Page 1


FROM THE EDITOR-IN-CHIEF

PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L EDITOR-IN-CHIEF MANAGING EDITOR EXECUTIVE EDITOR ASSOCIATE EDITORS FEATURES EDITOR SPECIAL CORRESPONDENTS

Task Master By reducing attention span, multi-tasking leads to lower productivity and bad decisions. A few months ago, I tracked each time I was interrupted at work. I did this not for a day or a week; I maintained a record over an entire month. I clocked in a text or a phone or a colleague walking into my cabin or an e-mail alert or a post alert on our collaboration platform once every 13 minutes! Each time I was disturbed it got progressively difficult to regain my chain of thought and go right back to what I was doing. On one particular day, my attempts to write an editorial like this one were frustrated so often, that I gave up and wrote it out late at night once home. In an era when multi-tasking is seen as a highly productive trait, this whine of mine might seem anachronistic. However, research reveals that ‘multi-tasking’ not only reduces productivity but it also helps to reduce attention spans thus actually reducing the quality of output and leading to bad decisions. A study, conducted by the Institute of Psychiatry at the University of London, found that “workers distracted by e-mail and phone calls suffer a fall in IQ”. Big deal, right? Then consider that the study found that interruptions at work lowered IQ by as much as 10 points, while smoking marijuana regularly, caused only a four point drop in intelligence! Another study found knowledge workers in a mental state of continuous stress and distraction caused by the combination of queued messaging overload and incessant interruptions. In one organization, the authors found that staff “averaged 11 minutes on any one “working sphere” before switching to another altogether.” This extreme fragmentation of work resulted in a severe cumulative time loss, with some estimates as high as 25 percent of the workday. Their research found employees in a chronic state of mental overload in practically every company and organization in the industrialized world. One way out is for senior executives to actually take some ‘me’ time off—go walkabout, grab a cappuccino outside office, lock yourself into a conference room or your home with the mobile switched off—anything to take a mental step back and revel in the silence of your own thoughts. What do you think about this? Mail me.

Vijay Ramachandran T.M. Arun Kumar Gunjan Trivedi Sunil Shah,Yogesh Gupta Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya PRINCIPAL CORRESPONDENTS Debarati Roy, Sneha Jha, Varsha Chidambaram SENIOR CORRESPONDENTS Aritra Sarkhel, Eric Ernest, Ershad Kaleebullah, Shubhra Rishi, Shweta Rao SENIOR COPY EDITORS Shreehari Paliath, Vinay Kumaar LEAD DESIGNERS Pradeep Gulur, Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER-KEYACCOUNTS MANAGER MARKETING MANAGER-SALES SUPPORT SR. MARKETING ASSOCIATES

Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Sakshee Bagri Ajay Chakravarthy Nadira Hyder Archana Ganapathy, Benjamin Jeevanraj, MARKETING ASSOCIATE Arjun Punchappady, Cleanne Serrao, Lavneetha Kunjappa, Margaret DCosta, Shwetha M. LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laaljith C.K. O P E R AT I O N S

VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION MANAGER OPERATIONS MANAGER CREDIT CONTROL SR. ACCOUNTS EXECUTIVE

Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Chetan Acharya, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Dinesh P., Tharuna Paul Prachi Gupta Poornima

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/05

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

REAL CIO WORLD | J A N U A R Y 1 5 , 2 0 1 4

13


contents MARCH 15, 2014 | VOL/9 | ISSUE/05

Case Files 38 | TVS Motor Company IT STRATEGY It takes eight seconds to roll out a twowheeler at the TVS Motor Company. For IT to deploy a solution at that speed is unheard of. But the CIO of the company has changed that by reducing the time-tomarket an IT solution by 65 percent. Here’s how. By Shubhra Rishi

56 | SpiceJet

3 2

IT MANAGEMENT The intriguing story of how SpiceJet’s CIO found an ingenious way to save costs by limiting IT support staff—from what could have been 300—to 30. By Shubhra Rishi

more »

32 | Sizing Up SDx

4 6

COVER STORY | SDX The promise of a software-defined future is hard to resist. But getting there will require implementing SDN. There’s where things start to go off script. By Varsha Chidambaram

COVER DESIGN BY VIKAS KAPOO R

43 | IT Resume Makeover FEATURE | CIO CAREER Career coach and strategist Donald Burns shows technology executives how to better transition from IT consulting back to corporate IT as he works with a client who’s feet are planted firmly in both worlds. By Rich Hein

CXO AGENDA "Another thing we are trying to do is to leverage the Internet of Things,” says Sangita Reddy, Executive Director, Operations, Apollo Hospitals Group.

2

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


|

DEPARTMENTS 1 | From the Editor-in-Chief Task Master By Vijay Ramachandran

7 | Trendlines Innovation | Tech Plays Baby Sitter Devices | Speakers Turn Jukebox Mobile Apps | Winter Olympics: App Stars Social Media | Social Media: Show Stopper Technology | A Sense of Art Auto | Talkative Cars CIO Role | The Hardest Working CIO Popular science | Fill Up Your Senses Internet | Technology: The New Cupid By the Numbers | Indian CEOs: Anxious

14 | Alert

5 0

Security Tools | The FBI Goes High Tech Emerging Threat | Internet of Things

68 | Essential Technology Secuirty | Bull's Eye! IRIS | Under the Lid

72 | Endlines

50 | Innovation vs. Maintenance

Innovation | False Nails, True Art By Neil Bennett

FEATURE Spending too much time on keep-the-lights-on projects? Here’s how to tip the balance. By Minda Zetlin

Columns 19 | RIP Privacy?

52

PRIVACY Revelations in 2013 about NSA surveillance andREAL the CIO power of |big-data MARCH 15, WORLD analytics suggest the age of privacy is over. But a new 'privacy death index' places us far from the tipping point.

2014

3 0

13

By Jay Cline

21 | Little Data is Bigger LEADING EDGE Managing Big Data in isolation doesn't yield much value. Analyzing it in conjunction with Little Data makes insights smarter and more impactful. By Gunjan Trivedi

28 | Untangling Mobile Privacy THINK TANK If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work. Remember this privacy policy could define your company’s reputation. By Evan Schuman

4

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

THE CIO SUMMIT | 58 The third edition of the IDC-CIO business conference for IT leaders saw expert speakers and big-league CIOs discuss all the most important tech topics of the day.

VOL/9 | ISSUE/05


The power behind competitiveness

Powering Competitiveness in Banking & Finance Delta’s UPS solutions, powering transactions non-stop. Delta UPS – Agilon Family • Up to 600 VA 1-Phase Off-line UPS Delta UPS – Amplon Family • Up to 10 kVA 1-Phase On-line / Line-interactive UPS Delta UPS – Ultron Family • Up to 500 kVA 3-Phase On-line UPS Delta UPS – Modulon Family • Up to 200 kW Modular UPS

+91 9999992084 www.deltapowersolutions.com


CIO Online

.in CIO ADVERTISER INDEX

Accenture Services

[ CI O TV ]

3

Bharthi Airtel ( Airtel Business)

Video Library

Canon India

From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our online videos.

EMC IT Services

Cyberoam Technologies

HCL Comnet IBM India

25, 26 & 27 IBC 29 8&9 17 IFC

Netmagic IT Services

31

SAS Institute (India)

15

Starcom of Denuo Vodafone India Wipro Limited

5 BC & 45 + insert 22 & 23

[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.

Don't receive our newsletters? Log on to our website to subscribe today!

>> cio.in/news

Read More@ cio.in

>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events

FOLLOW US ON www.facebook.com/CIOIndiaIDG twitter.com/CIOIn

Form IV Statement of ownership and other particulars about the magazine Real CIO World, as required to be published under Section 19-D Subsection (b) of the Press and Registration of Books Act read with Rule 8 of the Registration of Newspapers (Central) Rules) 1956. PLACE OF PUBLICATION: PERIODICITY OF PUBLICATION: PRINTER Name: Nationality: Address: PUBLISHER Name: Nationality: Address: EDITOR Name: Nationality: Address:

‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Monthly Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka

Names and addresses of individuals who own the magazine, and partners or shareholders holding more than one per cent of the total capital: International Data Group, 5, Speen Street, Framingham MA 01701, USA I, Louis D’Mello, hereby declare that the particulars given above are true to the best of my knowledge and belief.

15 March 2014

6

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Louis D’Mello Signature of publisher

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL/9 | ISSUE/05


EDITED BY SHARDHA SUBRAMANIAN

NEW

*

HOT

*

UNEXPECTED

Tech Plays Baby Sitter which acts as a bridge between the onesie and the home’s WiFi network. “We basically designed it because we had parents coming to us saying ‘I wake up over and over in the middle of the night because I’m wondering if everything is okay with my baby,’” Madden said. “It’s really there to be an extra tool for parents.”

Along with co-founder Thomas Lipoma, Madden leads a group of seven young employees, all but one of whom hail from The Massachusetts Institute of Technology. In a loft style office that Rest Devices shared with a custom tailoring company, the group developed, prototyped and began manufacturing Mimo. With the exception of the onesie, which comes from India, all of the components of the system and the assembly is done in Massachusetts and New Hampshire. For durability testing, the team 3D-printed a contraption that used a small motor to restart a washer and dryer. “If you think about washing a thousand onesies hundreds of times, that’s a lot of laundry. So we added servos to the washer and dryer so that they’ll automatically restart and run on self-cycled water.” —By Nick Barber

TRENDLINES

I N N O V A T I O N Singing along to the Disney movie playing in the background, Dulcie Madden helped hand-package thousands of hightech baby clothes from her start up in Boston’s Leather District. Madden is the CEO and co-founder of Rest Devices, which just started shipping its Mimo connected “onesie” to stores across the US. The system aims to help anxious parents by monitoring a baby’s movement, respiration, position and skin temperature and delivering the information with audio to smartphones. “The green stripes on the front of the onesie are the respiration sensors, which pick up the baby’s breathing throughout the night or as they’re playing,” Madden said. The green plastic turtle that attaches to the onesie has a temperature sensor, accelerometer and Bluetooth low-energy chip to deliver the information to the “lily pad,”

Speakers Turn Jukebox

VOL/9 | ISSUE/05

instructions for streaming that music from the Internet. This allows users to control playback from multiple devices or leave the house while letting the music play. Similar to Sonos, Beep can also synchronize playback to multiple speakers—up to five at once on most Wi-Fi networks. The wedge-shaped hardware has a large dial on top. Tapping the dial starts and stops playback, and twisting the dial adjusts volume. There’s a 3.5 mm optical jack for audio output and a micro-USB input for power. Beep says it supports pretty much any speaker with a 3.5 mm auxiliary input, optical input or an RCA jack.

If you don’t already have a bunch of extra speakers, Beep isn’t necessarily a cheaper or better solution than Sonos. Sonos also supports many more apps right now, including Spotify, Rdio and Amazon Cloud Player. But for users who already have good speakers on hand, Beep could save you some cash. Besides, the idea of pushing music from a smartphone to speaker with the touch of a button is pretty alluring. Down the road, Beep could even license its technology to speaker companies, allowing for built-in streaming similar to what Apple has done with AirPlay. —By Jared Newman

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

IMAGES BY T HIN KSTOCKP HOTOS.IN

If you have any old speaker systems or boomboxes lying around the house, Beep has a plan to usher them into the Internet age. Beep is a device that lets you wirelessly send music from a smartphone or tablet. It connects to your home Wi-Fi network, and any iOS or Android apps that support Beep will display a button for beaming your tunes. Beep works a lot like Google’s Chromecast TV dongle, but for speakers. (The company was co-founded by two former Google employees, after all.) Instead of receiving audio directly from the phone or tablet, Beep merely gets

DEVICES

7


"We took the right step by choosing the EMC Isilon brand because it is one of the pioneers of the scale-out storage system worldwide. It is the best product available in the market currently, which made business sense for the company." K.Y. IYER CIO, NDTV

Company NDTV

Industry Media

Headquarters

New Delhi

Founded 1988

Channels 4

BROADCASTING

SUCCESS

When NDTV was in need of a scalable and resilient storage system for the new channel it was going to establish, it found a more than able comrade in EMC Isilon. Here’s how the collaboration spelled success for the media giant.

By Aritra Sarkhel


CUSTOM FEATURE EMC

T

alk TV, talk NDTV. Founded by Prannoy Roy and Radhika Roy in 1988, New Delhi Television (NDTV) is one of the pioneers of broadcast news networking in India and the world. Over the years, it has expanded operations across the world and gained a formidable reputation by setting up channels such as NDTV 24x7, NDTV India, NDTV Profit, and NDTV Good Times. Thanks to its state-of-the-art studio facilities across the country, NDTV has been consistently producing one of the best quality news content on prime time television. But sustaining the hard-earned reputation would require delivering the same quality of content across its new ventures as well. There can never be a slippage in terms of delivery.

PRESSING NEEDS About six years ago, NDTV had planned to establish a new 24-hours channel. This was supposed to be the beginning of a new journey for the company. Most of the operations were in order, and as a result, K.Y. Iyer, NDTV’s CIO, and his lean IT team had their task cut out clearly. Setting up a new channel is a gargantuan task. New teams, new agendas, new infrastructure—all have be in place with less or zero IT downtime. Iyer very well knew that this pressing need warranted an advanced IT infrastructure. “It was not challenging as such but carving out a new setup altogether for vaster broadcasting purposes still meant a huge job,” says Iyer. NDTV’s new channel required a brand new storage facility. “The workflow of videos is complicated. Managing gigabytes of video data is a different ballgame altogether. It is different from traditional enterprise IT applications that companies are accustomed to supporting. Video has to be easily accessible and, at least, we need stringent real-time performance,” says Iyer. He also points out that in order to achieve such robust real-time video performance, it was critical to have a storage system which was highly scalable with enormous bandwidth and continuous low latency and still have the capability to support video applications throughout the day. Iyer and his team were on the lookout for such a competent system. “We had deadlines to meet to set up the infrastructure for the new channel. We did our research and kept ourselves abreast of newer technologies across the scalable storage system. We attended trade shows and had vendors

THE BENEFITS

Tremendous Scalability: In terms of flexibility, EMC Isilon scales multiple gigabytes per second of throughput within a single file system. Scaling on-the-go helps NDTV perform linearly and grow capacity in an agile manner. Reliability: EMC Isilon has set the bar for reliability high by delivering capabilities such as no single point of failure, fastest disk rebuild time, proactive failure detection, and fully journalled file system. High Efficiency: EMC Isilon’s scale-out storage provides better rates of utilization compared to NAS solutions from other vendors. This means greater efficiency for the overall architecture with lower maintenance and operational costs. Robust Video Performance: The EMC Isilon is a highly scalable storage system with enormous bandwidth and continuous low latency, and offers the capability to support video applications throughout the day.

present us with their storage solutions time and again,” he says. Elaborating further on the need for a sinewy solution, Iyer says, “We required storage systems where our video would be stored and in some cases, edited. We

needed good throughput and equally good network performance. And more importantly, reliability was a must because being a 24-hours channel, our new venture could not afford to face downtime even for a second.”

QUEST FOR THE BEST Unfortunately, none of the vendors then were able to completely meet the criteria that Iyer and his team had set. The hunt went on without any success for a long time, but in the end, Iyer and his colleague Jay Chauhan found the solution they had been looking for—in the form of EMC Isilon. “We chose the EMC Isilon range of solutions because it enables high-speed access to huge loads of mission-critical data and reduces cost and complexity at the same time,” says Iyer. EMC Isilon, a resilient and scalable NAS solution, was and still is one of the best in the industry. “We took the right step by choosing the EMC Isilon brand because it is one of the pioneers of the scale-out storage system worldwide. It is the best product available in the market currently, which made business sense for the company,” he adds.

GOING ON AIR Iyer states that the experience has been stupendous so far. “Except for one or two minor instances, there has not been a single downtime issue so far. The EMC Isilon has been extremely reliable throughout,” he says. In terms of flexibility, EMC Isilon scales multiple gigabytes per second of throughput within a single file system. “Since we are in the broadcasting domain, scaling on-the-go helps us perform linearly and grow capacity in an agile manner,” Iyer says. Iyer is jubilant that he and his team are able to consistently deliver that crucial aspect that the new channel demanded. They have not had to deal with storage issues. “We certainly did not want the TCO to be high nor did we want something that required high maintenance. EMC Isilon has been continuously available online and resilient throughout,” says Iyer.

This case study is brought to you by IDG Services in association with EMC


Winter Olympics: App Stars

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Social Media: Show Stopper Google Glass, the Moto X, and Samsung’s Galaxy Gear have all appeared on runways at MercedesBenz Fashion Week, proving that tech and fashion are made for each other. But this spring, it’s not gadgets that stole the spotlight at the semi-annual spectacle. Social networks and sharing economy startups got in on the action, helping designers hawk their wares, get to shows, and show off the glitz behind the scenes. Uber offers arrivals in style: If any company can be counted in for an event tie-in, it’s Uber. The on-demand transportation app has delivered Christmas trees and marching bands for past promotions, but for Fashion Week, the company did something that’s actually relevant. Uber partnered with designer Alexander Wang, who moved his runway show from Manhattan to Brooklyn—not an easy trek if you’ve got a slew of other shows to attend. Attendees who used Uber to get to Wang’s event got 30 percent off their fare (though it was unclear if the company put surge pricing in effect for Fashion Week). Anyone who’s tried to hail a cab in Manhattan to cross the Brooklyn Bridge knows it’s close to impossible, so this tie-in makes a lot of sense. But of course, Uber had to go a little over the top and offer a second promotion to coincide with Fashion Week. The app worked with cosmetics company Benefit to deliver “emergency mascara technicians” to fashionistas in need of a quick makeover—plus a bag of swag—before hitting the next show or after-party. Instagram went Glam: Every season, Instagram’s ties to Fashion Week grow stronger. Naturally, designers, models, and journalists shoot the shows from every angle and upload their bird’s-eye views to the photo-sharing network. But for the first time this year, Instagram is working with Vogue on a week-long series of exclusive posts. In other words, Vogue didn’t simply repurpose its own content and reposted it on Instagram. The social network brought back the Instagram installation it built at Lincoln Center last year to show off the images Fashion Week attendees were uploading—and this time, the digital photo wall was even bigger.

SOCIAL MEDIA

—By Caitlin McGarry

VOL/9 | ISSUE/05

IMAGES BY T HIN KSTOCKP HOTOS.IN

TRENDLINES

M O B I L E A P P S Search “Sochi Olympics” in the App and Google Play stores and you’ll find dozens of Olympicthemed apps, some from reputable outlets and others merely trying to squeeze out a buck from the world’s most popular sporting event that concluded last month. Here are a few other apps that shone at the winter Olympics. NBC’s App Suite: NBC broadcast more than 1,000 hours of live Olympic footage to NBCOlympics.com and its app NBC Sports Live Extra. Just like NBC’s Olympics page, viewers could watch every event live straight through the app, and catch up on things they missed through highlights and event replays. It even had a handy calendar of events, so viewers could create their own viewing schedule and set reminders. Olympic Athletes’ Hub: A lot of athletes competed in the Olympics, and while all of their tweets and Instagram pics were amusing, you don’t want them clogging up your personal feeds. That’s why the Olympic Athletes’ Hub was a handy resource: It pulls all of the Olympians’ verified Twitter, Instagram, and Facebook accounts into one app. People could pick their favorite athletes, teams, or sports to follow, and they’ll get up-to-date posts from their social media accounts. theScore: Popular sports news site theScore recently updated its app to support Winter Olympics coverage, and its content was gorgeous—especially if viewed on a tablet. TheScore was your one-stop news source for everything Sochi. With frequently updated articles written by theScore’s own staff, photo slideshows, videos, and integrated social media feeds, this app provided viewers with tons of Olympics bites. Its designated pages for medal counts and podium ranks helped viewers keep track of how different teams were doing. Viewers could even curate their own feed by picking their favorite sports and events to follow, which then got saved in a special tab. 2014 Team USA Road to Sochi: Produced by the United States Olympic Committee, the 2014 Team USA Road to Sochi app could’ve come off as some form of PR-minded hokum, but its true value is that it served as an info-packed resource even after the Olympics commenced. With a continually updating set of bios and news updates, the USOC’s app featured athlete Twitter updates, venue photo galleries, videos of events, and even a donation button to let users contribute to Team USA. This user-friendly design served as a one-stop resource for anyone cheering the red, white, and blue. — By Leah Yamshon


A Touch of Art

C I O R O L E We asked CIOs to describe how their businesses viewed them and how many hours they worked. Not surprisingly, those considered competitive differentiators worked the longest hours a week.

54.0

Competitive Diffrentiator

52.5 Valued Service Provider 52.4 Trusted Partner 52.3 Cost Center

Source: CIO Research

VOL/9 | ISSUE/05

Talking cars will soon make the leap from the latest children’s animation onto our roads in a bid to improve safety—but they won’t be talking to us. Adelaide-based vehicle technology leader Cohda Wireless is poised to become a major beneficiary of a US Department of Transportation decision to green light ‘talking cars’ on American roads. The department’s National Highway Traffic Safety Administration (NHTSA) announced it will start taking steps to enable vehicle-to-vehicle (V2V) communication technology for light vehicles. Pioneered by Adelaide-based Cohda Wireless, V2V technology promises to improve safety by allowing vehicles to “talk” to each other and ultimately avoid many crashes altogether by exchanging basic safety data, such as speed and position, ten times per second. Cohda Wireless chief executive, Paul Gray, said Cohda was perfectly poised to take advantage of this new development. “About half of all vehicles involved in V2V trials globally contain Cohda equipment, including 1,500 of the 2,800 vehicles involved in the important Safety Pilot Model Deployment project that has given the DOT the confidence to make this decision.” US Transportation Secretary Anthony Foxx said vehicleto-vehicle technology represented the next generation of auto safety improvements, building on the life-saving achievements we’ve already seen with safety belts and airbags.” With safety data such as speed and location flowing from nearby vehicles, vehicles can identify risks and provide drivers with warnings to avoid other vehicles in common crash types such as rear-end, lane change and intersection crashes. The safety applications have been demonstrated with everyday drivers under both real-world and controlled test conditions. Cohda’s patent-protected technology, embedded in the Cohda/NXP RoadLINK chipset, exchanges messages reliably across an extended range and at high speed, cutting ‘time to react’ and communicating potential hazards and safetycritical scenarios much faster than conventional applications. This has seen strong early adoption of Cohda’s products.

AU TO

IMAGES BY T HIN KSTOCKP HOTOS.IN

The Hardest Working CIO

Talkative Cars

TRENDLINES

TECHNOLOGY A new interactive gallery installation in Shoreditch uses haptic technology to allow visitors to hear and feel a painting. The project, created by Middlesex University, aims to turn admiring fine art into an immersive experience that stimulates additional senses. Currently found at Shoreditch Red Gallery, the installation features a stormy seascape painting in front of a robotic device that the visitor holds onto. By moving their hand, the visitor can explore the painting, activating 360 degree sounds and haptic feedback (they can ‘feel’ the weight of the sea, for example) depending on the part of the painting they’re ‘in’. Middlesex University Creative Directors Florian Dussopt and Nick Phillips are the minds behind the project, which they’ve titled ‘Into the Frame’, and enlisted the help of staff in the University’s science and technology departments as well as 3D sound specialist Dave Hunt. Artist Paul West created the painting itself. “By building a bridge between fine art and the science of haptics and 3D sound we have created a new third dimension of art to allow visitors to explore and feel through touching and listening,” says Nick. “It’s been great creating not only an art installation, but also promising a tool for neuro-rehabilitation,” adds Florian, who believes the project could also help with brain injury rehab. “It has potential to help with brain spatial problems, and during the project we published and presented a research paper on this at the International Conference for rehabilitation robotics in the USA.” —By Ashleigh Allsopp

—By Brian Karlovsky

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

11


Fill Up Your Senses Any product that can be connected to a network is being given the ability to sense our environment. This kind of technology is increasingly aware of everything around us. It measures temperature, orientation and direction, light, pressure, vibrations, noise, and—eventually—it will be able to mimic the sense of smell. And, thanks to the Internet of Things, sensing technology will soon become pervasive at home and in the office. Most people are already familiar with some of the capabilities of sensing technology, such as the accelerometer used in a smartphone. It detects changes in orientation and is responsible for rotating a screen. The accelerometer is a microelectromechanical system (MEMS) sensor, one of many types of MEMS-based sensors. Market research firm HIS iSuppli said the number of MEMS units, which includes accelerometers, gyroscopes, microphones, pressure-based, motion and temperature sensors, will increase at a rate of 20 percent a year through 2017. It expects that nearly 10.8 billion MEMS units will be shipped this year, with that number rising to 17.15 billion in 2017.

TRENDLINES

POPULAR SCIENCE

“The market is truly driven by consumer and mobile applications,” says Jeremie Bouchaud, an analyst at iSuppli. MEMS has “become the link that lets the technology be more fully integrated into the world,” says John Chong, director of product engineering at Kionix, a MEMS producer. Its facility, which employs between 250 and 300 people, designs and fabricates the sensors. MEMS sensors are the basis of much of the sensor technology being integrated in modern devices and are a complementary technology to integrated circuits. Manufacturers such as Kionix are using similar tools and fabrication processes to produce them. “This allows MEMS to follow the same development trajectory of integrated circuits, continually becoming smaller, cheaper and better,” says Chong. MEMS can also be easily paired with integrated circuits. “Together, they become a more complete system, with the integrated circuit functioning as the brains while the MEMS function as the senses—sight, sound, feeling, etcetera,” says Chong. —By Patrick Thibodeau

I N T E R N E T Have you ever had a text fight with your spouse? Feel like Facebook and smartphones are helping your relationship? Technology is becoming a greater role in romantic relationships, according to a report from the Pew Internet & American Life Project. The study was based on telephone interviews with 2,252 US adults conducted between April 2013. “Couples use technology in the little and large moments,” Pew report stated. “They negotiate over when to use it and when to abstain. A portion of them quarrel over its use and have had hurtful experiences caused by tech use. At the same time, some couples find that digital tools facilitate communication and support.” While 10 percent of Internet users who are married or partnered say the Internet has had a “major impact” on their relationship, a larger 72 percent say it’s had no impact on their relationship, and 17 percent said it’s had a minor impact. While people may complain about their significant other’s texting during dinner or date night, the Pew study showed that

12

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

of those who said the Internet has had a major impact on their relationships, 74 percent of them said it was a positive impact. Only 20 percent said the impact was mostly negative and 4 percent said it had both positive and negative effects. “I think tech is mostly helpful to relationships,” said Dan Olds, an analyst with The Gabriel Consulting Group. “It gives people the ability to communicate in more and different ways. Text messages make it easy to toss out those quick ‘I’m thinking about you” or ‘I’m thinking about you, and I’m still mad about last night’ messages. Communication isn’t only about good things, right?” Olds said he’s not surprised that more people didn’t complain about technology getting in the way of their relationships or at least irritating them. “I think the reason tech isn’t more of a problem in relationships is because tech-centric and tech-phobic folks probably tend to clump together over time,” said Olds. —By Sharon Gaudin

VOL/9 | ISSUE/05

IMAGES BY T HIN KSTOCKP HOTOS.IN

Technology: The New Cupid


COMPILED BY SHUBHRA RISHI

Best Practices

Indian CEOs: An Anxious Lot As recent as last year, Indian CEOs were brimming with confidence, while their counterparts around the globe had only sob stories to trade. But this year, fortunes have changed hands, according to PWC’s Annual Global CEO Survey. The survey observes that only 49 percent of Indian CEOs are confident of their organizations’ growth prospects over the next 12 months. CEOs in Korea, Taiwan, the Middle East, Russia and Africa are more confident than Indian CEOs about revenue growth for 2015. So what are Indian CEOs worried about? Over-regulation, say 82 percent of Indian CEOs. According to the survey, it’s the tallest hurdle that can stall growth in their organizations—and the only challenge that Indian CEOs have in common with global CEOs. That, coupled with inadequate basic infrastructure, continues to haunt 82 percent of Indian CEOs and has emerged as a top threat—which it wasn’t 10 years ago. Other challenges giving CEOs sleepless nights are issues that have plagued India for years—currency volatility (84 percent) availability of key skills (81 percent), and changing consumer behavior (48 percent). But they aren’t losing heart yet. They are planning to use technology to counter these challenges. Seventy-nine percent of Indian CEOs believe that technology advancement will transform their business over the next five years. That’s why over 70 percent are betting on data management and analytics to ride the wave of change.

1

DEVELOP skilled workforce. Skilled staffers are hard to come by, so develop and train internal staff in the latest technologies to stay ahead of competition.

2

HARNESS technology. Use data analytics and data management to counter the challenges of growth and show CEOs what IT can do to help business.

3

FIND new ways to engage consumers. Social media is a great way to reach more customers. Use the platform to market your organization and business.

TRENDLINES

A

Over-regulation, currency volatility, lack of talent, inadequate infrastructure—the list is long for the worrisome Indian CEO.

The Worried CEOs Club Global CEO Challenges

Indian CEO Challenges

72%

Govt. response to fiscal deficit and debt burden

71% 70%

Slow or negative growth in developed economies

70% Increasing tax burden

72% Over regulation

Over regulation

63% Availability of key skills

60% Exchange rate volatility

47%

79%

Of Indian CEOs believe that technology advancement will transform their businesses over the next five years.

Inadequate basic infrastructure SOURCE: PWC GLOBAL CEO SURVEY 2014

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

13

IMAGES BY T HIN KSTOCKP HOTOS.IN

What Indian and global CEOs are most worried about.


alert

ENTERPRISE RISK MANAGEMENT

The FBI Goes High Tech N

IMAGES BY THINKSTOCKPHOTOS.IN

early 80 years after it began collecting fingerprints on index cards as a way to identify criminals, the FBI is moving to a new system that improves the accuracy and performance of its setup while adding more biometrics. By adding palm print, face and iris image search capabilities, the FBI’s Criminal Justice Information Services Division (CJIS) hopes to improve the accuracy of identity searches, make it easier to positively identify and track criminals as they move through the criminal justice system and provide a wider range of tools for investigators. The current database, the FBI’s Integrated Automated Fingerprint ID System (IAFIS), includes data on 135 million criminals and terrorists, and as civil servants and other citizens who work in “positions of trust.” Since its launch in 2008, the $1.2 billion (Rs 7,200 crore) Next Generation Identification (NGI)

project has been incrementally replacing pieces of the aging IAFIS and adding new features.

Mobile ID The recently released mobile ID system is one of the more compelling new features in NGI. It lets officers in the field use a handheld fingerprint scanner during a traffic stop and run a two-fingerprint check against the NGI’s newly created Repository of Individuals of Special Concern (RISC).

Core upgrades In NGI, the ten-print system has also been improved because it now runs on a more powerful, 1,000blade server farm—the old IAFIS system runs on 64 blades—and uses enhanced recognition algorithms.

“NGI is faster, more accurate, and has better process flows than IAFIS had,” says Scott Blanchard, manager of the automated print identification section at the Michigan State Police. The matching accuracy rate has risen from 92 percent to 99 percent while average response time has dropped from 2 hours to 10 minutes. But the time improvement is for matching fingerprints scanned under controlled conditions, such as at a police booking station. Matching latent fingerprints—those found at a crime scene—is much more difficult. With an accuracy rate of just 25 percent, IAFIS wasn’t highly effective for investigators. By contrast, the upgraded NGI capabilities rolled out in 2013 have had an accuracy rate well above 80 percent for latents.

Internet of Things: Beating the Odds FINDINGS

The Internet of Things can bring a number of benefits, but it also opens up greater security risks.

IoT: Top 5 Governance Issues

38% Increased security threats

28% Data privacy

9% Identity/access management

9% Attacks against connected devices

14

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

29%

Of IT professionals say the risks of Iot outweigh its benefits. SOURCE: ISACA

VOL/9 | ISSUE/05


alert

ENTERPRISE RISK MANAGEMENT

Going for the Palm A national palm-print database, deployed in 2013, should also help investigators because palm prints are left at the crime scene 30 percent of the time. The State of Michigan has been taking palm prints for five years, but Blanchard says there have been a few kinks getting up and running with the new system. “The FBI has placed requirements on palm print submissions that most states are not meeting,” he says. In a palm capture, NGI requires that the whole hand be captured, not just the palm. “They are trying to compare the fingers from the palm capture to the fingerprints that were rolled to make sure the palm matches the person. Many agencies aren’t meeting that requirement. We are capturing just the palm, not the entire hand,” Blanchard explains.

Recognizing Mug Shots Mug shots have long been a staple of IAFIS, but the FBI’s Interstate Photo System Facial Recognition Pilot project, launched in February 2012 in three states, now lets participating law enforcement organizations use face recognition to search against over 15 million of those images. The service will be fully deployed in June. Using face recognition algorithms to search for a match against another photo is new; it matches the photo taken at the booking station or from a crime scene with mug shots in the NGI database that have a high probability of being a match. Face recognition isn’t nearly as accurate as fingerprints when identifying individuals. “If you had a perfect gallery it would be in the 80

percent range for matching,” Reid says. But that’s for the best case. Most existing mug shots weren’t taken with facial recognition in mind. The right pose and high image quality increase the odds of finding a match. Nonetheless, face recognition is proving to be an effective tool during active investigations for the Michigan State Police. “The system has been very beneficial in attempting to identify unknown subjects who commit crimes of identity theft and fraud,” says Pete Langenfeld, manager of the digital image analysis section. The response time for an inquiry has averaged less than three minutes, he says. And because the people who commit such crimes often cross state lines, investigators don’t need to contact every jurisdiction to see if they have a face recognition program.

Experimenting with Iris Recognition CJIS has been working with the Federal Bureau of Prisons and National Sheriffs Association to launch a pilot iris recognition project, but whether it will eventually be included in the new NGI/ IAFIS system is still undecided. “We know ther e are business cases, but is it something we want to support at the national level?” Reid asks. A formal pilot will be deployed in 2014, he says. Iris recognition, while very accurate, is unlikely to supplant the well-established ten-print system for criminal identification purposes, and it’s

of limited use for investigations because, as Reid points out, “There isn’t an iris left at the scene.” So far, the best use for iris recognition has been in tracking criminals as they pass through the criminal justice system. “Prisons like it because you can do it without having to touch the individual,” Reid says. The Michigan State Police aren’t capturing iris images during booking, but Blanchard says they have been experimenting with the technology as a way to provide access to secure rooms. “It’s more secure than access cards and cleaner [and] less intrusive than fingerprints,” he says. “If it’s more efficient and cost effective, we’ll roll it out department-wide.” While it’s more costly than other biometrics, iris recognition system prices have been coming down. And in some applications, Blanchard says, the added security and reliability may be worth the extra cost. To date, NGI has been returning twice as many identifications with multimodal biometrics as it did with the old IAFIS system. While Blanchard has been pleased with the new system’s performance, he says it will take time for the majority of law enforcement agencies to get set up to collect and share the new classes of biometric data. “It’s a revolutionary change,” Reid adds—one that should improve law enforcement’s effectiveness, particularly for criminal activity that crosses state lines. CIO Robert Mitchell is correspondent for Computerworld. Send feedback on this feature to editor@cio.in

[ONE LINER:]

As a concept, privacy isn’t part of the Indian culture. Our names reveal our state, caste, religion,

and sometimes our village and our father’s names. — DEEPAK ROUT, CSO, THE CO-OPERATORS GROUP

16

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


CUSTOM FEATURE HCL TECHNOLOGIES

CASE STUDY

Strengthening Security

for India’s Payments Backbone The National Payments Corporation of India needed to set up an SOC to ensure constant monitoring of systems to prevent malicious attacks and adhere to best practices around security. Here’s how HCL Technologies helped it achieve this objective. By Ershad Kaleebullah

T

he World Bank states that India had about 11.21 Automated Teller Machines (ATM) per 100,000 citizens from the year 2009 to 2013. This number is approximately 21 percent higher than the same statistic for the period between 2004 and 2008. Additionally, a look into the Reserve Bank of India’s (RBI) November 2013 data reveals that there are a total of 137,080 ATMs in the country. Weaving an intricate web for all these ATMs is the National Financial Switch (NFS)—an application that enables ATM switching among different banks for interbank ATM transactions. The responsibility of handling this process is with the National Payments Corporation of India (NPCI), which, besides playing this monumental role, also finds itself pitted against financial giants such as Visa and MasterCard, thanks to the introduction of RuPay cards. A recent report suggests that NPCI expects to issue close to 25 million RuPay cards by the end of March. Powering all this and more is NPCINET, which forms NPCI’s IT infrastructure backbone. The robust architecture currently supports about 533 million transactions a month collectively. A behemoth task indeed.

The PCIDSS certification helps establish best practices for critical functions and instils confidence in users as we follow standards and adhere to industry-recognized security certifications. —Dr. N. Rajendran, CTO, NPCI

SURETY OF SECURITY However, the NPCI had to make all these happen without compromising on the stringent security standards set by the Payment Card Industry Data Security Standard (PCIDSS). NPCI’s CTO, Dr. N. Rajendran says, “We wanted to be certified by the PCIDSS. In our stream of business—the payments system—we need to log all activities to prevent untoward activities. The idea is to identify issues promptly and take appropriate control measures before things go out of hand.” The first order of business was setting up a tough network backbone, post which the NPCI put out a Request for Proposal (RFP) for an IT solutions expert to set up a Security Operations Center (SOC). After an intense and stringent

evaluation process, HCL Technologies was selected as partner for the same. “HCL Technologies implemented the SOC which proactively monitors all activities and raises a red flag in case of high risk incidents. For example, if the SOC spots any activity that deviates from the normal, it will alert the team concerned and check whether it was authorized,” says Dr. Rajendran. In addition to monitoring multiple devices, it allows configuration for different frameworks as well. This ensures that systems are controlled by monitoring all the user activity 24x7. In short, it provides relentless protection for the entire IT infrastructure. Highlighting NPCI’s commitment to offering secure transactions to its customers, an HCL spokesperson says, “NPCI has been a pioneer in adopting technology solutions which help provide multi-layered data security, defense in depth, and proactive monitoring to help secure the infrastructure that powers the RuPay network in India.“ On the other hand, talking about the benefits of the implementation, Dr. Rajendran says, “We are already on two standards certified by PCIDSS and ISO 27001. This helps establish best practices for critical functions, and instils confidence in users as we follow standards and adhere to industry-recognized security certifications.” The next time you do a financial transaction using a RuPay-affiliated card, you can be assured that NPCI has the appropriate information security controls implemented to secure your transaction, ably supported by the solutions provided by HCL Technologies.

This case study is brought to you by IDG Services in association with HCL Technologies


alert

ENTERPRISE RISK MANAGEMENT

Internet of Things: Top Threats

In-CarWiFi Revenues for connected cars in 2013 was about $21.7 billion, according to Visiongain, with 2014 revenues climbing even further. More car companies like Ford and GM are offering in-car WiFi, turning cars into mobile hotspots and connecting passengers’ devices to the Internet, according to John Pescatore, Director of Emerging Trends, the SANS Institute. But, in-car WiFi has the same vulnerabilities as traditional WiFi hotspots. Without the firewalls present in small business WiFi installations, in-car devices and data is at risk. Once inside the network, an attacker can pose as the car, connect to outside data sources such as OnStar servers and collect an owner’s private data such as credit card data.

Mobile Medical Devices “The market for wearable wireless devices will grow from 42 million devices in 2013 to 171 million in 2018,” says Jonathan Collins, Lead Analyst, ABI Research. In 2014, hackers will increasingly attack mobile medical devices running Windows, including pacemakers, according to Rodney Joffe, senior technologist, Nuestar. “Windows is very popular for those devices because it is cheap, ubiquitous and well-known among programmers,” explains Joffe. But, unlike Windows on a desktop computer, there is no patching mechanism for Windows on these devices, says Joffe. The more these 18

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

devices connect to the Internet through wireless frequencies, the more viruses will spread among them.

Wearable Devices The global wearable technology market was worth about $4.6 billion in 2013, and will continue to rise in 2014. Devices such as Google Glass are a major attack vector because they automatically connect to the Internet. And, they have very few if any security solutions on them. Hacking Google Glass provides attackers with confidential corporate data and IP. An organization may not know what kinds of data or how much a wearer absorbs using Google Glass as they move through offices and other environments in the

Shape-shifting Security

T

he Internet of Things (IoT) is a mass of billions of connected devices from cars to wireless wearable products. Cisco estimated 12.5 billion connected devices in existence globally as of 2010 with that number doubling to 25 billion by 2015. In light of this burgeoning market, here are some categories of IoT devices at risk, that you need to watch out for.

enterprise. A hacker could copy that audio and video.

Retail Inventory Monitoring and Control, M2M In 2014, inventory management technologies will increasingly include 3G cellular data transmitters on packages. The purpose of the new 3G transmitters is constant, real-time position reporting. But, hacktivists who would normally bombard websites with DOS attacks could instead intercept these transmissions and tell servers that WalMart, for example, is continually selling out its supply of soccer balls, leading to massive soccer ball shipments bombarding WalMart stores. CIO David Geer write for CSO Online. Send feedback on this feature to editor@cio.in

A start-up called Shape Security recently announced technology it calls Shapeshifter that is said to prevent cyber-criminals from successfully attacking and compromising websites. By putting the Shapeshifter appliance in front of a website, every HTML page that is presented for viewing is subtly transmuted in its underlying code each time so that it won’t look the same twice. “The key is not to change anything to the naked eye but everything the programmer cares about,” explains Shape Security’s VP of strategy, Shuman Ghosemajumder. This automatic altering of Web pages to the external world creates a kind of deceptive camouflage designed to never let an attacker get a single straight shot to undermine the site through attacks such as crosssite scripting or application denial-of-service attacks. Shape Security calls this “real-time polymorphism” and in some regards, Ghosemajumder points out, it borrows a page from tactics that malware authors use to constantly modify malicious code so it can evade signature-based detection. With Shapeshifter, “the website will constantly re-write itself wherever you deploy it, the HTML will re-write itself,” he says. But for the visitor, the content looks the same as it might be otherwise. Shapeshifter’s approach requires considerable processing power, Ghosemajumder acknowledges. Because it is computationally intensive, Shapeshifter has to be tested carefully in any website environment. The amount of traffic and number of web pages will be factors in its use. — By Ellen Messmer

VOL/9 | ISSUE/05


Jay Cline

PRIVACY

RIP Privacy? Revelations in 2013 about NSA surveillance and the power of big-data analytics suggest the age of privacy is over. But a new 'privacy death index' places us far from the tipping point.

T

ILLUST RATION BY MASTERF ILE

he NSA's former general counsel told the world's largest gathering of privacy professionals last year that the privacy laws they're championing are stupid and futile. Facebook's Mark Zuckerberg described privacy as a social norm we've evolved away from, and Google's Eric Schmidt famously proposed that the only people who need privacy are those with something to hide. Are they right? Is privacy passĂŠ? Several developments in the past year definitely point in that direction. We all can't keep up anymore with all of the new digital innovations hitting the streets. Less and less of our personal information each day seems to be "off the grid." At the same time, 2013 was the year we lost track of the limits of big-data analytics. Many of us saw the story about the researchers who could use your Facebook likes alone to predict with 88 percent to 95 percent accuracy whether you're black, gay or a Democrat. We'd read about the retailer that predicted a teenager was pregnant before her father knew it, merely by changes in her purchases of a group of 25 products. In 2013, we became fascinated with the different apps and TED talks that used data in ways we never thought possible. But more than anything, this year we learned about the vast capabilities of the NSA, which seemed to leave nothing digital out of its hearing range. When Sun Microsystems co-founder Scott McNealy boldly proclaimed in 1999, "You have zero privacy anyway. Get over it," was he a prophet preparing us for the inevitable?

AWorld Without Privacy When the common wisdom is moving in one direction, there's often a lot of money to be made going against it. That's what I think is

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

19


Jay Cline

PRIVACY

happening with privacy. The rumors of privacy's demise are premature. Privacy isn't even halfway dead, and if and when we see privacy's death on the horizon, we'll know then how much we're willing to pay to reverse course. If you think I'm too naive or optimistic, take a minute to imagine what the world would look like with zero privacy. I suggest there'd be three tell-tale features of life in that day: Ubiquitous, inescapable collection of personal data; nearperfect predictive capability of that data; and mandatory availability of that data. In other words, in a world without privacy, anyone would know anything there is to know about you on demand. Moreover, that information would tell anyone what you're going to do next and how you'd react to different scenarios and stimuli. In a zero-privacy world, not all data would be created equal. I think six data vectors would stand out as the most valuable: 1. Our health capacity, including predicted longevity and strengths and weaknesses in our DNA. Prospective mates, employers, healthcare providers and insurers would flock to this data set if it materialized. 2. Our productivity capacity, including our natural aptitudes and predicted earnings potential. 3. Our consumption instinct, such as what do we like to buy, how much, when and why, and our credit worthiness. Marketers are already paying for this data, but in an increasingly borderless world, tax authorities will find it easier to tax consumption than income and will also seek this data. 4. Our behavior instinct, including our public and private statements, beliefs, politics and capacity to act outside social norms. Nationalsecurity and law enforcement agencies will seek this data. 5. Our social graph, including past and present family, friends, neighbors, classmates and colleagues. Marketers, criminals, national security and law enforcement will put this data on the top-six list. 6. Our location and predicted movement, potentially sought by marketers, the military and police. These data sets would be the currency of life in a "total information-awareness" world, where people would be systematically and in real time classified into how valuable they were and how risky they were. With this information readily available, deviations from social norms would face immediate social and monetary penalties. You could imagine without too much difficulty the following scenario unfolding in a total information-awareness world: At 6:10 a.m., your "full night's sleep" app generates an alarm that also indicates you have no health reason to sleep further. You rise promptly. From the kitchen, you spot the drone from your wellness coach landing on the table outside. It's carrying a breakfast of fresh local ingredients tailor-made to your DNA

and body-mass goals. Minutes later, you don your Windows Glasses and dart outside for a half-hour jog. This exercise will boost your predicted lifetime longevity by four hours. On the running path, you pass a throng of people also wearing Google Glasses and iGlasses. As you pass each one, a "friend" or "foe" icon pops up in your vision. A filter also pops up alerts for prospective spouses, business partners and criminals from your prefigured criteria. A left-eyelid blink would drill into their health and productivity profile, belief matrix and social graph, while a right blink would pull up suggested conversation starters. You pass a man wearing no glasses whose facial image is generating conflicting data in your screen. He's a "birther," a term that has evolved to describe the group of people trying to live off the grid who generally harbor conspiratorial views and religious beliefs contrary to the governing order. You know that all of these fellow joggers, as well as your employer and all government agencies, can see all of this information about you too. As you turn onto a street— populated by vehicles auto-driven to pre-programmed destinations—a startup wellness cafe delivers an ad to your glasses. The promotion offers to pay you $100 (about Rs 6,200) in Bitcoins to try the cafe's nutrient booster, which it projects would recoup in just two months if you change your break routine and become a regular. If this sounds like a far-fetched sci-fi novel, it should. The technical and legal apparatus needed to make it happen are

I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for technical innovations to thrive.

20

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

present today only in an embryonic state. Many more technical advances would be required to produce that scenario, as well as a significant erosion in the laws that the NSA's former top lawyer calls stupid. This is not to say the lovers of privacy and liberty are wrong in their concerns. I just think they're ahead of their time when they suggest that things have crossed a tipping point and are out of control. But how far down the path to privacy oblivion are we? Traveling this path would require a governmental encroachment into the personal space not seen even in revolutionary colonial times. I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for technical innovations to thrive. CIO Jay Cline is president of Minnesota Privacy Consultants. Send feedback on this column to editor@cio.in

VOL/9 | ISSUE/05


Gunjan Trivedi

LEADING EDGE

Little Data is Bigger Managing Big Data in isolation doesn't yield much value. Analyzing it in conjunction with Little Data makes insights smarter and more impactful.

I

IMAGE BY T HIN KSTO CK PHOTOS.IN

wasn’t much into counting calories or steps that I took in a day. A quick look at my frame would confirm this. It was not because I believed more in binging or perhaps comfort food. Nor was I missing the point of the importance of being healthy and I did see the big picture (no pun intended). It was more to do with the rigmarole of counting numbers. Or let’s say keeping track of these little nuggets of data. And that’s where the devil lay. Globally, CIOs of organizations across various verticals, are trying to make logical sense of this term that has been hitting us hard for a couple of years now—Big Data. Conceptually, Big Data has been pushing management away from taking calls based on gut feel and intuition, and toward decision making that is inherently data-driven. While, in my opinion, this is also a valid point of contention in itself, we'd focus on the value of data for the scope of this column. And, perhaps revisit this argument later. As the Chief Catalyst of Orbit & Co., Mark Bonchek says in his blog in Harvard Business Review, Big Data is what organizations know about people—customers, citizens, employees, or voters. He goes on to point out that data is aggregated from a large number of sources, assembled into a massive data store, and analyzed for patterns. He maintains that Big Data—coming in volume, velocity and variance—can be used to understand customer sentiment by sifting through social media interactions, to predict credit card fraud by analyzing billions of transactions, and to promote offers by making sense of millions of purchases. But, we already know this. Don’t we? What we perhaps are missing is this context of what is now being generally referred to as Little Data. And that’s what adds value and veracity to the very concept of Big Data.

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

21


EMPOWERING THE CORE OF RURAL BANKING

As a leading public sector bank, Central Bank of India was looking for a robust core banking solution for its Regional Rural Banks (RRB). Here’s the story of how the bank equipped the seven RRBs with IT infrastructure and enabled them to be at par with any other commercial bank in terms of technological competency and banking services. By Shweta Rao

C

entral Bank of India, one of India’s largest public sector banks, with over 4,500 branches across the country had seven RRBs sponsored by them. These RRBs were spread across Rajasthan, Madhya Pradesh, Maharashtra, Uttar Pradesh, Bihar, West Bengal, and Chhattisgarh. The main objective of these RRBs is to provide basic banking

and financial services to the rural population of India, whereby they mobilize financial resources from rural or semi-urban areas and grant loans and advances mostly to small and marginal farmers, agricultural labourers, and rural artisans among others. Technology Upgradation In the year 2010, the RBI’s Working Group

on ‘Technology Upgradation of Regional Rural Banks’ suggested that all RRBs begin moving towards a Core Banking Solution (CBS) and achieve a complete switch-over to the CBS platform by September 2011—a move that would help these banks undertake all banking operations through an electronic mode. The panel had also suggested an application service provider model for the CBS platform. The


CUSTOM FEATURE WIPRO sponsor banks were given the option to choose their own service provider for their RRBs. “What a CBS infrastructure does is create central hubs that provide adequate alternate and failsafe systems to ensure high availability and continuity of banking services,” says Usha Menon, GM-IT, Central Bank of India. This was to ensure that the RRBs improved operational efficiency, enhance customer satisfaction, and leave the large back office processing to central hubs. Moreover, core banking would not only help leverage internal operations for the RRBs, but also retain and expand their business position higher in the banking system by enhancing the ability to deliver innovative products and services at extremely competitive costs. The Central Bank of India and its sponsored RRBs thus aim at providing accessible and affordable financial services to nearly 25,000 villages in India, and core banking platform would enable them to achieve their objectives with efficiency and precision. “The implementation of CBS in Central Bank of India’s seven sponsored RRBs, namely: Uttar Bihar Gramin Bank with 865 branches, Satpura Narmada Kshetriya Gramin Bank with 347 branches, Uttarbanga Kshetriya Gramin Bank with 119 branches, Vidarbha Kshetriya Gramin Bank with 96 branches, Ballia-Etawah Gramin Bank with 138 branches, Surguja Kshetriya Gramin Bank with 85 branches, and Hadoti Kshetriya Gramin Bank with 84 branches, commenced in January 2011 and all the RRB branches were successfully rolled out to the CBS platform by the 26th of September 2011, well before the timeline set by the Government of India. Uttar Bihar Gramin Bank, which has a large presence in Bihar with more than 1,000 branches now, is one of the biggest Indian RRBs,” says Menon. Through a well-defined RFP process, Central Bank of India chose ‘Finacle’—an Infosys product—for banking application and Wipro as the system integrator to implement the CBS as well as other delivery channels such as Internet Banking, Mobile Banking, Asset Liability Management, Anti-money-laundering, Govt. Business and Trade Finance modules in their RRB branches. Smooth transition of the 1,734 RRB branches from traditional banking methods to the state-of-the-art CBS platform was a challenging task as nearly 78 percent of the branches were located in remote rural areas

where even basic infrastructure such as power, concrete structures were not available. Nearly 56 percent of the branches were functioning on manual records, wherein balancing of books was a challenge. Majority of the staff were not tech-savvy and had to be adequately trained to handle IT and CBS operations. “Despite challenges and paucity of time, we successfully deployed the CBS in the RRBs with precision,” Menon says.

“Wipro’s proven expertise in large core banking projects, coupled with a vibrant innovation culture, was the core driver of this massive initiative. We are pleased to partner with Wipro in this strategic endeavor.” Usha Menon, GM-IT, Central Bank of India Banking on IT Central Bank of India’s CBS project for RRBs integrated 2,000 sites—branches, extension counters, satellite offices, regional offices, head offices, and back offices— across the country. This has enabled the Bank to enhance its customer satisfaction by offering various facilities such as Inter-Branch banking, electronic funds transfers in the form NEFT or RTGS, electronic clearing through CTS platform, Internet banking, Mobile Banking, Adhaar Payment Bridge System (APBS), ATM debit cards, Kisan Credit Cards, Financial Inclusion, and SMS alerts to customers on debit or credit to their account

etcetera. In a nutshell, modern banking and financial services have now been extended to RRB customers as well. For the Bank, the CBS has enabled them to improve operational efficiency with better housekeeping and transparency, cut cost on maintenance on books of accounts and infrastructure, thereby adding to its profitability. “Wipro, with its strong practices in governance, process excellence, and integrated service delivery, ensured business-IT alignment for the RRBs with timely implementation of the CBS project,” says Menon. Wipro has also setup a 24-hour centralized Helpdesk facility for the project, covering support for the applications, datacenter, networks, security, and end-user systems. The Bank’s vision entailed providing a future-proof strategy to transform the RRBs into institutions with sound financials committed to overall economic development of rural areas in terms of care, competence, and compassion towards their customers. As committed to the Regulatory Authority, Wipro completed the migration within September 2011. “Wipro’s proven expertise in large core banking projects, coupled with a vibrant innovation culture, was the core driver of this massive initiative. We are pleased to partner with Wipro in this strategic endeavour,” she says. The deployment of a CBS solution for Central Bank of India’s RRBs has been a major driver in the growth of the Bank’s business. The core banking infrastructure has placed the RRBs at par with other commercial banks and improved their visibility. Also, the solution has dramatically improved operational efficiency and increased its profitability and customer base. “Today, the Bank and its RRBs’ presence in rural banking in the states of Bihar, MP, Chhattisgarh, UP, Rajasthan, and West Bengal is well-received and acknowledged. This case study is brought to you by IDG Services in association with Wipro


Gunjan Trivedi

LEADING EDGE

Bonchek says that Little Data is what we know about ourselves. What we buy; who we know; where we go; how we spend our time. Or as David Williams, CEO of Deloitte Financial Advisory Services states in his blog: Little data refers to the data you own. Boncheck goes on to articulate the differentiation between the two forms of data, so to speak. He says that while Big Data’s focus is to advance organizational goals, Little Data helps with valuable insights at individual levels. In fact, it does impact the appetite of individuals to augment data-driven decision making as the visibility of such simple, yet critical metrics increases. And, so does control. Smartphones, mobile apps, wearables, Web analytics, customer service interactions, and M2M communications are all pumping in specific, yet vast amount of small-sized measurable metrics that are enhancing productivity of individual action areas. This is in addition to the Little Data that already resides in several systems at an organization. While Big Data converts all inputs as information to be analyzed across a vast ecosystem of an organization, businesses can tap into tacit insights at individual levels with Little Data. For example, a partner of Booz & Company, David Meer shares the case of Haier in his blog on Strategy+Business. The Chinese large-appliance maker heard its service technicians reporting that their rural customers were using their washing machines to wash vegetables, leading to clogs. Haier used this Little Data to

develop a new type of washer, which the company promoted as a rugged machine that could wash not only clothes, but also sweet potatoes and peanuts. Imagine the impact on sales. Customer service and experience expert, Shep Hyken, states the profound influence this combination of Big and Little Data has on businesses in his column online, “Any company can make decisions about its business based on general feedback and trends. But at the same time, the best companies also recognize that customers are not numbers or anonymous groups of people. They zero in on an individual customer's needs, preferences, likes and dislikes, and give the customer an experience, that is, exactly what he or she wants based on specific buying patterns. The result is repeat business that can lead to customer loyalty.” There's an app on my phone that pings me to remind me to log in my food intake, or to tell me how active I have been through the day. I always knew that I led a sedentary lifestyle but I had never imagined that I was walking just a little over 10 percent of the number of steps that I should take. This Little Data now pushes me to walk my quota of 10,000 steps a day. And, I know it can do much more than that. CIO Gunjan Trivedi is executive editor at IDG Media. He is an awardwinning writer with over a decade of experience in Indian IT. Before becoming a journalist, he had been a hands-on IT specialist, with expertise in setting up WANs. Reach him at gunjan_trivedi@idgindia.com

Where Trends Come Alive!

WWW

V I D E O S

IN

Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos


Seven Things to Watch Out for While Adopting Mobile Applications Trends such as mobility and BYOD are changing the face of enterprise workstyles. It’s now important to separate personal data from official, and also enable seamless connectivity to end-users. Here’s how an integrated mobility approach can help organizations achieve these goals.

T

his year, Intel’s prediction for mobiles/smartphones was a seemingly ambitious line saying, “A supercomputer in my pocket in five years.” However, industry experts would probably bet on that transformation happening in three years or less, with the rate at which mobile connectivity speeds, analytics, and smartness are evolving. But can enterprises tap the potential of this transformation in the future? Not until they set their mobility present right.

What’s Happening Today? The ratio between employees and smart devices is fast moving from 1:2 to 2:1. Along with that, the customer’s smartphone is

becoming (39 percent of the time) a major reason to walk out of an enterprise store (whether offline or online). With both internal and external customers slipping deeper into the mobility envelope, no enterprise can afford to be mobility averse. Every enterprise is, therefore, investing in the mobile enablement of desktop applications and traditional processes. With a sea of mobile applications, corporate app store providers, mobile device management solutions, and mobile consultancy services, one would think mobile enablement of legacy systems and traditional processes is easy - especially if the enterprise has budgets. But that’s not the way it is. Top enterprise leaders are standing up and

questioning mobility because of declining or unsteady ROI on mobility investments. The changing application stickiness mantra (today an app is a hit, tomorrow it’s a flop), infrastructure security issues (managing multiple applications/devices/ platforms), and connectivity challenges at end-user locations (rural/remote terrains, connectivity on the move) are major factors for the declining/unsteady ROI on mobility. These factors cut across networks, mobile devices, and mobile applications.

Integrated Mobility Solutions – The Need of the Hour An integrated solution stitching all three – network, mobile devices and applications — is


ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL needed. It should take care of the individual challenges they throw, and make the most of the collective opportunity. It’s with this that an enterprise can make the most of mobility. Such an integrated solution calls for an integrated telecom service provider. Unlike system integrators, an integrated telecom service provider will come with an in-depth understanding of (1) the device and application your end-user would like, (2) legacy and new systems that form the foundations of your mobile applications, and (3) the network that connects it all.

Mobility Pitfalls to Avoid Is your enterprise hanging out of the enterprise mobility bus or has it made its way inside – secure and seated? Today, every enterprise has either adopted mobile applications or begun opening its gates to BYOD. Yet very few are availing the true benefits of mobility. What’s going wrong? Here are 7 common mistakes made by enterprises wanting to avail the benefits of mobile applications. 1) Failure to drive a feeling of ‘My’ mobile app amongst employees A recent survey by Yanson Bourne revealed that less than 20 percent of 1,000 C-Level IT and business decision-makers have seen large scale adoption of mobile applications by employees. The absence of a sense of belonging towards the app is a key reason for such outright rejection of disruptive technology. Embedding a feeling of ‘this app is made for my use, comfort, productivity and growth’ amongst employees is instrumental to ensure a high usage rate. A sales personal, for instance, is more likely to accept an app communicated as a route for him to make more sales and gain incentives rather than a monitoring tool keeping a check on his client visits. So, market mobile applications as enablers of ease for people and witness a rise in employee productivity. 2) Choosing apps with an enterprise sticker but missing the enterprise glue Today, every enterprise wants its mobile application to create a ‘wow’ factor with an eye-catching user interface. But they give little thought to precise functionality of the application and 100 percent syncing of the application to backend systems/processes. As a result, enterprises are left with apps that look good but miss the enterprise glue. 3) Making users fit mobility rather than enabling mobility that fits users Every user is different and understanding the

Enterprises can tap the potential of future transformation only if they set their mobility present right. We are geared up to win the mobility race with you.” SUKESH JAIN CMO, Airtel Business

end-usage is critical for the success of any mobility strategy. For instance, a sales person spending close to 40 percent on the field would need an app that eases the process of creating, managing or taking orders against accounts. An HR personnel, on the other hand, who moves less than 10 percent time but gets stuck in long meetings, would ask for flexibility to check on HR workflows for leaves, travel requests etcetera anytime using the app. Each of them would not need visibility into the other’s terrain and would see such visibility as an unnecessary information overload. Further, such cross domain visibility can pose a huge data security threat. So, customize your mobile application to accommodate different user segments/ microsegments for greater usability and relevance. 4) Underestimating security concerns or security over-paranoia Today, most enterprises either neglect security to provide convenience through mobile applications or place excessive control/ restrictions on mobile applications limiting its usability. Placing enterprise applications in a secure corporate data container—an authenticated and encrypted space created within the mobile device—can help an enterprise strike the right security balance for applications. A corporate container would ensure a seamless role out of communication, collaboration and business engagement applications with absolute assurance of protection of corporate information. So, place your eggs in the containerization basket to avail the best corporate data security. 5) Lack of a mobile ecosystem A leading mobility expert once said, “A successful enterprise mobile strategy is not one that touches only the skin of

the potato (enterprise) but goes beneath the skin and gets absorbed by the entire potato”. An enterprise app store holds a strong promise of improving the mobility absorption rate of an enterprise. However, building one isn’t easy. It would need a fair mix of apps for user self-service, options like peer ratings and reviews, app notifications, and BYOD-friendliness. 6) Inappropriate choice of network and devices Many mobile application strategies fall flat due to an inappropriate choice of network and devices. Enterprises need to understand that every mobile application doesn’t need a 3G network or a high-end device like iPhone/ iPad. For instance, applications made for service agents to instantly update his daily activity would involve mainly text-based information that can be easily delivered using 2.5G technology. Choosing 2.5G over 3G would help an enterprise deliver a lowcost optimal mobile application experience. Similarly, an application for service agents to update the completion of a service using pictures at the client site would need smartphones to take the picture and upload but an application for a rural healthcare worker sending small text updates to healthcare center on the patient’s glucose levels and blood pressure could use a lowend mobile. 7) Poor application management The increasing number of applications getting mobile-enabled makes it a challenge for enterprises to achieve quality application delivery on the mobile – with constant complaints around the application hanging, not responding fast


ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL

The Requirements for Effective BYOD Differ by Platform

point support for its mobility needs. One such platform is Airtel MATE.

Mobile Data Management The second element of an integrated mobility approach is managing the device. The arrival of containerization gives corporations the ultimate mobile data management solution to embrace device/ platform dynamism without any worries. The solution guarantees corporate data security better than BlackBerry — it goes beyond secure mail, and offers unique features: A dedicated corporate app store, remote device manager, and more. Airtel DME, powered by Excitor, is one such mobile data management solution.

Not Everyone can Implement Integrated Mobility Integrated mobility is an established ray of hope, but how does one successfully implement it? Only a service provider with communication, mobility and telecom experience can help you easily implement an integrated mobility strategy.

enough or not working at all. Absolute visibility and control of transport mechanism (network) and application management can help reduce such instances and improve the delivery of mobile applications. This will enhance the end-user experience for mobile applications and help the enterprise avail the benefits of mobile enablement.

Before going any deeper into the integrated communication approach and how to implement such a solution, it is essential to understand the need for it in the first place. The need for integrated mobility approach stems from the challenges being thrown today by the three pillars of mobility – mobile device, mobile application, and network.

Challenges in the Mobile Connected World

Integrated Mobility Approach

Ever heard of Wasgij? Wasgij (Jigsaw spelled bacwkards) is an innovative puzzle where the picture on the box is only a clue for the puzzle that needs to be put together. This brainteaser needs you to get the clue, imagine a probable story, and then tactically join the dots. Mobility today is a game of Wasjig – insolvable using a mere “copy the picture and join the pieces” strategy, which is commonly referred to as system integration. It needs an integrated mobility approach where you need to (1) imagine end-user mobility scenarios and challenges, (2) understand device, system, and connectivity limitations, and (3) work around them and arrive at a mobile enablement solution.

An Integrated Mobility approach — comprising an integrated mobile application platform (providing 360 degree network-backed business solutions) and mobile data management solution — can overcome these challenges. A real-time, integrated mobile application platform can provide a single-point solution to all enterprise clients looking for variant mobile-based productivity and customer service applications. If built with a comprehensive understanding of business processes across verticals, such a platform can deliver applications that enhance productivity and efficiency of enterprise processes. The availability of the platform in a “solution-as-a-service” model would minimize upfront cost and provide single-

Telecom service providers like Airtel are best suited for the task. Here are four reasons: 1. We understand your network, mobile device, and mobile application — so we can build comprehensive mobility solutions. 2. We can provide single-point support across the network, device, and application. 3. We can provide a bird’s-eye view into mobility delivery from both applications and networks. 4. We understand a diverse range of technologies that impact mobility: Cloud, analytics, and big data.

To know more, please write to business@in.airtel.com or visit http://www.airtel.in/business

This article is brought to you by IDG Services in association with Airtel Business


Evan Schuman

THINK TANK

Untangling Mobile Privacy If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work. Remember this privacy policy could define your company’s reputation.

I

ILLUST RATION BY MASTERF ILE

t's well known that mobile devices are compact storehouses of vast amounts of data that they seem eager to broadcast to the world, which makes it all the more baffling that few companies have discussed—much less implemented—mobile-specific privacy policies. Putting off such a move (procrastination is such a negative word) may have made sense up to now to give us all time to get a handle on what the limits should be, but you really will regret waiting much longer. This new year we have entered may be a good time to craft a mobile privacy policy. If you've decided to do that, here are some things to consider. You do really need a policy. Your employees expect IT to protect them, and your company's executives expect you to make sure that corporate data is protected from the things that employees do with their mobile devices. But your customers also want to know what you're doing with their data, and various contractors, distributors, suppliers and anyone else in your network need to know what they aren't allowed to do. It's bad enough that a mobile device brings the same IT threats as any other network-connected device. It has full access to your LAN and can piggyback on whatever permissions you gave its owner. And of course, if it's being accessed by a naughty user, it can try to exceed that access. But you really need a mobile-specific policy because mobile devices can be careless with all the data they store. They theoretically can track all movements. The microphone and camera can be activated remotely. Apps can access every phone call, e-mail or text sent or received, as well as every site visited and every tweet tweeted. Some can even send messages under your name without your knowledge (No kidding. Even the Starbucks app has demanded the ability to tweet on customers' behalf). And some apps

28

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


CUSTOM FEATURE CYBEROAM

CASE STUDY

Yokogawa Ensures Security and Productivity Using

Cyberoam’s Next-Generation Firewall

Next-Generation Firewall with Layer 8 Identity-based technology offers Yokogawa India actionable intelligence and controls that allow complete security controls for a future-ready security setup. By Gopal Kishore

Y

okogawa India (YIL) is a leading provider of Process Automation Systems and Products in India and is positioned as a Comprehensive Solutions Provider of Enterprise Technology Solutions(ETS) in the field of Industrial Automation. Established in 1987, YIL has created a state-of-the-art global engineering center in Bangalore. THE YOKOGAWA CHALLENGE Manoj Kumar Nair, deputy manager-IT, YIL, wanted to ensure identity-based Internet access and also ensure policies to all employees of the organization. In the process of enabling tight, policy-based control for Internet access, he also wanted to make sure that there was no performance lag while policy changes were being carried out, and with ability to have in-depth reporting and analysis of traffic. “We wanted all these functions in one appliance,” he added. Faced with unregulated Internet usage, Nair wanted to ensure that the users at YIL used the Internet only for work-related activities.

Cyberoam has helped us save cost on bandwidth, boost Internet speeds and productivity, while enabling end-to-end security.” MANOJ KUMAR NAIR,

DEPUTY MANAGER–IT, YOKOGAWA INDIA

“We needed to provide Internet access to our users for business purposes and to ensure speed and security of content. The existing solution was not effective at addressing our business challenges,” he says. THE CYBEROAM SOLUTION After a thorough evaluation of the options in hand, Nair and his team chose Cyberoam’s award-winning Layer 8 technology in the form of a CR 2500iNG appliance. One of the benefits of this implementation was seamless Active Directory (AD) Integration. “We use Cyberoam’s AD authentication along with local authentication to provide identity-based security for around 1,500 users,” says Nair. The solution also allowed Nair to design identity-based policies, which extends throughout the network, irrespective of the device used by the employees to connect to the network. “We could implement identity-based AAA (Authentication, Authorization, and Audit), allowing control and visibility of the users and devices connected to the network,” he adds. SAFE, PRODUCTIVE SURFING UNLEASHED The web and application filtering feature allows Nair to instantly block undesirable websites and applications, and enforce acceptable usage policies. Also, the feature is coupled with a bandwidth management option, which ensures availability and data transfer limit based on duration and schedule of access for specific web categories and applications. The solution delivers comprehensive control and visibility for over 2,000 applications. Unlike the age-old, port-based classification mechanism, Cyberoam classifies applications based on their risk level, characteristics, and technology, thereby offering granular controls. This stops sophisticated applicationlayer threats right at the network perimeter, ensuring application security. “Cyberoam does not only help us block unproductive/harmful content, it also provides us with granular bandwidth

AT A GLANCE Company : Yokogawa India Industry : Industrial Automation Offering : Distributed Control Systems, Test & Measuring Instruments management at individual website and application level,” says Nair. SUPERIOR ANTI-VIRUS AND REPORTING The anti-virus and anti-spyware prevent entry of malware and spyware at the entrance, ensuring clean mail traffic and real-time protection. The solution delivers in-depth reporting over the appliance, eliminating the need for an independent reporting solution and minimizing the resultant security investment and opex. Over 1,200 in-depth reports offer real-time visibility into user and network activities over dual dashboards: Security and Traffic dashboard. This, in turn, provides YIL with high security and optimal network performance, and helps them meet regulatory compliance requirements. “When it comes to On-appliance Reporting, no one comes close to what Cyberoam offers”, says Nair. “After introducing Cyberoam into our network, we have been able to save cost on bandwidth and increase Internet surfing speed and productivity. Cyberoam has given us more value against money than other leading players,” he says.

This case study is brought to you by IDG Services in association with Cyberoam


Evan Schuman

THINK TANK

can identify every other app being used, along with a host of tech specs, like OS version, browser, serial number of a phone, Wi-Fi particulars, and carrier. Although it's important for any privacy policy to regulate what employees can and cannot do, it may be even more critical to delineate what your company will permit third-party vendors to do with its data under its name. Some of this will involve the public privacy limits your company will set for itself. Marketing craves data about customers. Without a policy that sets limits, your marketing people are likely to issue any number of mobile apps that can grab just about any kind of customer data and report it back to them. You have to decide whether the shortterm gains that sort of thing might bring outweigh the long-term hit to the company's reputation that could result from a general outcry against such data harvesting. In the calm of day, you and your top executives need to discuss what kind of company you're running and what limits you want to set for yourselves and your customers. You really do not want this to be decided on a caseby-case basis by various rank-and-file marketers in the middle of an urgent deadline. You also need to specify what the company can do with mobile devices' tracking capabilities. They might seem like a boon when you need to locate employees, and they're even helpful for building security, such as when needing to make sure every employee is located during an emergency evacuation. They're also an easy way for new employees to find some far-off conference room on a large campus. But it doesn't take much imagination to see how tracking could get creepy. Are you going to let managers use tracking data in performance reviews? ("Well, Rebecca, I see that you spend more than an hour every day in the lavatory." "Scott, the average length of your lunch hour over the past six months has been 85 minutes.") Will you track employees when they leave your facility but are still on company time? What about when they are not on company time? What if someone phones in sick and you find his company-issued Android at the racetrack or a bar — or a competitor's headquarters? In the past, I discussed the implications of BYOD policies, where employees use their own mobile devices. I suggested that some form of partitioning will be needed to separate corporateand employee-owned data, so that you aren't backing up employees' private data or deleting it when the employee leaves the company. Your mobile privacy policy is going to have to address who owns the device: The company or the employee—or a third party? Do you have the same rights to justify monitoring your corporate data if it resides on a device your employee owns? Or a contractor owns? Or a partner (some other company's employee) owns?

You need to discuss and agree on where your company wants to place those limits. It's light-years easier to discuss this calmly and professionally when there is no immediate specific situation staring you in the face—with personalities attached. Whatever is agreed to must be ironclad. You don't want emotional situations to trump the calm thinking made at an offsite executive meeting. Clearly, exceptions can always be made, but they should be rare. Something else to consider: Deciding these things isn't enough; the policy should also dictate how those decisions will be communicated to all of your audiences, especially to customers. In this case you can take a lesson from Nordstrom, which recently conducted a mobile location trial with shoppers. It posted a sign at the entrances to its stores, alerting customers to what was being done. It wanted the sign to be succinct and understandable, but it ended up with a program description that was a little inaccurate and incomplete. That caused confusion and anger among shoppers, who envisioned the program being far more invasive than it was. This incident highlights another problem that a good mobile privacy policy should address. The chain's mobile vendor for the trial was collecting a lot of customer-specific data. In an attempt to avoid customer backlash, the agreement stated that the vendor would not share that data with Nordstrom. Unintended

Marketing craves data about customers. Without a policy that sets limits, marketing is likely to issue any number of mobile apps that can grab just about any kind of customer data.

30

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

consequence: It made the backlash much worse. Nordstrom was getting the heat for accessing data that it was never able to access. The moral of that story: If mobile data is collected, you will get blamed, no matter whether you see the data or not. Your mobile policy has to address what you will allow vendors to collect about your customers, your employees and your partners. It should spell out how much of that your company should see. It should lay to rest the question of whether third parties will be allowed to collect data that you won't see. It needs to establish how you will inform your customers, employees and partners about this data collection, if at all. (There are legitimate arguments on both sides.) And you need to make your policy precise enough to be useful while not being so detailed that it is incomprehensible to people who aren't that technical. There are few areas more complex, more controversial and politically dangerous than mobile data collection. You may find that simply having these conversations will change not merely your policies, but your strategy and how you approach it. CIO Evan Schuman was the founding editor of retail technology site StorefrontBacktalk and he is a columnist for CBSNews.com, and RetailWeek. Send feedback on this column to editor@cio.in

VOL/9 | ISSUE/05


NTT Global Forum is an international conference by NTT Communications that convenes an audience of technology professionals and executives to network, share, and learn about the latest ICT best practices, trends, and developments that will help organizations enable management innovation. This March, NTT Global Forum is coming to India on the occasion of the inauguration of the Netmagic Datacenter in Bangalore. At this forum, you can witness leading-edge technologies and thought leadership business insights.

KEY HIGHLIGHTS Launch of the Netmagic Datacenter The new 100,000 sq. ft. datacenter at Electronic City, Bangalore, will be inaugurated at NTT Global Forum. It is the first datacenter to combine Netmagic and NTT Communications’ engineering and operations expertise. Global Insights. Local Impact - Keynote Speakers

NTT Communications facilitates the infrastructure that enables business reality globally, and understands that business needs technology but that business is not about technology. We invite you to understand our vision, experience our solutions, and see how we can help your business. BE THERE!

Akira Arima President & CEO NTT Communications

Motoo Tanaka Sr. VP, Cloud Services NTT Communications

Sharad Sanghi CEO Netmagic

27 March, 2014 | ITC Gardenia, Bangalore. Entry by Invitation Only. For more details, visit: www.nttglobalforum.in


Cover Story

SDx

SIZING UP

SDx B y Va r s h a C h i d a m b a r a m

The promise of a software-defined future is hard to resist. But getting there will require implementing SDN. There’s where things start to go off script. Like we didn’t have enough acronyms, the IT industry came up with a few more: SDN, SSDC, SDS or SDT. For the uninitiated that’s software-defined networking, datacenter, storage and transformation. To ease the logjam of letters, Gartner subsumed all of these into one heading: SDx, or software-defined anything. Underneath this alphabet soup is a very real promise: That one day, when every piece of infrastructure in the datacenter is governed by software, all the rigidity associated with IT will disappear. But to get there, enterprises that have already invested in server and storage virtualization must now implement SDN. Network operators and many technology vendors around the world believe that SDN will herald a new revolution in the datacenter by infusing a layer of automation and programmability that’s never existed before. In their vision, SDN-ville is the last staging post before the wondrous lands of software-defined transformation where flexibility, agility and efficiency bloom. Let’s hold our stage coaches for a second. A software-defined tomorrow is great, but without the backing of Reader ROI: CIOs, software-defined transformation is a pipe dream. The questions that will define a software-defined future are: Will CIOs invest the time, The promise of SDx money and resources to implement SDN and bring about SDx? Is there SDN’s role in SDx’s future enough of a business case? Are enterprises unhappy enough with their Why CIOs aren’t buying current networks and datacenters to go the SDN distance? into SDN—yet. 32

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


Cover Story

SDx

The Long Road to SDx For those who believe the idea of softwaredefined future was concocted in the last year or so, it’s time to burst your bubble. That dream was born when the very first wave of virtualization entered the datacenter. The advent of the hyper visor was a truly remarkable innovation. It lent underlying hardware new superpowers that allowed it to run and compute over a hundred times the amount it was doing until then. Crucially, it also tilted the scales of power in favor of software. Applications now defined and demanded compute resources they needed and hardware was duly provisioned at the click

of button (okay, maybe is wasn’t that simple). But, still, virtualization was an unmistakable gift. Breakthrough applications that offer intelligent analysis of the vast amounts of data we have today couldn’t have been possible without the software-defined concept. Virtualization also gave CIOs a breather. For long, CIOs were haunted by reports pointing out how datacenter utilization levels were in the 15-20 percent range, and how 90 percent of IT budgets were spent in keeping the lights on. All of this made CIOs look like the caretakers of an inefficient, cost-hungry resource that—while necessary to run the business—didn’t really offer much in the game-changing department.

When SDN Makes Sense Dan Pitt, Executive Director of the Open Networking Foundation, is a passionate supporter of SDN. He summarize the top five business use cases of SDN. When You Have Multi-tenant Datacenters. Enterprises can consolidate physical infrastructure for all business units while retaining departmental autonomy and accountability, with SDN providing virtual management through remote software control under their authority. SDN also fosters the whole whitebox and bare-metal economies that datacenters cannot live without. When You Want to Use the Public Cloud. By adding remote elastic capacity to the previously stated advantages of multi-tenant datacenters, public cloud providers can free enterprises from precise capacity planning in their own private clouds. SDN gives both the cloud provider and its customers control over distinct aspects of network operation. If You Want to Make Load Balancing Easier. SDN vastly simplifies load balancing by reducing it to an element of path computation in the regular SDN operating system, eliminating the need for dedicated appliances and restricted ingress and egress points in the network. 38

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

If You’re Serious About BYOD. Enterprises can pre-set what employees and guests can do when they access the network. SDN can limit where a user’s traffic may go depending on the person, device, application, time of day, and network condition, thus resulting in not only safer network operation but also cost efficiencies through planned capacity optimization for permitted and highpriority uses. If You’re Focusing on Security and Policy. SDN’s logically centralized control with a consistent, systemwide programming interface enables security and policy to be applied in one place and effected simultaneously throughout the network. The abstraction of the network to the applications allows dynamic governance of the network according to business needs and goals. Finally the infrastructure can be applicationindependent and flexible, and an instrument of not just IT but corporate policy in general. —Dan Pitt

Virtualization altered that. It kicked off a wave of consolidation that allowed IT departments to pool resources, allocate flexibly, and free up new capacity, which could then be employed to drive ambitious business plans. Suddenly, CIOs had a blowtorch that could melt the rigidity of their steel-cased datacenters, enabling IT departments with newfound levels of responsiveness. Then came cloud computing, and with it, the bar was raised again. Overnight, business stakeholders—from the CMO to the head of supply-chain—elevated their expectations from IT. What was for the longest time considered a sloppy, error-riddled back office support function, suddenly began to offer what resembled the menu card of a fine dining restaurant, complete with catalogues of services offered, and pairing suggestions, and the cost of each item. IT-as-a-Service became the hottest restaurant in town. Here’s when things started to get a tad difficult. During the virtualization phase, when doing more with less was the datacenter mantra, CIOs stuffed their servers and storage that they began to suffer from severe bouts of indigestion. They had multiple apps, running amok over multi-vendor tenants, many of which didn’t necessarily speak to each other, and multiple interfaces and dashboards to monitor each subsystem. The cloud magnified this challenge, with its seemingly simple pay-per-use concept. Now, not only did IT have multiple systems and a variety of dashboards within their datacenters, now they also had LOBs buying up more systems in other people’s datacenters. According to CIO research, 35 percent of Indian CIOs say cloud computing is primarily responsible for increasing datacenter complexity; one-in-four Indian CIOs blame server virtualization. And management complexity due to the use of multiple tools is one of the top three pain points for Indian CIOs with regard to the datacenter. That complexity is driving CIOs to host and manage their datacenters with outsourcers or cloud providers. A full 40 percent of Indian CIOs say they’re moving less-critical apps to the cloud, and 30 percent are outsourcing datacenter needs completely in order to meet the increasing demands on their DCs. However, is that the best solution? Perhaps. And yet CIOs can’t fully relinquish control of

VOL/9 | ISSUE/05


Cover Story their datacenters without spending sleepless nights worrying if data was leaking into the hands of the competition. Most enterprises still want to keep their intellectual property within their firewalls. While it’s true that peripheral workloads have moved speedily towards the cloud, a real-life scenario of an enterprise running its entire operation off the cloud is still a utopian idea today. So what’s a CIO to do? Perhaps the answer lies in an important part of the datacenter puzzle that has been so far overlooked: The network. According to the proponents of SDN, virtualizing the network is the last step towards a software-defined tomorrow, a future in which many of a CIO’s datacenter pains dissipate into thin air. But for the most part, the network doesn’t get a CIO’s attention. “You need a heart of steel to understand how networking works,” says Sumit D. Chowdhury, president, enterprise ecosystem, Reliance Jio Infocom. Chowdhury is one of the few CIOs in the country who is actively implementing SDN. As a telco that offers 4Gs services, implementing SDN is not a choice but a necessity. If you thought servers and racks were cumbersome, the networking world, with its wires and cables and switches and routers is a whole world of tedium that has, thankfully, remained buried under the floor until now. SDN—and its inherent SDx promise—is about to change all of that.

CIO Career

James Berry, CIO, Standard Chartered Bank India and South Asia, says “the real benefits case” of SDN isn’t very clear.

SDN: The Last Mile Have you ever played the fiercely-addictive Android game called Flow? For those of you who haven’t, Flow requires a player to establish logical connections between two similarly-colored points, while negotiating traffic amidst several other points, to ascertain the best possible routes for all points, avoiding any conflict or disruption. It’s hard not to wish that the world of networking was as fun as the game. After all, the purpose of all switches and routers is to do just that: To get data to its destination in the smartest way. But if we turned today’s networks into a game, it wouldn’t be fun. Networking is complicated and drab. In fact, as a subject it rarely gets on a CIO’s radar. Cloud computing, big data, business intelligence and analytics have made demands on the server and storage infrastructure,

VOL/9 | ISSUE/05

which, in turn, have re-invented themselves to suit the needs of the business for agility, and scalability. Networking, however, has remained rigid, hardware-controlled and the subject of interest merely among the geekiest. Software-defined networking promises to change that—and herald in a software defined transformation. But what is SDN? SDN changes the very fundamentals of how networks operate. For the most part, networks are seen as non-responsive and inflexible. Traditional networks have impaired innovation, while, new-age, highperformance applications are demanding higher service quality from networks. SDN brings real-time programmability to networks, thus making them more dynamic and better conditioned to deal with fast, frequent changes and increasingly fluid

services and applications. Among other things, SDN de-couples the control panel. It separates the forwarding function from the control panel into two different, separately controllable functions. It infuses a layer of programmability in to networking. You can now write code to control functions that were earlier only possible through manual configurations. Finally, it centralizes the networking function and simplifies life. All of this ultimately infuses much needed intelligence into the networking function of the datacenter. This is similar to what virtualization did with servers and storage. Virtualization allowed you to build capacity within existing infrastructure by creating virtual machines, without physically or manually provisioning for more servers. It allowed CIOs to do more with less. The REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

35


Cover Story

SDx

promise of SDN is the same: It removes the tedium and complexity associated with hardware-related functions, orients it to a software-defined approach, and allows CIOs to build agility, scalability and speed into their IT infrastructure. In short, SDN offers a much more user-friendly way to manage network operations without having to actually tinker with the backend. “It enables people do what they want to do instead of worrying of what happens at the backend,” says Darshan (Dash) Appayanna, CIO, Happiest Minds Technologies. Yet, there are a few hurdles in the way of the commercial adoption of SDN. According to one of the Indian members of the Open Networking Foundation (ONF is a not-forprofit whose mission is to propagate the

Darshan Appayanna, CIO, Happiest Minds Technologies, says that like hybrid cars, SDN is still not commercially viable; it isn’t yet ready or cost-effective.

26

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

adoption of OpenFLow), there is a long lead time between what happens in networking labs and solutions sold in the market. To make matters worse, implementations are assumed to be complex, which further slows down SDN adoption. Then, there’s the skill set challenge. Most network operators have been trained to work with a CLI-based approach—not with programmable interfaces.

SDN Stall Appayana of Happiest Minds is currently in the process of testing SDN-ready products. The company operates a very lean, fully virtualized IT infrastructure, with the bulk of its apps running off the public cloud. But it hasn’t yet gone down the SDN road.

“We haven’t done network virtualization yet, because the technology is neither ready nor is it cost-effective. Like hybrid cars, SDN is still not commercially viable,” he says. That said, Appayana says that SDN is the way forward, “We operate in SMAC (social, mobile, analytics, cloud) mode, and SDN will help us react to our dynamic business needs better. But, it is at least four years away from being commercially viable.” And even when viable solutions hit the market, it isn’t likely CIOs will rip out their existing infrastructure before the normal refresh cycle. “How often do you change a router or a switch? Unless it fails, you don’t,” says Appayanna. “Network devices usually have a much longer shelf life than servers and desktops. You will change a router or switch perhaps once in 10 years.” James Berry, CIO, Standard Chartered Bank India and South Asia, says they are adopting aspects of what is now being called SDN. “But, we’re working at a pace that suits us, not suppliers,” he says. Unlike Appayana, Berry is more skeptical of the promise of SDN. “In theory, SDN allows you to leverage your infrastructure more effectively, with the opportunity of engaging best practice and third-party technology. But it could also add another layer of complexity. A key decision is how you balance SDN with fixing legacy,” says Berry. Chowdhury of Reliance agrees. “SDN doesn’t really remove complexity; networking still continues to be wired. It just removes the complexity from one level of users and makes orchestration and abstraction possible.” Chowdhury also believes that the market for SDN is limited. “Other than telcos, I don’t think anybody will be doing SDN,” he says. Berry points to the security threats of SDN. “Another important point is that if we implemented an SDN-based solution, we would need to make sure the approach and architecture is robust enough to secure our client data without creating additional risk, and that it is easy to troubleshoot and fix issues. Ensuring the business case works with those key challenges is very difficult.” “Data security concerns, both real and unfounded, need to be managed. The biggest inhibitors for us are the legacy investments we have already made in the infrastructure or services in focus, and banking regulators’ VOL/9 | ISSUE/05


Cover Story comfort level with it,” says Berry. Both Appayana and Chowdhury agree that SDN is still at least three years away from commercial adoption. “And even then it may never make sense for a manufacturing or a retail outlet,” says Appayana. So what’s the real business case of SDN? “From my current understanding of the subject, and from speaking with my peers (rather than technology vendors), one thing that is not all that clear is the real benefits case,” says Berry. “Yes, there’s lots of marketing material, and ‘marko-tectures’ that get thrown at you to show you how beneficial SDN can be to your organization. While they make sense, theoretically, the reality is that holistic benefits are much more difficult to achieve than the promises made in some of the literature. You need to carefully weigh the financial and resource investments versus the business benefits when considering SDN,” says Berry. Proponents of SDN believe there’s a business case for it. Finding out whether your business needs SDN is all about asking the right questions: How dynamic is your business environment? Do you have projects that need to be kickstarted and go live in two days? Are you on a high-growth phase where new offices and employees are recruited frequently? Are you running geographicallydispersed operations that require workloads to be shifted dynamically, without compromising user experience? Do you want to customize and define identity and policy-centric applications to behave in a certain way for a certain user for a certain period? (For more use cases read When SDN Makes Sense) If your business falls in any of these categories, SDN could offer your organization the nimbleness it needs to spring into action and respond at lightning fast speed. SDN can reduce networking provision time from weeks to hours. It can dynamically shift loads between clouds, often called cloud bursting, to offer the most optimum user experience to your geographically dispersed user base. It can help optimize your resource utilization and do real justice to your already sunk-in investments in virtualization and the cloud.

The Last Word The fact is, the needs of the business are fast surpassing the capacity of IT to deliver it. The VOL/9 | ISSUE/05

CIO Career

Sumit D. Chowdhury, President, Enterprise Ecosystem, Reliance Jio Infocom, believes that other than telcos, few others will be investing in SDN.

only way to keep pace with business needs to re-orient IT to a software-centric model, a model where hardware is controlled and aligned to the application it serves. Today’ datacenters exist as a ‘patchwork quilt.’ CIOs have chosen to use a more organic approach to datacenters, replacing structures bit by bit instead of ripping and replacing the whole shebang. Incremental changes to the datacenter is sure to minimize disruption. But it can never create the transformational business value or competitive differentiation of a big bang approach. And not many enterprises possess the wherewithal do implement such a change. And hence, as with any other innovation or technology, SDN, too, will probably run a gradual course of a slow adoption, accelerated by market offering and business needs over the next decade.

“The service providers are a little too bullish on client acceptance, and utilization. And given that investment budgets are tightening, rather than loosening, I would see the eventual timeframe elongating even further,” says Berry. For Appayana, too, it is a wait-and-watch period. “We’re starting to evaluate how mature the technology is today and to what extent it can deliver what it promises.” Chowdhury believes that SDN will not see the speedy uptake that server or storage virtualization saw in the enterprise. “The network evolution story is going to be a long one.” CIO Varsha Chidambaram is principal correspondent. Send feedback on this feature to varsha_chidambaram@ idgindia.com

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

37


46

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/04


File |Motor Mahindra Reva Case Case File | TVS Company

Riding Off the

Shelf

It takes eight seconds to roll out a two wheeler at the TVS Motor Company. For IT to deploy a solution at that speed is unheard of. But the CIO of the company has changed that by reducing the timeto-market an IT solution by 65 percent. Here’s how. BY SHUBHRA RISHI A century ago, the auto industry in India wasn’t quite an industry. Like the imperial rulers of the country, cars on Indian roads were imported. In 1911, a large contingent of cars was imported to mark the arrival of King George V in colonial India. Around the same time, in the temple town of Madurai, Thirukkurungudi Vengaramaswamy Sundram Iyengar was laying the foundation of what would be India’s largest automotive conglomerate, the Rs 44,000 crore TVS Group. What started off as a bus service, today caters to everything automobile—from two-wheelers and

VOL/9 | ISSUE/04

REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 4

47


Case File | TVS Motor Company

automotive components to automotive process where a new design for a product is either documented or developed up to the dealerships, finance, and electronics. Today, Iyenger’s penchant for innovation prototype stage and adopted at a later date. The concept is built around creating and has been disseminated into its 40,000 strong workforce employed by its 50 odd companies. storing products for a period of three to five One of them is the group’s most profitable years. The purpose is to cut NPD time by proactively developing parts ahead of time. enterprise, TVS Motor Company (TVSM). For TVS’ executives in the manufacturing The moment you enter the company’s sprawling factory in Hosur, Tamil Nadu, space, this methodology was business-asyou are welcomed by a large open space usual, but for the company’s IT team, the and the fragrance of a line of Champa trees planted across the length of the company’s largest manufacturing facility. Before you start wondering if you are in the right place, an imposing line of TVS’ freshly manufactured two-wheelers greet you. The shelf engineering project has It is this factory that has given done two things for TVS Motor India its first two-seater Moped, the TVS 50cc, and the most Company, among others: Brought popular and longstanding brand, IT closer to business and set a new TVS Scooty. benchmark for innovation. The company manufactures a bike every eight seconds. But innovation runs deeper—and faster—than the company’s The amount of time reduced by stunningly casted, chiseled, and shelf engineering to deploy an IT solution. sculpted two-wheelers.

Accelerating Innovation

65 percent

Assembling Ideas In 2004, the company tested its revolutionary fuel injection technology, and later adapted it to TVS Apache motorcycles. The new technology was to offer its customers great drivability, better fuel economy, and performance consistency at different altitudes and environments. Gas shock absorbers, power and economy mode features in speedometers, and LED light technology were developed in advance, kept in the shelf, and pulled out at an appropriate time during new vehicle development. At TVS, they call the concept Shelf Engineering—to develop a part or process or technology, not for immediate but future use. The concept uses new product development (NPD)

40

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

80 percent

The rate of deployment of a shelf engineered project.

6 months

The duration that a shelf engineered solution spends on the shelf on an average.

4 out of 5 times

Shelf engineered projects have been delivered successfully.

5 projects

The number of projects that the IT team works on at a given point in time.

concept was new and extremely fetching. That’s why in 2010, while devising the year’s IT plans, TVS’ Group CIO, T.G. Dhandapani came up with the idea of implementing shelf engineering in IT. The aim was to find ways to significantly cut down the time taken to find and adopt a new technology, and develop, test, train and implement a solution. He also wanted to empower different section heads within IT in such a manner that every time business requests for a new solution, it is delivered almost instantly. But there was a catch: Who would own the project: Business or IT? Also, if an opportunity isn’t fully anticipated by the users, there’s a chance that they might not value the IT solution. The IT team would develop and prototype technology solutions based on insights gained from business teams and shelf them instead of building them as and when business demands. “So, when a department asks for a solution, we can provide it at less than a third of the time normally taken to deliver a solution,” says Dhandapani. To that end, Dhandapani dedicated 5-10 percent of his IT budget to shelf engineering. The next step was to collaborate with experts from app development, security, infrastructure, and datacenter teams and assess what the business needs. The results were nothing short of phenomenal.

Road Trip to Success In the last two years, Dhandapani and his team have shelf engineered and deployed about 20 projects. Every team member is encouraged to execute at least two innovative ideas per year. “One of the major by-products of these initiatives is that IT gets to step into the shoes of the user while assessing the need and testing a solution,” says Dhandapani.

VOL/9 | ISSUE/05


Case File | Mahindra Reva

One such project was the centralization of minutes of meeting (MoM). In any large organization, a number of both structured and ad-hoc meetings take place. At TVS, every time this happens, as per SOP (standard operating procedure) MoMs were registered in an MS Word document and circulated to different stake holders and actions were reviewed in the next meeting. The IT team observed that many a times, executives went through the minutes only on the day of review and as a result the same subject matter was discussed repeatedly. To fix this, the IT team decided to develop a centralized MoM system using an open source platform. It was integrated with the company’s mailing system and calendar. The system records and tracks the tasks and action points of business meetings for on-time compliance. The project was engineered and tested within IT for all reviews and meetings. After its adoption within IT, there was a request from the chairman’s office to devise a system to record and trace MoMs. There was a mandate to develop the system within three months. “Since the MoM project was already shelf engineered, it was deployed in less than a day across the organization,” says Dhandapani. Now different HoDs have deployed dashboards displaying status of actions assigned to individuals during such meetings which helps in instituting managerial effectiveness. The MoM project was just the beginning. Dhandapani and the IT team had more tricks in the hat. One of those was the ISO 27001 certification project. Putting a security system—in terms of certification—in place isn’t a mandate in the automobile industry. “But as a process-oriented organization, we decided that ISO standard would formally bring information security under explicit management control,” says Dhandapani. The initiative was executed under a supervisory improvement team within IT for its implementation and its audit was scheduled in February 2013. At the time, TVSM was finalizing terms with BMW for a technology sharing and manufacturing agreement. The partnership was a result of BMW’s decision to make motorcycles with engines that are

VOL/9 | ISSUE/04

Today, when a user or a department asks for an IT solution, we can cater to them at less than a third of the time normally taken to deliver a solution. — T.G. Dhandapani, Group CIO, TVS Motor Company

smaller than its current models to help it cater to the growing demand for such products in emerging markets like India. The partnership would also give TVS access to technology to develop new and advanced motorcycles. During one such meeting with BMW, TVS executives were asked if the company complied to ISO 27001. Immediately, Dhandapani received frantic calls from both his CEO and the President of R&D to confirm the status of ISO 27001 certification. “They were thrilled to hear that the company would be certified

in less than a month. Eventually, TVSM got accreditation even before they signed the agreement with BMW,” says Dhandapani. Another roaring success for IT was executing the visitor management system. The company wanted to embrace the RFID technology for a long time. In the absence of a good business case from either the operations or supply chain teams, the IT team decided to shelf engineer the project. In the VMS, every visitor is traced via RFID tags from entry to exit. This REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

41


Case File | TVS Motor Company

involved creating RFID tags and readers to capture information at strategic points. A centralized security dashboard monitors the movement of visitors to ensure physical security. This project gave the IT team RFID interface challenges and also helped it learn about on-line analytics. Once the project was tested within IT, it was flooded with requests from the operations team to leverage five more RFID projects. While these projects sound impressive, there’s only one yardstick to measure their success: User acceptance. Dhandapani knew that the only way to give wings to the IT team’s ideas was to attract users by show-and-tell. Dhandapani set up a user experience lab at the company’s Hosur facility. The lab houses about seven dashboards which can be used by the employees of the factory to visualize the flow of data in various IT sub systems used by the company for various purposes. For instance, one of the dashboards represents a digital display system used on the shop floor, at the production floor, or even the canteen. With the touch of a button, a user

can find out the number of ready vehicles on the production floor, the lunch menu in the canteen or even the number of vehicles sold. “Using analytics, we wanted to let the user experience a completely new way of looking at these numbers,” says Dhandapani. The other dashboards include the visitor management system, VoIP system, travel management system, dealer management system among others. The experience lab has not only added to the delight of users but it has enabled them to visually appreciate the functioning of different IT systems used by the company and tickled their curiosity.

Final Destination The concept of shelf engineering has carved out new paths for TVS to ride on. And Dhandapani is thrilled with the results. “The time to market for IT solutions has lowered by 65 percent, cutting down the lead time between problem identification to providing the solution,” says Dhandapani. If that’s not all, there are new projects in the pipeline almost every year. To measure the success of the initiative, Dhandapani

says the rate of deployment of a shelf engineered project is above 80 percent. The shelf engineering concept was introduced in IT in order to target large IT improvements in the company. As a result, on an average, 4 out of 5 times, these projects have been delivered successfully. This constantly motivates the team to accurately anticipate the needs of the business and come up with innovative solutions. “The CxOs are also encouraged to ask more from IT for them to perform better,” says Dhandapani. IT’s mission has always been to drive strategic and operational objectives of the company. Dhandapani’s IT team has been proactive in keeping the solutions ready whenever required. “Today, when a user or a department need an IT solution, they can take it off the shelf. And now they have a variety of solutions to choose from,” says Dhandapani. And with that TVSM has set its IT wheels in motion. CIO Shubhra Rishi is senior correspondent. Send feedback to shubhra_rishi@idgindia.com

Where Opinions Come Alive!

WWW

V I D E O S 52

IN

Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now!

O C T O B E R 1 , 2 0 0 5 | www.cio.in

www.cio.in/videos


IT Resume Makeover BY RICH HEIN

Career coach and strategist Donald Burns shows technology executives how to better transition from IT consulting back to corporate IT as he works with a client who’s feet are planted firmly in both worlds. Tim Davis has had what most would consider a successful IT career. IT Job Search Problems He’s navigated to the top of the corporate ladder with 20-plus years As his job search progressed, he was running into an unforeseen of IT management experience under his belt. Having held several problem. Potential employers and hiring managers would look positions in that arena over the last couple of decades, not the least of at his history, see his four years of IT consulting and assume which was his role as the CIO of the Popeye’s chicken franchise, Davis that meant he had been looking for a job for four years and not decided it was time to strike out on his own as an IT consultant. “You necessarily working in the IT trenches. know the saying: The grass is always greener. I’d been working in “Consulting is real work. I wasn’t looking for a job. I was working the corporate environment since I got out of college with several different clients, working on various and wanted to try something different,” says Davis. projects and working within different industries. Reader ROI: He had a successful IT consulting career going You have to do your own billing, collections, Why your CV isn’t as good as well but after four years of going from contract business development and marketing. I got a ton as you think to contract Davis decided he wanted a more stable of experience going out there and starting my own The importance of position that the corporate world could offer. So consulting firm,” says Davis. updating CVs with that he set out to find a new position in the Regardless of that his job search efforts weren’t How to go about it corporate world within IT management. netting the results he’d hoped for. The only positions

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

43


CIO Career he was getting interviews for were ones he had acquired through his personal network. Davis decided he needed a new plan and the first step was rethinking his resume. He felt his resume was too wordy, which is understandable when you consider how difficult it is to distill 24 years of experience into a single document. And with that he reached out to CIO.com, put his name in the hat for the IT Resume Makeover series.

Resume Writer’s First Look

What Position Are You Applying For? While it was clear he was in IT management, the title and summary didn’t make what role he is seeking clear enough. “There was confusion there because he was trying to do two things at once. He’s using it for consulting and looking for a corporate gig, too,” says Davis. Burns thought out of the box on this because he knew that while Davis is looking for a corporate role, he is still continuing to consult. For that reason, he came up with a new format that he calls the Bio Flyer. His goal is simple, one document with two purposes. More on that later.

“His resume wasn’t horrible, but it wasn’t competitive,” says executive career coach and resume writer, Donald Burns. “It talked about the List and Explain Awards or Recognition wrong things. Initially nothing in the resume stood out in a good way. In his resume Davis had listed that he had won an award: The Georgia It seemed like a typical resume. It was boring and kind of a data dump. CIO of the Year. This is good, but there was very little indication of Tim is a bona-fide consultant with real clients and he’s been doing that why he had received that award. “It was buried in the back. While for four years, but many people get laid off and then use IT consulting working in the restaurant industry he came up with an IT solution that as a gap-filler. There are many people in IT who do integrated a lot of information to come up with how this but don’t have any clients. That is really bad,” much chicken to cook and when. When you put that says Burns. Burns knew he had to make Davis’ kind of thing on your resume, a real success story, consulting positions as credible as his corporate accomplishment or result, it was very impressive,” roles in order for this to be a success. Burns knew says Davis. he needed to identify a couple items. He needed to know from Davis what his target position was Job Experience Unclear and more importantly what he wanted that he At first glance, when you looked at his Popeye’s wasn’t getting from his current position. With that experience Burns thought many employers could knowledge in hand they discussed Tim’s history think that he was working for a single franchise as and work experience. opposed to the entire Popeye’s chain. Burns took “We had two in-depth meetings…Donald did a time to reword this and shorten it for the sake of much better job using a marketing type approach. clarification. This made it obvious that Davis was He changed the focus from a simple chronological,” the CIO of a global franchise with more than 2,100 Source: CIO Research says Davis. stores in 30 countries.

10% Of Indian CIOs say that if

they moved jobs, they would like to go into consulting.

Keep It Short At first glance, Burns knew he had to chop some of the wording down. There was a lot of text but it wasn’t saying enough of the right things. “It was very long and the wording was dense. You can’t give a laundry list of tasks and things that you’ve done,” says Burns. According to Burns, an outside interviewer is important in order to flesh out what’s important from the fluff. “Tell me the landscape. Tell me what all this means. What were you doing? As it unfolded he had amazing stories that were all locked up in his head. That’s why the content of the new resume looks nothing like the original. It looks like someone else’s career because the important stuff wasn’t on the paper. People think they are describing their resume but it’s not what recruiters and hiring managers want to hear. They want to know very quickly what you accomplished for your last employers,” says Davis.

Don’t Bury Your Achievements The resume text was long, but it wasn’t really saying anything. “There were lots of little details of tasks he had worked on that I call the jigsaw puzzle. It’s lot of small pieces but you don’t get the whole picture of what he had accomplished,” says Burns. After speaking with Davis, it was clear to Burns that there were several times where Davis was brought in to bring order out of chaos and he was successful. That is what Burns wanted to bring to the forefront of this new resume. 44

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Rise of the Bio Flyer IT consulting is on the rise as more IT pros decide to go it alone. For that reason Burns decided to create a single multi-purpose document that could deliver results. “This is a very practical thing for people like Tim, says Burns. By people he means people who work in the corporate IT world but also have consulting work as well. To do this he created a strong first page of the resume that could be used as a standalone document. It briefly covers all of Davis’s career highlights. Simply add an image and it’s ready to be distributed to his prospective consulting clients as a bio flyer. The entire three-page document, on the other hand, is meant to be used as a resume for his corporate IT job hunting.

The End Game Davis couldn’t be happier with the results and, as a matter of fact, about an hour before our final phone interview he went on a job interview sporting his newest resume. He had applied using his original one but took the time to ask the hiring manager to critique his newest resume. “I met with an HR person for a job interview today and I asked her to look at this brand new resume. She said it was the first one she’d seen in that format. She said it popped and that her eyes were drawn to the bolded areas. She really liked it,” says Davis. CIO Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05


Sangita’s Agenda: To leverage IT to create an efficient and patient-friendly healthcare system across the Apollo Hospitals Group.


CXO Agenda | Operations

Saving lives can never be business-as-usual. It doesn’t matter whether you are a life-guard in a desolate beach country or running one of the most renowned hospitals in the world. And that’s because you are constantly challenging time—the only thread that hangs between life and death. That’s something Sangita Reddy, executive director-Operations, Apollo Hospitals Group, has realized. “The biggest challenge with operations in healthcare is to get things done in as less time as possible, and maintain a high degree of quality and efficiency,” she says.

The only way to achieve that is to turn to IT. That’s why Reddy has been striving to infuse technology into the fabric of the Apollo group. Be it creating a Unique Hospital Identification initiative to help patients across the country have a single instance of their health records, or helping patients track their health on mobiles, or ensuring patients’ test results reach doctors in the least possible time by leveraging the power of the Internet of Things. In this interview, Reddy shares how IT is changing the way hospitals are run and making the business of saving lives more predictable.

IT’s

Healing Touch Sangita Reddy, Executive Director, Operations, Apollo Hospitals Group, says that in an industry where every passing minute could change a life, IT is lending a hand by improving response times, reducing human error, and saving costs. B Y D E B A R AT I R OY

VOL/9 | ISSUE/05

CIO: Apollo’s Unique Hospital Identification (UHID) initiative sounds interesting. What’s it about?

SANGITA: UHID is an acknowledgement of the fact that everyone needs to have a single instance of health record throughout their lifetime. This ensures that irrespective of a patient’s geographical location or his hospital, doctors have a detailed view of the patient’s medical history and ensure that diagnosis is timely and well-informed. With the new UHID initiative, when a patient walks in to any of our facilities, we can pull out his medical history. This means patients no longer need to carry documents, thereby significantly reducing the time taken to start the treatment. REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

47


CXO Agenda | Operations We also realized that the algorithm, for UHID—although developed for the Apollo Group—can be used across the country and we are ready to donate the algorithm for use in the public domain. To fulfill that vision, I had requested the UIDAI team, headed by Nandan Nilekani, to see if there’s a way to connect UHID numbers to a person’s UIDAI. This initiative could open a whole new world of possibilities for hospitals across India to provide timely care to patients. With the government providing support like maintaining a master record of all registered hospitals and deciding on a common numbering system, hospitals across the country could then share information in a secure manner. This creation of a state-wide health information exchange platform has already been introduced in many of the more developed economies and India should start making a move towards it too. How is technology helping ease information flow between the Apollo Group’s hospitals, doctors, and patients?

IT is the foundation on which this entire concept has been built. Today, we are not just limited to keeping the EHR (Electronic Health Records) within our hospitals for our record-keeping but are also providing patients access to their records anytime, anywhere, with an initiative called PRISM, which is our patient health record (PHR). The moment patients register with any of the Apollo facilities, they are given access to their PRISM account which is a personal summary of their health record that they view even from their mobile phones. They can also use it as a tool to track and monitor their health. For instance, a diabetic can upload his details frequently and receive alerts and expert advice on whether his blood sugar levels are high or low and what he can do to improve

the condition. Currently, we have over two million records under PRISM hosted on our private cloud. The EHR is also integrated to various wearable medical devices. That’s interesting. How else are you using newer technologies like mobility?

Mobiles and the proliferation of smartphones has come as a boon for the healthcare industry. It is estimated that by 2020 the m-health market in India would grow to touch a billion dollars. At Apollo, we are viewing this new wave of engaging with patients from two perspectives. One is making our current customer-centric applications mobile-ready. The versatility of an Android platform has made a lot of things possible. Both our PRISM and E-doc applications—an app that allows patients to book appointments—are already mobile-ready. The best part is that this application is an SMS-based system that can work on any Android-based mobile platform and one doesn’t even require a smartphone. Apollo has an intrinsic understanding of the m-health space, and we are using it extensively internally to enhance cost effectiveness, improving information flow within the group, and improving doctor-patient connectivity. The second objective is to constantly launch new initiatives and create a Mobile Health System that increases agility, productivity, and response time of our doctors and our support staff. Doctors can access radiology and CT scan reports even on the move via tablets or mobile phones and provide suggestions to the care teams. They can help patients in need without being physically present. Patients, on the other hand, can monitor their symptoms and receive lifestyle, diet, and educational support through Apollo’s diabetes programme SUGAR. Diabetics can SMS their blood sugar count

Being in an

where every minute and every mistake can have huge negative

industry

consequences. Only 58

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

IT can help us manage this colossal system. VOL/9 |


CXO Agenda | Operations through the system to a clinician and they receive a reply explaining the numbers and what they should do. How does IT help you deal with everyday challenges of running a hospital?

Being in an industry where every minute and every mistake can cost a life, is not easy. And managing 54 hospitals—spread across nine countries—makes it a lot harder. The biggest challenge with operations in healthcare is to reduce the margin of errors caused due to manual processes, get things done in as less time as possible, and maintain a high degree of quality. But one good thing about Apollo is the fact that only technology can help us manage and monitor this colossal system. We have been early adopters of some innovative concepts that marked our dedication to quality and providing timely healthcare. For example, we realized that most of our labs are located in the basement of our hospitals. By the time a patient’s test results reach a doctor, lots of crucial minutes are lost. So, a couple of years ago, we rolled out an initiative to link the glucometers in the labs to the mobile and pager systems of our ward attendants. In a machine-to-machine communication system, the lab analyzer messages the HIS about abnormal rise or fall in a patient’s blood sugar count, the HIS messages the Telephone Control System (TCS) and the TCS then sends an SMS/mail alert to the medical staff tending to that particular patient. Another thing we are trying to do is to leverage what is nowadays being termed as the Internet of Things. We are connecting most of our medical equipment to our information systems so that all devices can be connected to the larger network. These networks, in turn, are connected to a monitoring station. A recent initiative under this is to create an e-ICU system where all of our ICUs are connected and a team of experts can monitor patients 24/7, irrespective of the location. Today, we can dynamically track and monitor whether a patient has been waiting at any Apollo facility for more than half an hour. All of these initiatives are steps in our journey to make hospital operations free of manual intervention and quicken response times in a cost-effective manner.

What role does technology play in helping Apollo sustain uniform quality of healthcare?

Apollo Center of Excellence (ACE) is our biggest platform for quality control enabled by IT. We have singled out 25 parameters for quality based on international best practices and that has been captured under ACE. ACE monitors multiple aspects across all our facilities and generates reports that help management track the clinical quality from success rates of operations to inventories. It also allows us to track the reason behind the problem and intervene in time to make amendments. The Apollo Group is currently the only hospital group in India that has been awarded an HIMSS Level 6 certification. It is one of the highest acknowledgement of quality in the healthcare industry. Less than 20 percent of the hospitals in the world today are HIMSS level 6 certified. How can advanced IT become a competitive differentiator for healthcare service providers?

Undoubtedly, it makes a significant difference. One of the biggest competitive differentiators in the healthcare industry is the trust that patients put in you with their lives. All our recent initiatives like UHID, mobility and PHR are global best practices based on an ideology called patient centricity. Earlier, healthcare was more of a transactional system where a single doctor attended and diagnosed a patient and the patient was at the receiving end. Today, doctors are transforming from an individual doctor responsible for a patient, to a specialist group of ‘care teams’ that constitutes medical professionals with varying expertise. This team aims at fixing a single problem and, at the same time, monitoring the complete health of the patient. Patients are no longer at the receiving end but at the center of all our operations. All of this has definitely increased the amount of trust our patients put in our endeavor to provide them quality, and low-cost healthcare. IT is helping us achieve that. With 115 telemedicine units, the Apollo Group is also one of India’s leading telemedicine providers. What is the biggest deterrent to its adoption in India?

Telemedicine is a very bandwidth intensive medium. From transferring image heavy data like medical report scans to doctors sitting at some other location, to video conferencing, all these processes are extremely bandwidth heavy. One of the primary things that is hindering the adoption of telemedicine is the limited bandwidth and connectivity in India. The situation has improved in the past couple of years but there are still places in the boondocks where connectivity is either absent or is extremely patchy and expensive. And that defies the whole point of a telemedicine initiative because it is these extremely rural places that don’t have sufficient healthcare centers and could use telemedicine. But I am hoping that newer technologies like 4G hold some promise and will change things for the better. CIO Debarati Roy is principal correspondent. Send feedback to debarati_roy@ idgindia.com.

VOL/9 ISSUE/05 VOL/1 || ISSUE/15

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

49


Project Management

INNOVATION vs. MAINTENANCE Spending too much time on keep-the-lights-on projects? Here’s how to tip the balance.

s

By

Minda Zetlin

Social! Mobile! Big data! BYOD! You probably already know what your company’s executives most want to see from your IT organization. But unless your company is very new, or you’re unusually lucky—or a very, very good manager—more than half your time and resources are spent, not on innovative projects, but on “keep the lights on” activities whose sole purpose is to prevent existing systems from breaking down. And sometimes the percentage is a lot higher than that. “I’ve seen companies where it’s 80 percent or 90 percent of the IT budget,” says Columbia Business School professor Rita Gunther McGrath, who examined this issue for her book The End of Competitive Advantage: How to Keep Your Strategy Moving as Fast as Your Business. “I think it should be no more than 50 percent,” she adds. Most CIOs would agree with her, but can’t achieve that 50-50 split in their own Reader ROI: budgets. In a recent Forrester Research What’s forcing you to survey of IT leaders at more than 3,700 spend too much time on maintenance companies, respondents estimated that they spend an average 72 percent of the money How to ensure you devote more time to innovation in their budgets on such keep-the-lights-on The importance of selling functions as replacing or expanding capacity your ideas and supporting ongoing operations and

50

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

13


Project Management

maintenance, while only 28 percent of the money goes toward new projects. Another recent study yielded similar findings. When AlixPartners and CFO Research surveyed 150 CIOs about their IT spending and their feelings about IT spending, 63 percent of the respondents said their spending was too heavily weighted toward keeping the lights on.

Why So Difficult? If no one wants to spend such a huge portion of IT’s funds just to run in place, why does it keep happening? One explanation lies in the term “keeping the lights on” itself: Turning the lights off isn’t an option. “It’s the ante that allows you to hold on to your job,” says Eric Johnson, CIO at Informatica, a data integration company in Redwood City, California. “If the systems are down and the phones aren’t working, no one will care how innovative you are.” Of course, new projects are very important, so the challenge is to do both.

“CIOs are striving to be business executives, truly driving value for the organization,” Johnson says. “That’s why there’s so much emphasis on keeping the lights on while still finding the budget to drive innovation.” A bigger problem has to do with the traditional approach to IT at most companies, where techies who are expected to abide by the principle that “the customer is always right” find themselves creating unwieldy systems in an ongoing effort to give the business exactly what it asks for. Keeping those systems running is usually difficult, time-consuming and expensive. “I’ve worked with a lot of companies where the CEO says, ‘I want you to do this, this and this.’ The CIO says, ‘That’ll be $5 million (about Rs 30 crore).’ The CEO says, ‘Do it for $3 million (about Rs 18 crore).’ So it’s patch, patch, patch,” McGrath says. That approach creates “technical debt”—something you’ll have to go back and pay for later—according to Bill Curtis, chief scientist at CAST, a software

analysis company headquartered in Meudon, France. Similar problems arise when IT tries to satisfy business needs too quickly. “Sometimes these things were built as ‘Let’s just get something up and see how it works,’” Curtis says. “Things that were designed as a demo suddenly have to grow. Or even if something was designed appropriately for what they thought would be the use, people kept adding new requirements and features until it became a kludge.” Perhaps worst of all is the tendency to customize licensed software in an effort to fulfil business requirements—whether or not those requirements have any real bearing on the organization’s goals or success. “We talk about business capability—the list of things a business needs to do to be successful and achieve its goals,” says Nigel Fenwick, an analyst at Forrester Research. “Out of 30 high-level capabilities, maybe two or three are differentiators.” When senior executives understand this well, he

SHOULD YOU RETHINK YOUR BUDGET?

i

f keep-the-lights-on work takes up too much of your IT budget, maybe the problem is with your budget. So says Bruce Myers, managing director in the IT and applied analytics practice at consulting firm AlixPartners. “People make the mistake of lumping keep-thelights-on and grow-the-business projects together in one budget,” he says. “Then they look at IT as a percentage of revenue. It has become a commonly used benchmark. What some companies are doing, and we suggest all companies should, is look at the cost of keeping the lights on as a percentage of revenue and manage that number down as much as they can. Improve-the-business projects should be treated like any other capital projects and compete for funds against other non-IT initiatives. If there’s a business case, the only limiting factor should be the amount of cash or capital available.” Why is this better? For one thing, you’re likely to make better decisions, according to Myers. Right now, some IT projects that should get done are probably being skipped because IT has used up its budget. And some projects that probably should be skipped are being done so IT can use up funds it might otherwise have to forfeit in the next budgeting cycle.

Myers believes too many bad projects go forward with a weak business case. “We spend a lot of time working in IT organizations from a business perspective,” he says. “I can’t remember one where we haven’t cut 50 percent of their projects because when you really drilled into them, there wasn’t a huge risk it was mitigating, or a real quantitative business case where a business unit had asked for the project’s specific benefits.” Perhaps paradoxically, removing grow-the-business projects from IT’s budget altogether seems to accomplish the goal of lower keep-the-lights-on costs. “And typically these costs are lower than when there’s only one IT budget,” says Nigel Fenwick, an analyst at Forrester Research. More important, if new IT initiatives are paid out of business units’ budgets, those business units take financial responsibility for those projects. “My goal is never to have to sit in front of the CFO and explain why IT is spending so much money,” says Michael Leeper, director of global technology at Columbia Sportswear. “The question should be, ‘Why is the business asking IT to spend so much?’ We can turn things on and off--but it isn’t our money.”—

—Minda Zetlin


Project Management

says, they encourage IT to focus on those key areas and seek standardized, easy-tomaintain solutions for everything else. Unfortunately, such understanding is rare. “It’s hard to get the CEO to stand up and say, ‘This is the way we’re going to do it,’” Fenwick says. But if the CEO doesn’t do that, he adds, “every little department will want to customize the technology to make their part of the business run more efficiently—and so they should.” After all, each department is being judged on its own efficiency, and anything that can make it run better is a good thing—from the point of view of the department’s managers. But the approach leads to systems that are difficult and costly to maintain. “Over the past 10 to 20 years, we’ve ploughed millions of dollars into software customization to support generic capabilities,” Fenwick says. “It has made IT more complex, made interfaces more difficult, reduced IT’s agility and added cost.” There’s one last reason it can be difficult to contain keep-the-lights-on costs: You may become a victim of your own success. “We’ve determined that it’ll be pretty tough to get to 50-50,” says Peter Forte, CIO at Analog Devices, a semiconductor maker. “The reason is, the more successful you are on the right-hand side that drives more activity to keeping the lights on. Every new system we deploy is a system that needs to be maintained.” Here’s a look at strategies that can help CIOs who want to spend less on keeping the lights on and more on innovations that will help the company reach its goals.

Virtualization If you haven’t gotten around to virtualizing servers, you may find that doing so is an effective way to cut keep-the-lights-on costs. Forte discovered that when a normal cyclical low in the semiconductor industry coincided with the worldwide economic downturn of 2009. “We lost 30 percent of our revenue almost overnight,” he says. As a result, IT had to quickly cut 30 percent of its costs, leading to significant layoffs. At the time, Analog Devices was about 45 years old, with the legacy infrastructure

VOL/9 | ISSUE/05

IF NO ONE WANTS TO SPEND SUCH A HUGE PORTION OF I.T.’S FUNDS JUST TO RUN IN PLACE, WHY DOES IT KEEP HAPPENING? ONE EXPLANATION LIES IN THE TERM “KEEPING THE LIGHTS ON” ITSELF: TURNING THE LIGHTS OFF ISN’T AN OPTION. to prove it. “The first thing we did was calculate what percentage of our investment would be needed to keep the lights on,” Forte says. “It was in the low 80s.” For a technology company whose success depended on its ability to rapidly bring new products to market in large numbers, that was not acceptable. So IT launched a threeyear effort to shift that balance. Today, Forte says, Analog Devices spends 62 percent of its IT budget on keeping the lights on and 38 percent on growing the business. That’s not 50-50, but it’s a meaningful improvement. There were several elements to the program, but virtualization was one of the most effective. “We moved from an environment where we were 100 percent physical to over 90 percent virtual,” he says. That saved several million keepthe-lights-on dollars that the company poured back into innovation. At the same time, Analog Devices switched to a service catalog approach, automating such tasks as resetting passwords for employees— something that help desk staffers previously did over the phone about 1,800 times per quarter. “Those technologies swooped in and saved us,” Forte says.

Cloud Computing For many companies, moving services to a public, private or hybrid cloud also has a huge impact on costs. Johnson estimates that Informatica spends about 60 percent of its IT budget on innovation and only 40 percent on keeping the lights on, and heavy use of the cloud is one reason why. “We

have more than 30 enterprise software-asa-service operations,” he says. “We have a mantra: ‘Cloud first.’ Can we do it with a hosted cloud solution? If not, and we have to buy it, that’s fine. [But] building it custom is always the last resort.” And security concerns shouldn’t keep you out of the cloud, Fenwick says. Business executives “need to look at how much it matters if something is running in a datacenter 100 miles away and owned by the company versus one that’s 100 miles but owned by another company,” he says. “People don’t really understand the relative risk of someone hacking into our datacenter compared with Amazon’s datacenter.”

Standardization Eliminating customization for any function that isn’t a key differentiator can substantially reduce keep-the-lights-on costs. “People have done a lot of the easy stuff,” Fenwick says, referring to the fact that virtualization and cloud computing have already had big impacts on many IT budgets. Standardizing software is the next thing you can do to meaningfully cut costs. But while standardization can create great efficiencies, it can be a hard sell. That’s because, unlike the cloud or virtualization, standardizing—whether on SaaS or offthe-shelf applications—requires users to change how they do their work. “If you’re buying something off the shelf, it’s by definition not going to be designed for your processes,” McGrath says. “And once you start tinkering with it, you lose the benefit.” REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

53


Project Management

The key is to have the discipline to say, “We are not going to customize this.... We’re not going to make changes that will make it more difficult for us to be agile.” Fenwick says. Johnson says standardizing both technology and business practices helped Informatica get to the point where it spends 60 percent of IT’s budget on new initiatives. “You make sure you don’t have 10 ways of doing something,” he says. “You have one way of doing it.”

Planning Ahead One thing that makes keeping the lights on much more costly is the need to make unexpected repairs. You can save

in the evening to make sure all systems were functioning well. Adopting the new technology and other steps have helped cut the percentage of the IT budget devoted to keeping the lights on from about 80 percent to about 70 percent, he says, and he aims to get it much lower. For Michael Leeper, director of global technology at Columbia Sportswear, an outdoor clothing retailer, planning ahead also means not doing anything you’re likely to regret later. “Hopefully, you’ve done your homework so you don’t have to create shortterm solutions just to solve a problem,” he says. At the same time, though, he’s careful not to turn down requests from business people.

TRADITIONAL APPROACH TO I.T. AT MOST COMPANIES IS A BIG PROBLEM. TECHIES ARE EXPECTED TO ABIDE BY THE PRINCIPLE THAT “THE CUSTOMER IS ALWAYS RIGHT” AND CREATE UNWIELDY SYSTEMS TO GIVE THE BUSINESS EXACTLY WHAT IT ASKS FOR. money—and lead a more pleasant life—if you plan ahead and prepare for system maintenance needs. For The Reinvestment Fund, a Philadelphia-based community development financial institution that manages $700 million (about Rs 4,200 crore) in funds, automatic monitoring of the IT infrastructure’s operations has made a huge difference, says CIO Barry Porozni. “Upgrading our monitoring system was one thing that really made an impact,” he says. “It probes into applications and devices so we know proactively if e-mail is down—we don’t need users to come to us. Same thing with data storage—we’re very data-intensive, and it tells us how close we are to running out of space.” The new monitoring system has freed up a lot of time, Porozni says. Previously, he and his staff had to go through a checklist first thing in the morning and last thing 54

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

“Inevitably, you have to do something you don’t want to do just to make people happy,” he says. When that happens, it’s important not to leave the quick fix in place, but to go back and improve it. “Once that first [request] is up and running, you start figuring out how to fix it,” he says. “We’ll show the business what they’re asking for, and then go fix it in the background. You don’t want to start building on something that’s bad.” Planning ahead also applies to projects designed to grow the business, so Leeper and his team are in the habit of piloting new projects before anyone asks for them. “Once the platform’s stable and current, the next thing we do is make a small investment in technology we may not need immediately,” he says. One example is virtual desktops— Leeper saw that there might be a need for them so he implemented some to learn about them. “Then when the business did come to us, we didn’t have to tell them to wait,” he says.

Selling Your Vision Marketing your ideas for taming keepthe-lights-on costs, both within IT and to the company at large, is an important step. Indeed, as Analog Devices went through the painful process of recovering from layoffs and then bringing its technology up to date, Forte used a simple phrase to tell both his IT colleagues and Analog executives what the team was up to: “Shrink the footprint, shift the balance [from keep-the-lights-on toward innovation], optimize services.” “The importance of communication can’t be overstated,” he says. That was especially true when he took over as CIO in 2009. At the time, customer satisfaction with IT was low. “I kept telling people, ‘Hang in there, we’ll get things in order,’” Forte recalls. “I spent time with every vice president in the company, telling the same story: Shrink, shift, optimize.” By staying relentlessly on message, Forte gave both the business and his IT group a good grasp of the priorities and what still needed to be done. “I was giving a talk at a local college about business-IT alignment,” he says. “I said, ‘You can walk up to anyone who works in IT at Analog Devices, ask them what the three most important initiatives are for IT, and you’ll get the same answer.’” One student happened to have a friend working at Analog, so she called her friend to test Forte’s assertion. Sure enough, when asked for the top priorities, the student’s friend answered, “Shrink, shift, optimize.” Still, though you may have a grand vision for bringing down keep-the-lights-on expenses, Leeper advises starting out with small steps. “You’ll never get anywhere if you try to do it all at once,” he says. But it’s important to start somewhere. “Pretty soon, you begin accomplishing little upgrades with little payoffs,” he says. “And then one day you’ll look around and think: ‘Hey, I did it all.’” CIO

Minda Zetlin is a technology writer and co-author of The Geek Gap. Send feedback to editor@cio.in

VOL/9 | ISSUE/05


casefiles REAL PEOPLE

* REAL PROBLEMS * REAL SOLUTIONS

FLIGHT

PLAN

The intriguing story of how SpiceJet’s CIO found an ingenious way to save costs by limiting IT support staff—from what could have been 300—to 30. BY SHUBHRA RISHI

There was a time, in the not-so-distant past, when airlines evoked only one emotion in the average Indian traveller: Sticker shock. You can hardly blame them. Airlines were a snooty lot and were seen as a luxury only for the privileged. That isn’t true anymore. And that’s because, the average Indian traveller has found an empathiser in low-cost airlines. Their arrival has made airlines down-toearth and affordable. In that bracket falls India’s second largest low-fare airline, SpiceJet. The Organization: With over 300 domestic flights catering to 46 Indian cities, SpiceJet is owned by Kalanithi Maran’s Sun Group. In February 2005, SpiceJet ordered its first 20 Boeing aircrafts and it started with launching an airline in Delhi. The Business Case: Last month, the airline sparked a price war by slashing rates to fill in planes in the lean period between March-September. This forced other low-cost airlines to follow suit. That’s a clear indication of the mounting heap of cost pressures troubling low-cost airlines. But fierce competition and a low-margin business are forcing airlines to cut costs and optimize resources. That’s something Virender Pal, CTO, SpiceJet, realized way back in 2006. He knew that as SpiceJet introduced new routes, it would need more IT staff to manage ground IMS operations. But some engineers hired for the job weren’t being adequately utilized. Which is why they left the organization. Pal had two options: one, to outsource airport support, or hire a huge army of support engineers, every time a new station is announced. Airport support is a 20-hour job which is divided into two-anda-half hour shift of eight hours each. This would typically mean that SpiceJet would

56

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


Virender Pal, CTO, SpiceJet, found a smart way to save costs by providing IT training to customer support staff. require at least five to six IT personnel—in every airport— adding up to a packed 300-member consolidated IT team. And this number would multiply as and when new routes are introduced. Clearly, option two wasn’t the way forward. “The idea was not to compromise on quality, but to do more business economically, and save more money,” says Pal. It was then that Pal came up with an innovative idea. The Solution: Pal decided to form a band of IT champions. The best place to pick IT champions was SpiceJet’s Delhi office where a one week induction training of new hires—airport customer service agents—was going on. He was also eyeing his existing customer support staff. These IT champions were chosen over others on the basis of a few elementary parameters ranging from the way they kept or handled their computer systems and their inclination and interest towards technology at the check-in counters. These customer support agents were then trained on basic IT support operations such as configuring and replacing highlyspecialized network and boarding pass and baggage tag printers, handling computer systems, troubleshooting software issues, with the local airport staff and the core IT engineers at the head office in Gurgaon. A refresher training was also repeated after a few months for the selected IT champions. Additionally, a four-member group from the core-IT team in Gurgaon visited all the airports that SpiceJet operated in to meet the IT champions and stay abreast of the problems they were facing. At any particular airport, there are multiple service providers that support execs have to liaison with. For instance, in case there’s an error while printing boarding passes at the check-in counter, the SpiceJet customer support staff—now also IT champions—is equipped to troubleshoot it. In the absence of an IT-trained ground staff, this problem would not have been addressed in time, leading to delayed flights.

VOL/9 | ISSUE/05

The Benefits: The IT champions have given SpiceJet more than just efficient operations. Had Pal not taken the IT champion route—a small but powerful team of 30—SpiceJet would have had to recruit about 300 IT staffers at all the airports. “Our customer service levels have gone up as our teams are highly motivated in their roles,” says Pal. Not only do the IT champions understand the urgency of a situation, they are also

passionate about learning new skills which earns them an additional monthly allowance of Rs 2,000 each. The current cost of personnel is just 5 percent of what it would have been in the conventional support architecture. Today, these IT champions are helping SpiceJet cruise the skies with renewed vigour. CIO Send feedback to shubhra_rishi@idgindia.com

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

57


PRESENTS

20-22 February 2014

Winning in Today’s Environment Disruptive technologies are infiltrating the CIO’s world, leaving them with two choices: To see a set of challenges or to create new opportunities for their organizations and themselves. Here’s how.

B Y D E B A R AT I R OY

The alarm bells of the world’s economy might have stopped ringing, but its echo can still be heard. At the same time, relatively new technologies are disrupting traditional business models and changing the way organizations operate. The times, they are changing, but as scary as that might sound, it’s actually great news for CIOs, because for once, the new game is being played on the CIO’s home turf: Technology. Be it big data, the internet of things, mobility, or social technologies, many of today’s game changers are built on the back of IT. But to be able to leverage these new technologies and adapt to the changing rules of the market, CIOs need to change their approach. To help lend direction to their strategies, CIO

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


TITLE PARTNER

THEME PARTNER

CIO CONVERSATIONS PARTNERS

ASSOCIATE PARTNERS

TM

PARTNERS

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

59


magazine and IDC joined hands at the annual CIO Summit. Here are eight ways to win in this new world.

Creating Meaningful Partnerships

POSITIVE IMPACT Doesn’t the ‘I’ in CIO signify the importance of information? Why do companies need a data officer? ” SIMON PIFF Associate Vice President, IDC APAC Enterprise Infrastructure

Conventional IT is morphing into a more service led-environment, rapidly shifting from IT agility to business agility.” SANDRA NG Group Vice President, IDC APAC Practice Group

The CMO desperately needs help from the CIO to understand these new channels, most of which are technology intensive.” RICHARD VANCIL Group Vice President, Executive Advisory Strategies, IDC 60

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

In the past few years, if there’s one department that has evolved in terms of dealing with technology as much as IT, it’s marketing. As traditional methods of marketing have become increasingly obsolete and customers move to newer methods of connecting with organizations, marketing has become more dependent on digital media, social media, and mobility. “Our research shows that marketing is going to undergo the greatest amount of IT-driven business transformation, which is projected around a growth rate of 10 percent annually by 2017,” says Richard Vancil, group VP, Executive Advisory Strategies, IDC. Earlier, organizations controlled how customers interacted with it. That’s changed. Customers are more aware of what they want, and how they will reach out to enterprises. And if an organization isn’t ready to embrace this new reality, customers will let the whole world know via social media. “The CMO desperately needs help from the CIO to understand these new channels, most of which are technology intensive. Systems of engagement, digital engagements like social and digital marketing, or being able to effectively leverage tools like marketing resource management, budgeting, campaigns management tools and BI,” Vancil says, are all areas where a CIO can help a CMO. This forces CIOs and CMOs to work together more deeply than ever before—a fact that doesn’t always go down well with either party. Vancil says that across the world it has been noticed that marketing teams invest in systems independently, without understanding where the dots need to be connected, resulting in siloed pockets of technology. Often, marketing departments aren’t as clued in as they should be about how to make the best use of new tools or how to secure data. “The new CIO-CMO dialogue has to focus on rectifying these gaps. Fragmented IT infrastructure, low IT skills in the marketing departments, inadequate knowledge of what technology to bet on and its implications, are all areas where the CIO can make a significant impact and transform the marketing strategy of their respective organizations,” Vancil says. And if the CIO and CMO don’t find a way to cooperate, they might be forced to, says Vancil. “If the CIO and CMO are not actively involved in meaningful dialogues of understanding what this new paradigm means to the organization and its customers, then it will become a company issue,” he says.

VOL/9 | ISSUE/05


Re-igniting the CIO Role In the recent past, the role of the CIO has once again come under scrutiny. Earlier, it was about how unaligned business and IT were, raising the question of a CIO’s relevance. This time around, it’s worse. With the advent of cloud computing, many are asking whether companies even need CIOs given that IT needs can be rented or strategically outsourced. Jaideep Mehta, country manager, IDC India, rubbishes that theory. “Whether we are talking about a CIO or any C-suite position, the role will die if the individuals populating it don’t respond to changing times,” says Mehta. There’s reason to believe that the role of IT will only become more important—not less. Mehta points out that as companies fight for survival and respond to temperamental and uncertain markets, they desperately need two things: Agile processes and flexible people. The good news? Technology can enable both of those. Mehta says that businesses are constantly under pressure to conquer three big challenges: The pressure of volumes and revenue growth, the pressure of handling Dalal Street, and the pressure to battle extremely stiff and increasing competition. The CIO, he says, can play a central role in easing each of those challenges. “The CIO is in the best position to usher in transformation, be it by making processes more agile, or finding new ways to do business, or by reaching new markets and creating innovative products, or by making employees more flexible with increased automation and flexible processes,” he says. Referring to IDC research, Mehta says that organizations are trying various strategies to respond to the

VOL/9 | ISSUE/05

POLL: NEXT GEN SECURITY CIOs at the event were asked: What does a true next generation security platform do?

52% Brings together all key network security functions

43% Is a platform that is non-intergrated

32% Only blocks or allows applications

2% Increases cost with each additional feature

needs of today’s market. In most cases, it is IT that is making the change possible. He shares the example of an Indian organization that went and acquired a new company to increase its market reach in the ASEAN region. Overnight, the company established a presence in six new countries. The CIO, of course, landed up with having to manage a whole new technology ecosystem based in multiple foreign countries. “Without the CIO’s agile strategy, the whole acquisition would have failed,” he says. This is the scale at which CIOs can make a difference, says Mehta. Today, organizations expect CIOs to become a partner in change. According to IDC research, in 2013, 50 percent of the KPIs that CIOs carried were actually oriented toward innovation and business outcomes. “The message is clear. The business obviously sees the CIO as a trusted change agent,” he says. From exploring new markets, to creating innovative

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

61


ENTERPRISE FOCUS CIOs were asked: In the last year, which areas has your business increased focus on?

40%

Financial impact

46%

Strategic impact

60%

Operational impact

48%

products and services, and from understanding the end customer’s psychology, to making a real difference in how smoothly and quickly a company can respond to market needs, the CIO is the eye of the storm,” he says.

Make Technology Work for You Since big data made its much-hyped debut, there’s been talk of the rise of a new c-suite position: The Chief Data Officer. That’s an idea that Simon Piff, AVP with IDC’s Asia/Pacific Enterprise Infrastructure Research Group, doesn’t buy into. “Doesn’t the ‘I’ in CIO signify the importance of information? Why do companies need a data officer?” he asks. That said, Piff underscores the importance of data in today’s economy. He points to a piece of MIT Sloan research which demonstrates how companies that are better than average at leveraging their digital assets have 12 percent higher revenue growth compared to their competitors. If information is the new oil, then it’s the CIO who is best positioned to leverage its power and assist business peers with insights they couldn’t have dreamed of. “But to be able to do this, CIOs will need to make two changes. First, is a change in mind set. CIOs have to realize that they are business leaders working in the technology space. The second, is to change the way IT has traditionally operated,” he says. For example, Piff says, it’s not enough for storage administrators to only look after the technical aspects of managing storage effectively. They need to drill deeper into what information is relevant to the business. Why? Because only then will storage admins know how to manage

Customer impact

Source: State of the CIO 2014

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


information so that it is readily available for the business anytime they need it, which is one of the basic requirements for effective predictive data modelling. “The great news is that with new technologies like the cloud and software-defined everything, CIOs can move out of the traditional functional IT management to more strategic IT transformation initiatives,” he says. Piff lays down some of the ways in which CIOs can switch out from traditional IT management. He says that in terms of responsibility of the IT function, a new dynamic environment should be more about creating capability and supporting business by delivering value through dynamic multisourced systems. Another way is by leveraging cloud and strategic outsourcing as opposed to the older system of operating and managing internal IT resources. “Technology need not be owned and operated by IT anymore. CIOs should leverage IT both onand off-premise to create agile systems,” he says. Piff adds that instead of focusing on functional skills, CIOs should incorporate both IT and business skillsets in their teams. When these skills are not available in-house, CIOs can partner with solution providers to fill in gaps. Finally, Piff says that the very nature of a CIO’s KPIs are changing and that instead of worrying about TCO and ROI, CIOs need to speak the language of the business and start measuring their initiatives based on how much they impact business performance. W h i le relat ively new technologies like the cloud,

VOL/9 | ISSUE/05

As companies respond to temperamental markets, they desperately need two things: Agile processes and flexible people. The good news? Technology can enable both. mobility, BI and software-defined transformation are creating disruptions, they are also paving the way for the CIO to worry less about managing technology and become business leaders.

Outsource Smarter Everyone agrees that keeping the lights on is no longer enough. Businesses expect big things from IT and as CIOs try to walk this tightrope between business and technology, they will need help. But what does it mean to create meaningful partnerships? Ramachandran S., research manager with IDC Manufacturing Insights Asia/Pacific, says that the basis of these strategic relationships should not just be about SLAs but evolve into a more outcome-based model. “There needs to be an equal sharing of risk and the vision of working towards a greater goal, which, of course, needs to be aligned with the business’ requirements,” he says. But why this need to rethink partnerships? If SLA’s are being met, why tamper with this model? The answer, says Ramachandran, lies in the way business models are changing. With mobility, BI, e-commerce, and the internet of things, businesses are moving out of the traditional produce-and-sell model.

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

63


POSITIVE IMPACT Strategize, optimize, digitize. These transformative concepts will push CIOs on the path to growth.” RAJEEV AGARWAL Research Vice President, IDC

Be it a CIO or a business head, a role will die if the individuals populating it don’t respond to changing times.” JAIDEEP MEHTA Country Manager, IDC

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

64

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

world and make an attempt to understand their business imperatives as well. “As IT buyers, it is important for the CIO to help their partners build sustainable businesses. If their partners are bleeding, they can’t help CIOs,” she says. Bhadauria says that although many IT models are still time-and-material driven, there is a traction building for outcome-based partnership models, which not only help CIOs make IT perform better, but also ensure that partners have healthy bottom-lines and can see the prospect of non-linear growth. Businesses are not bothered about applications and platforms but the final value a project delivers. And if the CIO starts engaging partners in more conversations around final business outcomes, it empowers partners to think differently. To be able to do this, Bhaduaria says there are six key steps CIOs need to think about. These include creating more standardization, talking about a value-based approach, having measurable metric-driven results, smartly linking price to performance, pushing co-innovation, and defining KPIs. With these in place, CIOs can create meaningful partnerships that are not about projects, but life-long engagements that bring value to everyone.

SMAC Them

Quoting a CIO, Ramachandran says that traditional KPIs like uptime, cycle-time, and costvariants, among others, are being pushed down to three levels below the CIO. And one way CIOs can focus more on innovation and business is to delegate work not just within the IT team but to partners as well. Kavita Bhadauria, manager for Software and Services Research Practice at IDC India, says that the first step toward this journey is to stop looking for suppliers and start looking for partners instead. To do that, CIOs need to first understand the partner’s

Chances are that as you read this, you are connecting with your business partners over your smartphone, writing a review on social media about a product you like, and maybe switching between an app tracking a shipment you are expecting. That is the power of the connected world we live in today. And your business and customers are expecting you to think of innovative ways in which IT can enhance this engagement. “There is a huge need for personalization, relationship sensitivity, service orientation, and redefining service levels across all channels. Organizations need to revisit their offerings, services, and processes to encash the potential of four pillars: Social, mobility, cloud and analytics,” says Shalil Gupta, director, Insights and Consulting, IDC. Challenging? Hardly. Think about it. Yes, these new technologies are creating disruptions. But what happens when you scale these disruptive technologies? Gupta refers to a platform called Panoptix from Johnson Controls which is an open, cloud-based building platform which simplifies the

VOL/9 | ISSUE/05


complex process of collecting realtime data from disparate systems and creates a single integrated view. With the internet of things, big data and mobility, companies are finding newer ways to make smart systems that are relevant to the business. New technologies like these can help CIOs elevate from talking about servers and processors to talking about business imperatives. Today, infrastructure doesn’t mean datacenters but systems that are self-repairing and self-configuring. Systems are always connected and cater to non-stop demand for products, services and systems. Technologies like the cloud can finally help CIOs give the business the kind of elasticity and scalability that they have been looking for.

Focus on Outcome-based IT Whenever most businesses hear the word IT transformation, two red flags immediately go up. The first is: How much is it going to cost and how long will it take to reach ROI? The second is: How difficult is it going to be to execute and does the company have the expertise to carry it forward? Sandra Ng, group VP, IDC’s Asia/ Pacific Practice Group, says that as markets change dynamically, businesses are looking at IT projects to deliver hard-core business value. It’s no longer about ROI or TCO but how much impact it made to the top line and bottom-line of an organization. “The market place of tomorrow is built on borderless connections, mostly online, changing rapidly with more focus and speed and automation and intelligent devices,” she says. To conquer and win in this new marketplace, CIOs need to change the way IT views, runs and measures the success of its initiatives. A look at the e-ICT marketplace today shows the convergence and collision of four

VOL/9 | ISSUE/05

specific areas of the ICT industry: Consumer devices, digital and premium content, x-commerce, and entertainment/content applications and services. “In the last four years, our lives have been more affected by the rate of change of technology compared to the last two decades. Conventional IT is morphing into a more service led-environment, rapidly shifting from IT agility to business agility,” she says. First, Ng says that CIOs need to forget to worry about budgets. With outcomebased IT, it doesn’t matter who is paying for a project as long as it delivers business results. She also says that there has been a recent surge in the number of joint projects occurring between CIOs and LOBs, where business and IT work in tandem to make a significant business difference. But to make this outcome-based mind-set a standard practice, CIOs need to change how they think and operate. Ng says that some major shifts include the need to think in terms of business applications and process managers compared to technical developers and administrators. CIOs shouldn’t spend their time thinking about managing giant, in-house IT infrastructure monoliths. With smart vendor and SLA management, they can start investing more time to collaborate with the business. And finally the structural thinking and reactive mind set needs to be replaced with a creative thinking and exploratory mind-set.

Winning Through Competitive Differentiation When IDC asked business leaders what worries them the most, their response wasn’t surprising. Most C-suite executives said they worry about profit and loss, customer satisfaction and better processes. When IDC threw the same question to IT leaders, their answers listed out a similar set of problems: Productivity, improving business processes, cutting costs, and increasing revenue. Obviously, contrary to popular belief, CIOs are business-oriented. Rajeev Agarwal, research VP, IDC, believes that by focusing on the three pillars—strategize, optimize and

Companies that are better than average at leveraging their digital assets have 12 percent higher revenue growth compared to their competitors.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

65


digitize—of modern day business transformations, CIOs will be able to overcome these challenges and become the harbingers of change and innovation. “Done well, these three transformative concepts will automatically push the organization on a growth path,” he says. Agarwal says that the first step to strategize is to use simple reports and dashboards to showcase the value that IT brings to organizations—no matter how fundamental it is. By reinstating this faith in IT, CIOs will be in a better position to align themselves with business peers. “And this goes a full circle. CIOs should never try to strategize alone. The more business peers you align with in your organization, the more initiatives will become a holistic company decision,” he says. Also, CIOs should do a dipstick and figure out the scope for optimization within their organizations. “Be it staff, processes that you support, or technology, everything has scope for improvement,” he says. By using methodologies like Six Sigma, CIOs can streamline processes and create more measurable parameters for the success of these processes. “We, at IDC, have noticed that companies that have optimized their current assets have easily reduced costs by 20-30 percent,” he says. Agarwal says that while human resources can be optimized by investing in good performers and focusing on integrating services and skill sets, CIOs can optimize processes by investing more in those that are competitive differentiators. The answer to optimizing technology lies in technology itself: By automating current IT infrastructure for higher selfutilization, standardization, and consolidation. Agarwal says that CIOs who have strengthened these two pillars need not worry too much about the third. Because what follows is the natural progression of digitization, that makes way for new age technologies like cloud computing, mobility and analytics.

Leverage Cloud and Mobility Craving for some hot pizza on a train? No problem. TravelKhana.com, a Web portal can now get it delivered to your seat. Working with partner restaurants in select towns and cities, the portal allows people to order food via a Web interface or a mobile application. “It’s not a radical technology. Bringing together the concept of a website, mobile apps, and home delivery is not what’s exciting. What’s exciting is the thought process and how new-age companies are leveraging technology to woo their customers,” says Venu Reddy, research director, IDC India. That’s a noticeable shift in terms of business concepts 66

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

If information is the new oil, then it’s the CIO who is best positioned to leverage its power and assist business peers with insights they couldn’t have dreamed of. and a clear indication of the fact that the world is constantly moving from an industrial to a digital one. And to be able to survive in this new scheme of things, IT needs to transform, not just on the surface, but to the core infrastructure level. Changing business models, the need to lower costs, shrinking time-to-market, governance and more agile processes, are going to have a tremendous impact on your IT infrastructure. This means that CIOs now need to look at something as core as a datacenter in new light. An efficient datacenter is the one that is agile, efficient, and cost-effective and can support dynamic business needs. Reddy stressed on the role that cloud computing and mobility can play in this journey. The need for standardization will push companies to look at more integration, modernization, consolidation and standardization of applications and IT processes, says Reddy. “Technologies such as virtualization, cloud, and mobility have the ability to renovate the infrastructure of organizations in a highly systematic and phased manner,” he says. Rightsizing supply and demand is one of the highlights of this flexible infrastructure. This means that CIOs can scale up or down depending on business demand, says Reddy. It is this agility that is going to become the next big business differentiator for most organizations. But Reddy also cautions that cloud and mobility are merely tools which happen to be available at the right time to solve a larger problem. It’s not the technology that is going to deliver value. What matters is how CIOs will use these tools to solve critical business issues or come up with innovative business ideas to win in today’s world. CIO

Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05


The Business Conference for IT Leaders The event created space for CIOs and industry leaders to have debates.

Nine roundtables discussed a variety of topics from mobility to the cloud.

The business conference for IT leaders had an impressive line-up of international and Indian speakers from IDC.

The CIO Summit gathered over 120 of India’s finest IT leaders.

IDG’s Editor-in-Chief, Vijay Ramachandran, shared insights from CIO research.

VOL/9 | ISSUE/05

Technology vendors like Vodafone held interactive dialogues at their stalls.

After a long day discussing important ideas, CIOs shared war stories over drinks.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

11


ESSENTIAL

technology IMAGE BY MASTERFILE.COM

A CLOSER LOOK AT PHYSICAL SECURITY

Iris recognition systems are 100,000 times less likely to produce a false match than facial recognition systems and they finally seem ready to break into the mainstream, as prices drop and systems get easier to use.

68

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Bull's Eye! BY ROBERT L. MITCHELL

SECURITY | At the entrance to "The Vault," the most secure room within the most protected building operated by security services provider Symantec, an iris recognition system stands guard as the last line of defence. Employees who make it this far have already swiped an access card and entered a PIN at the building's main door and then submitted a finger to a biometric reader to move beyond the lobby. But the high accuracy rate of iris recognition technology, which uses near-infrared cameras to take a picture of the subject's iris and then applies specialized algorithms to encode the image and match it to an existing record on file, makes it an ideal access control choice. After all, this is the high-security area that holds the cryptographic keys to Symantec's certificate authority business, which provides e-commerce security services to many organizations. "We have to make sure that no individual can compromise those cryptographic tokens, [and] iris recognition has higher accuracy and less likelihood of false positives," says Paul Meijer, senior director of infrastructure operations at Symantec's identity and authentication division. Symantec's use of iris recognition technology for an access control system in a setting where security requirements are high and cost is no object represents a classic application of the technology. But as prices have come down and the systems have become easier to use, the VOL/9 | ISSUE/05


ESSENTIAL technology

technology has been slowly gaining ground in more ordinary business settings in industries such as banking and healthcare. "Cost has perennially been an issue with iris, but this trend is quickly changing," as cameras, recognition algorithms and software have all improved, says Ram Ravi, a research analyst at Frost & Sullivan. One reason for the rise in innovation that led to those improvements: The 2005 expiration of a key patent on the mathematical representation of the iris that previously limited what competitors could do. Since that time, open standards have been developed, says Patrick Grother, director of biometric standards and testing at the National Institute of Standards and Technology (NIST). Until relatively recently, iris recognition systems were mostly deployed by governments, not by businesses, partly because they're so expensive. The largest use of iris recognition today is the Unique Identification Authority of India (UIDAI) project. That initiative includes iris recognition as part of a national ID

facial recognition systems, Grother says. Other benefits: The matching process is very fast and, unlike faces, the eye doesn't change much with age. NIST recently completed a study on the subject of iris recognition. While face photos on passports are generally replaced every five or 10 years, "the iris is good for decades," Grother says. And because each eye has a unique pattern, vendors offer dual-eye systems, such as the one used in Symantec's Vault, for even higher accuracy. "Ten fingerprints are the gold standard for identification. A pair of irises are at least equivalent to eight or 10 fingers, and maybe more," Grother says. Iris recognition systems encode the entire eye structure, following an open standard. And because the process doesn't focus on detailed feature points, a gray-scale 640-x-480-pixel image is sufficient. That's one reason why the recognition algorithms can speedily process data and respond quickly. "The old VGA format turns out to be all you need. High resolution is not needed,

At the CairoAmman Bank,inJordan, iris recognition has lowered average time per transaction at the teller window from four minutes to one minute.It also allowed the bank to reduce branch staffing levels from four tellers to two. system designed to cover all of India’s 1.2 billion citizens. The technology is now making its way to the consumer end of the spectrum. "The use of iris recognition in mobile phones is expected to see a considerable uptake," Ravi says. Another reason for its growing popularity: Iris recognition systems are extremely accurate; they're 100,000 times less likely to produce a false match than

VOL/9 | ISSUE/05

and in fact would slow things down," says Grother. Sophisticated, high-end cameras capable of capturing images at distances of two meters can cost $30,000 (about Rs 18 lakh) or more, but other models suitable for business use that operate at close range may run as little as a few hundred dollars. The FBI is on the cusp of adding iris images to its database of criminal fingerprints. As part of it Next Generation

$15B

The estimated size of the global biometric technology market by 2015. SOURCE: BIOMETRICS RESEARCH GROUP

Identification (NGI) project, which is gradually modernizing the aging Integrated Automated Fingerprint ID System, the agency plans to launch a pilot that could lead to the creation of a nationwide iris identity database for tracking criminals.

Banking by Eye For Kamal Al-Bakri, who as GM at Cairo Amman Bank oversaw the installation of an iris recognition system at 80 branches and 100 ATM locations in Jordan, fraud has not been an issue. "We've done more than a million transactions since 2009 with zero fraudulent transactions," he says. The bank recently upgraded to more-accurate dual-eye readers, "to sustain our position as a leader" as competing banks start to use similar technology, he adds. In Amman, people must present a government ID when banking—a driver's license isn't sufficient—but not everyone remembers to bring their IDs when they make a trip to the bank. So Cairo Amman Bank gave its customers the option of registering with its iris recognition system and using it at both the teller window and at ATMs. Customers initially had concerns, such as whether the system would somehow affect their eyes, so the bank put out a flyer with answers to common questions. Today half of its customers use the technology. The system isn't just more secure, Al-Bakri says, it's more efficient. With iris recognition, the average time per transaction at the teller window is one minute versus four minutes using traditional authentication methods. As

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

69


ESSENTIAL technology

more customers opted for iris recognition, the bank found that it could reduce branch staffing levels from four tellers to two. The latest cameras are smaller and less expensive than the models the bank deployed with its first system a few years ago, Al-Bakri says, but they're still not cheap—and neither was the integration project required to get the cameras, ATMs and core banking systems to work together. Al-Bakri declined to discuss costs for competitive reasons. But one vendor did say that the cost of a fully integrated vertical market deployment varies depending on the systems that must be connected. The average cost ranges from $3 to $6 per bank customer, he says. "But the cost is irrelevant when compared to the risk you're facing when you use a card and password," Al-Bakri says. "Look at what you're gaining from the system, not just what you're paying for it."

Faster Gates at Gatwick Speed and ease of use were key reasons why Gatwick Airport in London added a

a "bio pole" tells them where to look as a camera takes a facial photo and an iris image from a distance of up to two meters. Once the self-service process has completed, the gate opens automatically. The system then uses the iris data to authenticate passengers at each gate as they line up to board their respective planes. The system handles as many as 3,000 people an hour during peak travel times, and an average of 30,000 to 35,000 people pass through the system each day. "It's very effective," Rees says. The airport just completed a revamp of the system, integrating it with an enterprise service bus that exchanges data in real time with other systems used to check flights and passengers. "It's not just sticking some cameras onto a pole," he says. "There's a lot of infrastructure that needs to be in place." The cost of cameras for an application like the one at Gatwick can range from $10,000 to $65,000 (between about Rs 6 lakh to Rs 39 lakh). The airport has 34 of them. "These are expensive cameras," Rees admits, but

The trick with systems designed to capture iris images at a distance is to use techniques such as "dynamic signage" or flashing alerts to draw the user's attention to the camera,rather than trying to solve image acquisition issues through better algorithms. passenger authentication system that uses iris recognition technology a little over two years ago. The airport has a departure lounge where both international and domestic passengers congregate prior to boarding. "We had to ensure that people who are traveling domestically stick to their flights and don't swap tickets," says David Rees, IT program lead at the airport. Now users scan their boarding passes at the security gate, and a video system on 70

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

the airport needs high-quality equipment to capture images at a distance and process them quickly. The cameras include features such as optic mirrors that move to automatically accommodate people of different heights. The trick with systems designed to capture iris images at a distance, Rees says, is to use techniques such as "dynamic signage" or flashing alerts to draw the user's attention to the camera, rather

56%

Of Indian CIOs leverage biometrics as an information security safeguard when it comes to their users. SOURCE: GISS 2013

than just trying to solve image acquisition issues through improved optics or better algorithms. "By changing the way we call attention to the camera, we have increased the [iris image] acquisition success rate by 25 percent," he says. The system works by automatically locating a passenger's face and capturing the iris pattern while the video offers simple instructions, such as "Please look up" and "Please stand still, thank you" and "Please proceed," according to Rees. At Symantec, Meijer says the closerrange binocular-style cameras used in the latest version of its iris recognition system have also improved considerably. "Before, you had to manually adjust the mirrors to line up with your eye," he explains. "Now it remembers you when you scan your badge. It's more user-friendly."

Iris-centric Law Enforcement While most organizations use iris recognition as an additional authentication resource, law enforcement agencies in Missouri have made the technology central to everything they do. Missouri was the first US state to use iris recognition as the core platform on which to build a statewide law enforcement records management

VOL/9 | ISSUE/05


and jail records management system for tracking people as they pass through the criminal justice system, says Mick Covington, director of the Missouri Sherriffs' Association. The new system, used by sheriff's offices and the Missouri Department of Corrections, starts tracking people the moment they're arrested and booked. "When someone comes into one of our jails, you get a read back in three seconds that tells you who they are and where they were last," Covington says. Deployed in 55 of the state's 115 counties to date, the system is used by county jails to, for example, identify people, check them in and out for court dates, and make sure medication is delivered to the right person at the right time. The system will eventually upload iris data to a state repository that will, in turn, upload the data to the FBI's NGI database. The fact that the system doesn't require touching the individual is an advantage in a prison setting, Covington says, and the technology requires minimal staff training. "The quality of the images is much better now," he says. "And the machines are more user-friendly and more durable. They're cop-proof." Iris recognition technology is continuing to evolve and outgrow its spy novel image, as is the manner in which users interact—or don't interact—with the systems. The technology is moving beyond what HRS's Norman calls a "coerced method of acquisition"—exemplified by the types of systems historically used at border crossings and in prisons—to a more social technology. "Social is if I go to a store and take a soda from a machine using a biometric," he says. "We're on the edge of moving into a personalization stage and away from this security/paranoia type of application. That's the next phase." CIO

Robert L. Mitchell is a national correspondent for Computerworld. Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05

Under the Lid IRIS | Unlike the retina scans you see in the movies, which shine a bright light through the pupil to capture images of blood vessel patterns at the back of the eye, iris recognition uses a camera to take a photograph of the iris—the colored portion of the eye. During fetal development, the eye goes through a process called chaotic morphogenesis that gives each iris its unique appearance. "When the optic nerve comes out of the brain, it essentially pumps out the eyeball, which rips and tears. Striations in the iris are the result of that," says Neil Norman, founder of Human Recognition Systems (HRS) in Liverpool, England. So how do iris cameras work? Functionally, iris recognition cameras aren't much different from digital SLR cameras, except that the light filters over the sensors allow near-infrared light to pass through instead of visible light, says Brian Martin, director of biometric research at MorphoTrust, a developer of identity verification systems. Iris recognition systems encode the entire eye structure, following an open standard. And because the process doesn't focus on detailed feature points, a gray-scale 640-x-480-pixel image is sufficient. That's one reason why the recognition algorithms can speedily process data and respond quickly. "The old VGA format turns out to be all you need. High resolution is not needed, and in fact would slow things down," says Patrick Grother, director of biometric standards and testing at the National Institute of Standards and Technology (NIST). Sophisticated, high-end cameras capable of capturing images at distances of two meters can cost $30,000 (about Rs 18 lakh) or more, but other models suitable for business use that operate at close range may run as little as a few hundred dollars.

IMAGE BY MAST ERF IL E

ESSENTIAL technology

FOR YOUR EYES ONLY

— By Robert L. Mitchell

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

71


endlines INNOVATION

* BY NEIL BENNETT

The Finnish company Inni Nail Studio has launched a new service that lets you order false nails with your own art and designs printed on them. Inni Nail Studio is an online tool that lets you upload your artwork—or choose from a set of preset designs—and then order them for US$8.90 (about Rs 540) for a set of 26 nails. Currently the service is offering free shipping worldwide. Inni has also launched a Kickstarter campaign to help expand the business. For users without creative software, the service also lets users design nails (or modify existing designs) using simple tools. Inni says that the nails last up to 14 days and that you don't need to apply transparent nail polish on top of them. The company also claims that they're very sticky, so they don't chip and don't start to peel off by themselves even in hot water. Removal is as simple as peeling them off like a sticker, says Inni. "We started with high ambitions and vision to create something completely new," says Inni's CEO and founder Katja Koutaniemi. "We wanted to offer endless opportunities for our users with the best possible quality, so our team developed the software and studied the materials for several months before the launch.

72

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05

IMAGE BY MAST ERFIL E

False Nails, True Art


FROM THE EDITOR-IN-CHIEF

PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L EDITOR-IN-CHIEF MANAGING EDITOR EXECUTIVE EDITOR ASSOCIATE EDITORS FEATURES EDITOR SPECIAL CORRESPONDENTS

Task Master By reducing attention span, multi-tasking leads to lower productivity and bad decisions. A few months ago, I tracked each time I was interrupted at work. I did this not for a day or a week; I maintained a record over an entire month. I clocked in a text or a phone or a colleague walking into my cabin or an e-mail alert or a post alert on our collaboration platform once every 13 minutes! Each time I was disturbed it got progressively difficult to regain my chain of thought and go right back to what I was doing. On one particular day, my attempts to write an editorial like this one were frustrated so often, that I gave up and wrote it out late at night once home. In an era when multi-tasking is seen as a highly productive trait, this whine of mine might seem anachronistic. However, research reveals that ‘multi-tasking’ not only reduces productivity but it also helps to reduce attention spans thus actually reducing the quality of output and leading to bad decisions. A study, conducted by the Institute of Psychiatry at the University of London, found that “workers distracted by e-mail and phone calls suffer a fall in IQ”. Big deal, right? Then consider that the study found that interruptions at work lowered IQ by as much as 10 points, while smoking marijuana regularly, caused only a four point drop in intelligence! Another study found knowledge workers in a mental state of continuous stress and distraction caused by the combination of queued messaging overload and incessant interruptions. In one organization, the authors found that staff “averaged 11 minutes on any one “working sphere” before switching to another altogether.” This extreme fragmentation of work resulted in a severe cumulative time loss, with some estimates as high as 25 percent of the workday. Their research found employees in a chronic state of mental overload in practically every company and organization in the industrialized world. One way out is for senior executives to actually take some ‘me’ time off—go walkabout, grab a cappuccino outside office, lock yourself into a conference room or your home with the mobile switched off—anything to take a mental step back and revel in the silence of your own thoughts. What do you think about this? Mail me.

Vijay Ramachandran T.M. Arun Kumar Gunjan Trivedi Sunil Shah,Yogesh Gupta Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya PRINCIPAL CORRESPONDENTS Debarati Roy, Sneha Jha, Varsha Chidambaram SENIOR CORRESPONDENTS Aritra Sarkhel, Eric Ernest, Ershad Kaleebullah, Shubhra Rishi, Shweta Rao SENIOR COPY EDITORS Shreehari Paliath, Vinay Kumaar LEAD DESIGNERS Pradeep Gulur, Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER-KEYACCOUNTS MANAGER MARKETING MANAGER-SALES SUPPORT SR. MARKETING ASSOCIATES

Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Sakshee Bagri Ajay Chakravarthy Nadira Hyder Archana Ganapathy, Benjamin Jeevanraj, MARKETING ASSOCIATE Arjun Punchappady, Cleanne Serrao, Lavneetha Kunjappa, Margaret DCosta, Shwetha M. LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laaljith C.K. O P E R AT I O N S

VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION MANAGER OPERATIONS MANAGER CREDIT CONTROL SR. ACCOUNTS EXECUTIVE

Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Chetan Acharya, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Dinesh P., Tharuna Paul Prachi Gupta Poornima

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/05

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

REAL CIO WORLD | J A N U A R Y 1 5 , 2 0 1 4

13


contents MARCH 15, 2014 | VOL/9 | ISSUE/05

Case Files 38 | TVS Motor Company IT STRATEGY It takes eight seconds to roll out a twowheeler at the TVS Motor Company. For IT to deploy a solution at that speed is unheard of. But the CIO of the company has changed that by reducing the time-tomarket an IT solution by 65 percent. Here’s how. By Shubhra Rishi

56 | SpiceJet

3 2

IT MANAGEMENT The intriguing story of how SpiceJet’s CIO found an ingenious way to save costs by limiting IT support staff—from what could have been 300—to 30. By Shubhra Rishi

more »

32 | Sizing Up SDx

4 6

COVER STORY | SDX The promise of a software-defined future is hard to resist. But getting there will require implementing SDN. There’s where things start to go off script. By Varsha Chidambaram

COVER DESIGN BY VIKAS KAPOO R

43 | IT Resume Makeover FEATURE | CIO CAREER Career coach and strategist Donald Burns shows technology executives how to better transition from IT consulting back to corporate IT as he works with a client who’s feet are planted firmly in both worlds. By Rich Hein

CXO AGENDA "Another thing we are trying to do is to leverage the Internet of Things,” says Sangita Reddy, Executive Director, Operations, Apollo Hospitals Group.

2

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


|

DEPARTMENTS 1 | From the Editor-in-Chief Task Master By Vijay Ramachandran

7 | Trendlines Innovation | Tech Plays Baby Sitter Devices | Speakers Turn Jukebox Mobile Apps | Winter Olympics: App Stars Social Media | Social Media: Show Stopper Technology | A Sense of Art Auto | Talkative Cars CIO Role | The Hardest Working CIO Popular science | Fill Up Your Senses Internet | Technology: The New Cupid By the Numbers | Indian CEOs: Anxious

14 | Alert

5 0

Security Tools | The FBI Goes High Tech Emerging Threat | Internet of Things

68 | Essential Technology Secuirty | Bull's Eye! IRIS | Under the Lid

72 | Endlines

50 | Innovation vs. Maintenance

Innovation | False Nails, True Art By Neil Bennett

FEATURE Spending too much time on keep-the-lights-on projects? Here’s how to tip the balance. By Minda Zetlin

Columns 19 | RIP Privacy?

52

PRIVACY Revelations in 2013 about NSA surveillance andREAL the CIO power of |big-data MARCH 15, WORLD analytics suggest the age of privacy is over. But a new 'privacy death index' places us far from the tipping point.

2014

3 0

13

By Jay Cline

21 | Little Data is Bigger LEADING EDGE Managing Big Data in isolation doesn't yield much value. Analyzing it in conjunction with Little Data makes insights smarter and more impactful. By Gunjan Trivedi

28 | Untangling Mobile Privacy THINK TANK If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work. Remember this privacy policy could define your company’s reputation. By Evan Schuman

4

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

THE CIO SUMMIT | 58 The third edition of the IDC-CIO business conference for IT leaders saw expert speakers and big-league CIOs discuss all the most important tech topics of the day.

VOL/9 | ISSUE/05


CIO Online

.in CIO ADVERTISER INDEX

Accenture Services

[ CI O TV ]

3

Bharthi Airtel ( Airtel Business)

Video Library

Canon India

From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our online videos.

EMC IT Services

Cyberoam Technologies

HCL Comnet IBM India

25, 26 & 27 IBC 29 8&9 17 IFC

Netmagic IT Services

31

SAS Institute (India)

15

Starcom of Denuo Vodafone India Wipro Limited

5 BC & 45 + insert 22 & 23

[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.

Don't receive our newsletters? Log on to our website to subscribe today!

>> cio.in/news

Read More@ cio.in

>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events

FOLLOW US ON www.facebook.com/CIOIndiaIDG twitter.com/CIOIn

Form IV Statement of ownership and other particulars about the magazine Real CIO World, as required to be published under Section 19-D Subsection (b) of the Press and Registration of Books Act read with Rule 8 of the Registration of Newspapers (Central) Rules) 1956. PLACE OF PUBLICATION: PERIODICITY OF PUBLICATION: PRINTER Name: Nationality: Address: PUBLISHER Name: Nationality: Address: EDITOR Name: Nationality: Address:

‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Monthly Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka Louis D’Mello Indian ‘Geetha Building,’ 49, 3rd Cross, Mission Road, Bangalore 560027, Karnataka

Names and addresses of individuals who own the magazine, and partners or shareholders holding more than one per cent of the total capital: International Data Group, 5, Speen Street, Framingham MA 01701, USA I, Louis D’Mello, hereby declare that the particulars given above are true to the best of my knowledge and belief.

15 March 2014

6

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Louis D’Mello Signature of publisher

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL/9 | ISSUE/05


EDITED BY SHARDHA SUBRAMANIAN

NEW

*

HOT

*

UNEXPECTED

Tech Plays Baby Sitter which acts as a bridge between the onesie and the home’s WiFi network. “We basically designed it because we had parents coming to us saying ‘I wake up over and over in the middle of the night because I’m wondering if everything is okay with my baby,’” Madden said. “It’s really there to be an extra tool for parents.”

Along with co-founder Thomas Lipoma, Madden leads a group of seven young employees, all but one of whom hail from The Massachusetts Institute of Technology. In a loft style office that Rest Devices shared with a custom tailoring company, the group developed, prototyped and began manufacturing Mimo. With the exception of the onesie, which comes from India, all of the components of the system and the assembly is done in Massachusetts and New Hampshire. For durability testing, the team 3D-printed a contraption that used a small motor to restart a washer and dryer. “If you think about washing a thousand onesies hundreds of times, that’s a lot of laundry. So we added servos to the washer and dryer so that they’ll automatically restart and run on self-cycled water.” —By Nick Barber

TRENDLINES

I N N O V A T I O N Singing along to the Disney movie playing in the background, Dulcie Madden helped hand-package thousands of hightech baby clothes from her start up in Boston’s Leather District. Madden is the CEO and co-founder of Rest Devices, which just started shipping its Mimo connected “onesie” to stores across the US. The system aims to help anxious parents by monitoring a baby’s movement, respiration, position and skin temperature and delivering the information with audio to smartphones. “The green stripes on the front of the onesie are the respiration sensors, which pick up the baby’s breathing throughout the night or as they’re playing,” Madden said. The green plastic turtle that attaches to the onesie has a temperature sensor, accelerometer and Bluetooth low-energy chip to deliver the information to the “lily pad,”

Speakers Turn Jukebox

VOL/9 | ISSUE/05

instructions for streaming that music from the Internet. This allows users to control playback from multiple devices or leave the house while letting the music play. Similar to Sonos, Beep can also synchronize playback to multiple speakers—up to five at once on most Wi-Fi networks. The wedge-shaped hardware has a large dial on top. Tapping the dial starts and stops playback, and twisting the dial adjusts volume. There’s a 3.5 mm optical jack for audio output and a micro-USB input for power. Beep says it supports pretty much any speaker with a 3.5 mm auxiliary input, optical input or an RCA jack.

If you don’t already have a bunch of extra speakers, Beep isn’t necessarily a cheaper or better solution than Sonos. Sonos also supports many more apps right now, including Spotify, Rdio and Amazon Cloud Player. But for users who already have good speakers on hand, Beep could save you some cash. Besides, the idea of pushing music from a smartphone to speaker with the touch of a button is pretty alluring. Down the road, Beep could even license its technology to speaker companies, allowing for built-in streaming similar to what Apple has done with AirPlay. —By Jared Newman

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

IMAGES BY T HIN KSTOCKP HOTOS.IN

If you have any old speaker systems or boomboxes lying around the house, Beep has a plan to usher them into the Internet age. Beep is a device that lets you wirelessly send music from a smartphone or tablet. It connects to your home Wi-Fi network, and any iOS or Android apps that support Beep will display a button for beaming your tunes. Beep works a lot like Google’s Chromecast TV dongle, but for speakers. (The company was co-founded by two former Google employees, after all.) Instead of receiving audio directly from the phone or tablet, Beep merely gets

DEVICES

7


"We took the right step by choosing the EMC Isilon brand because it is one of the pioneers of the scale-out storage system worldwide. It is the best product available in the market currently, which made business sense for the company." K.Y. IYER CIO, NDTV

Company NDTV

Industry Media

Headquarters

New Delhi

Founded 1988

Channels 4

BROADCASTING

SUCCESS

When NDTV was in need of a scalable and resilient storage system for the new channel it was going to establish, it found a more than able comrade in EMC Isilon. Here’s how the collaboration spelled success for the media giant.

By Aritra Sarkhel


CUSTOM FEATURE EMC

T

alk TV, talk NDTV. Founded by Prannoy Roy and Radhika Roy in 1988, New Delhi Television (NDTV) is one of the pioneers of broadcast news networking in India and the world. Over the years, it has expanded operations across the world and gained a formidable reputation by setting up channels such as NDTV 24x7, NDTV India, NDTV Profit, and NDTV Good Times. Thanks to its state-of-the-art studio facilities across the country, NDTV has been consistently producing one of the best quality news content on prime time television. But sustaining the hard-earned reputation would require delivering the same quality of content across its new ventures as well. There can never be a slippage in terms of delivery.

PRESSING NEEDS About six years ago, NDTV had planned to establish a new 24-hours channel. This was supposed to be the beginning of a new journey for the company. Most of the operations were in order, and as a result, K.Y. Iyer, NDTV’s CIO, and his lean IT team had their task cut out clearly. Setting up a new channel is a gargantuan task. New teams, new agendas, new infrastructure—all have be in place with less or zero IT downtime. Iyer very well knew that this pressing need warranted an advanced IT infrastructure. “It was not challenging as such but carving out a new setup altogether for vaster broadcasting purposes still meant a huge job,” says Iyer. NDTV’s new channel required a brand new storage facility. “The workflow of videos is complicated. Managing gigabytes of video data is a different ballgame altogether. It is different from traditional enterprise IT applications that companies are accustomed to supporting. Video has to be easily accessible and, at least, we need stringent real-time performance,” says Iyer. He also points out that in order to achieve such robust real-time video performance, it was critical to have a storage system which was highly scalable with enormous bandwidth and continuous low latency and still have the capability to support video applications throughout the day. Iyer and his team were on the lookout for such a competent system. “We had deadlines to meet to set up the infrastructure for the new channel. We did our research and kept ourselves abreast of newer technologies across the scalable storage system. We attended trade shows and had vendors

THE BENEFITS

Tremendous Scalability: In terms of flexibility, EMC Isilon scales multiple gigabytes per second of throughput within a single file system. Scaling on-the-go helps NDTV perform linearly and grow capacity in an agile manner. Reliability: EMC Isilon has set the bar for reliability high by delivering capabilities such as no single point of failure, fastest disk rebuild time, proactive failure detection, and fully journalled file system. High Efficiency: EMC Isilon’s scale-out storage provides better rates of utilization compared to NAS solutions from other vendors. This means greater efficiency for the overall architecture with lower maintenance and operational costs. Robust Video Performance: The EMC Isilon is a highly scalable storage system with enormous bandwidth and continuous low latency, and offers the capability to support video applications throughout the day.

present us with their storage solutions time and again,” he says. Elaborating further on the need for a sinewy solution, Iyer says, “We required storage systems where our video would be stored and in some cases, edited. We

needed good throughput and equally good network performance. And more importantly, reliability was a must because being a 24-hours channel, our new venture could not afford to face downtime even for a second.”

QUEST FOR THE BEST Unfortunately, none of the vendors then were able to completely meet the criteria that Iyer and his team had set. The hunt went on without any success for a long time, but in the end, Iyer and his colleague Jay Chauhan found the solution they had been looking for—in the form of EMC Isilon. “We chose the EMC Isilon range of solutions because it enables high-speed access to huge loads of mission-critical data and reduces cost and complexity at the same time,” says Iyer. EMC Isilon, a resilient and scalable NAS solution, was and still is one of the best in the industry. “We took the right step by choosing the EMC Isilon brand because it is one of the pioneers of the scale-out storage system worldwide. It is the best product available in the market currently, which made business sense for the company,” he adds.

GOING ON AIR Iyer states that the experience has been stupendous so far. “Except for one or two minor instances, there has not been a single downtime issue so far. The EMC Isilon has been extremely reliable throughout,” he says. In terms of flexibility, EMC Isilon scales multiple gigabytes per second of throughput within a single file system. “Since we are in the broadcasting domain, scaling on-the-go helps us perform linearly and grow capacity in an agile manner,” Iyer says. Iyer is jubilant that he and his team are able to consistently deliver that crucial aspect that the new channel demanded. They have not had to deal with storage issues. “We certainly did not want the TCO to be high nor did we want something that required high maintenance. EMC Isilon has been continuously available online and resilient throughout,” says Iyer.

This case study is brought to you by IDG Services in association with EMC


Winter Olympics: App Stars

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Social Media: Show Stopper Google Glass, the Moto X, and Samsung’s Galaxy Gear have all appeared on runways at MercedesBenz Fashion Week, proving that tech and fashion are made for each other. But this spring, it’s not gadgets that stole the spotlight at the semi-annual spectacle. Social networks and sharing economy startups got in on the action, helping designers hawk their wares, get to shows, and show off the glitz behind the scenes. Uber offers arrivals in style: If any company can be counted in for an event tie-in, it’s Uber. The on-demand transportation app has delivered Christmas trees and marching bands for past promotions, but for Fashion Week, the company did something that’s actually relevant. Uber partnered with designer Alexander Wang, who moved his runway show from Manhattan to Brooklyn—not an easy trek if you’ve got a slew of other shows to attend. Attendees who used Uber to get to Wang’s event got 30 percent off their fare (though it was unclear if the company put surge pricing in effect for Fashion Week). Anyone who’s tried to hail a cab in Manhattan to cross the Brooklyn Bridge knows it’s close to impossible, so this tie-in makes a lot of sense. But of course, Uber had to go a little over the top and offer a second promotion to coincide with Fashion Week. The app worked with cosmetics company Benefit to deliver “emergency mascara technicians” to fashionistas in need of a quick makeover—plus a bag of swag—before hitting the next show or after-party. Instagram went Glam: Every season, Instagram’s ties to Fashion Week grow stronger. Naturally, designers, models, and journalists shoot the shows from every angle and upload their bird’s-eye views to the photo-sharing network. But for the first time this year, Instagram is working with Vogue on a week-long series of exclusive posts. In other words, Vogue didn’t simply repurpose its own content and reposted it on Instagram. The social network brought back the Instagram installation it built at Lincoln Center last year to show off the images Fashion Week attendees were uploading—and this time, the digital photo wall was even bigger.

SOCIAL MEDIA

—By Caitlin McGarry

VOL/9 | ISSUE/05

IMAGES BY T HIN KSTOCKP HOTOS.IN

TRENDLINES

M O B I L E A P P S Search “Sochi Olympics” in the App and Google Play stores and you’ll find dozens of Olympicthemed apps, some from reputable outlets and others merely trying to squeeze out a buck from the world’s most popular sporting event that concluded last month. Here are a few other apps that shone at the winter Olympics. NBC’s App Suite: NBC broadcast more than 1,000 hours of live Olympic footage to NBCOlympics.com and its app NBC Sports Live Extra. Just like NBC’s Olympics page, viewers could watch every event live straight through the app, and catch up on things they missed through highlights and event replays. It even had a handy calendar of events, so viewers could create their own viewing schedule and set reminders. Olympic Athletes’ Hub: A lot of athletes competed in the Olympics, and while all of their tweets and Instagram pics were amusing, you don’t want them clogging up your personal feeds. That’s why the Olympic Athletes’ Hub was a handy resource: It pulls all of the Olympians’ verified Twitter, Instagram, and Facebook accounts into one app. People could pick their favorite athletes, teams, or sports to follow, and they’ll get up-to-date posts from their social media accounts. theScore: Popular sports news site theScore recently updated its app to support Winter Olympics coverage, and its content was gorgeous—especially if viewed on a tablet. TheScore was your one-stop news source for everything Sochi. With frequently updated articles written by theScore’s own staff, photo slideshows, videos, and integrated social media feeds, this app provided viewers with tons of Olympics bites. Its designated pages for medal counts and podium ranks helped viewers keep track of how different teams were doing. Viewers could even curate their own feed by picking their favorite sports and events to follow, which then got saved in a special tab. 2014 Team USA Road to Sochi: Produced by the United States Olympic Committee, the 2014 Team USA Road to Sochi app could’ve come off as some form of PR-minded hokum, but its true value is that it served as an info-packed resource even after the Olympics commenced. With a continually updating set of bios and news updates, the USOC’s app featured athlete Twitter updates, venue photo galleries, videos of events, and even a donation button to let users contribute to Team USA. This user-friendly design served as a one-stop resource for anyone cheering the red, white, and blue. — By Leah Yamshon


A Touch of Art

C I O R O L E We asked CIOs to describe how their businesses viewed them and how many hours they worked. Not surprisingly, those considered competitive differentiators worked the longest hours a week.

54.0

Competitive Diffrentiator

52.5 Valued Service Provider 52.4 Trusted Partner 52.3 Cost Center

Source: CIO Research

VOL/9 | ISSUE/05

Talking cars will soon make the leap from the latest children’s animation onto our roads in a bid to improve safety—but they won’t be talking to us. Adelaide-based vehicle technology leader Cohda Wireless is poised to become a major beneficiary of a US Department of Transportation decision to green light ‘talking cars’ on American roads. The department’s National Highway Traffic Safety Administration (NHTSA) announced it will start taking steps to enable vehicle-to-vehicle (V2V) communication technology for light vehicles. Pioneered by Adelaide-based Cohda Wireless, V2V technology promises to improve safety by allowing vehicles to “talk” to each other and ultimately avoid many crashes altogether by exchanging basic safety data, such as speed and position, ten times per second. Cohda Wireless chief executive, Paul Gray, said Cohda was perfectly poised to take advantage of this new development. “About half of all vehicles involved in V2V trials globally contain Cohda equipment, including 1,500 of the 2,800 vehicles involved in the important Safety Pilot Model Deployment project that has given the DOT the confidence to make this decision.” US Transportation Secretary Anthony Foxx said vehicleto-vehicle technology represented the next generation of auto safety improvements, building on the life-saving achievements we’ve already seen with safety belts and airbags.” With safety data such as speed and location flowing from nearby vehicles, vehicles can identify risks and provide drivers with warnings to avoid other vehicles in common crash types such as rear-end, lane change and intersection crashes. The safety applications have been demonstrated with everyday drivers under both real-world and controlled test conditions. Cohda’s patent-protected technology, embedded in the Cohda/NXP RoadLINK chipset, exchanges messages reliably across an extended range and at high speed, cutting ‘time to react’ and communicating potential hazards and safetycritical scenarios much faster than conventional applications. This has seen strong early adoption of Cohda’s products.

AU TO

IMAGES BY T HIN KSTOCKP HOTOS.IN

The Hardest Working CIO

Talkative Cars

TRENDLINES

TECHNOLOGY A new interactive gallery installation in Shoreditch uses haptic technology to allow visitors to hear and feel a painting. The project, created by Middlesex University, aims to turn admiring fine art into an immersive experience that stimulates additional senses. Currently found at Shoreditch Red Gallery, the installation features a stormy seascape painting in front of a robotic device that the visitor holds onto. By moving their hand, the visitor can explore the painting, activating 360 degree sounds and haptic feedback (they can ‘feel’ the weight of the sea, for example) depending on the part of the painting they’re ‘in’. Middlesex University Creative Directors Florian Dussopt and Nick Phillips are the minds behind the project, which they’ve titled ‘Into the Frame’, and enlisted the help of staff in the University’s science and technology departments as well as 3D sound specialist Dave Hunt. Artist Paul West created the painting itself. “By building a bridge between fine art and the science of haptics and 3D sound we have created a new third dimension of art to allow visitors to explore and feel through touching and listening,” says Nick. “It’s been great creating not only an art installation, but also promising a tool for neuro-rehabilitation,” adds Florian, who believes the project could also help with brain injury rehab. “It has potential to help with brain spatial problems, and during the project we published and presented a research paper on this at the International Conference for rehabilitation robotics in the USA.” —By Ashleigh Allsopp

—By Brian Karlovsky

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

11


Fill Up Your Senses Any product that can be connected to a network is being given the ability to sense our environment. This kind of technology is increasingly aware of everything around us. It measures temperature, orientation and direction, light, pressure, vibrations, noise, and—eventually—it will be able to mimic the sense of smell. And, thanks to the Internet of Things, sensing technology will soon become pervasive at home and in the office. Most people are already familiar with some of the capabilities of sensing technology, such as the accelerometer used in a smartphone. It detects changes in orientation and is responsible for rotating a screen. The accelerometer is a microelectromechanical system (MEMS) sensor, one of many types of MEMS-based sensors. Market research firm HIS iSuppli said the number of MEMS units, which includes accelerometers, gyroscopes, microphones, pressure-based, motion and temperature sensors, will increase at a rate of 20 percent a year through 2017. It expects that nearly 10.8 billion MEMS units will be shipped this year, with that number rising to 17.15 billion in 2017.

TRENDLINES

POPULAR SCIENCE

“The market is truly driven by consumer and mobile applications,” says Jeremie Bouchaud, an analyst at iSuppli. MEMS has “become the link that lets the technology be more fully integrated into the world,” says John Chong, director of product engineering at Kionix, a MEMS producer. Its facility, which employs between 250 and 300 people, designs and fabricates the sensors. MEMS sensors are the basis of much of the sensor technology being integrated in modern devices and are a complementary technology to integrated circuits. Manufacturers such as Kionix are using similar tools and fabrication processes to produce them. “This allows MEMS to follow the same development trajectory of integrated circuits, continually becoming smaller, cheaper and better,” says Chong. MEMS can also be easily paired with integrated circuits. “Together, they become a more complete system, with the integrated circuit functioning as the brains while the MEMS function as the senses—sight, sound, feeling, etcetera,” says Chong. —By Patrick Thibodeau

I N T E R N E T Have you ever had a text fight with your spouse? Feel like Facebook and smartphones are helping your relationship? Technology is becoming a greater role in romantic relationships, according to a report from the Pew Internet & American Life Project. The study was based on telephone interviews with 2,252 US adults conducted between April 2013. “Couples use technology in the little and large moments,” Pew report stated. “They negotiate over when to use it and when to abstain. A portion of them quarrel over its use and have had hurtful experiences caused by tech use. At the same time, some couples find that digital tools facilitate communication and support.” While 10 percent of Internet users who are married or partnered say the Internet has had a “major impact” on their relationship, a larger 72 percent say it’s had no impact on their relationship, and 17 percent said it’s had a minor impact. While people may complain about their significant other’s texting during dinner or date night, the Pew study showed that

12

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

of those who said the Internet has had a major impact on their relationships, 74 percent of them said it was a positive impact. Only 20 percent said the impact was mostly negative and 4 percent said it had both positive and negative effects. “I think tech is mostly helpful to relationships,” said Dan Olds, an analyst with The Gabriel Consulting Group. “It gives people the ability to communicate in more and different ways. Text messages make it easy to toss out those quick ‘I’m thinking about you” or ‘I’m thinking about you, and I’m still mad about last night’ messages. Communication isn’t only about good things, right?” Olds said he’s not surprised that more people didn’t complain about technology getting in the way of their relationships or at least irritating them. “I think the reason tech isn’t more of a problem in relationships is because tech-centric and tech-phobic folks probably tend to clump together over time,” said Olds. —By Sharon Gaudin

VOL/9 | ISSUE/05

IMAGES BY T HIN KSTOCKP HOTOS.IN

Technology: The New Cupid


COMPILED BY SHUBHRA RISHI

Best Practices

Indian CEOs: An Anxious Lot As recent as last year, Indian CEOs were brimming with confidence, while their counterparts around the globe had only sob stories to trade. But this year, fortunes have changed hands, according to PWC’s Annual Global CEO Survey. The survey observes that only 49 percent of Indian CEOs are confident of their organizations’ growth prospects over the next 12 months. CEOs in Korea, Taiwan, the Middle East, Russia and Africa are more confident than Indian CEOs about revenue growth for 2015. So what are Indian CEOs worried about? Over-regulation, say 82 percent of Indian CEOs. According to the survey, it’s the tallest hurdle that can stall growth in their organizations—and the only challenge that Indian CEOs have in common with global CEOs. That, coupled with inadequate basic infrastructure, continues to haunt 82 percent of Indian CEOs and has emerged as a top threat—which it wasn’t 10 years ago. Other challenges giving CEOs sleepless nights are issues that have plagued India for years—currency volatility (84 percent) availability of key skills (81 percent), and changing consumer behavior (48 percent). But they aren’t losing heart yet. They are planning to use technology to counter these challenges. Seventy-nine percent of Indian CEOs believe that technology advancement will transform their business over the next five years. That’s why over 70 percent are betting on data management and analytics to ride the wave of change.

1

DEVELOP skilled workforce. Skilled staffers are hard to come by, so develop and train internal staff in the latest technologies to stay ahead of competition.

2

HARNESS technology. Use data analytics and data management to counter the challenges of growth and show CEOs what IT can do to help business.

3

FIND new ways to engage consumers. Social media is a great way to reach more customers. Use the platform to market your organization and business.

TRENDLINES

A

Over-regulation, currency volatility, lack of talent, inadequate infrastructure—the list is long for the worrisome Indian CEO.

The Worried CEOs Club Global CEO Challenges

Indian CEO Challenges

72%

Govt. response to fiscal deficit and debt burden

71% 70%

Slow or negative growth in developed economies

70% Increasing tax burden

72% Over regulation

Over regulation

63% Availability of key skills

60% Exchange rate volatility

47%

79%

Of Indian CEOs believe that technology advancement will transform their businesses over the next five years.

Inadequate basic infrastructure SOURCE: PWC GLOBAL CEO SURVEY 2014

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

13

IMAGES BY T HIN KSTOCKP HOTOS.IN

What Indian and global CEOs are most worried about.


alert

ENTERPRISE RISK MANAGEMENT

The FBI Goes High Tech N

IMAGES BY THINKSTOCKPHOTOS.IN

early 80 years after it began collecting fingerprints on index cards as a way to identify criminals, the FBI is moving to a new system that improves the accuracy and performance of its setup while adding more biometrics. By adding palm print, face and iris image search capabilities, the FBI’s Criminal Justice Information Services Division (CJIS) hopes to improve the accuracy of identity searches, make it easier to positively identify and track criminals as they move through the criminal justice system and provide a wider range of tools for investigators. The current database, the FBI’s Integrated Automated Fingerprint ID System (IAFIS), includes data on 135 million criminals and terrorists, and as civil servants and other citizens who work in “positions of trust.” Since its launch in 2008, the $1.2 billion (Rs 7,200 crore) Next Generation Identification (NGI)

project has been incrementally replacing pieces of the aging IAFIS and adding new features.

Mobile ID The recently released mobile ID system is one of the more compelling new features in NGI. It lets officers in the field use a handheld fingerprint scanner during a traffic stop and run a two-fingerprint check against the NGI’s newly created Repository of Individuals of Special Concern (RISC).

Core upgrades In NGI, the ten-print system has also been improved because it now runs on a more powerful, 1,000blade server farm—the old IAFIS system runs on 64 blades—and uses enhanced recognition algorithms.

“NGI is faster, more accurate, and has better process flows than IAFIS had,” says Scott Blanchard, manager of the automated print identification section at the Michigan State Police. The matching accuracy rate has risen from 92 percent to 99 percent while average response time has dropped from 2 hours to 10 minutes. But the time improvement is for matching fingerprints scanned under controlled conditions, such as at a police booking station. Matching latent fingerprints—those found at a crime scene—is much more difficult. With an accuracy rate of just 25 percent, IAFIS wasn’t highly effective for investigators. By contrast, the upgraded NGI capabilities rolled out in 2013 have had an accuracy rate well above 80 percent for latents.

Internet of Things: Beating the Odds FINDINGS

The Internet of Things can bring a number of benefits, but it also opens up greater security risks.

IoT: Top 5 Governance Issues

38% Increased security threats

28% Data privacy

9% Identity/access management

9% Attacks against connected devices

14

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

29%

Of IT professionals say the risks of Iot outweigh its benefits. SOURCE: ISACA

VOL/9 | ISSUE/05


alert

ENTERPRISE RISK MANAGEMENT

Going for the Palm A national palm-print database, deployed in 2013, should also help investigators because palm prints are left at the crime scene 30 percent of the time. The State of Michigan has been taking palm prints for five years, but Blanchard says there have been a few kinks getting up and running with the new system. “The FBI has placed requirements on palm print submissions that most states are not meeting,” he says. In a palm capture, NGI requires that the whole hand be captured, not just the palm. “They are trying to compare the fingers from the palm capture to the fingerprints that were rolled to make sure the palm matches the person. Many agencies aren’t meeting that requirement. We are capturing just the palm, not the entire hand,” Blanchard explains.

Recognizing Mug Shots Mug shots have long been a staple of IAFIS, but the FBI’s Interstate Photo System Facial Recognition Pilot project, launched in February 2012 in three states, now lets participating law enforcement organizations use face recognition to search against over 15 million of those images. The service will be fully deployed in June. Using face recognition algorithms to search for a match against another photo is new; it matches the photo taken at the booking station or from a crime scene with mug shots in the NGI database that have a high probability of being a match. Face recognition isn’t nearly as accurate as fingerprints when identifying individuals. “If you had a perfect gallery it would be in the 80

percent range for matching,” Reid says. But that’s for the best case. Most existing mug shots weren’t taken with facial recognition in mind. The right pose and high image quality increase the odds of finding a match. Nonetheless, face recognition is proving to be an effective tool during active investigations for the Michigan State Police. “The system has been very beneficial in attempting to identify unknown subjects who commit crimes of identity theft and fraud,” says Pete Langenfeld, manager of the digital image analysis section. The response time for an inquiry has averaged less than three minutes, he says. And because the people who commit such crimes often cross state lines, investigators don’t need to contact every jurisdiction to see if they have a face recognition program.

Experimenting with Iris Recognition CJIS has been working with the Federal Bureau of Prisons and National Sheriffs Association to launch a pilot iris recognition project, but whether it will eventually be included in the new NGI/ IAFIS system is still undecided. “We know ther e are business cases, but is it something we want to support at the national level?” Reid asks. A formal pilot will be deployed in 2014, he says. Iris recognition, while very accurate, is unlikely to supplant the well-established ten-print system for criminal identification purposes, and it’s

of limited use for investigations because, as Reid points out, “There isn’t an iris left at the scene.” So far, the best use for iris recognition has been in tracking criminals as they pass through the criminal justice system. “Prisons like it because you can do it without having to touch the individual,” Reid says. The Michigan State Police aren’t capturing iris images during booking, but Blanchard says they have been experimenting with the technology as a way to provide access to secure rooms. “It’s more secure than access cards and cleaner [and] less intrusive than fingerprints,” he says. “If it’s more efficient and cost effective, we’ll roll it out department-wide.” While it’s more costly than other biometrics, iris recognition system prices have been coming down. And in some applications, Blanchard says, the added security and reliability may be worth the extra cost. To date, NGI has been returning twice as many identifications with multimodal biometrics as it did with the old IAFIS system. While Blanchard has been pleased with the new system’s performance, he says it will take time for the majority of law enforcement agencies to get set up to collect and share the new classes of biometric data. “It’s a revolutionary change,” Reid adds—one that should improve law enforcement’s effectiveness, particularly for criminal activity that crosses state lines. CIO Robert Mitchell is correspondent for Computerworld. Send feedback on this feature to editor@cio.in

[ONE LINER:]

As a concept, privacy isn’t part of the Indian culture. Our names reveal our state, caste, religion,

and sometimes our village and our father’s names. — DEEPAK ROUT, CSO, THE CO-OPERATORS GROUP

16

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


CUSTOM FEATURE HCL TECHNOLOGIES

CASE STUDY

Strengthening Security

for India’s Payments Backbone The National Payments Corporation of India needed to set up an SOC to ensure constant monitoring of systems to prevent malicious attacks and adhere to best practices around security. Here’s how HCL Technologies helped it achieve this objective. By Ershad Kaleebullah

T

he World Bank states that India had about 11.21 Automated Teller Machines (ATM) per 100,000 citizens from the year 2009 to 2013. This number is approximately 21 percent higher than the same statistic for the period between 2004 and 2008. Additionally, a look into the Reserve Bank of India’s (RBI) November 2013 data reveals that there are a total of 137,080 ATMs in the country. Weaving an intricate web for all these ATMs is the National Financial Switch (NFS)—an application that enables ATM switching among different banks for interbank ATM transactions. The responsibility of handling this process is with the National Payments Corporation of India (NPCI), which, besides playing this monumental role, also finds itself pitted against financial giants such as Visa and MasterCard, thanks to the introduction of RuPay cards. A recent report suggests that NPCI expects to issue close to 25 million RuPay cards by the end of March. Powering all this and more is NPCINET, which forms NPCI’s IT infrastructure backbone. The robust architecture currently supports about 533 million transactions a month collectively. A behemoth task indeed.

The PCIDSS certification helps establish best practices for critical functions and instils confidence in users as we follow standards and adhere to industry-recognized security certifications. —Dr. N. Rajendran, CTO, NPCI

SURETY OF SECURITY However, the NPCI had to make all these happen without compromising on the stringent security standards set by the Payment Card Industry Data Security Standard (PCIDSS). NPCI’s CTO, Dr. N. Rajendran says, “We wanted to be certified by the PCIDSS. In our stream of business—the payments system—we need to log all activities to prevent untoward activities. The idea is to identify issues promptly and take appropriate control measures before things go out of hand.” The first order of business was setting up a tough network backbone, post which the NPCI put out a Request for Proposal (RFP) for an IT solutions expert to set up a Security Operations Center (SOC). After an intense and stringent

evaluation process, HCL Technologies was selected as partner for the same. “HCL Technologies implemented the SOC which proactively monitors all activities and raises a red flag in case of high risk incidents. For example, if the SOC spots any activity that deviates from the normal, it will alert the team concerned and check whether it was authorized,” says Dr. Rajendran. In addition to monitoring multiple devices, it allows configuration for different frameworks as well. This ensures that systems are controlled by monitoring all the user activity 24x7. In short, it provides relentless protection for the entire IT infrastructure. Highlighting NPCI’s commitment to offering secure transactions to its customers, an HCL spokesperson says, “NPCI has been a pioneer in adopting technology solutions which help provide multi-layered data security, defense in depth, and proactive monitoring to help secure the infrastructure that powers the RuPay network in India.“ On the other hand, talking about the benefits of the implementation, Dr. Rajendran says, “We are already on two standards certified by PCIDSS and ISO 27001. This helps establish best practices for critical functions, and instils confidence in users as we follow standards and adhere to industry-recognized security certifications.” The next time you do a financial transaction using a RuPay-affiliated card, you can be assured that NPCI has the appropriate information security controls implemented to secure your transaction, ably supported by the solutions provided by HCL Technologies.

This case study is brought to you by IDG Services in association with HCL Technologies


alert

ENTERPRISE RISK MANAGEMENT

Internet of Things: Top Threats

In-CarWiFi Revenues for connected cars in 2013 was about $21.7 billion, according to Visiongain, with 2014 revenues climbing even further. More car companies like Ford and GM are offering in-car WiFi, turning cars into mobile hotspots and connecting passengers’ devices to the Internet, according to John Pescatore, Director of Emerging Trends, the SANS Institute. But, in-car WiFi has the same vulnerabilities as traditional WiFi hotspots. Without the firewalls present in small business WiFi installations, in-car devices and data is at risk. Once inside the network, an attacker can pose as the car, connect to outside data sources such as OnStar servers and collect an owner’s private data such as credit card data.

Mobile Medical Devices “The market for wearable wireless devices will grow from 42 million devices in 2013 to 171 million in 2018,” says Jonathan Collins, Lead Analyst, ABI Research. In 2014, hackers will increasingly attack mobile medical devices running Windows, including pacemakers, according to Rodney Joffe, senior technologist, Nuestar. “Windows is very popular for those devices because it is cheap, ubiquitous and well-known among programmers,” explains Joffe. But, unlike Windows on a desktop computer, there is no patching mechanism for Windows on these devices, says Joffe. The more these 18

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

devices connect to the Internet through wireless frequencies, the more viruses will spread among them.

Wearable Devices The global wearable technology market was worth about $4.6 billion in 2013, and will continue to rise in 2014. Devices such as Google Glass are a major attack vector because they automatically connect to the Internet. And, they have very few if any security solutions on them. Hacking Google Glass provides attackers with confidential corporate data and IP. An organization may not know what kinds of data or how much a wearer absorbs using Google Glass as they move through offices and other environments in the

Shape-shifting Security

T

he Internet of Things (IoT) is a mass of billions of connected devices from cars to wireless wearable products. Cisco estimated 12.5 billion connected devices in existence globally as of 2010 with that number doubling to 25 billion by 2015. In light of this burgeoning market, here are some categories of IoT devices at risk, that you need to watch out for.

enterprise. A hacker could copy that audio and video.

Retail Inventory Monitoring and Control, M2M In 2014, inventory management technologies will increasingly include 3G cellular data transmitters on packages. The purpose of the new 3G transmitters is constant, real-time position reporting. But, hacktivists who would normally bombard websites with DOS attacks could instead intercept these transmissions and tell servers that WalMart, for example, is continually selling out its supply of soccer balls, leading to massive soccer ball shipments bombarding WalMart stores. CIO David Geer write for CSO Online. Send feedback on this feature to editor@cio.in

A start-up called Shape Security recently announced technology it calls Shapeshifter that is said to prevent cyber-criminals from successfully attacking and compromising websites. By putting the Shapeshifter appliance in front of a website, every HTML page that is presented for viewing is subtly transmuted in its underlying code each time so that it won’t look the same twice. “The key is not to change anything to the naked eye but everything the programmer cares about,” explains Shape Security’s VP of strategy, Shuman Ghosemajumder. This automatic altering of Web pages to the external world creates a kind of deceptive camouflage designed to never let an attacker get a single straight shot to undermine the site through attacks such as crosssite scripting or application denial-of-service attacks. Shape Security calls this “real-time polymorphism” and in some regards, Ghosemajumder points out, it borrows a page from tactics that malware authors use to constantly modify malicious code so it can evade signature-based detection. With Shapeshifter, “the website will constantly re-write itself wherever you deploy it, the HTML will re-write itself,” he says. But for the visitor, the content looks the same as it might be otherwise. Shapeshifter’s approach requires considerable processing power, Ghosemajumder acknowledges. Because it is computationally intensive, Shapeshifter has to be tested carefully in any website environment. The amount of traffic and number of web pages will be factors in its use. — By Ellen Messmer

VOL/9 | ISSUE/05


Jay Cline

PRIVACY

RIP Privacy? Revelations in 2013 about NSA surveillance and the power of big-data analytics suggest the age of privacy is over. But a new 'privacy death index' places us far from the tipping point.

T

ILLUST RATION BY MASTERF ILE

he NSA's former general counsel told the world's largest gathering of privacy professionals last year that the privacy laws they're championing are stupid and futile. Facebook's Mark Zuckerberg described privacy as a social norm we've evolved away from, and Google's Eric Schmidt famously proposed that the only people who need privacy are those with something to hide. Are they right? Is privacy passĂŠ? Several developments in the past year definitely point in that direction. We all can't keep up anymore with all of the new digital innovations hitting the streets. Less and less of our personal information each day seems to be "off the grid." At the same time, 2013 was the year we lost track of the limits of big-data analytics. Many of us saw the story about the researchers who could use your Facebook likes alone to predict with 88 percent to 95 percent accuracy whether you're black, gay or a Democrat. We'd read about the retailer that predicted a teenager was pregnant before her father knew it, merely by changes in her purchases of a group of 25 products. In 2013, we became fascinated with the different apps and TED talks that used data in ways we never thought possible. But more than anything, this year we learned about the vast capabilities of the NSA, which seemed to leave nothing digital out of its hearing range. When Sun Microsystems co-founder Scott McNealy boldly proclaimed in 1999, "You have zero privacy anyway. Get over it," was he a prophet preparing us for the inevitable?

AWorld Without Privacy When the common wisdom is moving in one direction, there's often a lot of money to be made going against it. That's what I think is

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

19


Jay Cline

PRIVACY

happening with privacy. The rumors of privacy's demise are premature. Privacy isn't even halfway dead, and if and when we see privacy's death on the horizon, we'll know then how much we're willing to pay to reverse course. If you think I'm too naive or optimistic, take a minute to imagine what the world would look like with zero privacy. I suggest there'd be three tell-tale features of life in that day: Ubiquitous, inescapable collection of personal data; nearperfect predictive capability of that data; and mandatory availability of that data. In other words, in a world without privacy, anyone would know anything there is to know about you on demand. Moreover, that information would tell anyone what you're going to do next and how you'd react to different scenarios and stimuli. In a zero-privacy world, not all data would be created equal. I think six data vectors would stand out as the most valuable: 1. Our health capacity, including predicted longevity and strengths and weaknesses in our DNA. Prospective mates, employers, healthcare providers and insurers would flock to this data set if it materialized. 2. Our productivity capacity, including our natural aptitudes and predicted earnings potential. 3. Our consumption instinct, such as what do we like to buy, how much, when and why, and our credit worthiness. Marketers are already paying for this data, but in an increasingly borderless world, tax authorities will find it easier to tax consumption than income and will also seek this data. 4. Our behavior instinct, including our public and private statements, beliefs, politics and capacity to act outside social norms. Nationalsecurity and law enforcement agencies will seek this data. 5. Our social graph, including past and present family, friends, neighbors, classmates and colleagues. Marketers, criminals, national security and law enforcement will put this data on the top-six list. 6. Our location and predicted movement, potentially sought by marketers, the military and police. These data sets would be the currency of life in a "total information-awareness" world, where people would be systematically and in real time classified into how valuable they were and how risky they were. With this information readily available, deviations from social norms would face immediate social and monetary penalties. You could imagine without too much difficulty the following scenario unfolding in a total information-awareness world: At 6:10 a.m., your "full night's sleep" app generates an alarm that also indicates you have no health reason to sleep further. You rise promptly. From the kitchen, you spot the drone from your wellness coach landing on the table outside. It's carrying a breakfast of fresh local ingredients tailor-made to your DNA

and body-mass goals. Minutes later, you don your Windows Glasses and dart outside for a half-hour jog. This exercise will boost your predicted lifetime longevity by four hours. On the running path, you pass a throng of people also wearing Google Glasses and iGlasses. As you pass each one, a "friend" or "foe" icon pops up in your vision. A filter also pops up alerts for prospective spouses, business partners and criminals from your prefigured criteria. A left-eyelid blink would drill into their health and productivity profile, belief matrix and social graph, while a right blink would pull up suggested conversation starters. You pass a man wearing no glasses whose facial image is generating conflicting data in your screen. He's a "birther," a term that has evolved to describe the group of people trying to live off the grid who generally harbor conspiratorial views and religious beliefs contrary to the governing order. You know that all of these fellow joggers, as well as your employer and all government agencies, can see all of this information about you too. As you turn onto a street— populated by vehicles auto-driven to pre-programmed destinations—a startup wellness cafe delivers an ad to your glasses. The promotion offers to pay you $100 (about Rs 6,200) in Bitcoins to try the cafe's nutrient booster, which it projects would recoup in just two months if you change your break routine and become a regular. If this sounds like a far-fetched sci-fi novel, it should. The technical and legal apparatus needed to make it happen are

I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for technical innovations to thrive.

20

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

present today only in an embryonic state. Many more technical advances would be required to produce that scenario, as well as a significant erosion in the laws that the NSA's former top lawyer calls stupid. This is not to say the lovers of privacy and liberty are wrong in their concerns. I just think they're ahead of their time when they suggest that things have crossed a tipping point and are out of control. But how far down the path to privacy oblivion are we? Traveling this path would require a governmental encroachment into the personal space not seen even in revolutionary colonial times. I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for technical innovations to thrive. CIO Jay Cline is president of Minnesota Privacy Consultants. Send feedback on this column to editor@cio.in

VOL/9 | ISSUE/05


Gunjan Trivedi

LEADING EDGE

Little Data is Bigger Managing Big Data in isolation doesn't yield much value. Analyzing it in conjunction with Little Data makes insights smarter and more impactful.

I

IMAGE BY T HIN KSTO CK PHOTOS.IN

wasn’t much into counting calories or steps that I took in a day. A quick look at my frame would confirm this. It was not because I believed more in binging or perhaps comfort food. Nor was I missing the point of the importance of being healthy and I did see the big picture (no pun intended). It was more to do with the rigmarole of counting numbers. Or let’s say keeping track of these little nuggets of data. And that’s where the devil lay. Globally, CIOs of organizations across various verticals, are trying to make logical sense of this term that has been hitting us hard for a couple of years now—Big Data. Conceptually, Big Data has been pushing management away from taking calls based on gut feel and intuition, and toward decision making that is inherently data-driven. While, in my opinion, this is also a valid point of contention in itself, we'd focus on the value of data for the scope of this column. And, perhaps revisit this argument later. As the Chief Catalyst of Orbit & Co., Mark Bonchek says in his blog in Harvard Business Review, Big Data is what organizations know about people—customers, citizens, employees, or voters. He goes on to point out that data is aggregated from a large number of sources, assembled into a massive data store, and analyzed for patterns. He maintains that Big Data—coming in volume, velocity and variance—can be used to understand customer sentiment by sifting through social media interactions, to predict credit card fraud by analyzing billions of transactions, and to promote offers by making sense of millions of purchases. But, we already know this. Don’t we? What we perhaps are missing is this context of what is now being generally referred to as Little Data. And that’s what adds value and veracity to the very concept of Big Data.

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

21


EMPOWERING THE CORE OF RURAL BANKING

As a leading public sector bank, Central Bank of India was looking for a robust core banking solution for its Regional Rural Banks (RRB). Here’s the story of how the bank equipped the seven RRBs with IT infrastructure and enabled them to be at par with any other commercial bank in terms of technological competency and banking services. By Shweta Rao

C

entral Bank of India, one of India’s largest public sector banks, with over 4,500 branches across the country had seven RRBs sponsored by them. These RRBs were spread across Rajasthan, Madhya Pradesh, Maharashtra, Uttar Pradesh, Bihar, West Bengal, and Chhattisgarh. The main objective of these RRBs is to provide basic banking

and financial services to the rural population of India, whereby they mobilize financial resources from rural or semi-urban areas and grant loans and advances mostly to small and marginal farmers, agricultural labourers, and rural artisans among others. Technology Upgradation In the year 2010, the RBI’s Working Group

on ‘Technology Upgradation of Regional Rural Banks’ suggested that all RRBs begin moving towards a Core Banking Solution (CBS) and achieve a complete switch-over to the CBS platform by September 2011—a move that would help these banks undertake all banking operations through an electronic mode. The panel had also suggested an application service provider model for the CBS platform. The


CUSTOM FEATURE WIPRO sponsor banks were given the option to choose their own service provider for their RRBs. “What a CBS infrastructure does is create central hubs that provide adequate alternate and failsafe systems to ensure high availability and continuity of banking services,” says Usha Menon, GM-IT, Central Bank of India. This was to ensure that the RRBs improved operational efficiency, enhance customer satisfaction, and leave the large back office processing to central hubs. Moreover, core banking would not only help leverage internal operations for the RRBs, but also retain and expand their business position higher in the banking system by enhancing the ability to deliver innovative products and services at extremely competitive costs. The Central Bank of India and its sponsored RRBs thus aim at providing accessible and affordable financial services to nearly 25,000 villages in India, and core banking platform would enable them to achieve their objectives with efficiency and precision. “The implementation of CBS in Central Bank of India’s seven sponsored RRBs, namely: Uttar Bihar Gramin Bank with 865 branches, Satpura Narmada Kshetriya Gramin Bank with 347 branches, Uttarbanga Kshetriya Gramin Bank with 119 branches, Vidarbha Kshetriya Gramin Bank with 96 branches, Ballia-Etawah Gramin Bank with 138 branches, Surguja Kshetriya Gramin Bank with 85 branches, and Hadoti Kshetriya Gramin Bank with 84 branches, commenced in January 2011 and all the RRB branches were successfully rolled out to the CBS platform by the 26th of September 2011, well before the timeline set by the Government of India. Uttar Bihar Gramin Bank, which has a large presence in Bihar with more than 1,000 branches now, is one of the biggest Indian RRBs,” says Menon. Through a well-defined RFP process, Central Bank of India chose ‘Finacle’—an Infosys product—for banking application and Wipro as the system integrator to implement the CBS as well as other delivery channels such as Internet Banking, Mobile Banking, Asset Liability Management, Anti-money-laundering, Govt. Business and Trade Finance modules in their RRB branches. Smooth transition of the 1,734 RRB branches from traditional banking methods to the state-of-the-art CBS platform was a challenging task as nearly 78 percent of the branches were located in remote rural areas

where even basic infrastructure such as power, concrete structures were not available. Nearly 56 percent of the branches were functioning on manual records, wherein balancing of books was a challenge. Majority of the staff were not tech-savvy and had to be adequately trained to handle IT and CBS operations. “Despite challenges and paucity of time, we successfully deployed the CBS in the RRBs with precision,” Menon says.

“Wipro’s proven expertise in large core banking projects, coupled with a vibrant innovation culture, was the core driver of this massive initiative. We are pleased to partner with Wipro in this strategic endeavor.” Usha Menon, GM-IT, Central Bank of India Banking on IT Central Bank of India’s CBS project for RRBs integrated 2,000 sites—branches, extension counters, satellite offices, regional offices, head offices, and back offices— across the country. This has enabled the Bank to enhance its customer satisfaction by offering various facilities such as Inter-Branch banking, electronic funds transfers in the form NEFT or RTGS, electronic clearing through CTS platform, Internet banking, Mobile Banking, Adhaar Payment Bridge System (APBS), ATM debit cards, Kisan Credit Cards, Financial Inclusion, and SMS alerts to customers on debit or credit to their account

etcetera. In a nutshell, modern banking and financial services have now been extended to RRB customers as well. For the Bank, the CBS has enabled them to improve operational efficiency with better housekeeping and transparency, cut cost on maintenance on books of accounts and infrastructure, thereby adding to its profitability. “Wipro, with its strong practices in governance, process excellence, and integrated service delivery, ensured business-IT alignment for the RRBs with timely implementation of the CBS project,” says Menon. Wipro has also setup a 24-hour centralized Helpdesk facility for the project, covering support for the applications, datacenter, networks, security, and end-user systems. The Bank’s vision entailed providing a future-proof strategy to transform the RRBs into institutions with sound financials committed to overall economic development of rural areas in terms of care, competence, and compassion towards their customers. As committed to the Regulatory Authority, Wipro completed the migration within September 2011. “Wipro’s proven expertise in large core banking projects, coupled with a vibrant innovation culture, was the core driver of this massive initiative. We are pleased to partner with Wipro in this strategic endeavour,” she says. The deployment of a CBS solution for Central Bank of India’s RRBs has been a major driver in the growth of the Bank’s business. The core banking infrastructure has placed the RRBs at par with other commercial banks and improved their visibility. Also, the solution has dramatically improved operational efficiency and increased its profitability and customer base. “Today, the Bank and its RRBs’ presence in rural banking in the states of Bihar, MP, Chhattisgarh, UP, Rajasthan, and West Bengal is well-received and acknowledged. This case study is brought to you by IDG Services in association with Wipro


Gunjan Trivedi

LEADING EDGE

Bonchek says that Little Data is what we know about ourselves. What we buy; who we know; where we go; how we spend our time. Or as David Williams, CEO of Deloitte Financial Advisory Services states in his blog: Little data refers to the data you own. Boncheck goes on to articulate the differentiation between the two forms of data, so to speak. He says that while Big Data’s focus is to advance organizational goals, Little Data helps with valuable insights at individual levels. In fact, it does impact the appetite of individuals to augment data-driven decision making as the visibility of such simple, yet critical metrics increases. And, so does control. Smartphones, mobile apps, wearables, Web analytics, customer service interactions, and M2M communications are all pumping in specific, yet vast amount of small-sized measurable metrics that are enhancing productivity of individual action areas. This is in addition to the Little Data that already resides in several systems at an organization. While Big Data converts all inputs as information to be analyzed across a vast ecosystem of an organization, businesses can tap into tacit insights at individual levels with Little Data. For example, a partner of Booz & Company, David Meer shares the case of Haier in his blog on Strategy+Business. The Chinese large-appliance maker heard its service technicians reporting that their rural customers were using their washing machines to wash vegetables, leading to clogs. Haier used this Little Data to

develop a new type of washer, which the company promoted as a rugged machine that could wash not only clothes, but also sweet potatoes and peanuts. Imagine the impact on sales. Customer service and experience expert, Shep Hyken, states the profound influence this combination of Big and Little Data has on businesses in his column online, “Any company can make decisions about its business based on general feedback and trends. But at the same time, the best companies also recognize that customers are not numbers or anonymous groups of people. They zero in on an individual customer's needs, preferences, likes and dislikes, and give the customer an experience, that is, exactly what he or she wants based on specific buying patterns. The result is repeat business that can lead to customer loyalty.” There's an app on my phone that pings me to remind me to log in my food intake, or to tell me how active I have been through the day. I always knew that I led a sedentary lifestyle but I had never imagined that I was walking just a little over 10 percent of the number of steps that I should take. This Little Data now pushes me to walk my quota of 10,000 steps a day. And, I know it can do much more than that. CIO Gunjan Trivedi is executive editor at IDG Media. He is an awardwinning writer with over a decade of experience in Indian IT. Before becoming a journalist, he had been a hands-on IT specialist, with expertise in setting up WANs. Reach him at gunjan_trivedi@idgindia.com

Where Trends Come Alive!

WWW

V I D E O S

IN

Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos


Seven Things to Watch Out for While Adopting Mobile Applications Trends such as mobility and BYOD are changing the face of enterprise workstyles. It’s now important to separate personal data from official, and also enable seamless connectivity to end-users. Here’s how an integrated mobility approach can help organizations achieve these goals.

T

his year, Intel’s prediction for mobiles/smartphones was a seemingly ambitious line saying, “A supercomputer in my pocket in five years.” However, industry experts would probably bet on that transformation happening in three years or less, with the rate at which mobile connectivity speeds, analytics, and smartness are evolving. But can enterprises tap the potential of this transformation in the future? Not until they set their mobility present right.

What’s Happening Today? The ratio between employees and smart devices is fast moving from 1:2 to 2:1. Along with that, the customer’s smartphone is

becoming (39 percent of the time) a major reason to walk out of an enterprise store (whether offline or online). With both internal and external customers slipping deeper into the mobility envelope, no enterprise can afford to be mobility averse. Every enterprise is, therefore, investing in the mobile enablement of desktop applications and traditional processes. With a sea of mobile applications, corporate app store providers, mobile device management solutions, and mobile consultancy services, one would think mobile enablement of legacy systems and traditional processes is easy - especially if the enterprise has budgets. But that’s not the way it is. Top enterprise leaders are standing up and

questioning mobility because of declining or unsteady ROI on mobility investments. The changing application stickiness mantra (today an app is a hit, tomorrow it’s a flop), infrastructure security issues (managing multiple applications/devices/ platforms), and connectivity challenges at end-user locations (rural/remote terrains, connectivity on the move) are major factors for the declining/unsteady ROI on mobility. These factors cut across networks, mobile devices, and mobile applications.

Integrated Mobility Solutions – The Need of the Hour An integrated solution stitching all three – network, mobile devices and applications — is


ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL needed. It should take care of the individual challenges they throw, and make the most of the collective opportunity. It’s with this that an enterprise can make the most of mobility. Such an integrated solution calls for an integrated telecom service provider. Unlike system integrators, an integrated telecom service provider will come with an in-depth understanding of (1) the device and application your end-user would like, (2) legacy and new systems that form the foundations of your mobile applications, and (3) the network that connects it all.

Mobility Pitfalls to Avoid Is your enterprise hanging out of the enterprise mobility bus or has it made its way inside – secure and seated? Today, every enterprise has either adopted mobile applications or begun opening its gates to BYOD. Yet very few are availing the true benefits of mobility. What’s going wrong? Here are 7 common mistakes made by enterprises wanting to avail the benefits of mobile applications. 1) Failure to drive a feeling of ‘My’ mobile app amongst employees A recent survey by Yanson Bourne revealed that less than 20 percent of 1,000 C-Level IT and business decision-makers have seen large scale adoption of mobile applications by employees. The absence of a sense of belonging towards the app is a key reason for such outright rejection of disruptive technology. Embedding a feeling of ‘this app is made for my use, comfort, productivity and growth’ amongst employees is instrumental to ensure a high usage rate. A sales personal, for instance, is more likely to accept an app communicated as a route for him to make more sales and gain incentives rather than a monitoring tool keeping a check on his client visits. So, market mobile applications as enablers of ease for people and witness a rise in employee productivity. 2) Choosing apps with an enterprise sticker but missing the enterprise glue Today, every enterprise wants its mobile application to create a ‘wow’ factor with an eye-catching user interface. But they give little thought to precise functionality of the application and 100 percent syncing of the application to backend systems/processes. As a result, enterprises are left with apps that look good but miss the enterprise glue. 3) Making users fit mobility rather than enabling mobility that fits users Every user is different and understanding the

Enterprises can tap the potential of future transformation only if they set their mobility present right. We are geared up to win the mobility race with you.” SUKESH JAIN CMO, Airtel Business

end-usage is critical for the success of any mobility strategy. For instance, a sales person spending close to 40 percent on the field would need an app that eases the process of creating, managing or taking orders against accounts. An HR personnel, on the other hand, who moves less than 10 percent time but gets stuck in long meetings, would ask for flexibility to check on HR workflows for leaves, travel requests etcetera anytime using the app. Each of them would not need visibility into the other’s terrain and would see such visibility as an unnecessary information overload. Further, such cross domain visibility can pose a huge data security threat. So, customize your mobile application to accommodate different user segments/ microsegments for greater usability and relevance. 4) Underestimating security concerns or security over-paranoia Today, most enterprises either neglect security to provide convenience through mobile applications or place excessive control/ restrictions on mobile applications limiting its usability. Placing enterprise applications in a secure corporate data container—an authenticated and encrypted space created within the mobile device—can help an enterprise strike the right security balance for applications. A corporate container would ensure a seamless role out of communication, collaboration and business engagement applications with absolute assurance of protection of corporate information. So, place your eggs in the containerization basket to avail the best corporate data security. 5) Lack of a mobile ecosystem A leading mobility expert once said, “A successful enterprise mobile strategy is not one that touches only the skin of

the potato (enterprise) but goes beneath the skin and gets absorbed by the entire potato”. An enterprise app store holds a strong promise of improving the mobility absorption rate of an enterprise. However, building one isn’t easy. It would need a fair mix of apps for user self-service, options like peer ratings and reviews, app notifications, and BYOD-friendliness. 6) Inappropriate choice of network and devices Many mobile application strategies fall flat due to an inappropriate choice of network and devices. Enterprises need to understand that every mobile application doesn’t need a 3G network or a high-end device like iPhone/ iPad. For instance, applications made for service agents to instantly update his daily activity would involve mainly text-based information that can be easily delivered using 2.5G technology. Choosing 2.5G over 3G would help an enterprise deliver a lowcost optimal mobile application experience. Similarly, an application for service agents to update the completion of a service using pictures at the client site would need smartphones to take the picture and upload but an application for a rural healthcare worker sending small text updates to healthcare center on the patient’s glucose levels and blood pressure could use a lowend mobile. 7) Poor application management The increasing number of applications getting mobile-enabled makes it a challenge for enterprises to achieve quality application delivery on the mobile – with constant complaints around the application hanging, not responding fast


ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL

The Requirements for Effective BYOD Differ by Platform

point support for its mobility needs. One such platform is Airtel MATE.

Mobile Data Management The second element of an integrated mobility approach is managing the device. The arrival of containerization gives corporations the ultimate mobile data management solution to embrace device/ platform dynamism without any worries. The solution guarantees corporate data security better than BlackBerry — it goes beyond secure mail, and offers unique features: A dedicated corporate app store, remote device manager, and more. Airtel DME, powered by Excitor, is one such mobile data management solution.

Not Everyone can Implement Integrated Mobility Integrated mobility is an established ray of hope, but how does one successfully implement it? Only a service provider with communication, mobility and telecom experience can help you easily implement an integrated mobility strategy.

enough or not working at all. Absolute visibility and control of transport mechanism (network) and application management can help reduce such instances and improve the delivery of mobile applications. This will enhance the end-user experience for mobile applications and help the enterprise avail the benefits of mobile enablement.

Before going any deeper into the integrated communication approach and how to implement such a solution, it is essential to understand the need for it in the first place. The need for integrated mobility approach stems from the challenges being thrown today by the three pillars of mobility – mobile device, mobile application, and network.

Challenges in the Mobile Connected World

Integrated Mobility Approach

Ever heard of Wasgij? Wasgij (Jigsaw spelled bacwkards) is an innovative puzzle where the picture on the box is only a clue for the puzzle that needs to be put together. This brainteaser needs you to get the clue, imagine a probable story, and then tactically join the dots. Mobility today is a game of Wasjig – insolvable using a mere “copy the picture and join the pieces” strategy, which is commonly referred to as system integration. It needs an integrated mobility approach where you need to (1) imagine end-user mobility scenarios and challenges, (2) understand device, system, and connectivity limitations, and (3) work around them and arrive at a mobile enablement solution.

An Integrated Mobility approach — comprising an integrated mobile application platform (providing 360 degree network-backed business solutions) and mobile data management solution — can overcome these challenges. A real-time, integrated mobile application platform can provide a single-point solution to all enterprise clients looking for variant mobile-based productivity and customer service applications. If built with a comprehensive understanding of business processes across verticals, such a platform can deliver applications that enhance productivity and efficiency of enterprise processes. The availability of the platform in a “solution-as-a-service” model would minimize upfront cost and provide single-

Telecom service providers like Airtel are best suited for the task. Here are four reasons: 1. We understand your network, mobile device, and mobile application — so we can build comprehensive mobility solutions. 2. We can provide single-point support across the network, device, and application. 3. We can provide a bird’s-eye view into mobility delivery from both applications and networks. 4. We understand a diverse range of technologies that impact mobility: Cloud, analytics, and big data.

To know more, please write to business@in.airtel.com or visit http://www.airtel.in/business

This article is brought to you by IDG Services in association with Airtel Business


Evan Schuman

THINK TANK

Untangling Mobile Privacy If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work. Remember this privacy policy could define your company’s reputation.

I

ILLUST RATION BY MASTERF ILE

t's well known that mobile devices are compact storehouses of vast amounts of data that they seem eager to broadcast to the world, which makes it all the more baffling that few companies have discussed—much less implemented—mobile-specific privacy policies. Putting off such a move (procrastination is such a negative word) may have made sense up to now to give us all time to get a handle on what the limits should be, but you really will regret waiting much longer. This new year we have entered may be a good time to craft a mobile privacy policy. If you've decided to do that, here are some things to consider. You do really need a policy. Your employees expect IT to protect them, and your company's executives expect you to make sure that corporate data is protected from the things that employees do with their mobile devices. But your customers also want to know what you're doing with their data, and various contractors, distributors, suppliers and anyone else in your network need to know what they aren't allowed to do. It's bad enough that a mobile device brings the same IT threats as any other network-connected device. It has full access to your LAN and can piggyback on whatever permissions you gave its owner. And of course, if it's being accessed by a naughty user, it can try to exceed that access. But you really need a mobile-specific policy because mobile devices can be careless with all the data they store. They theoretically can track all movements. The microphone and camera can be activated remotely. Apps can access every phone call, e-mail or text sent or received, as well as every site visited and every tweet tweeted. Some can even send messages under your name without your knowledge (No kidding. Even the Starbucks app has demanded the ability to tweet on customers' behalf). And some apps

28

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


CUSTOM FEATURE CYBEROAM

CASE STUDY

Yokogawa Ensures Security and Productivity Using

Cyberoam’s Next-Generation Firewall

Next-Generation Firewall with Layer 8 Identity-based technology offers Yokogawa India actionable intelligence and controls that allow complete security controls for a future-ready security setup. By Gopal Kishore

Y

okogawa India (YIL) is a leading provider of Process Automation Systems and Products in India and is positioned as a Comprehensive Solutions Provider of Enterprise Technology Solutions(ETS) in the field of Industrial Automation. Established in 1987, YIL has created a state-of-the-art global engineering center in Bangalore. THE YOKOGAWA CHALLENGE Manoj Kumar Nair, deputy manager-IT, YIL, wanted to ensure identity-based Internet access and also ensure policies to all employees of the organization. In the process of enabling tight, policy-based control for Internet access, he also wanted to make sure that there was no performance lag while policy changes were being carried out, and with ability to have in-depth reporting and analysis of traffic. “We wanted all these functions in one appliance,” he added. Faced with unregulated Internet usage, Nair wanted to ensure that the users at YIL used the Internet only for work-related activities.

Cyberoam has helped us save cost on bandwidth, boost Internet speeds and productivity, while enabling end-to-end security.” MANOJ KUMAR NAIR,

DEPUTY MANAGER–IT, YOKOGAWA INDIA

“We needed to provide Internet access to our users for business purposes and to ensure speed and security of content. The existing solution was not effective at addressing our business challenges,” he says. THE CYBEROAM SOLUTION After a thorough evaluation of the options in hand, Nair and his team chose Cyberoam’s award-winning Layer 8 technology in the form of a CR 2500iNG appliance. One of the benefits of this implementation was seamless Active Directory (AD) Integration. “We use Cyberoam’s AD authentication along with local authentication to provide identity-based security for around 1,500 users,” says Nair. The solution also allowed Nair to design identity-based policies, which extends throughout the network, irrespective of the device used by the employees to connect to the network. “We could implement identity-based AAA (Authentication, Authorization, and Audit), allowing control and visibility of the users and devices connected to the network,” he adds. SAFE, PRODUCTIVE SURFING UNLEASHED The web and application filtering feature allows Nair to instantly block undesirable websites and applications, and enforce acceptable usage policies. Also, the feature is coupled with a bandwidth management option, which ensures availability and data transfer limit based on duration and schedule of access for specific web categories and applications. The solution delivers comprehensive control and visibility for over 2,000 applications. Unlike the age-old, port-based classification mechanism, Cyberoam classifies applications based on their risk level, characteristics, and technology, thereby offering granular controls. This stops sophisticated applicationlayer threats right at the network perimeter, ensuring application security. “Cyberoam does not only help us block unproductive/harmful content, it also provides us with granular bandwidth

AT A GLANCE Company : Yokogawa India Industry : Industrial Automation Offering : Distributed Control Systems, Test & Measuring Instruments management at individual website and application level,” says Nair. SUPERIOR ANTI-VIRUS AND REPORTING The anti-virus and anti-spyware prevent entry of malware and spyware at the entrance, ensuring clean mail traffic and real-time protection. The solution delivers in-depth reporting over the appliance, eliminating the need for an independent reporting solution and minimizing the resultant security investment and opex. Over 1,200 in-depth reports offer real-time visibility into user and network activities over dual dashboards: Security and Traffic dashboard. This, in turn, provides YIL with high security and optimal network performance, and helps them meet regulatory compliance requirements. “When it comes to On-appliance Reporting, no one comes close to what Cyberoam offers”, says Nair. “After introducing Cyberoam into our network, we have been able to save cost on bandwidth and increase Internet surfing speed and productivity. Cyberoam has given us more value against money than other leading players,” he says.

This case study is brought to you by IDG Services in association with Cyberoam


Evan Schuman

THINK TANK

can identify every other app being used, along with a host of tech specs, like OS version, browser, serial number of a phone, Wi-Fi particulars, and carrier. Although it's important for any privacy policy to regulate what employees can and cannot do, it may be even more critical to delineate what your company will permit third-party vendors to do with its data under its name. Some of this will involve the public privacy limits your company will set for itself. Marketing craves data about customers. Without a policy that sets limits, your marketing people are likely to issue any number of mobile apps that can grab just about any kind of customer data and report it back to them. You have to decide whether the shortterm gains that sort of thing might bring outweigh the long-term hit to the company's reputation that could result from a general outcry against such data harvesting. In the calm of day, you and your top executives need to discuss what kind of company you're running and what limits you want to set for yourselves and your customers. You really do not want this to be decided on a caseby-case basis by various rank-and-file marketers in the middle of an urgent deadline. You also need to specify what the company can do with mobile devices' tracking capabilities. They might seem like a boon when you need to locate employees, and they're even helpful for building security, such as when needing to make sure every employee is located during an emergency evacuation. They're also an easy way for new employees to find some far-off conference room on a large campus. But it doesn't take much imagination to see how tracking could get creepy. Are you going to let managers use tracking data in performance reviews? ("Well, Rebecca, I see that you spend more than an hour every day in the lavatory." "Scott, the average length of your lunch hour over the past six months has been 85 minutes.") Will you track employees when they leave your facility but are still on company time? What about when they are not on company time? What if someone phones in sick and you find his company-issued Android at the racetrack or a bar — or a competitor's headquarters? In the past, I discussed the implications of BYOD policies, where employees use their own mobile devices. I suggested that some form of partitioning will be needed to separate corporateand employee-owned data, so that you aren't backing up employees' private data or deleting it when the employee leaves the company. Your mobile privacy policy is going to have to address who owns the device: The company or the employee—or a third party? Do you have the same rights to justify monitoring your corporate data if it resides on a device your employee owns? Or a contractor owns? Or a partner (some other company's employee) owns?

You need to discuss and agree on where your company wants to place those limits. It's light-years easier to discuss this calmly and professionally when there is no immediate specific situation staring you in the face—with personalities attached. Whatever is agreed to must be ironclad. You don't want emotional situations to trump the calm thinking made at an offsite executive meeting. Clearly, exceptions can always be made, but they should be rare. Something else to consider: Deciding these things isn't enough; the policy should also dictate how those decisions will be communicated to all of your audiences, especially to customers. In this case you can take a lesson from Nordstrom, which recently conducted a mobile location trial with shoppers. It posted a sign at the entrances to its stores, alerting customers to what was being done. It wanted the sign to be succinct and understandable, but it ended up with a program description that was a little inaccurate and incomplete. That caused confusion and anger among shoppers, who envisioned the program being far more invasive than it was. This incident highlights another problem that a good mobile privacy policy should address. The chain's mobile vendor for the trial was collecting a lot of customer-specific data. In an attempt to avoid customer backlash, the agreement stated that the vendor would not share that data with Nordstrom. Unintended

Marketing craves data about customers. Without a policy that sets limits, marketing is likely to issue any number of mobile apps that can grab just about any kind of customer data.

30

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

consequence: It made the backlash much worse. Nordstrom was getting the heat for accessing data that it was never able to access. The moral of that story: If mobile data is collected, you will get blamed, no matter whether you see the data or not. Your mobile policy has to address what you will allow vendors to collect about your customers, your employees and your partners. It should spell out how much of that your company should see. It should lay to rest the question of whether third parties will be allowed to collect data that you won't see. It needs to establish how you will inform your customers, employees and partners about this data collection, if at all. (There are legitimate arguments on both sides.) And you need to make your policy precise enough to be useful while not being so detailed that it is incomprehensible to people who aren't that technical. There are few areas more complex, more controversial and politically dangerous than mobile data collection. You may find that simply having these conversations will change not merely your policies, but your strategy and how you approach it. CIO Evan Schuman was the founding editor of retail technology site StorefrontBacktalk and he is a columnist for CBSNews.com, and RetailWeek. Send feedback on this column to editor@cio.in

VOL/9 | ISSUE/05


NTT Global Forum is an international conference by NTT Communications that convenes an audience of technology professionals and executives to network, share, and learn about the latest ICT best practices, trends, and developments that will help organizations enable management innovation. This March, NTT Global Forum is coming to India on the occasion of the inauguration of the Netmagic Datacenter in Bangalore. At this forum, you can witness leading-edge technologies and thought leadership business insights.

KEY HIGHLIGHTS Launch of the Netmagic Datacenter The new 100,000 sq. ft. datacenter at Electronic City, Bangalore, will be inaugurated at NTT Global Forum. It is the first datacenter to combine Netmagic and NTT Communications’ engineering and operations expertise. Global Insights. Local Impact - Keynote Speakers

NTT Communications facilitates the infrastructure that enables business reality globally, and understands that business needs technology but that business is not about technology. We invite you to understand our vision, experience our solutions, and see how we can help your business. BE THERE!

Akira Arima President & CEO NTT Communications

Motoo Tanaka Sr. VP, Cloud Services NTT Communications

Sharad Sanghi CEO Netmagic

27 March, 2014 | ITC Gardenia, Bangalore. Entry by Invitation Only. For more details, visit: www.nttglobalforum.in


Cover Story

SDx

SIZING UP

SDx B y Va r s h a C h i d a m b a r a m

The promise of a software-defined future is hard to resist. But getting there will require implementing SDN. There’s where things start to go off script. Like we didn’t have enough acronyms, the IT industry came up with a few more: SDN, SSDC, SDS or SDT. For the uninitiated that’s software-defined networking, datacenter, storage and transformation. To ease the logjam of letters, Gartner subsumed all of these into one heading: SDx, or software-defined anything. Underneath this alphabet soup is a very real promise: That one day, when every piece of infrastructure in the datacenter is governed by software, all the rigidity associated with IT will disappear. But to get there, enterprises that have already invested in server and storage virtualization must now implement SDN. Network operators and many technology vendors around the world believe that SDN will herald a new revolution in the datacenter by infusing a layer of automation and programmability that’s never existed before. In their vision, SDN-ville is the last staging post before the wondrous lands of software-defined transformation where flexibility, agility and efficiency bloom. Let’s hold our stage coaches for a second. A software-defined tomorrow is great, but without the backing of Reader ROI: CIOs, software-defined transformation is a pipe dream. The questions that will define a software-defined future are: Will CIOs invest the time, The promise of SDx money and resources to implement SDN and bring about SDx? Is there SDN’s role in SDx’s future enough of a business case? Are enterprises unhappy enough with their Why CIOs aren’t buying current networks and datacenters to go the SDN distance? into SDN—yet. 32

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


Cover Story

SDx

The Long Road to SDx For those who believe the idea of softwaredefined future was concocted in the last year or so, it’s time to burst your bubble. That dream was born when the very first wave of virtualization entered the datacenter. The advent of the hyper visor was a truly remarkable innovation. It lent underlying hardware new superpowers that allowed it to run and compute over a hundred times the amount it was doing until then. Crucially, it also tilted the scales of power in favor of software. Applications now defined and demanded compute resources they needed and hardware was duly provisioned at the click

of button (okay, maybe is wasn’t that simple). But, still, virtualization was an unmistakable gift. Breakthrough applications that offer intelligent analysis of the vast amounts of data we have today couldn’t have been possible without the software-defined concept. Virtualization also gave CIOs a breather. For long, CIOs were haunted by reports pointing out how datacenter utilization levels were in the 15-20 percent range, and how 90 percent of IT budgets were spent in keeping the lights on. All of this made CIOs look like the caretakers of an inefficient, cost-hungry resource that—while necessary to run the business—didn’t really offer much in the game-changing department.

When SDN Makes Sense Dan Pitt, Executive Director of the Open Networking Foundation, is a passionate supporter of SDN. He summarize the top five business use cases of SDN. When You Have Multi-tenant Datacenters. Enterprises can consolidate physical infrastructure for all business units while retaining departmental autonomy and accountability, with SDN providing virtual management through remote software control under their authority. SDN also fosters the whole whitebox and bare-metal economies that datacenters cannot live without. When You Want to Use the Public Cloud. By adding remote elastic capacity to the previously stated advantages of multi-tenant datacenters, public cloud providers can free enterprises from precise capacity planning in their own private clouds. SDN gives both the cloud provider and its customers control over distinct aspects of network operation. If You Want to Make Load Balancing Easier. SDN vastly simplifies load balancing by reducing it to an element of path computation in the regular SDN operating system, eliminating the need for dedicated appliances and restricted ingress and egress points in the network. 38

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

If You’re Serious About BYOD. Enterprises can pre-set what employees and guests can do when they access the network. SDN can limit where a user’s traffic may go depending on the person, device, application, time of day, and network condition, thus resulting in not only safer network operation but also cost efficiencies through planned capacity optimization for permitted and highpriority uses. If You’re Focusing on Security and Policy. SDN’s logically centralized control with a consistent, systemwide programming interface enables security and policy to be applied in one place and effected simultaneously throughout the network. The abstraction of the network to the applications allows dynamic governance of the network according to business needs and goals. Finally the infrastructure can be applicationindependent and flexible, and an instrument of not just IT but corporate policy in general. —Dan Pitt

Virtualization altered that. It kicked off a wave of consolidation that allowed IT departments to pool resources, allocate flexibly, and free up new capacity, which could then be employed to drive ambitious business plans. Suddenly, CIOs had a blowtorch that could melt the rigidity of their steel-cased datacenters, enabling IT departments with newfound levels of responsiveness. Then came cloud computing, and with it, the bar was raised again. Overnight, business stakeholders—from the CMO to the head of supply-chain—elevated their expectations from IT. What was for the longest time considered a sloppy, error-riddled back office support function, suddenly began to offer what resembled the menu card of a fine dining restaurant, complete with catalogues of services offered, and pairing suggestions, and the cost of each item. IT-as-a-Service became the hottest restaurant in town. Here’s when things started to get a tad difficult. During the virtualization phase, when doing more with less was the datacenter mantra, CIOs stuffed their servers and storage that they began to suffer from severe bouts of indigestion. They had multiple apps, running amok over multi-vendor tenants, many of which didn’t necessarily speak to each other, and multiple interfaces and dashboards to monitor each subsystem. The cloud magnified this challenge, with its seemingly simple pay-per-use concept. Now, not only did IT have multiple systems and a variety of dashboards within their datacenters, now they also had LOBs buying up more systems in other people’s datacenters. According to CIO research, 35 percent of Indian CIOs say cloud computing is primarily responsible for increasing datacenter complexity; one-in-four Indian CIOs blame server virtualization. And management complexity due to the use of multiple tools is one of the top three pain points for Indian CIOs with regard to the datacenter. That complexity is driving CIOs to host and manage their datacenters with outsourcers or cloud providers. A full 40 percent of Indian CIOs say they’re moving less-critical apps to the cloud, and 30 percent are outsourcing datacenter needs completely in order to meet the increasing demands on their DCs. However, is that the best solution? Perhaps. And yet CIOs can’t fully relinquish control of

VOL/9 | ISSUE/05


Cover Story their datacenters without spending sleepless nights worrying if data was leaking into the hands of the competition. Most enterprises still want to keep their intellectual property within their firewalls. While it’s true that peripheral workloads have moved speedily towards the cloud, a real-life scenario of an enterprise running its entire operation off the cloud is still a utopian idea today. So what’s a CIO to do? Perhaps the answer lies in an important part of the datacenter puzzle that has been so far overlooked: The network. According to the proponents of SDN, virtualizing the network is the last step towards a software-defined tomorrow, a future in which many of a CIO’s datacenter pains dissipate into thin air. But for the most part, the network doesn’t get a CIO’s attention. “You need a heart of steel to understand how networking works,” says Sumit D. Chowdhury, president, enterprise ecosystem, Reliance Jio Infocom. Chowdhury is one of the few CIOs in the country who is actively implementing SDN. As a telco that offers 4Gs services, implementing SDN is not a choice but a necessity. If you thought servers and racks were cumbersome, the networking world, with its wires and cables and switches and routers is a whole world of tedium that has, thankfully, remained buried under the floor until now. SDN—and its inherent SDx promise—is about to change all of that.

CIO Career

James Berry, CIO, Standard Chartered Bank India and South Asia, says “the real benefits case” of SDN isn’t very clear.

SDN: The Last Mile Have you ever played the fiercely-addictive Android game called Flow? For those of you who haven’t, Flow requires a player to establish logical connections between two similarly-colored points, while negotiating traffic amidst several other points, to ascertain the best possible routes for all points, avoiding any conflict or disruption. It’s hard not to wish that the world of networking was as fun as the game. After all, the purpose of all switches and routers is to do just that: To get data to its destination in the smartest way. But if we turned today’s networks into a game, it wouldn’t be fun. Networking is complicated and drab. In fact, as a subject it rarely gets on a CIO’s radar. Cloud computing, big data, business intelligence and analytics have made demands on the server and storage infrastructure,

VOL/9 | ISSUE/05

which, in turn, have re-invented themselves to suit the needs of the business for agility, and scalability. Networking, however, has remained rigid, hardware-controlled and the subject of interest merely among the geekiest. Software-defined networking promises to change that—and herald in a software defined transformation. But what is SDN? SDN changes the very fundamentals of how networks operate. For the most part, networks are seen as non-responsive and inflexible. Traditional networks have impaired innovation, while, new-age, highperformance applications are demanding higher service quality from networks. SDN brings real-time programmability to networks, thus making them more dynamic and better conditioned to deal with fast, frequent changes and increasingly fluid

services and applications. Among other things, SDN de-couples the control panel. It separates the forwarding function from the control panel into two different, separately controllable functions. It infuses a layer of programmability in to networking. You can now write code to control functions that were earlier only possible through manual configurations. Finally, it centralizes the networking function and simplifies life. All of this ultimately infuses much needed intelligence into the networking function of the datacenter. This is similar to what virtualization did with servers and storage. Virtualization allowed you to build capacity within existing infrastructure by creating virtual machines, without physically or manually provisioning for more servers. It allowed CIOs to do more with less. The REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

35


Cover Story

SDx

promise of SDN is the same: It removes the tedium and complexity associated with hardware-related functions, orients it to a software-defined approach, and allows CIOs to build agility, scalability and speed into their IT infrastructure. In short, SDN offers a much more user-friendly way to manage network operations without having to actually tinker with the backend. “It enables people do what they want to do instead of worrying of what happens at the backend,” says Darshan (Dash) Appayanna, CIO, Happiest Minds Technologies. Yet, there are a few hurdles in the way of the commercial adoption of SDN. According to one of the Indian members of the Open Networking Foundation (ONF is a not-forprofit whose mission is to propagate the

Darshan Appayanna, CIO, Happiest Minds Technologies, says that like hybrid cars, SDN is still not commercially viable; it isn’t yet ready or cost-effective.

26

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

adoption of OpenFLow), there is a long lead time between what happens in networking labs and solutions sold in the market. To make matters worse, implementations are assumed to be complex, which further slows down SDN adoption. Then, there’s the skill set challenge. Most network operators have been trained to work with a CLI-based approach—not with programmable interfaces.

SDN Stall Appayana of Happiest Minds is currently in the process of testing SDN-ready products. The company operates a very lean, fully virtualized IT infrastructure, with the bulk of its apps running off the public cloud. But it hasn’t yet gone down the SDN road.

“We haven’t done network virtualization yet, because the technology is neither ready nor is it cost-effective. Like hybrid cars, SDN is still not commercially viable,” he says. That said, Appayana says that SDN is the way forward, “We operate in SMAC (social, mobile, analytics, cloud) mode, and SDN will help us react to our dynamic business needs better. But, it is at least four years away from being commercially viable.” And even when viable solutions hit the market, it isn’t likely CIOs will rip out their existing infrastructure before the normal refresh cycle. “How often do you change a router or a switch? Unless it fails, you don’t,” says Appayanna. “Network devices usually have a much longer shelf life than servers and desktops. You will change a router or switch perhaps once in 10 years.” James Berry, CIO, Standard Chartered Bank India and South Asia, says they are adopting aspects of what is now being called SDN. “But, we’re working at a pace that suits us, not suppliers,” he says. Unlike Appayana, Berry is more skeptical of the promise of SDN. “In theory, SDN allows you to leverage your infrastructure more effectively, with the opportunity of engaging best practice and third-party technology. But it could also add another layer of complexity. A key decision is how you balance SDN with fixing legacy,” says Berry. Chowdhury of Reliance agrees. “SDN doesn’t really remove complexity; networking still continues to be wired. It just removes the complexity from one level of users and makes orchestration and abstraction possible.” Chowdhury also believes that the market for SDN is limited. “Other than telcos, I don’t think anybody will be doing SDN,” he says. Berry points to the security threats of SDN. “Another important point is that if we implemented an SDN-based solution, we would need to make sure the approach and architecture is robust enough to secure our client data without creating additional risk, and that it is easy to troubleshoot and fix issues. Ensuring the business case works with those key challenges is very difficult.” “Data security concerns, both real and unfounded, need to be managed. The biggest inhibitors for us are the legacy investments we have already made in the infrastructure or services in focus, and banking regulators’ VOL/9 | ISSUE/05


Cover Story comfort level with it,” says Berry. Both Appayana and Chowdhury agree that SDN is still at least three years away from commercial adoption. “And even then it may never make sense for a manufacturing or a retail outlet,” says Appayana. So what’s the real business case of SDN? “From my current understanding of the subject, and from speaking with my peers (rather than technology vendors), one thing that is not all that clear is the real benefits case,” says Berry. “Yes, there’s lots of marketing material, and ‘marko-tectures’ that get thrown at you to show you how beneficial SDN can be to your organization. While they make sense, theoretically, the reality is that holistic benefits are much more difficult to achieve than the promises made in some of the literature. You need to carefully weigh the financial and resource investments versus the business benefits when considering SDN,” says Berry. Proponents of SDN believe there’s a business case for it. Finding out whether your business needs SDN is all about asking the right questions: How dynamic is your business environment? Do you have projects that need to be kickstarted and go live in two days? Are you on a high-growth phase where new offices and employees are recruited frequently? Are you running geographicallydispersed operations that require workloads to be shifted dynamically, without compromising user experience? Do you want to customize and define identity and policy-centric applications to behave in a certain way for a certain user for a certain period? (For more use cases read When SDN Makes Sense) If your business falls in any of these categories, SDN could offer your organization the nimbleness it needs to spring into action and respond at lightning fast speed. SDN can reduce networking provision time from weeks to hours. It can dynamically shift loads between clouds, often called cloud bursting, to offer the most optimum user experience to your geographically dispersed user base. It can help optimize your resource utilization and do real justice to your already sunk-in investments in virtualization and the cloud.

The Last Word The fact is, the needs of the business are fast surpassing the capacity of IT to deliver it. The VOL/9 | ISSUE/05

CIO Career

Sumit D. Chowdhury, President, Enterprise Ecosystem, Reliance Jio Infocom, believes that other than telcos, few others will be investing in SDN.

only way to keep pace with business needs to re-orient IT to a software-centric model, a model where hardware is controlled and aligned to the application it serves. Today’ datacenters exist as a ‘patchwork quilt.’ CIOs have chosen to use a more organic approach to datacenters, replacing structures bit by bit instead of ripping and replacing the whole shebang. Incremental changes to the datacenter is sure to minimize disruption. But it can never create the transformational business value or competitive differentiation of a big bang approach. And not many enterprises possess the wherewithal do implement such a change. And hence, as with any other innovation or technology, SDN, too, will probably run a gradual course of a slow adoption, accelerated by market offering and business needs over the next decade.

“The service providers are a little too bullish on client acceptance, and utilization. And given that investment budgets are tightening, rather than loosening, I would see the eventual timeframe elongating even further,” says Berry. For Appayana, too, it is a wait-and-watch period. “We’re starting to evaluate how mature the technology is today and to what extent it can deliver what it promises.” Chowdhury believes that SDN will not see the speedy uptake that server or storage virtualization saw in the enterprise. “The network evolution story is going to be a long one.” CIO Varsha Chidambaram is principal correspondent. Send feedback on this feature to varsha_chidambaram@ idgindia.com

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

37


46

F E B R U A R Y 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/04


File |Motor Mahindra Reva Case Case File | TVS Company

Riding Off the

Shelf

It takes eight seconds to roll out a two wheeler at the TVS Motor Company. For IT to deploy a solution at that speed is unheard of. But the CIO of the company has changed that by reducing the timeto-market an IT solution by 65 percent. Here’s how. BY SHUBHRA RISHI A century ago, the auto industry in India wasn’t quite an industry. Like the imperial rulers of the country, cars on Indian roads were imported. In 1911, a large contingent of cars was imported to mark the arrival of King George V in colonial India. Around the same time, in the temple town of Madurai, Thirukkurungudi Vengaramaswamy Sundram Iyengar was laying the foundation of what would be India’s largest automotive conglomerate, the Rs 44,000 crore TVS Group. What started off as a bus service, today caters to everything automobile—from two-wheelers and

VOL/9 | ISSUE/04

REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 4

47


Case File | TVS Motor Company

automotive components to automotive process where a new design for a product is either documented or developed up to the dealerships, finance, and electronics. Today, Iyenger’s penchant for innovation prototype stage and adopted at a later date. The concept is built around creating and has been disseminated into its 40,000 strong workforce employed by its 50 odd companies. storing products for a period of three to five One of them is the group’s most profitable years. The purpose is to cut NPD time by proactively developing parts ahead of time. enterprise, TVS Motor Company (TVSM). For TVS’ executives in the manufacturing The moment you enter the company’s sprawling factory in Hosur, Tamil Nadu, space, this methodology was business-asyou are welcomed by a large open space usual, but for the company’s IT team, the and the fragrance of a line of Champa trees planted across the length of the company’s largest manufacturing facility. Before you start wondering if you are in the right place, an imposing line of TVS’ freshly manufactured two-wheelers greet you. The shelf engineering project has It is this factory that has given done two things for TVS Motor India its first two-seater Moped, the TVS 50cc, and the most Company, among others: Brought popular and longstanding brand, IT closer to business and set a new TVS Scooty. benchmark for innovation. The company manufactures a bike every eight seconds. But innovation runs deeper—and faster—than the company’s The amount of time reduced by stunningly casted, chiseled, and shelf engineering to deploy an IT solution. sculpted two-wheelers.

Accelerating Innovation

65 percent

Assembling Ideas In 2004, the company tested its revolutionary fuel injection technology, and later adapted it to TVS Apache motorcycles. The new technology was to offer its customers great drivability, better fuel economy, and performance consistency at different altitudes and environments. Gas shock absorbers, power and economy mode features in speedometers, and LED light technology were developed in advance, kept in the shelf, and pulled out at an appropriate time during new vehicle development. At TVS, they call the concept Shelf Engineering—to develop a part or process or technology, not for immediate but future use. The concept uses new product development (NPD)

40

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

80 percent

The rate of deployment of a shelf engineered project.

6 months

The duration that a shelf engineered solution spends on the shelf on an average.

4 out of 5 times

Shelf engineered projects have been delivered successfully.

5 projects

The number of projects that the IT team works on at a given point in time.

concept was new and extremely fetching. That’s why in 2010, while devising the year’s IT plans, TVS’ Group CIO, T.G. Dhandapani came up with the idea of implementing shelf engineering in IT. The aim was to find ways to significantly cut down the time taken to find and adopt a new technology, and develop, test, train and implement a solution. He also wanted to empower different section heads within IT in such a manner that every time business requests for a new solution, it is delivered almost instantly. But there was a catch: Who would own the project: Business or IT? Also, if an opportunity isn’t fully anticipated by the users, there’s a chance that they might not value the IT solution. The IT team would develop and prototype technology solutions based on insights gained from business teams and shelf them instead of building them as and when business demands. “So, when a department asks for a solution, we can provide it at less than a third of the time normally taken to deliver a solution,” says Dhandapani. To that end, Dhandapani dedicated 5-10 percent of his IT budget to shelf engineering. The next step was to collaborate with experts from app development, security, infrastructure, and datacenter teams and assess what the business needs. The results were nothing short of phenomenal.

Road Trip to Success In the last two years, Dhandapani and his team have shelf engineered and deployed about 20 projects. Every team member is encouraged to execute at least two innovative ideas per year. “One of the major by-products of these initiatives is that IT gets to step into the shoes of the user while assessing the need and testing a solution,” says Dhandapani.

VOL/9 | ISSUE/05


Case File | Mahindra Reva

One such project was the centralization of minutes of meeting (MoM). In any large organization, a number of both structured and ad-hoc meetings take place. At TVS, every time this happens, as per SOP (standard operating procedure) MoMs were registered in an MS Word document and circulated to different stake holders and actions were reviewed in the next meeting. The IT team observed that many a times, executives went through the minutes only on the day of review and as a result the same subject matter was discussed repeatedly. To fix this, the IT team decided to develop a centralized MoM system using an open source platform. It was integrated with the company’s mailing system and calendar. The system records and tracks the tasks and action points of business meetings for on-time compliance. The project was engineered and tested within IT for all reviews and meetings. After its adoption within IT, there was a request from the chairman’s office to devise a system to record and trace MoMs. There was a mandate to develop the system within three months. “Since the MoM project was already shelf engineered, it was deployed in less than a day across the organization,” says Dhandapani. Now different HoDs have deployed dashboards displaying status of actions assigned to individuals during such meetings which helps in instituting managerial effectiveness. The MoM project was just the beginning. Dhandapani and the IT team had more tricks in the hat. One of those was the ISO 27001 certification project. Putting a security system—in terms of certification—in place isn’t a mandate in the automobile industry. “But as a process-oriented organization, we decided that ISO standard would formally bring information security under explicit management control,” says Dhandapani. The initiative was executed under a supervisory improvement team within IT for its implementation and its audit was scheduled in February 2013. At the time, TVSM was finalizing terms with BMW for a technology sharing and manufacturing agreement. The partnership was a result of BMW’s decision to make motorcycles with engines that are

VOL/9 | ISSUE/04

Today, when a user or a department asks for an IT solution, we can cater to them at less than a third of the time normally taken to deliver a solution. — T.G. Dhandapani, Group CIO, TVS Motor Company

smaller than its current models to help it cater to the growing demand for such products in emerging markets like India. The partnership would also give TVS access to technology to develop new and advanced motorcycles. During one such meeting with BMW, TVS executives were asked if the company complied to ISO 27001. Immediately, Dhandapani received frantic calls from both his CEO and the President of R&D to confirm the status of ISO 27001 certification. “They were thrilled to hear that the company would be certified

in less than a month. Eventually, TVSM got accreditation even before they signed the agreement with BMW,” says Dhandapani. Another roaring success for IT was executing the visitor management system. The company wanted to embrace the RFID technology for a long time. In the absence of a good business case from either the operations or supply chain teams, the IT team decided to shelf engineer the project. In the VMS, every visitor is traced via RFID tags from entry to exit. This REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

41


Case File | TVS Motor Company

involved creating RFID tags and readers to capture information at strategic points. A centralized security dashboard monitors the movement of visitors to ensure physical security. This project gave the IT team RFID interface challenges and also helped it learn about on-line analytics. Once the project was tested within IT, it was flooded with requests from the operations team to leverage five more RFID projects. While these projects sound impressive, there’s only one yardstick to measure their success: User acceptance. Dhandapani knew that the only way to give wings to the IT team’s ideas was to attract users by show-and-tell. Dhandapani set up a user experience lab at the company’s Hosur facility. The lab houses about seven dashboards which can be used by the employees of the factory to visualize the flow of data in various IT sub systems used by the company for various purposes. For instance, one of the dashboards represents a digital display system used on the shop floor, at the production floor, or even the canteen. With the touch of a button, a user

can find out the number of ready vehicles on the production floor, the lunch menu in the canteen or even the number of vehicles sold. “Using analytics, we wanted to let the user experience a completely new way of looking at these numbers,” says Dhandapani. The other dashboards include the visitor management system, VoIP system, travel management system, dealer management system among others. The experience lab has not only added to the delight of users but it has enabled them to visually appreciate the functioning of different IT systems used by the company and tickled their curiosity.

Final Destination The concept of shelf engineering has carved out new paths for TVS to ride on. And Dhandapani is thrilled with the results. “The time to market for IT solutions has lowered by 65 percent, cutting down the lead time between problem identification to providing the solution,” says Dhandapani. If that’s not all, there are new projects in the pipeline almost every year. To measure the success of the initiative, Dhandapani

says the rate of deployment of a shelf engineered project is above 80 percent. The shelf engineering concept was introduced in IT in order to target large IT improvements in the company. As a result, on an average, 4 out of 5 times, these projects have been delivered successfully. This constantly motivates the team to accurately anticipate the needs of the business and come up with innovative solutions. “The CxOs are also encouraged to ask more from IT for them to perform better,” says Dhandapani. IT’s mission has always been to drive strategic and operational objectives of the company. Dhandapani’s IT team has been proactive in keeping the solutions ready whenever required. “Today, when a user or a department need an IT solution, they can take it off the shelf. And now they have a variety of solutions to choose from,” says Dhandapani. And with that TVSM has set its IT wheels in motion. CIO Shubhra Rishi is senior correspondent. Send feedback to shubhra_rishi@idgindia.com

Where Opinions Come Alive!

WWW

V I D E O S 52

IN

Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now!

O C T O B E R 1 , 2 0 0 5 | www.cio.in

www.cio.in/videos


IT Resume Makeover BY RICH HEIN

Career coach and strategist Donald Burns shows technology executives how to better transition from IT consulting back to corporate IT as he works with a client who’s feet are planted firmly in both worlds. Tim Davis has had what most would consider a successful IT career. IT Job Search Problems He’s navigated to the top of the corporate ladder with 20-plus years As his job search progressed, he was running into an unforeseen of IT management experience under his belt. Having held several problem. Potential employers and hiring managers would look positions in that arena over the last couple of decades, not the least of at his history, see his four years of IT consulting and assume which was his role as the CIO of the Popeye’s chicken franchise, Davis that meant he had been looking for a job for four years and not decided it was time to strike out on his own as an IT consultant. “You necessarily working in the IT trenches. know the saying: The grass is always greener. I’d been working in “Consulting is real work. I wasn’t looking for a job. I was working the corporate environment since I got out of college with several different clients, working on various and wanted to try something different,” says Davis. projects and working within different industries. Reader ROI: He had a successful IT consulting career going You have to do your own billing, collections, Why your CV isn’t as good as well but after four years of going from contract business development and marketing. I got a ton as you think to contract Davis decided he wanted a more stable of experience going out there and starting my own The importance of position that the corporate world could offer. So consulting firm,” says Davis. updating CVs with that he set out to find a new position in the Regardless of that his job search efforts weren’t How to go about it corporate world within IT management. netting the results he’d hoped for. The only positions

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

43


CIO Career he was getting interviews for were ones he had acquired through his personal network. Davis decided he needed a new plan and the first step was rethinking his resume. He felt his resume was too wordy, which is understandable when you consider how difficult it is to distill 24 years of experience into a single document. And with that he reached out to CIO.com, put his name in the hat for the IT Resume Makeover series.

Resume Writer’s First Look

What Position Are You Applying For? While it was clear he was in IT management, the title and summary didn’t make what role he is seeking clear enough. “There was confusion there because he was trying to do two things at once. He’s using it for consulting and looking for a corporate gig, too,” says Davis. Burns thought out of the box on this because he knew that while Davis is looking for a corporate role, he is still continuing to consult. For that reason, he came up with a new format that he calls the Bio Flyer. His goal is simple, one document with two purposes. More on that later.

“His resume wasn’t horrible, but it wasn’t competitive,” says executive career coach and resume writer, Donald Burns. “It talked about the List and Explain Awards or Recognition wrong things. Initially nothing in the resume stood out in a good way. In his resume Davis had listed that he had won an award: The Georgia It seemed like a typical resume. It was boring and kind of a data dump. CIO of the Year. This is good, but there was very little indication of Tim is a bona-fide consultant with real clients and he’s been doing that why he had received that award. “It was buried in the back. While for four years, but many people get laid off and then use IT consulting working in the restaurant industry he came up with an IT solution that as a gap-filler. There are many people in IT who do integrated a lot of information to come up with how this but don’t have any clients. That is really bad,” much chicken to cook and when. When you put that says Burns. Burns knew he had to make Davis’ kind of thing on your resume, a real success story, consulting positions as credible as his corporate accomplishment or result, it was very impressive,” roles in order for this to be a success. Burns knew says Davis. he needed to identify a couple items. He needed to know from Davis what his target position was Job Experience Unclear and more importantly what he wanted that he At first glance, when you looked at his Popeye’s wasn’t getting from his current position. With that experience Burns thought many employers could knowledge in hand they discussed Tim’s history think that he was working for a single franchise as and work experience. opposed to the entire Popeye’s chain. Burns took “We had two in-depth meetings…Donald did a time to reword this and shorten it for the sake of much better job using a marketing type approach. clarification. This made it obvious that Davis was He changed the focus from a simple chronological,” the CIO of a global franchise with more than 2,100 Source: CIO Research says Davis. stores in 30 countries.

10% Of Indian CIOs say that if

they moved jobs, they would like to go into consulting.

Keep It Short At first glance, Burns knew he had to chop some of the wording down. There was a lot of text but it wasn’t saying enough of the right things. “It was very long and the wording was dense. You can’t give a laundry list of tasks and things that you’ve done,” says Burns. According to Burns, an outside interviewer is important in order to flesh out what’s important from the fluff. “Tell me the landscape. Tell me what all this means. What were you doing? As it unfolded he had amazing stories that were all locked up in his head. That’s why the content of the new resume looks nothing like the original. It looks like someone else’s career because the important stuff wasn’t on the paper. People think they are describing their resume but it’s not what recruiters and hiring managers want to hear. They want to know very quickly what you accomplished for your last employers,” says Davis.

Don’t Bury Your Achievements The resume text was long, but it wasn’t really saying anything. “There were lots of little details of tasks he had worked on that I call the jigsaw puzzle. It’s lot of small pieces but you don’t get the whole picture of what he had accomplished,” says Burns. After speaking with Davis, it was clear to Burns that there were several times where Davis was brought in to bring order out of chaos and he was successful. That is what Burns wanted to bring to the forefront of this new resume. 44

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Rise of the Bio Flyer IT consulting is on the rise as more IT pros decide to go it alone. For that reason Burns decided to create a single multi-purpose document that could deliver results. “This is a very practical thing for people like Tim, says Burns. By people he means people who work in the corporate IT world but also have consulting work as well. To do this he created a strong first page of the resume that could be used as a standalone document. It briefly covers all of Davis’s career highlights. Simply add an image and it’s ready to be distributed to his prospective consulting clients as a bio flyer. The entire three-page document, on the other hand, is meant to be used as a resume for his corporate IT job hunting.

The End Game Davis couldn’t be happier with the results and, as a matter of fact, about an hour before our final phone interview he went on a job interview sporting his newest resume. He had applied using his original one but took the time to ask the hiring manager to critique his newest resume. “I met with an HR person for a job interview today and I asked her to look at this brand new resume. She said it was the first one she’d seen in that format. She said it popped and that her eyes were drawn to the bolded areas. She really liked it,” says Davis. CIO Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05


Sangita’s Agenda: To leverage IT to create an efficient and patient-friendly healthcare system across the Apollo Hospitals Group.


CXO Agenda | Operations

Saving lives can never be business-as-usual. It doesn’t matter whether you are a life-guard in a desolate beach country or running one of the most renowned hospitals in the world. And that’s because you are constantly challenging time—the only thread that hangs between life and death. That’s something Sangita Reddy, executive director-Operations, Apollo Hospitals Group, has realized. “The biggest challenge with operations in healthcare is to get things done in as less time as possible, and maintain a high degree of quality and efficiency,” she says.

The only way to achieve that is to turn to IT. That’s why Reddy has been striving to infuse technology into the fabric of the Apollo group. Be it creating a Unique Hospital Identification initiative to help patients across the country have a single instance of their health records, or helping patients track their health on mobiles, or ensuring patients’ test results reach doctors in the least possible time by leveraging the power of the Internet of Things. In this interview, Reddy shares how IT is changing the way hospitals are run and making the business of saving lives more predictable.

IT’s

Healing Touch Sangita Reddy, Executive Director, Operations, Apollo Hospitals Group, says that in an industry where every passing minute could change a life, IT is lending a hand by improving response times, reducing human error, and saving costs. B Y D E B A R AT I R OY

VOL/9 | ISSUE/05

CIO: Apollo’s Unique Hospital Identification (UHID) initiative sounds interesting. What’s it about?

SANGITA: UHID is an acknowledgement of the fact that everyone needs to have a single instance of health record throughout their lifetime. This ensures that irrespective of a patient’s geographical location or his hospital, doctors have a detailed view of the patient’s medical history and ensure that diagnosis is timely and well-informed. With the new UHID initiative, when a patient walks in to any of our facilities, we can pull out his medical history. This means patients no longer need to carry documents, thereby significantly reducing the time taken to start the treatment. REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

47


CXO Agenda | Operations We also realized that the algorithm, for UHID—although developed for the Apollo Group—can be used across the country and we are ready to donate the algorithm for use in the public domain. To fulfill that vision, I had requested the UIDAI team, headed by Nandan Nilekani, to see if there’s a way to connect UHID numbers to a person’s UIDAI. This initiative could open a whole new world of possibilities for hospitals across India to provide timely care to patients. With the government providing support like maintaining a master record of all registered hospitals and deciding on a common numbering system, hospitals across the country could then share information in a secure manner. This creation of a state-wide health information exchange platform has already been introduced in many of the more developed economies and India should start making a move towards it too. How is technology helping ease information flow between the Apollo Group’s hospitals, doctors, and patients?

IT is the foundation on which this entire concept has been built. Today, we are not just limited to keeping the EHR (Electronic Health Records) within our hospitals for our record-keeping but are also providing patients access to their records anytime, anywhere, with an initiative called PRISM, which is our patient health record (PHR). The moment patients register with any of the Apollo facilities, they are given access to their PRISM account which is a personal summary of their health record that they view even from their mobile phones. They can also use it as a tool to track and monitor their health. For instance, a diabetic can upload his details frequently and receive alerts and expert advice on whether his blood sugar levels are high or low and what he can do to improve

the condition. Currently, we have over two million records under PRISM hosted on our private cloud. The EHR is also integrated to various wearable medical devices. That’s interesting. How else are you using newer technologies like mobility?

Mobiles and the proliferation of smartphones has come as a boon for the healthcare industry. It is estimated that by 2020 the m-health market in India would grow to touch a billion dollars. At Apollo, we are viewing this new wave of engaging with patients from two perspectives. One is making our current customer-centric applications mobile-ready. The versatility of an Android platform has made a lot of things possible. Both our PRISM and E-doc applications—an app that allows patients to book appointments—are already mobile-ready. The best part is that this application is an SMS-based system that can work on any Android-based mobile platform and one doesn’t even require a smartphone. Apollo has an intrinsic understanding of the m-health space, and we are using it extensively internally to enhance cost effectiveness, improving information flow within the group, and improving doctor-patient connectivity. The second objective is to constantly launch new initiatives and create a Mobile Health System that increases agility, productivity, and response time of our doctors and our support staff. Doctors can access radiology and CT scan reports even on the move via tablets or mobile phones and provide suggestions to the care teams. They can help patients in need without being physically present. Patients, on the other hand, can monitor their symptoms and receive lifestyle, diet, and educational support through Apollo’s diabetes programme SUGAR. Diabetics can SMS their blood sugar count

Being in an

where every minute and every mistake can have huge negative

industry

consequences. Only 58

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

IT can help us manage this colossal system. VOL/9 |


CXO Agenda | Operations through the system to a clinician and they receive a reply explaining the numbers and what they should do. How does IT help you deal with everyday challenges of running a hospital?

Being in an industry where every minute and every mistake can cost a life, is not easy. And managing 54 hospitals—spread across nine countries—makes it a lot harder. The biggest challenge with operations in healthcare is to reduce the margin of errors caused due to manual processes, get things done in as less time as possible, and maintain a high degree of quality. But one good thing about Apollo is the fact that only technology can help us manage and monitor this colossal system. We have been early adopters of some innovative concepts that marked our dedication to quality and providing timely healthcare. For example, we realized that most of our labs are located in the basement of our hospitals. By the time a patient’s test results reach a doctor, lots of crucial minutes are lost. So, a couple of years ago, we rolled out an initiative to link the glucometers in the labs to the mobile and pager systems of our ward attendants. In a machine-to-machine communication system, the lab analyzer messages the HIS about abnormal rise or fall in a patient’s blood sugar count, the HIS messages the Telephone Control System (TCS) and the TCS then sends an SMS/mail alert to the medical staff tending to that particular patient. Another thing we are trying to do is to leverage what is nowadays being termed as the Internet of Things. We are connecting most of our medical equipment to our information systems so that all devices can be connected to the larger network. These networks, in turn, are connected to a monitoring station. A recent initiative under this is to create an e-ICU system where all of our ICUs are connected and a team of experts can monitor patients 24/7, irrespective of the location. Today, we can dynamically track and monitor whether a patient has been waiting at any Apollo facility for more than half an hour. All of these initiatives are steps in our journey to make hospital operations free of manual intervention and quicken response times in a cost-effective manner.

What role does technology play in helping Apollo sustain uniform quality of healthcare?

Apollo Center of Excellence (ACE) is our biggest platform for quality control enabled by IT. We have singled out 25 parameters for quality based on international best practices and that has been captured under ACE. ACE monitors multiple aspects across all our facilities and generates reports that help management track the clinical quality from success rates of operations to inventories. It also allows us to track the reason behind the problem and intervene in time to make amendments. The Apollo Group is currently the only hospital group in India that has been awarded an HIMSS Level 6 certification. It is one of the highest acknowledgement of quality in the healthcare industry. Less than 20 percent of the hospitals in the world today are HIMSS level 6 certified. How can advanced IT become a competitive differentiator for healthcare service providers?

Undoubtedly, it makes a significant difference. One of the biggest competitive differentiators in the healthcare industry is the trust that patients put in you with their lives. All our recent initiatives like UHID, mobility and PHR are global best practices based on an ideology called patient centricity. Earlier, healthcare was more of a transactional system where a single doctor attended and diagnosed a patient and the patient was at the receiving end. Today, doctors are transforming from an individual doctor responsible for a patient, to a specialist group of ‘care teams’ that constitutes medical professionals with varying expertise. This team aims at fixing a single problem and, at the same time, monitoring the complete health of the patient. Patients are no longer at the receiving end but at the center of all our operations. All of this has definitely increased the amount of trust our patients put in our endeavor to provide them quality, and low-cost healthcare. IT is helping us achieve that. With 115 telemedicine units, the Apollo Group is also one of India’s leading telemedicine providers. What is the biggest deterrent to its adoption in India?

Telemedicine is a very bandwidth intensive medium. From transferring image heavy data like medical report scans to doctors sitting at some other location, to video conferencing, all these processes are extremely bandwidth heavy. One of the primary things that is hindering the adoption of telemedicine is the limited bandwidth and connectivity in India. The situation has improved in the past couple of years but there are still places in the boondocks where connectivity is either absent or is extremely patchy and expensive. And that defies the whole point of a telemedicine initiative because it is these extremely rural places that don’t have sufficient healthcare centers and could use telemedicine. But I am hoping that newer technologies like 4G hold some promise and will change things for the better. CIO Debarati Roy is principal correspondent. Send feedback to debarati_roy@ idgindia.com.

VOL/9 ISSUE/05 VOL/1 || ISSUE/15

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

49


Project Management

INNOVATION vs. MAINTENANCE Spending too much time on keep-the-lights-on projects? Here’s how to tip the balance.

s

By

Minda Zetlin

Social! Mobile! Big data! BYOD! You probably already know what your company’s executives most want to see from your IT organization. But unless your company is very new, or you’re unusually lucky—or a very, very good manager—more than half your time and resources are spent, not on innovative projects, but on “keep the lights on” activities whose sole purpose is to prevent existing systems from breaking down. And sometimes the percentage is a lot higher than that. “I’ve seen companies where it’s 80 percent or 90 percent of the IT budget,” says Columbia Business School professor Rita Gunther McGrath, who examined this issue for her book The End of Competitive Advantage: How to Keep Your Strategy Moving as Fast as Your Business. “I think it should be no more than 50 percent,” she adds. Most CIOs would agree with her, but can’t achieve that 50-50 split in their own Reader ROI: budgets. In a recent Forrester Research What’s forcing you to survey of IT leaders at more than 3,700 spend too much time on maintenance companies, respondents estimated that they spend an average 72 percent of the money How to ensure you devote more time to innovation in their budgets on such keep-the-lights-on The importance of selling functions as replacing or expanding capacity your ideas and supporting ongoing operations and

50

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

13


Project Management

maintenance, while only 28 percent of the money goes toward new projects. Another recent study yielded similar findings. When AlixPartners and CFO Research surveyed 150 CIOs about their IT spending and their feelings about IT spending, 63 percent of the respondents said their spending was too heavily weighted toward keeping the lights on.

Why So Difficult? If no one wants to spend such a huge portion of IT’s funds just to run in place, why does it keep happening? One explanation lies in the term “keeping the lights on” itself: Turning the lights off isn’t an option. “It’s the ante that allows you to hold on to your job,” says Eric Johnson, CIO at Informatica, a data integration company in Redwood City, California. “If the systems are down and the phones aren’t working, no one will care how innovative you are.” Of course, new projects are very important, so the challenge is to do both.

“CIOs are striving to be business executives, truly driving value for the organization,” Johnson says. “That’s why there’s so much emphasis on keeping the lights on while still finding the budget to drive innovation.” A bigger problem has to do with the traditional approach to IT at most companies, where techies who are expected to abide by the principle that “the customer is always right” find themselves creating unwieldy systems in an ongoing effort to give the business exactly what it asks for. Keeping those systems running is usually difficult, time-consuming and expensive. “I’ve worked with a lot of companies where the CEO says, ‘I want you to do this, this and this.’ The CIO says, ‘That’ll be $5 million (about Rs 30 crore).’ The CEO says, ‘Do it for $3 million (about Rs 18 crore).’ So it’s patch, patch, patch,” McGrath says. That approach creates “technical debt”—something you’ll have to go back and pay for later—according to Bill Curtis, chief scientist at CAST, a software

analysis company headquartered in Meudon, France. Similar problems arise when IT tries to satisfy business needs too quickly. “Sometimes these things were built as ‘Let’s just get something up and see how it works,’” Curtis says. “Things that were designed as a demo suddenly have to grow. Or even if something was designed appropriately for what they thought would be the use, people kept adding new requirements and features until it became a kludge.” Perhaps worst of all is the tendency to customize licensed software in an effort to fulfil business requirements—whether or not those requirements have any real bearing on the organization’s goals or success. “We talk about business capability—the list of things a business needs to do to be successful and achieve its goals,” says Nigel Fenwick, an analyst at Forrester Research. “Out of 30 high-level capabilities, maybe two or three are differentiators.” When senior executives understand this well, he

SHOULD YOU RETHINK YOUR BUDGET?

i

f keep-the-lights-on work takes up too much of your IT budget, maybe the problem is with your budget. So says Bruce Myers, managing director in the IT and applied analytics practice at consulting firm AlixPartners. “People make the mistake of lumping keep-thelights-on and grow-the-business projects together in one budget,” he says. “Then they look at IT as a percentage of revenue. It has become a commonly used benchmark. What some companies are doing, and we suggest all companies should, is look at the cost of keeping the lights on as a percentage of revenue and manage that number down as much as they can. Improve-the-business projects should be treated like any other capital projects and compete for funds against other non-IT initiatives. If there’s a business case, the only limiting factor should be the amount of cash or capital available.” Why is this better? For one thing, you’re likely to make better decisions, according to Myers. Right now, some IT projects that should get done are probably being skipped because IT has used up its budget. And some projects that probably should be skipped are being done so IT can use up funds it might otherwise have to forfeit in the next budgeting cycle.

Myers believes too many bad projects go forward with a weak business case. “We spend a lot of time working in IT organizations from a business perspective,” he says. “I can’t remember one where we haven’t cut 50 percent of their projects because when you really drilled into them, there wasn’t a huge risk it was mitigating, or a real quantitative business case where a business unit had asked for the project’s specific benefits.” Perhaps paradoxically, removing grow-the-business projects from IT’s budget altogether seems to accomplish the goal of lower keep-the-lights-on costs. “And typically these costs are lower than when there’s only one IT budget,” says Nigel Fenwick, an analyst at Forrester Research. More important, if new IT initiatives are paid out of business units’ budgets, those business units take financial responsibility for those projects. “My goal is never to have to sit in front of the CFO and explain why IT is spending so much money,” says Michael Leeper, director of global technology at Columbia Sportswear. “The question should be, ‘Why is the business asking IT to spend so much?’ We can turn things on and off--but it isn’t our money.”—

—Minda Zetlin


Project Management

says, they encourage IT to focus on those key areas and seek standardized, easy-tomaintain solutions for everything else. Unfortunately, such understanding is rare. “It’s hard to get the CEO to stand up and say, ‘This is the way we’re going to do it,’” Fenwick says. But if the CEO doesn’t do that, he adds, “every little department will want to customize the technology to make their part of the business run more efficiently—and so they should.” After all, each department is being judged on its own efficiency, and anything that can make it run better is a good thing—from the point of view of the department’s managers. But the approach leads to systems that are difficult and costly to maintain. “Over the past 10 to 20 years, we’ve ploughed millions of dollars into software customization to support generic capabilities,” Fenwick says. “It has made IT more complex, made interfaces more difficult, reduced IT’s agility and added cost.” There’s one last reason it can be difficult to contain keep-the-lights-on costs: You may become a victim of your own success. “We’ve determined that it’ll be pretty tough to get to 50-50,” says Peter Forte, CIO at Analog Devices, a semiconductor maker. “The reason is, the more successful you are on the right-hand side that drives more activity to keeping the lights on. Every new system we deploy is a system that needs to be maintained.” Here’s a look at strategies that can help CIOs who want to spend less on keeping the lights on and more on innovations that will help the company reach its goals.

Virtualization If you haven’t gotten around to virtualizing servers, you may find that doing so is an effective way to cut keep-the-lights-on costs. Forte discovered that when a normal cyclical low in the semiconductor industry coincided with the worldwide economic downturn of 2009. “We lost 30 percent of our revenue almost overnight,” he says. As a result, IT had to quickly cut 30 percent of its costs, leading to significant layoffs. At the time, Analog Devices was about 45 years old, with the legacy infrastructure

VOL/9 | ISSUE/05

IF NO ONE WANTS TO SPEND SUCH A HUGE PORTION OF I.T.’S FUNDS JUST TO RUN IN PLACE, WHY DOES IT KEEP HAPPENING? ONE EXPLANATION LIES IN THE TERM “KEEPING THE LIGHTS ON” ITSELF: TURNING THE LIGHTS OFF ISN’T AN OPTION. to prove it. “The first thing we did was calculate what percentage of our investment would be needed to keep the lights on,” Forte says. “It was in the low 80s.” For a technology company whose success depended on its ability to rapidly bring new products to market in large numbers, that was not acceptable. So IT launched a threeyear effort to shift that balance. Today, Forte says, Analog Devices spends 62 percent of its IT budget on keeping the lights on and 38 percent on growing the business. That’s not 50-50, but it’s a meaningful improvement. There were several elements to the program, but virtualization was one of the most effective. “We moved from an environment where we were 100 percent physical to over 90 percent virtual,” he says. That saved several million keepthe-lights-on dollars that the company poured back into innovation. At the same time, Analog Devices switched to a service catalog approach, automating such tasks as resetting passwords for employees— something that help desk staffers previously did over the phone about 1,800 times per quarter. “Those technologies swooped in and saved us,” Forte says.

Cloud Computing For many companies, moving services to a public, private or hybrid cloud also has a huge impact on costs. Johnson estimates that Informatica spends about 60 percent of its IT budget on innovation and only 40 percent on keeping the lights on, and heavy use of the cloud is one reason why. “We

have more than 30 enterprise software-asa-service operations,” he says. “We have a mantra: ‘Cloud first.’ Can we do it with a hosted cloud solution? If not, and we have to buy it, that’s fine. [But] building it custom is always the last resort.” And security concerns shouldn’t keep you out of the cloud, Fenwick says. Business executives “need to look at how much it matters if something is running in a datacenter 100 miles away and owned by the company versus one that’s 100 miles but owned by another company,” he says. “People don’t really understand the relative risk of someone hacking into our datacenter compared with Amazon’s datacenter.”

Standardization Eliminating customization for any function that isn’t a key differentiator can substantially reduce keep-the-lights-on costs. “People have done a lot of the easy stuff,” Fenwick says, referring to the fact that virtualization and cloud computing have already had big impacts on many IT budgets. Standardizing software is the next thing you can do to meaningfully cut costs. But while standardization can create great efficiencies, it can be a hard sell. That’s because, unlike the cloud or virtualization, standardizing—whether on SaaS or offthe-shelf applications—requires users to change how they do their work. “If you’re buying something off the shelf, it’s by definition not going to be designed for your processes,” McGrath says. “And once you start tinkering with it, you lose the benefit.” REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

53


Project Management

The key is to have the discipline to say, “We are not going to customize this.... We’re not going to make changes that will make it more difficult for us to be agile.” Fenwick says. Johnson says standardizing both technology and business practices helped Informatica get to the point where it spends 60 percent of IT’s budget on new initiatives. “You make sure you don’t have 10 ways of doing something,” he says. “You have one way of doing it.”

Planning Ahead One thing that makes keeping the lights on much more costly is the need to make unexpected repairs. You can save

in the evening to make sure all systems were functioning well. Adopting the new technology and other steps have helped cut the percentage of the IT budget devoted to keeping the lights on from about 80 percent to about 70 percent, he says, and he aims to get it much lower. For Michael Leeper, director of global technology at Columbia Sportswear, an outdoor clothing retailer, planning ahead also means not doing anything you’re likely to regret later. “Hopefully, you’ve done your homework so you don’t have to create shortterm solutions just to solve a problem,” he says. At the same time, though, he’s careful not to turn down requests from business people.

TRADITIONAL APPROACH TO I.T. AT MOST COMPANIES IS A BIG PROBLEM. TECHIES ARE EXPECTED TO ABIDE BY THE PRINCIPLE THAT “THE CUSTOMER IS ALWAYS RIGHT” AND CREATE UNWIELDY SYSTEMS TO GIVE THE BUSINESS EXACTLY WHAT IT ASKS FOR. money—and lead a more pleasant life—if you plan ahead and prepare for system maintenance needs. For The Reinvestment Fund, a Philadelphia-based community development financial institution that manages $700 million (about Rs 4,200 crore) in funds, automatic monitoring of the IT infrastructure’s operations has made a huge difference, says CIO Barry Porozni. “Upgrading our monitoring system was one thing that really made an impact,” he says. “It probes into applications and devices so we know proactively if e-mail is down—we don’t need users to come to us. Same thing with data storage—we’re very data-intensive, and it tells us how close we are to running out of space.” The new monitoring system has freed up a lot of time, Porozni says. Previously, he and his staff had to go through a checklist first thing in the morning and last thing 54

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

“Inevitably, you have to do something you don’t want to do just to make people happy,” he says. When that happens, it’s important not to leave the quick fix in place, but to go back and improve it. “Once that first [request] is up and running, you start figuring out how to fix it,” he says. “We’ll show the business what they’re asking for, and then go fix it in the background. You don’t want to start building on something that’s bad.” Planning ahead also applies to projects designed to grow the business, so Leeper and his team are in the habit of piloting new projects before anyone asks for them. “Once the platform’s stable and current, the next thing we do is make a small investment in technology we may not need immediately,” he says. One example is virtual desktops— Leeper saw that there might be a need for them so he implemented some to learn about them. “Then when the business did come to us, we didn’t have to tell them to wait,” he says.

Selling Your Vision Marketing your ideas for taming keepthe-lights-on costs, both within IT and to the company at large, is an important step. Indeed, as Analog Devices went through the painful process of recovering from layoffs and then bringing its technology up to date, Forte used a simple phrase to tell both his IT colleagues and Analog executives what the team was up to: “Shrink the footprint, shift the balance [from keep-the-lights-on toward innovation], optimize services.” “The importance of communication can’t be overstated,” he says. That was especially true when he took over as CIO in 2009. At the time, customer satisfaction with IT was low. “I kept telling people, ‘Hang in there, we’ll get things in order,’” Forte recalls. “I spent time with every vice president in the company, telling the same story: Shrink, shift, optimize.” By staying relentlessly on message, Forte gave both the business and his IT group a good grasp of the priorities and what still needed to be done. “I was giving a talk at a local college about business-IT alignment,” he says. “I said, ‘You can walk up to anyone who works in IT at Analog Devices, ask them what the three most important initiatives are for IT, and you’ll get the same answer.’” One student happened to have a friend working at Analog, so she called her friend to test Forte’s assertion. Sure enough, when asked for the top priorities, the student’s friend answered, “Shrink, shift, optimize.” Still, though you may have a grand vision for bringing down keep-the-lights-on expenses, Leeper advises starting out with small steps. “You’ll never get anywhere if you try to do it all at once,” he says. But it’s important to start somewhere. “Pretty soon, you begin accomplishing little upgrades with little payoffs,” he says. “And then one day you’ll look around and think: ‘Hey, I did it all.’” CIO

Minda Zetlin is a technology writer and co-author of The Geek Gap. Send feedback to editor@cio.in

VOL/9 | ISSUE/05


casefiles REAL PEOPLE

* REAL PROBLEMS * REAL SOLUTIONS

FLIGHT

PLAN

The intriguing story of how SpiceJet’s CIO found an ingenious way to save costs by limiting IT support staff—from what could have been 300—to 30. BY SHUBHRA RISHI

There was a time, in the not-so-distant past, when airlines evoked only one emotion in the average Indian traveller: Sticker shock. You can hardly blame them. Airlines were a snooty lot and were seen as a luxury only for the privileged. That isn’t true anymore. And that’s because, the average Indian traveller has found an empathiser in low-cost airlines. Their arrival has made airlines down-toearth and affordable. In that bracket falls India’s second largest low-fare airline, SpiceJet. The Organization: With over 300 domestic flights catering to 46 Indian cities, SpiceJet is owned by Kalanithi Maran’s Sun Group. In February 2005, SpiceJet ordered its first 20 Boeing aircrafts and it started with launching an airline in Delhi. The Business Case: Last month, the airline sparked a price war by slashing rates to fill in planes in the lean period between March-September. This forced other low-cost airlines to follow suit. That’s a clear indication of the mounting heap of cost pressures troubling low-cost airlines. But fierce competition and a low-margin business are forcing airlines to cut costs and optimize resources. That’s something Virender Pal, CTO, SpiceJet, realized way back in 2006. He knew that as SpiceJet introduced new routes, it would need more IT staff to manage ground IMS operations. But some engineers hired for the job weren’t being adequately utilized. Which is why they left the organization. Pal had two options: one, to outsource airport support, or hire a huge army of support engineers, every time a new station is announced. Airport support is a 20-hour job which is divided into two-anda-half hour shift of eight hours each. This would typically mean that SpiceJet would

56

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


Virender Pal, CTO, SpiceJet, found a smart way to save costs by providing IT training to customer support staff. require at least five to six IT personnel—in every airport— adding up to a packed 300-member consolidated IT team. And this number would multiply as and when new routes are introduced. Clearly, option two wasn’t the way forward. “The idea was not to compromise on quality, but to do more business economically, and save more money,” says Pal. It was then that Pal came up with an innovative idea. The Solution: Pal decided to form a band of IT champions. The best place to pick IT champions was SpiceJet’s Delhi office where a one week induction training of new hires—airport customer service agents—was going on. He was also eyeing his existing customer support staff. These IT champions were chosen over others on the basis of a few elementary parameters ranging from the way they kept or handled their computer systems and their inclination and interest towards technology at the check-in counters. These customer support agents were then trained on basic IT support operations such as configuring and replacing highlyspecialized network and boarding pass and baggage tag printers, handling computer systems, troubleshooting software issues, with the local airport staff and the core IT engineers at the head office in Gurgaon. A refresher training was also repeated after a few months for the selected IT champions. Additionally, a four-member group from the core-IT team in Gurgaon visited all the airports that SpiceJet operated in to meet the IT champions and stay abreast of the problems they were facing. At any particular airport, there are multiple service providers that support execs have to liaison with. For instance, in case there’s an error while printing boarding passes at the check-in counter, the SpiceJet customer support staff—now also IT champions—is equipped to troubleshoot it. In the absence of an IT-trained ground staff, this problem would not have been addressed in time, leading to delayed flights.

VOL/9 | ISSUE/05

The Benefits: The IT champions have given SpiceJet more than just efficient operations. Had Pal not taken the IT champion route—a small but powerful team of 30—SpiceJet would have had to recruit about 300 IT staffers at all the airports. “Our customer service levels have gone up as our teams are highly motivated in their roles,” says Pal. Not only do the IT champions understand the urgency of a situation, they are also

passionate about learning new skills which earns them an additional monthly allowance of Rs 2,000 each. The current cost of personnel is just 5 percent of what it would have been in the conventional support architecture. Today, these IT champions are helping SpiceJet cruise the skies with renewed vigour. CIO Send feedback to shubhra_rishi@idgindia.com

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

57


PRESENTS

20-22 February 2014

Winning in Today’s Environment Disruptive technologies are infiltrating the CIO’s world, leaving them with two choices: To see a set of challenges or to create new opportunities for their organizations and themselves. Here’s how.

B Y D E B A R AT I R OY

The alarm bells of the world’s economy might have stopped ringing, but its echo can still be heard. At the same time, relatively new technologies are disrupting traditional business models and changing the way organizations operate. The times, they are changing, but as scary as that might sound, it’s actually great news for CIOs, because for once, the new game is being played on the CIO’s home turf: Technology. Be it big data, the internet of things, mobility, or social technologies, many of today’s game changers are built on the back of IT. But to be able to leverage these new technologies and adapt to the changing rules of the market, CIOs need to change their approach. To help lend direction to their strategies, CIO

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


TITLE PARTNER

THEME PARTNER

CIO CONVERSATIONS PARTNERS

ASSOCIATE PARTNERS

TM

PARTNERS

VOL/9 | ISSUE/05

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

59


magazine and IDC joined hands at the annual CIO Summit. Here are eight ways to win in this new world.

Creating Meaningful Partnerships

POSITIVE IMPACT Doesn’t the ‘I’ in CIO signify the importance of information? Why do companies need a data officer? ” SIMON PIFF Associate Vice President, IDC APAC Enterprise Infrastructure

Conventional IT is morphing into a more service led-environment, rapidly shifting from IT agility to business agility.” SANDRA NG Group Vice President, IDC APAC Practice Group

The CMO desperately needs help from the CIO to understand these new channels, most of which are technology intensive.” RICHARD VANCIL Group Vice President, Executive Advisory Strategies, IDC 60

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

In the past few years, if there’s one department that has evolved in terms of dealing with technology as much as IT, it’s marketing. As traditional methods of marketing have become increasingly obsolete and customers move to newer methods of connecting with organizations, marketing has become more dependent on digital media, social media, and mobility. “Our research shows that marketing is going to undergo the greatest amount of IT-driven business transformation, which is projected around a growth rate of 10 percent annually by 2017,” says Richard Vancil, group VP, Executive Advisory Strategies, IDC. Earlier, organizations controlled how customers interacted with it. That’s changed. Customers are more aware of what they want, and how they will reach out to enterprises. And if an organization isn’t ready to embrace this new reality, customers will let the whole world know via social media. “The CMO desperately needs help from the CIO to understand these new channels, most of which are technology intensive. Systems of engagement, digital engagements like social and digital marketing, or being able to effectively leverage tools like marketing resource management, budgeting, campaigns management tools and BI,” Vancil says, are all areas where a CIO can help a CMO. This forces CIOs and CMOs to work together more deeply than ever before—a fact that doesn’t always go down well with either party. Vancil says that across the world it has been noticed that marketing teams invest in systems independently, without understanding where the dots need to be connected, resulting in siloed pockets of technology. Often, marketing departments aren’t as clued in as they should be about how to make the best use of new tools or how to secure data. “The new CIO-CMO dialogue has to focus on rectifying these gaps. Fragmented IT infrastructure, low IT skills in the marketing departments, inadequate knowledge of what technology to bet on and its implications, are all areas where the CIO can make a significant impact and transform the marketing strategy of their respective organizations,” Vancil says. And if the CIO and CMO don’t find a way to cooperate, they might be forced to, says Vancil. “If the CIO and CMO are not actively involved in meaningful dialogues of understanding what this new paradigm means to the organization and its customers, then it will become a company issue,” he says.

VOL/9 | ISSUE/05


Re-igniting the CIO Role In the recent past, the role of the CIO has once again come under scrutiny. Earlier, it was about how unaligned business and IT were, raising the question of a CIO’s relevance. This time around, it’s worse. With the advent of cloud computing, many are asking whether companies even need CIOs given that IT needs can be rented or strategically outsourced. Jaideep Mehta, country manager, IDC India, rubbishes that theory. “Whether we are talking about a CIO or any C-suite position, the role will die if the individuals populating it don’t respond to changing times,” says Mehta. There’s reason to believe that the role of IT will only become more important—not less. Mehta points out that as companies fight for survival and respond to temperamental and uncertain markets, they desperately need two things: Agile processes and flexible people. The good news? Technology can enable both of those. Mehta says that businesses are constantly under pressure to conquer three big challenges: The pressure of volumes and revenue growth, the pressure of handling Dalal Street, and the pressure to battle extremely stiff and increasing competition. The CIO, he says, can play a central role in easing each of those challenges. “The CIO is in the best position to usher in transformation, be it by making processes more agile, or finding new ways to do business, or by reaching new markets and creating innovative products, or by making employees more flexible with increased automation and flexible processes,” he says. Referring to IDC research, Mehta says that organizations are trying various strategies to respond to the

VOL/9 | ISSUE/05

POLL: NEXT GEN SECURITY CIOs at the event were asked: What does a true next generation security platform do?

52% Brings together all key network security functions

43% Is a platform that is non-intergrated

32% Only blocks or allows applications

2% Increases cost with each additional feature

needs of today’s market. In most cases, it is IT that is making the change possible. He shares the example of an Indian organization that went and acquired a new company to increase its market reach in the ASEAN region. Overnight, the company established a presence in six new countries. The CIO, of course, landed up with having to manage a whole new technology ecosystem based in multiple foreign countries. “Without the CIO’s agile strategy, the whole acquisition would have failed,” he says. This is the scale at which CIOs can make a difference, says Mehta. Today, organizations expect CIOs to become a partner in change. According to IDC research, in 2013, 50 percent of the KPIs that CIOs carried were actually oriented toward innovation and business outcomes. “The message is clear. The business obviously sees the CIO as a trusted change agent,” he says. From exploring new markets, to creating innovative

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

61


ENTERPRISE FOCUS CIOs were asked: In the last year, which areas has your business increased focus on?

40%

Financial impact

46%

Strategic impact

60%

Operational impact

48%

products and services, and from understanding the end customer’s psychology, to making a real difference in how smoothly and quickly a company can respond to market needs, the CIO is the eye of the storm,” he says.

Make Technology Work for You Since big data made its much-hyped debut, there’s been talk of the rise of a new c-suite position: The Chief Data Officer. That’s an idea that Simon Piff, AVP with IDC’s Asia/Pacific Enterprise Infrastructure Research Group, doesn’t buy into. “Doesn’t the ‘I’ in CIO signify the importance of information? Why do companies need a data officer?” he asks. That said, Piff underscores the importance of data in today’s economy. He points to a piece of MIT Sloan research which demonstrates how companies that are better than average at leveraging their digital assets have 12 percent higher revenue growth compared to their competitors. If information is the new oil, then it’s the CIO who is best positioned to leverage its power and assist business peers with insights they couldn’t have dreamed of. “But to be able to do this, CIOs will need to make two changes. First, is a change in mind set. CIOs have to realize that they are business leaders working in the technology space. The second, is to change the way IT has traditionally operated,” he says. For example, Piff says, it’s not enough for storage administrators to only look after the technical aspects of managing storage effectively. They need to drill deeper into what information is relevant to the business. Why? Because only then will storage admins know how to manage

Customer impact

Source: State of the CIO 2014

10

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05


information so that it is readily available for the business anytime they need it, which is one of the basic requirements for effective predictive data modelling. “The great news is that with new technologies like the cloud and software-defined everything, CIOs can move out of the traditional functional IT management to more strategic IT transformation initiatives,” he says. Piff lays down some of the ways in which CIOs can switch out from traditional IT management. He says that in terms of responsibility of the IT function, a new dynamic environment should be more about creating capability and supporting business by delivering value through dynamic multisourced systems. Another way is by leveraging cloud and strategic outsourcing as opposed to the older system of operating and managing internal IT resources. “Technology need not be owned and operated by IT anymore. CIOs should leverage IT both onand off-premise to create agile systems,” he says. Piff adds that instead of focusing on functional skills, CIOs should incorporate both IT and business skillsets in their teams. When these skills are not available in-house, CIOs can partner with solution providers to fill in gaps. Finally, Piff says that the very nature of a CIO’s KPIs are changing and that instead of worrying about TCO and ROI, CIOs need to speak the language of the business and start measuring their initiatives based on how much they impact business performance. W h i le relat ively new technologies like the cloud,

VOL/9 | ISSUE/05

As companies respond to temperamental markets, they desperately need two things: Agile processes and flexible people. The good news? Technology can enable both. mobility, BI and software-defined transformation are creating disruptions, they are also paving the way for the CIO to worry less about managing technology and become business leaders.

Outsource Smarter Everyone agrees that keeping the lights on is no longer enough. Businesses expect big things from IT and as CIOs try to walk this tightrope between business and technology, they will need help. But what does it mean to create meaningful partnerships? Ramachandran S., research manager with IDC Manufacturing Insights Asia/Pacific, says that the basis of these strategic relationships should not just be about SLAs but evolve into a more outcome-based model. “There needs to be an equal sharing of risk and the vision of working towards a greater goal, which, of course, needs to be aligned with the business’ requirements,” he says. But why this need to rethink partnerships? If SLA’s are being met, why tamper with this model? The answer, says Ramachandran, lies in the way business models are changing. With mobility, BI, e-commerce, and the internet of things, businesses are moving out of the traditional produce-and-sell model.

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

63


POSITIVE IMPACT Strategize, optimize, digitize. These transformative concepts will push CIOs on the path to growth.” RAJEEV AGARWAL Research Vice President, IDC

Be it a CIO or a business head, a role will die if the individuals populating it don’t respond to changing times.” JAIDEEP MEHTA Country Manager, IDC

ciosummit.in LOG ON

Missed the event but still want to soak up all its goodness? Log on to ciosummit.in and watch all the sessions—from both IDC and technology providers—on demand.

64

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

world and make an attempt to understand their business imperatives as well. “As IT buyers, it is important for the CIO to help their partners build sustainable businesses. If their partners are bleeding, they can’t help CIOs,” she says. Bhadauria says that although many IT models are still time-and-material driven, there is a traction building for outcome-based partnership models, which not only help CIOs make IT perform better, but also ensure that partners have healthy bottom-lines and can see the prospect of non-linear growth. Businesses are not bothered about applications and platforms but the final value a project delivers. And if the CIO starts engaging partners in more conversations around final business outcomes, it empowers partners to think differently. To be able to do this, Bhaduaria says there are six key steps CIOs need to think about. These include creating more standardization, talking about a value-based approach, having measurable metric-driven results, smartly linking price to performance, pushing co-innovation, and defining KPIs. With these in place, CIOs can create meaningful partnerships that are not about projects, but life-long engagements that bring value to everyone.

SMAC Them

Quoting a CIO, Ramachandran says that traditional KPIs like uptime, cycle-time, and costvariants, among others, are being pushed down to three levels below the CIO. And one way CIOs can focus more on innovation and business is to delegate work not just within the IT team but to partners as well. Kavita Bhadauria, manager for Software and Services Research Practice at IDC India, says that the first step toward this journey is to stop looking for suppliers and start looking for partners instead. To do that, CIOs need to first understand the partner’s

Chances are that as you read this, you are connecting with your business partners over your smartphone, writing a review on social media about a product you like, and maybe switching between an app tracking a shipment you are expecting. That is the power of the connected world we live in today. And your business and customers are expecting you to think of innovative ways in which IT can enhance this engagement. “There is a huge need for personalization, relationship sensitivity, service orientation, and redefining service levels across all channels. Organizations need to revisit their offerings, services, and processes to encash the potential of four pillars: Social, mobility, cloud and analytics,” says Shalil Gupta, director, Insights and Consulting, IDC. Challenging? Hardly. Think about it. Yes, these new technologies are creating disruptions. But what happens when you scale these disruptive technologies? Gupta refers to a platform called Panoptix from Johnson Controls which is an open, cloud-based building platform which simplifies the

VOL/9 | ISSUE/05


complex process of collecting realtime data from disparate systems and creates a single integrated view. With the internet of things, big data and mobility, companies are finding newer ways to make smart systems that are relevant to the business. New technologies like these can help CIOs elevate from talking about servers and processors to talking about business imperatives. Today, infrastructure doesn’t mean datacenters but systems that are self-repairing and self-configuring. Systems are always connected and cater to non-stop demand for products, services and systems. Technologies like the cloud can finally help CIOs give the business the kind of elasticity and scalability that they have been looking for.

Focus on Outcome-based IT Whenever most businesses hear the word IT transformation, two red flags immediately go up. The first is: How much is it going to cost and how long will it take to reach ROI? The second is: How difficult is it going to be to execute and does the company have the expertise to carry it forward? Sandra Ng, group VP, IDC’s Asia/ Pacific Practice Group, says that as markets change dynamically, businesses are looking at IT projects to deliver hard-core business value. It’s no longer about ROI or TCO but how much impact it made to the top line and bottom-line of an organization. “The market place of tomorrow is built on borderless connections, mostly online, changing rapidly with more focus and speed and automation and intelligent devices,” she says. To conquer and win in this new marketplace, CIOs need to change the way IT views, runs and measures the success of its initiatives. A look at the e-ICT marketplace today shows the convergence and collision of four

VOL/9 | ISSUE/05

specific areas of the ICT industry: Consumer devices, digital and premium content, x-commerce, and entertainment/content applications and services. “In the last four years, our lives have been more affected by the rate of change of technology compared to the last two decades. Conventional IT is morphing into a more service led-environment, rapidly shifting from IT agility to business agility,” she says. First, Ng says that CIOs need to forget to worry about budgets. With outcomebased IT, it doesn’t matter who is paying for a project as long as it delivers business results. She also says that there has been a recent surge in the number of joint projects occurring between CIOs and LOBs, where business and IT work in tandem to make a significant business difference. But to make this outcome-based mind-set a standard practice, CIOs need to change how they think and operate. Ng says that some major shifts include the need to think in terms of business applications and process managers compared to technical developers and administrators. CIOs shouldn’t spend their time thinking about managing giant, in-house IT infrastructure monoliths. With smart vendor and SLA management, they can start investing more time to collaborate with the business. And finally the structural thinking and reactive mind set needs to be replaced with a creative thinking and exploratory mind-set.

Winning Through Competitive Differentiation When IDC asked business leaders what worries them the most, their response wasn’t surprising. Most C-suite executives said they worry about profit and loss, customer satisfaction and better processes. When IDC threw the same question to IT leaders, their answers listed out a similar set of problems: Productivity, improving business processes, cutting costs, and increasing revenue. Obviously, contrary to popular belief, CIOs are business-oriented. Rajeev Agarwal, research VP, IDC, believes that by focusing on the three pillars—strategize, optimize and

Companies that are better than average at leveraging their digital assets have 12 percent higher revenue growth compared to their competitors.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

65


digitize—of modern day business transformations, CIOs will be able to overcome these challenges and become the harbingers of change and innovation. “Done well, these three transformative concepts will automatically push the organization on a growth path,” he says. Agarwal says that the first step to strategize is to use simple reports and dashboards to showcase the value that IT brings to organizations—no matter how fundamental it is. By reinstating this faith in IT, CIOs will be in a better position to align themselves with business peers. “And this goes a full circle. CIOs should never try to strategize alone. The more business peers you align with in your organization, the more initiatives will become a holistic company decision,” he says. Also, CIOs should do a dipstick and figure out the scope for optimization within their organizations. “Be it staff, processes that you support, or technology, everything has scope for improvement,” he says. By using methodologies like Six Sigma, CIOs can streamline processes and create more measurable parameters for the success of these processes. “We, at IDC, have noticed that companies that have optimized their current assets have easily reduced costs by 20-30 percent,” he says. Agarwal says that while human resources can be optimized by investing in good performers and focusing on integrating services and skill sets, CIOs can optimize processes by investing more in those that are competitive differentiators. The answer to optimizing technology lies in technology itself: By automating current IT infrastructure for higher selfutilization, standardization, and consolidation. Agarwal says that CIOs who have strengthened these two pillars need not worry too much about the third. Because what follows is the natural progression of digitization, that makes way for new age technologies like cloud computing, mobility and analytics.

Leverage Cloud and Mobility Craving for some hot pizza on a train? No problem. TravelKhana.com, a Web portal can now get it delivered to your seat. Working with partner restaurants in select towns and cities, the portal allows people to order food via a Web interface or a mobile application. “It’s not a radical technology. Bringing together the concept of a website, mobile apps, and home delivery is not what’s exciting. What’s exciting is the thought process and how new-age companies are leveraging technology to woo their customers,” says Venu Reddy, research director, IDC India. That’s a noticeable shift in terms of business concepts 66

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

If information is the new oil, then it’s the CIO who is best positioned to leverage its power and assist business peers with insights they couldn’t have dreamed of. and a clear indication of the fact that the world is constantly moving from an industrial to a digital one. And to be able to survive in this new scheme of things, IT needs to transform, not just on the surface, but to the core infrastructure level. Changing business models, the need to lower costs, shrinking time-to-market, governance and more agile processes, are going to have a tremendous impact on your IT infrastructure. This means that CIOs now need to look at something as core as a datacenter in new light. An efficient datacenter is the one that is agile, efficient, and cost-effective and can support dynamic business needs. Reddy stressed on the role that cloud computing and mobility can play in this journey. The need for standardization will push companies to look at more integration, modernization, consolidation and standardization of applications and IT processes, says Reddy. “Technologies such as virtualization, cloud, and mobility have the ability to renovate the infrastructure of organizations in a highly systematic and phased manner,” he says. Rightsizing supply and demand is one of the highlights of this flexible infrastructure. This means that CIOs can scale up or down depending on business demand, says Reddy. It is this agility that is going to become the next big business differentiator for most organizations. But Reddy also cautions that cloud and mobility are merely tools which happen to be available at the right time to solve a larger problem. It’s not the technology that is going to deliver value. What matters is how CIOs will use these tools to solve critical business issues or come up with innovative business ideas to win in today’s world. CIO

Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05


The Business Conference for IT Leaders The event created space for CIOs and industry leaders to have debates.

Nine roundtables discussed a variety of topics from mobility to the cloud.

The business conference for IT leaders had an impressive line-up of international and Indian speakers from IDC.

The CIO Summit gathered over 120 of India’s finest IT leaders.

IDG’s Editor-in-Chief, Vijay Ramachandran, shared insights from CIO research.

VOL/9 | ISSUE/05

Technology vendors like Vodafone held interactive dialogues at their stalls.

After a long day discussing important ideas, CIOs shared war stories over drinks.

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

11


ESSENTIAL

technology IMAGE BY MASTERFILE.COM

A CLOSER LOOK AT PHYSICAL SECURITY

Iris recognition systems are 100,000 times less likely to produce a false match than facial recognition systems and they finally seem ready to break into the mainstream, as prices drop and systems get easier to use.

68

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

Bull's Eye! BY ROBERT L. MITCHELL

SECURITY | At the entrance to "The Vault," the most secure room within the most protected building operated by security services provider Symantec, an iris recognition system stands guard as the last line of defence. Employees who make it this far have already swiped an access card and entered a PIN at the building's main door and then submitted a finger to a biometric reader to move beyond the lobby. But the high accuracy rate of iris recognition technology, which uses near-infrared cameras to take a picture of the subject's iris and then applies specialized algorithms to encode the image and match it to an existing record on file, makes it an ideal access control choice. After all, this is the high-security area that holds the cryptographic keys to Symantec's certificate authority business, which provides e-commerce security services to many organizations. "We have to make sure that no individual can compromise those cryptographic tokens, [and] iris recognition has higher accuracy and less likelihood of false positives," says Paul Meijer, senior director of infrastructure operations at Symantec's identity and authentication division. Symantec's use of iris recognition technology for an access control system in a setting where security requirements are high and cost is no object represents a classic application of the technology. But as prices have come down and the systems have become easier to use, the VOL/9 | ISSUE/05


ESSENTIAL technology

technology has been slowly gaining ground in more ordinary business settings in industries such as banking and healthcare. "Cost has perennially been an issue with iris, but this trend is quickly changing," as cameras, recognition algorithms and software have all improved, says Ram Ravi, a research analyst at Frost & Sullivan. One reason for the rise in innovation that led to those improvements: The 2005 expiration of a key patent on the mathematical representation of the iris that previously limited what competitors could do. Since that time, open standards have been developed, says Patrick Grother, director of biometric standards and testing at the National Institute of Standards and Technology (NIST). Until relatively recently, iris recognition systems were mostly deployed by governments, not by businesses, partly because they're so expensive. The largest use of iris recognition today is the Unique Identification Authority of India (UIDAI) project. That initiative includes iris recognition as part of a national ID

facial recognition systems, Grother says. Other benefits: The matching process is very fast and, unlike faces, the eye doesn't change much with age. NIST recently completed a study on the subject of iris recognition. While face photos on passports are generally replaced every five or 10 years, "the iris is good for decades," Grother says. And because each eye has a unique pattern, vendors offer dual-eye systems, such as the one used in Symantec's Vault, for even higher accuracy. "Ten fingerprints are the gold standard for identification. A pair of irises are at least equivalent to eight or 10 fingers, and maybe more," Grother says. Iris recognition systems encode the entire eye structure, following an open standard. And because the process doesn't focus on detailed feature points, a gray-scale 640-x-480-pixel image is sufficient. That's one reason why the recognition algorithms can speedily process data and respond quickly. "The old VGA format turns out to be all you need. High resolution is not needed,

At the CairoAmman Bank,inJordan, iris recognition has lowered average time per transaction at the teller window from four minutes to one minute.It also allowed the bank to reduce branch staffing levels from four tellers to two. system designed to cover all of India’s 1.2 billion citizens. The technology is now making its way to the consumer end of the spectrum. "The use of iris recognition in mobile phones is expected to see a considerable uptake," Ravi says. Another reason for its growing popularity: Iris recognition systems are extremely accurate; they're 100,000 times less likely to produce a false match than

VOL/9 | ISSUE/05

and in fact would slow things down," says Grother. Sophisticated, high-end cameras capable of capturing images at distances of two meters can cost $30,000 (about Rs 18 lakh) or more, but other models suitable for business use that operate at close range may run as little as a few hundred dollars. The FBI is on the cusp of adding iris images to its database of criminal fingerprints. As part of it Next Generation

$15B

The estimated size of the global biometric technology market by 2015. SOURCE: BIOMETRICS RESEARCH GROUP

Identification (NGI) project, which is gradually modernizing the aging Integrated Automated Fingerprint ID System, the agency plans to launch a pilot that could lead to the creation of a nationwide iris identity database for tracking criminals.

Banking by Eye For Kamal Al-Bakri, who as GM at Cairo Amman Bank oversaw the installation of an iris recognition system at 80 branches and 100 ATM locations in Jordan, fraud has not been an issue. "We've done more than a million transactions since 2009 with zero fraudulent transactions," he says. The bank recently upgraded to more-accurate dual-eye readers, "to sustain our position as a leader" as competing banks start to use similar technology, he adds. In Amman, people must present a government ID when banking—a driver's license isn't sufficient—but not everyone remembers to bring their IDs when they make a trip to the bank. So Cairo Amman Bank gave its customers the option of registering with its iris recognition system and using it at both the teller window and at ATMs. Customers initially had concerns, such as whether the system would somehow affect their eyes, so the bank put out a flyer with answers to common questions. Today half of its customers use the technology. The system isn't just more secure, Al-Bakri says, it's more efficient. With iris recognition, the average time per transaction at the teller window is one minute versus four minutes using traditional authentication methods. As

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

69


ESSENTIAL technology

more customers opted for iris recognition, the bank found that it could reduce branch staffing levels from four tellers to two. The latest cameras are smaller and less expensive than the models the bank deployed with its first system a few years ago, Al-Bakri says, but they're still not cheap—and neither was the integration project required to get the cameras, ATMs and core banking systems to work together. Al-Bakri declined to discuss costs for competitive reasons. But one vendor did say that the cost of a fully integrated vertical market deployment varies depending on the systems that must be connected. The average cost ranges from $3 to $6 per bank customer, he says. "But the cost is irrelevant when compared to the risk you're facing when you use a card and password," Al-Bakri says. "Look at what you're gaining from the system, not just what you're paying for it."

Faster Gates at Gatwick Speed and ease of use were key reasons why Gatwick Airport in London added a

a "bio pole" tells them where to look as a camera takes a facial photo and an iris image from a distance of up to two meters. Once the self-service process has completed, the gate opens automatically. The system then uses the iris data to authenticate passengers at each gate as they line up to board their respective planes. The system handles as many as 3,000 people an hour during peak travel times, and an average of 30,000 to 35,000 people pass through the system each day. "It's very effective," Rees says. The airport just completed a revamp of the system, integrating it with an enterprise service bus that exchanges data in real time with other systems used to check flights and passengers. "It's not just sticking some cameras onto a pole," he says. "There's a lot of infrastructure that needs to be in place." The cost of cameras for an application like the one at Gatwick can range from $10,000 to $65,000 (between about Rs 6 lakh to Rs 39 lakh). The airport has 34 of them. "These are expensive cameras," Rees admits, but

The trick with systems designed to capture iris images at a distance is to use techniques such as "dynamic signage" or flashing alerts to draw the user's attention to the camera,rather than trying to solve image acquisition issues through better algorithms. passenger authentication system that uses iris recognition technology a little over two years ago. The airport has a departure lounge where both international and domestic passengers congregate prior to boarding. "We had to ensure that people who are traveling domestically stick to their flights and don't swap tickets," says David Rees, IT program lead at the airport. Now users scan their boarding passes at the security gate, and a video system on 70

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

the airport needs high-quality equipment to capture images at a distance and process them quickly. The cameras include features such as optic mirrors that move to automatically accommodate people of different heights. The trick with systems designed to capture iris images at a distance, Rees says, is to use techniques such as "dynamic signage" or flashing alerts to draw the user's attention to the camera, rather

56%

Of Indian CIOs leverage biometrics as an information security safeguard when it comes to their users. SOURCE: GISS 2013

than just trying to solve image acquisition issues through improved optics or better algorithms. "By changing the way we call attention to the camera, we have increased the [iris image] acquisition success rate by 25 percent," he says. The system works by automatically locating a passenger's face and capturing the iris pattern while the video offers simple instructions, such as "Please look up" and "Please stand still, thank you" and "Please proceed," according to Rees. At Symantec, Meijer says the closerrange binocular-style cameras used in the latest version of its iris recognition system have also improved considerably. "Before, you had to manually adjust the mirrors to line up with your eye," he explains. "Now it remembers you when you scan your badge. It's more user-friendly."

Iris-centric Law Enforcement While most organizations use iris recognition as an additional authentication resource, law enforcement agencies in Missouri have made the technology central to everything they do. Missouri was the first US state to use iris recognition as the core platform on which to build a statewide law enforcement records management

VOL/9 | ISSUE/05


and jail records management system for tracking people as they pass through the criminal justice system, says Mick Covington, director of the Missouri Sherriffs' Association. The new system, used by sheriff's offices and the Missouri Department of Corrections, starts tracking people the moment they're arrested and booked. "When someone comes into one of our jails, you get a read back in three seconds that tells you who they are and where they were last," Covington says. Deployed in 55 of the state's 115 counties to date, the system is used by county jails to, for example, identify people, check them in and out for court dates, and make sure medication is delivered to the right person at the right time. The system will eventually upload iris data to a state repository that will, in turn, upload the data to the FBI's NGI database. The fact that the system doesn't require touching the individual is an advantage in a prison setting, Covington says, and the technology requires minimal staff training. "The quality of the images is much better now," he says. "And the machines are more user-friendly and more durable. They're cop-proof." Iris recognition technology is continuing to evolve and outgrow its spy novel image, as is the manner in which users interact—or don't interact—with the systems. The technology is moving beyond what HRS's Norman calls a "coerced method of acquisition"—exemplified by the types of systems historically used at border crossings and in prisons—to a more social technology. "Social is if I go to a store and take a soda from a machine using a biometric," he says. "We're on the edge of moving into a personalization stage and away from this security/paranoia type of application. That's the next phase." CIO

Robert L. Mitchell is a national correspondent for Computerworld. Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/05

Under the Lid IRIS | Unlike the retina scans you see in the movies, which shine a bright light through the pupil to capture images of blood vessel patterns at the back of the eye, iris recognition uses a camera to take a photograph of the iris—the colored portion of the eye. During fetal development, the eye goes through a process called chaotic morphogenesis that gives each iris its unique appearance. "When the optic nerve comes out of the brain, it essentially pumps out the eyeball, which rips and tears. Striations in the iris are the result of that," says Neil Norman, founder of Human Recognition Systems (HRS) in Liverpool, England. So how do iris cameras work? Functionally, iris recognition cameras aren't much different from digital SLR cameras, except that the light filters over the sensors allow near-infrared light to pass through instead of visible light, says Brian Martin, director of biometric research at MorphoTrust, a developer of identity verification systems. Iris recognition systems encode the entire eye structure, following an open standard. And because the process doesn't focus on detailed feature points, a gray-scale 640-x-480-pixel image is sufficient. That's one reason why the recognition algorithms can speedily process data and respond quickly. "The old VGA format turns out to be all you need. High resolution is not needed, and in fact would slow things down," says Patrick Grother, director of biometric standards and testing at the National Institute of Standards and Technology (NIST). Sophisticated, high-end cameras capable of capturing images at distances of two meters can cost $30,000 (about Rs 18 lakh) or more, but other models suitable for business use that operate at close range may run as little as a few hundred dollars.

IMAGE BY MAST ERF IL E

ESSENTIAL technology

FOR YOUR EYES ONLY

— By Robert L. Mitchell

REAL CIO WORLD | M A R C H 1 5 , 2 0 1 4

71


endlines INNOVATION

* BY NEIL BENNETT

The Finnish company Inni Nail Studio has launched a new service that lets you order false nails with your own art and designs printed on them. Inni Nail Studio is an online tool that lets you upload your artwork—or choose from a set of preset designs—and then order them for US$8.90 (about Rs 540) for a set of 26 nails. Currently the service is offering free shipping worldwide. Inni has also launched a Kickstarter campaign to help expand the business. For users without creative software, the service also lets users design nails (or modify existing designs) using simple tools. Inni says that the nails last up to 14 days and that you don't need to apply transparent nail polish on top of them. The company also claims that they're very sticky, so they don't chip and don't start to peel off by themselves even in hot water. Removal is as simple as peeling them off like a sticker, says Inni. "We started with high ambitions and vision to create something completely new," says Inni's CEO and founder Katja Koutaniemi. "We wanted to offer endless opportunities for our users with the best possible quality, so our team developed the software and studied the materials for several months before the launch.

72

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/05

IMAGE BY MAST ERFIL E

False Nails, True Art


Sizing Up SDx