FOCAL POINT: A deep dive into the benefits and building blocks of identity management. >>> PAGE 33
ChannelWorld STRATEGIC INSIGHTS FOR SOLUTION PROVIDERS | COVER PRICE Rs. 50
VASUDEVAN SUBRAMANIAM, MD, New Wave Computing, says partner programs should have an opportunity lock-in system, which will protect them from losing deals.
Inside OCTOBER 2013 VOL. 7, ISSUE 7
News Analysis
The IT community, the world over, could be looking at a new dawn at Microsoft. PAGE 10 On Record: Bob Flynn, President and GM, Attachmate and Novell Business Units, speaks about how the company is re-imaging itself with new technology products. PAGE 18
RULES OF ENGAGEMENT
A look at the channel partner programs that you love and hate. >>> Page 22
The Grill: David Webster, President-Asia Pacific and Japan and SVP, EMC, speaks on the company’s focus on the cloud, big data, and partner enhancement. PAGE 15
Opinion
What do you do when you have to work with stakeholders you can’t get along with? PAGE 17
Feature
Mobility touches multiple facets of IT. In such a scenario, does it make sense to put one person in charge of it all? PAGE 30
CHANNELWORLD.IN
n EDITOR’S NOTE
Vijay Ramachandran The Delivery Agenda
I
F YOU listen to some purveyors of doom, then the
past four years have been the worst for the Indian enterprise IT landscape. IT budgets have shrunk they’ll observe, while making clucking noises about the fate of solution providers. I buy that your plays are no longer as easy as they used to be. I buy that enterprise IT budgets have gone southward. I buy that sales cycles have gone up. But I refuse to believe that this means that all you can do is curl up and die. What rot indeed! How the do you explain that in the past four years CIOs have annually delivered on average three-anda-half times the number of projects than in the pre-slowdown era? How are these projects getting funded, eh? In fact, if anything, as near-term business horizons have shrunk, multiple projects, fast rollouts, fewer people, and increasing change requests from business have stressed the delivery capabilities of enterprise IT teams. The four mega trends in enterprise IT this year are cloud, analytics, mobility and enterprise social media. IDG research validates this. But, you don’t need to commission a survey to discover this. What our research also reveals, interestingly, is that these trends have led to a surge in a fifth—sourcing.
There is currently an acute skillset gap within IT departments regarding the very same technologies mentioned above. A gap so fundamental that it dooms the best of intentions that an organization might have for these technologies. The other reality is that IT teams bled talent in the five- to 15-year work experience range between 2009 and 2011. Talent, which in many cases hasn’t been replaced. Not directly, in any case.
n Outcome-
based IT has fast become the new enterprise norm, with business end goals dictating what, how, why, and when IT gets leveraged.
And, finally, outcomebased IT has fast become the new enterprise norm, with business end goals dictating what, how, why, and when IT gets leveraged. As a consequence, the approach towards deployment is rapidly shifting from an ‘as is-transition-to-be’ model which involved selecting a product or service, customizing it, and deploying the solution; to a paradigm that begins with identifying a business outcome, selecting the right product for the job, and finally adopting it in a best-practices or template model (with no customization). So the equation in enterprises works out to delivering more and more business projects in shorter and shorter timelines with fewer and fewer people in technology domains that internal IT teams do
not understand well. How does a CIO stay true to the promise to business of scale, of speed, of responsiveness? With efficiencies and effectiveness both coming into play, Indian organizations will get more agnostic about how they source and deliver their IT. This is going to be as much about gaining new capabilities, improving organizational focus, and delivery speed, as it will be about reigning in operational cost. The days of “my IT team knows best” are fast coming to a close, as enterprises look to third-party IT providers to fill in the talent, deadline, and budgetary gaps that now exist. The answer for most CIOs thus lies in breaching the perimeter. It lies in a greater reliance on thirdparty IT than ever before. It means not being a fanatic about where they source IT from—traditional outsourcing, consult, managed services, the public cloud, body shops—as long as they can respond to the business ask. This then has to be the beginnings of a blueprint to tap into what your clients might really want from you. The question is: Are you ready to deliver this? Vijay Ramachandran is the Editor-in-Chief of ChannelWorld. Contact him at vijay_ramachandran@ idgindia.com
OCTOBER 2013
INDIAN CHANNELWORLD
3
FOR BREAKING NEWS, GO TO CHANNELWORLD.IN
Inside INDIAN CHANNELWORLD n OCTOBER 2013
■ NEWS DIGEST
■ NEWS ANALYSIS
07 Juniper Kills a Product Line | Juniper has killed a high-profile
10 Who is Taking Over Microsoft? | Speculation is sizzling over who will
take over as Microsoft’s CEO. The IT community, the world over, could be looking at a new dawn at Microsoft.
■ OPINION 03 Editorial: Vijay Ramachandran
believes outcome-based IT has fast become the new enterprise norm, with business end goals dictating what, how, why, and when IT gets leveraged. product for the core of mobile operator networks after combining business units to focus on growth opportunities. 07 SDN Leads to Layoffs | SDN
is taking a toll on Brocade. The datacenter networking company laid off 300 employees, or about 6.7 percent of its global workforce. The workforce reduction is due to a realignment of resources. 08 Worldwide Server Sales Decline in Q2 | The server business
17 Paul Glen: What do you do when
you have to work with stakeholders you can’t get along with? Don’t throw the towel in. Here are some clues. 38 Preston Gralla: Microsoft has
fallen off the saddle. To get back up, it will need to look at someone other than Gates—and soon. This is, probably, the only way it can salvage some pride after taking a beating in most of its recent ventures.
■ THE GRILL
15 David Webster, President-
Asia Pacific and Japan and Senior Vice President, EMC, speaks on the company’s focus on the cloud, big data, and partner enhancement. The company, he says, will focus on keeping things simple and predictable.
continued to slide in the second quarter with worldwide revenue and unit sales down, IDC said. Unit shipments were down 1.2 percent after falling in the previous two quarters. 08 VMware Brings Suse Linux to its Cloud | The VMware vCloud Hybrid
■ COVER STORY
22 The Rules of
Engagement
The conventions that govern a vendor-partner relationship go beyond the ordinary. Amid the mish mash of the dollarrupee yo-yo and a host of other political imbroglios the terms of channel engagement need to keep pace and stay relevant with the new realities of economics. They have to be built on the foundation of a sturdy partner program that ensures it’s long-lasting, fruitful, and relevant. Here’s a look at partner programs that you love and hate.
■ CASE STUDY
Service will start offering a Suse Linux Enterprise Server by year end. Cover Design by UNNIKRISHNAN A.V
22
28 The Scent of Success
15
How Mumbai-based Antraweb Technologies got perfume manufacturer Hertz Chemicals to invest in an ERP solution it needed, but wasn’t sure about.
FOR BREAKING NEWS, GO TO CHANNELWORLD.IN
Inside
CHANNELWORLD Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India
CHANNELWORLD.IN
Publisher, President & CEO Louis D’Mello
INDIAN CHANNELWORLD n OCTOBER 2013
n EDITORIAL
■ FAST TRACK
14 Dr. Kaustubh Chokshi, Director, Deja-Vu
Solutions, says that diversifiying into new technology
■ FOCAL POINT
33 In Safe Hands IDENTITY MANAGEMENT: Identity
helped the company grow. The SI provides various customized and scalable solutions.
management is the single most important aspect of your organization’s security profile. Done well, it can ensure with reasonable confidence that the people who access your network are who they claim to be and have the access privileges they are trying to assert. If someone attempts to gain unauthorized access to information or systems, a good identity system will leave an audit trail for you to follow.
■ ON RECORD
■ FEATURE
and Novell Business Units, speaks about
30 Who Holds the Reins?
18 Bob Flynn, President and GM, Attachmate
MOBILITY: Mobility is a matrix of madness
Editor-in-Chief Vijay Ramachandran Managing Editor T.M. Arun Kumar Executive Editor Gunjan Trivedi Associate Editors Sunil Shah,Yogesh Gupta Features Editor Shardha Subramanian Special Correspondents Gopal Kishore, Radhika Nallayam, Shantheri Mallaya Principal Correspondents Anup Varier, Debarati Roy, Sneha Jha, Varsha Chidambaram Senior Correspondents Aritra Sarkhel, Eric Ernest, Ershad Kaleebullah, Shubhra Rishi, Shweta Rao Senior Copy Editors Shreehari Paliath, Vinay Kumaar Lead Designers Jinan K.V., Pradeep Gulur, Suresh Nair, Vikas Kapoor Senior Designers Sabrina Naresh, Unnikrishnan A.V. n SALES
& MARKETING
President Sales & Marketing Sudhir Kamath Vice President Sales Sudhir Argula Vice President Special Projects Parul Singh General Manager Marketing Siddharth Singh General Manager Sales Jaideep M. Manager Key Accounts Runjhun Kulshrestha, Sakshee Bagri Manager Marketing Ajay Chakravarthy Manager Sales Support Nadira Hyder Senior Marketing Associates Anuradha H. Iyer, Archana Ganapathy, Benjamin Jeevanraj, Rima Biswas, Saurabh Patil Marketing Associate Arjun Punchappady, Cleanne Serrao, Lavneetha Kunjappa, Margarate D’costa, Nikita Oliver, Shwetha M. Lead Designer Jithesh C.C. Senior Designer Laaljith C.K. n OPERATIONS
how the company is re-imaging itself with new technology products.
for enterprise IT. Considering that mobility touches multiple facets of IT, how do you manage it all? In such a scenario, does it make sense to put one person in charge of it all?
ADVERTISERS’ INDEX Dell India Pvt. Ltd . . . . . . . . . . . . . . . . . . . . . . . . . IBC
Grass Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
EMC IT Solutions India Pvt Ltd . . . Cover on Cover
HP IPG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IFC
Emerson Network Power India Pvt. Ltd . . . . . . . . BC
Juniper Networks India Pvt.Ltd . . . . . . . . . . 12 & 13
Epson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
NetApp India Marketing & Services Pvt. Ltd. . . . 20 & 21
This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company. Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. Editor: Louis D’Mello, Printed At Manipal Press Ltd, Press Corner, Manipal-576104, Karnataka, India.
Vice President HR & Operations Rupesh Sreedharan Financial Controller Sivaramakrishnan T.P. CIO Pavan Mehra Senior Manager Operations: Ajay Adhikari, Chetan Acharya, Pooja Chhabra Senior Manager Accounts Sasi Kumar V. Senior Manager Production T.K. Karunakaran Senior Manager IT Satish Apagundi Manager Operations Dinesh P., Tharuna Paul Manager Credit Control Prachi Gupta Sr. Accounts Executive Poornima n OFFICES
Bangalore IDG Media Pvt. Ltd. Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Karnataka Tel: 080-30530300. Fax: 080-30586065 Delhi IDG Media Pvt. Ltd. DLF Corporate Park, Tower 4 B, 3rd Floor, Room 301, MG Road, DLF Phase 3, Gurgaon- 122001, Haryana Tel: 0124- 3881015 Mumbai IDG Media Pvt. Ltd. 201, Madhava, Bandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra Tel: 022-30685000. Fax: 022-30685023
News
WHAT’S WITHIN
PAGE 08: Worldwide Server Sales Decline in Q2
PAGE 08: VMware Brings Suse Linux to its Cloud
PAGE 10: Who Will Take Over as Microsoft’s CEO? F I N D M O R E A R T I C L E S AT CHANNELWORLD.IN
NETWORKING
Juniper Kills a Product Line
J
UNIPER HAS killed
a high-profile product for the core of mobile operator networks after combining business units to focus on potential growth opportunities. Juniper has exterminated or what it calls end-of-lifed (EOL) its MobileNext mobile packet core product line, software introduced in 2009 as part of “Project Falcon” for its MX edge routers that was designed to enable noninterrupted delivery of highdefinition voice and video to users over 2G/3G and LTE mobile networks. MobileNext was launched at Mobile
World Congress in early 2011 to allow Juniper’s MX 3D to function as a broadband gateway, an authentication and management control plane for 2G/3G and LTE mobile packet cores, and as a policy manager for subscriber management systems. MobileNext was intended to compete with Cisco’s ASR 5000 LTE gateway, obtained from its acquisition of Starent. But the product was struggling to gain traction in the market and was one of a handful of new Juniper products straining company financials as it went through lengthy evaluation cycles
with potential customers. Juniper is killing the entire MobileNext offering, which consists of three products: The Mobile Broadband Gateway; the Mobile Control Gateway; and the Mobile Policy Manager. The company claims, however, that its mobility strategy for the operator core remains intact. “We have made the decision to end-of-life the MobileNext solution,” a Juniper spokesperson says. “However, our strategy remains unchanged: To virtualize mobile networks and deliver innovation through our existing portfolio of backhaul, security, routing and edge services with products such as the MX Series 3D Universal Edge Routers, SRX Series Services Gateways and JunosV App Engine software virtualization platform. We will continue to work with our partners to deliver best-in-class solutions that help customers improve network economics and accelerate delivery of new mobile services.” Juniper will now address mobile packet core requirements through SDN and network functions virtualization (NFV) capabilities, according to an internal memo authored by Daniel Hua, senior vice president of Juniper’s Routing Business Unit.
OCTOBER 2013
—Jim Duffy INDIAN CHANNELWORLD
7
NETWORKING
SDN Leads to Layoffs SDN is taking a toll on Brocade. The datacenter networking company laid off 300 employees, or about 6.7 percent of its global workforce. The workforce reduction is due to a realignment of resources to pursue “previously announced datacenter and software-defined networking strategies and cost-reduction initiatives,” according to an 8-K document
filed with the Securities and Exchange Commission. Brocade aired its SDN strategy in May, 2012. It includes implementing OpenFlow in “hybrid mode”support for overlay network virtualization technologies such as NVGRE and VXLAN, and a partnership with NEC. Meanwhile, Brocade is involved in the OpenDaylight open source SDN consortium work. —Jim Duffy
-
SERVERS
Worldwide Server Sales Decline in Q2
T
HE SERVER busi-
The slowing demand is ness continued to a combination of factors slide in the second including consolidation, quarter with worldvirtualization, and migrawide revenue and unit sales tion initiatives by maindown, IDC said. stream small and medium Revenue was down 6.2 businesses and enterprise per cent to $11.9 billion customers, and dampening (about Rs 77,280 crore) in demand for new IT projects the second consecutive in difficult economic condiquarter of yeartions. Top server over-year devendors tried to cline, as demand offset weak defor servers conmand for higheris the server revenue decline for the second tinued to soften margin Unix and consecutive quarter in most geoblade servers year-over-year. graphic regions, with lower-marthe research firm gin rack and denSource: IDC said. Unit shipsity optimized ments were also down 1.2 servers, IDC said. percent to 2 million, after IBM held the number also falling in the previous one position in the server two quarters. market with a 27.9 percent The highest fall in revshare of revenue, but its enue was in mid-range share was down from over systems, which dipped by 29 percent last year. The about 22 percent year-overcompany’s server revenue year, while volume systems fell in the quarter by 10 had a 2.4 percent revenue percent year-over-year decline and revenue from because of low demand for high-end systems dipped System x and Power Sys9.5 percent in the quarter tems. IBM’s System z mainended June. frame running z/OS, how-
6.2%
ever, had a third consecutive quarter of growth, with revenue up by 9.9 percent year-over-year to $1.2 billion (about Rs 6,000 crore). The mainframe accounted for 9.8 percent of server revenue in the quarter. HP held the number two position with a smaller market share of close to 26 percent, after a year-on-year decline in revenue of 17.5 percent as a result of poor demand for x86-based ProLiant servers and continued decline in demand for HP Integrity servers. Dell fared better, growing its server market share to 18.8 percent, its highest ever in any quarter, from 16 percent last year, to retain the third spot. Dell’s server revenue grew 10.3 percent in the quarter. Rival Oracle held the fourth position with 6 percent market share followed by Cisco Systems at number five with 4.5 percent share after a close to 43 percent growth in revenue. Cisco had a statistical tie with Fujitsu in the last quarter. Revenue from density optimized servers, used in large hyperscale datacenters, surged 26.6 percent year-on-year. —John Ribeiro
CLOUD COMPUTING
VMware Brings Suse Linux to its Cloud The newly launched VMware vCloud Hybrid Service will start offering a fully supported Suse Linux Enterprise Server by the end of the year, making it the first commercially supported Linux OS that the cloud service plans to offer. “We have a lot of customers already running Suse Linux in their private datacenters who are look8
ing to move to public clouds. They will now be able to use the same tools that they use to manage their [private VMware] to manage their instances in the public VMware cloud,” said Frank Rego, Suse’s VMware alliance manager. Suse announced the pending offer at VMware’s VMworld annual user conference. VMware formally launched its vCloud
INDIAN CHANNELWORLD OCTOBER 2013
UP AND UP: VMware to offer a Suse Linux Enterprise Server
Hybrid Service, an IaaS that the company announced in May. Customers of VMware’s cloud service will be able to purchase, from VMware, a monthly sup-
Short Takes HP India announced an expanded big data portfolio designed to enable organizations to gain better insight into their data and deliver real-time outcomes. As a part of its big data strategy, HP announced HAVEn, a big data analytics platform, which leverages HP’s analytics software, hardware, and services to create the next generation of big data-ready analytics applications and solutions. g
IBM and the DelhiMumbai Industrial Corridor Development Corporation (DMICDC), announced the completion of a digital plan for Dighi Port Industrial Area, Maharashtra. It’s working with DMICDC to support government of India by helping build smarter and sustainable cities. g
VMware announced the appointment of Sanjay Mirchandani to the post of senior vice president and general manager. He will head the VMware Asia Pacific & Japan (APJ) business, effective October 14, 2013. g
port subscription for Suse Linux Enterprise Server (SLES). The subscription will provide patches and updates for the OS. The advantage that the vCloud Hybrid Service will offer Suse users is ease of shifting their Suse instances between in-house and the hosted service, Rego said. Because both the cloud and on-premise instances will run on VMware’s ESX hypervisor, they both can be managed from the VMware vCenter and vCloud management consoles. —Joab Jackson
200mm
267mm
are yourext ended Sal es Force?
Gr a s sRoot sde s i gns ,i mpl e me nt sa ndma na ge sc ha nne l i nc e nt i v e pr ogr a mst or e i nf or c es uc hbe ha v i our st ha tdr i v ebus i ne s spe r f or ma nc e . Tok nowhowt oi nc l udeCha nne l Pa r t ne re mpl oy e e si ny our i nc e nt i v epr ogr a m,e f f e c t i v e l y ,c a l l usnow.
www. gr as s r oot s i ndi a. i n
n NEWS ANALYSIS
Who’s Taking Over Microsoft?
Speculation is sizzling over who will take over as Microsoft’s CEO. The IT community, the world over, could be looking at a new dawn at Microsoft. By Juan Carlos Perez
10
G
UESSING WHO will
be Steve Ballmer’s replacement has become a new tech industry pastime. Ballmer’s announcement that he will retire within the next 12 months has unleashed strong, conflicting emotions—tension and relief, sadness and joy, uncertainty and excitement— among Microsoft employees, customers, partners, investors, and observers. After all, there has never been much drama regarding the CEO post at Microsoft. There was little doubt Ballmer would get it when co-founder Bill Gates handed it over in 2000. Ballmer had been for many years his second-in-command. The situation is much different today. Ballmer has no heir apparent, and his retirement announcement took many by surprise. It had been assumed he’d stay
INDIAN CHANNELWORLD OCTOBER 2013
at the helm at least for several more years, especially since he unveiled a major company reorganization just recently. “There’s no clear person that’s been groomed for this,” said Charlene Li, an Altimeter Group analyst. Thus, the field is wide open, with a number of compelling candidates both inside and outside of the company. What complicates the guessing game is that it’s not clear what board directors and the newly created CEO search committee are thinking. “The real question becomes whether Microsoft’s board wants the company to continue on its current trajectory, or whether it wants to take this opportunity to bring in an outsider with a visionary perspective,” IDC analyst Al Gillen wrote in a research note. If the board wants the successor to continue executing on Ballmer’s reorganization, which seeks to make Microsoft operate more cohesively and transform itself from a software company into a provider of devices and services, it would be logical to look inside the company. On the other hand, if the board wants Ballmer’s strategy to be revised and altered, the replacement should come from the outside. What’s clear is that whoever is picked will inherit a few big, well-known challenges,
including Windows’ weak position in the tablet and smartphone OS market; the dismal sales of the Surface tablet; and the years-long dilemma of whether to port Office fully to iOS and Android and risk hurting Windows’ appeal. Ballmer’s successor will also be expected to display much finer vision, so that Microsoft can be ahead in innovation and jump on hot opportunities early, instead of playing catch-up as it has in many instances during his time as CEO. Investors in particular have been impatient for years over the company’s stock price, although Microsoft has had robust profit and revenue growth under Ballmer. With that in mind, industry watchers have a variety of ideas on what the ideal profile of Microsoft’s next CEO should be, but no one is considered a front-runner. A logical choice within Microsoft is Satya Nadella, executive vice president of the new Cloud and Enterprise Division, who has earned widespread praise for the quality and for the sales of the products of the recently dissolved Servers and Tools Division. “Nadella has done a fantastic job there,” said David Johnson, a Forrester Research analyst. Specifically, Nadella has led the effort to make Windows Azure a major player in the PaaS (platform as a service) and IaaS (infrastructure as a service) markets. “Satya is a natural leader, and unlike Ballmer, he brings engineering chops,” Johnson said, noting that in addition to computer science and engineering degrees, Nadella also has an MBA. For Gillen, another viable internal
candidate would be Kevin Turner, the company’s chief operating officer, who was CIO at Walmart and CEO of Sam’s Club. Nucleus Research analyst Rebecca Wettemann said she would look inside the company for a topnotch technology visionary, a stellar engineer with a deep understanding of the business, of the mistakes that have been made and of the emerging technology cooking in the company’s research and development division. “I’d look for someone who can drive innovation and can take Microsoft back to its era of technology leadership,” she said, declining to name names.
WHO ELSE? In addition to Nadella, there are other top Ballmer lieutenants whose names have been floated around in recent days, including Operating Systems Engineering Group leader Terry Myerson; Devices and Studios Engineering Group chief Julie Larson-Green; Applications and Services Engineering Group leader Qi Lu; marketing head Tami Reller; and Tony Bates, the former Skype president who was just named leader of the Business Development and Evangelism Group. Other analysts believe Microsoft should hire an outsider who can arrive with a fresh perspective. “They need someone who can be the marketing face of Microsoft, much like Ballmer was, while also pushing innovation,” said analyst Jack Gold from J. Gold Associates. Google and Apple would be good places to scout for candidates, but above all, Microsoft should avoid “recycled” CEOs like former
W
Five Possible Heirs
HO will replace Microsoft chief executive Steve Ballmer? Microsoft’s executive committee has up to a year to decide and a pantheon of candidates from which to choose.Who might be next in line to replace Ballmer? A few candidates: Julie Larson-Green: On the surface, Larson-Green would probably have the inside track. As executive vice president in charge of devices and studios, Larson-Green oversees the company’s hardware businesses, including the Xbox and Surface; she also directs the content studios that run on them. She most recently led the product planning, design and delivery of Windows 7, Windows 8, and Windows 8.1, as well as the rapid release cadence that now characterizes the Windows environment. Qi Lu: As the executive vice president of Microsoft’s Applications and Services Group, Lu is responsible for tying together Office, Bing, SharePoint, and a number of other services within Microsoft. As such, he’s the “services guy” that Microsoft could elevate to the top role. HP chiefs Carly Fiorina and Mark Hurd, he said. “They need someone to shake the place up and get the creative juices flowing,” he said. A good choice could be Stephen Elop, Nokia’s CEO, who previously was president of Microsoft’s Business Division in charge of Office and a member of its senior leadership team. “Appointing him would signal that the board was finally getting serious about mobile,” Gold said. A very good but unlikely option would be Eric Schmidt, the former Google
Terry Myerson: Myerson’s job is to lead Microsoft’s OS vision as executive vice president of the Operating Systems Group. Myerson’s task has been to design in commonality within the Windows, Windows Phone, and Xbox operating systems. Stephen Elop: Elop formerly led Microsoft’s business division, the home of the seemingly perpetually profitable Microsoft. But Elop also jumped ship to join Nokia, after what some described as dissatisfaction with Microsoft. Steve Sinofsky: Sinofsky, who was recently named a partner at Andreessen Horowitz, abruptly exited Microsoft after the Windows 8 launch and has not spoken publicly of his departure. Although Larson-Green is credited with the rollout of Windows 8, Sinofsky designed it—and again, how the board sees the OS may affect whether or not Sinofsky is invited back. What seems clear is that Microsoft won’t wait the full 12 months to name a replacement. Establishing a successor early allows an informal or formal transition team to take place. —Mark Hachman CEO who has remained with the search company as its executive chairman. Schmidt steered Google during its dizzying growth from 2001 to 2011, when it went from being a small, privately held startup to become one of the world’s most profitable and powerful companies. Prior to that, Schmidt was Novell’s chairman and CEO and Sun Microsystems’ CTO. “I’m not sure he’d want to leave Google, given how well it’s doing. He’s the firm hand behind the creativity. Given the right incentive,
you never know,” Gold said. Another attractive candidate would be Jon Rubinstein, who played a key part in Apple’s iPod development and later became CEO of Palm before it was sold to HP. He’s now a board director at Qualcomm. “He is a known innovator and has a big focus on mobility, which is what Microsoft needs,” Gold said. Altimeter Group’s Li thinks another good option would be Kevin Johnson, who is retiring as Juniper Networks CEO and who worked for 16 years at Microsoft, where he led the then-Platforms and Services Division, which included Windows and online services. Li said another option would be Paul Maritz, who was CEO of VMware until last year, remains on its board and prior to that was also a high-level executive at Microsoft. Forrester’s Johnson concurs.”Maritz is a brilliant visionary” in the areas of cloud apps and virtualization, he said. Microsoft could also consider Facebook’s Chief Operating Officer Sheryl Sandberg, who may be ready to take the next step and move into a CEO role, Li said. The company could also consider bringing back Steven Sinofsky, she said. Sinofsky was in charge of Windows 8’s development and quit rather abruptly in November of last year, weeks after the product was officially released. “What I’d look for first in a candidate is innovation and risk-taking,” Li said. “There’s a sense that Microsoft has played it pretty safe, relying on the Office and Windows franchises. The next CEO will have to place some pretty big bets.”
OCTOBER 2013
INDIAN CHANNELWORLD
11
Manoj Kanodia, CEO, Inspira, says the company’s networking and security business has grown by leaps and bounds across India, and that Juniper
Networks has helped Inspira get there.
NETWORKING PIONEER
How has your journey been with Juniper Networks so far? We started our journey with Juniper Networks in early 2012 and we have achieved the highest level of partnership. We are Juniper Networks’ full portfolio “Elite” partner and Juniper Operate Specialist partner. Our partnership has grown multi-fold as we have won many large networking deals within a short period of time. We have been a networking-led systems integrator, so the adoption to Juniper Networks’ business has been fast and fruitful. Juniper Networks is a very important vendor in our portfolio and we have invested in resources and trained people for this business. We have also built a team for support capabilities as we expect significant growth doing business with the company. We have invested in a dedicated sales team as well. In your opinion, what has changed in terms of technology consumption at your customer’s end? How is Juniper Networks helping address those demands? Today, domestic IT consumption is increasing and several initiatives are in the works to address trends like migration of IPv6, security, and
Let’s Build the Best showcases stories of channel partners who have benefited from their relationship with Juniper Networks.
virtualization to name a few. These trends are being extensively discussed and evaluated by CIOs in the BFSI and government verticals. With the help of Juniper Networks, we are educating the right stakeholders on technology innovations and best practices which can enable them to adopt these new trends. Another change that we are witnessing in the networking space is around the need for more competent vendors. There is a need for change as customers are looking for value-for-money solutions from a competing vendor. That is a huge opportunity for technology vendors like Juniper Networks and its partners. Juniper Networks is very well placed to address this underlying demand in the enterprise market. Being associated with it will allow us to leverage its technology capabilities and, in turn, strengthen our relationship. Which verticals, according to you, will help you execute more business in the networking domain? As I said, Government and BFSI are key verticals for us. We focus on large networking-driven projects across these segments. In the government sector, there’s demand for technologies around networking and switching and that’s because the sector is currently undergoing the upgradation phase. The segment has still not matured with respect to new technologies like cloud computing and software-defined networks. Banks, too, are open to evaluating multiple OEM’s. Juniper Networks is coming good in the BFSI space too. Could you highlight some projects which demonstrated Juniper Networks’ value proposition? A large public sector unit recently started deploying one of the largest networks in India, as part of a large modernization initiative. Inspira played a key role in bringing the right set of networking technologies to address the customer’s challenges. This solution will connect over 30,000 locations across India, making it the country’s single largest WAN architecture. A major part of that success is attributed
“We started our journey with Inspira in early 2012. They have achieved a full portfolio ‘Elite’ Partnership title with us. Since then, we have been able to explore various new verticals with Inspira by driving focused investments and programs. Together, we have built a strong pipeline in government and PSU verticals by positioning all Juniper Networks solutions. We look forward to a great partnership with Inspira.” — Jitendra Gupta , Director Partner Sales (India & South Asia ), Juniper Networks
to Juniper Networks’ value proposition in switching and security. It is synonymous with building fast routers and its scalable switching fabric and enhanced security portfolio helped us build a winning combination. We expect to execute similar projects owing to this win. Software-defined networking is a buzz word today. Do you see enterprises showing interest in Juniper Networks’ messaging around it? Inspira understands and acknowledges Juniper Networks’ software-defined networking vision in transforming current complex networks in line with the changing needs of its enterprise customers. Juniper Networks’ Contrail is a simple, open, and agile softwaredefined networking solution that automates and orchestrates the creation of highly scalable virtual networks. Inspira, over the years, has focused on and undertaken several datacenter initia-
tives and finds Juniper Networks’ softwaredefined networking strategy to be very disruptive in this domain. We have started initial discussions on the benefits of agile networks with select customers and plan to build a proof-of-concept to showcase the same. Also, Junos—a strong USP of Juniper Networks—is witnessing increased acceptance across enterprises. Customers are open to evaluation and adoption of this new technology platform. How would you rate Juniper Networks in terms of its channel strategy? Inspira works with many OEMs. We truly believe that the partnership model at Juniper Networks is channel-friendly, which is an encouraging sign for a channel partner like us. This, in turn, has reflected on the success of our partnership within a short span of time. Juniper Networks has a relatively small team compared to its competing vendors in India. Hence, interpersonal conversations facilitate us to handle and manage relationships between both teams. This, in turn, helps us win more deals. How much does your networking business contribute to Inspira’s overall revenues? What is your roadmap, going forward? Networking has always been the key strength of Inspira since its inception, and will remain the most focused area in the future too. About 46 percent of our revenues currently come from the networking product line, which primarily includes hardware sales. Over the next two years, Inspira is committed to expanding its team to enhance networking and security capabilities across India with a special emphasis on service delivery and support. I believe that we are well on course to achieve our goals and targets. Our partnership in the networking domain has been beneficial and therefore, our prospects in this domain look stronger than ever.
Authorized Distributor
CUSTOM SOLUTIONS GROUP
n FAST TRACK
Snapshot
Deja-Vu Solutions
Founded: 2007 Headquarters: Mumbai Revenue 2010-11: Rs 15 crore Revenue 2011-12: Rs 24 crore Revenue 2012-13: Rs 40 crore Employees: 26 Key Executive: Dr. Kaustubh Chokshi Key Business Activities: Internet, datacenter, IT peripherals Key Technologies: Cloud hosting, servers, shared hosting, networking and IP-based communications, remote backup
Diversifiying into new technology helped us grow, says Dr. Kaustubh Chokshi, Director, Deja-Vu Solutions.
C
LOUD-BASED SOLUTIONS provider Deja-Vu
Solutions has been in business since 2007. This Mumbai-based SI provides customized and scalable solutions and specializes in cloud computing, dedicated hosting, and bandwidth services. “We are a new-age business that has an oldfashioned brick and mortar business model coupled with reliable business principles,” says Dr. Kaustubh Chokshi, director, Deja-Vu Solutions. The SI’s initiation into IT was a tough one. The company had to fight the gloom of the economic crash in 2008. “With the sub-prime crisis, IT budgets shrank and a number of project went dry. There were a lot of clients who couldn’t pay up, leading to massive cost-cutting in 14
INDIAN CHANNELWORLD OCTOBER 2013
research and technology,” he says. Dr. Chokshi and his team didn’t let the tide of unfortunate incidents become a set back. The SI refocused and diversified into datacenter and hosting services business. Its efforts
REVENUE GROWTH Rs 40 cr
Rs 24 cr
Rs 15 cr
2010-11 SOURCE: DEJA-VU SOLUTIONS
2011-12
2012-13
Photograph by KAPIL SHROFF
Website: www.dejavusolutions.com didn’t go in vain. “The advantage of the datacenter business is that money is received upfront and with a confirmed cash flow. We went from selling something as cool as artificial intelligence to selling hard drives,” says Dr. Chokshi. Over the years, the solution provider, under Dr. Chokshi’s guardianship, has not ventured into many verticals. Instead, it has followed a cloud solutions focused approach for its customers. “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provide integration. The cloud is simple to deploy quickly,” says Dr. Chokshi. Deja-Vu has clocked Rs 40 crore in 2013 and boasts a customer list that includes major banks and telecom players among other clients. Moving forward, the SI wants to go beyond the role of a system integrator and consider venture capitalism. “We are looking at expanding our business to include Deja-Vu Capital. Deja-Vu Capital would play a pivotal role in identifying and investing close to $1million (about Rs 6.3 crore) in start up companies,” says Dr. Chokshi. —Aritra Sarkhel
Dossier Name : David Webster Designation : President-Asia Pacific and Japan, Senior Vice President Company : EMC Present Role: Since July 2012, Webster is responsible for extending and driving EMC’s growth and continued leadership in APJ by delivering and supporting the full range of EMC’s products, services, and solutions in established and new markets. He focuses on enhancing channel relationships and furthering product development throughout the region. Career Path: Before joining EMC in August 2005, he was VP and MD at PeopleSoft in ANZ, leading the organization through significant business growth. Prior to his tenure at PeopleSoft, Webster spent 12 years at Silicon Graphics Computer Systems in several senior management positions.
n THE GRILL
David Webster President-Asia Pacific and Japan and SVP, EMC, speaks on the company’s focus on the cloud, big data, and partner enhancement.
Acquisitions of ScaleIO, Isilon, and Avamar reflect EMC’s focus on its core strength— storage. But in FY 2013, EMC’s storage revenues witnessed only a 3 percent rise compared to the previous year. How do you view this? EMC focuses on three key areas—cloud computing, big data and analytics, and trust in IT. The IT industry is going through tremendous changes wherein customers and partners are moving towards the third platform. This platform has characteristics that revolve around mobility, social media, cloud, and big data analytics. Our focus is to enable customers on that journey towards the third platform. It also provides them the opportunity to align with partner companies that have integration application skills for their journey to the cloud, big data, and improved security. EMC is not a storage company, but a company focused on leading the move to the third platform. Do you believe that the mega launch of midrange storage solutions by EMC will help it run down the competition? EMC is buoyant about it because we have completely redefined what we classify as mid-tier storage. We have redefined cross-perforOCTOBER 2013
INDIAN CHANNELWORLD
15
n THE GRILL | DAVID WEBSTER storage is a perfect platform for ViPR to be successful. C ustomers are excited and the partner community is interested as they can look at customers in a different way.
Our focus is to be a technology partner that is simple and predicable to work with and one that enables its partners to be profitable. mance and functionality and how our customers think about their IT infrastructures. Customers have traditionally viewed block and file storage as separate environments. With VNX next gen, we have an opportunity to take customers to a consolidated and simplified environment and provide an infrastructure that provides scale and performance. EMC’s ViPR launched a quarter ago claims to be the world’s first software-defined storage (SDS). How’s it different from any other vendor that has a compelling SDS offering? The first differentiation is that ViPR as a product is actually shipping today. Our heritage in storage technologies around block storage, file storage, object storage, and Hadoop file system 16
INDIAN CHANNELWORLD OCTOBER 2013
Software-defined datacenter is fast gaining industry acceptance with each vendor providing their own versions. Isn’t there a danger of cannibalizing hardware sales? The leaders in the IT space are concerned more about customers and not products and technologies. Our focus is on looking at our enterprise customers needs in the next five years. That drives our strategy. They want to simplify their silos of technology. Many of our customers have silos of storage and we think ViPR as a solution can enable simplification and virtualization of the storage environment which can accommodate a move to an automated environment. That’s more important to us than worrying about our existing products. It is not about cannibalisation. It is about focusing on customer needs and taking them on a fulfilling journey. EMC’s synergy with VMware spreads across VCE, VSPEX, and Pivotal. Are virtualization and cloud the only silver linings for organizations facing a gloomy economy? IT infrastructure around the world is quite strong today as CIOs have recognized the value of virtualization. Also, simplifying and automating the server environment can now be translated into software-defined storage. These are basic building blocks of cloud computing. CIOs can do away with a lot of their worries by implementing the cloud and big data and analytics. The shift from IT being a cost-center to actually being an enabler of business is what’s exciting about this market. Don’t consortiums confuse and elongate the sales-cycles for CIOs and channels? NetApp as part of FlexPod is one such example. It is a combination of right technologies. Reference architectures such as VSPEX consolidate or manufacture converged infrastructure such as Vblock. These two technologies [VCE and VSPEX], right now, are the fastest growing converged technologies in the world. That’s a function of the fact that Vblock simplifies CIOs lives as they reduce cost and management overhead.
The channel community can build value around reference architecture of VSPEX as it provides choice, especially because our business partners work with different network and server vendors. Flexibility and choice is what’s enabling VSPEX to be very successful. Is RSA President Tom Heiser’s move to EMC due to the fact that security still reigns as the top roadblock for an organization’s cloud journey? Tom had a successful career running RSA. You often see senior executives in EMC move across the company. Pat Gelsinger, former president of products at EMC, is now moving to VMware. Paul Maritz, who was previously running VMware, is now heading Pivotal. It is all part of EMC’s evolution. Security is the foundation for success at cloud deployments. We think the shift is important from a security perspective. Big data is often perceived as a technology for large enterprises. Do you wish to dispel this myth? Big data will, over time, be the domain of every business. It will just depend on a business’ requirement. There is lot of information stored across the world; data that has been stored for years. How we extract value from it and blend information into a customer’s social media or externally-sourced information and make timely business decisions will decide its success. Big data is the platform for the future for customers—be it enterprises, global accounts, mid market, or SMBs; they all get value to make better business decisions. There is a tremendous opportunity for customers and for partners. What is your value proposition, along with VMware and RSA, to CIOs and enterprise channels? CIOs need to look at three areas where EMC is focused on—cloud, big data and analytics, and trust in IT. We enable our customers through three different approaches in their cloud journey which includes buying the pieces and integrating themselves, implementing reference architecture VSPEX or through converged infrastructure Vblocks. From a partner perspective, our focus is to be a technology partner who is simple and predictable to work with and one that enables them to be profitable. —Yogesh Gupta
n OPINION
PAUL GLEN
No More Sugarcoating What do you do when you have to work with stakeholders you can’t get along with? Don’t throw the towel in. Here are some clues.
Paul Glen, CEO of Leading Geeks, is devoted to clarifying the murky world of human emotion for people who gravitate toward concrete thinking. His newest book is 8 Steps to Restoring Client Trust: A Professionals Guide to Managing Client Conflict. You can contact him at info@leadinggeeks.com.
E
VERY SO often I find myself at my wit’s end with a
project stakeholder and just want to give up and stop trying to help the individual. The frustration of these situations takes a toll. Even now, years later, I get upset thinking about one particular client. Chances are, if you’ve been in IT for any length of time, you know what I’m talking about. But what should you do when you reach that point? Pitching a fit is rarely productive. Suppressing your outrage won’t make things better either. What about walking away? We usually don’t think of this as a realistic option. It’s more of a fantasy. “Take this project and shove it!” But sometimes you need to take a stand about the conditions under which you are willing to work—and be read to hit the road if those conditions aren’t met. Walking out should be rare, though. What do you do when the situation doesn’t reach that threshold? Oftentimes, you just have to live with whatever it is you don’t like. That may be the case in situations like these: You just don’t like the client. Personality clashes happen all the time, and you don’t get to choose to work only with your favorite people. She makes unreasonable demands or doesn’t know what she wants. Stakeholders usually don’t know that their requests are unreasonable. We need to help them see that and figure out what they really need. The client is not appreciative. It would be nice if all clients explicitly recognized and appreciated all that IT does for them, but it’s not required. You have to handle other situations more forcefully. The common element in the following scenarios is that continuing to work under these conditions usually results in project
failure and damages the morale and operations of your team. The stakeholder demands that you do his job for him. Every so often, it’s normal for a stakeholder to lose sight of an appropriate boundary, and a gentle reminder is all that’s required. But some people belligerently and persistently insist that anything with a keyboard belongs to IT. She’s too disengaged. Assess what you really need from the stakeholder to make it possible for you to help; if she’s unwilling or unable to provide it, back off until she can. Multiple stakeholders can’t agree. If they refuse to accept a common approach, let them work out the politics. Picking sides won’t help you or the project. The client exhibits toxic behavior. When a stakeholder is so toxic that his behavior destroys the morale and productivity of your whole team, you need to protect the team. While there’s a chance that sparks will fly, you can comfortably stand your ground knowing that your demands are a thoughtful and mature response to the facts of a troubling situation rather than a personal attack. When you do, there’s a good chance your stakeholder will be happy to work things out—and if not, you know what you need to do. OCTOBER 2013
INDIAN CHANNELWORLD
17
P h o o g r a p h b y D E LT R I M E D I A
be looking at probably (a period) over 12-24 months. Of course, we are talking about big revenue numbers so I would like to say we would get it done in 30 days but the ship is just too big to turn that quickly. But planning wise we are in that window.
ON RECORD n
Bob Flynn, President and GM, Attachmate and Novell Business Units, speaks about how the company is re-imaging itself with new technology products. By Eric Ernest
18
INDIAN CHANNELWORLD OCTOBER 2013
What would you say are your priorities for this year, and the near future, to improve Novell’s profile? FLYNN: The number one priority for me would be to build a financial plan that reflects the shift in revenues. It’s not a big shift, but it is a shift. It’s going to be important for me to achieve, and hopefully even over-achieve, that plan. That will provide us with evidence that the strategy we have implemented is working. We have done a lot of planning; there has been a lot of work that has been done to get us to where we are now. Now, we are certainly at one of the points where you have to let it take hold. You can’t keep adjusting it; at some point you have to let it go and execute it. If you were to look at flat revenues, we would
Wouldn’t you say it’s too late in the game for an image makeover to modernize your brand? FLYNN: One of the questions I got asked a lot was ‘did you consider changing the brand?’ The answer is no, I have never considered it. I still stand firm on that. I believe this for a couple of reasons. One is that the loyalty of the customers is to the brand. I value those customers and their loyalty and I want to nurture that. New technology allows us to go and seek out new customers. But it also allows for us to go to our existing customers with these new solutions. So new technology can really re-establish the brand. We believe the new technology will carry the brand with it in terms of the transition. And from that standpoint, I am able to continue supporting and nurturing my current installed base while new technology will allow me to build some shine and clean up the brand a bit more. As part of the modernization, you have released new products like Filr and iPrint. Do you have plans to bring out bigger products? FLYNN: It will be more in byte-sized chunks as opposed to anything monolithic. It just takes
BOB FLYNN | ON RECORD n too long to get something monolithic out. Moreover, there is a greater propensity for CIOs in today’s world to make decisions faster on smaller implementations that return investments faster. I don’t believe that in terms of what we are doing, in terms of the agility, that I have much time to be trying to build something big. I need to get stuff built and out in the market. For example, ‘iPrint mobile’ took us maybe a year or less to bring out. So, if I am to get new
pand beyond that. Instead of just looking at those customers as e-mail customers, I look at them as those that really fall into a category of collaboration space. I am looking at developing new technologies in the collaboration space that my e-mail customers can leverage. That’s how we think about these things. I can to some extent pacify them from an email perspective and they could add the right collaboration tools. That’s a win-win for all. So, there is a fine line to walk with
We have put ourselves in a good position to experience success. Now the big question is whether our execution is ultimately going to dictate our ability to do that. All the planning and hard work we have done, all look like they were the right things to do. We just have to fulfill what we planned for. But, if you’re going to ask me if there is anything I would do differently, I would say I have got myself the best spot. From how your company operated earlier, what
never met this analyst. Not that I am sensitive about this, but the analyst said there’s no way a guy coming from the emulation world would be able to manage a company like Novell. I didn’t know who the person was. So, when I left IBM, I came out of the outsourcing global services arm, and then moved into software at Attachmate. I like to think that we are all smart enough to adapt, learn, and listen. I also think if I have learnt anything in the last 33 years, it’s that expertise is just
We have put ourselves in a good position to experience success. All the planning and hard work we have done, all look like they were the right things to do. We just have to fulfill what we planned for. technology out the door to help the brand, I need to able to get it out into the market pretty quickly. Would you say that having an already established brand like Novell makes it hard for your existing customer base to figure out that it’s a new Novell they are dealing with? FLYNN: We say this internally: Our brand is our friend and foe, depending on who I am talking to. Take the most loyal group of customers I have, the ‘Groupwise’ customers. These are very passionate customers. When I look at my work going forward, I need to make sure I nurture those e-mail customers. I got a big release of my Groupwise product coming next year and so they are going to be pretty pleased with that. But, if I am to grow the business, I need to ex-
those customers but I have been pretty clear with them. The first thing I say is that I intend to continue to fulfill my obligations to you from a product standpoint. But, the second thing I tell them is that I am out seeking new customers as well. Some analysts have claimed that while Novell has been strong in terms of its vision and architecture, it’s execution is a let down. What are your thoughts? FLYNN: Currently, we are fully in execution mode. Ultimately, the way analysts evaluate is based on revenue and customers. With these new products, we need time for customers to get onboard and reference. Time will tell in terms of our ability to execute across many different elements of the business.
would be the single most significant benefit you have reaped from the Attachmate acquisition? FLYNN: I believe that what we acquired is in a much better position than before. There’s absolutely no doubt about that. And the SUSE results are an evidence of that. Even the things that we have been trying to get done, although they haven’t reflected in growth, are reflected more in stabilization efforts. There is no doubt that we are in a better position now. You joined Attachmate back in 1998 and prior to that, had 17 years of managing large accounts at IBM. How different has the new role you were assigned at Novell been? FLYNN: You know, there was an incident where a media person interviewed an analyst about me. I had
available; you just need to engage and let it work. The one constant in all this is that there are people who know Open Enterprise Server (OES) and Groupwise much more than what I knew when I first came in. So if I am smart, which I like to think I am, then I will leverage these people, who have largely been put in a container. I, in a way, took the lid off. I said, “you guys are the experts. What should we be doing here? What are we missing here?” And I have really been learning from them. I think my ability to understand that and put people in positions where they could help me with has worked. That recipe really works across a lot of different things. I am a lot smarter about Groupwise and OES now than I was two years ago.
OCTOBER 2013
INDIAN CHANNELWORLD
19
Insight Big Opportunities Tarun Seth, Managing Director, Micro Clinic, highlights the significance of NetApp as a premier technology vendor in his organization’s overall success.
How buoyant is Micro Clinic as an enterprise channel partner in the storage domain? The storage business, currently, contributes to nearly 8 percent of the company revenues. But, with the wave of private and public cloud, the growth trajectory is expected to be faster. Also, our large and focused storage team for northern and western regions will help win more enterprise deals.
Storage, definitely, is a focus area. We are not a box-pusher. We study the storage environment, conduct POCs, submit assessment reports, and then recommend a relevant solution to the customer. What are the big opportunities you foresee with NetApp in India? As a platinum partner and ASP for NetApp, our pre-sales team is NetApp certified. We have seen good success with NetApp in IT/
Authorized Distributor
ITES (around virtual desktop infrastructures) and BFSI (consolidation of enterprise storage).These two verticals will add more value and better numbers for us. We expect the Indian enterprise market to witness a storage consolidation. Additionally, the market is undergoing technology refresh and is deploying newer technologies and solutions. We are also exploring business opportunities around VDI infrastructure which is gaining acceptance. NetApp has a good play here. Could you highlight major customer wins with NetApp technologies which act as reference projects? A project for a BFSI customer comes to mind. Our team consolidated the entire enterprise storage, through a complete platform, into unified storage. The value proposition of implementing a single appliance from NetApp was that the customer had multi-tenancy and new features which they could not get from the earlier, heterogeneous environment. The ROI and TCO have been achieved due to easy manageability and higher data availability. In another project, for an IT/ITES customer, we deployed a virtual desktop infrastructure. We are executing new technologies in this domain. We are also witnessing new deployments around technology refresh across this segment. We have been showcasing these important wins to other customers in various verticals and there are many other projects that are in advanced stages of discussion. How successful has NetApp’s value proposition been with respect to unified storage platforms? I believe that it is in a mature stage. We are expecting more in this domain from our enterprise customers. We have recorded good wins as NetApp, too, has been quite aggressive about its unified storage messaging. We have many projects in the pipeline that will benefit from this platform. We are working, predominantly, with a focus on net new customers for the
specialised teams to emerging technologies.
“Our partner’s ability to deliver complete solutions to our endcustomers is critical to NetApp’s success. We continue to invest heavily on partner enablement, services capability, and demand generation. Our partners are wellaligned to our business model and go-to-market strategies.” — Krithiwas Neelakantan, Director Channel & Alliances, India & SAARC, NetApp India
NetApp business. For our existing customers, there is lot of business around technology upgrade of their storage and overall IT infrastructure. Do you see an increased demand for NetApp solutions around FlexPod and the cloud? There is undoubtedly enough buzz around these technologies. However, Flexpod has not taken off in a big way. The customers are pretty excited about its value proposition, but still unsure due to ownership issues around the overall solution. The adoption of cloud is happening in India, but at a relatively slow pace. NetApp is, however, well placed to ride these trends, and we have
explore
these
How strong is the vendor-partner relationship between Micro Clinic and NetApp? Micro Clinic’s key strength is its presales team. We ensure certification and technology upgradation so that they are well-versed and can showcase technology to the customer whenever required. NetApp plays an important role in our storage roadmap. We have many resources owing to the training we get around virtualization and other new technologies. NetApp gives specialized training to our technical resources. We have a dedicated team of over forty people who only breathe storage. We are investing more in technical resources than sales. We are creating storage subject matter experts in the company, independent of the product. NetApp has a dedicated account manager who reviews our team every week and speaks to them on daily basis. The top management at NetApp India including channel managers are in constant touch with customers and our team to ensure more business. In today’s competitive environment, how partner-friendly is NetApp? NetApp’s biggest differentiator is that a channel partner working at bagging a deal, manages to win it owing to the quality and strength of the NetApp brand. It works with partners who can add value to solutions and offer better options to end-customers. NetApp is not over-distributed. If an enterprise customer needs a partner organization with capabilities and technical skill-sets they cannot ignore Micro Clinic. When NetApp needs a technically competent partner, it recommends our name to the customer and makes sure that we win the deal. NetApp has been a fair partner to us. Whatever we do—win or lose—we do together.
IDG CUSTOM SOLUTIONS GROUP
n COVER STORY
The Rules of E The conventions that govern a vendorordinary. They’re built on the foundation it’s long-lasting, fruitful, and relevant. love and hate. By Shantheri Mallaya
I
that’s not debatable, it’s the fact that 2013 has not been an easy year for vendors or channel partners. Amid the mish mash of the dollarrupee yo-yo and a host of other political imbroglios, one wonders whether partner programs—the bulwark of the terms of channel engagement—are keeping pace and staying relevant with the new realities of economics. Because if they aren’t, then partner programs don’t really serve a purpose. Here’s a look at some partner programs 22
F THERE’S anything
INDIAN CHANNELWORLD OCTOBER 2013
and why channel partners love them or hate them.
BACKENDS, REBATES, AND REWARDS Backends or the percentage of credit that a vendor doles out every quarter make for strong deal makers—or breakers—between vendors and partners. These backends manifest in the form of incentives, schemes, and rebates and can be worked out as a percentage of business done by the partner for a stipulated period. With changing times, many vendors have now sought to automate the process
of backend tracking. And some vendors seem to have struck the right chord while others have not really risen to the occasion. Cisco’s partner program, for example, has scored well with its system of backends. For one, the program is transparent to partners as they can check it online. It is also well co-ordinated to allow amounts to be transferred without much ado. “The transparency of the Cisco partner program helps us base our business planning on the backend model since you know exactly what is expected of you—as targets and
p o H
f Engagement
n t.
partner relationship go beyond the of a sturdy partner program that ensures Here’s a look at partner programs that you
investments—and what you can recover from every deal,” says Rajiv Kumar, CEO, Proactive Data Systems, a Delhi-based Cisco Silver Partner. Proactive, which has been associated with Cisco since 2002, is confident of the kind of business it can cultivate through Cisco’s backend (which is in the range of 3-5 percent). Cisco contributes to about 65 percent of Proactive’s overall topline and though the wallet share has not really increased over the last year—and the fact that its solutions work with other brands—Ku-
mar is likely to remain a loyal Cisco partner. That’s because, Cisco, as an organization, focuses on partner development and this has ensured that each partner is well qualified and trained. As a result, customers have a greater level of confidence when dealing with Cisco partners. Extensive trainings and certifications have laid a very good foundation to showcase the right technology in the most complex situations. “Focused programs like CUCM (Cisco Unified Communications Manager), BYOD, datacenter, and cloud computing
have created awareness about next generation product lines and are also helping customers consolidate current infrastructure with the technology of tomorrow,” says Tejas Mehta, director of Kolkata’s Parth TechnoComm Solutions. The company is a Cisco Sales Expert (CSE) certified partner and one of the upcoming names in the eastern market. However, Mehta feels that, when it comes to network storage, Cisco needs to do some more work from a strategy perspective. “I feel that deeper penetration in B and C-Class cities could reap higher benefits,” he says.
OCTOBER JULY 2013 2013
INDIAN INDIAN CHANNELWORLD CHANNELWORLD
23 23
n COVER STORY its solutions so that services is a part of the deal. r fo n Narayanan ado si vi pro • It should mits that while s. te a ves $zero reb rget incenti software services ta ve ti c ra • Att . have been opened for partners ve an a h to partners in a ld u o , • It sh stem y lock-in sy phased manner, opportunit ts partners c consultancy is which prote eals. d still a grey area from losing , m Subramania an ev when it comes to ud as —V ting ave Compu IBM business. MD, New W However, IBM’s recent Management Training Program (for partners at IIMB) as well as its streamlined process of backend tracking—target incentives and quarterly rebates— through statements gets a thumbs-up from both Narayanan and Jiten Mehta, director, Magnamious Systems. The company has a long-standing relationship with IBM, and lauds the fact that there are revenue commitments that IBM mandates and this help a partner to stay focused. “Our levels of engagement multiply and we remain vigilant when there are definite targets,” says Mehta.
pect from What I E x Program a Par tner
OPPORTUNITY REGISTRATION AND CONFLICT
Vasudevan Subramaniam, MD of Bangalore-based New Wave Computing, finds EMC’s backends and rebates structure to be working quite well for him. With a neat 8-10 percent in his kitty, he believes the vendor’s partner program is among the best, with rebates starting from $ zero of business and absolute backend protection. All that, with absolutely no interference from the vendor salesforce. Though in a relatively new partnership with the vendor, New Wave Computing has the confidence to aim for a double digit rebate. Also, EMC’s latest promo for partners, wherein the first three partners to clock eight EMC boxes, are entitled to a car, is creating positive vibes among partners. On the other hand, Arun S.G., director, 3in Solutions, feels that IBM 24
INDIAN CHANNELWORLD OCTOBER 2013
as a vendor should look at grooming new partners very seriously. With about 10 percent of the solution provider’s business coming in from IBM, 3in also feels that IBM’s policy of not allowing partners to take charge of services will have to change. “We gather that IBM now has a team of services that is scheduled to work with the channels. We are yet to get more clarity, though we have been approached with certain bundles.” That’s a sentiment partly echoed by V. Ananth Narayanan, MD of Chennai-based SBA Infosolutions. Narayanan falls in the bracket of a handful of IBM partners who have been permitted to do services as they are IBM Application Service Providers (ASP). SBA is trying to build its business astutely around
While the backend score card is being set, vendors and partners alike know that a good opportunity registration (OR) system seals the deal. While it is believed that on paper most vendors do have some form of an OR component for partners, the real story is that very few have mature systems of actually enforcing the OR. EMC scores again or so says 3in Solutions’ Arun and New Wave’s Subramaniam, who believe that EMC’s opportunity lock-in system protects their deals in a significant way. So much so that once a partner locks a deal, even if a prospective customer tries to influence who they might want for the project, the system is quite fool-proof to prevent what is due to the partner, who first locked the deal. “This has been amply demonstrated in the important deals New Wave has closed in recent times,” says Subramaniam. On the other hand, Ravi Putta, co-
founder and MD of Alliance Prosys, And also, maybe prevent conflict a Microsoft Large Account Reseller between whether a smaller (LAR), believes that Mircosoft’s partner gets the full project or cloud story is strong, and that the is outsourced only a portion of a Partner Network has a strong annu- larger deal. “We have observed ity model for Azure and Office 365 that these conflicts happen and we solutions. This enables partners to can’t do much to prevent them,” make about 8-10 percent. The tarsays Mehta. Keeping this in mind, gets and timelines are set and once Citrix has slowly brought in OR for an LAR locks his deal, he is in it for partners in India as well (post the good. Being an LAR, Putta admits, Synergy Summit that happened at is an added advantage to get the LA). “We are yet to see how this creamy accounts, and devote more pans out for us in India,” he says. bandwidth to focus on customers. Partners such as Mehta also feel “Being an LAR, we don’t have to that Citrix has to streamline the talk to other partners; we just look number of Citrix Solution Advisors at the customers and what we need (CSAs), since the inactive members to deliver,” he says. Through this, could eventually eat into the active Alliance Prosys has been able to partners’ margins. Magnamious close a few important MNC acsays it has witnessed flat growth in counts and its business has grown the last two to three years, because by 30 percent over the last couple of of constraints and the fact that till quarters, with Microsoft contributrecently, Citrix hadn’t put in any ing to about 48 percent of the overall topline. However, discussions with nonLAR, namely the Enterprise Agreement (EA) partners do throw up the fact that Microsoft’s partner program has to ensure a few things for them. Currently, as per the rules, if an EA partner has to make a quote, he has to route it through an LAR, without any credit for the license. All the quoting partner gets is a reward on the solution sale. Also, LARs wield enough power to influence which partner gets a reward or who doesn’t. These aspects constrain the non-LAR partners. Microsoft partners are also expecting key changes at the program level to be announced the coming month. So, as of now, it is a wait and watch game. Citrix partners (Citrix Solution Advisors) have for What I Expect from long been asking for a Partner Program OR mechanisms that • It should manda te will secure their commitments as revenue this helps deals better. Mehta of partners stay focu sed. • It should have Magnamious Systems a structured OR to prevent lar feels that structured ge partners from ea r OR can prevent ting into the deals of larger partners smaller partners. from eating into —Jiten Mehta, Direc tor the deals of Magnamious Syste , ms smaller partners.
revenue mandates on the partner. “All this will change soon we hope, with recent announcements about revenue commitments,” says Mehta. Putta of Alliance Prosys seconds that. He also feels that apart from the absence of revenue commitments from partners, Citrix’s focus is more on services and consultancy (with AMCs) and less on products and solutions. Also, market opportunities for solution advisors is limited. As a result, Alliance Prosys hasn’t been doing extensive Citrix business. “We are open to and can consider enhancing the Citrix business only if the existing partnership model is tweaked a bit and if Citrix opens up more direct business for us,” says Putta. Cisco’s pricing structure has come for a little bit of criticism.
OCTOBER 2013
INDIAN CHANNELWORLD
25
n COVER STORY pect from What I E x Program a Par tner arent
Partners such as Proactive’s Kumar and Peak XV Networks’ MD Deepak Hoskere—a Cisco partner since 2002—believe that the pricing (a variable of the list price) is the weakness of the system and is hugely dependent on account managers. This, in turn, has longterm ramifications in the form of conflict, with different partners quoting different prices and some getting competitive advantage based on that. “As a result, we identify our own clients; we don’t rely too much on the vendor,” says Hoskere. It seems like Cisco is paying heed to partners’ problems. In fact, it now has a system in place through salesforce.com, wherein leads are blocked and recorded. Also, Cisco has recently opened 26
INDIAN CHANNELWORLD OCTOBER 2013
partners. Shaishav Singh, director of DotCAD—a sp be tran • It should ers know long-standing HP n so that part ets and partner—enjoys rg ta ir e what th exclusive Premier are. ts n e m st inve account e b ’t and Enterprise n ld u • It sho e it d otherwis h le partner status. re g a n a m wit to conflict Singh is of the would lead ners quoting rt opinion that HP different pa ces. has too many different pri tive , CEO, Proac ar programs that um K iv aj —R s create confusion Data System and that these programs need to be rationalized. Also, that the rules of engagement which began with a bang when launched in 2008, have lost steam along the way. As a result of multiple programs, account conflicts become inevitable, and a lot of subjectivity seems to have crept in, in the strategic calls taken by HP. “Simplification of the program has to be addressed by the vendor quite objectively,” says Singh. These views are echoed by Girish Madhavan, MD, Quadsel Systems. Quadsel, who, like DotCAD, has been a staunch HP partner right from the time the vendor was looking at setting up its channel line in India. These companies, have over the years, sustained their profitability and topline through at least 50 percent its commercial accounts and made of their businesses coming in from them more partner-led. About 100 HP. Madhavan is of the opinion large accounts, which were till that it becomes increasingly now Cisco account manager-led, difficult to keep abreast of the have been reportedly thrown open certifications that HP mandates, to partners. It remains to be seen and these keep changing every six what this would translate into for months. With huge investments solution partners. at stake, Madhavan feels HP has to take note of and make PROGRAMS AND ENGAGEMENT sure that partners are not hard Walking the tightrope was never pressed periodically to upgrade tougher. Channel engagement is specializations. Also, partners not merely about putting a program feel that account manager targets in place, but something that is should match with partner targets simple to understand and execute so that a partner can be profitable for both partners and vendors. on a sustainable and realistic basis. Also, it is about the constant Another sore point was dollar interaction, exchange of ideas, recognition. Till now, HP had been expectations, commitments, and giving in the range of 50-80 percent investments. And also, ensuring on every dollar earned. Singh and customer focus. HP gets both Madhavan are optimistic about bouquets and brickbats from some of the important changes
game to play, being a late channel that got effected in this regard. entrant. However, it does manage That came after HP CEO, Meg Whitman, announced that partners to get around 6-8 percent on Dell’s are going to be incentivized for EqualLogic boxes, the only hitch every dollar of business they is that the vendor’s insistence get HP. This, slated to come into on partners to look at enterprise effect from November 1, 2013, business to stay profitable can will translate into a sweeping boomerang. A lot of partners get change in backends. Quadsel, for a chunk of their toplines through one, has diversified into software client or end-user selling. If they services as well and believes that have to abandon that and look at it’s a matter of time before the something else, then Arun feels the announcements take positive shape value proposition better be strong. for partner profitability. Citrix, on the other hand, needs Nevertheless, both Singh and to step up the ratio of partnerMadhavan concur that HP as a to-vendor coverage teams. These vendor, is extremely mature in teams need to engage more handling channels besides also effectively with partners when doling out generous amounts of closure of deals happen. “The the Market Development Fund vendor has promised to take a look (MDF) to partners for promotional at these aspects; new people have activities, and schemes in the been appointed at the helm and at storage and networking space. Madhavan observes that these schemes are designed to help sales personnel at partner organizations as well and is quite interesting that the vendor has the foresight to think on these lines. “My sales people are able to earn on the Itanium servers. But, what is lacking is adequate monitoring,” says Madhavan. Partners feel that a local HP contact must engage with them and review these schemes every fortnight, and also talk to partners about any other hassle that they may have.“The practical aspects of HP’s partner program, by and large, work without hassles. All that remains is to refine and rationalize it further,” says Madhavan. Dell and Citrix have apparently got the stick for poor levels of channel engagement. 3in What I Expect from Solutions’ Arun a Partner Program laments that Dell • A vendor shou ld have doesn’t have a very a limited set of pa rtner good understanding programs to avoi d co nf of the channels, and usion and conf • It should dole ou lict. its incentives are not ta significant chun too well thoughtk from the Market Developm out. This can be ent Fund for promotional activities. explained by the —Shaishav Singh, Di fact that Dell has rector, DotCAD a huge catch up
the mid level. It is early days, so change is still some distance away,” says Mehta. Cisco’s partner program audit has got a bright score. It has outsourced its audit to an agency-based out of Singapore and the US—to validate its partner program initiatives. Partners get strong feedback post audit. The last audit, which was carried out on video, helped Proactive assess its capabilities and competencies in the domain. Also, in August this year, Cisco has decided to dedicate one-fourth of its system engineers time to partners to help them as account managers. This, if implemented in essence, can change some portion of the Cisco partner program in a big way.
OCTOBER 2013
INDIAN CHANNELWORLD
27
How Antraweb
Technologies
got perfume manufacturer Hertz Chemicals to invest in an ERP solution it needed, but wasn’t sure about. By Shantheri Mallaya
Nevil Sanghvi, Director, Antraweb Technologies, showed Hertz Chemicals it didn’t need SAP to gain the benefits of an ERP.
THE SCENT OF SUCCESS 28
INDIAN CHANNELWORLD OCTOBER 2013
Photograph BY FOTOCORP
O
FTEN, ALL that
a small, profitable organization looks for to improve its business prospect is an inexpensive and cost-effective solution. Big brands hardly matter. Mumbai- and Daman-based perfume manufacturer Hertz Chemicals can vouch for that thought process. The company was scouting for an effective ERP to integrate its corporate office in Mumbai and its state-of-art manufacturing facility in Daman. The need for this ERP overhaul was mostly due to the injection of a young team at the top management level. Hertz—in order to achieve the best results— chose to consider SAP for the project. “At first, we wanted SAP and so, we evaluated it,” says Mustafa Mun, director, Hertz Chemicals. Eventually, the enthusiasm started waning since SAP was turning out to be too big a package for a relatively small organization. Despite claims about it having the ability to scale down to suit companies of all sizes, Hertz was beginning to see that it wasn’t going to work out that way. “For one, the huge cost, and then the need for a workforce with a deep understanding of the solution was essential
CASE STUDY n to implement it. Training and maintenance were expensive, too,” says Mun. There was also the fear that they would grossly under-utiliz the huge investment, with more than 60 percent of SAP’s functionalities estimated to go to waste. While mulling over this, Hertz set about looking for local vendors and a Tally ERP. At this point, the company chanced upon a newsletter about Antraweb Technologies, a Mumbaibased system integrator. That set the ball rolling.
NOT SO SIMPLE Antraweb’s entry into the project was far from simple. As a 20-year-old Tally partner, service provider, and systems integrator, the organization had expertise in all Tally products, including its ERP. But things were not going to be easy, considering the change at Hertz was dramatic. “We stepped in when Hertz was still mulling over SAP. The group was old, and when younger management came in with fresh ideas, they wanted to make the transition from MS Excel and FoxPro to SAP in one go and keep up with the rest of the world,” says Nevil Sanghvi, director, Antraweb Technologies. Any software roll out is a challenge. But, positioning a company like Tally, that’s traditionally known for its accounting software, as an ERP provider was a challenge that needed some attention. Besides, pitching to the customer the viability of the solution would be a tough task. The challenge was not the money, but the expectation of bettering a SAP solution. “When it comes to ERP, it is direct competition; its not merely about supply chain management. The dynamics of the game change. We began by addressing all the queries (through gap analysis). Hertz would not see any differences in the solution offered by Tally in comparison to the SAP solution it desired and it would be available at a reasonable budget.” Besides, Hertz wanted the certainty that comes with a brand and proven solutions. Since ERP is considered to be the backbone of any company, Hertz, though a small company, demanded experienced
find compared to a SAP certified professional.” Antraweb also established how much better they were in terms experience, support, and delivery compared to the back end support given by any other local player. “Despite all this, Hertz took about six months to decide,” says Sanghvi.
Snapshot Key Parties: Hertz Chemicals, Antraweb Technologies
Location: Mumbai and Daman Implementation Time: 5 months Key People Involved: Mustafa
Mun, Director, Hertz Chemicals; Nevil Sanghvi, Director, Antraweb Technologies
WAVELENGTH TUNING
Cost of Implementation: Rs 12 lakh Main Vendor: Tally Key Technologies: ERP Key Challenges: Transition from
Excel-based system to ERP, convincing customer about the efficacy of Tally ERP, small budget
Post Implementation ROI: Paper
work was cut by nearly 60 percent, double data entry was completely eliminated
professionals who had dealt with a project of this magnitude. What really worked in Antraweb’s favor is the fact that it had a couple of good references in Daman, one of them being Freedom Fragrances, a competitor to Hertz Chemicals. Freedom Fragrances had opted for a Tally ERP. “I debated with Hertz that when its direct competition was a customer, why look at SAP or any other local vendor?” says Sanghvi. Also, Antraweb emphasized on the Tally’s distributed architecture, which would help clients to be online, work, and be offline in remote areas with minimum connectivity. Besides, all integrations, right up to dispatch were possible with simple, easy-to-use Excel-based reporting tools for the average user. Additionally, there was a dashboard facilitated on mobile, and the simplicity of training was a bonus. “We soon realized that we had a hurdle-free solution which helped in imparting training easily,” says Mun. “Our employees in Daman had basic Tally knowledge, and the availability of resources who knew Tally at a basic level was easier to
Once on board, Antraweb went about creating master templates, alongwith training and implementation, all of which took around five months. The solution Antraweb offered was based on a standard iterative method and was completed in phases. An onsite person was dedicated to foresee the implementation with continuous support from the back end. Considering the perfumes business to be a traditional business house, the onsite team not only had to think about the ERP implementation but also contribute in areas of process and data standardization. During this time, differences had to be ironed out. “To be honest, not every relationship is a bed of roses. We did have a rough patch at the start where we expected a bit too much and Antraweb was not able to deliver what we needed. But, with some fine tuning and the SI’s full cooperation, it was a great experience. There was never a time when they said ‘No’ to any of our queries and requests,” says Mun. At the end of it, Hertz Chemicals got a cost-effective solution that was several times less expensive than SAP. It was able to reduce paperwork by almost 60 percent and completely eliminated double data entry. The project also ushered in a new IT era at the organization. While for Antraweb, the project strategically helped the solution provider to enter into a new traditional business line. This helped it obtain more customers in the perfumes and cosmetics industry. “We knew that the success here will give the team lots of experience and exposure to help us cater to businesses which are going through such a transition,” says Sanghvi.
OCTOBER 2013
INDIAN CHANNELWORLD
29
MobileIron, a mobile enterprise management vendor based in California.
A BALL OF WAX
WHO HOLDS THE
REINS?
Mobility touches multiple facets of IT. In such a scenario, does it make sense to put one person in charge of it all? By Howard Baldwin
O
can agree: Mobility is a matrix of madness for enterprise IT. The current explosion of tablet, smartphone, netbook and laptop options creates a complicated hardware equation. Cross-platform or OS-specific application development affects software, security, and management decisions. The desire to give both customers and employees access to back-end enterprise applications is just one more monkey wrench in the mix. “Mobile is changing all the rules, whether you’re on the IT side or the line-of-business side,” says Bob Egan, CEO of Sepharim Group, a Bostonbased mobility consulting firm. 30
N THIS we
INDIAN CHANNELWORLD OCTOBER 2013
“We’ve gone from a homogeneous environment to a heterogeneous environment with multiple screens and operating systems. It’s a capacity issue, a security and authentication issue, and a policy issue. It’s a brave new world for organizations to deal with.” So how do you manage the madness? While there is no one right answer, IT managers and analysts agree the stakes are high. Mobility is no longer tactical, it’s strategic, and that requires a higher level of consideration. “It went from being nice to have—something that executives and users really loved—to being a mainstream initiative,” says Ojas Rege, vice president of strategy for
Before you can corral mobile, you need to figure out who or what group should do the corralling. But even that decision is not easy to make. Take the issue of support. Mobility is not solely a hardware issue, so it doesn’t necessarily make sense to drop it in the desktop team’s lap. “In the tablet world, IT can’t push [just] Apple iOS,” says Rege. “It’s not technically possible.” And it doesn’t make sense to put the e-mail team in charge of mobility, because mobile devices are used for much more than e-mail these days— you have to take into account security, device management, and more. Beyond that, it’s one thing to offer technical support to your company’s employees; it’s another to offer the same kind of support to the exponentially larger customer base you’re trying to engage. Then there’s the age-old schism between marketing and IT. As Egan points out, “marketing’s first responsibility is to drive the persona of the brand through all channels and geographies. IT’s responsibility is to protect the brand, not extend it. Its goal is to protect profits, not drive revenue.” When it comes to mobility, customerfacing applications are generally managed by the sales and marketing teams, and employee-facing applications are generally managed by IT. The people in sales and marketing want applications up and running quickly so the company can keep abreast of the competition; when they think about deployment schedules, they think in terms of weeks. The folks in IT, on the other hand, want to ensure consistency across access methods and within the code base, so they think about deployment schedules in terms of months. Moreover, marketing might have the budget to do mobile applications, and IT might not. But those two groups need to collaborate to ensure that applications work consistently, both within the user interface and in how they access backend applications. The challenge is rationalizing the conflicting demands of timetable, budget, and focus. “Organizations that are doing it right are getting both IT and
MOBILITY | FEATURE n marketing to realize they both simultaneously share responsibility for the needs of employees and consumers,” says Egan. “They both have to drive revenues and extend profits. That’s new thinking for most organizations.”
AVOIDING HELP DESK HELL Even if specific lines of business have their own development efforts, they must have a liaison into IT for a variety of reasons. Among other things, it makes sense to coordinate the efforts of multiple departments on the front end, and when it comes to technical support. The alternative is help desk hell. “When someone has a problem with a mobile application, they call the help desk,” says Rege. “If you have 17 different groups building applications, that’s going to be an existential crisis for all the teams.” Rege cites several simple examples. One relates to the security APIs built into Apple iOS, which provide automated encryption. “If the line of business hires outside developers, they might not use those APIs,” he says. “The same issue applies with application distribution. If someone in the line of business builds an application, how are they going to get it to the employees? Through the [company’s] app store—but IT has to provide the certification for those applications to download properly.” David Nichols, IT transformation leader for consulting firm EY (formerly Ernst & Young), frequently sees duplicate development efforts within a single enterprise. “As far as ownership [of mobility] goes, it’s still more bifurcated than you would think in companies that have internal backoffice operations and client-facing technology as well. Those are owned, managed, and governed by two different organizations that don’t always move at the same speed. They wind up duplicating a lot of efforts because the right hand doesn’t know what the left hand is doing.”
CONTROLLING THE CHAOS Experts agree that companies need to put in place a mobile model that encapsulates best practices and consistent capabilities—but no one agrees (yet, any-
ny’s CIO provides the budget, and the group is still working separately.
Three Ways You Could Handle Mobility n Create a dedicated team to establish
the groundwork for a cross-departmental mobility effort. n Put the effort under the aegis of a
dedicated mobility manager reporting to the CIO. n Create a center of excellence focused
on mobility that will maintain the necessary consistency from the front-end interfaces to the back-end architecture.
way) on exactly how to get there. There are three ways of going about this. Approach 1: Dedicated Team Lincoln Wallen, currently CTO at DreamWorks Animation, opted for a dedicated team when he was CTO for mobile and online at Electronic Arts, the Redwood Shores, California-based game designer, from 2004 to 2008. The EA board of directors “perceived mobility as a major disruption to the games business,” he says, which led to the idea of creating a mobile business unit inside the existing major operation. The division had its own marketing, product development and GM, who reported to the head of studios. Keeping it separate helped it flourish into a $200 million (about Rs 1,240 crore) division, Wallen says. After the group established itself, EA—as it had planned at the outset— “integrated its activity back into the business, because mobility is foundational, not siloed,” he says. “It affects every aspect of the business. You need a vertical approach to incubate approaches and solutions. But in the end, you have to consider it pervasive. Mobility is no longer evolutionary. It’s the world we live in.” MobileIron’s Rege has also seen this tactic work. One of his company’s customers is a global 2000 manufacturer based in Europe. “The CEO believes in mobile, so he created a five-person mobile team reporting directly to him with accountability for all mobile projects. Sometimes to get the effort kicked off, you need to do that.” The compa-
Approach 2: Dedicated Mobility Manager As mobile strategies gain importance, the idea of a chief mobility officer, on equal footing with the CIO and reporting to the CEO, is gaining traction in some circles. However, IT executives we spoke to weren’t fans of a CMO position, reasoning that strategic issues such as mobility are the CIO’s job. “You obviously have to have somebody, but if you name a chief mobility officer, you’re saying they’re at the same level as the chief information officer,” says Wallen. EY’s Nichols has seen companies putting mobility under the aegis of the chief technology officer, who in turn reports to the CIO. “The CTO has responsibilities for research and development of client-facing technologies for many companies, and companies are relying on that position to get across the chasm of duplication. They rely on the CTO to bring the best thinking from one group to the other.” Mark Henderson, chief operations officer at Case Western Reserve University in Cleveland, uses that tactic. “We’ve been dealing with device issues forever, because all of our students come with their own mobile devices, as does the faculty.” Besides supporting a bring-your-own-device environment, his 110-member IT department has deployed two separate wireless networks, one requiring authentication and one for guests, and is looking at developing more mobile applications for both students and administrators. “The university’s marketing communications department wants a mobile app to communicate better, and we want to give the students the ability to access registration [databases] and their grades,” he says. A chief technology architect reporting to Henderson is responsible for looking at technologies and strategies and opportunities, and works with the design organization. “They look at solutions, evaluate them, and make recommendations,” Henderson says. “It’s really a group effort for our organization.” Approach 3: Center of Excellence Even more than creating a position
OCTOBER 2013
INDIAN CHANNELWORLD
31
n FEATURE | MOBILITY dedicated to mobility management, though, Nichols prefers setting up a mobile center of excellence, or a shared services center under the CIO. “If you do it right, you can bundle development, creativity and strategy,” he says. “It will take some time to codify issues such as backend access, identity, and access management, but once those issues are out of the way, they don’t have to be dealt with again. That helps bring the deadline expectations of external and internal groups closer together.” James Gordon, vice president of IT at Needham Bank in Massachusetts, concurs. “When you have such a group, they think about mobility first,” says Gordon, a MobileIron customer who has deployed mobile devices across all departments of the bank, and has also developed customer-facing applications for smartphones and tablets. Needham Bank’s IT team is small enough (just Gordon and four other people) that “everyone is responsible for mobility,” he says. “When we originally deployed our online applications, we built them to be experienced on a laptop. Now we have to re-imagine it. We launched a new website recently, and we wanted a site that would scale down, with content still there, whether you were [looking at it] on a monitor, laptop, tablet or iPhone.” Gordon’s small group was able to double-down on those mobile priorities with commitment and focus, he says. Sepharim Group’s Egan also likes that setup. “When everybody has an agreedupon set of requirements for an application, it means that everyone understands how they can achieve the goal, everyone is taking shared responsibility, and you get away from finger-pointing. Everyone has to agree on what features are important for an application.” But one caveat, according to some experts, is that a center of excellence should have influence beyond its name. “There’s a right way and a wrong way to do a center of excellence,” Rege says. “I’ve seen [situations] where no one consulted the [center] because it had more security expertise than application expertise.” There has to be a balanced operational focus across multiple areas, he says. Nichols concurs. “You have to put in the infrastructure to make sure it can 32
INDIAN CHANNELWORLD OCTOBER 2013
Mobile Management Spurs Power Shift in the Enterprise
A
MOBILE power shift is happening right now. Everyone from chief marketing officers to business managers to citizen developers is seizing mobile app and content controls away from the CIO in the enterprise. Mobile software vendors, too, are lining up to deliver simpleto-use tools in the cloud that cater to this new less-technical customer. All of this is breaking open the floodgates to rogue IT. The power-shifting trend was hammered home when mobile device management software developer MobileIron trotted out a new offering called Anywhere, a cloud-based mobile management service that lets businesspeople manage and use iOS and Android apps in minutes. Anywhere has already received rave reviews for its end-user simplicity. The critical point, though, is that it was designed for non-techie admins to manage mobile apps and data. Anywhere effectively allows a sales manager to decide what documents and apps a salesperson should have without getting IT approval, prompting technology writer Ryan Faas at CITEworld to proclaim: No IT department required. “LOB [line-of-business] is increasingly taking the reins to move projects forward and acting as small businesses in themselves,” says Stacy Crook, program manager of mobile enterprise research at IDC. Last year, Forrester came out with a somewhat unnerving report—at least to CIOs— entitled, Tracking the Renegade Technology Buyer. The report sheds light on the growth of tech spending outside the formal IT budget. Forrester found that business leaders who al-
be viable and successful,” he says. The person in charge, in other words, has to have some influence, not just an advisory capacity. “If you don’t,” he adds, “the people within it will be all hat and no cattle.”
NO TIME TO TARRY Whatever path companies take to managing mobility, they can’t tarry —the technology is simply changing too quickly. “Mobility hasn’t leveled off the way the Web did after a couple of years,”
ready make a lot of renegade tech purchases are 50 percent more likely to increase their spending than low-spending business peers and IT. One of the best-known tech companies in the business community, Salesforce. com, is leading the way to put mobile control in the enterprise into the hands of businesspeople. MobileIron’s Anywhere, for instance, is integrated with Salesforce.com and available on AppExchange, Salesforce.com’s business apps marketplace. Salesforce. com admins can use Anywhere to distribute, manage, and secure employees’ mobile apps directly from the Salesforce.com administration console. The partnership empowers Salesforce.com users to go mobile without taxing IT resources, says MobileIron. In other words, it’s a workaround for mobile app management. In the same spirit as the MobileIron Anywhere integration, Salesforce.com also struck a pact with Exadel. It will offer Salesforce.com customers its cloudbased mobile app development tool, called Appery.io, that lets nontechnical people build mobile apps. This essentially frees business units from the IT department’s skills and capacity constraints, Exadel says. In other words, it’s a workaround for mobile app development. “Our customers have embraced the cloud and social, and now they’re racing forward with mobile,” says Adam Seligman, vice president of developer relations at Salesforce.com. “We check our phones and use them 150 times a day, but the business apps haven’t shown up for the party.” — Tom Kaneshige
says Nichols. “The next two years are going to be fascinating.” Egan adds, “The one thing you can count on in mobility is that it moves fast and changes often. The minute you start, you have to think about what’s next.” IT executives need to “be ready for the big wave,” says Gordon. “These are just the small ones. Mobility is going to get serious next year, with more content, collaboration, wireless printing and app management. There is no turning back.”
Focal Point
EVERYTHING ABOUT | IDENTITY MANAGEMENT
Secure Access Take a look at the building blocks of identity management. By Roger Grimes
I
DENTITY MANAGEMENT is the single
most important aspect of your organization’s security profile. Done well, it can ensure with reasonable confidence that the people who access your network are who they claim to be and have the access privileges they are trying to assert. If someone
attempts to gain unauthorized access to information or systems, a good identity system will leave an audit trail for you to follow. When identity management is done poorly, you could be in for a world of hurt: Prone to hack attacks and data spills, as well as the theft of sensitive information and intellectual
property. Your organization could find itself in violation of state and federal statutes, in breach of industry guidelines, or at the wrong end of a class action lawsuit. If news of the breach goes public, your organization could suffer massive damage to its reputation. In short, identity management is no laughing matter. Yet a simple glance at today’s headlines recounting innumerable hack attacks and data spills reveals that it’s also one of the most misunderstood concepts in network security. Simply put, identity management is a comprehensive system of identifiers and controls that allow you to impose security boundaries on any system,whether it’s a corporate network, a specific server or application, a data store, a printer, a cloud service, and so on. The systems work by assigning unique digital labels to every user and resource (“subjects”) participating in the system, and then granting access rights based on each subject’s security attributes. This is how your organization ensures that only HR employees can access personnel records or that only those in finance can log in to the corporate accounting software. No matter what it’s applied to, every IdM is comprised of the same five elements: Identity, authentication, assurance, access control, and auditing. Here’s what each one means and the best practices for implementing them.
IDENTITY Every user and every resource within an IdM must
have a unique identity. For users of the system this typically is a log-on name, although organizations can use other digital items such as employee ID numbers, digital certificates, or other types of unique identifiers. No matter what type of identifier you use, it must be absolutely unique within every system that participates in your IdM. For example, say you have two employees with the same first name (Eric) and last initial (K) in different departments in your organization. You cannot have two subjects with the identity of EricK in the same namespace—that would increase your security risk while reducing accountability. However, you can have two EricKs if one identity is associated with, say, HR, and the other is associated with Accounting. In that instance, “EricK” is the relative identifier of each user, while HR\EricK or Accounting\ EricK would be called their absolute identifiers. Even though no two subjects in the same IdM can have the same absolute identifier, one subject can have multiple identities, with different access privileges assigned to each.
AUTHENTICATION After requesting the identity of a subject, the IdM must then require the subject to provide proof that he or she has sole ownership of that identity, a process known as authentication. Proof of ownership can be accomplished using one or more factors. Factors are typically described as either “something you know” (a password or PIN), “something you have” (a smartcard or USB
OCTOBER 2013
INDIAN CHANNELWORLD
33
n FOCAL POINT | IDENTITY MANAGEMENT token), or “something you are” (a fingerprint or the pattern of blood vessels in your retina). The most common—and commonly abused—form of authentication is the simple password or PIN. In theory, only the subjects will know the password or PIN; once they supply the correct one, their ownership is authenticated and they are allowed access. Log-on names with passwords are among the easiest to implement, and their strengths and weaknesses are well understood. Unfortunately, because hackers also understand their strengths and weaknesses, they’re frequently compromised. Literally thousands of Gmail and Live.com cloud email customers have their log-on names and passwords stolen each day, usually through phishing or malware attacks. Because log-on names and passwords are so easily stolen, many systems require participating subjects to use more advanced forms of authentication. Identity and authentication can be provided by a wide assortment of digital bits and devices, including smartcards, USB tokens, biometrics, and proximity mechanisms (such as a wireless chip embedded under the skin). In the corporate environment, smartcards holding digital certificates are probably the second most common authentication scheme. Biometrics, usually involving fingerprints, hand geometry, or retina scans, come in a distant third. Of course, smartcards and USB tokens can also be lost or stolen. That’s why most IdM systems also require the use of passwords or 34
PINs to establish proof of ownership. Even most biometric systems, which should simultaneously provide both identity and proof of ownership Thousands of Gmail and Live.com cloud e-mail customers have their logon names and passwords stolen each day, usually through phishing or malware attacks.
ASSURANCE Each form of authentication comes with its own level of assurance, indi-
encrypted documents that rely on a trusted thirdparty authority to verify the identity of their owners, are a great example of this. Certificates come in assurance levels that run from Class 1 to Class 5, and these classes are often documented in the certificate name or attributes. Class 1 certificates, which can often be obtained for free or with minimal confirmation of the subject requesting it, offer the lowest level of assurance. In general, Class 1 certificates should not be
Key components of an IdM system Look for these important features when reviewing or considering a new IdM system: n Platform coverage n Application coverage n Security controls n Ease of implementation n Role management compatibility with other IdM services n User account lifecycle (provisioning to deprovisioning) n Claims awareness n Auditing and accounting n Popularity n Support
of open standards
cating the trust others can have that it is in fact secure. Because they can be abused so easily, simple passwords have very low levels of trust. Smartcards, which are more difficult to acquire and typically feature cryptographically protected digital certificates, offer a higher level of assurance. The more factors an authenticator requires, the greater the assurance others usually place in it. Often, though, the same type of security authenticator can have varying levels of assurance, depending on the processes required to obtain it in the first place. Public digital certificates,
INDIAN CHANNELWORLD OCTOBER 2013
trusted, especially not for business. Class 3 certificates are often used when accessing trusted public websites. They usually require a moderate fee, a verified physical presence, and often legal documentation establishing the identity of their owners. At the other end of the spectrum, a subject obtaining a Class 5 certificate has usually undergone a lengthy validation process (often including a comprehensive background check), and must show up in person with multiple acceptable IDs to obtain one. Class 5 certificates are usually used by government and other high-security applications. Most early IdM
systems offered only one level of assurance. Today’s emerging IdM systems often offer multiple classes of assurance. In this case it is up to you—and any—one else relying upon your authenticators—to determine if the stated level of assurance meets your risk acceptance goals.
ACCESS CONTROL No matter what authentication method you use, once you’ve successfully logged in you are assigned a digital security token (really just a bunch of bytes) that represents you and the outcome of your authentication. This security token is used to compare the access you’re requesting—to, say, an application running on the network—to the access rights assigned to your identity. The process that performs this comparison is often called the security access control manager, and it may contain many other subject-specific attributes (age, department, assurance level, and so on). The access control manager has such an important role in computer security that it is among the most highly protected processes in the enterprise.
AUDITING AND ACCOUNTING Any good IdM system also offers auditing and accounting. Auditing, if enabled, records what the subject did within the confines of participating systems and when trying to access particular objects. In general, most auditing systems do not garner high marks for user friendliness or understandability. Accounting is like auditing, but with the goal of tracking how long a particular
subject used a system and how it was accessed, sometime calculating the overall costs of chargeback. The symbiotic processes of authentication, authorization, and auditing are collectively known as AAA and are essential parts of every good IdM system.
IS AUTHENTICATION AN ISSUE? You might think that with the many well publicized abuses of log-on names and passwords, every IdM system would have moved on to more advanced forms of authentication. Unfortunately, advanced authentication comes at a price. First you have the cost of the authenticator itself (such as a smartcard or USB token) as well as devices that can read the authenticator at each location where it will be used. You’ll often have to install additional software at each location, and hire staff to operate and troubleshoot the devices. Compatibility problems between devices and their software are unfortunately common. Many advanced authenticators tend to be computer specific and can’t spread across a network of computers the way passwords can. For example, if you decide to use fingerprints as an authenticator, the subjects providing the fingerprint may only be able to log on to the specific machine they enrolled on. If they want to use the same fingerprint on another computer, they have to start the enrollment process all over again. In contrast, a single password can typically be used for any device across the enterprise. Advanced authenticators can also be a bear to
replace or repudiate. Forget your password and you can usually get it reset in a few minutes by calling a help desk or visiting a Web portal. Lose your smartcard and you may have to wait a day or longer to get a new one approved and distributed. If your biometrics database gets compromised by a bad guy, you’re in for a world of trouble. Your legitimate users can’t exactly replace their own fingerprints. Worse yet, you may spend all that money and not fix the most common exploits impacting your organization: security at the endpoints. You can definitely get better authentication for your money, but it may not make you that much more secure.
security token that is issued remains the same. If that token is compromised, then all bets are off. This little understood fact has big implications on the overall security of an IdM environment. Although stronger authentication mechanisms make it more difficult for hackers to pretend to be you, especially when logging in remotely, if the attackers have compromised the device you log on from or captured your security token, they’re in. A man-inthe-endpoint attack will be just as successful against someone using a smartcard (or biometric identity, and so on) as it would be for a person using just a password. For example, in the
the distinction between an authenticator and a security token and what level of security you get with both. Some defenses are better at improving authentication and others at access control. You need to make sure you choose the right solution for the right problem. An IdM system is only as secure as all of its component parts and participants. A mature IdM solution must enforce strong security across its namespace, authentication database, transport method, authentication protocols, operational controls and defaults, memory protection, and so on. Once IdM systems hand off the authenticator or security token to a computer sys-
Identity management is a comprehensive system of identifiers and controls that allow you to impose security boundaries on any system. No matter what it’s applied to, every IdM is comprised of the same five elements: Identity, authentication, assurance, access control, and auditing. Whether you use a simple password scheme or sophisticated multifactor authentication, the security token that is issued remains the same. If that token is compromised, then all bets are off. This little understood fact has big implications on the overall security of an IdM environment.
AUTHENTICATION ANDSECURITY How you log on and get authenticated is usually very different than the security token used behind the scenes for access control. Whether you use a simple password scheme or sophisticated multifactor authentication, the
current attack space, PtH (pass the hash) attacks are quite popular. In a PtH attack, the attacker compromises a single endpoint node, gains administrative access to that node, and can then capture one or more security tokens. Because the attacker has captured the token after authentication has been successful, how the user authenticated himself is irrelevant. Once captured, these security tokens can be used across the network with the attacker posing as the legitimate user(s). This has even scarier applications for networks that rely on SSO (single sign-on) mechanisms. It’s important to understand
tem, the computer system must also be protected against attacks.
THE NEW AGE The holy grail of many IdM systems is the concept of SSO. In today’s world of cloud computer and social interconnectedness, users want a simple way to access all their devices and applications, whether they’re on a local system or on the other side of the world. With SSO, users can sign in once and gain access to every system and resource they need. This can be accomplished by having enough participating systems to fulfill the requester’s desires or by using a shared set of data
OCTOBER 2013
INDIAN CHANNELWORLD
35
n FOCAL POINT | IDENTITY MANAGEMENT exchange protocols so that IdMs from a variety of sources can seamlessly operate with each other. If done correctly, all authentication sharing is invisibly done in the background. In some cases, the relying IdM system accepts the original authenticator and asks for the user to reprove ownership. In more seamless systems, the relying system simply trusts that the originating IdM system did its job correctly, authenticating the subject and issuing the appropriate security token. SSO IdM systems have always been a tradeoff between seamless integration and usability. Creating an SSO credential that can connect you to every resource you want to access isn’t difficult but building one that remains secure as you connect to various
identity can include one or more data attributes (called claims in IdM-speak), which the participating identity vendor verifies. When the consumer connects to a service provider that requires a particular identity attribute, the IdM provider can provide appropriate information. Claims-based authentication is celebrated because it may lead to less information being shared when a consumer needs to access a particular service. For example, you must be 18 or older to gamble in many countries. A user wishing to gamble at a particular website can choose an IdM provider that attests to this claim by including a field in the consumer’s security token that is tagged when the user is 18 or older and then passed
not have enough information to do any real damage. It’s much harder to siphon money from a user’s bank account when the attackers don’t have any credit card information, real name, or address.
IDENTITY METASYSTEMS The need for authenticated digital identities to work across a multitude of disparate systems is resulting in the creation of what are known as identity metasystems, which allow consumers to connect to providers of identity, networks, and services, and vice versa. With this paradigm you can have very large separate IdMs, both public and private, which serve their individual constituencies. But they also follow a set of rules and protocols that allow them to communicate. Then users can choose to
An IdM system is only as secure as all of its component parts and participants. Once IdM systems hand off the authenticator or security token to a computer system, the sytem must also be protected against attacks. systems is a much harder task. An SSO identity management system is only as strong as its weakest link. As noted above, a single security token compromised by a PtH attack can unlock access to a wide range of resources attached to the SSO system. The success of PtH and similar credential theft attacks is making SSO vendors work harder to prevent reuse attacks, while still trying to maintain the seamlessness that users have come to expect.
CLAIMS-BASED AUTHENTICATION A growing trend in IdMs is claims-based authentication. Each 36
along to the gambling site along with a trusted pseudo-anonymous name. The gambling site can attest to legal authorities that it has verified the participant’s age without having to know all the user’s other identifying information. Another provider could handle the conversion of money to and from the gambling site and the consumer. The list of potential services and identity claims goes on and on. Using claims-based authentication reduces security risks for consumers, IdM providers, and websites. If hackers compromise a particular IdM provider or site, they may
INDIAN CHANNELWORLD OCTOBER 2013
participate in one or more big IdMs, which can cover a large collection of computers and services. In this scheme, consumers are free to pick one or more identity providers; they may also be able to pick what level of assurance they want or need for a particular identity. Network providers are the pipes to get consumers and their identities to the content or services they want. Like consumers, content or service providers can choose one or more identity providers to work with and what level of assurance is adequate. For example, an online stock
trading company may require that a user pick an identity management provider that positively identifies the user’s real name and requires out-ofband authentication. Or a consumer can choose to do business only with identity providers that can assure that the real identity remains anonymous. This already occurs on many business networks and e-currency trading networks. A user can be pseudo-anonymous as well. With pseudoanonymity, the user’s true identity is verified by the IdM provider but is not shared with the content provider; however, the content provider can require that the pseudoanonymity identity provider attest it has verified the user’s identity to a real person. Thus, a great level of assurance is provided to the content provider without the consumer’s real identity being compromised. Of course, pseudo-anonymity providers who know the real identity might be forced to disclose the link to real identity by legal authorities.
NEW PARADIGMS Certainly, cloud and social networking technologies have had the biggest impact on large IdM systems for the past five years. When you have hundreds of millions of users (such as Facebook, Google, Live. com, Twitter, and Yahoo have), you not only need an IdM solution for your own services, you also need one for the services your customers want to interact with. Further, all of today’s authentication services must work over HTTP/
HTTPS; work with XML, SAML, and Web services; and participate using open standards. Enter OAuth. Backed by Google, Twitter, Facebook, Microsoft, and others, OAuth is quickly becoming the open authentication standard. The IdM provider services and content they provide is, or is becoming, OAuth accessible. OAuth 2.0 is the current specification and is detailed in RFC. Perhaps the biggest blow to OAuth is security, or lack thereof. Many security experts believe that for an open protocol designed to work across the very dangerous Internet, OAuth contains far too many exploit avenues. This is something even many of its strongest proponents admit. Though not as widely accepted as OAuth, OpenID is a popular competing open standard authentication framework. OpenID works by relying on thirdparty identity providers, allowing service providers to work directly with each other. For a few years it seemed as if OpenID would take over the world (some sources claimed more than 1 billion users), but now there is a sense that its promise has come and gone, and it is being replaced by OAuth or even newer, emerging standards.
CHOOSING WELL It’s not hyperbole to say that IdM systems are the glue that holds the connected world together. Without them we wouldn’t have networking or the Internet. Each IdM offering has a different set of features and capabilities. Another big component of an IdM system is its scope. How widely can
it be used in a particular environment or set of environments? Some IdM systems only work on the local computer or device. Others work across all the systems on a network. Large IdM systems may have hundreds of millions of participants. These attributes, along with cost and support, should be considered when evaluating an IdM offering. As complex as IdM systems may seem today,they are in the process of getting ar more complicated and harder to defend.
COMPLEXITY INCREASES We now live in a world of cloud computing networks, some of which may be located on your premises. These cloud services will require digital identities, some of which will be private and others that will be part of huge public identity metasystems. Many of these identities may be shared with other sites you may not be aware of or don’t necessarily trust. You will see more IdM systems appear, more digital identities, more gateways, and more people heading into and out of your computing environment. In th e fully interconnected world of the near future, your IdM sp ace could consist of multiple IdM systems, both public and private, connecting to resources outside the company. You might be charged with allowing outsiders to log on to your network using public IdM credentials. For example, there is a significant push to let the huge identity metasystems (such as Facebook, Google, or Live.com) into private networks and corporately owned assets. Should you allow a public
digital identity, which we know entails more risk, access to your private corporate assets? Most computer security experts will say no. But that fate may be thrust upon you, just like instant messaging, social networks, and other once bleedingedge technologies that were initially scorned by security professionals. The arrival of the latest IdM paradigm requires reexamining all your security policies and controls to see if they consider the newer technologies. If their scope does include the new IdM schemes, what policy and control changes need to be made? How does that change enforcement and auditing? Suppose you are required to allow one of the public IdM systems into your network, and your current password policies require 12-character passwords, multiple character sets, a 4-guess account lockout, and a password change every 90 days. How are you supposed to enforce those
are likely to be used and their security strengths and weaknesses. Second, be sure to document the concerns you have with each, in case top management asks your opinion or demands that you support a particular solution. Third, be sure to check out the Cloud Security Alliance. This organization is rapidly becoming the most respected open body on the topic of clouds and their security controls. IdM systems aren’t always clouds, but all the newly emerging ones are. Understanding how to measure cloud security, and even what questions to ask, will go a long way toward evaluating the different IdM services. The CSA’s educational materials, especially regarding the “cloud controls matrix” and the “GRC Stack,” are great places to start. Some material is free. Fourth, another great resource for learning about emerging authentication standards and their practical enforcement is the Trusted Computing Group. It is a ven-
The arrival of the latest IdM paradigm requires reexamining all your security policies and controls to see if they consider the newer technologies. policies when you have nearly zero control over the controls or implementation? How can you perform normal auditing or accounting if you do not have access to the IdM vendor’s log? It is sometimes impossible. The implications of the newer IdM paradigms are that with few exceptions, everything becomes harder to defend.
WHAT CAN YOU DO? First, be aware that the field of IdM is changing rapidly. Concentrate on where they
dor-neutral open standards group that has been largely involved with real authentication solutions that work. It can be guaranteed that if you get to know this information well, you’ll be among the more knowledgeable IdM experts in your environment. Last, consider purchasing or using a tool that can help you manage IdM management across your space. There is no need to go it alone. Everyone is facing the same problems, and many vendors in the IdM space are ready to assist.
OCTOBER 2013
INDIAN CHANNELWORLD
37
n OPINION
PRESTON GRALLA
Turn a New Leaf Microsoft has fallen off the saddle. To get back up, it will need to look at someone other than Gates— and soon.
Preston Gralla is a contributing editor for Computerworld.com and the author of more than 45 books, including Windows 8 Hacks (O’Reilly, 2012). See more by Preston Gralla on Computerworld.com. 38
C
EO BALLMER and his predecessor shared a vision
of how Microsoft could stay on top by focusing on Windows. Now that CEO Steve Ballmer has announced that he will be leaving Microsoft sometime in the next year, some people hope that Bill Gates will come out of retirement and ride in like the US cavalry to save the beleaguered company. That won’t happen. Gates can’t rescue Microsoft. He’s at least partly responsible for the company’s current woes, because Ballmer in his years at Microsoft mainly followed Gates’ playbook, which holds that Windows is Microsoft’s centerpiece. And by sticking to that mindset, Microsoft fell far behind in big growth areas, notably mobile and Internet search. Since Gates’ retirement from day-to-day Microsoft responsibilities to focus on the Bill and Melinda Gates Foundation, he has taken on a can-do-nothing-wrong aura. If only he still headed Microsoft, a strain of thinking goes, the company would be able to see its way out of the wilderness. After all, Gates was the visionary who in 1995 wrote a memo titled The Internet Tidal Wave, in which he declared that “our focus on the Internet is crucial to every part of our business. The Internet is the most important single development to come along since the IBM PC was introduced in 1981.” Such thinking ignores that the seeds of Microsoft’s current woes were sown under Gates. It’s one thing to have a vision and another to put it into effect. And that’s where Gates failed. Three years after he wrote that memo, Microsoft remained focused primarily on Windows and didn’t have a solid Internet strategy. A startup named Google was born that year. The rest is history. Microsoft blew its chances at mobile computing under Gates as well. In 2001, when Gates had turned over his position as CEO to Ballmer, but was the company’s chief software architect, Microsoft an-
INDIAN CHANNELWORLD OCTOBER 2013
nounced its Tablet PC, essentially a fullblown computer in tablet form, costing thousands of dollars and running Windows. No one wanted one. It wasn’t until Apple released the iPad, nine years later, that tablet computing took off. Under Gates, Microsoft also developed a smartphone years before the iPhone. Called Windows Mobile, it was released in 2000, and was built on earlier versions of various Windows mobile operating systems. Once again, Windows was the centerpiece. And once again, few people wanted one. Gates and Ballmer for years have shared a common vision about Microsoft: Use Windows as a bludgeon to frighten partners, beat competitors into submission, and gain share in related markets, such as browsers and offices suites. The strategy continues today with Window 8. Microsoft apparently thought that the best way to push into the tablet market would be to develop a single, touch-based operating system for traditional PCs and tablets. Because Windows dominates the traditional PC market, the thinking went, people would get used to the interface on their computers and then rush out and buy Windows 8 tablets. It was a technique taken straight out of Gates’ playbook. It has so far failed. Gates recognizes that he isn’t the person to lead the company. He recognizes that a new vision for the company is needed, not one as wedded to the past as Ballmer’s was—and as Gates’ has been as well.