these things,” Cappuccio says. CIO Brandon Butler is senior writer for Network World Send feedback on this feature to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

BROUGHT TO YOU BY

2014

Making It with Managed Services

TOWARDS HYBRID

Pricing Pricing models for IT outsourcing have always been relatively straightforward. However, more IT outsourcing deals are being inked with more complex hybrid pricing structures. Here are five things to consider when implementing a hybrid pricing model.

Historically, pricing models for IT outsourcing were relatively straightforward: Input-based pricing for application maintenance and development services and output-based pricing for infrastructure services. And while the cloud-based segment of the IT services market is becoming even more unit-based and commoditized, a growing portion of IT outsourcing deals are being inked with more complex hybrid pricing structures that combine input-, output-, and occasionally business outcome-based pricing mechanisms. “Because clients typically have various requirements across and within services, hybrid pricing models are quite prevalent and are growing in usage,” says Steven Kirz, a principal for outsourcing advisory firm Pace Harmon. “This is driven by dissatisfaction with traditional models on the part of both the customers and the providers, including customer disappointment with traditional rate-per-hour models that deliver poor results, and the commoditization of technology resources that reduces provider margins,” Kirz says.

BY ST E P H A N I E OV E R BY

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with Managed Services

Some IT outsourcing customers are using a hybrid pricing model to experiment with business outcome-based pricing. “It is rare to go all in with outcome-based pricing across the full IT suite, so outcome-based pricing will be part of a mixed approach, targeted to where outcome-based pricing can be distinctly applied to advance client objectives,” says Rich Kabrt, associate partner with outsourcing research and consultancy firm Everest Group.

Challenges of Hybrid Pricing A mix of pricing mechanisms theoretically allows for greater flexibility to meet future needs. But “delivery models—and their supporting pricing—are changing fast. Making sure that the model memorialized in the contract is still relevant in the [later] years is hard,” says Kirz. For those that approach hybrid pricing with due diligence, however, the effort can pay off. “Assuming the incentives and

Models

Pros and Cons of Different

As enterprises expect more value from IT service providers and vendors want higher-margin work, several new pric ing models have emerged. We look at four emerging options.

CIOs auditioning new

pricing models are finding that new models convey real benefits —from encouraging innovation to increased control over IT costs —but they’re not for everyone. We lay out the four of the latest models you may come across when negotiating your next outsourcing deal: what it is, whom it works for, benefits, drawbacks and caveats. Gain-Sharing Pricing Model What It Is: Pricing based on the value delivered by the vendor

beyond it’s typical responsibilities but deriving from its expertise and contribution. For example, an automobile manufacturer may pay a service provider based on the number of cars it produces. Best For: Customers seeking dramatic business improvements who want to create a true alliance with IT suppliers. Cost-focused buyers need not apply. Pros: Theoretically, this model encourages collaboration and creative problem-solving as both parties work toward common

contracts are done right, hybrid pricing can result in a more businessoriented focus, improved service delivery, reduced and predictable operating costs, mitigated delivery risk, reduced redundancy and ongoing innovation and transformation,” says Kirz. Here are five things to consider when implementing a hybrid pricing model for IT services.

The type of hybrid pricing model should be dictated by customer requirements and type of services. This might seem fairly obvious, but be wary. “Customers that are buying application development and maintenance (ADM) services may be savvy enough to bid out a finite scope of services in a managed services model, but that is unlikely to satisfy all of their ADM needs during the life of their managed services agreement,” says Kirz. In that case, the client might consider a contract that includes both managed services and full-time-equivalent hours-based pricing.

business goals, says Ross Tisnovsky, SVP with outsourcing consultancy Everest Group. It also affords the supplier greater freedom to determine how best to achieve the results. Cons: Gain-sharing requires a high level of trust, an equitable distribution of risk and reward, and significant upfront investment, says Martin of Pace Harmon. “In practice, very often neither the vendor nor customer is willing to fund the investment without a guarantee of a payback.” Gains can be hard to agree on and difficult to measure. Because results can be influenced by factors outside of their control, vendors charge a premium on these deals. Watch Out For: The second year blues. “If the provider has a windfall one year, then the customer is likely to demand a stricter formula or a new basis for the payment the following year. Conversely, if the supplier lost out due to poor overall performance by the customer organization, they will want to change the measurements,” says Tisnovsky. “This can lead to rebuilding the model every year.” Incentive-Based Pricing Model

What It Is: Bonus payments are made to the vendor for achieving specific performance levels above the contract’s service level agreements. Often used in conjunction with a traditional pricing method, such as time-and-materials or fixed price, “the key is to ensure that the delivered outcome creates incremental business value for the customer,” Pace Harmon’s Martin says. Best For: Customers who are able to identify specific investments the vendor could make in order to deliver a higher level of performance. Pros: Incentives can compensate for drawbacks in the primary pricing method and better align provider motivation and customer goals, says Tisnovsky of Everest Group. Cons: “This model often falls flat because companies end up Continued on Page 98

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

CUSTOM FEATURE WIPRO

EXECUTIVE VIEWPOINT

NEXT LEVEL OF AUTOMATION AND MANAGED SERVICES Kiran Desai talks about how innovative approaches in Automation and Managed services can be a game changer and achieve IT resiliency and improve cost-efficiency. By Gopal Kishore Do you think that automation is on its way to become one of the top priorities of CIOs? In today’s age, “delivering more with less” is the mantra for all fast growing organizations. And yet, several studies on business processes, whether on core operations or support functions, demonstrate that anywhere from 30-50% of the available man hours in an organization is wasted in non-value added tasks. With businesses struggling to find adequate high-quality talent to match growth aspirations, organizations can not afford to fritter away the productivity of resources, they already have. CIOs are using technology as a vehicle to leapfrog on efficiency and provide businesses with disruptive structural advantage in the market-place. Automation today is one of the top priorities of CIOs and CTOs. Aim is to reduce low end work as well automate standard, mundane activities. What are the benefits of automation and how is Wipro innovating in this space? Most traditional models manage IT Operations through manpower and static tools. Wipro realized the importance of an automated environment to enhance productivity and efficiency and launched the unique Infrastructure Management Automation Framework (IMAF) way back in 2008. The IMAF framework automates the IT infrastructure administration activities efficiently, thereby helping enterprises to achieve improved Service Level Agreements (SLAs) along with predictive and consistent outcome. The latest in the line of innovations, Wipro’s FixOmatic framework has been recognized by renowned analysts as an innovative tool that can take clients beyond traditional automation and support for trouble

shooting and even preventive support to an IT environment which is based on predictive analytics, leverages machine-to-machine learning and a strong level of emphasis on self-healing IT environment. FixOmatic find mention in recent Gartner report - ‘Shift IT Service Management Priorities towards a Continuous Improvement Mindset.’ How can CIOs create a future-ready IT landscape that responds to business? Managing people, technology and processes is the biggest challenge for any enterprise. Today, we find companies of all sizes adopting managed services to gain a competitive advantage in a rapidly changing business environment. Wipro’s infrastructure management services (IMS) has focused solutions for building and managing the entire IT infrastructure– comprising lifecycle services in datacenter management, network management, security management, desk-side management, database administration, application and non-IT equipment support. We ensure that a customer gains from optimum capacity utilization and infrastructure availability. We focus on leveraging disruptive technologies like Cloud, Mobility, Automation, Virtualization etc to get future ready IT landscape. How can CIOs reliably manage organization’s IT services yet focus on strategic IT change topics? CIOs today should look at having a partner with robust managed services framework which is comprehensive, Integrated, futuristic and yet flexible to work in diverse customer environments. A framework that can manage, coordinate and deliver services from diverse environments and engagement

KIRAN DESAI VP, Managed IT services, Wipro Infotech.

models like On premise data centre, cloud (public and private), IaaS, SaaS and PaaS. CIOs should look at variabilization as key theme for outsourcing. Wipro has put together the right people, processes and tools to develop Wipro’s inhouse, next gen Managed service framework, ServiceNXT. This covers people, process and technology aspects under Monitoring and Event Co-relation, Service Management, Security Management, Automation and Resolution, Analytics & Reporting dashboard. It is also flexible enough to be deployed through a combination of onpremise, onsite, offshore or on cloud models which ensures that the required scalability and flexibility is available.

This Interview is brought to you by IDG Services in association with Wipro

2014

Making It with Managed Services

Continued from Page 96

rewarding their vendors for work they should arguably be doing anyway,” says Martin. “The ‘incentive’ should be that they get to keep providing the service.” Measuring bonus-worthy performance can be difficult and costly. Watch Out For: Vendors who tell you that it’s common practice to provide these bonuses if you require the provider to pay penalties for missed service levels. It’s not.

directly related to the cost incurred as reflected in the price of the resource units,” says Helms. “The service provider bears the risk that an insufficient number of resource units will be used and the provider will not recover its fixed costs, but the customer bears the risk that it continues to pay an inflated price after the service provider has recovered all of its fixed costs.”

Consumption-Based Pricing Model

What It Is: Provider and customer jointly fund the development of new products, solutions, and services with the provider sharing in rewards for a defined period of time. Best For: Customers with the level of governance necessary to partner with the provider on these projects. Most importantly, according to analysis by Gartner, the client must be willing to share in either the upside or downside potential. Pros: This model encourages the provider to come up with ideas to improve the business and spreads the financial risk between both parties. It mitigates some of the risks of new technologies, processes, or models by assigning risk and responsibility to the vendor, according to Gartner. Cons: Results can difficult to measure and rewards tricky to quantify, says Tisnovsky of the Everest Group. Clients must hand over much of the management to the provider. Watch Out For: Arguments over resources, overhead, investments and rate of return. —By Stephanie Overby

What It Is: Costs are allocated based on actual usage (e.g., gigabytes of disk space used or help desk calls answered). Best For: Buyers concerned about service provider productivity and those with variable demand. The utility model is particularly well-suited to situations in which the fixed costs of the services are shared across many customers, says Helms of K&L Gates, like cloud computing engagements. Pros: Pay-per-use pricing can deliver productivity gains from day one and makes component cost-analysis and adjustments easy. Capital expenses become operating expenses. Cons: Utility pricing requires a fairly accurate estimate of the demand volume and a commitment for certain minimum transaction volume, warns Everest Group’s Tisnovsky. Annual costs are less predictable. Watch Out For: Internal reluctance to add needed services in order to keep monthly bills low. In addition, “this model only works from the service provider’s perspective if the services provided are

Know what you’re incentivizing. “Pricing drives behavior so whatever pricing models are employed be sure there are the appropriate performance metrics and governance checks and balances to avoid falling into perverse incentive actions,” says Kabrt, “For example, providing incentive pricing to encourage moving IT help desk calls to Web-based self-service solutions is typically a good idea and a best practice. But taken to the extreme, [that] may hurt overall department productivity and potentially even reduce customer satisfaction to levels that cry out for another change in sourcing and undermine the overall deal.”

3 4

Be clear during the contracting phase. “The most important characteristic of good hybrid contracts is a clear understanding—by the customer—of its requirements at a detailed level,” says Kirz. “If these can be articulated in a way that will allow the providers to accurately price them, then they can work together to achieve a mutually beneficial contract.

Anticipate management challenges. “Particularly in evolving services areas, it may be hard to manage the more complex pricing structure from a governance perspective,” says Arnold. The more complex the pricing

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Shared Risk-Reward Pricing Model

model overall, the harder it will be for providers to invoice accurately and for buyers to validate those invoices. “While this administrative consideration may seem trivial, the implications of inaccuracies in the invoice can add substantial dollars over the life of a deal,” Arnold says.

Approach gainsharing with care. Gainsharing can be added to any pricing deal to provide added motivation to innovate, drive costs down, or elevate services. But it’s hard to get it right. “Gainsharing is most effective when it is in line with ‘pain-sharing’,” says Kabrt. Both parties need to invest in the program and there needs to be adequate governance to make it work. Gainsharing works best when tied to a specific application versus and entire portfolio of services. “A broad-based applications maintenance deal supporting an entire portfolio of apps is not likely to land in a gain-share model,” says Arnold. “A specific solution that is presented as a part of a business case to alter revenue or profitability, however, may well be,” Arnold says. “Essentially, the provider would win the work to execute the transformative project in part because of a shared risk—and shared reward—for its success.” CIO Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/02

2014

Making It with Cloud Computing

DATA LOCKING UP YOUR

It took some time for CIOs to trust cloud computing. But recent outages have shaken that trust. Here’s how you can safely move data in and out of the cloud without abandoning it.

As everyone knows, cloud provider Nirvanix recently fell apart, declaring bankruptcy and leaving its customers in the lurch. Nirvanix gave enterprises less than a month to move their data to a new home. To avoid the fate of those customers, follow these best practices for safely moving data in and out of the cloud.

Due Diligence: Financials First

The Cloud Security Alliance’s February 2013 report, The Notorious Nine: Cloud Computing Top Threats in 2013 has identified a lack of due diligence as a continuing threat to cloud computing. When enterprises do look into cloud providers, their view of things is a bit lopsided. “Cloud consumers place too much emphasis on information assurance and privacy, or focus on cost reduction and savings at the expense of investigating the financial health of candidate providers,” says John Howie, COO, the Cloud Security Alliance.

BY DAV I D G E E R

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

2014

Making It with Cloud Computing

“Perceived profitability does not imply stability for a company or a service provider,” says Adam Gordon, CISO, New Horizons Computer Learning Centers; “the management strategies of a company can squander financial success overnight, driving profitability, the company and its partners, over a cliff quickly if nobody is paying attention.” Organizations should examine the financial status of the cloud provider. Enterprises can investigate public corporations by examining their regulatory filings. “This will detail the cloud provider’s finances and self-identified risks,” says Howie. “If possible, examine audited financials for at least the last two to three years,” says Gordon. These should demonstrate an overall positive trend in the growth and management of capital and the business bottom line, Gordon explains. “While it is realistic to see fluctuations and negative outcomes over a period of time, unless we are looking at the Amazons of the cloud services ecosystem, we should expect to see positive growth in revenue and profitability as well as expansion over a two to three year timeline,” says Gordon. Financials should also demonstrate business management and

“

and directing the consumption of cloud services, explains Gordon. “You can find real world practical examples of success with cloud brokers in the Government sector at the Federal and State levels. The state of Texas has been using a cloud brokerage model since 2011, as have many Federal agencies,” Gordon adds.

Preparing to Leave: Contract Language, Cloud Portability “For organizations that do not have the resources to employ a cloud broker, the Cloud Security Alliance recommends that enterprises address the issue of discontinuation of service in the contract language,” says Howie. Contract clauses and provisions should ensure sufficient notice of termination of service and tools and assistance in moving data out of the cloud in a timely manner and in a format that enables the enterprise to use the data in another service, Howie explains. According to Howie, cloud contract language can require many assurances including that the provider set aside money in an escrow account for third-party assistance in extracting

Cloud consumers place too much emphasis on information assurance and privacy, or focus on cost reduction and savings at the expense of investigating the financial health of candidate providers.

“

—John Howie, COO, Cloud Security Alliance

business growth strategies that indicate a strong direction, longterm planning, sound risk management and the ability to weather crises while maintaining focus, clarifies Gordon, drilling down. “Investments that support a long-term strategy for growth and market share acquisition are important indicators of stability as well,” says Gordon. Howie advises large enterprises to consider using a cloud broker to analyze their cloud computing requirements, determine their risk tolerance and select cloud providers that are a match for the enterprise. “Cloud brokers will examine providers’ overall financial health and determine the potential likelihood that a provider will withdraw service,” says Howie. A CIO or other C-level should be involved in the relationship with the cloud broker in order to forge the necessary strategic alignment necessary to derive value from the broker by driving 100

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

the data. These agreements can also establish that storage and processing equipment must be accessible by the enterprise customer in case of business failure. The language can further include references to third-party warranties or insurance. Finally, Howie closes, the contract can compel the provider to disclose its financial situation on a quarterly basis with an option for the enterprise customer to break its contract if the financials show the provider is in trouble. But, contract language will not be enough to mitigate using a private company or start-up cloud provider. Enterprises will have to weigh carefully whether they can justify the risk that such a company may suddenly stop offering the service. “Enterprises should always have an exit strategy in place as part of a business continuity management plan,” says Howie. Domain 6 of the Cloud Security Alliance’s Security Guidance

VOL/9 | ISSUE/02

for Critical Areas of Focus in Cloud Computing V3 includes recommendations that enterprises consider a scenario for how they will move data out of the cloud provider’s service. “In section 6.2, An Introduction to Portability, we say portability is a key aspect to consider when selecting cloud providers. We specifically mention disaster recovery,” says Howie. The business failure of a cloud provider is a business disaster and something that an enterprise’s business continuity management planning should cover. “Sections 6.3.2, Portability Recommendations and 6.3.3, Recommendations for Different Cloud Models provide specific, concrete guidance and highlevel considerations,” says Howie, spe aking of the Cloud Security Alliance’s aforementioned Security Guidance. In Section 6.3.2, the Cloud Security Alliance’s Security Guidance recommends that enterprises be aware of the differing service and platform dependencies of different cloud architectures. When an enterprise’s applications and data are tied to and entangled in the dependencies existent in one platform, this can present technical challenges to moving to a provider using a different architecture. Proprietary authentication technologies and identity management systems will impede portability of cloud data, applications and services to a cloud environment that does not use the same authentication and identification standards and vendors. By using an open standards IAM platform such

as SAML, according to the Cloud Security Alliance’s Security Guidance, the enterprise can achieve portability of these mechanisms when moving to another cloud provider. The Cloud Security Alliance further urges enterprises to maintain possession and control of encryption keys to ensure a secure and expedient exit from the existing cloud provider. Likewise, enterprises should take measures to ensure that it removes all metadata describing its data from the existing cloud provider when moving to a new cloud environment so that no opportunity for data compromise remains. These best practices are also contained in the Cloud Security Alliance’s Security Guidance. This Security Guidance provides detailed instructions for preparing for a safe move out of the cloud for each of the cloud models, in Section 6.3.3. An enterprise can do everything necessary to ensure it can get its applications and data out of the cloud unscathed before it commits to moving in. This should steer an organization clear of a future Nirvanix and into a relationship with a cloud partner it can count on. CIO

Send feedback on this feature to editor@cio.in

Where Presentations Come Alive!

WWW

IN ASK A QUESTION

WEBINARS

F E B R U A R Y 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/8 | ISSUE/04

2014

BROUGHT TO YOU BY

Making It with Security

IN TECH’S SAFE

HANDS Enterprise risk management may be old hat, but some CSOs are using it in innovative ways. Here’s how it can strengthen your security program.

Enterprise risk management (ERM) is hardly new. Eric Cowperthwaite, CISO at the non-profit healthcare organization Providence Health and Services, recalls hearing the term for the first time in the late 1990s, “and it existed before then, even if we didn’t call it that,” he said. Indeed, the term goes back several decades, according to Jeff Spivey, who is vice president at RiskIQ, president at Security Risk Management, and international vice president of ISACA. “My father was involved in risk management beginning in 1968,” he said. “What was then called ‘risk management’ is now called ‘enterprise risk management.’” John Shortreed, a member of the International Organization for Standards, which developed ISO 31000, one of the most prominent frameworks for ERM, says the framework has been “evolving and maturing over the last decade, in response to the increasing risks [in] our world” brought on by such varied factors as interconnectivity, climate change and economic upheaval.

BY TAY LO R A R M E R D I N G

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

103

Amit has been with HP and the Software business, for nearly a decade. He incubated the Software business for HP in 1999, then went on to build and lead the business up to 2007, taking HP to market leading position. He likes to incubate new businesses and undertake initiatives keeping growth as his key mantra. â&#x20AC;&#x201D;Amit Chatterjee, Country Director HP Software (India)

PROFIT FROM

BIG DATA Amit Chatterjee talks about what it takes to turn disconnected data into connected intelligence G O PA L K I S H O R E

2014

ADVERTORIAL AND PROMOTIONAL FEATURE HP

How are Indian enterprises poised to take advantage of Big Data Analytics?

According to research commissioned on behalf of HP, nearly half (47%) of companies surveyed in India will spend at least 10 percent of their IT innovation budget on big data this year. More than one third of the organizations surveyed also believe strongly that Big Data is the largest competitive differentiator for their organization. However, the study found that more than 10% (12%) of these organizations have failed with a big data initiative they had implemented. Big Data leads the way for technology investment in 2013 (60% rated it as the most important area). However, by region it was the most important area in China and Japan only, as the other regions saw Security as more or equally as important. Looking at 2014, Big Data remains the leading investment area, followed by investment in Cloud, with a reduction in the amounts being invested in both Security and Mobility during the period. China is the only country where investment in Cloud technology is expected to be at a higher level than Big Data investment. So why is this number so low?

The rewards of Big Data are restricted due to the magnitude of the data being created, the flash flooding of database systems, the time consuming nature of traditional data integration methods, and the inability to properly secure this data. Enterprises are further challenged by the escalating demands required by the line of business for real time analytical insights. Unfortunately most organizations lack the necessary tools to capture, manage and analyse the universe of unstructured and structured data produced both inside and beyond the walls of their enterprise. And once captured, few organizations know how to turn this data stream into actionable intelligence – while also protecting the data from uninvited guests. Currently, organizations need massive scalability, a fast way to source information in many formats and integrate it from many places with blazing fast speed. Organizations need to be able to protect this vast lake of data they are collecting.

applications. HAVEn offers a unique combination of solutions that can be delivered and deployed in a number of different ways such as appliances, on the public cloud or the private cloud. This deployment variety is what sets HP apart from its competitors. What are the core technologies which power HAVEn - HP’s Big Data analytics platform?

Hadoop complements HP technologies as a way to cost-effectively tore massive amounts of data from virtually any source. HP Autonomy’s ability to process all forms of digital information on a single platform offers a unique solution to a growing number of applications and devices that are increasingly dependent on utilizing unstructured information. Vertica’s vision is “analytics everywhere.” Analytics are at their best when embedded into applications end-users are using on a daily basis. HP ArcSight Logger—an integral part of the HAVEn platform—unifies searching,reporting,alerting, and analysis across any type of enterprise log and machine data. It is unique in its ability to collect, analyze, and store massive amounts of machine data generated by modern networks. A big part of HAVEn is the community – of developers, users, data scientists, IT management. People who are developing applications based on information. A good product is only one aspect, the other being exceptional service. What can CIOs expect from HP?

Our new Actionable Analytics Services help clients implement analytics to extract actionable insight hidden in data that can impact their top line and streamline key business processes such as procurement, supply chain and inventory operations. The benefits for our customers include invigorating their customer experience with relevant, real-time offers that drive loyalty and customer satisfaction, managing risks and generating revenue growth through sales and marketing, improving operating efficiency related to procurement, supply chain, inventory, and more,streamlining business operations from supply to sale and speeding innovation and respond faster to market opportunities.

How can organizations overcome these challenges?

When organizations think about Big Data – they need to create a Big Data lake, a safe HAVEn. It is a place where companies can put all their data, where it will be secure, easily analyzed, and include structured or non-structured data. HP’s HAVEn - the Big Data analytics platform we have created is what customers and partners need to develop the next generation of apps and solutions that are powered by information and Big Data. A huge part of HAVEn is the ecosystem, with its capabilities to take all the sources, create a Big Data lake and have the ability for the partners to tie into the community that HP is building around next generation of big data

This Interview is brought to you by IDG Services in association with HP

Making It with Security

But after all that evolution, it is still not close to being standard operating procedure in most enterprises. According to a 2012 customer survey by the Corporate Executive Board, 70 percent of respondents did not have a formal risk-appetite approach in place. Risk appetite is one of the fundamentals of ERM. Cowperthwaite is not surprised at those results. “My perspective is that most security practices are foundationally compliance driven, even if they have a risk component,” he said. “The thinking of most CSOs is, ‘There is some number of things I’m required to do. When I do them, I have a security program.’” That doesn’t mean nobody is doing ERM, he added. “I could name a dozen CSOs who are really involved in their businesses and doing great ERM,” he said. “But I could also name more than a dozen who are basically just keeping in compliance by keeping the firewalls in place. I think if we were to survey the industry as a whole, we’d find the 20-80 paradigm, where only about 20 percent really understand what their business is about so they can make the case for managing risk.”

“

He says that while he and his firm’s clients, which are mostly in government, are very focused on protecting data, “as opposed to going through exercises that are designed to pass through audits,” he does not hear much talk about ERM with those clients. “It is not a buzzword that we’re living and breathing every day,” he said.

ERM Stumbling Blocks Cowperthwaite believes the stumbling block is not a lack of understanding, but rather an all-too-clear understanding of how hard ERM is to do. “If you do qualitative risk management, it leaves an amazing amount of room for people to argue,” he said “When I say something is a high-risk, the CEO might look at me and say, “[An impending merger] is high risk—what you’re talking about is moderate.’” But then, some experts say ERM is not the way to go anyway. Douglas Hubbard, CEO of Hubbard Decision Research, even wrote a book about it—The Failure of Risk Management—in which he poses three questions: Do these risk-management methods work?

“

2014

If you do qualitative ERM, it leaves room for people to argue. When I say something is a high-risk, the CEO might think otherwise.

—Eric Cowperthwaite, CISO, Providence Health

Not everybody thinks the divide is that great between those practicing ERM and those focused on compliance—often derisively called “checking-the-box security”. Chris Wysopal, co-founder, CTO and CISO of Veracode, says he is seeing more of his security peers “performing threat modeling based on the way their business works and what is going on in the threat space.” In at least one sector of the economy—finance—there is strong evidence of risk management taking hold. The Wall Street Journal reported in October 2010 on a Deloitte survey of 111 financial institutions that found 75 percent of them had a chief risk officer or an equivalent position, which is one of the core components of most ERM frameworks. John McClurg, vice president and CSO of Dell, says in recent years he has seen a lot of evidence of ERM in Fortune 100-level companies, “but not so much in smaller companies, and that is the majority of businesses in the country.” William Mabon, director of the cybersecurity product portfolio for BAE Systems, is among those who are not involved in ERM. 106

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Would any organization that uses these techniques know if they didn’t work? What would happen if they didn’t work? Hubbard argues that the answer to the first two questions is “no,” and that the answer to the third is that there could be catastrophic consequences for a company or its customers. Richard Stiennon, chief research analyst at IT-Harvest, contends that ERM simply doesn’t work. In a recent Facebook post, he proposed the following title for a course on ERM that he was about to teach at the National Defense University: “No one ever got fired for implementing a risk-management program—but they should be.” Stiennon says that “as an industry analyst and adviser to some of the largest organizations in the world, I have seen them start to move away from risk management to threat management.” Francis Cianfrocca, CEO of Bayshore Networks, agrees. “With risk-management best practices, you’re not really protecting yourself. Enterprises need protection rather than risk management.” Of course, advocates of ERM contend that it is all about protection—evaluating what kind of protection is needed based

VOL/9 | ISSUE/02

on the kind of risk and the amount of damage it could do to an organization. So maybe before discussing the progress and even worthiness of ERM, it’s important to recall what the definition of ERM is and what some of its core goals are. Most CSOs would agree with Spivey that it starts with a holistic view of all risk that an organization may be exposed to, including operational, brand, financial, physical and, of course, information security. They also agree with what shows up in multiple frameworks and advice columns on the topic: The overall goal is to manage that risk in a way that provides value to the company. Or, as Cowperthwaite puts it, security professionals should “learn what your business does. Go talk to a business-unit person. He’s going to think that’s pretty cool because no security guy has ever done that before. Then you can connect what you do to what the business does in meaningful ways.”

Success and Failure of ERM Within that overall mission where, then, are CSOs and CISOs succeeding or failing in reaching ERM goals? McClurg says he believes ERM has led to “more thoughtful, deliberative decisions” about handling risk, and that security pros, especially at the larger, Fortune 100-size companies, are moving away from “guns, gates and guards. It’s not security as much as business assurance.” But, he says, that progress has been matched or even exceeded by attackers. “The threat vectors are more sophisticated—bad guys have gotten better,” he said. Erik Devine, CSO of Riverside Medical Center, says one of the biggest ERM successes in his organization has been “finding avenues in technology to secure information at a lower cost.” The biggest challenge, he says, has been trying to integrate information security into the goals of the corporation, “including patient care, financial, compliance and patient information. I’m finding many challenges on changing a philosophy that has been in place for quite some time.” Devine says he also struggles with controlling the risks of a bring-your-own-device (BYOD) culture and how it can lead to unauthorized data leakage, especially in an era when federal laws, including HIPAA and the Health Information Technology for Economic and Clinical Health Act have made medical institutions more directly responsible for any breaches of protected health information. Wysopal says he thinks security teams are doing better at identifying attackers and their techniques, which lets them set priorities on what kind of defenses they need. But “patching the desktop to mitigate spearphishing remains a challenge,” he said. “Many CSOs are struggling with Web application security also. They are able to cover high-risk apps because the business can see the risk, but often lower-risk marketing-type Web applications go unsecured and can lead to breaches.”

VOL/9 | ISSUE/02

ERM Five Golden Rules for

Here are six rules that you need to keep in mind while implementing an enterprise risk management program.

There are a number of specific goals common to most of the frameworks designed to help enterprises implement ERM. Here are some: Get rid of silos in dealing with risks: Traditionally, businesses have had separate monitoring groups for risks involving credit, physical security, loss prevention, fraud prevention, information security, business continuity, safety, compliance and audit. If all divisions and departments in an enterprise are not connected and communicating, holistic risk-management is impossible. Define and balance risk appetite: It is difficult to set business security controls without a clear understanding of how much and what kind of risk the company is willing to accept. “People have different risk appetites based on role and responsibility,” says Jonny Gray, head of global client risk services for the Americas at Control Risks. “Legal has a different appetite than the business developers do.” Enable the business: This includes the frequent exhortation to risk managers to “create and protect value.” Again, this is only possible with an understanding of how a business makes money and what risks would undermine it. Help decision-makers make informed choices. Most frameworks recommend five options for dealing with risk, which can be remembered with the acronym REITA: Reduce it (with controls, for example); ignore it; eliminate it; transfer it (by buying insurance, for example); or accept it (which is not the same as ignoring it). The goal here is to make informed choices by looking at risks across the enterprise, rather than by department or function. Implement effective controls in response to risk. Obviously these are a natural result of the choices made during the REITA assessment. Achieve objectives at lower cost: One of the most common recommendations here is that consolidating risk management will mean it requires fewer people. ERM proponents also argue that setting priorities can help an enterprise cut its ERM costs.

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

107

2014

Making It with Security

Stiennon says that the results of ERM development and maturity at many enterprises is proof of its failure. “Risk-management methodologies have been deployed at most large enterprises and have reached a high level of maturity. Yet breaches and successful targeted attacks are becoming more frequent and of higher impact. Clearly, risk management is not working.” Stiennon further argues that terms like “risk appetite,” which have some meaning in financial markets, really don’t

“A risk-based program should fundamentally ask itself, ‘What things pose a threat that I’m vulnerable to, and how will I solve it so I reduce my vulnerability or the threat?” As an example, he notes that a given person could be killed by someone with a gun. Compliance might dictate that he wear a bulletproof vest. By contrast, a risk-management approach would ask if there is somebody who is a threat to that person, who owns a gun and doesn’t like him.

According to a 2012 customer survey by the Corporate Executive Board, 70 percent of respondents did not have a formal risk-appetite approach in place. Risk appetite is one of the fundamentals of ERM. mean anything in IT security. “There is no 20 percent willingness to lose 10 percent of our assets,” he said. “The real mandate is to avoid costly data losses. In practice, this means risk management methodologies that loosely translate into ‘protect everything,’ which is demonstrably impossible. But risk managers, even if they agree that their end goal is impossible, argue that doing 50 percent of this will reduce attack surface area, so it is worth doing.” Regarding cutting costs, Stiennon insists it never happens. “Risk management is extremely costly. It usually involves an expensive team of professionals. None of their activities are directed at stopping targeted attacks that bypass their controls.” And when it comes to enabling the business, Stiennon argues that success in that area can dangerously enable it. “The credit card companies, in concert with the US banks, used risk management to determine that the risks associated with banking credential theft was low and allowed an entire economy of cybercriminals to crop up,” he said.

The Next Step What, then, is the best way for today’s CSOs and CISOs to move forward? There is plenty of advice on that front. Several ERM frameworks offer detailed instructions on the process of implementing successful risk management. But experts like Cowperthwaite advise being wary of the frameworks, arguing that they are mainly about compliance with regulations. Compliance goals are worthwhile, he says, as part of due diligence and accepted practice, “but that’s not real risk management.” 108

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

“There are lots of ways to deal with that,” he said. “You could take the gun away, wear a vest, or not go out in public. But we’re only going to solve the problem if we think of both the vulnerability and the threat.” Stiennon argues that the job of the CSO is not so much to evaluate risk as it is to practice threat management, which he says means, look at that attack surface from the perspective of the attacker. First, his targeting and valuation of assets may well be completely different than the valuations of the defender. “Second, the attacker is not perturbed by perfectly patched systems. He either uses a zero-day vulnerability that cannot be known or protected against, or he targets the individuals that have access to the target data and uses their authenticated, authorized access to steal what he is after.” The way to do that, he said, is to use published reports and information-sharing teams to “get a step ahead of the attackers by researching their methods and targets. Assign responsibility to a team to thwart targeted attacks. Do this outside the riskmanagement team.” Cianfrocca said he sees reason for optimism. “Some industries— large manufacturing, military and critical infrastructure—are becoming aware that their existing practices are not good enough,” he said. “It’s fascinating to me that the urgency is very high. It’s like seeing elephants dancing.” CIO

Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/02

2014

Making It with Virtualization

3 KEY ISSUES FOR

SECURE VIRTUALIZATION Deal with these three main security concerns to improve your virtualized IT environment.

Virtualization represents a sea change in IT practices. Bound for years by the “one application, one server” rule, IT infrastructure was over capacity, underused and not cost-effective. With the advent of virtualization and the associated move to hosting multiple virtual machines on a single server, many of these problems disappeared. Because multiple virtual machines can be placed on a single server, IT organizations can ensure that the machine’s processing power is portioned out to many applications. Utilization, often measured in single digits, can be increased to 70 percent or more, ensuring that far less capital is wasted on high-cost, little-used servers. It’s also no secret that the movement toward virtualization has experienced what is sometimes referred to as “virtualization stall.” This refers to the fact that many organizations get around 25 percent of their total server population virtualized, and then progress stops. When you look into why this happens, you usually find that the organization has virtualized all of the easy servers (for example, dev machines

BY B E R N A R D G O L D E N

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

109

2014

Making It with Virtualization

and low-risk internal IT applications like DNS) but has failed to virtualize its production applications. There are many reasons for this stall, but an important one is security. Essentially, security groups are unsure how to apply practices designed for a physical environment to a virtualized one. Despite this confusion, the direction is clear: Security practices must be updated to break the logjam of virtualization stall. Here are three of the most common issues confronted by security organizations as they move toward a virtualized future:

products integrated with the newer model. You can translate this as a need for more financial investment. But lack of visibility alone is no reason for organizations to put off virtualizing production applications.

Performance-Sapping Security Overhead The benefits of supporting multiple virtual machines on a single server have become obvious to the server manufacturers themselves, and they have modified their server designs accordingly. Unlike yesterday’s pizza box 1U machine that

It’s also no secret that the movement toward virtualization has experienced what is sometimes referred to as “virtualization stall.” There are many reasons for this, but an important one is security. Security practices must be updated to break the logjam of virtualization stall. Lack of Visibility Into Network Traffic Many security organizations monitor network traffic to identify and block malicious traffic and penetration attempts. Vendors have delivered specialized appliances that perform monitoring to ease the headaches of installation and configuration. These appliances can be installed on the network just like another server, and they can be up and running in hours or days. The appliance approach has simplified security practices and been an enormous boon to hard-pressed security groups and IT operations. There’s one problem with this approach, though, in a virtualized world. Virtual machines on the same server communicate via the hypervisor’s internal networking, with no packets crossing the physical network where the security appliance sits ready to sniff them. Of course, if the virtual machines (VMs) reside on different servers, inter-VM traffic will run across the network and be available for inspection. For performance reasons, however, virtual machines associated with the same application (for example, an application’s Web server and database server) are often on the same physical server. Fortunately, vendors have stepped forward to address this. Virtualization vendors have provided hooks into their hypervisors that network vendors have used to integrate with virtual switches that, in turn, enable traffic inspection. So this problem is not insurmountable, though it does require an upgrade to the current method of network switching and the use of security 110

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

could support perhaps five virtual machines, today’s 4U blade servers come stuffed with hundreds of gigabytes of memory and numerous network interface cards. As a result, servers can now commonly support 25 or 50 virtual machines. Cost-effectiveness and utilization are high, but hosting so many VMs on a single box can cause other issues. One common problem is the result of each server managing its own security products. A prime example is antivirus. In many IT organizations, every server updates its antivirus signature files at the same time every day, resulting in 25 or 50 virtual machines launching the same activity all at once. This bogs down the server, resulting in lower throughput. Fortunately, new technical solutions are available. First, just as the virtualization vendors opened up APIs to allow network vendors to integrate into the hypervisor, they now have also opened up APIs to allow security companies to deliver new products that do not need to be installed on every virtual machine. Instead, the products themselves are virtual machines. When the hypervisor recognizes traffic that requires, say, calling an antivirus program (for example, an access call for a document that must be scanned before opening), it forwards the call to the antivirus software on the virtual machine, and the VM performs the scan. Instead of 25 machines all running their own antivirus, one virtual machine runs antivirus on behalf of all 25--obviously a better approach.

VOL/9 | ISSUE/02

The second approach is, as you might guess, cloud-based. For something like the repetitive antivirus scanning of documents, which requires the distribution of hundreds of thousands (perhaps even millions) of copies of antivirus signature files, why not have the millions of end points call one centrally located, cloud-based solution? The vendor can ensure it has sufficient resources to handle all traffic, and the user avoids performance issues and doesn’t have to invest more capital in security software. This approach offers significant benefits, and we’ll be hearing more about cloud-based approaches to security in the near future.

The Perimeter is Breached The theme of a recent security conference is that it is foolish to believe that your perimeter is impenetrable. The rise of organized criminal enterprises and the emergence of state-sponsored hackers mean that extremely sophisticated attacks are being marshaled against interesting targets. At the conference, Larry Clinton, CEO of the Internet Security Alliance, provided some frightening statistics about current security threats and their effect on today’s practices. In a word, today’s security approaches are inadequate. Malevolent actors will get onto your network if they turn their gaze to your organization. They can set up long-lived, long-running bots that sift through your servers to identify and steal important data. These actors go under the rubric “advanced persistent threats,” or APT for short.

What to Do? One approach, of course, is to integrate a new layer of security products designed to address APT. There are old and new vendors ready to sell you products targeted at APT. It’s hard to dismiss this approach, but take on this type of threat increases the importance of security practices at the individual server or VM level--in other words, security at the instance level. You should definitely be running integrity monitoring and use an on-board intrusionprevention system. Putting these products on each virtual machine clashes with the “move security off the VM” approach, of course, but here’s a better way to think about it: Security that can only be executed on the machine should be on the machine, while security that can be shared across several machines should be migrated to a central location. There is no perfect answer, but security has always been a balancing act, right? The economics of virtualization mean that this model of computing is likely to become widespread. Trying to ward off this spread just because current security practices are not supported is like trying to hold back the rising tide, which is futile. CIO

Bernard Golden is the author of three books on virtualization and cloud computing, including Virtualization For Dummies. Send feedback on this feature to editor@cio.in

Where Opinions Come Alive!

WWW

V I D E O S

TECH SPOTLIGHT PARTNERS

PARTNERS

THE TECH EXPERTS Pg 116

THE TASK FORCES Pg 124

THE DISCUSSIONS Pg 114

EVENT BY

HOSTED BY

WHERE INDIA’S IT ROADMAP GOT DECIDED !

lanning. It's the one thing that CIOs—like other leaders in the C-suite—are paid most to do. As a leader, there's little else that fills out your job description better than the ability to look ahead, and decide on a course of action. Tribal chief from 3,000 years ago, to corporate magnate of today, this is an expectation from leaders that hasn't changed. That said, it's also true that the best-laid plans of mice and men often go astray. The hard reality is that planning has always been able to you only so far—a distance that's got shorter with the volatility of the last few years. This is not to say planning isn't crucial. It is. And it will always be. But, perhaps, equally as important during these times, is the ability to react fast, to be able to pivot with more grace on the turn of new eventualities. That's a skill that requires a lot of components, one of which is knowledge. If there is one lesson history has taught us, it's that those with more knowledge, those who have been exposed to more challenges, fare better when faced with difficulty. It's why "having experience" matters so much, This is one of the purposes behind the Year Ahead Program. By gathering your peers and experts in one room, we hope to be able to immerse you in an environment where you can soak up ideas and solutions that will help you the next time you are faced with a challenge a volatile economy throws up. There's going to be plenty of that in the following year, if this last one was any indicator. While only a select few IT leaders were invited to the Year Ahead Program held in Cochin, we hope to be able to give you the benefit of some of the learnings of the program from this event report. And for those of you that want more, visit our website!

ROUNDTABLES

MOBILITY HAS DIFFERENT MEANINGS FOR DIFERENT PEOPLE. THEREFORE, USE CASES HAVE TO BE ALIGNED TO BUSINESS NEEDS. Parag Arora, Director-Sales, Enterprise and Public Sector, Citrix

Indian IT leaders discuss how mobility is fast becoming one of the most important drivers of change in Indian enterprise IT. By Shweta Rao Knowledge and service worker productivity is in the midst of a profound transition enabled by increased levels of true mobility. Thanks to their easy portability, connected devices and applications harvesting network intelligence are quickly changing business and organizational models. They are also changing employee habits and their work style. Undoubtedly, one of the most important drivers of this change has been the introduction of very user-friendly mobile computing devices such as tablets and smartphones. Citrix, in collaboration with CIO magazine, had a discussion with leading Indian IT leaders on how they and their business heads look at mobility in their organizations. Today, tablets and smartphones are considered “good enough” by most employees, who even go to the extent of saying they’re better productivity tools than traditional enterprise devices such as laptops. As a result, these new devices are quickly making their way into the enterprise. “We rapidly adopted mobile devices in our company

three years ago, when we first started handing out 6,000 BlackBerry handsets to our senior managers, calling it an IT infrastructure initiative. We learnt it the hard way that simply deploying devices can’t be an ‘infrastructure initiative’. We then charted a mobility strategy document about a year ago and identified areas to deploy mobile devices at different levels. Having said that, mobility has caused a great business transformation at Essar today. For example, we have rolled out a set of communication and collaboration tools across the Group and saved ISD call costs by 60 percent,” said Jayanta Prabhu, CTO from Essar Group. Most CIOs are still looking at mobility solutions to be compatible with enterprise IT. “There’s a lot of hyped technology work at the consumer end. But these tools just don’t fit at the business end,” said Sudin Baraokar, head of Innovation at Barclays Technology Center. However, most Indian CIOs are of the opinion that there is a pressing need for a robust mobility strategy in India’s enterprise IT scenario. “Mobility has different meanings for different people. Therefore, use cases have to be aligned to business needs. This is an evolving technology, and it’s important that the industry needs to evolve to be able to provide end-to-end solutions,” said Parag Arora, director of Sales for Enterprise and Public Sector at Citrix.

UNSTRUCTURED DATA REPRESENTS

A MASSIVE OPPORTUNITY FOR BUSINESSES TO DERIVE VALUABLE INSIGHTS FROM. Yasir Yousuff, Regional Product Marketing Director (APJ) - Isilon Division, EMC

At the CIO Year Ahead 2014, India’s IT decisionmakers discussed ways to convert tons of unstructured data to actionable insights for incremental capacity and performance. By Shweta Rao Conversations around big data have reached a stage where we have an evolved definition about the technology today. The growth in quantity of unstructured data is clearly outpacing that of structured data. Add to that unrelenting cost pressures—due to the explosion of unstructured data, the need for providing differentiated services, and the availability of better functionalities and professional support, and one gets an idea of the challenge at hand. Enterprises and service providers are demanding scale and resilience at affordable costs to address data challenges and to build the foundation for cloud computing. EMC, in collaboration with CIO magazine, held a roundtable to enable India’s IT decision-makers discuss ways to convert tons of unstructured data to actionable insights. “There is no doubt that unstructured data is growing strongly. The challenge is to figure out if it is actually enterprise data or just end-user data? How much of it is actually useful for the enterprise?” said Rajiv Rajda, VP-Information Systems at Kodak India.

Most Indian organizations are looking for an effective way to tackle scalability. “Continental Automotive Systems has a 142-year legacy. So, the amount of pure data that we tackle everyday is extremely huge and complicated. There’s also a lot of R&D that happens in the manufacturing domain which is extremely process-oriented. Matured analytics tools help tracing components on the shop floor during production. Even a single bad component means an entire batch gets rejected. All these components require big data tools to be agile,” said Valerio Fernandes, CIO at Continental Automotive Systems. “Structured and unstructured data present a massive opportunity to discover actionable insights that can change the course of businesses, countries, and lives. But, most of this user-generated unstructured data resides on corporate servers, where most of the CIO’s time is spent on safeguarding and archiving content, owing to legal compliance and global policies. The other problem is dealing with storage, security, and backup of this unstructured data. We are also just scratching the tip of the challenge in terms of gaining insights and analysis of this data. As a CMO, I believe this user data today can be used extensively in market research to gain a better understanding of business,” said Yasir Yousuff, regional product marketing director (APJ) - Isilon Division, EMC.

THE TECH EXPERTS

UNLEASHING THE POWER OF MONITORING There’s no doubt that 2013 was a landmark year for Dell, with the company going private. Dell is primarily known as a big player in end-user computing, services, and server and storage business. However, in its attempt to grow into a more holistic end-to-end provider, Dell has opened its software division, Dell Software. Anand Natarajan, directorchannels and alliances, Dell, presented a glimpse of the solutions portfolio of the software wing of Dell. Dell software has grown in the last year with some very fairly sizable and impressive acquisitions which include big names like Quest Software and SonicWall, he said. Among the various products that Dell Software offers, Natarajan specially highlighted the importance of its desktop virtualization and application monitoring offerings. “We offer a complete end-to-end solution in VDI starting from thin client up to servers and storage. We believe we are best suited to help you migrate to VDI in a smooth and affordable fashion.” He further highlighted other products that span a variety

"CIOs WANT DASHBOARDS THAT SHOW BUSINESS THE RELEVANCE OF IT SPEND. APP MONITORING CAN DO THAT. ” Anand Natarajan Dell Software

of technologies that include security, backup, and identity and access management solutions. With the impending cessation of support for Windows XP, announced by Microsoft earlier this year, many CIOs are looking for a smooth transition plan. In that context, Natarajan said that Dell has a strong partnership with Microsoft and can help customers in this transition. Natarajan moved on to highlight the benefits of Dell’s application monitoring solutions. “Today, CIOs want dashboards that can clearly show business the relevance of IT investments. Application monitoring can help you do that,” he said. “Our offering takes a holistic approach towards monitoring. We can help our customers implement an end-to-end solution that can provide real-time information to business users and make business sense,” he said. Natarajan said application monitoring when done sensibly can co-relate a whole bunch of data and point CIOs and the businesses towards prudent decision-making.

ANALYTICS LEADS TO BUSINESS OUTCOMES There’s no doubt that in the last year economic conditions have been far from favorable. But it’s also true that the economy is reviving. Therefore, for businesses to compete, taking the right decisions at the right speed is increasingly becoming an imperative, said Ashit Panjwani, executive director

business decisions will be based on facts and not gut. However, before organizations embark on an analytics journey, it’s essential that they put a data strategy in place, Panjwani said. The next step is to consolidate data at one place. This way, CIOs can address data quality challenges. Additionally, they should

“ANALYTICS IS NOT A PROJECT BUT A JOURNEY THAT WILL PROVIDE VALUE TO YOUR STAKEHOLDERS.” Ashit Panjwani SAS Institute

marketing, sales & alliances, SAS Institute, at the CIO Year Ahead 2014 held at Kochi. Panjwani stressed on the importance of data that is being generated in organizations. At the same time, data complexity is growing and CIOs are constantly under pressure to respond swiftly to business needs. To do that, Panjwani said, CIOs must find new methods to leverage the data that is being created. For CIOs to respond to market dynamics with speed, Panjwani emphasized on the importance of emerging trends like big data, analytics, and the Internet of Things. These, he said, are forming a group that is driving business growth. The single biggest objective for CIOs, he stated, is to create an organizational culture where

also use the right technology and hire talent, which will ask the right questions and demand factbased decisions. “Finally, CIOs should revise strategies often because markets are constantly changing,” he said. Quoting from a Mckinsey quarterly report, Panjwani said that the business landscape has changed fundamentally. “Tomorrow’s e nv i r o n m e nt will be different, but no less rich in possibilities for those who are prepared,” he said. Therefore, organizations and their CIOs need to choose an area within business that will offer them the biggest competitive advantage. “Analytics is not a project but a journey that will communicate the value back to your stakeholders,” he said.

SOFTWARE-DEFINED APP RESEARCH: THE STATE SERVICES HAVE ARRIVED OF ENTERPRISE I.T. “WE’RE FUTURE-PROOFING THE DATACENTER BY INTEGRATING KEY SDN AND CLOUD PARTNERS TO PROVIDE A HOLISTIC DATACENTER SOLUTION.” Parag Khurana F5

At the CIO Year Ahead 2014 program, Parag Khurana, MD, India and SAARC, F5, spoke about the power of software defined application services. "While SDN has focused on network orchestration, software defined application services (SDAS) addresses layer 4-7 services such as availability, performance, security, mobility, and identity," he said. He stressed on how SDAS will software-define the components that comprise the datacenter. These components include application services which are critical in ensuring that applications accessed by internal users and customers are reliable, secure, and that they perform well. Referring to the company’s recent launch of F5 Synthesis, a high-performance services fabric that aims at cutting cost and complexity, Khurana emphasized on facilitating the ease and simplicity of application delivery in the enterprise. This new solution provides an architectural vision that delivers device, network, and application services without constraints. Using this fabric, the company aims to improve

service velocity by automation and orchestration at every layer, from fabric instances to the services provisioned for each application. Khurana said the company is looking at focusing on the priorities and implementation preferences of organizations to address future trends in the areas of social media, mobility, cloud and analytics. “We are bringing the next vision architecture, helping organizations virtualize specific services into a single instance and enabling them to orchestrate different environments of cloud computing and private datacenters so that a company’s overall application performance is delivered smoothly,” said Khurana. F5 has also introduced reference architectures that can help organizations defend against DDoS attacks. He stated that F5 is future-proofing the datacenter by integrating key SDN and cloud partners. The company, he said, also shares a common vision for taking an application-centric approach to enable its customers’ next generation datacenters, he said.

IDG Media editor-in-chief, Vijay Ramachandran, shared findings from the State of the CIO 2014 survey. The session highlighted trends in the coming year and provided an indication of the technology roadmap Indian enterprises will take in the next 12 months. “There’s going to be a phenomenal surge towards the hybrid cloud in 2014,” said Ramachandran. While business critical applications will remain largely within the enterprise, more CIOs are pushing CRM solutions, e-mail and collaboration applications onto the public cloud. On average, over 40 percent of organizations, across sizes and verticals, say they plan to have a hybrid cloud strategy. What’s worrisome though, is that 42 percent of enterprises are unsure of their legal obligations where the cloud is concerned, he said. The other big technology trend was analytics. “There is going to be a lot of thrust on in-memory computing, predictive analytics, social media, and data visualization on mobile devices,” said Ramachandran. Part of the reason for this new found confidence in analytics is that data quality is improving. In fact, poor data quality isn't among the top 10 barriers hindering the adoption of analytics. The third big trend centers around mobility. BlackBerry, once the reigning champion of the enterprise is fast losing ground.

"THERE’S GOING TO BE A PHENOMENAL SURGE TOWARDS THE HYBRID CLOUD IN 2014." Vijay Ramachandran, IDG Media

In the last year, it has lost 20 percentage points in terms of the number of enterprises using it. Its loss is the gain of other players. The ground BlackBerry is losing is being covered by Android and iOS. But the real surprise is the growth of the Windows platform. Despite the flood of devices entering enterprises, BYOD has not found its calling. Ramachandran closed the session by underlining the fact that the success of IT projects is now being measured more than ever by business outcomes. More and more CIOs find their budgets being merged with those of the lines of business. He left the audience with the thought that this could be a great way for IT to start conversations with business, to move out of technology’s dungeons and into the business limelight.

THE TECH EXPERTS

DOCUMENTING PROFIT THE MANAGED SERVICES WAY According to Gartner, about 3 percent of annual revenue of global organizations is spent on print activities. In India, the cost of real estate, electricity, manpower and loss of produc-

tivity contribute to 1-2 percent to a company’s turnover, said K. Bhaskar, senior directorOffice Imaging Solutions Division, Canon, in a chat with IDG’s Editor-in-Chief, Vijay

BUSINESS DISCOVERY: THE WAY FORWARD “MOST INTELLIGENCE SOLUTIONS TAKE 10 MINUTES TO THROW UP DESIRED RESULTS. WOULD YOU WAIT THAT LONG FOR A WEBSITE TO LOAD?" Varun Babbar QlikView

We live in a world where there is an app for everything, and the answer for almost anything can be found on Google. We use such advanced solutions in our personal lives and yet we still don’t have a similar experience while dealing with technology within the enterprise. Varun Babbar, pre-sales and consulting head, India and SAARC, QlikView, in his presentation described how natural analytics could lead to business discovery. “It's come a long way from a report-centric architecture. Today, its main thrust has become to help businesses make faster and more informed decisions,” he said. And yet, he said, the adoption rate in enterprises has been abysmal. “We tried to analyze this gap, and realized it’s because today's technology is not as intuitive as it needs to be.” Keeping this in mind, QlikView has designed its offering so that it mimics natural human interactions, making it intuitive and easy to use. “Visualization, association, comparison, and narration are aspects of human behavior that we have included in our solutions,” he said. Through examples, he showed how humans use sorting, pattern recognition, and categorization, to solve problems in their daily lives. “ That’s exactly the approach that technology must take to problem solving,” he said. He also stressed on the need for speed. “Most intelligence solutions take 10-15 minutes to throw desired results. Would you wait for 10 minutes for a website to load? I don’t think so. Then why not have the same expectation from your enterprise solution?," he said.

Ramachandran, at the CIO Year Ahead 2014 event. Canon has been offering managed print services for the last five years, Bhaskar said, thereby providing convenience, confidentiality, and cost relief to organizations. “The outcome is that a number of organizations have experienced a significant drop in their overall expenditure,” said Bhaskar. Since the acquisition of Osay Business Services, Bhaskar said that Canon has added a whole new dimension to its managed services portfolio by appending mailroom services, printroom services and digitizing capabilities, workflow management as well as archiving and retrieving facilities. Bhaskar stated that an organization can now select specific modular services depending on its needs. The idea is to offer end-to-end solutions in order to provide customized solutions. This will ensure that a single partner delivers on a single print strategy and an organization can determine its overall print expenditure at once, he said.

A number of business verticals are outsourcing their print function in order to spend more time strengthening their core competencies. Specifically, in the area of healthcare, Bhaskar highlighted that in lieu of legal requirements, organizations are turning to digitizing, indexing, and compression techniques offered by Canon in order to bring better efficiency to storing and utilizing historical and research data. Finally, maintaining confidentiality of information is fundamental to Canon’s print strategy and policies—all of which enable companies to make immediate savings and monitor and control their budgets, Bhaskar said. To sum up, Bhaskar said that CIOs can minimize their IT spend by leveraging multiple services offered by Canon with little risk and make sure that their print infrastructure is future ready. “We will continue to offer all kinds of newer services and technologies for our customers instead of laying emphasis simply on the product. That will be our biggest differentiator,” he said.

Vijay Ramachandran, IDG; and K. Bhaskar, Canon, in a conversation about the benefits of managed print services.

REIMAGINING CUSTOMER RELATIONSHIP MANAGEMENT As customers are more informed and better connected than ever, it has become increasingly important for CIOs to redefine the way they engage customers. And to be able to do that, CIOs need a strong CRM system. At the CIO Year Ahead 2014 program, executives from Microsoft discussed the benefits of its Dynamics CRM offering. Peter Gartenberg, general manager EPG (India), Microsoft, opened the discussion stating that one of the biggest barriers to successful CRM implementations has been a lack of user adoption. “At Microsoft, we don’t believe in overloading our applications with features. It’s

about keeping it simple and getting users into the system,” he said. “The typical user does not want to learn. We do not believe in implementing something that requires any formal training.” One of the attractive features of the offering, according to Gartenberg, is the promise of fast deployments. “Speed is important. You cannot wait for a year to implement something. This is why we urge users to try out the cloud version which does not require you to make any provisioning. You can get off the ground much faster.” Samik Roy, director and country head, Microsoft Dynamics, pointed out that

Vijay Ramachandran, IDG; Peter Gartenberg and Samik Roy from Microsoft discussed how the CRM landscape is changing.

thanks to social media, customer touch points have increased. “How do you integrate data originating from different platforms, like mobile and social media, and provide meaningful information to the sales force—that’s been our quest at Microsoft.” And Dynamics CRM helps

organizations achieve that, he said. One of the features of Dynamics CRM is that it is horizontal. “We rely on our partner community to build vertical customizations on top of it, to make the offering the best possible fit for the business needs of the enterprise,” he said.

Where Trends Come Alive!

WWW

V I D E O S

THE TECH EXPERTS

TOWARDS A MORE SECURE ENTERPRISE Ranndeep Chonker, country manager, HP ESP India, started his presentation with this Sun Tzu quote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Talking about the need for application-level security. He said that according to research, 84 percent of security attacks target the application layer. And yet 75 percent of security investments are going to the network layer. It is this gap that is responsible for why organizations take, on an average, 416 days to detect a breach. He took the example of the Stuxnet attacks, which used military precision to infiltrate and slow down

HP has been in the security space for 30 years and believes in a holistic ecosystem of solutions to protect the enterprise and not a point-to-point approach. It believes all security solutions must co-exist and share information with each other. But he also advises CIOs that they need to adopt a riskbased approach to security. “It is not possible to protect the entire ocean. You need to define and identify your most important assets and secure them in the best manner possible,” he said. But how do you define what’s important and what’s not? “We use reputable information which we collect from within the organization that gives you the ability to

"AS THE ENEMY BECOMES SOPHISTICATED, WE NEED TO BUILD SECURITY CAPABILITY TO DISRUPT THE ADVERSARY." Ranndeep Chonker, HP ESP India

Iran’s nuclear facility. “Today, state-sponsored attacks are the biggest threat, not your college hacker who defaces a website for fame. As the enemy becomes more sophisticated, we need to build security capability to disrupt the adversary,” he said.

define the risk for yourself,” Chonker said. The time it takes to resolve attacks is slowing down because the attacks themselves are changing dramatically. That’s why putting in a firewall or a security gate at the network level will no longer suffice to protect the enterprise.

OPTIMIZING YOUR CLOUD INFRASTRUCTURE "WE CAN MAKE EVERY BUSINESS APP REQUEST REACH THE END-USER WITH THE MOST OPTIMAL EXPERIENCE." Bruno Goveas, Akamai Technologies

Bruno Goveas, director-products, Asia Pacific and Japan, Akamai Technologies, stressed on why CIOs need to consider roping in optimization technologies while planning their enterprises' journey to the cloud. The traditional corporate network is no longer adequately capable of servicing the enterprise, given the rise in the number of users and applications they are consuming, he said. As a result, Goveas said, it was imperative that enterprises leverage the cloud and make the Internet work for them. The Internet, as we all know, is not one network, but a variety of networks that have no regulatory framework. Hence, any query request to the Internet may not, and most often does not, work in the most optimal rate. “There are performance challenges, congestions, blackouts, and other availability challenges that you face when you move to the cloud,” Goveas said. Akamai’s cloud optimization solutions are designed to make the Internet work for business, he said. It works on a shared services model, and can be turned on and off on-demand without any investment. “We can make every business application request reach the end-user with the most optimal experience. We do this by taking away all the complexities that exist in the Internet so that you can focus on your business,” Goveas said. What gives Akamai this edge, according to Goveas, is its widely distributed network such that every user is just one hop from a server. “Because of this, latency is less and we can ensure throughput. Even dynamic content can be accelerated,” he said.

“Traditional network security is still as important. Intrusion prevention systems helps us monitor and utilize the network, but you have to go further.” Which is why, Chonker said, HP is putting a lot of effort in reasearch. “We’re investing in

gathering counter-intelligence and what is being researched and used by cyber criminals. We need to block their access. That’s where we play a role. That’s how HP is disrupting the adversary eco-system,” said Chonker.

ROUNDTABLES

BY BEING STRATEGIC PARTNERS, WE ARE LETTING ORGANIZATIONS REALIZE COST SAVINGS, WHICH THEY CAN INVEST IN TRANSFORMING THEIR BUSINESS. Head- Managed Services, HCL Technologies

OPTIMIZING BUSINESS WITH MANAGED SERVICES Managed services have achieved a maturity curve, where vendors are now looked at as partners. Indian IT leaders discussed ways to maintain good relationships with vendors and stay profitable. By Vinay Kumaar As near-term business horizons have shrunk, multiple projects, fast rollouts, fewer people, and increasing change requests from business have stressed the delivery capabilities of enterprise IT teams. One way CIOs can make sure IT keeps up pace with business is taking the managed services route. At the recent CIO Year Ahead, HCL Technologies, in association with CIO magazine, held a roundtable to explore the dynamics of managed services and see where the synergies and challenges lie. Over the years, managed service has cemented its place as one of the most effective opex strategies. However, many organizations haven’t found a resolution for their capex versus opex dilemma yet. Yateen Chodnekar, group CIO, Writer Corporation, brought some clarity to the discussion when he said, “Adopting the opex model makes good business sense in the case of assets that have a high frequency of refresh. The capex model suits well for anything in the backend that will last longer. In the case of opex, the key to

maintaining good relationships with vendors in our interactions with them. Cracks develop whenever, wherever complacency creeps in.” Suresh Kumar, CIO and partner-IT advisory at Grant Thornton India, shared his advice on how to make relationships with managed service providers last profitably in the long run. “It’s a good practice to be up to date with market realities. You can discuss the current trends in the market with your vendors and ask them whether they can offer you similar services. This creates a win-win situation for both parties.” Commenting on what organizations really expect from service providers, S. Srinivasan, CIO, Sundaram Fasteners, said, “The only thing that matters the most is excellence. Those who go beyond the call of duty will be able to achieve many things. There’s certainly an opportunity in managed services, provided excellence is coupled with appropriate costing.” Later, head of managed services at HCL spoke about the state of managed services vendors today. “Managed Services 1.0 was completely based on FTEs (full time equivalents). Managed Services 2.0 was based on SLAs. Now, we’re in the age of Managed Services 3.0, where service providers are looked at as partners. By being strategic partners, we’re letting organizations realize cost savings, which they can again invest in transforming their business.”

ROUNDTABLES

OUR PHILOSOPHY OF SERVICE DELIVERY IS TO DELIVER OUR CLIENTS THE SAME EXPERIENCE OVER CLOUD THAT THEY GET ON AN IN-HOUSE DATACENTER. Karan Kripalani, DGM-Product Management, Netmagic Solutions

Whether serving applications in a traditional or Cloud environment, IT organizations want to do so with minimum user disruption. IT leaders discussed ways to make this happen, at the CIO Year Ahead 2014. By Shweta Rao As an integral part of IT strategy, Cloud computing can make businesses more responsive, flexible, scalable, and competitive. However, it's not merely about moving from the physical to the Cloud and extending an organization’s data perimeter, it’s also about fundamentally evaluating IT strategy and delivery. That’s where the challenge lies. Netmagic Solutions and Akamai, in collaboration with CIO magazine, examined IT challenges in Cloud app delivery at a roundtable at the recently concluded CIO Year Ahead event. Today most apps can be ported to the Cloud, delivering them to end-users involves many challenges that include sub-optimal performance and more. “The major challenge we see today is not at the backend infrastructure, but at the delivery of the app to endusers. As CIOs we have learnt the art of framing strong SLAs, but we are crippled by inadequate infrastructure to deliver the apps to end- customers,” said Girish Rao, head-IT at Marico. Contrary to popular belief, Cloud computing does not work

out as a one-stop solution for all the needs of an organization. For instance, CIOs need to look at its tolerance to latency from an applications point of view. “If all your users are on the LAN, it makes more sense to keep applications local rather than port them to the CloudCloud,” said Karan KirpalaniKirpalani, AVP Product Management at Netmagic Solutions. “We operate on a very large scale and at disparate locations. When I am thinking of an application to standardize 50 office gates across the country, I need a Cloud app that can reach each of them. Here, the actual challenge lies in last mile connectivity, and Cloud service providers have very less influence. So what do I, as a CIO, do to improve the situation? How do we ensure our apps are ‘Cloudable’?” said Suneel Aradhye, group CIO at RPG Enterprises. The real challenge in delivering Cloud applications boils down to three things: Network, infrastructure, and the application itself. “As an IaaS provider, our philosophy of service delivery is this: Deliver to our clients the same experience over the Cloud as they’re used to experiencing from their in-house datacenter, with no compromise,” said Kirpalani. “A comprehensive Managed Service Provider gives you a very high level of control with a very strong SLA. With Akamai, we can deliver the whole piece end-toend. We provide you last mile infrastructure with our expertise, and provide the contact acceleration with Akamai so that you have a single point of contact.”

WE POSSESS A COMBINATION OF CREDIBILITY AND EXPERIENCE, WHICH CAN PROVIDE THE DIRECTION REQUIRED TO ACHIEVE YOUR BUSINESS OBJECTIVES. Bruno Goveas, Director-Products, APJ, Akamai Technologies

Indian CIOs discussed how to ensure performance, security, availability, and scalability for Cloud applications at the CIO Year Ahead 2014. By Shweta Rao As the role of Cloud computing is growing around the globe, Indian IT leaders are fighting off challenges with their existing network infrastructure—to support and deliver business applications through the Cloud. Indian IT decision-makers deliberated on these challenges in a discussion held by Netmagic Solutions, in collaboration with CIO magazine, at the CIO Year Ahead 2014. "Earlier, we faced challenges revolving around licensing for Cloud, but that seems to have settled down. The other challenge is support. Vendors provide on-premise support, but it isn’t extended on the Cloud,” said Arun Gupta, CIO at Cipla. Nevertheless, organizations also explore the possibility of in-house Cloud implementations. “At Apollo Munich, Web traffic increased six times, with 6.5 lakh users per day, after we deployed Akamai’s Cloud optimization solution, which effectively addresses inherent challenges that come with delivering applications over the Internet. The idea is to bring in a service provider that can help start you off with delivering an optimal experience to your end-users, right from the beginning,” said

Kapil Mehrotra, VP-IT, Apollo Munich Life Insurance. One thing IT leaders must take care of before stepping onto the Cloud is adapting applications to suit the infrastructure. “While most applications are ideal for Cloud hosting, a few can still be kept away from it,” said Karan Kirpalani, DGM-Product Management at Netmagic Solutions. “A majority of business applications such as Mail and Messaging, ERP, CRM, Sales-force automation and custom-built x86 apps are possibly the most common ones being ported to the Cloud right now. More and more companies are also aggressively porting their DR onto the Cloud to leverage massive savings," says Kirpalani. “When CIOs talk about Cloud computing, it is critical to address the end-to-end cloud solution stack. It is a fact that many customers have focused most of their time and energy on architecting their Cloud solution stack for aspects of the solution that live within the four walls of the datacenter. However that only represents one piece of the overall solution. Many customers have the end-user device compatibility also covered. But where many companies end-up running into serious challenges is when they turn-on their newly Cloudified applications and deliver their applications over the Internet, to their end-users. To ensure the full end-to-end solution stack, customers need to ensure they have a cloud optimization solution component as well to complete the end-to-end stack.” said Bruno Goveas, director, Products - Asia Pacific & Japan at Akamai Technologies. POWERED BY

TASK FORCE We brought together 40 top Indian CIOs to discuss the four biggest leadership challenges of 2014. Here are the highlights. For a fuller version go to CIO.in

OBJECTIVE:

HOW TO IMPROVE CUSTOMER CONNECT WITH IT As marketing departments transition to using social media, the public cloud, CRM, analytics and

OBJECTIVE:

STUDY HOW TO EVOLVE THE ROLE OF THE CIO An important question that the CIO task force studying the evolving role of the CIO discussed was how to ensure that CIOs don’t get left behind in the datacenter while their peers moved on. “There is no one magic formula,” said Arun Gupta, CIO, Cipla. “The answer varies depending on the standing of the CIO in the company and the organization’s culture.” That said, the task force agreed that there were certain steps that were becoming increasingly imperative for CIOs to take. They agreed that CIOs should take on additional non-IT responsibilities. They agreed that CIOs who continue to speak the language of technology will languish in server rooms and be replaced. Instead, they said, CIOs have to improve their understanding of the business, and not just support it. As the discussion grew more interactive, the panel concluded that the road ahead for the CIO is full of opportunities. “Having an IT background or being a CIO should not stifle your professional ambition. Once you understand the business you can easily transition to any business role, be it a CMO or even the CEO,” says Sunil Mehta, SVP & Area Systems DirectorCentral Asia, JWT who once donned the CEO cap.

mobility-based targeting of customers the big question is: Who should be leading these initiatives? Should it be IT? Or should it be marketing? Should it be both? This was subject of a task force created by CIO magazine. The task force, which consists of leading IT leaders, also debated the topic at the Year Ahead program. Gopal Rangaraj, senior vice president-information technology, Reliance Life Sciences, said he believes that while IT must support customer outreach initiatives, it must be driven by marketing teams. “In my experience, those campaigns are more successful.” Sumit Chowdhury, CIO, Reliance Industries, agreed and stressed that collaboration between the two departments was key. “Business engagement teams that are both business and tech-savvy can help bridge the gap between IT and marketing,” he said. The panel agreed that with the explosion of mobile, social and cloud technologies, IT must shift its focus to helping the business sift through big data and collect real intelligence and actionable insights. However, they also agreed that a shortage of skills in the field of data science is a big challenge. There is a need for specialized skills in analytics and the ability to interpret the data to ask the right questions which will lead business to the right answers, they said.

To get a deeper view of the Task Forces, turn to page 28 of cover story

OBJECTIVE:

UNDERSTAND OUTCOMEBASED I.T. In the past few years, the role of the CIO has changed and so has IT's. But what has

OBJECTIVE:

FIGURE OUT HOW TO CREATE USER DELIGHT IT projects are so focused on scope and specifications that they forget all about user delight. But that’s changing. “We need to invest more time with the end users in order to understand the requirements of our users and give them what they want. That’s the approach one should take,” said Girish Rao, IT-head, Marico, at the CIO Year Ahead 2013 during the CIO Task Force panel discussion. One way to do that is by involving users right from the inception stage of a project. “Every solution that we deploy is first used by the team and only then is an application is rolled out,” said V. Subramaniam, director IT and CIO, Pacific Asia, Otis Elevators Company. That said, there's still a chance that users could still reject an IT project. “It’s important to observe how they use a particular product rather than how they say they want it done,” said Ajay Meher, SVP-IT and post production, Multi Screen Media. But do users really know what they want? “The truth is that users only know as much as they have already experienced,” said Sunil Sirohi, SVP-IT, NIIT. Therefore, it’s important to hire people who know good design and have the ability to influence the UX. “In this way, while the app designed for users will possess the content and functionality, the UI design will become the influencer,” he added.

changed most of all is how the business views IT. Today, all departments are directed to deliver an outcome that translates into business benefit. “Today, it’s imperative for business to focus on IT initiatives with end results or outcomes in mind,” said Alok Kumar, VP and global head, internal IT and shared services, TCS, at the CIO Year Ahead 2014 program. However what an outcome means could vary from business to business. “The outcome has primarily been a business definition and there are many assumptions attached to it,” said Satish Das, VP-Sales (India) at Cognizant Technology Solutions. To get rid of these assumptions, TCS’ Kumar said defining ROI before the commencement of any project is of prime importance, be it reducing collection time, improving the sales cycle, or even hastening the induction of a new employee. However, there are a lot of IT projects that may only deliver strategic benefits. “Outcomes of a number of projects may be more intangible than tangible” said S.C. Mittal, senior executive director-MS and IT and group CTO, IFFCO. Also, these projects may not deliver financial results and still prove beneficial to other projects.

ROUNDTABLES

THERE'S A SCIENCE TO IDENTIFYING THE RISKS ASSOCIATED WITH CHOOSING A VENDOR FOR OUTSOURCING. Varoon Raghavan, AVP-Growth Ventures Group, Tata Communications

THE NEW RULES OF DATA CENTER STRATEGY In a roundtable at the CIO Year Ahead, Indian IT leaders discussed how traditional data centers can be adapted to accommodate the changing needs of today’s dynamic business environment. By Vinay Kumaar The data center is the building block of enterprise IT. Transforming it from that base to an agile, always available, and efficient platform for future-proofing the enterprise can require re-architecting IT’s very foundations. To let the IT decision-makers of leading Indian organizations brainstorm ways to make this happen, Tata Communications had collaborated with CIO magazine to conduct a roundtable at the recent CIO Year Ahead. In this era of agility, IT automation does a host of good for organizations. However, factors such as lack of skill-sets pose a hurdle. Fiat India Automobiles’ AVP-ICT, Vishwajay Chakravarty shared his experience on how he overcame this through outsourcing. “We made an opex agreement with our vendor for data center management. According to the terms, management, monitoring, purchase and maintenance of hardware is taken care of by them. If and when Fiat decides to get out of the model, we need to pay just a minimal amount, following which the hardware becomes ours. In case of extending the

contract, we continue with the same cost for five more years. Since the vendor has taken complete responsibility of the DR and the primary data center, it has been a pretty cost-effective deal for us.” Bhushan Akerkar, CIO, Hindalco, echoed the same thoughts. He said, “Outsourcing makes good sense for companies if their core competency is not IT. Resistance to outsourcing data center management will reduce when there’s a gradual encroachment of economics over emotions.” On the other hand, there are the reasons why outsourcing sometimes fails. Makarand Sawant, GM-IT Facilities at Deepak Fertilisers and Petrochemicals, shed light on those reasons. “The major reason for outsourcing failure is conflict of expectations. The vendor has certain SLAs and benefits, which we eventually think have not been met. We now have our own set of tools to measure ROI and cross-check with measurements made by the vendor. If the measurements align, the relationship will last longer.” Varoon Raghavan, AVP, Growth Ventures Group, Tata Communications, shared insights on what CIOs must keep in mind while selecting a vendor for outsourcing. “There’s a science to identifying the risks associated with choosing a partner. CIOs no longer think about just cost and benefits; they talk in terms of longevity plan, compliance etcetera. All service providers are not equal. Look at the scale and scope of the vendor. That will reduce the number of contenders,” he said. POWERED BY

MPS IS NOT JUST ABOUT REDUCING COSTS. IT’S ABOUT ENHANCING PRODUCTIVITY AS WELL. IT ASSURES 100 PERCENT JOB UPTIME. K. Bhaskar, Sr. Director-OIS, Canon India

MANAGING ROI EFFECTIVELY Despite being around for long, managed services are yet to pick up widespread adoption in Indian organizations. At the CIO Year Ahead, IT leaders discussed the various benefits this model offers. By Vinay Kumaar Six months ago, the CIO Mid Year Review 2013 brought to light a very important fact—that Indian enterprises take operational efficiency seriously. Sixty-one percent of CIOs stated that their businesses showed great focus on increasing the efficiency of operations, and using resources optimally. Much to the liking of IT decision-makers, the managed services model helps organizations achieve these goals. To initiate a discussion among CIOs on how to make the best use of this model, Canon India, in collaboration with CIO magazine, conducted a roundtable at the recently concluded CIO Year Ahead event. The concept of managed services has been popular among enterprise IT masses for quite some time now. K. Bhaskar, senior director, OIS, Canon India, kick-started the conversation by talking about how the model has matured over the years. “After managed printing services (MPS), today, we’re increasingly talking about output management. Archiving, scanning, indexing, and maintaining documents for easy

retrieval are gaining importance, of late.” Contrary to the situation in India, there’s widespread adoption of managed services in developed economies. However, Indian enterprises stand to gain a lot as well by taking this route. Yatendra Kumar, head-IT, Gokaldas Exports, explained how his organization has benefited from it when he said, “We’ve been following an MPS model for the past eight to nine years. We have operations across remote locations in the country, where reachability is a huge issue. Therefore, for us, MPS is the best option. It eliminates all the hassles related to printing management.” Consequently, Rahul Kumar, joint GM-IT at Essar Steel, shed light on how organizations can determine whether the managed services model will indeed eliminate operational hurdles. He said, “Organizations adopt managed services basically for two reasons: Either because they can’t manage their activities efficiently, or because they want to focus only on core activities. This call has to be taken based on the size of the organization. Regardless, I believe organizations should go for it because managed services bring in accountability.” Bhaskar had a general word of advice for organizations that hesitate to make the leap. He said, “MPS is not just about reducing costs. It’s about enhancing productivity as well. It’s a sure-shot way to ensure 100 percent job uptime.”

VIEW

from the TOP

Qimat Rai Gupta, CMD, Havells India, believes being an early adopter of technology and trusting IT to enhance customer experience has helped it grow its business.

IT:Leading

Light

BY SHANTHERI MALLAYA

Qimat Rai Gupta’s life is the stuff legends are made of. For, not many can boast of transforming a small electrical trading company—that he set up in New Delhi in 1958—to a Rs 8,000 crore behemoth. And that puts him in an entirely different league. In 1971, Gupta bought Havells. In no time, he turned it into an international brand with a slew of big acquisitions that included brands like Crabtree, Sylvania, and Standard. For a chairman of a huge company, Gupta keeps a fairly low profile. But, at 76, he is unlike a man at the helm of an old economy manufacturing company. His strong views on IT and his firm belief in the power of technology make him stand out. In this interview, he talks about why IT is integral to Havells India's growth story and how it’s powering up the company’s business.

Today, Havells India is one of the most successful home-grown brands. How did you get there? What do CEOs and other C-level executives expect from you? Read all about it in VIEW FROM THE TOP. Visit www.cio.in/ceointerviews

128

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Qimat Rai Gupta: From humble beginnings in the 1970’s to becoming one of India’s leading—and the most— diversified companies in the electrical business, the journey does give a sense of satisfaction but I feel there’s a lot more

to achieve. The task at hand is to offer consumers with better and innovative products, thus enhancing their lives and lifestyles. Today, we are spread across 17 business verticals and that gives us the edge in offering the widest range of electrical products for consumers. It also helps us occupy significant market share in each vertical. While we’ve grown organically from strength to

VOL/9 | ISSUE/02

QIMAT RAI GUPTA EXPECTS I.T. TO Help build better products Enable growth Enhance customer experience

PHOTOS BY SUMEET SAWHNEY

strength and product to product, regular breakthroughs have come through major acquisitions like Sylvania, Standard, and Crabtree.

With such a global footprint, the demands of ramping up IT might have been tremendous. We have always been an early adopter of technology; be it in our core IT or for our manufacturing processes. Our investments

VOL/9 | ISSUE/02

in technology started way back in 1982 when we first bought computers to develop our in-house accounts package. We then continued to upgrade our systems and processes annually. In 1999, we implemented ERP from Baan (a Netherlands-based ERP company that now belongs to Infor Global Solutions) and WAN network. Over the years, we enhanced our capabilities both in IT and manufacturing and created platforms for interaction with customers, dealers, distributors, electricians, and

suppliers. We created a self-help portal for employees which won many awards. The idea behind investments in IT is to ensure delight for all our stakeholders and to help our organization stay ahead. With better technology we are able to provide consistent product quality and reliability.

Where does IT figure in your business plan? Like I said earlier, we are early adopters of IT and made investments

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

129

View from the Top

when our turnover was a mere Rs 1 crore. For me, IT is as critical as finance, sales or marketing. We have seen clear benefits from our investments in technology over the years, and therefore, for us IT has been a big enabler of growth and will continue to contribute in the future.

How do you see your business goals merging with IT in 2014? In our organization, IT works very closely with business. To put it more appropriately, it works a little ahead of the business so that the business has the necessary technology ready for its use when it requires. We will continue to launch new products, constantly upgrade our facilities, expand our reach, and provide better facilities and ease of operations to our channel partners. IT will play a significant role in facilitating and achieving all this. Also, today, the responsibilities of CIOs have changed substantially. Technology has transformed almost all business processes and, today, it gives us the ability to create new products and services. Businesses have become more global in nature. The knowledge necessary to manage information, systems, and people has become more complex. Therefore, it is more crucial than ever for CIOs to have international business knowledge to provide insights and vision that meet the demands of a CEO. I believe that a CIO’s role must shift from protecting and defending the status quo to embracing and extending new innovative capabilities.

How has IT helped boost investor confidence? Havells has, in many ways, pioneered the use of IT in the Indian electrical industry. IT has enabled us in creating a strong base across functions. Taking a big leap in IT, Havells connected its entire operations in the market place including dealers, branches, manufacturing facilities, and management information systems. Our IT investments have clearly 130

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

How do you view Indian companies that have outsourced IT?

“For me, IT is as critical as finance, sales or marketing. We have seen clear benefits from our investments in IT. It has been a big growthenabler for us.” — Qimat Rai Gupta helped offer better services and products to customers and better our relations with our partners and suppliers. A case in point is our customer services portal that is also linked to our manufacturing plants so that all complaints and resolutions are recorded. And if there is any change required, it is automatically taken care of during the manufacturing process. All this has helped improve efficiencies, get better margins, and provide dealer and vendor satisfaction. Our world class plants are a benchmark in the industry. An investor looks at a progressive company where his interest is safe and that too for a longer period of time. Havells has been consistently giving better results and constantly upgrading its product offerings, technology and manufacturing capabilities, thus ensuring investor confidence.

We have a slightly different view in this regard. Usually, people look at IT as a support function and therefore could outsource it to vendors. For us, IT is a strategic function and an intrinsic part of business and thus we have kept it in-house. I have noticed lately that some organizations have reviewed their decision of outsourcing IT to vendors. The role of IT has changed significantly and therefore IT has to be more proactive in offering solutions to various business issues and challenges. In some companies, talent retention could be a major reason for outsourcing the IT department but in our case there is no such issue.

Going forward, what does Havells India plan to achieve in 2014? I think our challenges would grow with growing competition and customer expectations. But we cannot rest on our laurels. One needs to be innovative, solution oriented, and offer best-in-class products. Customers do not buy products but a promise that the brand stands for. We must respect that promise and deliver products and services according to our clients’ expectations. Our growth has been based on new offerings from time to time, excellent quality of products, and unmatched customer service. We are pioneers in the industry in many ways. A few years back, we introduced the concept of an exclusive brand showroom called Havells Galaxy. Today, there are over 200 such galaxies across India contributing over Rs 450 crore to our revenue. Similarly, with the dream of offering the best customer service, we pioneered the concept of DoorStep Customer Service. The centralized call center operates in nine languages and our on-ground network offers direct service in over 300 towns of the country within 24 hours, and adjoining areas in 48 hours. CIO Send feedback to shantheri_mallaya@idgindia.com

VOL/9 | ISSUE/02

ESSENTIAL

technology ILLUSTRATION BY PHOTOS.COM

A CLOSER LOOK AT SOCIAL MEDIA

If you haven’t got on the social media bandwagon yet, your enterprise is probably missing out on plenty. Here are five ways social media can boost your business.

Social Media Ideas BY BOB VIOLINO

| If your company isn't fully taking advantage of social media, it might be missing out on opportunities to connect with customers, gain market share and bring needed talent into the organization. Experts say virtually every type of business can benefit from using social media as a business tool.“We really are seeing interest and the potential for business value across the board,” says Jeffrey Mann, research vice president at Gartner. “No one is immune, although it will be easier for some than others.” The most likely to see value, Mann says, are knowledge-based and highly collaborative industries such as media, education, consulting and high technology; industries or organizations that aren’t hamstrung by regulation; and organizations with younger employees who are accustomed to working with social media. Here are some ways organizations are leveraging social networking tools for business advantage.

SOCIAL MEDIA

Customer Acquisition and Increased Sales For many companies, particularly those aiming to reach a younger audience, having a strong social media presence can lead to increased revenue.

VOL/9 | ISSUE/02

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

131

ESSENTIAL technology

Spreadshirt, a fast-growing, Boston-based provider of custom T-shirts and other personalized apparel, is parleying popularity on Facebook into higher sales of its products. “One of our main initiative has been to convert visitors to our site into Facebook fans,” says Adam Lasky, marketing manager, North America, at Spreadshirt. “One of our goals [is] to increase our fan base with users who genuinely have an affinity for us, rather than merely acquiring low-value fans that never engage with our content.” To gain traction on social media, it’s important to make links to your sites easy to find. Spreadsheet had originally placed a Facebook fan icon low on its homepage, but once it moved the icon to a more noticeable location, it saw an increase in fans and social media engagement, Lasky says. “With conversion rates holding steady, revenue has increased due to a larger audience,” Lasky says. In its last promotion, the company saw 23 percent of all sales

CEO. “Since we produce digital content for much larger music software companies like Ableton and Propellerhead, our YouTube and Vimeo video demos often receive retweets or shares into their social media channels.” This sort of "piggyback" method is key, Gruss says, because it can instantly drive tens of thousands of targeted users to the company’s site, “without us spending a cent on advertising. I look at social media as our best initial source for getting potential customers into our sales ‘funnel’, and when those people are coming from software companies that we strategically partner with, the conversion rates are much, much higher.”

132

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

Of product management departments regularly view social media comments from consumers. SOURCE: TCS

Client Prospecting Social media can be an effective way to identify prospective customers. At the Canadian operation of global investment banking and diversified financial services firm Macquarie Group in Toronto, advisers use social media to communicate with clients, reach

“Both Twitter and Facebook have been instrumental in growing our revenue 300 percent year over year since we started,” says Ryan Gruss, founder and CEO of LoopLoft. come from social media, which was an improvement from its previous promotions— due largely to the fact that Spreadshirt increased its Facebook fan base. The company is looking to test exclusive offers on Facebook that contain deep discounts to standard products, starting with the basic T-shirt. Another company, LoopLoft, an online business in Boston that records and provides a range of loop samples for drums and other instruments, is seeing increased sales through social media. “Both Twitter and Facebook have been instrumental in growing our revenue 300 percent year over year since we started,” says Ryan Gruss, founder and

37%

out to prospects and demonstrate thought leadership in the industry, says Silu Modi, vice president of digital at the firm. Social media is “a fantastic, asynchronous avenue to communicate general updates and financial information with clients without being intrusive,” Modi says. “It frees up the e-mail channel for information that’s ‘important’ to read, and leaves the social channels for non-essential items.” The social communication forms the basis of prospecting, Modi says. “Advisers using LinkedIn can see if a prospect browsed across an adviser’s profile, indicating interest after an initial meeting,” he says. “Combining social communication with

other digital communication [such as an e-mail campaign with blog content], serve the basis for Macquarie’s Targeted Convergence prospecting model that helps take a prospect from channel to channel, providing more compelling information in each touch point.” While Modi couldn’t provide specific numbers about how the efforts have worked, “what I can say is that the advisers that have used social effectively have been able to track specifically which new clients made their initial contact via a social channel, which new clients followed them after an initial contact offline and the length of time between contact and new client signing,” he says. Until 2011, Modi says, the company’s policy stated that no professional communication was approved via social networks due to e-discovery and compliance requirements. According to the rules financial services firms must have a compliant archival mechanism in place for future discovery of any communications made by financial advisers. The firm deployed a compliance platform then launched its social media program. Social media “has become one of the most important prospecting and communication tools our advisers use,” Modi says. “My advice to other companies is don’t let the regulatory hurdles and bad [PR] stories scare you. Yes, it takes some elbow grease and sweat to get a social media pilot running in your organization. But with the right compliance platform, the right training and

VOL/9 | ISSUE/02

ESSENTIAL technology

the right pilot program, you’ll wonder how you ever did business without it.”

data, we have been able to determine more efficient promotional strategies.”

Customer Interaction

Internal Communications and Collaboration

Many companies are finding that social media is ideal for interacting with customers. Capriotti’s Sandwich Shop, Las Vegas, a franchised sub sandwich chain with more than 90 locations in 13 states, uses social media not only to promote limited-time offers and special deals, but to create buzz around its sandwiches and events by engaging with its online fan base. “We support our customers by listening and responding to their feedback and encouraging their passion for the Capriotti’s brand,” says Venessa McEvoy, marketing coordinator. “Social media provides a beachhead to reach out to our fans in emerging markets and to create conversations.” Capriotti’s follows its fan community wherever it goes online, but particularly Facebook and Twitter. “We build our community each day by monitoring our brand in real-time and treating people the same way we’d treat them in our shops,” McEvoy says. “Every day we read through posts looking for opportunities to engage our community by answering questions [and] providing support.” For example, if a customer says he is grabbing a sandwich for a road trip, the company thanks him and wishes the customer safe travels. “If people mention they’re craving Capriotti’s, we talk with them about what they’re taste buds are in the mood for,” McEvoy says. Capriotti’s measures the impact of its social media efforts regularly. “Our social media content management system, Social Office Suite, allows us to measure every post by category,” so the company can determine how particular posts perform. “For a recent promotion, we were able to measure how many people engaged with the promotion, how many people we responded to, how many posts were sent out, how many of those posts had links, and how much traffic was generated to the landing page,” McEvoy says. “Based on engagement from our community and this social media

VOL/9 | ISSUE/02

Organizations can deploy enterprise social media platforms to enhance communications among employees and with business partners. Consulting firm Deloitte predicts that by the end of 2013, more than 90 percent of Fortune 500 companies will have partially or fully implemented an enterprise social network, a 70 percent increase from 2011. These networks are internal platforms designed to foster collaboration, communication and knowledge-sharing among employees. Social tools such as Yammer and Sharepoint are popular tools for internal communication, says Hannah Morgan, owner of CareerSherpa.net, a site that provides advice on job searches, social networking, branding and other areas. She is also co-author of the book, Social Networking for Business Success. “These enterprise social

Business Continuity Social media can be an excellent communication channel within a business continuity or crisis management program, says Phil Samson, principal in the Risk Assurance practice at New York-based consulting firm PwC and the firm’s Business Continuity Management service leader. Social media can enable timely crisis event messaging to and from stakeholders such as employees, customers, and vendors, Samson says. It can also be used to coordinate incident response and recovery activities among those responsible for crisis management, business continuity and IT disaster recovery; and to communicate with the government's incident response organizations during crisis events. “Even organizations with nascent and uncoordinated social media programs can benefit from incorporating basic communication and monitoring elements into their business continuity/crisis management program,” Samson says. But PwC recommends avoiding the use of social media channels for certain critical

Capriotti’s Sandwich Shop uses social media to promote limited-time offers and special deals, and to create buzz around its sandwiches and events. networks decrease the quantity of emails to employees; supposedly increasing productivity,” she says. “When embraced and used wisely, leaders can build trust and win loyalty among their employees by sharing information through these tools.” Enterprise social networks were designed to be virtual water coolers, Morgan says, bringing together employees from different departments, getting rid of divisional silos for improved productivity and even uniting remote employees with their team members. “Like any tool, education needs to be provided to employees at all levels on how to best utilize the new communication mechanism,” Morgan says. “

communications that might compromise information and personnel security and privacy, Samson adds. The firm is practicing what it preaches. “We have our own social media channels we use during a crisis to communicate an office status,” such alternate work locations, Samson says. “We formally incorporated into our overall business continuity program the monitoring of government's incident response social media sites for information that helps us prepare and respond better to crisis events.” CIO Bob Violino is a freelance technology writer. Send feedback on this feature to editor@cio.in

REAL CIO WORLD | D E C E M B E R 1 5 , 2 0 1 3

133

The Innovation Forum 2013: Looking Ahead The Vodafone Global Enterprise - Innovation Forum set a platform for strategic thinkers and leaders to discuss their innovation roadmap. By Shweta Rao

oday’s uncertain economy and shrinking IT budgets are pushing business and technology leaders to do more with less. It’s now not enough to come up with great ideas. Companies must be able to turn those ideas into business value. Vodafone Global Enterprise, in association with IDG, conducted Innovation Forums across three cities – Bangalore, Delhi, and Mumbai – to unearth new perspectives of Innovation for the Enterprise. Concepts that would transform businesses over the next two to five year horizon were discussed mobility, everything connected, security, payments, m-analytics, consumerization to name a few. Chris Brown, who is part of the Enterprise Innovation Team at Vodafone, spoke about how innovation is in the DNA at Vodafone Global Enterprise. “We listen to where our customers want to be a few years from now. And then use our ingenuity to take them there. Vodafone Global Enterprise has been transforming businesses through innovation.” According to Future Agenda’s research, the world will have 6.5 billion mobile phone subscribers by 2015. “That’s roughly 91 percent of the world’s population. Soon, there’ll also be more mobile than office-based workers who will want to access business applications on their choice of device, platform, screen size, and location,” Brown added. By plunging head first into mobility, businesses can reduce expenditure and be more responsive to customer requirements. Empowering Customers Worldwide Brown then went on to elaborate how Vodafone Glob-

al Enterprise has consistently achieved innovation by turning ideas into value-driven services. The first of the many examples he showcased was around m-Health: SMS for Life. The idea germinated from Vodafone’s collaboration with Novartis, IBM, Roll Back Malaria Partnership, and Tanzania’s Ministry of Health. The solution was built around sending reminder SMSes to rural health facilities every week to update their anti-malaria stocks. “mHealth, which was piloted in 129 health facilities, reduced the number of stock-less facilities running in Tanzania by 84 percent in just five months. We estimate that an extra 30,000 people have received treatment, thanks to SMS for Life,” said Brown. Brown then detailed how Vodafone’s M-PESA was the first mobile payment solution that enabled customers in Kenya for financial transactions through their mobile phones. M-PESA, which was created in collaboration with Safaricom in 2007, empowered mobile customers by acting similar to a bank account. “This is how Vodafone’s innovation gave birth to a simple and practical solution that made a difference where it counts. In Kenya alone, it is estimated that almost a quarter of the population now uses M-PESA,” he said. He also spoke about how M-PESA is revolutionizing cash-less supply chain. M-PESA is now a fully rolled out offering for retail and enterprise customers in India as well. Brown then elaborated on how Vodafone Global Enterprise’s machine-to-machine (M2M) technology is transforming businesses on a global level. In a similar vein, Vodafone has also helped the world’s leading automotive navigation system manufacturer TomTom stay

About Vodafone Business Services Vodafone Business Services provides total telecommunications solutions that caters to all Voice and Data, Wireless and Wireline requirements of an Enterprise. Vodafone Business Services has over 4.5 million corporate customers in India and offers a wide range of products and services such as Wireline Data Solutions (Leased Circuits, MPLS VPN, Internet Leased Lines), Wireline Voice Solutions (Toll Free Services,

Office Wireline Voice), Mobile Data (Mobile Broadband, Mobile Email & Application Mobility solutions), Machine to Machine Solutions, International Roaming Solutions, Hosted Business Solutions (Vodafone Secure Device Manager, Hosted Email, Hosted Web Solutions, PC Security), Collaboration & Conferencing (Audio & Video Conferencing) & Enterprise Value Added Services that an enterprise needs.

“Bring your key people together with our innovation team, and we’ll explore how we can create the next big thing with you.” Chris Brown Sr. Enterprise Innovation Manager, Vodafone Global Enterprise ahead of the curve with its M2M technology. “Vodafone helped TomTom provide its customers with real-time updates to ease navigation,” said Brown. “Vodafone Global Enterprise serves the largest MNC’s and is committed to collaborate with customers and partners to develop Innovative Solutions that transform business” said Shali Thilakan, EVP – Vodafone Global Enterprise, India. The Road Ahead – An Open Discussion Good partnerships propel organizations forward. Brown discussed how global scale and reach have allowed Vodafone to be part of innovations across many industries. “Bring your key people together with our innovation team, and we’ll explore how we can create the next big thing with you,” he said. The participating leaders pitched in their thoughts on how they look at imbibing mobility into their Technology and Business roadmap. Brown then stressed that Indian CIOs need to move away from the mindset of looking at ROIs. “It takes people, ambition, and drive for a company to become innovative. M-PESA, as we see today, is no longer an idea in the Indian market. It’s actually very real. Like other markets, Indian consumers too are driving the change to innovation,” he said.

SPECIAL EVENT COVERAGE VODAFONE

Winning with Vodafone Vodafone’s focus on innovation has helped leading Indian organizations propel their business to great heights. At the Vodafone Innovation Forum, some of the biggest names of India Inc. spoke on their successful journeys with the telecom major. Need for Speed For an iconic name in motor sport – especially Formula One – McLaren’s strategy to arm itself with a competitive edge is a single factor: Speed. “We’re an innovative, fast-moving business, and Vodafone completely understands the need for communications to be equally rapid and flexible,” said Sam Michael, sporting director at McLaren. “Vodafone is our fully integrated partner. By empowering machine-to-machine (M2M) communication, Vodafone has enabled real-time data transfer from ambulances to ICUs where doctors can see patients’ diagnostics as they approach hospitals during emergency,” said Mark Norris, title partner and race operations manager at McLaren Marketing. McLaren now also enjoys a lean and streamlined telecom solution that provides a platform for growth. Direct to Customer Foresight and innovation in approach are ingredients for a breakthrough enterprise strategy. SITI Cable, One of India’s Leading Multi System Operator (MSO) is a pioneer in the Cable TV space. “The ongoing digitization mandate has made it compulsory for an MSO to provide digital TV signals to the consumer. This requires a massive transformation of an age-old ecosystem at operators end. At SITI Cable, we are constantly upgrading our technical infrastructure and service bouquet to provide our consumers with an uninterrupted access to entertainment, enhanced TV viewing experience, more channels, power to choose the channels and more. Vodafone is our valuable partner in the digitization drive and are working closely with us for a future ready solution to carry digital video feeds to every nook and corner of the country” said Sanjay Jindal, CTO at SITI Cable Network. Simplifying Business Transactions Customer experience has become the fuel that drives Innovation. With over 3,500 branches, ICICI India’s second largest bank was looking for an innovation of just that kind. “About three years ago, our first point of customer interaction - account opening, took 7 -8 days “said Sandeep Sethi, GM-Service

Improvement & Innovation Group, ICICI Bank. “After rigorous process improvement this was reduced to 4 days.” There was still scope for improvement. The best way was to automate the entire process.”We conceptualized a toolkit and with the help of Vodafone’s expertise, we were able to eliminate connectivity and data transmission issues. The toolkit consists of a high end tablet equipped with 3G connectivity and pre-loaded sales collateral in the form of videos. It also includes a customised application that helps capture KYC details quickly and accurately which are uploaded to the backend systems in real time,” he said. The Tab Banking project piloted in Pune, delivered clear benefits from day one, and the Indian banking giant has empowered about 10,000 sales officers with these toolkits so far. “We have tested the solution (both on 2G & 3G networks) in 29 cities, and Vodafone is involved with us for 80% of it,” he said. Changing the Game To CIOs, true innovation is driven by competitive pressure and the desire for immediate value recognition. “At Quintiles - the world’s largest provider of biopharmaceutical development and commercial outsourcing services, the internal Global IT team supports its staff working with customers through every phase of drug development and lifecycle management. Given the large number of clinical fields and extensive patient populations involved in pharmaceutical R&D, Quintiles employees work with enormous amounts and types of data. These data-intensive operations demanded a robust Virtual Desktop Infrastructure (VDI) solution. When we started, we had a very specific business use case for deploying VDI. Then this idea just grew to BYOD and Mobile Device Management (MDM),” said Srikanth Katuri, Director and Head IT, India and Srilanka at Quintiles. Today, the VDI solution has been deployed to 12000 Quintiles employees globally, with more being added almost daily. Driving Innovation Mahindra Reva, a part of the $15.9 billion (about Rs 96,990 crore) Mahindra Group, is a global leader in electric vehicle technology. Vodafone partnered with the company when the latter unveiled its all-electric, zero-emission electric car e2o to equip it with modern telematics. “Our journey began in Europe in 2009, when we created the first-generation of our telematics platform. Today, Vodafone provides us with M2M communication services for the e2o, making it a truly ‘connected car’,” said Kartik Gopal, GM-Mobility Solutions and Business Development, Mahindra Reva Electric Vehicles. “The installed telematics helps with a mobile app that provides

Sam Michael, Sporting Director, McLaren

Sandeep Sethi, GM-Service Improvement & Innovation Group, ICICI Bank

Kartik Gopal, GM-Mobility Solutions & Business Development, Mahindra Reva

Srikanth Katuri, Director and Head IT, India and Sri Lanka, Quintiles Technologies

Sanjay Jindal, CTO, Siti Cable Network Ltd info on battery usage, lock or unlock car door, find the nearest charging station, and enable emergency boost charge to go an extra 8 to 10 kilometer.” The Innovation Forums, thus, helped Indian technology and business leaders understand how to take the lead by securing a highly interconnected and mobile future, where innovation fuels the business.

IDG SERVICES

endlines INNOVATION

* BY EVAN DASHEVSKY

Volvo unveiled a potentially game-obliterating technology for electric and hybrid cars. The multi-year project, funded by the EU and conducted in coordination with the Imperial College, London, has created rechargeable batteries that can be embedded into a car's outer paneling. The technology consists of "structural supercapacitors" that the company claims are not only lighter and less voluminous than a traditional car battery, but can charge and store energy faster. The new material utilizes reinforced carbon fibers and pliant nanostructured batteries, which can be molded into the various parts of a car's exterior including doors panels and trunk lids. Like current rechargeable batteries, the moldable batteries can be juiced up by using brake energy or by plugging into the grid. In the course of the study, the research engineers tested a Volvo S80 in which the boot lid and plenum cover were replaced with the new batteries. These batteries were powerful enough to supply energy to the car's 12-Volt system. According to the researchers, a complete substitution of the car's existing components with the new material could cut the vehicle's overall weight by more than 15 percent.

136

D E C E M B E R 1 5 , 2 0 1 3 | REAL CIO WORLD

VOL/9 | ISSUE/02

IMAGE BY MAST ERFIL E

Bye Bye Battery?