ITNEXT August 2013 by Manan Mushtaq

INTERVIEW | Nitin Dang, Country General Manager, Micro Focus India and SAARC | Pg 32

â&#x20AC;&#x153;COBOL on an Integration Spreeâ&#x20AC;?

f o r t h e n e x t g e n e r at i o n o f c i o s

Sunil Varkey Chief Information Security Officer, Wipro Technologies

Nandkishor Dhomne VP-IT & CIO, Manipal Health Enterprises, Manipal Group

Enterprise security chiefs are on a mission to secure the enterprise with innovative technologies and new practices as defense against growing threats and data breaches Pg 10

Parag Deodhar Chief Risk Officer & VP-PE, Bharti AXA General Insurance Co Ltd

BossTalk

Take Risk to Innovate Pg 06

Plus

Transform Business, in a Flash Pg 36

Editorial

Mission Possible: to Secure Every enterprise or household is always on a mission to secure its assets and maintain a reasonable level of vigilance against any threat. It is, however, quite natural, sometimes, to ignore certain blind spots; which, unfortunately, prove risky, or even catastrophic, sometimes. Enterprises are reeling under such insecurities with an increase in threats and data breaches, against the backdrop of information becoming the critical component of all businesses and the new currency. While information security risks were confined more to the chief information security officer’s realm in the past, the trend is changing. Now, it is more to do with the business and the role of CISOs is closely linked to understanding the regulations and the business integrities that it would comply with. With businesses prone to serious risk and increased sophisticated threats that hamper critical data, security officers are compelled to develop their security strategy and security priorities. The challenges that CISOs face are also about designing technology architecture that is self-healing and highly resilient to threats and strategy that is tailored to the organisation to treat the risks appropriately. The cover feature on Best Practices in Information Security in IT Next’s current edition provides insights into various risks that new emerging technology trends are throwing up. The industry is invaded by new cloud models, virtual tools, BYOD, BYOA trends, which, in parallel, increase the number of risks, as also various types of risks disruptive to business processes. Infosec officers are at the crossroads, working to bring in the best and right tools to defend the growing threat. The story delves into how they are on a mission to secure their enterprises with the right skills, strategy, resources and technologies, besides ensuring stakeholder buy-in. The key is to let business users have their way in leveraging new technologies in a secure environment.

“The challenges that CISOs face are about design architecture that is self-healing and highly resilient to threats and strategy that is tailored to the organisation” Geetha Nandikotkur

Blogs To Watch! Information Security Best Practices for the Enterprise Rethinking information security to improve business agility http://www.intel.com/content/ www/us/en/enterprise-security/ intel-it-enterprise-securityrethinking-information-securityto-improve-business-agility-paper. html Information Security Best Practices Information Security Best Practices for Your Business http://operationstech.about.com/ od/informationtechnology/a/ Information-Security-BestPractices.htm ITIL V3 and Information Security The role and importance to the business of effective Information Security Management (ISM), how it is supported by an extensive family of global standards and the way these harmonize with ITIL

a u g u s t 2 0 1 3 | itnext

Content For the l atest technology uPDATES Go to itnext.in

august 2013 V o l u m e 0 4 | I s s u e 0 7

Facebook: http://www.facebook. com/home.php#/group. php?gid=195675030582 Twitter: http://t witter.com/itnext LinkedIn http://www.linkedin.com/ groups?gid=2261770&trk=myg_ ugrp_ovr

HARD STANCE Page

10 cover story

13 Access Via Mobile Made Secure

Enterprise Security Chiefs are adopting new and best security practices fearlessly and securing the business environment

boss talk

interview

Case Study of Manipal Healthcare around its BYOD strategy implementation and security measures taken up as part of the initiative

14 Banking and Insurance--cloud security

CISOs from the banking and insurance sector are evolving new risk control mechanisms

17 BYOD’s Security Conundrum

CIOs are charged with the task of making mobility work, CISOs are working on solving the BYOD risk puzzle

22 Data Breaches Viz-A-Viz DLP

CISOs are turning to tighter controls on email, mobile etc., while effectively using the DLP technology to prevent risks and data breaches

INTERVIEW | NITIN DANG, COUNTRY GENERAL MANAGER, MICRO FOCUS INDIA AND SAARC | Pg 32

“COBOL on an Integration Spree”

F O R T H E N E X T G E N E R AT I O N O F C I O s

Sunil Varkey Chief Information Security Officer, Wipro Technologies

Nandkishor Dhomne VP-IT & CIO, Manipal Health Enterprises, Manipal Group

ENTERPRISE SECURITY CHIEFS ARE ON A MISSION TO SECURE THE ENTERPRISE WITH INNOVATIVE TECHNOLOGIES AND NEW PRACTICES AS DEFENSE AGAINST GROWING THREATS AND DATA BREACHES Pg 10

Parag Deodhar Chief Risk Officer & VP-PE, Bharti AXA General Insurance Co Ltd

BossTalk

Take Risk to Innovate

Pg 06

Plus

Transform Business, in a Flash

cover Design: Anil T Photography: Jiten Gandhi Wardrobe Stylist: Harsha Thalramani

Pg 36

itnext | a u g u s t 2 0 1 3

06 Mindlance’s Group CIO, Kamal Sharma on the importance of taking risk if one has to innovate

32 Micro Focus’s Country GM, Nitin Dang on the importance of modernising COBOL to enhance productivity and save cost

Transform Business, ina Flash| Hitachi vouches

itnext.in

that flash storage technology will boost peformance, reduce TCO by up to 30 per cent, and help customers achieve business transformation

MANAGEMENT Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Vikas Gupta

EDITORIAL Group Editor: R Giridhar Editor: Geetha Nandikotkur

Page

36 15 minute manager 45 Flash on a Drive I IBM

endorses that the new flash storage technology has a durable and energy efficient spinning drive which boosts performance and addresses big data challenges

DESIGN Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Directors: Atul Deshmukh & Anil T Sr. Visualisers: Manav Sachdev & Shokeen Saifi Visualiser: NV Baiju Sr. Designers: Raj Kishore Verma Shigil Narayanan & Haridas Balan Designers: Charu Dwivedi Peterson PJ & Pradeep G Nair

insight 40 Myths about Enterprise

Application Orchestration | CAâ&#x20AC;&#x2122;s Senior Architect, Sudhakar Anivella on how to design an enterprise application solution on the lines of a well orchestrated music

MARCOM

Designer: Rahul Babu STUDIO

Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi

Open Debate

Update

sales & marketing

08 NSS Labs on what the

55 Key Ingredients in

enterprise security chiefs should know about NextGen Firewalls and relying on IP address and port combinations to define network applications is no longer sufficient

Planning a Cloud BI & AnalyticsI Indutry experts debate on key requirements and pre-requisites of a well carved out cloud based BI and analytics model for enterprises

Brand Manager: Siddhant Raizada (09873555231) Senior Vice President: Krishna Kumar (09810206034) National Manager -Print , Online & Events: Sachin Mhashilkar (09920348755) South: Satish K Kutty (09845207810) North: Deepak Sharma (09811791110) West: Samiksha Ghadigaonkar (+91 9833608089) Assistant Brand Manager: Varun Kumra Ad co-ordination/Scheduling: Kishan Singh

Production & Logistics

cube chat

Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

52 Think Clean, Be Simple|

Vishal Kumar Bisht of Marksman advocates all to carry the passion to learn and nurture the passion

RegulArs Editorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01

Office Address

Letters_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04

Nine Dot Nine Mediaworx Pvt Ltd A-262 Defence Colony, New Delhi-110024, India

Update_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 08 My Log_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 56

Certain content in this publication is copyright Ziff Davis Enterprise Inc, and has been reprinted under license. eWEEK, Baseline and CIO Insight are registered trademarks of Ziff Davis Enterprise Holdings, Inc. Published, Printed and Owned by Nine Dot Nine Mediaworx Private Ltd. Published and printed on their behalf by Vikas Gupta. Published at A-262 Defence Colony, New Delhi-110024, India. Printed at Tara Art Printers Pvt ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301. Editor: Geetha Nandikotkur

PHOTO /I LLUSTRATIO N/IMAG ING CRE DIT

advertiser index Panasonic IFC Emerson 5 E-Scan 7 Gartner 16-A

Page

Bry Air Asia

Delta 31 Lenovo IBC Vodafone BC

Please recycle this magazine and remove inserts before recycling

a u g u s t 2 0 1 3 | itnext

INBoX INTERVIEW | Bulent Cinarkaya, VP-ProduCt ManageMent, PuBliC Cloud, oraCle CorP | Pg 34

‘Public Cloud-the Fusion Advantage”

NEXTGEN CIO 2015 | COVER STORY

F O r T h e n e x T g E N E R aT I o N O F C I O s

Get, Set, Strategise

BOSS TALK

3 Sutras of Leadership Devdutt Pattanaik, Chief Belief Officer, Future Group Pg 08

PLUS

TPL 2013 India’s biggest inter-corporate IT team challenge Pg 43

Get,Set, StrateGize Key Skills that the next generation CIOs should possess to move to a strategic role Pg 14

july 2013

Key skills that next generation CIOs should possess to move to a strategic role BY N GEETHA I MAGI NG BY SHI G I L N

Inside Pages 18-19 | Mapping IT capabilities 20-21 | Vendor Management capabilities 22-23 | Interview with ISACA 24-26 | IT Governance

PHOTO I MAG I N G BY AN I L T

D ES I G N BY R AJ VE R M A

IT NEXT thanks its Readers for the warm response

he year 2015 will supposedly see many laurels, with people scaling up to new roles and responsibilities. The next generation CIOs are not an exception–they are set to tread the path of triumph. They seem to be all geared up to experience the change, given the backdrop of the IT management landscape going through a complete overhaul. It is obvious that businesses succeed when IT triumphs. Therefore, to get the future CIOs there, it is imperative that they develop key skills that would help them move from a support role to a strategic role: that of a CIO.

Time to Pivot IT Next has initiated a cover feature to get deeper insights into the various skills that next generation CIOs need to acquire or possess to enable them to scale up to this function. While a whole catalog of skills has been

J U LY 2 0 1 3 | ITNEXT

IT NEXT values your feedback

We want to know what you think about the magazine, and how we can make it a better read. Your comments will go a long way in making IT NEXT the preferred publication for the community. Send your comments, compliments, complaints or questions about the magazine to editor@itnext.in.

BYOD movement can be a security challenge Big data adds a new level of complexity to the IT department’s security challenge. I can understand that IT folks are against the BYOD trend. However, I don’t think they can do anything to stop it. It’s already happening, whether officially sanctioned or not. So the question now is--how to deal with it? Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches(such as, how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping the organisation’s applications and data separate from the employee’s personal device. Since AccessNow doesn’t require any software installation on the end user device--just an HTML5 browser, network connection, URL address and login details, and IT staff end up with less support hassles. Open the HTML5-compatible browser and connect to the URL given. Gunjan Sharma AVP-IT, Jabong.com

itnext | a u g u s t 2 0 1 3

www.linkedin.com/ groups?gid= 2261770&trk= myg_ugrp_ovr 300 members

read this issue online http://www.itnext. in/resources/ magazine

An honour to see my article printed Dear Editor, I realised that you have formally published the article that you and I had worked on. I can’t tell you how humbled and appreciative I am of this; thank you so very much. I’m sincerely honoured to be part of the IT Next legacy, but I’m also so very sorry that we lost contact. Nonetheless, I’m sincerely pleased to know that you decided to publish what I had put together. I very much like what you printed. It’s not a “huge” issue, but since I have now been re-employed, I’m wondering whether it’s conceivable/ possible to update the credits of the article along the lines of my new position – “Craig A. Tinsley – Sr. IT Service Delivery / Operations Manager, Valeant Pharmaceuticals”. .. or maybe even “Craig A. Tinsley – Sr. IT Service Delivery / Operations Manager, Valeant Pharmaceuticals – formally, Sr. Global IT Operations Manager, Motorola” (or something along those lines). It’s not a big deal if you can’t, but since I have been working for Valeant for the last four weeks, I hope that the credits can be modified a bit. I understand that “IT Next” is an India-based publication, you are strictly an internet publisher OR do you also do hard-print (that is, actual magazine print) as well? It is an honour to see my article printed in IT Next, and I’d gladly provide write-ups in future issues. Thanks again, Geetha, and it has been a pleasure working with you. Craig A. Tinsley Sr. IT Service Delivery / Operations Manager – Valeant Pharmaceuticals

Reasons to Stay in IT While it is true that we work hard for our money, IT professionals are well compensated for that hard work. IT professionals have a much better chance of finding and keeping a job. IT typically attracts analytical thinkers. ITNEXT<space> <your feedback> and send it to

567678 *Special rates apply

TIRTHADEEP KUNDU Managing Consultant (Note: Letters have been edited minimally, for brevity and clarity)

Boss talk | Kamal Sharma

L e a d e r s h ip M a n a g e m e n t

Take Risk to Innovate

uture CIOs need to shed their traditional mindset, get more futuristic and start thinking big. Adorning a leadership role is not about age or experience. It is about attitude, and belief in oneself.

Be Farsighted Being farsighted is always a huge plus. So, future CIOs should go beyond mere carrying out orders. In other words, they should not stop at saying, “My bosses want me to do more with less, or always want me to reduce costs; hence, I need to look at this technology.” It is not bosses who always need to make demands; in fact, it’s future CIOs who must understand that they need to work out effective ways of leveraging new technologies, think of the bigger picture and align the technological strategy accordingly. Being farsighted also enables them to drive better innovation and evolve the best project management strategy for the enterprise.

Understand your tasks This is easier said than done. It would not be an exaggeration to say that it is a tough job for future CIOs to think big and take tall decisions. But these challenges can be addressed if they understand their tasks and responsibilities well. It revolves around their ability to understand the nuances of the business and add value. As a priority, one must design the policy and be proactive so as to build governance around it; this helps in guarding it better and enabling non-IT functions to leverage it effectively.

Leadership Pipeline While it is important that future CIOs need to be proactive to understand the business, it is equally important to create a leadership pipeline for any enterprise: in particular, that of the CIO. I find the best companies struggling to transition leadership from one generation to another. It is because, in most cases, senior IT folks are not empowered to take decisions as to what would be the best for the business in a given situation.

itnext | a u g u s t 2 0 1 3

“Leadership and innovation are key ingredients to any growth. This is especially true for senior IT managers who are on their way up the career ladder” Innovation

Suggestion BOX

How one can apply Chanakya’s ancient wisdom to bring about changes in today’s corporate environment and management styles. Writer: Radhakrishnan Pill ai Publisher: Jaico Publishing House (2010) Price: INR 280.00

It has always been said that innovation forms the major part of any growth story, whether organisational or individual growth. Every future CIO should possess the zeal and mandate to do something differently. It has also been said that risk and innovation go hand in hand. To give an analogy, let’s say there are multiple projects and new technologies emerging. Future CIOs needs to have a gut feel of what works and what doesn’t. Sometimes, their decisions may go wrong. But out of 10 projects, at least 7or 8 will be successful, which can happen only if a certain amount of risk is taken. It is not just about financial risk, but also about personal credibility and confidence combined with thorough market research. Innovation could revolve around how to strike a balance between the activity and acquiring new business skills among various others. What they need to look at is how to carry passion and integrity and nurture them to groom themselves into the CIOs of the future. Kamal Sharma, Group CIO, Mindlance

Update I n d u s t r y

Things to know about Next GenFirewalls? TECH TRENDS | Over the past decade business processes and the security landscape have changed considerably as the Web 2.0 trend pushes critical applications through firewall ports that were previously reserved for a single function, such as HTTP. According to NSS Labs’ Research, Independent Security Research firm, the security administrator is powerless to stop this without crippling essential business processes. This means that relying on IP address and port combinations to define network applications is no longer sufficient. Firewall Functional Capabilities. Firewalls need to be capable of performing deep packet inspection of all packets, on

CLOUD

Using cloud analytics to drive competitive advantage in a marketing organization.

The Cloud Enablement Framework is used to help organizations objectively assess their cloud analytics capabilities. Depicted are examples of how a marketing organization could rank itself based on the three attributes of customer collaboration (yellow), analytics service adoption (green) and cloud service adoption (pink). Source: IBM

itnext | a u g u s t 2 0 1 3

trends deals products services people

Relying on IP address and port combinations to define network applications is no longer sufficient

all ports, and over all protocols in order to determine which applications are running on the network. NSS Labs’ research also indicates that over the past 18 months, the sophistication and strategic capabilities of cybercriminals has outstripped the pace of advancement within information security products. To meet these challenges, firewalls need to evolve into “nextgeneration”firewalls (NGFW). These will combine legacy firewall capabilities with IPS and incorporate advanced application and user ID awareness to enable the creation of granular security policies capable of operating in a Web 2.0 world. What the IT Heads need to know? • Web 2.0 and consumerization make it impossible to implement effective, granular security policies using traditional firewall • The firewall market is mature, populated with established vendors and provides limited scope for true innovation. • Cost and capabilities, together with ability to integrate with the established security and network infrastructure, become the drivers for traditional firewall product selection by enterprises. • Enterprise customers are increasingly willing to consider deployment of a consolidated security devices incorporating firewall and IPS capabilities. • Most enterprises are not fully aware of the range of applications running on desktops within their network, and are therefore unable to tune the IPS module of a NGFW. • Enterprise customers are unwilling to increase the complexity of their firewall policy in order to accommodate NGFW functionality.

Galaxy S4 Mini It is now available for pre-order in India via the company’s e-store. The smartphone features a 4.3inch HD display with 960 x 540 pixel resolution. Smartphone availability is July 18. The S4 Mini is priced at ` 27,990

Lava E-Tab 7ZC+ voice-calling 3G tablet

BlackBerry® 10 smartphone The BlackBerry Q5 smartphone features a QWERTY keyboard in a stunning, youthful design that is confident and makes it easy for customers to have fun, create, share and stay connected. Price: ` 24, 990

It has a 7-inch capacitative touchscreen display with an 800×480 pixel resolution. Powered by a 1GHz Snapdragon processor and USB. Price: ` 8,499

Ramco’s HCM on Cloud Goes GLobal TECH TRENDS | Ramco Systems, an enterprise software product company focused on delivering ERP on Cloud, Tablets and Smart phones announced the global launch of its comprehensive HR & Talent Management solution, Ramco HCM on Cloud (Human Capital Management). The launch also marked the unveiling of Ramco’s In-memory engine, Minnal which dramatically improves processing speed by up to 100 times. Virender Aggarwal, CEO, Ramco Systems, said, “The enterprise cloud market is growing rapidly with adoption across organizations of all sizes. Our investments in technology and our focus towards bringing Mobility, Gen-Y User interface, role-based WorkSpaces and

solution on Cloud. Our ability to offer a multi-country payroll that is flexible enough to integrate with any standard ERP has been a key differentiator in the global market. In order to capture the booming HR software market, we are also partnering with large ITeS players to offer our HR Platform as a Service.”

Ramco HCM on Cloud

Unveils its power-packed, In-memory engine—Minnal

In-memory engine into a Cloudbased offering has helped us carve a niche position, globally. After taking ERP and Aviation solutions on Cloud, we are now taking our comprehensive HR

Ramco HCM on Cloud is a comprehensive solution that covers every aspect of an employee lifecycle: Workforce Management, Recruitment, Talent Management, Employee Development, Workforce Planning and Payroll & Benefits. Ramco also unveiled Minnal, a flexible, light weight, In-memory Engine which can be used for any Planning, Scheduling, Optimization and batch processing (APO) activity.

quick byte

Around The World

Kaseya acquires rover apps Security of mobile BYOD, enables cloud-based central management of corporate apps and data on personal devices. Kaseya, a leading provider of IT service management software, announced that it has completed the purchase of Rover Apps, LLC, a provider of innovative cloud solutions that enable users to securely work with enterprise resources using their personal devices without giving up complete control of the device to the enterprise. Terms of the acquisition are undisclosed.

John Donahoe, CEO at eBay

“Effective leadership is how fast a leader must learn to stay at peak performance. Most successful leaders never stop learning. They are voracious learners who try to find ways to improve”

a u g u s t 2 0 1 3 | itnext

cover story | Best Security Techniques

Nandkishor Dhomne

Vishal Salvi

Amit Pradhan

Parag Deodhar

Sunil Varkey

Amit Kaul

Dr K Harsha

Upasna Saluja

Enterprise security chiefs are on a mission to secure the enterprise adopting best security practices as defense against growing threats by n g e e t h a D esi gn by r aj v er m a

I M AGING by an il t

ata breaches can be an expensive proposition for any organisation. Worse still, industry players echo the fact that organisations in India are not confident about detecting and preventing security threats, which result in huge data breaches. The testimony to this fact is Sony paying a fine of £250K for its 2011 PSN data breach, when its network was hit by an attack that forced PSN offline for an extended period of time. UK’s Information Commissioner’s Office (ICO) levied a hefty fine against Sony for what it called ‘a serious breach’ of the UK’s Data Protection Act. Against this backdrop, every enterprise information security chief has to evolve a defense mechanism against detecting and preventing security threats and data breaches. The reasons to secure get even more compelling as new emerging trends such as cloud computing, BYOD (bring your own device), BYOA (bring your own application), Mobile Applications, QR codes, etc., contribute to the security risks, now increasing in geometrical progression. One of the reasons for a lackadaisical approach towards information security may be that corporate security consumes a huge chunk of time, money, complexity and human resources. Thus, there is little awareness among the business functions and users at large about the adverse implications of data breach or data leakage on the entire organisation.

a u g u s t 2 0 1 3 | itnext

the best solutions or technologies and While security chiefs make concerted strategies that enterprise chiefs should efforts to create the awareness necessary adhere to. within their organisations, a huge gap For instance Ravi Chauhan says, still exists between how business per“Companies remain focused on the ceives threats and how security teams inside-out threat. However, the rise of advocate best practices. However, what’s external attacks suggests that security heartening is that information security technology investments need to be more chiefs are putting their best foot forward comprehensive and holistic.” to stay on top with a multi-layThe concern that Amit Pradhan, ered, multi-tiered approach but Chief Information Security Officer, with variations. Cipla Ltd., observes is that of increasing But there are concerns as elucidated cost. “I believe the major challenge by Ravi Chauhan, Managing Director, a CISO faces today is managing the Juniper Networks, especially about cost for managing security on personal how much the existing tools, which devices used in the BYOD culture.” could address the new sophisticated “With a variety of operating risks, are safe. He says, “CISOs need systems like Android, iOS, Blackberry, to periodically evaluate and assess Ravi Chauhan Windows, etc., a significant investment the age of firewalls which are largely MD-India, Juniper Networks goes into buying a security solutions static and rope in dynamic tools, as it to control corporate data on these is found that 60 per cent of the current devices. Additionally, with uncertainty IP related security tools are not fit to of when and how these devices connect prevent new threats.” Chauhan is also to the corporate network, a CISO faces apprehensive about the efficacy of the the challenge of ensuring that these emerging network security are patched properly and reviewed,” technologies in minimising attacks adds Pradhan. that aim to bring down web Vic Mankotia, VP, Solution Strategy, applications or curtail gratuitous Asia Pacific and Japan, CA Technologies, Internet traffic. Security Best Practices: advocates that CISOs need to tackle risks Need of the Hour and adopt cloud. Mankotia points out, IT Next embarked on a cover feature on “There is a still a lot of control the CISOs providing insights into the best security traditionally feel exists with On Premise practices and innovative technologies Security; and they are right about it. that enterprise information security However, as DMZ (demilitarized zone) chiefs are adopting as a defense against is now the identity, it has forced them to growing threats and data breaches. maintain this control with On Premise Against the growing risks that are computing. But they will sooner than driven by the new trends of enterprise later see new business needs, cost mobility, cloud, QR codes etc., CISOs benefits and uptake that will then allow are fearlessly deploying new tools them to be more accepting of the cloud and technologies. Besides identifying computing platform.” Mankotia says risks, educating business groups the risks are inherent, and that it’s a fine and users, they are re-designing balance between privacy and effective the security framework and overhauling IT. “Sometimes, devices are needed. The the entire security thought process. Amit Pradhan needs are different; and the biggest risk Whether it is to do with the cloud Chief Information Security Officer is that the data may be contaminated. trends that banking and insurance are Cipla Ltd Personal Networks (social or online) adopting and making the best efforts can have data bleed from one to another. Polices are weak, possible to secure the cloud environment with stringent access controls, or with moving peripheral applications to the cloud, or administration is at times too harsh and privacy is sacrificed,” even with working on key cloud models as a tactical solution, or remarks Mankotia. Mankotia says reactive security is a big market for providers whether it is BYOD that is being encouraged within the company, of protection systems. It was considered a luxury, but is now security chiefs are all geared up. CISOs from various industry verticals, security vendors and a need, a want. The security of NO has to become the Security experts provide views on the risks that should be tackled and of KNOW.

PHOTO IMAG ING BY Sh igil Narayanan & Peterson PJ

“Rise of external attacks suggests that security technology investments need to be more comprehensive and holistic”

“I believe the major challenge a CISO faces today is managing the cost for security on personal devices used in the BYOD culture”

itnext | a u g u s t 2 0 1 3

Cae Study

Access via Mobile Made Secure Manipal Healthcare has enabled doctors in Outpatient areas to provide patient prescription and diagnosis using the mobile device as part of its BYOD a ni p a l He a l t h E nt e r p r i s e s Ltd. provides medical services and technologies across various ailments. The Indian healthcare industry has seen an increasing number of professionals using mobile devices for work purposes, whether they use tablets to look up patient records or access personal applications. Interestingly, “Bring Your Own Device (BYOD)” has flourished in the industry and is an area with promising growth. Nandkishor Dhomne, VP-IT & CIO, Manipal Health Enterprises, Manipal Group, has estimated that in the next two years, the hospital will have 200+ users on mobile devices, tablets and smartphones accessing critical information and data. “This is the first BYOD wave in our organisation and as a first step, we will allow access to doctors in Outpatient (OP) area so that they can deal with patient prescription and diagnosis using mobiles,” says Dhomne. The security team is testing various applications and will take a suitable decision on the mobile application very shortly. As a second step, under the implementation strategy, Dhomne plans to focus on the Inpatient (IP) area in which the doctors will be provided access to source patient data in the ward/bedside through mobile and carry out basic tasks like ordering, vitals monitoring, viewing of the investigation reports, etc. “We have prepared a multipronged strategy to allow mobile devices under certain terms with stringent security policies; initially, we will allow iOS and android devices; and later, we will open it up for other OS as well,” says Dhomne.

Critical Applications Sourced via Mobile “We

have

enabled

our

staff

source emails, Internet, SAP applications, Hospital Information System (HIS) applications, Teleradiology and HRIS,” says Dhomne.

Pay Backs Also, “After deploying necessary security solutions, I could observe a safe and secure access to the enterprise information using mobile devices. We ensured Anytime Anywhere access to business applications for authorised users, with data accessibility on real time basis, reducing Turn Around Time (TAT) for various business processes. This results in better customer satisfaction and improved efficiency as well as improved compliance reporting with respect to Information Technology clauses of NABH,” he concludes.

Security Measures Dhomne and his team initiated using Fortinet solution across various access points as part of securing the environment. “As the end point solutions, we have used Symantec and Ironport solutions,” he adds. To secure the environment these have been initiated: 1. Network Segmentation--Instituting separate logical segments of the WiFi so as to segregate the traffic. 2. Integrated Identity based access control--Fortinet Solution has been integrated with Active Directory so as to allow the same credentials like user name and password for getting access into the network. Malware and Advance Threat Protection features have been enabled for internet facing traffic on a real time basis. Web content filtering is enabled to ensure safe and secure browsing using enterprise network.

Nandkishor Dhomne VP-IT & CIO, Manipal Health Enterprises, Manipal Group

Enhancing Producitivity “Using Fortinet’s Security Solution, we were able to define security framework and polices for the entire organisation .

a u g u s t 2 0 1 3 | itnext

cloud trends

Banking & Insurance

Secure on Cloud Pressure on adopting the cloud model is high on CISOs from the banking and insurance sector, who are evolving risk control mechanisms

anks and insurance companies are in a situation today where their organisations just cannot do without having a cloud model. Cloud technology potentially offers insurers and bankers an efficient way to undertake the huge amount of actuarial and risk modeling calculations and transactions that need to be performed. Gone are the days when the CISO (Chief Informaion Security Officer) and his team would speak about which firewall to install, or which anti-virus to use. Today, it is about understanding the threat landscape in a holistic fashion and finding ways to leverage technologies to mitigate risks. Despite hindrance from the regulatory and compliance framework in terms of increasing security threats and increasing expectations from users and the management, there is a huge pressure on CISOs and IT Heads to deploy the cloud computing model. The cloud trend is paving the way for increased risks and threats, which puts even more pressure on CISOs to have appropriate tools and best practices to counter these risks.

Potential Cloud Risks Being part of the insurance company, Parag Deodhar, Chief Risk Officer, Bharati Axa General Insurance Company Ltd, finds risks associated with data storage is hard to find as regulatory risks, data leakage with multiple users are involved in transaction data. The risks will pave the way to challenges for CISOs, as Jagdish Mahapatra, MD, India & SAARC, McAfee observes, “CISOs have challenges with managing the risk of placing IT assets under the management of third party providers and data protection in the cloud environment. Customers question whether their end user

itnext | a u g u s t 2 0 1 3

data will be shared or leaked in any way, breaching privacy laws, and implementing appropriate controls for cloud adoption.” Amit Saha, Enterprise Security & Risk Management Services, Cloud, Infosys, says different cloud models provide organisations with varying degrees of security threats: for example, concerns around co-location of data with other cloud tenants, virtualisation breaches, inability to enforce enterprise security controls, lack of security controls visibility, difficulty in securing applications / interfaces, etc. Vishal Salvi, Chief Information Security Officer, HDFC Bank, is apprehensive about moving the core applications to cloud, owing to the perceived risks of data leakage and data breaches which would affect critical information. “Most often, cloud adoption is a tactical approach which is adopted by the banks even if it is a public cloud,” says Salvi. The key aspects for CISOs of the banking and financial segment to adhere to in a cloud model are: to customise the application as per cloud capabilities, have strong applications even though end point vulnerabilities exist, ensure frequent reference of logs, and notification alerts for configurations. Vic Mankotia, Vice President, Solution Strategy, Asia Pacific and Japan, CA Technologies, points out that cloud computing brings new models to business; however, issues like keeping data resident to the confines of a national border, referred to as Data Sovereignty, is an issue, when you talk security to banks, telecommunications and the public sector. The risks that Vishak Raman, Sr. Regional Director, India & SAARC, Fortinet, anticipates through cloud for the banking and insurance sectors are: Data access and control: Whenever data moves outside the walls of the organisation, concerns over the privacy and security of the data arises. While many cloud providers have extensive security measures deployed in their data centres, it is important to fully vet their data security practices to ensure they are best of breed.

Vendor lock-in: To reduce this risk, administrators should investigate the process for extracting data from the cloud service provider and structure their data in a way so as to expedite a future transition to another provider if necessary. Regulatory compliance: Some compliance bodies have not updated their standards with provisions for cloud-based data. This does not necessarily prevent an organisation from moving data and applications to the cloud, but you must investigate whether a cloud provider’s infrastructure, processes, data access and storage policies meet your organisation’s compliance requirements.

Insuring and Banking on Best Technologies and Security Practices Vishal Salvi says, “We cannot do without cloud; we have used infrastructure as a solution, and services cloud as a tactical strategy.” “However, as a best practice, we need to get more strategic with regard to information security and as a new measure, a new maturity security model has to be evolved periodically,” adds Salvi. Further, “From a banking security model, we work on a convenience model to be put in place and map stakeholders’ deliverables in certain areas

which will help in devising appropriate strategy.” Salvi argues that it is important to have the fundamentals right and see if the conventional strategy works effectively. “I think it is imperative for security teams to strategise on aligning their work structure in terms of designing the framework, measuring incident management, enforcement laws, managing key risk indications and nurturing these controls, which can ensure a better security environment,” remarks Salvi. Some technologies that Salvi recommends are Net forensic security analysis, data base access management solutions, and monitoring tools to indentify rogue applications. Bharati’s Deodhar says, “We are evaluating which applications are to be put on cloud and have plans to move learning management systems and peripheral applications on cloud. At this point of time, we are thoroughly evaluating our risk assessment controls mechanism to ensure a secure environment,” says Deodhar. Deodhar also has plans to place additional security controls at the service provider’s infrastructure and allow little access to critical data. As a best practice, Deodhar finds that besides using

PHOTOGRAPH BY Jiten Gandhi

Best Security Techniques | cover story

“We are evaluating which applications are to be put on cloud and have plans to move learning management systems and peripheral applications on cloud” Parag Deodhar Chief Risk Officer, Vice President - Process Excellence & Program Mgmt with Bharti AXA General Insurance Co Ltd

a u g u s t 2 0 1 3 | itnext

cover story | Best Security Techniques

“Most often, cloud adoption is a tactical approach which is adopted by the banks even if it is a public cloud and as a best practice, we need to get more strategic with regard to infosec and as a new measure, a new maturity security model has to be evolved” Vishal Salvi Chief Information Security Officer, HDFC Bank

dual factor authentication tools such as Identity access management solutions, Encryption, DL,P etc., it is critical to buy in stakeholders and education users as part of risk governance to adhere to security policies, and inform the risk team about their requests to download new applications. As a best practice, Fortinet’s Raman says opting for the right cloud model is critical. “Factors to consider before adoption are business criticality of the applications the firm wants to move to the cloud, regulatory issues, necessary service levels, usage patterns for the workloads and how integrated the application must be with other enterprise functions,” says Raman. Further, while integrating cloud security into your corporate security policy, do not count the security of your cloud based service provider and do not assume that your data is automatically secure just because you use a service provider. You need to do a comprehensive review of the provider’s security technology and processes, and check how they secure your data and their infrastructure. Do not assume that you are no longer responsible for securing data; and never assume that outsourcing your applications or systems means you can abdicate responsibility for data breach. Some SMBs have this misconception, but you must understand that your company is still ultimately accountable to customers and other stakeholders for the sanctity of your data. Simply put, it’s your CEO who risks going to jail, not the cloud provider’s.

itnext | a u g u s t 2 0 1 3

Jyoti Prakash, country sales manager, India and SAARC, Symantec, recommends: zz High-level information security policies that explain the intentions around protecting data based on its content zz Granular procedures and standards on how to implement those policies in specific areas; specifically, a data classification and handling standard. zz Processes for reviewing and proving the effectiveness of those implementations, as well as for notifying the business of breaches zz Other considerations that need to be addressed by organisations before deciding a cloud vendor include: zz Security and privacy: Customers should ensure proper systems are in place for data protection, vulnerability management, identity management, physical and personnel security, availability, application security, incident response and privacy. zz Compliance: Organisations should ensure that business continuity and disaster recovery plans are in place before deciding on a cloud vendor. zz Legal and contractual issues: Recourse in case of failure to meet SLAs, management of intellectual property as well as end of service support should be in place before deciding on a cloud vendor. By ensuring compliance to the above considerations, businesses can be certain of their data being protected on the cloud.

BYOD Trends

BYOD’s Security Conundrum While CIOs are charged with the task of making mobility work, CISOs are working out a strategic plan to solve the BYOD risk puzzle using best practices

o longer is it about IT dictating the policies and prescriptions of the user and enabling them to use technology. Now, it is the users who drive any trend related to IT, with IT heads having to amend their policies based on user dictate. BYOD (bring your own device) is clearly an indication of this trend, as individuals are focused on driving innovation rather than enterprises. Shantanu Ghosh, VP & MD, India Product Operations, Symantec, reiterates that for big businesses, this change can be hard to deal with – from using standard-issue laptops, smartphones and operating-systems often dictated by the preferences of the IT department, today’s employees are demanding that they be allowed to use devices of their choice. But if you’ve ever tried to transfer data between devices that use different OSes, you can imagine the scale that enterprise IT is dealing with, with thousands of devices on multiple formats and platforms entering the network every day. In fact, according to Symantec’s most recent State of Mobility Survey, 72 per cent of Indian businesses have faced mobility incidents in the past 12 months, causing revenue loss of 37 per cent, which illustrates the increasing threats. While six out of 10 Indian organisations consider themselves “innovators” in the area of mobility, organisations faced 50 malware infections, 31 breaches through lost/stolen devices and 34 exposures of information over the past year. In fact, 86 per cent had to change policies as a result of mobility incidents, with 1 in 4 banning personal data on corporate devices and 4 in 10 restricting mobile device usages through HR enforcement. Against this backdrop, CISOs are embarking on the new task of tackling this trend by way of understanding the risks, bringing in appropriate policies and tools and best practices to ensure that the trend is leveraged positively.

Ashish Thapar, Head-Global Consulting & Integration Services, Verizon Solutions, advocates that CISOs have a very clear policy to identify the device as baseline security gets critical.

Rendezvous with Risks in BYOD VP & Chief Information Security Officer, Cognizant, Satish Das sees the risk of non-compliance to organisational and client security requirements, increase in vulnerabilities and data leakage and privacy concerns. According to Jagdish Mahapatra, MD, India & SAARC, McAfee, BYOD is rooted in the fact that the mobility of these devices introduces security management issues around access control, data protection and compliance. Additionally, employeeowned devices used for work introduces added IT complexity as it isn’t always clear who owns the device, and furthermore, who owns what data on the device. “With the introduction of these new, unsecured and possibly non-compliant devices easily coming in and leaving with business sensitive information, a security and compliance hole is forcing a re-think of how best to secure the organisation and its business data,” says Mahapatra. Mahapatra argues CISOs need to look at the BYOD policy from different angles such as Data Loss Prevention, Authentication system, internal intrusion prevention systems, internal firewalls, securing Wi-Fi, DC, Network Admission control etc. On top of all this, the internal IT policy should be detailed and fool-proof to drive the initiative and guide effectively and prevent failure of specific tools. However, the key risks that Sunil Varkey, Chief Information Security Officer, Wipro Technologies, finds, is security governance around Data Loss and Data Leakage along with software licensing compliance, segregation of data etc.. “Intended or ignorant leakage of corporate sensitive data from BYOD device remains the key challenge for any CISO,” says Varkey. It is also observed that security risks also vary with each enterprise’s focus area. For instance, Amit Pradhan, Chief

a u g u s t 2 0 1 3 | itnext

cover story | Best Security Techniques

Mobile APP Risk Mobile App CISO Challenges Consumers are shifting to smartphones, tablets and other devices powered by various Mobile Operating Systems, such as Android, Apple iOS, Windows, etc. Among all the other mobile app stores, the Android market has been targeted with several incidents of malicious or trojanised apps. Because of Android’s open nature policy and lax regulations for app developers, it is easier for potential attackers to upload and distribute malware disguised as apps via the Android Market. Moreover, third-party app stores expose potential risks to users. Games and third-party smartphone utilities are popular.

Best Security Tools zz Maximise the security features installed on the mobile devices, highlight the risks and educate end users on how to mitigate them. Use Mobile Security Apps, such as McAfee MDM app or Trend-Micro. zz Mobile Security should be installed to prevent unauthorised hijacks through malware. zz Control Internet access on the mobile using cloud solutions like Websense, ZScalar. In addition to the above, discipline has to be self-imposed if one is a part of a corporate network.

Best Practices zz Treat your mobile device like your PC zz Think before you download the app on your mobile device zz Scrutinise and prepare a list of apps that are authorised for installation on the device, free from malware zz Control updates to the installed apps zz Recommend regular audits on the same and also be aware of the risks and constantly plan for mitigation methodologies. zz Preferably create a test lab, build volunteers inside the organization, make them aware of the roles and create collaboration platforms to share ideas amongst users. Constantly evaluate the content through the right tools without being too personal. zz Utilise the latest and tested/staged operating systems on the devices, and almost important, be aware of the updates. Subramanya C – CTO, Hinduja Global Solutions

itnext | a u g u s t 2 0 1 3

Information Security Officer, Cipla Ltd, finds three key risks associated with the BYOD trend. a. Data transfer from corporate environment to personal environment b. Data loss with employees leaving the organisation c. Unauthorised access to corporate data by unauthorised user of the user device (friend, colleague, etc.) The accompanying challenges are, as Pradhan observes: “I believe the major challenge a CISO faces today is managing the cost for managing security on personal devices used in the BYOD culture. With a variety of operating systems like Android, iOS, Blackberry, Windows, etc., significant investment goes into buying a security solutions to control corporate data on these devices. Additionally, with uncertainty of when these devices connect to the corporate network, a CISO faces the challenges of ensuring that these are patched properly and reviewed,” he adds. “A challenging but important task for companies who utilise BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees,” says Govind Rammurthy, MD & CEO, eScan. Bring your own device (BYOD) to work may make employees happy but it often translates into the IT department handling the headache of safeguarding sensitive data, supporting multiple devices and making things click together. Personal devices such as the Tablet, Smartphone, laptop, etc. are generally harder to secure than organisation-issued devices, as using these devices can put the organisation’s information and systems at a high risk of compromise. In most organisations, BYOD cannot be used as it is not secured easily and effectively. Also, as mobile devices undergo rapid transformation and new devices flood the market at regular intervals, CIOs will have to keep pace with changes in devices and their adoption, constantly changing and managing the permitted list of devices and security policies around them to better answer BYOD. In many enterprises today, mobile devices have become the weakest link in the security strategy.

Need to Counter: What are the Best Tools and Practices? As the security landscape gets more complex than ever before, CIOs need to leverage sufficient security solutions to safeguard the information at each and every level. Atul Khatavkar, VP, IT Governance, Risk and Compliance, AGC Networks, strongly recommends best practices around enterprise Policy/Guidelines/Handbooks that clearly address BYOD issues raised above--End Point Security Tools, Data privacy management tool and BYOD management tools. Khatavkar further points out that the stronger adoption of BYOD is now leading towards BYOD for social networking on the go. Therefore, it is important to set clear guidelines on defamation, data protection and privacy. Additionally, encouraging direct forms of communication will help in restricting access to data

loss. There is a strong need to educate the staff on organisational IT policies. It is also important to keep data back-up strategies in place while being compliant with security certifications such ISO 27001, SSAE 16, SAS 70, SOC 2, ISO 22301 etc.. “While mobile computing is being promoted to be able to have real time data and information, organisations must ensure that devices are hardened and updated to handle malware,” says Khatavkar. In parallel, an organisation can implement policies like allowing different kinds of employees to access varying levels of information from their device, risk based user profiling, limited extent of information accessible to users, developing security awareness for BYOD Users, encouraging employees to report violation or loss immediately, so that organisations can take appropriate action to build a robust environment Das recommends having a well-defined BYOD policy with compulsory device enrollment in place, security awareness of end users, ensuring malware protection to be enabled on all devices, ensuring having mobile device management (MDM) tools which are standardised across devices and device level encryption.

Sunil Varkey points that a combination of MDM solutions with proper containerisation with a mature process on defining, monitoring and controlling what data and application can be accessed by BYOD along with strong user awareness on the criticality of any data loss or leakage is the right ideal solution. “ BYOD adoption should be in a phased manner related to application, user base and data moving to BYOD and a strong policy should defined and published so that expectations from BYOD will be clear to all constituents,” says Varkey. Ghosh has suggested five key areas that every company should consider as they establish their mobile strategies to ensure high productivity without increasing their vulnerability: Ensure secure access to apps: This means maintaining a strong focus on identify management. Organisations must focus on developing strong password policies for their employees’ mobile device use. Protect your apps and data: With many organisations considering providing mobile access to enterprise content, it places a lot of sensitive data on mobile devices. Direct control of specific, critical apps and data (as opposed to device-based control) is a very effective approach to apply

PHOTOGRAPH BY Jiten Gandhi

Best Security Techniques | cover story

“ BYOD adoption should be in a phased manner related to application, user base and data moving to BYOD and a strong policy should defined and published so that expectations from BYOD will be clear to all constituents” Sunil Varkey, Chief Information Security Officer, Wipro Technologies

a u g u s t 2 0 1 3 | itnext

cover story | Best Security Techniques

Policies that are a must for BYOD

ith BYOD, companies should control access based on the need to know, and conduct continuous vulnerability assessments

clear that staff will not stop using their own handhelds for business, and they will just try to figure out ways to make it work.

More and more organisations are opening up their networks to the most popular trend, BYOD (Bring Your Own Device), and see everything, from iPads to the latest Android gadget, walk through their doors.

Here are three suggestions that will provide some peace of mind for organisations:

For organisations, particularly larger firms with sufficient IT staff and security infrastructure, the proliferation of personal devices in the work environment paves the way for untold efficiencies and increased productivity, not to mention lowered carrier costs. Workers can answer e-mail, upload information on file shares and update websites from the commuter train, the beach condo or their kids’ soccer games − often on their dime. On a more personal level, studies have found that employees are happier and more efficient when they use devices and applications of their choice for work.

Implement a Relevant Mobile Policy: It’s simple Policy 101. Most organisations should take the time to really assess their goals and determine relevant threats (malicious websites, productivity loss, excessive bandwidth usage) to the network. Some questions the IT department need to ponder over are: zz Which mobile devices will you allow onto your network? zz Which OS versions will be allowed? zz What applications are required, and which are not permitted?

Critical Policies Generally, these devices are devoid of the most basic security features--such as antivirus and password protection − incorporated in practically all workplace PCs. Meanwhile, the agility enabled by personal devices means that business critical apps can, and will, be accessed from any network in any location. This leaves a staggering amount of sensitive data on the devices, whose exposure could be highly detrimental to the business. Yet it’s getting tougher for firms to say no to employees using their own devices--it’s

itnext | a u g u s t 2 0 1 3

Vishak Raman Sr. Regional Director SAARC, Fortinet

zz Which employees will be allowed to use these devices? zz Who has network access based on who, what, where and when? Companies should also control access based on the need to know, and conduct continuous vulnerability assessments. And of course, they need to figure out how to enforce the policies they have laid down. Remote Management Software: It’s important to be able to apply the range of basic security functions, such as antivirus or remote data wiping software, to any device housing corporate data. Remote management software gives IT the ability to automatically update users’ devices with the latest patches to prevent any existing vulnerabilities from being exploited in mobile attacks. Blocking Non-compliant Devices: This is where organisations can practise the art of compromise. Often, workers are eager to use their personal devices for work but reluctant to install additional software, some of which might have the potential to wipe their valuable contacts and photos from their phone. As a compromise, firms could allow their workers to use their own devices IF they agree to install certain apps in accordance with the organisation’s security policy. If not, they can stick to an IT-issued device. Ultimately, while it may be hard for employees to agree to put on remote management or antivirus software, some form of trade-off probably serves both parties best. Both organisations and employees really have to get ahead of the curve--BYOD is here to stay.

Best Security Techniques | cover story

“With the introduction of these new, unsecured and possibly non-compliant devices easily coming in and leaving with business sensitive information, a security and compliance hole is forcing a re-think of how best to secure the organisation and its business data” Jagdish Mahapatra MD, India & SAARC, McAfee

the desired layers of protection exactly where they are needed, without touching the remainder of the device. Put in place effective device management: Devices that access business assets and connect to company networks must be managed and secured according to applicable company policies and industry regulations. Every company should establish appropriate mobile policies, and those should be applied to all managed devices, just as policies and configurations are applied to corporate PCs and laptops. Solutions towards this include mobile device management applications, such as remote locking and wiping of stolen or lost devices. Implement comprehensive threat protection: The fact is that mobile devices are rapidly becoming the new preferred target for bad guys. Different platforms have different risk profiles, and it is important to understand where vulnerabilities exist and to take appropriate action to secure business assets. Good threat protection should protect from external attacks, rogue apps, unsafe browsing, theft, and even poor battery use. Supply secure file sharing: Although access, storage, and sharing of files are not uniquely mobile challenges, multiple device ownership and the need to collaborate make the cloud a driver for productivity, allowing for simple distribution and synchronising of information across devices. Businesses should have full administrative control over distribution of, and access to, business documents on any network, especially in the cloud. e) Employee education: Educating employees about the importance of placing stronger passwords, and using reliable security software for their devices and keeping the software updated is a must. Put in place processes that would authenticate employees and their respective devices. This would avoid multiple devices from being used by unauthorised people.

a u g u s t 2 0 1 3 | itnext

Data Breach & DLP

Data Breaches viz-a-viz DLP Enterprise security chiefs are turning to tighter controls on email, mobile devices and social media, the hub of all attacks, while effectively using DLP technology

he Websense 2013 Threat Report confirms that cyber attacks escalated on every front and through every vector last year, straining every layer of enterprise defenses. Moreover, Cyber criminals are already swiftly exploiting the latest advancements in mobile devices, social media and other technologies to advance their art and take an ever-greater toll on legitimate commerce. While security strategies must turn to tighter controls on email, mobile devices and social media, the heart of almost all attacks through these vectors continues to be the web.

Regardless of the lures sent through other channels, these attackers use the web to enhance their social engineering efforts and hide their true intent while waiting for the right moment to install malware, communicate with a CnC server or deliver stolen information.

Data Breach, a Growing Menace Verizon in its DBIR report clearly articulates that data breaches are a multi-faceted problem, and any one-dimensional attempt to describe them failed to adequately capture their complexity. Ashish Thapar, Head-Global Consulting & Integration Services, Verizon Enterprise Solutions, says that Indian enterprises too

How to Protect Your Information assets with DLP

onsider the number of data breaches happening on a daily basis--both inadvertent and deliberate. Many a times, a mail is sent off to an incorrect id-- a genuine human error! What if the mail had confidential information? What happens when a laptop is lost or an old hard disk is disposed of? What happens when a resigned employee wants to take away his hard work while leaving the company, which includes company confidential data? Even worse, what if organised criminal gangs infiltrate your organisation with a plan to siphon off precious information – as we saw in a recent cyber crime incident? One of the tools to help overcome this threat is DLP. DLP solutions help detect and prevent attempts to transfer confidential data by acting as a gatekeeper at various egress points. The tools include network tools to monitor all connectivity like Internet and email gateways, social media, Instant Messaging, FTP, upload-

itnext | a u g ust 2 0 1 3

ing data to cloud storage etc. End point based DLP tools help in preventing copying to USB storage, SD cards, printing of confidential information. DLP tools can protect the data at rest, in motion and in use. Most DLP tools are now capable of analysing SSL encrypted traffic as well. While most DLP tools boast of pre-configured policies and industry specific dictionaries, the policies need to be customised for each organization--this is the challenge for security managers. To create effective policies, the organisation needs to identify what data is created or acquired, why it is confidential, various locations where it is stored, who has access to it, how and when it is accessed and transferred and which formats it can be converted to. The data needs to be classified and policies need to be created based on the answers to these questions. DLP can either work in a monitor mode, which means it will only record policy violations

Best Security Techniques | cover story

“The reason for this is that most IT heads or individuals use the same password for internal critical applications and also for social platforms such as facebook, linkedin etc, which paves the way for cracking data” Ashish Thapar Head-Global Consulting & Integration Services, Verizon Enterprise Solutions

are experiencing data breaches in a big way. “The reason for this is that most IT heads or individuals use the same password for internal critical applications and also for social platforms such as facebook, linkedin etc, which paves the way for cracking data,” says Thapar. Surendra Singh, Regional Director, India & SAARC Websense Inc., offers an interesting perspective. He says that the organisational desire to bag more and more projects

and alert security managers or in BLOCK mode which will prevent the data from leaking. In the initial days, the tool could throw up a lot of false positives and based on an analysis of these incidents, the policies need to be tweaked. DLP needs to work in tandem with other security tools like Encryption and Document Rights Management to create a robust and comprehensive security solution for protecting your information assets. A final note of caution, with data no longer being restricted within the perimeter of the organisation i.e. stored on cloud and accessed using personal devices like tablets and smart phones, the challenge is only getting tougher. Parag Deodhar, Chief Risk Officer, Vice President - Process Excellence & Program Mgmt with Bharti AXA General Insurance Co Ltd

followed by three to four years of complex implementation of projects, working around a three year RoI etc., is leading to more insecurity, resulting in data breaches in the process. “In such a scenario, you can never be assured of 100 per cent security; and if you need to have a matrix, about six months of RoI would carry 98 per cent of risks,’ he says. Singh reiterates the fact that the nature of data has changed, which is the cause for the increasing breaches and that it has been proved that every 5 to 10 per cent of the data constitutes 90 per cent risks being malicious. Amit Pradhan, Chief Information Security Officer, Cipla Ltf, finds repudiation challenges around identity security are on the rise today, and dissolving of physical and logical enterprise boundaries resulting in data breaches. Dr Harsh, Head-IT, HKM Group, attributes the increasing data leakage to internal culprits and threats, less security mechanisms implementation, bad and poor configuration, no data access policies, no awareness with users on security breaches and policies, no role based access and restrictions and lack of existence of domain controllers/ centralised control mechanisms.

Tackling with DLP Technologies While many security technologies and practices have been deployed, Data Loss Prevention (DLP) approaches have also been used to address the risks emerging out of data breaches. But Singh says it is critical for DLP technology to address encrypted communications, and better control both inbound and outbound content flow. Sunil Varkey, Chief Information Security Officer, Wipro Technologies, indicates that over the

a u g ust 2 0 1 3 | itnext

cover story | Best Security Techniques last few years DLP technology has involved reducing false positives, search capabilities in OCR, integration with other products, ease of usage, correlation with various leakage vectors, etc. “While adequate planning is required before deploying any DLP technology, the key phase should include data classification, data type definition, data blue printing based on the criticality, understanding each of the constituent groups based on the type of data access, process and acquisition,” says Varkey. From an innovation perspective, Satish Das, Chief Information Officer, & VP, Cognizant, says there is a high level of customisation being carried out by all DLP vendors to cater to specific organizational requirements, and focus on selective

and customised block policies. Das says DLP technology should be used in a planned manner. Three methodologies which have an effective impact are: zzUsing DLP at gateway level to ensure that all outgoing traffic is scanned. This is to ensure specific traffics such as emails etc. can be monitored and controlled. zzUsing DLP at endpoint level to ensure all data movements on endpoints is tracked while outside the organisation zzPlanning DLP for tracking and logging of end user usage logs to analyse for violations. zzUsing DLP Fingerprinting to ensure false positives are at minimum Singh says, “While DLP technology should be put in place as it can easily detect 1000s of data breach incidents or possibilities, it is equally important to buy in the business stakeholders who should be discussing the business projects with the security team to enable them to ensure secure traversing of data.” Verizon’s Thapar finds that custom built-in signature criterion is being developed as part of DLP tools to prevent threats and breaches.

Innovative Practices

“While DLP technology should be put in place as it can easily detect 1000s of data breach incidents or possibilities, it is equally important to buy in the business stakeholders who should be discussing the business projects with the security team” Surendra Singh Regional Director, India & SAARC, Websense Inc

itnext | a u g ust 2 0 1 3

Thapar says, “As a best practice, business functions and data flow should be structured, critical data needs to be analysed, mapping the data and how it is traversing should be observed and designing a DLP strategy should be driven by compliance.” Singh agrees with his peer and says, “Scoping of business project and data and workflow is important.” Das offers the following best practices: zzThe ideal method is to start soft with track and analyse mode and then slowly move to Block mode for network traffic in phases. zzEnsure user awareness is appropriate on DLP, which will directly ensure user acceptance of DLP policies. zzDLP incident monitoring needs to be continuous and not incident based The latest DLP solutions are not only content-aware, but also include innovations such as Insight (which helps identify the ownership of sensitive data), Vector Machine Learning (which automatically identifies your most critical data) and others that take into account the rapidly mobile workforce. Some innovations according to Anand Naik, Managing Director – Sales, India & SAARC, to secure data in a BYOD environment and visibility into “Hidden” data: Companies can now decrypt, extract and analyse content that has been encrypted by the vendor. “File Share Encryption insight is a unique new feature that provides visibility into encrypted files stored on file servers and shares that previously could not be inspected for confidential data. It is a valuable tool not only for preventing accidental data leaks by insiders who just don’t know better, but also identifying malicious insiders who may try to steal valuable intellectual property by first encrypting it in order to avoid detection. “Finding High Risk Insiders and 90 per cent of DLP is about what you do after you find confidential data,” says Naik.

Risk Assessment

Assess Security Risks in a Scientific way Recent developments in the field of risk management suggest that Info Sec risks must be assessed and quantified statistically based on key risk indicators

n evolving threat landscape coupled with complexity in managing data and people in the light of trends like mobility, social, consumerisation of IT and cloud makes it imperative that security leaders have a constant finger on the pulse of the risk posture of their organisations. Recent developments in the risk management field suggest that Information Security Risks need to be assessed and quantified based on key risk indicators observed over time and analysed statistically, something that many evolved risk disciplines like the medical and finance fields have been doing for quite some time. With advances in mobility, social and cloud, our data has moved out from inhouse data centres to somewhere in the cloud. These developments are giving sleepless nights to CISOs who wonder: ‘where and how secure is our information?’ They juggle numerous risks, threats scenarios and security solutions including (but not limited to) DLP software, MDM solutions, Advanced Malware protection, Cross device End Point protection solutions, etc. To answer these vexing questions, security leaders need an effective Information Security Risk Assessment methodology.

Pertinent Questions Most risk assessments are based on the judgment of practitioners to quite some extent, and rely on their experience and knowledge. These approaches are relatively easier and cheaper. They generally categorise risks into High / Medium and Low and are “point in time” assessments; they are not based on observations gathered over a period of time. So, at best, risk assessment ends up more of a guesstimate game. But decisions and investments require some view of the future. With the current techniques of qualitative processes of assessment, predictions for the future are qualitative judgements or shots in the dark rather than calculated or statistical predictions.

Scientific Tools to Assess Risks zz Risk assessments are based on the judgment of practitioners to quite some extent zz Advanced understanding from the medical field can be applied towards handling risks that information infrastructures face zz Regression analysis is a statistical tool for the investigation of relationships between variables and is preferred when the focus is on the relationship between a dependent variable and one or more independent variables zz There are different kinds of regression; in its simplest form, a linear model specifies the (linear) relationship between a dependent (response) variable Y, and a set of predictor variables, the Xs, so that Y = b0 + b1X1 + b2X2 + ... + bpXp zz First-generation regression-based techniques, like multiple factor or cluster analysis, belong to the core set of statistical instruments which can be used to either identify or confirm theoretical hypothesis based on the analysis of empirical data. zz Structural Equation Modelling (SEM) has evolved as an alternative in recent times as a viable second generation regression technique zz SEM based statistical approach using PLS algorithm to risk assessment is much better than existing subjective assessments. It is information oriented rather than assessor or expert judgement dependent, thereby overcoming judgement bias

a u g ust 2 0 1 3 | itnext

cover story | Best Security Techniques

PHOTOGRAPH BY S RADHAKRISHNA

Bring in the Scientific Element There are a number of fields where risk management has evolved into a science and has, over time, got established through practice and refinement. One such is the medical field, which has made significant progress in creating models for understanding risks from diseases and using the knowledge towards combating diseases. Illnesses or diseases which were not curable in past have effective treatments and medicines available today, possibly because of the rigorous risk management approach the field has followed. This advanced understanding from the medical field can be applied towards handling risks that information infrastructures face. Considering information assets to be patients, incidents including hacking and malicious programmes to be diseases, technical counter measures and controls to be medicines and different processes, policies and practices to be treatment protocols, we can draw a fair parallel between medical risk management and information security risk management practices.

Statistically Proven Risk Assessment Let’s see how statistics can be used to analyse risks with respect to information security. With the help of statistics, one can analyse the historical / current trends and make forecasts regard-

“When an organisation wants to minimise all potential negative impacts, it has to look into risk indicators from all different areas and aspects, conduct an analysis to figure out which risks are more severe and which less” Upasna Saluja Operational Resiliency Manager Thomson Reuters

itnext | a u g ust 2 0 1 3

ing issues and risks of the future. Traditionally, regression techniques have been used for prediction of possible future outcomes. Regression analysis is a statistical tool for the investigation of relationships between variables and is preferred when the focus is on the relationship between a dependent variable and one or more independent variables. There are different kinds of regression; in its simplest form, a linear model specifies the (linear) relationship between a dependent (response) variable Y, and a set of predictor variables, the Xs, so that Y = b0 + b1X1 + b2X2 + ... + bpXp.. First-generation regression-based techniques, like multiple factor or cluster analysis, belong to the core set of statistical instruments which can be used to either identify or confirm theoretical hypothesis based on the analysis of empirical data.

Limitations to Regression Firstly, regression analysis works in a simple model where there is one dependent and several independent variables. We face a much more complex multivariate world where many risk indicators influence different risk identifiers. Secondly, regression analysis is applied where a variable can be observed over time, whereas in the context of information security, all the risk identifiers are not observable over time. Thirdly, the assumption is that variables can be measured without error; in the practical

world, even in information security, it is rare to find a situation without error.

Frequent Breakdowns hampering your business?

What is the New Tool to Assess?

in Control Rooms ®

Removes harmful gases Prevents corrosion of electronic components Gas Phase Filtration • Most efﬁcient system for purifying the air • Based on advanced Honeycomb technology using chemical ﬁlters • Bry-Air EcoScrub looks sleek and works quietly • Designed to complement the servers

ed b

Back

Serv

ice

Get in touch with us today! ®

ISO 9001:2008 & 14001:2004 CERTIFIED

Phone: +91 11 23906777 • E-Mail: bryairmarketing@pahwa.com

www.bryairﬁltration.com

30.04.2013

RB/BA/1319HVCA1

Structural Equation Modelling (SEM) has evolved as an alternative in recent times as a viable second generation regression technique. SEM allows simultaneous modelling of relationships among multiple independent and dependent factors. Therefore, one no longer differentiates between dependent and independent variables but distinguishes between exogenous and endogenous latent variables, the former being variables not explained by the postulated model (they act always as independent variables) and the latter being variables explained by the relationships contained in the model. SEM has different kinds of regression techniques. Recent research in information security indicates that the Partial Least Square (PLS) regression technique, which belongs to the SEM family, is ideal for assessing risks statistically. It originated in the social sciences but became popular in chemometrics (computational chemistry) and in sensory evaluation. PLS regression is also becoming a tool of choice in the social sciences as a multivariate technique. PLS is recommended in cases where the number of variables is high, and where it is likely that the explanatory variables are associated, which is also the case in information security. It is particularly useful when we need to predict a set of dependent variables from a large set of independent variables (predictors). It is useful when the goal is prediction and there is no practical need to limit the number of measured factors; this works very well for information security, since we end up noticing a large number of varied factors (explanatory variables) which impact risks. When an organisation wants to minimise all potential negative impacts, it has to look into risk indicators from all different areas and aspects, conduct an analysis to figure out which risks are more severe and which less. The management requires convincing reasoning behind the resource allocation, while risks need to be mitigated. Also, the CISO will want to know whether there are controls or measures which could lead to the reduction of a number of inter-dependent risks. This method presents the advantage of handling missing data too, a very powerful benefit for information security practitioners, since missing data is a key challenge they face and hence often choose to go with averages or intelligent guesses. PLS is a technique that generalises and combines features from Principal Component Analysis and Multiple Regression. A PLS algorithm starting from a table with n observations described by p variables, creates a set of h components with h<p. The determination of the number of components to include in the PLS algorithm calculations is determined based on a criterion that involves cross-validation of factors. Thus, SEM based statistical approach using PLS algorithm to risk assessment is much better than existing subjective assessments. It is information oriented rather than assessor or expert judgement dependent, thereby overcoming judgement bias. It has a statistical foundation, thus providing consistency and wider applicability. A proven model can be used in diverse scenarios and scales of operations.

28 cm x 10.3 cm

QR Code

QR Code newest way to leak information QR codes are an increasingly popular way for people to convert a barcode into a website link using a camera app on their smartphone; which is also potentially dangerous R codes have a huge curiosity factor, Quriosity…. It’s a wonderful thing. Tie curiosity to advertising and you’ve got a winner. QR codes can do just that and much more, which is why their popularity is soaring. Each unique square symbol is comprised of black and white markings and can be scanned by many camera phones or other digital readers to provide information, or, in many cases, a link to a website.

Drawing Hackers’ Attention Amit Kaul, CEO, Evam Technologies, explains that QR codes, and related mobile tagging formats, can be targeted and manipulated by cyber criminals to easily steer victims to malicious websites in a new opportunity to steal identities and commit fraud. Satish Das, Chief Information Security Officer, Cognizant, states three reasons for QR codes to be driving the attention: zz Vulnerable due to lack of end user understanding of the code zz Since it’s intended for systems, it’s difficult for humans to comprehend the actual message from image. zz Extremely easy to make and can be done free over the Internet. QR scanning apps from distrusted sources can be a risk. Like all other apps, they may come with Trojan functionality or malware. Sandeep Godbole, ISACA India Task Force Member and President ISACA, Pune Chapter, says that QR codes are yet another vector for scammers like phishing email, URL shortening services etc., which makes it an ideal vector for spear phishing type of attacks. Stickers, documents that look genuine and that have QR code can potentially lead users to malware or direct them to phishing sites.

itnext | a u g ust 2 0 1 3

QR Challenges for CISOs Abhijit Limaye, Director, Development &Security Response, Symantec, reiterates that QR codes are an increasingly popular way for people to convert a barcode into a website link using a camera app on their smartphones. It’s fast and convenient, but potentially dangerous. “Spammers are already using it to promote black-market pharmaceuticals, and malware authors have used it to install a Trojan on Android phones. In combination with link shortening, it can be very hard for users to tell in advance if a given QR code is safe or not; so, consider a QR reader that can check a website’s reputation before visiting it. “Once the bait has been taken, the victim must be reeled in. The next step in these attacks fools the user into taking an action to propagate the threat: for example, installing an app, downloading ‘update’ to your video software or clicking on a button to prove you’re human. The attackers persuade their victims to infect themselves and spread the bait to everyone in their social circles,” says Limaye. Given the QR’s complexity, Dr K Harsha, Head-IT, HKM Group, finds QR codes drawing new threats owing to less security awareness with customers, similar fraudulent sites will increase security risk and security breaches and educating clients/customers on QR Code is a tedious process. Amit Kaul argues that QR codes are not inherently dangerous, but they can get linked to content that might infect a mobile device and steal a wealth of information from the user, or in this case, the scanner of the code. “When a user scans a QR code, it displays a link (QR code has more features than that) in most cases. This allows cybercriminals to use URL shortening services (such as bit.ly and others) to disguise the ultimate address stored in the QR code, which may lead to a page with malware that steals the user’s credentials or to a phishing site. As a mobile browser may

“A challenging but important task for companies who utilise BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information” Govind Rammurthy MD & CEO, eScan

“QR codes are not inherently dangerous, but they can get linked to content that might infect a mobile device and steal a wealth of information from the user, or in this case, the scanner of the code” Amit Kaul Director, Evam Technologies

not always be capable of displaying the complete URL of the opened page, the situation is further complicated,” says Kaul.

Best Techniques to Counter the Risks While there is always a technique to solve the toughest puzzle, preventing the risks associated with QR code spells certain best security practices which the CISOs are adhering to. For instance, HKM’s Harsh recommends QR codes should be printed on white or soft pastel colour background for safety and recommends users not to reverse or invert in print. The

black must be black or a dark contrast colour for scanners to appropriately pick it up. “There should be at least 55 per cent contrast difference if it is going to be printed in colour between the squares and the background,” says Harsha. Kaul points ou a few precautionary measures for smartphone users—such as using a client antimalware application (wherever possible), taking advantage of the corporate Wi-Fi network and its standard network protections to block the malware, or using a QR reader application that checks URLs against blacklists of known malware-laden websites.

a u g ust 2 0 1 3 | itnext

cover story | Best Security Techniques

“There is a high level of customisation being carried out by all DLP vendors to cater to specific organizational requirements, and focus on selective and customised block policies” Satish Das CIO, & VP, Cognizant

“Given the complexity, QR codes are drawing new threats owing to less security awareness with customers, similar fraudulent sites will increase security risk and security breaches and educating clients/customers on QR Code is tedious” Dr Harsha Head IT Security Advisor, HK IT Group

Kaul recommends three simple procedures to prevent threats: 1. Take care before scanning a QR code; just make sure that it is not covering another code. If you have a doubt, do not scan. 2. Once you open an app store or a website on your browser, ensure that the QR code has taken you to the site you had to go to. Check to see the application’s rating or customer feedback. If there are very few feedbacks or ratings or none at all, it’s best not to continue the installation. 3. If your smart phone allows the installation of security applications that checks sites for malicious content and

itnext | a u g ust 2 0 1 3

downloaded software for malware, ensure you install such an application. This is especially so for Android smartphones, which are now targeted by thousands of malware programs. Cognizant’s Das strictly advocates users not to scan when the source is unknown, always verify the website authenticity on scan and ensure mobiles have adequate Antivirus Protection to address any emergencies. Symantec’s Limaye advises users to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN and protect against automated redirection to malicious sites with QR codes.

The power behind competitiveness

Powering Competitiveness in Datacenters Delta’s InfraSuite Datacenter Infrastructure Solutions Fully integrated design and scalable architecture • Optimized set-up and operation costs • Modular design fits all server rooms architectures • High Flexibility allows quick and easy set-up by companies • Complete environmental management systems allows convenient manager control • High performance power configurations support the green server room concept • High level of integration provides a complete and reliable solution for companies

+91 9999992084 www.deltapowersolutions.com

interview | Nitin Dang

itnext | a u g u s t 2 0 1 3

Nitin Dang | interview

Cobol on an Integration Spree Nitin Dang, Country General Manager, Micro Focus India and SAARC, looks at the importance of modernising the business-critical COBOL applications which make it compelling for organisations to drive productivity. Dang elaborates on the innovation in traditional COBOL and how it offers cost savings to customers, besides ensuring increased productivity and the ability to drive focus on product innovation Can you elaborate on the innovations in the enterprise application modernisation, testing and management solutions arena? Micro Focus operates in the space of enterprise application modernisation, testing, and management solutions. Over the years, COBOL has evolved to keep pace with technological developments, integrating with most modern technologies today. Most importantly, it has retained many of its traditional strengths. As technology evolves, and new trends emerge, end users demands and expectations of the software applications are constantly changing. The emergence of social media and web 2.0 applications such as Facebook and new mobile platforms such as iOS and Android, are driving users to expect a similar experience and accessibility when working with business applications. At the same time, the emergence of Software as a Service (SaaS) and the availability of Cloud

technology mean geographic barriers are being broken down. These growing trends are putting pressure on businesses to respond in a timely fashion to constantly changing user expectations and new competition. As organisations scramble to meet the new demands of the market, they expect their IT teams to deliver with constantly diminishing budgets. With this in mind, organisations are finding that the quickest, cheapest and safest option is to modernise their existing COBOL applications. The key has been to keep the language current with new processing ideas and new capabilities. This makes it easy to adapt COBOL to new environments even though it is a mature language with a lot of operating lines of code. COBOL has a unique capability in that the same COBOL code can be compiled into native code, .NET and to the JVM without changing a single line of code. Visual COBOL delivers a more productive, efficient developer

experience. It empowers the organisation through innovation, to carry forward its application investments into the future.

How is it being leveraged by customers? Talking specifically about Visual COBOL, we recently worked with Om Logistics Indiaâ&#x20AC;&#x2122;s leading logistics services company, to build a COBOL-based Enterprise Resource Planning (ERP) system, built using Micro Focus Server Express, which supports the companyâ&#x20AC;&#x2122;s core business modules, including accounting, reporting, warehousing, HR and payroll as well as consignment tracking. Visual COBOL helped them to leverage the latest industrystandard IDEs to modernise core applications, development of a mobile application to access COBOL systems, and improving the efficiency of the developers by 30 per cent. This is a huge achievement, considering the pressures on IT investment.

a u g u s t 2 0 1 3 | itnext

interview | Nitin Dang Which aspect of the whole IT framework is leveraging these solutions? There are several enterprise application modernisation strategies available to organisations that want to prepare themselves effectively for the economic upturn. Of those strategies, modernising existing business-critical COBOL applications is one of the most compelling, offering cost savings, increased productivity and an ability to drive much greater focus on product innovation. According to Forrester Research, 64 per cent of companies surveyed responded that updating and modernising their legacy applications was an important software initiative for their current planning cycle. Given the current economic environment, Micro Focus urges organisations to consider how to maximise their existing investments in mission-critical applications through extending COBOL applications to Web Services and SOA, modernising COBOL applications to Web and .NET and integrating COBOL applications to .NET and J2EE. Reducing your costs, streamlining your business processes, improving productivity and facilitating IT innovation are the cornerstones of a successful business strategy in current times. It has been shown that these four business goals are not independent and they are not contradictory. What kind of challenges does it face from the customer standpoint? From a customer standpoint, there are only benefits to having implemented COBOL in their infrastructure. The key has been the evolution of the language, through its malleability to the contemporary business environments, with fresh processing ideas and capabilities. This has made COBOL, the legacy language, stand the test of time and still be implemented as a trustworthy resource.

itnext | a u g u s t 2 0 1 3

How do you measure customer benefits using COBOL? COBOL’s presence, a technological movement that has stood the test of time, is not merely felt in one or two niche industries, but rather, over the past handful of decades, it has infiltrated almost every key vertical industry. For example, the banking and financial industries are one of the first that embraced computing and as such, their IT roots are set in COBOL because it was the primary language used then; and now. If the language’s code were suddenly removed from banking systems, it would adversely affect the transaction system. However, this does not just pertain to banking. If COBOL were just deleted from airlines’ systems, flights could no longer be booked online, hotels could not handle reservation requests

“ COBOL’s presence, a technological movement that has stood the test of time, is not merely felt in one or two nice industries, but rather, over the past handful of decades, it has infiltrated almost every key segment” and cash registers at retail stores would simply not work. As a matter of fact, COBOL systems are responsible for transporting up to 72,000 shipping containers, caring for 60 million patients, processing 80 per cent of point-of-sales transactions and connecting 500 million mobile phone users. It has been estimated that the average American relies on COBOL at least 13 times during the course of a routine day as they place phone calls, commute to and from work and use credit cards. New application development rarely starts from a blank sheet of paper. Innovations like mobile

Nitin Dang | interview

losophy of ‘re-use not rewrite’ has enabled OM Logistics to progress its existing COBOL business rules to take advantage of new modern technologies, such as PHP. In addition to the technology innovations already underway, Visual COBOL has already delivered on the development productivity gains. The company opted for Visual COBOL with Eclipse to be in-line with the latest technology and move towards mobile and cloud development. I estimate its use has improved development efficiency by around 30 per cent. The customer already completed an application upgrade from Micro Focus COBOL to Visual COBOL and is now planning to develop a very valuable new mobile application to leverage our COBOL-based business rules.

banking, for example, are simply new channels through which current business applications can be delivered. Existing COBOL applications have extensive business logic built into them containing valuable competitive advantage. Using these applications in new environments for decades to come ensures that both investment and market opportunity are maximised.

Why did Om Logistics go in for COBOL deployment even though it is considered to be a legacy language? OM Logistics operates in an environment where the big players were constantly raising the stakes in respect of new technology, but their own was unwieldy and outdated technology. Their business applications used character-based, command line development technology making them clunky to modify and difficult to modernise. OM wanted a more productive application development toolset with a contemporary, industry-standard developer experience that would exploit its existing investment in powerful COBOL-based applications. Clients expect consignment-tracking technology and modernising their mobile app was on OM’s list. Visual COBOL’s phi-

Please elaborate on Om Logistics’ latest up-gradation to Visual COBOL? With Visual COBOL now in place, future and planned initiatives--including the development of a mobile and PHP application interface, powered by proven, back-end COBOL applications – can hit the launch pad. The gains prompted Om Logistics to opt for this reinvention of the Micro Focus design classic. Find other interviews online on the website www.itnext. in/resources/ interviews

What sort of innovations has the deployment/language brought to core application of Om Logistics?

OM Logistics’ experience of Visual COBOL for Eclipse, the industryleading development environment, has been to dramatically improve the maintenance and development of COBOL applications--a massive advance over previous characterbased tooling.The company has seen great developer productivity gains and the company can now deliver higher levels of performance, capacity, and functionality with much greater ease. It is said to have a more flexible and costeffective platform for development that can support new interfaces and technologies quickly and easily. Moving to Visual COBOL has been a win-win situation for us.

What is the future road map for COBOL? The most obvious shift in the IT landscape has been a proliferation of new platforms for software applications to be run from--Windows, UNIX, Linux, Cloud, Mobile. The core of every application decision will now have to home in on breadth of platform support. End-users only want one thing: functionality on their platform of choice. It’s up to development teams to ensure that the functionality is present and streamlined, on the right environments, meaning applications need to be built and updated on reliable, robust and portable code. Change is inevitable, so why make updating and maintaining applications any harder than it needs to be? Programming languages, COBOL for example, are simple to understand and don’t necessarily require prior language-specific experience. If software development teams experience turnover over the years and new developers enter the mix, it is valuable to have code that doesn’t send developers spinning. The technology innovations of the future are undefined and infinite--some will change the IT landscape for the better.

a u g u s t 2 0 1 3 | itnext

insight | Flash Storage

Transform Business, in a

Flash

New technology enhancements will boost performance, reduce TCO by up to 30 per cent, and help senior IT managers achieve business transformation

he key objective of Hitachi Data Systems Corporation has been to make the lives of senior IT managers simple and easy to cope with data storage challenges. The challenges that these IT professionals face according to Hitachi are: They have less time to develop and deliver new solutions and services to more customers, and they must do so with flat or decreasing budgets. To get the most out of their IT investments, they need to maximise performance, efficiency and economics of their infrastructure and resources. Maximising IT accelerates insight, improves decision-making, and releases resources to let them increase the pace of their innovation and harness information to build competitive advantage. To address these challenges in a more logical and pragmatic fashion, Hitachi

has made technological enhancements and rolled out three infrastructure solutions: All-flash storage solutions, Storage solutions which are unified ready and solutions which enterprise-virtualisation ready. Hu Yoshida, VP and Chief Technology Officer, Hitachi Data Systems says, â&#x20AC;&#x153;The three new technology enhancements support this strategy and simplify the tasks of implementing flash, unified storage with primary de-dupe and converged infrastructures for rapid application deploymentâ&#x20AC;? According to Yoshida, Hitachi Unified Storage flash system is designed for organisations that seek to accelerate the performance of their business applications. With integrated Hitachi Accelerated Flash and enterprise storage virtualisation, HUS VM delivers faster access to information and increased efficiency through central management of all storage assets. Database, analytics,

These enhancements simplify management functions and improve utilisation to lower TCO by 30 per cent over a four-year period

itnext | a u g u s t 2 0 1 3

I LLUSTRATIO N by shi gil narayanan

by N g e e t h a

PHOTO /I LLUSTRATIO N/IMAG ING CRE DIT

insight | Flash Storage

“The three new technology enhancements support this strategy and simplify the tasks of implementing flash, unified storage with primary dedupe and converged infrastructures for rapid application deployment” Hu Yoshida VP and CTO, Hitachi Data Systems

itnext | a u g u s t 2 0 1 3

virtual desktop and virtualised server environments benefit from superior performance and improved response times. “This strategy results in one management platform across server and storage, file, block and object, and simplifies the task of implementing new technologies. Virtualisation enables a smooth transition between technologies and enables the ability to leverage other vendor products and include them in our management stack,” says Yoshida.

What’s New that can Transform Customer Business From the technology perspective, Hitachi Unified Storage VM (HUS VM) all flash system, Hitachi Unified Storage and Hitachi NAS Platform, and Hitachi Unified Compute Platform (UCP) are expected to reduce total cost of ownership (TCO) by up to 30 per cent compared to alternative solutions, and up to double the performance benefits of previous generations; the new turbocharged solutions maximise IT investments and help customers achieve unsurpassed operational savings despite today’s relentless data growth and cloud infrastructure complexities.

Built on Hitachi’s 3-tier Strategy Vivekanand Venugopal, VP&GM, India, HItachi Data Systems vouches for these technologies to deliver the performance, efficiency and economics needed for the foundation of seamless enterprise cloud environments. “The technologies also achieve a new milestone in the Hitachi Data Systems 3-tiered strategy for infrastructure, content and information, which builds on existing IT investments to provide a single virtualisation platform for all data to support cloud and enable big data.” Aiming at helping customers transform their data into actionable information and harness its power as a strategic asset for business insight and innovation, the company aligned its product and solutions portfolio around a 3-tiered strategy of infrastructure cloud, content cloud and information cloud that builds on existing IT investments to provide a single virtualisation platform for all data. The new flash, unified and virtualisation storage platforms too were developed in the basis on the 3-tiered approach to fit into the strategy. Hitachi Data Systems believes that all data has value and to fully realise this potential, it requires data and information to be stored, governed and managed as an asset. Only then can the data be shared, compared, and analysed more holistically for better insight and innovation. Venugopal’s intention is to leverage Hitachi Data Systems technology to create social infrastructure solutions that involve cloud services, big data management, machine-tomachine networks, equipment management and control systems. “These solutions will bring intelligent information capabilities to the areas of power systems, railways and transportation, urban development and others, ultimately resulting in more efficient, secure and sustainable societies,” says Venugopal.

Flash Storage | insight

“The technologies also achieve a new milestone in the Hitachi Data Systems 3-tiered strategy for infrastructure, content and information, which builds on existing IT investments to provide a single virtualisation platform for all data to support cloud and enable big data” Vivekanand Venugopal VP& GM, India, Hitachi Data Systems

How to Maximise IT Investments and Performance The flash storage integrates all the enterprise functions of HUS VM with flash module to enable increased performance. The microcode in HUS VM has been optimised for flash to provide 500,000 IOPS now and 1,000,000 IOPS going forward. The flash modules provide 4 times higher performance and 46 per cent lower bit cost than standard SSDs; and with a 5U HUS VM controller, and up to 8X 2U HAF drawers, this could be used as a standalone flash array with the advantage of full enterprise functions like snapshots and replication. The unified storage and NA is expected to double capacity and performance with its hybrid-core architecture that blends Intel and FPGA technologies. These new file modules can consolidate multiple NAS filers at a 30 per cent lower TCO. These NAS heads have FPGA feature that provides workload aware, primary de-dupe that customers can set and forget. Primary de-dupe is expected to reduce capacity requirement by as much as 90 per cent. Hitachi’s UCP Pro for Virtualisation platform include VMware vSphere turnkey pre-configured solution with an orchestration layer integrated with VMware vCenter to view, provision, monitor, upgrade and performance tune the entire, stack including server, storage and networks for rapid deployment of virtual machines. UCP Select is server, storage,

and network reference solution, which are pre-validated and pre-certified for deployment of Microsoft Private Cloud (Hyper V), and for Oracle Database Real Application Cluster with predictable performance. UCP select for SAP HANA scale-out solution is a popular converged solution. These enhancements simplify management functions and improve utilisation to lower TCO by 30 per cent over a four-year period.

Customer’s Take According to Venugopal, the adoption of flash technology is seeing an upward trend across various industry verticals. The use of flash controller provides 3 times the improvement in data storage compared to that of the standard SSDs. All these technologies, besides increasing performance, would help in reducing the footprint, power-cooling cost, effective utilisation of resources, increased capacity efficiency and dynamic provisioning. “We count on the reliability of Hitachi Data Systems for our most critical workloads. The flash technology, along with dynamic tiering, addresses our needs of high data growth along with higher performance by delivering sub-millisecond response times. Best of all, it protected our existing investments while seamlessly integrating with our storage architecture without any disruption,” says Jitendra Sangharajka, Associate VP, Information Systems, Infosys.

a u g u s t 2 0 1 3 | itnext

insight |Enterprise Application

e s i r p r e t n E t u o b a s h t My n o i t a r t s e h c r O n o i t a c i Appl n solutio e is r p r e t n e l u f ccess Designing a su trated music. It combines hes functional s s o is like well orc r c a t u c t a esses th business proc as associated IT services areas as well ar by Sudhak

itnext | a u g u s t 2 0 1 3

Anivella

Enterprise Application | insight

rchestrating or designing an Enterprise Application is an art which can be compared with the composition of music: It requires the same amount of effort or integration to produce the desired results. The term orchestration in music refers to the way instruments are played to render any aspect of melody or harmony. Similarly in EAI, “orchestration” describes the automated arrangement, coordination, and management of complex computer systems, middleware and services to achieve a seamless integration of functionalities present in various applications and provide the desired enterprise-wide solutions. Each musical instrument is designed with a specific capability and can play sounds in a certain way. The orchestrator must decide which instrument(s) should play a specific chord, when to play it and in which order to create a melodious music score.

PHOTO by: photos.c om

EAI Design Process Similarly, each enterprise application is designed to focus on and address a specific functional area of the organization: Finance, HR etc. These applications work within the organisational/departmental boundaries for which they are designed and developed. For this reason, many IT groups are aligned with these specific functional areas to support them effectively. As in music, a successful enterprise solution requires careful orchestration of business processes which cut across these functional areas as well as associated IT services. Enterprise solution design envelops various applications, tools, and organisational processes together in a coordinated way and utilises them in an effective way. This is not an easy task: it requires dealing with multiple applications running on multiple platforms and also at various locations. It also requires careful orchestration of business processes

Challenges

lication p p a e is r p r e t n e “Designing an s it requires a , k s a t y s a e n is not a plications p a le ip lt u m h dealing wit forms and t la p le ip lt u m running on cations” lo s u io r a v t a o als vella Sudhakar Ani logies ct, CA Techno Senior Archite

Some of the common challenges faced by EAI projects are similar to the challenges faced by music orchestrators:

a u g u s t 2 0 1 3 | itnext

insight |Enterprise Application

Key nuances of Application Orchestration Orchestrating or designing an Enterprise Application is an art which can be compared with the composition of music EAI, “orchestration” describes the automated arrangement, coordination, and management of complex computer systems, middleware and services Each enterprise application is designed to focus on and address a specific functional area of the organization: Finance, HR etc. As in music, a successful enterprise solution requires careful orchestration of business processes which cut across these functional areas as well as associated IT services Enterprise solution design envelops various applications, tools, and organisational processes together in a coordinated way and utilises them in an effective way

terprise n E n a g in n ig s While de re, one u t c e it h c r A n io Applicat scalability, e h t f o k in h t ld shou xibility of the e fl d n a s s e n t s robu rowth as g e r u t u f r o f s t produc chitectures r a e is r p r e t n e n investments o ersible” v e r ir d n a e g u h are essentially ari Ranjeev Tiw t Retail ax Hypermarke M T, -I er ag an enior M

itnext | a u g u s t 2 0 1 3

1. Duplicate/Overlapping functionality in multiple applications and multiple sources of truth (for example, multiple applications maintaining employees’ personal data). This is similar to multiple instruments producing the same sound. The orchestrator should choose the proper instrument (the source of truth) to produce the desired musical note. 2. Legacy applications with limited facilities for integration. This is similar to some of the instruments that produce the same sound with a fixed pitch and beat. The orchestrator must identify and take necessary care to utilise these instruments as required. Similarly, the enterprise solution designer should identify such legacy applications and tailor the solution to fit them in. 3. Similarly, other challenges for designing enterprise solutions include difference in semantics, dissimilar integration standards, multiple communication protocols, multiple data formats, etc.. These challenges are in no way different from the challenges faced by any music orchestrator composing a melody. As we know, a simple note out of sync with the rest of the orchestration will create noise rather than a melody. Similarly, any discrepancy caused by any one application will lead to chaos, not a desired solution. Enterprise solution designers can learn and apply from the best practices (patterns) followed by great composers for composing melodies to create the best enterprise solutions that cater to effective end user experience.

An MBA may not make you a CIO, but this can

The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environment ITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and softskills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs. SESSIONS WILL COVER Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise services/infrastructure Thinking strategically about IT Leadership in the corporate context REGISTER THROUGH MOBILE APP Download the NEXT100 app on your phone or tablet, and register for Pocket CIO program. Access the latest white papers and case studies, and watch videos

CITY& DATE BENGALURU 23rd –24th AUGUST MUMBAI 6th – 7th SEPTEMBER NEW DELHI 13th – 14th SEPTEMBER

APPLY NOW !

PLATINUM PARTNER TECHNOLOGY PARTNER

NEXT100 BOOK PARTNER

WWW.ITNEXT.IN/NEXT100

EVENT BY

*THE PROGRAM IS ENTIRELY FREE OF COST FOR INDIVIDUALS WHO HAVE APPLIED FOR NEXT100 BUT FOR ALL OTHERS THE COST IS INR 2500

Stop being consumed by where you are... ...focus instead on where you want to be.

Are you at that stage in your career... when you start looking for something more. It could be a new direction, fresh focus or the next mountain to climb. You’ve already come a long way, but it’s time to aim for the top - the pinnacle. But scaling the next mountain is a big stretch. You need new skills. You require new perspectives. You want to be a stronger leader. The Pinnacle Programme will help you do all this - and more.

www.theleadershipinstitute.in 9.9 Mediaworx, B-118, Sector 2, Noida – 201 301, India Tel: +91 120 4010999

15minute manager

training Education workplace compensation workforce trends skills development personal development

I LLUSTRATIO N by: raj verma

what to look in a tablet Page 46

Technology: Flash on a Drive THIS page Healthy Tips: Eye Care tips for Comp users page 46 Product Review: Nokia Lumia 520 Page 50

By N Geetha

nhanced performance, speed to access data and reduction in cost is the prima facie of any customer requirement. Against this backdrop, businesses are moving to all-flash systems to boost critical application performance, gain efficiencies and strategically deploy resources for data management. Going by this need, and as part of its strategic initiative to drive flash technology further into the enterprise to help organisations better tackle the mounting challenges of big data, IBM announced flash caching in System x and tiering in Power Systems and brought in FlashSystem family, a comprehensive flash portfolio to help businesses and enterprises to speed big data analytics. The Company invested $1 billion in flash and opened new Centers of Competency for client engagements believing that flash, a highly efficient re-writable memory, can speed the response times of information gathering in servers and storage systems from milliseconds to microseconds.

Technology

Flash on a Drive A durable and energy efficient spinning drive, Flash ensures performance and enables IT managers in handling big data issues a u g u s t 2 0 1 3 | itnext

15-MINUTE MANAGER Business Made Easy with Flash

itnext | a u g u s t 2 0 1 3

Tips & Tricks

Eye Care Essentials for Computer Users If you spend hours each day working at a computer screen, you may experience eyestrain, blurred vision, itchy eyes, and occasional double vision. However, studies have found no indication that working on a computer screen causes permanent vision problems. Short-term problems, such as tired, irritated, or watery eyes, do bother many people who work at computers, but these problems can usually be corrected by wearing a special pair of glasses for computer work, adjusting lighting in the workplace, and altering the position of the computer screen. 20 Minutes to Relax your Eyes

TAKE CARE OF YOUR EYES WHILE USING PC During a recent visit to an optician, one of my friends was told of an exercise for the eyes by a specialist doctor that he termed as 20-20-20. Step I :- After every 20 minutes of looking into the computer screen, turn your head and try to look at any object placed at least 20 feet away. Step II :- Try and blink your eyes for 20 times in succession, to moisten them. Step III :- Time permitting of course, one should walk 20 paces after every 20 minutes of sitting in one particular posture. Helps blood circulation for the entire body. Circulate among all if you care.

Increase Your Comfort The following steps can further reduce your eye discomfort and fatigue: Place the computer straight in front of you, not off to the side. Place the screen at right angles to any windows to minimize glare. Adjust the screen angle to minimize reflections from overhead lights or desk lamps. Use drapes, shades, or blinds to control window lighting and glare. Vertical or horizontal blinds will direct light away from you and the computer.

PHOTO /I LLUSTRATIO N/IMAG ING CRE DIT

Facts

SOURCE: University of Rochester Medical Center

Ajay Mittal, Director, Systems and Technology Group, India/SA, says, “Because it contains no moving parts, the technology is also more reliable, durable and more energy efficient than spinning hard drives.” He also finds integrating flash with the data centre and virtualisation in a heterogeneous framework made flash even more sought after. Such benefits have led flash storage to pervade the consumer electronics industry and be built into everything from cell phones to tablets. Today, as organisations are challenged by swelling data volumes, increasing demand for faster analytic insights, and rising data center energy costs, flash is quickly becoming a key requirement to enable the Smarter Enterprise. “The economics and performance of flash are at a point where the technology can have a revolutionary impact on enterprises, especially for transaction-intensive applications. The confluence of Big Data, social, mobile and cloud technologies is creating an environment in the enterprise that demands faster, more efficient, access to business insights, and flash can provide that access quickly,” says Mittal. Mittal emphasised the point that management of the storage becomes much easy using flash technology, which also promises a reduction in cost. “ To help lead this transformation, IBM is investing $1 billion in research and development to design, create and integrate new flash solutions into its expanding portfolio of servers, storage systems and middleware.” As part of that commitment, the company also announced plans to open 12 Centers of Competency around the globe. These sites will enable clients to run proof-of-concept scenarios with real-world data to measure the projected performance gains that can be achieved with IBM flash storage solutions. Clients will see first-hand how IBM flash solutions can provide real-time decision support for operational information, and help improve the performance of mission-

Do you have future CIOs in your team?

Presents

IT INFRASTRUCTURE

MANAGEMENT

AWARD INDIA’s FUTURE CIOs

The pace of business is accelerating around the globe. As customers become more savvy, and market conditions become increasingly dynamic, IT managers need to ensure that their organizations are prepared to successfully plan and deploy IT infrastructure that meets user needs- speedily and comprehensively.

If you think that you have mastered the art and science of effectively managing enterprise IT infrastructure, PROVE IT NOW. How to Apply: Register for POCKET CIO Program in a city of your choice by going to www.next100.itnext.in/pocketcio Attend the IT Infrastructure Management session which will be conducted by experts from HCL Infosystems

By Applying you stand a chance to: Win the Regional IT Infrastructure Management Award Win the National IT Infrastructure Management Award Secure interview with the Jury of NEXT100 and potentially win the NEXT100 awards Get “Pocket CIO” achievement certification WORKSHOP CALENDAR

BENAGALURU 23 - 24 AUGUST 2013 MUMBAI 6 - 7 SEPTEMBER 2013 DELHI 13 - 14 SEPTEMBER 2013

IT INFRASTRUCTURE

MANAGEMENT AWARD

15-MINUTE MANAGER

“Because it contains no moving parts, the technology is also more reliable, durable and more energy efficient than spinning hard drives” —Ajay Mittal, Director, Systems and Technology Group, India/SA

critical workloads, such as credit card processing, stock exchange transactions, manufacturing and order processing systems. IBM FlashSystem 820, for example, is the size of a pizza box, and is 20 times faster than spinning hard drives, and can store up to 24 terabytes of data. Mittal reiterates that flash systems can provide up to 90 per cent reductions in transaction times for applications like banking, trading, and telecommunications; up to 85 per cent reductions in batch processing times in applications like enterprise resource planning and business analytics; and up to 80 per cent reductions of energy consumption in data center consolidations and cloud deployments.

industry-leading standard when it comes to storage virtualisation which is a single point of management and control for small and large heterogeneous storage environments used with flash for better performance. “The outcome is best when SVC and FlashSystem 820 are configured together,” says Mittal.

Best Flash Practice As a best practice, when configuring multiple IO group SVC clusters, customers need to zone every node so that it can access FlashSystem 820. If you configure multiple FlashSystem 820 ports, repeat the zoning so that every SVC node has access to every FlashSystem 820 port.

Cost-Benefit Factor

Logical configuration on FlashSystem

For instance, according to Mittal, the customer can see a reduction in per dollar cost per iOPs using flash, as against SATA or SAS drives. Mittal vouches for the fact that the technology in a typical system configuration, and a maximum system configuration can return over 1,400,000 input/output operations per second (IOPS) at less than 1 millisecond average response time. The differentiating factor is IBM SVC which is widely regarded as an

To provide usable storage (managed disks) on SVC, you need to define some logical units (LUs) on FlashSystem 820, and map these LUs to the FlashSystem host ports. Create at least four LUs on flashSystem 820 storage, and use default masking to map all of the LUs to all of the FlashSystem 820 host ports. When you create zoning, each managed disk (mdisk) discovered by SVC will have eight available paths between each SVC node and the flashsystem port.

itnext | a u g u s t 2 0 1 3

The tested configurations, for example using 4 LUs or 16 LUs using varying FlashSystem 820 capacity to test 25 per cent, 50 per cent, and 100 per cent allocation. That is, with 4 LUs and 50 per cent allocation, each LU was approximately 2.5 TB in size. Similarly, with 16 LUs and 50 per cent allocation, each LU was approximately 625 GB in size. If you use FlashSystem 820 as the primary data storage, as with the test results here, add all of the mdisks from the controller to a single managed disk group (also known as a storage pool in the SVC GUI). If more than one FlashSystem 820 is being presented to an SVC cluster, a best practice would be to create a single storage pool per controller. If you use FlashSystem 820 with the SVC EasyTier function, you will likely want to create multiple LUs for each hybrid storage pool. Create four or more LUs per hybrid pool, with the combined capacity of these LUs matching the capacity that you want for the SSD tier in that pool.

Customer Forte As a testimony to the performance of Flash, IBM’s customer Sprint Nextel Corp installed nine flash storage systems at its data center, for a total of 150 TB of additional Flash storage. The objective was to improve the

15-MINUTE MANAGER Tablet Glossary

Nokia Lumia 520 Review

The Nokia-Microsoft bond is one that many often question, saying that the Finnish company should ditch the latter’s Windows Phone 8 platform in favour of Android. However, given the popularity of the current Windows Phone devices in the market, such as the Lumia 920 and the 720, coupled up with the excitement of the Lumia 1020, we don’t see why Nokia would want to find itself a new software partner. One of the phones that also created waves when it came out was the Nokia Lumia 520, the cheapest WP8 device in the market at the moment.

Build and Design The Nokia Lumia 520 takes its design cue from the Lumia 720, in that it has sharp rounded edges instead of the soft round corners of the Lumia 620 or 820. The phone’s build follows a gentle curve from front to back that flow rather well with the curvature of our hands when we’re holding the phone. The smooth matte plastic shell that forms the majority of the phone is also built incredibly well, giving the phone a very solid feeling. The 4-inch screen on the phone allows it to be a perfect fit in most hands, not to mention allowed us to go all one-handed on the Lumia 520. With the new “screens must be big” fad, we’ve had a hard time using our phones with one hand, so the Lumia 520 feels really nice in this regard. What are also really nice are the volume, power and dedicated camera button on the side of the phone, which stand out quite prominently, meaning that when you press them, there is adequate feedback for you to know that the phone registered the press.

Software The Nokia Lumia 520 ships with the Windows Phone 8 OS, Microsoft’s latest mobile operating system. The phone is slated for the Amber Update, which would add Bluetooth 4.0, FM radio and other functionality to the phone. However, we’re going to focus on what the phone has to offer in its current firmware version. The Lumia 520, just like every other Windows Phone 8 device, ships with a copy of OneNote and Office for Mobile pre-installed. For a phone that costs as little as this one, the presence of Office for Mobile should be enough in of itself to be a big value for money factor. If it’s not, then you will have access to the Microsoft Windows Phone Store from where you can download most of the popular apps such as Facebook, Whatsapp, Viber, Foursquare etc. Then there’s also SkyDrive, with its free 7GB of online storage. —Source: thinkdigit.com

itnext | a u g u s t 2 0 1 3

performance and efficiency of its phone activation application. Increase in performance enabled the enterprise to expand its technology to other parts of the data center. Flash technology seems to add value to the retail enterprises as well. As Mittal explains, “One of our retail customers wanted to boost system performance to ensure fast, reliable access to its online catalogue. The customer chose to replace diskbased storage with solid-state storage technology from Texas Memory Systems (TMS), an IBM Company. The customer currently operates two pairs of TMS RAM-based RamSan®-440 and flash-based RamSan-710 systems. To solve its I/O bottleneck, the company moved high-volume Oracle database tables to the RamSan storage. Unlike disk-based storage, no extra optimiSation or third-party application tuning was required to extract maximum performance from the RamSan. As the popularity of its online platform continued to grow over the years, the retailer needed more performance, and today operates with two TMS RamSan-440 systems, deployed in a mirrored high-availability configuration with redundant data paths over 8-Gbit Fibre Channel connections. The benefit that the company observed, according to Mittal, was eliminating storage bottlenecks to deliver the consistently high performance that needs to support its e-retail platform, even as web traffic has increased by more than 50 per cent.

PoCs in Progress Customers across various industry verticals seem to be going in for proof of concept with regard to flash technology and its benefits. IBM is looking at about nearly 100 customers who are keen on moving to flash. Besides this, service providers are seriously looking at flash for their cloud-based storage model and capacity planning. Ajay Mittal, Director, Systems and Technology Group, India/SA,

Do you have future CIOs in your team?

FIND OUT NOW! INDIA’s FUTURE CIOs

About NEXT100 NEXT100 is the Indian IT industry’s premier awards program that identifies and honors 100 experienced IT managers who have the skills and talent to become CIOs and leaders. All NEXT100 award winners are selected through a rigorous and comprehensive evaluation process that reviews technocommercial, management and leadership skills. The final selection of the award recipients is made by a prestigious committee comprising India’s top business and technology leaders

NEXT100 Award Process • Applicants need to complete the online registration and application form (Last date is 04-Aug-2013) • All applicants have to take the online

VisiT www.nexT100.in TO knOw mOre Initiative by

Event by

psychometric tests that assesses personality traits and leadership style • Qualified applicants are shortlisted for interview by jury panel. Each candidate is independently interviewed by two jury members • Reference checks of qualified candidates are done with work supervisors and designated referees • The list of NEXT100 award winners is announced by the jury, and award winners are invited to attend an all-expense paid gala awards night

PARTNERS Platinum Partner

Technology Partner

How to Refer You can nominate candidates by going to http:// goo.gl/X7kWo. The last date for nominations is 31st July, 2013.

Apply TODAy AT www.nexT100.in Download the NEXT100 App to register and track your application

NEXT100 Book Partner

cube chat | Vishal Kumar Bisht

Think Clean, Be Simple I am keen to develop the first e-Learning Platform and make it available on Desktop, Web, Mobile and Tablet,” says Vishal Kumar Bisht, Founder, Director, Marksman Technologies Pvt. Ltd. By N Geetha

V My sucess

mantra Passion to learn new aspects and nurturing the passion

itnext | a u g u s t 2 0 1 3

ishal Kumar Bisht, Founder Director and CTO of Marksman Technologies Pvt. Ltd., believes in thinking clean and leading a simple life. He obviously draws his inspiration from the Bhagawat Gita. An aeronautical engineer by profession, Bisht was associated with an advertising agency and was instrumental in setting up a call centre for a media house. “At the start of my career itself, I was exposed to working on new technologies, which was indeed a turning point in my career, and which fired my passion for coding and data management,” says Bisht. Besides, Bisht possesses the passion to keep acquiring new technological insights and implement the learning immediately in his organisation or create an environment for his team to implement the new applications. Passionate

about technology, Bisht, being the first generation entrepreneur with over 12 years of experience in application development, product development and IT consultation, has been involved in various Custom Application Development in (ERP for SMEs) and worked in various verticals like Investment Banking, Event Management, educational institutions and government agencies. As an entrepreneur, he now focuses on the e-Learning vertical and in the past few years, he has been closely involved in the development of various e-Learning products and applications (solutions). The feather in Bisht’s cap was to do with developing web 2.0 Web Collaboration Application, which is developed using Open Source Technology in RED5 (for the streaming) and Laszlo (in the UI). “At present, we are working on an online Book Store, an -e-Commerce Portal where the products

cube chat

Fact File Full Nam e: Vi s hal Bi s ht C urrent D es ignat ion : Founder , C EO – Marks m an Techno logi es Pvt. Ltd. C urrent Role: C EO and C TO Expertis e: e-Lear n in g , e-C om m erce , C loud a nd Bi g Data

PHOTO by subho jit paul

“At the start of my career itself, I was exposed to working on new technologies, which was indeed a turning point in my career, and which fired my passion for coding and data management” catalogues in DB contained more than 10 crore books, and with approximately 15 lakh users of this portal; this is a huge data to manage on a server in real time,” says Bisht. In an attempt to nurture his technological passion, Bisht and team plan to implement big data; and are going to implement in-Search module to fast Searching move using SOLR + Hadoop. The idea is to provide faster access to reports for business groups. Bisht has various projects to his credit. A keen project management player, he is also a good team player. As the CTO of the organisation and a technology enthusiast, Bisht has rolled out about 400 projects in creating static and dynamic websites and e-commerce portals, involved in business development, project management and

project execution. He has to his account 10 ERP roll outs, also involved with coding and testing. However, the most cherished project for Bisht is developing e-learning applications and products. “I call this e-learning project most innovative, as it is a cloud based e-learning platform for SMEs with the url www.smecloud.in, which provides lot of learning,” says Bisht. Bisht has the confidence to tackle any situation or any team as his experience in working with the corporate sector as well the government sector gave him the necessary exposure. Bisht draws inspiration from N R Narayana Murthy, the Founder of Infosys. While he resorts to sports and music to relieve stress, as a Next100 winner and an entrepreneur, his dream is to emerge as a global leader in e-learning..

Work Experi ence: Approxim ately 13 Y ea rs i n the IT industry Favourite quot e: “That’ s been one of m y m ant ras — focus a nd s i m plicit y. Sim p l e can be harder th a n co m plex: You have to wo rk hard to get yo ur thinki ng clean to m ake i t s im ple. B ut it ’s wo rth it in the e nd becaus e once you g et there, you can m ov e m ountains .” Steve Jo bs Favouri te boo k: A rt of the Start Guy Kawasa k i Favouri te food: So uth Indi an Food Favouri te desti n at ion : Sili con Valley Favouri te gadget for wo rk: Mac Book Favouri te gadget fo r pers onal us e: Bl ackBerry

a u g u s t 2 0 1 3 | itnext

update

indulge

The hottest, the coolest and the funkiest next generation gadgets and devices for you

Here is a preview of the latest tech toys on the block to add to your arsenal. Take your pick and then go splurging!

Westone Adventure Series Alpha The culmination of Westone’s two decades of experience in designing in-ear headphones, the Adventure series ADV Alpha set is a weather –sealed, unibody, magnesium headset that is designed with the real adventurer in mind. The set is designed to fit snugly in your ear canal and stay there, no matter what and the cable includes reflective controls that almost glow in the dark. Price: ` 15,000

Sonostar Smartwatch

HOT H/K Soundsticks

The product is an elegantly designed watch that is an excellent alternative for those who are unhappy with the pebble’s aesthetics. Compatible with both, iPHone and Android device.

wireless

The transparent subwoofer and the transparent satellites housing four silver black drivers gives this speaker system from Harman /kardon an entirely organic feel to it.

NEW

Price: 11,000

Price: ` 15,990

Kata’s KT PLE-690 Element This particular cover for your camera works great in light to moderate rain but it is not meant for heavy-duty usage. The transparent back cover along with the hand sleeves makes the camera controls accessible. Price: ` 3,500

itnext | a u g u s t 2 0 1 3

Like something? Want to share your objects of desire? Send us your wish-list or feedback to editor@itnext.in

update

open Debate

book For you A platform to air your views on the latest developments and issues that impact you

Inside the Box Why the Best Business Solutions are Right in Front of You

Archana S Awasthi Vice President & Head- BFSI, Ramco Systems Cloud based BI and Analytics is no longer a novice as most customers in the BFSI segment are leveraging the model under the public cloud. Customers are looking at a data centric BI cloud model; we have brought in standardisation in the cloud based model, while creating industry templates. Traditional analytics solutions are built ground-up, are very complex and take many man-months to implement. Cloud model would enable customers to quickly and easily adopt business applications and then graduate to a full-fledged ERP, without replacing the existing system.

Vijay Sethi VP & CIO, Hero MotoCorp

Ramandeep Singh CEO, Alten Calsoft Labs

Cloud Computing Strategy needs to be built and brought to an agreement with key stakeholders.The critical steps are: a) One needs to fully understand the concepts and implications of cloud computing before taking a decision on whether to maintain an IT investment in-house or whether to buy it as a service through the Cloud. b) Ensure that the key members of your IT team are on board. I think there can always be resistance from the team that is managing the current infrastructure or applications– for this culture, mindset has to change.

* Public cloud-based IaaS for a BI system: This option involves subscribing to an IaaS vendor and a pay-asyou-use model on the hardware and systems software. In this model, enterprises can deploy their own Extract Transfer and Load, DBMS and BI software on top of this. This model helps enterprises to convert their CAPEX to OPEX. * BI/DW Platform as a Service (PaaS): Using this option, enterprises can deploy the BI/DW system on a public cloud or an externally hosted BI/DW for building one’s own cloud-based BI system using one or more third party products. This model is useful for SMBs.

Here’s a book that stands conventional wisdom on its head and how! How often have we heard the phrase ‘think outside the box’ being bandied around in classrooms, in management workshops, in brainstorming sessions…. To be creative, you must be original and to be original, you cannot think within frames and rules. The book Inside the Box, introduces us to a radically different concept. It says that for an organisation to be really creative, we must think inside the box, using the familiar and the structured. Employing templates is, in fact, a quicker and better way to creative and innovative thinking. The methodology of creativity by thinking inside the box has been derived by research which exhibited a set of common patterns to the basis of all creative solutions. This book is a must read for all managers—those who were born with a creative streak and those who have always felt somehow lacking in that department. Inside the Box demonstrates that creativity is something which can be mastered. It has a methodology by learning which each one of us can come up with the next “eureka” moment . IT NEXT Verdict Grab a copy of the book to master the five techniques of SIT--Subtraction, Division, Multiplication, Task Unification, and Attribute

Your views and opinion matter to us. Send us your feedback on stories and the magazine to the Editor at editor@itnext.in

Dependency-for your creative breakthrough Star Value:

PHOTO IMAG ING : shigil narayanan

Key Ingredients in Planning a Cloud BI&BA

Authors: Drew Boyd, Jacob Goldenberg

a u g u s t 2 0 1 3 | itnext

my log

Sangita thakur varma Managing Editor, India Now

Managing A Surfeit of Talent India’s rising IT talent reservoir will require judicious management

itnext | a u g u s t 2 0 1 3

r at i o n : r a j v e

3 Essential

Reads

INTERVIEW | NITIN DANG

NITIN DANG | INTERVIEW

COBOL ON AN INTEGRATION SPREE Nitin Dang, Country General Manager, Micro Focus India and SAARC, looks at the importance of modernising the business-critical COBOL applications which make it compelling for organisations to drive productivity. Dang elaborates on the innovation in traditional COBOL and how it offers cost savings to customers, besides ensuring increased productivity and the ability to drive focus on product innovation Can you elaborate on the innovations in the enterprise application modernisation, testing and management solutions arena? Micro Focus operates in the space of enterprise application modernisation, testing, and management solutions. Over the years, COBOL has evolved to keep pace with technological developments, integrating with most modern technologies today. Most importantly, it has retained many of its traditional strengths. As technology evolves, and new trends emerge, end users demands and expectations of the software applications are constantly changing. The emergence of social media and web 2.0 applications such as Facebook and new mobile platforms such as iOS and Android, are driving users to expect a similar experience and accessibility when working with business applications. At the same time, the emergence of Software as a Service (SaaS) and the availability of Cloud

experience. It empowers the organisation through innovation, to carry forward its application investments into the future.

How is it being leveraged by customers? Talking specifically about Visual COBOL, we recently worked with Om Logistics India’s leading logistics services company, to build a COBOL-based Enterprise Resource Planning (ERP) system, built using Micro Focus Server Express, which supports the company’s core business modules, including accounting, reporting, warehousing, HR and payroll as well as consignment tracking. Visual COBOL helped them to leverage the latest industrystandard IDEs to modernise core applications, development of a mobile application to access COBOL systems, and improving the efficiency of the developers by 30 per cent. This is a huge achievement, considering the pressures on IT investment.

ITNEXT | A U G U S T 2 0 1 3

A U G U S T 2 0 1 3 | ITNEXT

Micro Focus's Country GM, Nitin Dang on how modernising COBOL would drive productivity Pg 32 INSIGHT | FLASH STORAGE

Transform Business, in a

Flash

New technology enhancements will boost performance, reduce TCO by up to 30 per cent, and help senior IT managers achieve business transformation has made technological enhancements and rolled out three infrastructure solutions: All-flash storage solutions, Storage solutions which are unified ready and solutions which enterprise-virtualisation ready. Hu Yoshida, VP and Chief Technology Officer, Hitachi Data Systems says, “The three new technology enhancements support this strategy and simplify the tasks of implementing flash, unified storage with primary de-dupe and converged infrastructures for rapid application deployment” According to Yoshida, Hitachi Unified Storage flash system is designed for organisations that seek to accelerate the performance of their business applications. With integrated Hitachi Accelerated Flash and enterprise storage virtualisation, HUS VM delivers faster access to information and increased efficiency through central management of all storage assets. Database, analytics,

THESE ENHANCEMENTS SIMPLIFY MANAGEMENT FUNCTIONS AND IMPROVE UTILISATION TO LOWER TCO BY 30 PER CENT OVER A FOUR-YEAR PERIOD

PHOTO /I LLU STRATIO N/ I MAGIN G CRE DI T

BY N G EETHA

I LLUSTRATION BY SHI GIL N ARAYA N AN

Technology, it wouldn’t be far-fetched to say, is now a part of the Indian DNA. So where does it leave the IT managers with a surfeit of geeks to manage? Managing talent from all accounts is hard work. In fact, it forms part of the management curriculum with the nuts and bolts of processes and systems. The idea of people leadership is itself stressful and now with all the attendant frills of psychology, sociology and management tools, it is as complicated as some obscure scientology process. But experience tells me that talented people are easiest to manage because they bring dedication to their work. If you are ever grappling with the issue of motivation in your team then it is time you took a hard look at the members. The mark of a high performer is that s/ he never needs external motivation. Come what may, they are always focussed on the goal, as they are selfmotivated. Secondly, since they know their job and you know you hired the right man/woman for the right job, can we just ease off a bit? At my current organisation, the top management’s display of absolute trust in the managers is not just amazing but highly rewarding, both for the company and the manager. They communicate but not micromanage. You as the manager and team leader are trusted. The rewards are being reaped both ways.

ustr

ITNEXT | A U G U S T 2 0 1 3

Transform Business, in a Flash: Hitachi's new technology to drive business transformation Pg 36 CUBE CHAT | VISHAL KUMAR BISHT

CUBE CHAT

Think Clean, Be Simple

FACT FILE FULL NAME: VIS HAL BIS HT CURRENT DES IGNATION: FOUNDER , CEO – MARKS MAN TECHNOLOGIES PV T. LTD. CURRENT ROLE: CEO AND CTO EXPERTIS E: E-LEARNING , E-COMMERCE , CLOUD AND BIG DATA

I am keen to develop the first e-Learning Platform and make it available on Desktop, Web, Mobile and Tablet,” says Vishal Kumar Bisht, Founder, Director, Marksman Technologies Pvt. Ltd.

“At the start of my career itself, I was exposed to working on new technologies, which was indeed a turning point in my career, and which fired my passion for coding and data management”

BY N G EETHA

MY SUCESS

MANTRA Passion to learn new aspects and nurturing the passion

ITNEXT | A U G U S T 2 0 1 3

PHOTO BY S UBHOJI T PAUL

A few years from now, the world will be calling us a nation of coders—some in amazement, some out of pure envy. Whatever the feeling prompting the moniker, the facts will prove that we have earned the sobriquet. For starters is the recently released report by Evans Data forecasting that India will surpass the United States in the number of software developers it produces by 2017. By 2018, India will have increased its developer count to 5.2 million, a nearly 90 per cent increase from the current 2.75 million developers. India’s clear info edge has sent a few nations in huddle as they scratch their heads to understand where they failed. For instance, the United Kingdom is blaming its “boring” “dumbed down” school curriculum (5-14 years) for the lack of IT talents in the country and is introducing rigorous computer science in schools. In the United States, you do have a Mark Zuckerberg once in a while thanks to private coaching. But then India is fast catching up with its own young breed of code crackers with the IT wave sweeping across the country. Indians, it would appear, are being genetically engineered in software labs (read schools). You have a Super Thirty in the boondocks of Bihar, so successful at cracking the tough IIT entrance exam, that it is being feted and cloned across the world, and centres like Kota that specialise in IT coaching and teaching.

Ill

catalogues in DB contained more than 10 crore books, and with approximately 15 lakh users of this portal; this is a huge data to manage on a server in real time,” says Bisht. In an attempt to nurture his technological passion, Bisht and team plan to implement big data; and are going to implement in-Search module to fast Searching move using SOLR + Hadoop. The idea is to provide faster access to reports for business groups. Bisht has various projects to his credit. A keen project management player, he is also a good team player. As the CTO of the organisation and a technology enthusiast, Bisht has rolled out about 400 projects in creating static and dynamic websites and e-commerce portals, involved in business development, project management and

WORK EXPERIENCE: APPROXIMATELY 13 YEARS IN THE IT INDUSTRY FAVOURITE QUOTE: “THAT’S BEEN ONE OF MY MANTRAS — FOCUS AND S IMPLICIT Y. S IMPLE CAN BE HARDER THAN COMPLEX: YOU HAVE TO WORK HARD TO GET YOUR THINKING CLEAN TO MAKE IT S IMPLE. BUT IT’S WORTH IT IN THE END BECAUS E ONCE YOU GET THERE, YOU CAN MOVE MOUNTAINS .” STEVE J OBS FAVOURITE BOOK: ART OF THE START GUY KAWASAKI FAVOURITE FOOD: S OUTH INDIAN FOOD FAVOURITE DESTINATION: S ILICON VALLEY FAVOURITE GADGET FOR WORK: MAC BOOK FAVOURITE GADGET FOR PERS ONAL US E: BL ACKBERRY

A U G U S T 2 0 1 3 | ITNEXT

Marksman's Vishal Bisht believes in thinking clean and leading a simple life to realise the passion Pg 52