Page 1

IT NEXT

MARCH 2011 / ` 75 VOLUME 02 / ISSUE 02

32

SECURITY: Benefits of ISO 27001 certification for the enterprise

42

VDI: Virtualisation on the desktop makes good business sense

46 BOSS TALK

INTERVIEW: Sudhir Narang on transforming IT into Business Center

Managing people effectively Pg 04

SEE THE FUTURE

SEE THE

FUTURE

IT managers share their experiences and insights in DEPLOYING & IMPLEMENTING TECHNOLOGY SOLUTIONS, while industry analysts examine the road ahead. Pg 14

VOLUME 02 | ISSUE 02

Case Studies on Lowe Lintas & Usha Martin Pg 26


EDITORIAL

Disruptive Creativity There was muted silence as a frail-looking man in a black turtleneck and blue jeans took stage at the Yerba Buena center in San Francisco. Over the course of the next hour, Steve Jobs took the hundreds of enthusiasts through one of the most anticipated launches of the year, the iPad 2. Within minutes, the cyber world was abuzz with reports and analysis, blogs, Facebook status messages, Twitter updates, news sites, fed the

“In these days of hyper-competition, innovation alone is not enough; disruption is needed. ” S H A S H WAT D C

frenzy. Jobs had done it again for Apple; he had ensured that even before the device was launched, people would be clamouring for it. iPad’s success is a brilliant instance of how innovation can be truly disruptive. Apple didn’t invent tablets; the concept has been around for decades. In fact, the first patent for an electronic tablet used for handwriting was granted in 1888. The first concept was by Alan Kay in the early 1970’s, when he came up with the idea of DynaBook. And yet whenever most people talk about tablets, they start with the iPad. In less than a year (iPad was launched in Aril 2010), Apple has sold 15 million iPads in 2010 and 40 million in 2011 so far. iPads account for 95% of the tablet market. Apple achieved this by innovating. By carefully evaluating user needs, and crafted solutions that met them. The company is not inventive, but disruptive. Apple can be a template for any enterprise that wishes to be successful. You need to deliberately look ahead, peer into the future, and design products and services that will be ahead of their time. In these days of hyper-competition, innovation alone is not enough; disruption is needed. As IT leaders, you to need to pick a leaf from Jobs’ biography. Look at things around you, talk to customers, keep a tab on competition, check the flow of the tech winds. Study, analyse, and evaluate. Once you have done so, do it again. Only through force of habit, can you be really be disruptive. Remember, Jobs didn’t create Apple in a day, it has been around for over three decades. Put on your thinking hat and set on the journey, reminding self that no peak is too high and no river too deep. Go ahead. Be disruptive!.

Blogs To Watch! Clayton Christensen - World Innovation Forum Presentation http://slidesha.re/itnedit1 Innovate the Future, by David Croslin http://scr.bi/itnedit2 Chris Anderson: How web video powers global innovation http://bit.ly/itnedit3 How P&G Quietly Launched a Disruptive Innovation http://bit.ly/itnedit4 Your views and opinion matter to us. Send your feedback on stories and the magazine at editor@ itnext..in or SMS us at 567678 (type ITNEXT<space>your feedback)

M A R C H 2 0 1 1 | ITNEXT

Editorial.indd 1

1

3/4/2011 6:04:30 PM


CONTENT FOR THE L ATEST TECHNOLOGY UPDATES GO TO ITNEXT.IN

MARCH 2011

Facebook: http://www.facebook. com/home.php#/group. php?gid=195675030582 Twitter: http://t witter.com/itnext LinkedIn http://www.linkedin.com/ groups?gid=2261770&trk=myg_ ugrp_ovr

SEE THE

FUTURE Putting technology to work, as IT managers share their experiences and insights in deploying and implementing technology solutions, while industry analysts examine the road ahead.

Page

Page

14

xx

COVER STORY

BOSS TALK

INTERVIEW

16 The New Path of Mobility The cloud bandwagon has got room for the big screen too, with new breeds of OS unlocking its potential in areas like UC and collaboration.

18 Software Service Solutions An evaluation of least capital cost intensive opportunities

20 Fighting with Data Thieves

C OV ER DES IGN: PC ANOO P

Today, data is a corporate asset and data theft is a big threat that corporates face. How does the Indian law provide for this?

2

22The Might of Mbps With 3G in and BWAon the agenda, wireless broadband is a pipe-less dream come true

24 Some myths deflated Common cloud computing myths demystified and risks explained

04 People management |

Manage aspirations of people to tune them into your organisation’s goal. Treat others as you want to be treated.

46 “IT is no longer just a cost centre” | Sudhir Narang, MD, BT India, on the company’s strategies, new technologies and changing business.

ITNEXT | M A R C H 2 0 1 1

Content Page.indd 2

3/4/2011 7:35:20 PM


ISO 27001

Recipe The

ITNEXT.IN

MANAGEMENT

FOR

Success

Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Vikas Gupta

EDITORIAL Group Editor: R Giridhar Associate Editor: Shashwat DC Sr Correspondent: Jatinder Singh Copy Editor: Akshay Kapoor

Page

32

DESIGN

INSIGHTS

Sr Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Sr Visualiser: PC Anoop Sr Designers: Prasanth TR, Anil T, Joffy Jose Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange Designers: Sristi Maurya, Suneesh K, Shigil N & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

OPINION

32 The Recipe for Success 36 The 17 Second Solution 39 Run the Risk 42 The New Face of Zero CASE STUDY

26 From ‘Ignorance Tolerated’ to IT

Loweconnect is regarded as a model solution in the advertising industry. Here’s why…

28 The Power of One A case study on Internet Threat Management & UTM adoption

12A Consumerisation of the Enterprise| by Sameer Shelke, Co-founder, COO and CTO at Aujas Networks Pvt. Ltd.

15-MINUTE MANAGER 49 CIO-on-Demand | Helps to

infuse a top CIO’s leadership to a business that can’t afford one

SALES & MARKETING VP Sales & Marketing: Naveen Chand Singh (09971794688) Brand Manager: Siddhant Raizada (09990388390) National Manager-Events & Special Projects: Mahantesh Godi (09880436623) National Manager -Print , Online & Events: Sachin Mhashilkar (09920348755) South: B N Raghavendra (09845381683)) North: Deepak Sharma (09811791110) West: Hafeez Shaikh (09833103611) Assistant Brand Manager: Swati Sharma Ad co-ordination/Scheduling: Kishan Singh

50 Healthy Habits | Office

chair squats can be effective 52 Battle for the future |

Who will benefit in the the war between tablets, smart phones, laptops and netbooks in 2011? 53 Best of both worlds | Sears

India used ‘work from home’ option to manage employees

PRODUCTION & LOGISTICS Sr. GM Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohamed Ansari, Shashi Shekhar Singh

REGULARS

Page

36

Editorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01 Industry update_ _ _ _ _ _ _ _ _ _ _ 08

OFFICE ADDRESS

Open debate _ _ _ _ _ _ _ _ _ _ _ _ _ 55

Nine Dot Nine Mediaworx Pvt Ltd A-262 Defence Colony, New Delhi-110024, India

My log _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 56 ADVERTISER INDEX Tata Communications IFC Sigmabyte 05 APC 7, BC ISACA 11 IBM Insert after 12 Cisco 13 Red Hat 29 NetMagic 31 airtel IBC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

Certain content in this publication is copyright Ziff Davis Enterprise Inc, and has been reprinted under license. eWEEK, Baseline and CIO Insight are registered trademarks of Ziff Davis Enterprise Holdings, Inc.

PLEASE RECYCLE THIS MAGAZINE AND REMOVE INSERTS BEFORE RECYCLING

Published, Printed and Owned by Nine Dot Nine Mediaworx Private Ltd. Published and printed on their behalf by Vikas Gupta. Published at A-262 Defence Colony, New Delhi-110024, India. Printed at Silver Point Press Pvt Ltd., A-403, TTC Ind. Area, Near Anthony Motors, Mahape, Navi Mumbai-400701, District Thane. Editor: Vikas Gupta © ALL RIGHTS RESERVED: REPRODUCTION IN WHOLE OR IN PART WITHOUT WRITTEN PERMISSION FROM NINE DOT NINE MEDIAWORX PV T LTD IS PROHIBITED.

M A R C H 2 0 1 1 | ITNEXT

Content Page.indd 3

3

3/4/2011 7:35:26 PM


BOSS TALK | SHANTANU SINGH

PEOPLE MANAGEMENT

Getting Things Done

PHOTO GRAPHY: S UBHOJI T PAUL

Y

4

oung managers, though highly motivated, are often confused. ‘Where do I go next? What will differentiate me? How do I delegate?’ While these may seem like simple questions, the answers, for a young manager, are not as simple. Management is not only in the ‘doing’, but actually in the ‘managing’. It’s a tireless job of planning, executing, evaluating and re-planning. None of these include ‘doing’ things; but focus on ‘getting things done’. It’s about delegating more and doing less. According to Jack Welch, management is easy. If you understand your role clearly, you’ll agree. Delegating and working with a not-as-competent subordinate is not easy. You may have always met and exceeded your boss’ expectations, but there are no guarantees that your subordinates will be just as competitive. But management also entails understanding that a team is always far more capable than an individual. Not all people are equally competent, and while individually a manager may add great value, his output is only and exactly what his team’s output is. Data is the lifeline of an organisation and managers at every level transform it to add value for the next level of management. Data in its crude form can be raw with absolutely no value. As a manager, you may convert it to information and present it to your superior. The next-level manager may convert it into knowledge and finally top management can use it to make a wise decision. While you are free to process data exactly how you want to, you have a focused responsibility of processing it and providing it to your manager in his required format. Keeping confidentiality intact, you should also commit to the free flow of information; whether from you to your boss or from you to your subordinates. In such an environment, management decision-making becomes easy and accurate; with-

“Manage aspirations of people to tune them into your company’s goal. Treat others as you want to be treated.”

SUGGESTION READ

Leadership Secrets of Hillary Clinton explains how business leaders can use open-mindedness, focus & resilience to get results, citing examples from Clinton’s successful experiences in public office. WRITER: REBECCA SHAMBAUGH PUBLISHER: MCGRAW-HILL PRICE: RS. 395

out it, analysing becomes difficult, and strategy a guessing game. Managing people is not an easy task and there are no simple rules, though a few general methodologies still apply. Instead of managing people, manage their aspirations and tune them into your company’s goal. Treat others as you want to be treated. Offline or online, publicly applaud a job well done, focusing on even the small things; and rebuke only in private, ignoring the small stuff. As a manager, you also have to interview and evaluate other people. Always appraise people on the value they’ve brought to the team/organisation by their actions/achievements. Appraisal is continuous and not an annual activity. Constantly evaluate your team on all major tasks, while providing continuous feedback and your overall perception. People management is not easy, so don’t be disheartened by any initial failures. Remember, management still is a tireless job of planning, executing, evaluating and re-planning. Shantanu Singh Chauhan is the Director of New Initiatives at Value First Messaging Pvt. Ltd.

ITNEXT | M A R C H 2 0 1 1

Boss Talk.indd 4

3/4/2011 3:06:32 PM


TECH TALK OPINION

STEVE DUPLESSIE Founder and Senior Analyst, The Enterprise Strategy Group

Grow Up! The New World of Managing IT Stuff

W

e recently did some absolutely brilliant work segmenting the overall IT market by users’ sophistication with server virtualization techniques and implementations. We looked across every industry and every major IT function to categorise Laggards, Followers, and Leaders– what they mean, and more importantly, what are the specific concerns, challenges, requirements, or downright show-stoppers for each group within each industry sector, within each maturity segment. We looked across Servers, Storage, Networking, Security, and the Application organisations within IT. Guess what? The answers differ based on who you talk to! We segmented the market into categories, based on primary metrics: 1. Scope of Deployment – the % of servers that have been virtualized. 2. Virtual Production Ration – % of VMs in production. 3. Efficiency – consolidation ration of VMs per physical machine. 4. Workload Penetration – deployments across multiple workload. Takeaways: Server virtualisation is becoming ubiquitous. BUT, and this is a big but 58% of organisations have virtualised less than 1/3 of their servers. Thus far IT owned applications dominate what’s being virtualised. File/

6

“If our management techniques are stuck in medieval times, how do we expect to reap the rewards of dynamic IT?” Print, etc. 59% haven’t virtualised ANY “mission-critical” applications. Those who do virtualise are able to document increased return on investment as they become more advanced. “Dynamic IT” is still an illusion. Very few are truly engaged in utilising the advanced capabilities of virtualisation yet.

There will be an avalanche of growth over the next 24 months–but it IS NOT going to come from the “leaders”. When speaking with ESG’s management guru, Bob Laliberte, it became clear to me. Bob called it perfectly, he said: “A laggard IT operation ‘monitors.’ A follower ‘manages.’ A leader ‘automates.’” Brilliant in its simplicity, it is completely accurate. Whether we’re talking about managing a virtual environment or a backup process, it’s all true. For an advanced society, we sure do spend a ton of time “monitoring,” don’t we? How do you monitor something that isn’t real? And why bother? If our management techniques are stuck in medieval times, how do we expect to ever truly reap the rewards of “dynamic IT?” It’s bullshit. This IT stuff was brutally hard to manage when it was one stovepipe with one app running to one department. It’s simply not possible to manage any longer if “monitoring” is even in the conversation. I contend that you are a liar (mostly to yourself) if you think you are actually “managing” anything.Management is NOT knob turning anymore. Knob turning is how you marginalize yourself out of a job. Remember those assembly line workers who built cars? They turned knobs. Robots do that now. Robots that are smarter, cheaper, and better at turning those knobs. Know where the strategic “management” is now? It’s in designing what you want to have happen, and programming the robots to execute on it.This holds true wherever a knob is twisted. Storage has TONS of knob turners. Networking still has knob turners. Servers and Apps and Databases all have lots and lots of knobs–but guess what? The knobs are becoming virtual. You need to become the architect of the OUTCOME, not the guy who fixes the leak. You architect. Tools monitor. Tools manage. Tools automate your plan. With permission from ESG Blog, Getting to the bigger truth, January 2011

ITNEXT | M A R C H 2 0 1 1

Opinion_Tech Talk.indd 6

3/4/2011 4:41:54 PM


LinkedIn skills’ beta release launched SERVICES | Professional networking major LinkedIn has launched the beta release of LinkedIn Skills, which is expected to help members discover up-and-coming expertise areas that professionals need to succeed. The product, according to the company, is designed to surface the top people, top locations, related jobs, and groups associated with thousands of skills which members have identified as areas of expertise. These tools will help members stay ahead of the competition and discover hot skills professionals are adding to

ATION INFORM ITY

SECUR

These tools will help members stay ahead of the competition and discover new professional skills

IT satisfaction level with their current information risk/security position in an organisation (Figures in %)

Over 500 IT professionals, from different industry verticles globally participated in the poll

50 40 30

Mostly Satisfied

31

20

Somewhat Satisfied

10

26

0

Somewhat unstaisfied

23

Extremely Unsatisfied

10

Perfectly Satisfied

9

TRENDS DEALS PRODUCTS SERVICES PEOPLE

their profiles – from application development to business intelligence to calligraphy. “With today’s increasingly competitive marketplace, LinkedIn is offering the unique ability to pinpoint top experts for a particular skill set, in addition to providing relevant and actionable insights about trending skills that can help professionals manage their careers,” said DJ Patil, LinkedIn’s chief scientist. “Through LinkedIn Skills, we believe we have a whole new way of understanding the landscape of skills - who has them and how they are changing over time – and how truly diverse the universe of skills actually is, whether it’s java or ballet,” Patil added. It also provides top related skills for a given industry with trending information on which skill is growing or declining in that industry. Hiring managers can also benefit from the ability to identify top candidates and talent who possess the specific skills the professional organisation needs. The networking major claims that the product offers the ability to add new skills to the profile, surface the top professionals who have similar expertise and related companies where the desired expertise will have the most impact. LinkedIn Skills is one of the many new products that provides rich, relevant insights that help members manage their careers and create opportunities for themselves and their professional network.

PHOTO IMAGI NG: PHOTO S.C OM

UPDATE I N D U S T R Y

SOURCE: LINKEDIN POLL CONDUCTED BY RUTH JACOBS, INFORMATION SECURIT Y RECRUITMENT CONSULTANT

8

Update.indd 8

ITNEXT | M A R C H 2 0 1 1

3/4/2011 4:52:42 PM


ZYXEL COMMUNICATIONS

GO WIRELESS

TABLET PC

a networking company, has announced the launch of the NBG4615 Wireless N Gigabit NetUSB Router, powered with Wireless N and Gigabit technology, along with ZyXEL’s NetUSB feature.

Logitech has introduced the Logitech Wireless Combo MK260, a mouse and keyboard combination designed for home users and office workers. The product will be available in India for a price of Rs 1,495.

MSI has launched the WindPad 100W Tablet PC. This device features the Intel mobile platform processor, 10.1-inch multipoint touch screen as well as dual video cameras, & an ALS light sensor.

Microsoft launches Office Web apps in India SERVICES | Microsoft India

has launched Office Web Apps in India. The apps will enable users to access its office applications Microsoft Word, Excel, PowerPoint and OneNote, for free using their Windows Live ID on the SkyDrive or Hotmail. According to the company, this will also allow users to create, view, edit, and share Office documents from anywhere with an Internet connection. “Office Web Apps are a key piece of Microsoft’s overall cloud strategy and are designed to empower people to take their familiar productivity experience on the web,” said Sanjay Manchanda, Director, Microsoft Business Division.

This will allow users to view, edit, and share Office documents from virtually anywhere

“Features like ease of sharing and high document fidelity make Office Web Apps a powerful enabler of productivity in the cloud for modern information workers and consumers alike. Moreover, this is a great tool for

AROUND THE WORLD

students to collaborate on their school and college projects in a seamless way”, he added. Office Web Apps provide consistent formatting of a document with full images and footnotes, table borders and text effects to the user. To start with Office Web Apps, users only require a Windows Live ID, a supported web browser and an Internet connection. Moreover, team members can work together using Office Web Apps, regardless of what version of Microsoft Office they use and whether they work on a PC or a Mac. According to Microsoft’s claim, over 30 m users worldwide are already using beta version of Office Web Apps in just over six months after they were introduced.

QUICK BYTE

PHOTO IMAGI NG: SHIG IL. N

Statistics on Cyber-Crime Black Market In a new report on the current cyber-crime black market, PandaLabs has found that the cybercrime black market diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more. But PandaLabs discovered that this information can only be accessed by personally contacting the hackers who are promoting their info for sale on forums and in chat rooms.

STEVE JOBS, CEO, APPLE AT THE LAUNCH OF IPAD 2 AT SAN FRANCISCO

“EVERYONE’S GOT A TABLET. WILL 2011 BE THE YEAR OF THE COPYCAT? IF WE DID NOTHING, MAYBE A LITTLE BIT… PROBABLY NOT.”

M A R C H 2 0 1 1 | ITNEXT

Update.indd 9

9

3/4/2011 4:52:45 PM


UPDATE

Hyper-fast quantum computers to be a reality! “Creating 10 billion entangled TECH TRENDS| Hyper-fast quantum pairs in silicon with high fidelity is computers have edged a step closer to an important step forward for us,” reality after team of scientists generaccording to John Morton of Oxford ated 10 billion quantum bits in silicon University. for the first time ever. “We now need to deal with the The achievement in silicon, which challenge of coupling these pairs is the basis of the computer chip, has together to build a scalable quantum important implications for integration computer in silicon,” Morton, who led with existing technology, according to the study, said. a team of researchers. Quantum entanglement involves the Scientists from Britain, Japan, notion that particles can be connected Canada and Germany believe that in such a way that changing the state such computers, based on quantum of one instantly affects the other, even bits or qubits, will be able to test when they are miles apart. many possible solutions Albert Einstein once to a problem at once, as famously described quantum determined by a report from entanglemen as “spooky the journal Nature. action at a distance”. Conventional computers Other areas of quantumbased on binary ‘switches’, quantum bits in silicon were related research include or bits, can only do one thing generated ultra-precise measurement at a time, reports the news by a team of scientists and improved imaging. agency IANS.

%

10 billion

Indian IT services market to reach $7.5 b by 2011 TECH TIDINGS | Total domestic

IT services spending in 2011 is expected to grow by 15.5% over 2010, riding on the strong waves of IT outsourcing services, finds a recent report from Springboard Research. As per the report, the market for CY2011 is expected to reach US$7.5 billion, representing more than 14% of the overall APEJ (Asia Pacific excluding Japan) IT services market. The research shows that about 70% of IT services spending in India come from discrete services and the remaining 30% from outsourcing services. The high skew towards discrete services in India means that

The research shows that about 70% of IT services spending in India come from discrete services story tools

the Indian IT services market is still in the maturing phase. Springboard expects the IT services market in India to continue its rapid development and maturation process.

INTERVIEW RAHUL BINDAL, VICE PRESIDENT POWER SYSTEMS, IBM SYSTEMS AND TECHNOLOGY GROUP IBM INDIA/ SOUTH ASIA

IT NEXT: What benefits does IBM’s Power7 System server offers to enterprises? RAHUL BINDAL: Power Systems are integrated to help support the complex workloads and dynamic computing models of the new kind of world - Smarter systems for a Smarter Planet. They are designed to manage the most demanding emerging applications, ranging from smart electrical grids to real-time analytics for Indian market. We estimate up to a 65% increase in transactions or users could be handled by the same server previously constrained by memory capacity. Also, the total cost of ownership of POWER7 systems can be better than competitive systems. Which are the key factors that differentiates Power 7System with Intel’s Itanium chip, and Sun Microsystems’s Sparc chip? These three processors are targeted by the respective OEMs for true 64 bit server computing. The most popular operating system used on all these architectures is UNIX. 64 bit Linux from certain vendors are also available on Power & Itanium. As these processors are intended to deliver superior performance & scalability for workloads, this characteristic is the fundamental differentiator between the three. The benefit of this to customer is in lowered cost of acquisition & ownership. Customers can potentially reduce costs of server HW, SW licensing, maintenance costs, subscription costs and environmental costs of electricity, cooling, power backup & rack space. By Jatinder Singh

10

ITNEXT | M A R C H 2 0 1 1

Update.indd 10

3/4/2011 4:52:46 PM


UPDATE

Olive introduces HSPA+ phone

TECH TRENDS

The early previews of the product revealed it currently runs Froyo, and will get a 2.3 upgrade soon after launch

TECH TRENDS | Olive Telecom has announced the launch of an Android Gingerbread phone in India, one that apparently is just 9.9 mm thick, and sports HSPA+ (14.4 Mbps) connectivity – the OliveSmart V-S300. Olive is calling the device the first HSPA+ smartphone in the country. It features the latest Android phone-specific operating system – one that was just introduced with the platform lead device, the Google Nexus S. The OliveSmart is an “ultra-slim” bodied phone, boasting of a 4.1-inch capacitive multi-touch screen with a 800x480 pixel resolution, a 1GHz Qualcomm Snapdragon MSM8255

NEWS @ BLOG

processor, along with the Adreno 205 graphics engine, 512MB RAM and 2GB ROM, a 5MP rear camera (with flash and auto-focus) and a front facing VGA camera for a video-calling, along with a 1400 mAh battery. Other features include a dual microphone arrangement for active “Fluence” noise cancellation, 720p HD video recording and playback, Wi-Fi and Bluetooth v2.1 connectivity along with DLNA, as well as GPS/accelerometer/ambient light/digital compass sensors, and 2GB onboard storage along with microSD expandability up to 32GB. The OliveSmart should hit streets in about a month, at roughly Rs. 20,000.

Qualcomm’s next for Snapdragon Qualcomm has launched the next mobile processor architecture for the Snapdragon family. The new processor micro-architecture, code-named Krait, in the next-generation Snapdragon, will redefine performance for the industry, offering speeds of up to 2.5GHz per core and delivering 150% higher overall performance, as well as 65% lower power than currently available ARM-based CPU cores. These chipsets will be available in single-, dual- and quad-core versions and include a new Adreno GPU series with up to four 3D cores, and integrated multi-mode LTE modem. The latest family of Snapdragon chipsets will include the singlecore MSM8930, the dual-core MSM8960 and the quad-core APQ8064. All chipsets in the family will integrate a quad-combo of connectivity solutions and include support for NFC, as well as S3D video and photo capture and playback. Support for every major operating system comes standard on all Snapdragon chipsets. Samples of the MSM8960 are anticipated to be available in Q2 2011 and samples of the MSM8930 and APQ8064 are anticipated to be available in early 2012.

NOKIA’S BOLD TIE-UP WITH MICROSOFT TONY CRIPPS, PRINCIPAL ANALYST, Ovum on Microsoft and Nokia partnership that will make Windows Phone 7 the main operating system for Nokia’s smartphones.

“This is a bold decision by Nokia, but absolutely the right one, given the drastically changed landscape for smartphones off late. There were few short term options available to the company to help it get back on terms with Apple and especially the Android masses, which in 2011 look set to overtake Nokia in terms of smartphone shipments.” 12

ITNEXT | M A R C H 2 0 1 1

Update.indd 12

3/4/2011 4:52:47 PM


OPINION

MONEY WISE SAMEER SHELKE Co-founder, COO and CTO at Aujas Networks Pvt. Ltd.

Consumerisation of the Enterprise

I

read an article “John Sculley on Steve Jobs,” which as the name suggests was an interview transcript of John Sculley the former CEO of Apple. John Sculley talks about “The Steve Job’s Methodology” on how to build great products, he says Job’s always looked at things from the perspective of what the user experience is going to be. He didn’t believe in asking consumers what they want, but rather built beautiful products which people ended up wanting. Similar to what Henry Ford had said about consumer views on the car, “If I had asked people what they wanted, they would have said faster horses.” How is this changing the ‘Enterprise’ behaviour? The way people in an Enterprise looked at end-user technology is different from how individuals in their capacity as consumers looked at it. I guess that’s why end-user technologies such as laptops or operating systems had enterprise range products and consumer range products. Enterprises used to determine what specific laptop or mobile product models could be used for corporate IT services. But over a period of time, it’s the individual user need of an organisation that aid the selection. Apple, I think, is changing this – consumerisation of the enterprise is happening. I was involved in an Information risk management framework transformation project for a service provider in Japan. While the Management, IT, Business and Security teams had their own requirements and expectations from

“Consumerisation of the enterprise is foregone conclusion organisations need to change their risk mitigation practices to encompass a range of ‘consumer’ devices” the project, the end-users hoped the project would enable use of the iPhone for business communication and email (Only one specific mobile device was allowed to be used for company email). Incidentally the transformation of the risk framework did allow iPhone-like devices to be used by modifying the process and control framework.

Several organisations are now allowing or thinking of ways they can let the users choose the end-user technologies to access IT services in a secure form. The advent of the iPad or the tablet phenomenon would only make it impossible for companies to stay away from this change. It’s not just Apple, but other companies and technologies are also driving this change. We now see interesting ads from “Enterprise” technology firms such as RIM getting more consumer friendly (“Blackberry Boys”) or the younger generation doing special behavioural changes to get “their first android.” Also, with the arrival of various applications, the mobile has more become a friend with whom you can talk, chat, play and so on whenever you feel so. Apple released the iPad on April 3; it sold 1 million units by May 3. Analysts predict close to 8 million iPad’s will sell in 2010. iPad 2.0 would be released soon with a prediction of selling 6 million units a month! Now consider this in the context that the iPad is available for sale in only select countries and other tablets are also making their mark. Mobile applications are expected to touch sales of $35 billion by 2014, and Gartner has predicted a 10 percent drop in their PC sales forecast for 2011 mostly on account of the increased interest in tablets. Hence, I am of the opinion that consumerisation of the enterprise is a foregone conclusion and organisations need to modify their risk management postures to allow for a range of ‘consumer’ devices and applications to be used within the enterprise. They also need to carefully analyse what a small security breach can do in those mobile devices. Unfortunately, the knowledge is very limited so far. While the Management, IT, Business and Security teams had their own requirements and expectations from the project, the end-users hoped the project would enable use of the iPhone for business communication and email “Adapt or perish, now as ever, is nature’s inexorable imperative.” – H. G. Wells.

1 2 A ITNEXT | M A R C H 2 0 1 1

12A Opinion_Money wise.indd 12

3/4/2011 2:45:49 PM


SEE THE

FUTURE Successful IT management is about anticipating trends and changes, and being prepared for changes. Industry watchers offer their views on whatâ&#x20AC;&#x2122;s coming up - and how you can deal with it I M AG I N G : P C A N O O P

Predictions 16 Mobile Computing 18 Data Centre Transformation 20 Data Security 22 Wireless Broadband 24 Cloud Computing Case Study 26 Knowledge Management 28 Unified threat Management

14

Insight A look at technology implementations in enterprises and their associated learnings Starting from Page 32

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 14

3/4/2011 5:14:46 PM


SEE THE FUTURE | COVER STORY

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 15

15

3/4/2011 5:14:54 PM


COVER STORY | SEE THE FUTURE

MOBILE COMPUTING

The New Path of Mobility The cloud bandwagon has got room for the big screen too, with new breeds of OS unlocking its potential in areas like UC and collaboration. BY DEEPA K K U M A R

T

he idea of web-based computing has been around from quite some time now. But with social computing, consumers have successfully navigated the peripheries of web-based computing and are virtually knocking at the cores now. And the knock gets harder with the rapid march of the new generation of smartphonesand the tablet devices.

A new breed of OS is in With the phenomenal success of the iPhone and Android-based smartphones, a whole new OS paradigm is emerging. The term OS came into general circulation with the advent and popularity of computers, but is no longer limited to the PC territory. Its second dominion has been communications, duly shaped by smartphones.

16

Armed with more and more powerful processors, the newer smartphones are stepping outside the territory of communications and marching into the realm of computing. On PCs, Windows still continues to be the only ‘800-pound gorilla’. On smartphones, while Symbian is still

Enterprise Mobility market in India is projected to reach

1,881

`

crore by FY 2015-18 Source: Frost&Sullivan

the leading OS platform, its position has been challenged by the rapid march of iOS and Android, which have also put BlackBerry on the back foot. To add to the complexity, the OS is moving beyond PCs and smartphones too. Of late, we have been hearing more and more about the OS entering the realm of audio-visual content, delivered over a new genre of devices called tablets and also over a new breed of high-definition television sets—the ‘new TV.’ No single OS pervades all three screens—of the computer, the smartphone and the new TV. On the new TV front, neither Windows nor Symbian look set to gain a foothold for now. The biggest buzz here is from Android, especially after the Google TV announcement last year, with Sony, Intel and Logitech partnering. An OS approach will open up the big screen to a creative breed of application developers, who would be bringing a multitude of applications for the conference room participants, particularly in areas of telepresence, unified communications and collaboration. As an aside, a key challenge for TV makers, many of whom happen to be

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 16

3/4/2011 5:14:57 PM


SEE THE FUTURE | COVER STORY

ABOUT EXPERT DEEPAK KUMAR, Telco Research Director IDC India Deepak is a market researcher, specializing in the ICT and Media domains. He has 20 years of experience, of which 10 years have been in the fields of media and market research in the ICT domain. He is widely quoted in the media and is a regular speaker at industry events.

Consumers have navigated the peripheries of webbased computing and are virtually knocking at the cores now” Mobile PCs to drive

90% of PC growth over the next three years Source: Gartner

10% of PC units are expected to be displaced by media tablets by 2014 Source: Gartner

PC and smartphone makers too, will be to design an appropriate input device, which should neatly blend the key features of a TV remote and a PC keyboard.

It’s brimming with browsers Not surprisingly, with the knockknock of the cloud, competition for a greater dominance of browser space has become fiercer than ever before. All major browser developers have clear roadmaps in place and all of them are doing every bit possible to keep users satisfied; so switching over is not an easy decision. While Firefox has taken away precious usage share from Explorer, many Explorer users hope that the browser’s version 9.0, due for release in 2011, will be able to keep them hooked. Likewise, Firefox users can also hope that Mozilla, being an almost pureplay browser company, will be able to better its offering by virtue of a better development focus. Then there is Chrome, which cannot be overlooked with Google behind it. Meanwhile, Opera is already a preferred browser on mobile phones, though it has not been able to be a dominant player on desktops and notebooks. Then, there are social browsers like RockMelt, Flock and the indigenous contender Epic, which are vying for a piece of the browser

action, but haven’t been able to gain enough traction, partly due to a lack of marketing muscle. Nevertheless, they bring forth a slew of features that could become more mainstream offerings in the leading browsers too. The social web browsers attempt to better address the needs of a 2.0 generation of internet users by integrating access to popular sites like Facebook and Twitter. Flock has been in existence since 2005 and was one of the 12 browser options offered to MS Windows users in Europe last year, in response to a European Commission ruling. In November 2010, the social web browser category gained attention after the news that RockMelt, backed by Marc Andreessen of Navigator and Mosaic fame, had been rolled out with limited beta and early access sign-ups. Then, there is the feature-rich, intuitive browser, Epic, developed by Bengaluru-based start-up Hidden Reflex. With version 1.2, the browser has made significant improvements since its launch in July 2010. Epic’s native word processor can be invoked within the browser with one click. Using built-in transliteration, the word processor can be used to produce text in multiple Indian and some foreign languages. The side-bar in the browser prompts a user to open a Facebook or a Twitter side pane, quite intuitively. The side pane can also be used to open a wide range of applications, ranging from YouTube to live TV. Today, a browser could be competing not just with other browsers but also with a reigning operating system and additionally with some application software. With more and more content and applications moving onto the cloud, browsers have become more central a piece in the overall ICT ecosystem. The strong competition bodes well for an era of web-based computing — an idea whose time is fast approaching.

RESOURCES Enterprise Mobility Strategy http://mobileenterprisestrategies.blogspot.com/

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 17

17

3/4/2011 5:15:00 PM


COVER STORY | SEE THE FUTURE

DATA CENTRE TRANSFORMATION

Software Service Solutions An evaluation of least capital cost intensive opportunities and whether an organisation can live with third-party support or no support can enhance the efficiency of business processes. BY SOMAK R OY

I

ncreasing IT complexity, virtualisation, enterprise applications delivered via the SaaS model are just some of the challenges impacting a corporate data centre. The transformation is far from gradual and very little can be done to slow things down. This of course does not take into account the IT managers and CIOs that are going through planned data centre transformations. However, there is a strong overlap in potential tool sets that could benefit those who are caught in the midst of ongoing change and those that are going through a massive planned data centre transformation.

Challenges: 1. Increasing IT complexity: There are two things that have made resolving incidents and managing SLAs, both difficult and something that you abso-

Removing a single x86 server from a data centre will save more than

400

$

a year in energy costs alone Source: Gartner

18

lutely cannot fail at. Of course, the latter is due to the close revenue linkages between applications and revenues. The former can be attributed to the many nodes that currently make up any working IT application. A single transaction can span many databases and applications and the middleware system. The points of failure are many and the current set of monitoring and management systems are typically host specific and reactive in nature. The process of triangulation and root cause analysis becomes mind-numbingly complex as the administrator tries to reconstruct the story with data from multiple tools. The problems are related to a lack of holistic view of the service, a lack of a transaction-oriented view, too many tools, and an unmanageable volume of false positives. Fortunately, a few vendors are offering some solutions to address these problems. One class of solutions makes service level resolution relatively easy and makes proactive management

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 18

3/4/2011 5:15:02 PM


SEE THE FUTURE | COVER STORY

ABOUT EXPERT SOMAK ROY Managing Analyst – Ovum Lead analyst with Ovum IT, Somak tracks enterprise applications and Business Process Management (BPM). His current research interest includes Software-as-a-Service (SaaS) and third party maintenance.

Managing growth requires some skill at identifying opportunities in niche areas that do not involve significant upfront investments” PROJECTS WHERE IT HEADS ARE KEEN TO TRANSFORM DATACENTRES WITH SPECIFIC TECHNOLOGY GOALS.

58%

64%

59%

60% 59%

Automation Green IT Operations management Virtualization Business continuity

possible by using statistical techniques. Such tools correlate metrics from many different systems and application management tools to build a profile of normal behaviour at the level of the end-to-end service and alerts the administrators to cases of impending service-level drops. Such tools can monitor individual transactions and store data related to the transaction at every node in its path. This process helps administrators zero in on the exact point of outage. 2. Virtualisation: One of the rarely spoken about challenges in this sector is the challenge of deciding on the optimum virtualisation strategy. The problem can be summed up as — which application should be sent to which server, keeping the many constraints in mind. This naturally is a tall order. However, without such careful assessment the much-hyped benefit of virtualisation, the ability to move virtual machines around would remain just hype. Tweaking the virtual environment is a tedious and a highskilled job. The Indian IT manager, for the most critical problems, is better off either outsourcing the problem to a specialist or hiring a few of the best and the brightest and equipping them with the best decision-making tools. One such decision, making tool category relevant to the discussion, is the virtualisation analytics tool type. Such solutions look into workload history,

system configurations, governance norms, and present to the user, very visually, which application can go to which server. This tool type is as relevant to the IT manager streamlining his server farm as it is to the IT manager who has been given a fresh opportunity to start on a clean slate, in the form of a data centre transformation project. 3. The rise of SaaS: SaaS introduces a few governance problems. As with all solutions in the enterprise, the authorisation must be based on the enterprise directory. Also, across so many areas, procuring SaaS solutions have become so easy that it is not inconceivable to discover that teams are using collaboration and project management tools, with no knowledge of IT. Therefore, it is imperative that IT creates a governance structure for such scenarios and works on assuaging fears that IT is fundamentally against new application types. Business people who evangelise the use of SaaS are the rare breed of internal customers who understand and appreciate technology and it makes sense to co-opt them into a decision-making framework for such SaaS selection decisions. Again, these are problems and tools for those who find themselves, involuntarily, on the SaaS juggernaut’s path and those who are in charge of data centre transformation projects, and have the rare opportunity to a new set of policies through lessons learnt over the years. Indian IT managers have the benefit of lower legacy than their mature economy counterparts. However, managing growth in an environment where the awareness of the benefits of IT is still low requires some skill at identifying opportunities in niche areas that do not involve significant upfront investments. Such baby steps could steer the board towards accepting that IT projects can go beyond mandatory or insurancelike investments, and can be oriented towards improving business processes on an on-going basis.

RESOURCES Site to watch: http://www.datacenterknowledge. com

Source: HP

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 19

19

3/4/2011 5:15:03 PM


COVER STORY | SEE THE FUTURE

Fighting with Data Thieves DATA SECURITY

Today, data is a corporate asset and data theft is a big threat that corporates face. How does the Indian law provide for this? Here’s an overview… BY PRASH A N T M A L I

I

n this era of Information Technology, data has become a corporate asset. It is vital rawmaterial for brick andmortar companies, BPOs, and technology and IT companies. Data has also become an important tool and weapon for corporates to capture larger market shares. Due to this, its security has become a major issue with all the industries. The theft and piracy of data is a threat, faced by all IT players, who spend millionsto compile or buy data from the market; their profits depend upon the security oftheir data. A major issue regarding data theft is its international character. The result of this is that different sovereignties, jurisdictions, laws and rules come into play, which again is an issue in itself.

20

Further, the collection of evidence in such circumstances become another issue, as investigation in three different countries, all of whom may not be on

In the United Kingdom, the latest cybercrime cost estimates released by the Cabinet Office showed annual losses of more than

43

$

billion.

good terms,is almost impossible, and the poor technical know-how of our investigating agencies adds to the woes. The lack of coordination between different investigating agencies and a not-so-sure extradition process is another headache. However, the biggest of all these issues is the lack of specific laws in the country to deal with this crime; so even if a culprit is caught, he can easily get away by picking any of the loopholes in our laws.

What Indian laws say… The problem of data theft has emerged as one of the major cybercrimes worldwide. The UK has The Data Protection Act, 1984, though India and the US do not have specific laws to deal with just data protection. India has its Information Technology (Amendment) Act, 2008. The various sections of the ITAAct, 2008 which deals with the problem are briefly discussed below. SECTION 43: Clause (b) provides protection against downloading, copying orextracting data or database or information by imposing heavy civil compensationwhich can run intocrores. The unauthorised downloading, extraction

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 20

3/4/2011 5:15:16 PM


SEE THE FUTURE | COVER STORY

ABOUT EXPERT PRASHANT MALI President at Cyber Law Consulting Prashant is a cyber law expert and has got over 18 years of corporate experience. He has worked in both Government and private sector in industries including IT, Telecom, Banking, construction and chemicals.

The theft and piracy of data is a threat, faced by all IT players, who spend millionsto compile or buy data from the market” There have been at least 301 security breaches resulting in the exposure of more than

8.2 Source: ITRC

million records in 2010

PER RECORD COST OF DATA BREACH (Average cost per record of a sata breach, 2005-2009 in $) 250 200 150 100 50 0

and copying ofdata are also covered under this section. Clause(c) of this section imposescompensation for the unauthorised introduction of computer contaminants or viruses. Clause(i) provides compensation for destroying, deleting or altering anyinformation residing on a computer or diminishing its value. Note: Since Section 43 does talk of the exact amount of compensation, one is at the mercy of the courts and the intelligence of lawyers, as data being an intangible asset, it’s worth can run into millions or trillions of denominations. SECTION 65: This provides for computer source code. If anyone knowinglyor intentionally conceals, destroys, alters or causes another to do as such shall haveto suffer imprisonment of up to three years or fine of up to Rs Two lakh, or both. Thisprovides protection against tampering of computer sourcedocuments, i.e.,copying/theft of software programmes. SECTION 66: This section imposes thepenalty of imprisonment of up to three years or fine upto Rs Five lakh or both,on the person who commits the crime of data theft.

Is data theft covered under the IPC? Section 378of the Indian Penal Code, 1860 defines ‘Theft’ as ‘Whoever, intending to take dishonestly any movable property out of thepossession of

any person without that person’s consent, moves that property inorder to such taking, is said to commit theft’. Section 22 of the IPC defines ‘movable property’ as ‘The words ‘movable property’ are intended to include corporeal propertyof every description, except land and things attached to the earth or permanentlyfastened to anything which is attached to the earth’. Since Section 378 only refers to ‘movable property’, i.e.,corporeal property, and data by itself is intangible, it is not covered under this definition of ‘Theft’. However, if data is stored in a medium (a CD, floppy, etc.) and such a medium is stolen, it would be covered under the definition of ‘Theft’, since themedium is movable property. But, if it is transmitted electronically, i.e., in an intangible form, it would not specifically constitute theft under the IPC. Data, in its intangible form, can at best be put at par with electricity. The question whether electricity could be stolen, arose before the SupremeCourt in the case ‘Avtar Singh vs. State of Punjab’ (AIR 1965 SC 666).Answering the question, the apex court held that electricity is not movableproperty, hence, is not covered under the definition of ‘Theft’ under Section 378 IPC. However, since Section 39 of the Electricity Act extended Section 378 IPC toapply to electricity, it became specifically covered within the meaning of theft. The next time anyone plans to copy data or download data from their friends, clients, teachers or the employer’s computer or network on a pen drive or iPod or anystorage device, it would bode well to remember that it can put a person behind bars for at least three years and set them back by Rs 5 lakhs or even lead to insolvency if a compensation claim suit is also filed ina civil court, which just may run into millions.

RESOURCES Data Security Round-Up : http://blogs.carouselindustries.com/security/data-security-roundup-2/

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 21

21

3/4/2011 5:15:20 PM


COVER STORY | SEE THE FUTURE

WIRELESS BROADBAND

The Might of Mbps With 3G in and BWAon the agenda, wireless broadband is a pipe-less dream come true, with promises of 100 Mbps and so much more BY DEEPA K K U M A R

W

ireless in its 2G avatar is, at best, a narrowband network. It is 3G that kicks in the delivery of wireless broadband. And BWA promises to make it relatively cheaper and likely, much faster. It is the legacy limitations of the wireline network that prompted stakeholders and policymakers to turn to wireless networks. Wireless, in its second generation, had not let the hopefuls down. Mobile services gave tele-density a boost to the extent of causing a telecom revolution. There is reason to hope again that a third-generation wireless will spawn

a broadband revolution of sorts. What does that mean for enterprises? A lot!

It’s all in the network The efficiency and productivity of today’s dynamic enterprises depends critically on the quality and extent of the network and its availability. The

At the end of December 2010, there were

35.09

network needs to be robust and available at various levels—between the data centre and the head office and also between the head office and branch offices. The always-on connectivity with the suppliers and partners is as important as is access for the mobile and remote employees. While the fibre and copper networks are there in place to take care of connectivity in metros and urban areas to an extent, it is insufficient when it comes to providing access to an increasingly mobile workforce. Also, in the government segment, especially when it comes to government-to-citizen services, while connectivity till the district HQ level is largely taken care of, there is insufficient connectivity at sub-district and village levels. For e-Governance to be effective, there is an immediate need to bridge this divide and reach out to centres in semi-urban and rural India.

Why is wireline not

million wireline telephony enough? subscribers The past efforts to achieve wide-scale Source: TRAI

22

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 22

3/4/2011 5:15:21 PM


SEE THE FUTURE | COVER STORY

ABOUT EXPERT DEEPAK KUMAR, Telco Research Director IDC India Deepak is a market researcher, specializing in the ICT and Media domains. He has 20 years of experience, of which 10 years have been in the fields of media and market research in the ICT domain. He is widely quoted in the media and is also a regular speaker at industry events.

While 3G can give wireless broadband and its application in the enterprises a jumpstart, BWA technologies would take it to the next levelâ&#x20AC;? Online advertising in India is expected to touch

`20 billion by 2013 Source: Industry Estimates

India to witness

340 million mobile bank transactions in the year 2015

access objectives through the wireline have failed miserably. In fact, wirelinetelephony has been a shrinking market for past several years now. At the end of December 2010, there were 35.09 million wireline telephony subscribers compared to 36.96 million in March 2010. And there were 37.96 million wireline subscribers in March 2009 and 39.42 million in March 08, as per the Telecom Regulatory Authority of India (TRAI) data. The continued fall in wireline telephony has made it difficult for players to leverage the platform for broadband growth from a near-term perspective.

3G versus BWA The current 3G offerings in India talk of peak downlink rates of the order of 21 Mbps, while actual rates would be much lower. On the other hand, BWA options like Long Term Evolution (LTE) would promise rates of 100 Mbps and above. While 3G can be used for both voice and data, only 5MHz of spectrum is available per operator in India. Moreover, no operator has got a panIndia 3G license, except for the BSNLMTNL combine. The good thing, however, is that there is a plethora of 3G-ready devices and the service rollouts are also expected to be completed over the next few quarters. BWA, on the other hand, has got the advantages of cost as well as spectrum on its side. Moreover, apart from BSNL-

MTNL, which gets BWA spectrum by default, there will be another pan-India operator, the Reliance-owned Infotel Broadband. The big advantage with BWA, certainly, is the width of the spectrum, which at 20MHz, is a jaw-dropping four times the 5MHz 3G spectrum. A flip side is that BWA-ready devices are not a phenomenon yet. Moreover, BWA is positioned primarily as a data network, though there are no discrete regulatory restrictions of using it for voice as well in future. So even if the network is used both for data and voice, slow availability of smartphones and tablet devices will limit early adoptions to larger form-factor devices like desktops and notebooks. Initially, USB modems are likely to be used for connecting to BWA networks.

The middle path 3G networks all over the country will be around, faster than BWA networks, and that makes 3G a more immediate vehicle for accessing various enterprise applications. 3G has the potential to make wireless broadband an enterprise phenomenon, which could also accelerate a widerscale adoption of cloud-based services. As such, it will be important for stakeholders and agencies to incorporate 3G in their service delivery plans. It would be required that planners are operator and network-agnostic as a matter of policy and planning. Involving both public- and privatesector operators will be further advantageous, especially when it comes to leveraging 3G for delivery of government-to-citizen services. While 3G can give wireless broadband and its application in the enterprises a jumpstart, BWA technologies would take it to the next level. Together, these networks hold the promise of making wireless broadband happen in India by 2012.

RESOURCES Mobile Computing Essentials http://www.pcomz. com/mobile-computing-essentials.php

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 23

23

3/4/2011 5:15:22 PM


COVER STORY | SEE THE FUTURE

CLOUD COMPUTING

Some myths deflated As more firms in the APAC region adopt cloud computing, security and privacy remain the primary concerns. Here are some common cloud computing myths demystified…

Myth: Data security can always be guaranteed Reality:  Nothing is ever guaranteed.

BY SANCH I T V I R G O G I A

W

hen asked about their major concerns and barriers to the adoption of cloud computing, respondents to a recent Springboard Research survey of 474 organisations across the Asia-Pacific region revealed that 20% were primarily concerned about data security. As per the survey, concerns around data, in terms of both security and more specifically privacy, remain top of mind for a significant number of firms across the Asia-Pacific region. It is therefore crucial that both cloud computing infrastructure and applications providers have a well-designed strategy

24

is created among those organisations new to adopting cloud computing.  Springboard Research highlights some of the more common myths and realities related to cloud computing and data security.

in place to ensure data security for enterprise cloud users. Cloud providers must also clearly articulate this strategy to their clients and prospects to ensure that an adequate level of trust

Only

5%

companies currently rely solely on cloud computing technologies for their IT needs Source: Kelton Research

Vendors can go out of business, natural disasters can occur, or internal malfeasance can take place. However, cloud infrastructure, applications and business services providers do generally take great care to make data as secure as possible. In most cases, these efforts do go well beyond what can be provided through in-house data centres. Nonetheless, human and technical errors, malicious retribution, and the forces of nature will conspire against even the most hardened secured environments.

Myth:  Cloud providers will never gain unauthorised access to our data Reality:  A vast and overwhelming

ITNEXT | M A R C H 2 0 1 1

Cover Story Option 1.indd 24

3/4/2011 5:15:25 PM


SEE THE FUTURE | COVER STORY

ABOUT EXPERT Sanchit Vir Gogia, Associate Research Manager, Springboard Research Sanchit has spent extensive time tracking the Cloud Computing and Software-as-a-Service markets. In addition, he also tracks other technologies such as Business Intelligence, Virtualisation and Collaboration. He started my professional journey as a marketer with Bose Corporation.

Springboard Research highlights some of the more common myths and realities related to cloud computing and data security” TOP RISK ASSOCIATED WITH CLOUD COMPUTING

Myth: It is easy to switch cloud providers Reality:  A more accurate statement

8% 20%

10% 11%

majority of cloud vendors will state that they never gain unauthorised access to data. However, there will be cases where this does happen. Similar occurrences have continued to hamper credit card processing companies as well as new and emerging examples, including Facebook. The chances of this happening are generally quite low, but primarily through the human element, it can happen. To reduce the chances, firms are advised to choose providers who can show that their environments are not only free of root access accounts, but encrypt all client data with keys that they themselves do not maintain.

12% 11%

Security Availability and performance concerns Lack of Cloud knowledge/ understanding Data privacy, residency, or loss of data Integrating with existing systems Cost

would be to say that it’s typically easier to switch from one cloud-based solution to another than it is to switch from one on-premise solution to another. But mostly, this migration is rarely simple. The nature of the cloud, including the pay-as-you-go economic model & the higher degree of openness and standards-based access it promotes, enhances the ability to turn off a cloud-based solution and is often financially less arduous than doing the same with comparable on-premise solutions. However, in switching among cloud providers, there are still external and internal migration costs that must be considered.

Myth: Data location is unimportant Reality: In theory at least, this statement is not only true but a fundamental tenet of cloud computing. In reality, the statement can be reasonably accurate or wildly inaccurate, often based on the type of data that is being stored. It is generally less important for nonsensitive data, but more important for sensitive data. This is typically driven by local legislation, discovery orders issued during legal proceedings, corporate policies, and privacy. Every current or potential cloud user must clearly understand their options and requirements when storing confidential information — whether in the cloud or not. This includes the location of the data and how it may move over time. It could expose them legally or morally, even without any real breach of legal compliance. Springboard Research observes that the adoption of cloud computing is accelerating within organisations across the Asia-Pacific region. To ensure that this strong growth continues, adopters of cloud must fully understand not only the benefits of cloud computing, but also the risks associated with the various cloud computing styles that are emerging. Springboard Research does expect that security and privacy will remain the primary concerns among AsiaPacific organisations for the foreseeable future. We fully expect that these security-related concerns will inevitably prevent some organisations from fully leveraging or adopting cloud-based solutions. Nonetheless, we believe that some organisations will confront these risks and will view any raised security concerns as just one of a growing number of general business risks. It will therefore be seen as an insufficient reason to limit the adoption of cloudbased solutions, given the substantial business benefits they afford.

RESOURCES Cloud Computing is greener http://blogs.hbr.org/winston/2011/03/cloud-computing-is-greener.html

Source: IDC

M A R C H 2 0 1 1 | ITNEXT

Cover Story Option 1.indd 25

25

3/4/2011 5:15:28 PM


CASE STUDY | LOWE INDIA

KNOWLEDGE MANAGEMENT

From ‘Ignorance Tolerated’ to IT Loweconnect is regarded as a model solution in the advertising industry. Here’s why… BY PRAVI N SAVA N T

W

h at ’s common between ‘Daag Acche Hain’ and Microsoft Sharepoint server? Well, both are recognised ideas which have made an impact and stay with you for a very long time. And each of these was created by Lowe Lintas and yes, incidentally, they also use the Microsoft Sharepoint server in a very productive way. Lowe Lintas is one of India’s top advertising agencies and it believes that the greatest service it can render is the power of a high-value idea. The company has built a reputation for quality and innovative services, and it relies on a robust information technology environment to help deliver what its customers need.

26

Unfortunately, until about a year ago, it was difficult to share creative work across all its offices in India, in order to generate more region-wise ideas, brand building, feedback, and launch a national-level campaign. While most of the work done by

WE DECIDED TO IMPLEMENT A SOLUTION THAT COULD SATISFY A RANGE OF BUSINESS NEEDS TO DEVELOP AN EFFICIENT PORTAL ENVIRONMENT.

creative individuals was brilliant and a huge asset for the organisation, there was no central repository of the same, for future reference or any other business usage. This limitation imposed constraints on collaboration and managing knowledge effectively. This lack of a knowledge base and collaboration made the organisation person-dependent rather than processdependent. Especially, when there are almost 800 talented employees working across brand servicing, planning, creative, operations and production - creating in excess of thousands of artwork. Anything to facilitate this process would obviously have a direct impact on the organisation. We soon realised that we needed to develop an efficient portal environment that would enable us to share information and collaborate easily within and across business units. So, we decided to implement a solution that could satisfy a range of business needs. This needed to serve as a potential knowledge management system that provided the ability to easily publish

ITNEXT | M A R C H 2 0 1 1

Casestudy.indd 26

3/4/2011 3:22:29 PM


LOWE INDIA | CASE STUDY

COMPANY SNAPSHOT Founded in 1939 as a part of Hindustan Lever, Lowe Lintas is one of India’s largest and most storied communication groups. Headed by Chairman and Chief Creative Officer R. Balakrishnan (Balki) and CEO, Joseph George, Lowe Lintas employs spread across eight divisions and nine cities all over India.

We chose to go with an Office SharePoint Server, as it satisfied our criteria & we felt confident in the Microsoft platform. CHALLENGES: Giving people

a robust yet simple to manage platform to share & collaborate. The famous myth around feasibility to merge mercurial creative talent with a routine and steady systems environment. Hence change management is the biggest challenge. SOLUTION: Given our usage of Microsoft platform (Email on exchange, Office communicator for chat) it made a good sense to evaluate MOSS & it’s been a good solution giving us desired results BUSINESS BENEFITS: The single place to collaborate & shared has unleashed many business opportunities and most essentially it has paved the way for all future initiatives like Knowledge management & Business intelligence. The qualitative benefits far outweigh the operational time & efforts savings.

documents on the intranet, effectively search for information, collaborate and share information among all business units. Then, it was time for the implementation. To set the ball rolling, change management, business support and involvement were key factors. Essentially, it implied that the solution had to be robust, scalable from a longterm perspective and at the same time had to be simple to use. “We chose to go with anOffice SharePoint Server because it satisfied all our criteria and we felt confident in the Microsoft platform,” says our CTO Pravin Savant. “With the Office SharePoint Server, we not only received a great deal of value for our investment, but we were also able to put effective, usable technology into the hands of our business users,” he added. The planning and execution efforts for the readiness of the technology platform had to be run in tandem with business alignment and change management initiative. To this end, the top management and the core user group’s involvement had been terrific, right from the solution design, launch and sustenance efforts. With an average 70% usage and at least one login per week and the highest usage being from regional offices, Loweconnect has been a success story. The various services provided are channelised into the following dimensions: Communication: It includes top man-

agement communication, internal news and communication, industry and client-specific news of interest, and a creative library with updates on new creative work. This includes an average of 3 messages from the CEO’s desk per month and over 300 industry news items, 150+TV commercials and print items in a few months. Interaction: This includes discussion forums, blogs, office communicator chat, polls, surveys, and brain food. There is an average of 10 blogs/ discussions per month on varied topics. Transactions: It includes leave records and links to various key applications. Change management: It has helped us explain the importance of technology usage across the organisation. It has also led to many new ideas and concepts which is rare in this industry. In the future, it will give us technical uniformity across various layers. The success of an IT initiative is defined by its business relevance. Collaboration is the critical aspect in our line of business. Right from concept to implementation and sustenance, Loweconnecthas enjoyed good business buy-in. It has also paved the way to introduce more technologybased initiatives at Lowe. In fact, it is regarded as a model solution in the industry and has already been included in a Microsoft reference case study at their global site. With the proven success and adaptability of the platform, more plans to leverage technology have been unleashed using the MOSS framework. Knowledge management and business intelligence are the two key initiatives, and very importantly, it’s part of the unified platform effort, so that the business leverages all key pieces of data, derives useful information from it for business intelligence and then is able to retain the knowledge which is retrievable. As Pravin says, IT is no more ‘Ignorance Tolerated’ at Lowe Lintas, but it’s doing more of what it should be — supporting the business to deliver its goals.

M A R C H 2 0 1 1 | ITNEXT

Casestudy.indd 27

27

3/4/2011 3:22:33 PM


CASE STUDY | USHA MARTIN GROUP

UNIFIED THREAT MANAGEMENT

The Power of One This case study on Internet Threat Management and the implementation of a ‘United Threat Management’ (UTM) Solution shows how a single point solution offers significant benefits. BY SUBHA K R U D R A

O

ur organisation is spread across the globe, with 5 manufacturing units, 4 branch offices and 20 warehouses in India itself, comprising 800 users, all heavily IT dependent, with each location accessible. This makes our network critical and sensitive and an ideal target for sophisticated internet security threats in the form of botnets, worms, intrusion attempts from external sources and phishing attempts, to name just a few. Though 85% of our systems have been converted to Linux, anti-virus software regularly updated and monitored and other software also adequately patched regularly, we felt that we must counter the threats at the entry points itself with robust and effective solutions, in line with the latest internet threats, without spending a fortune.

28

So, we singled out the entry points of the threats to our network and the exit points of the stolen data over the internet from our network. The major entry points or sources of security threats include: Spam or virus-infected e-mails. Browsing of unknown, unreliable and phishing websites by users.

THE IMPLEMENTATION OF UTM HAS SIGNIFICANTLY HELPED REDUCING COSTS FROM THE EARLIER SECURITY SYSTEM IN OUR ORGANISATION

 ort-scanning attacks from the Internet. P Random usage of external storage devices by users. Three of the above four sources are external, while the fourth is internal. The internal threat source was already countered with updated anti-virus software, OS & application software, proper patching and our internal corporate data security policy. Hence, the objective was to plug the external sources. For this, we centralised all internet traffic through our corporate office. A spam filter server, armed with an anti-virus, was brought in to scan all the e-mails passing to and from the network. A URL-filter server, again anti-virusequipped, was brought in to restrict and secure users’ web surfing. Software firewalls were placed to combat portscanning and other attacks. Though the systems were effective, they brought in new challenges. It was agreed that to combat/ eliminate the problems within the existing systems and the external threats, instead of having individual solutions, we needed to deploy a single point solution, i.e., anti-spam, URL filter, packet filter, etc., all in one box — United Threat Management (UTM). The toughest but most important aspect is to select the right product as

ITNEXT | M A R C H 2 0 1 1

Casestudy.indd 28

3/4/2011 3:22:33 PM


CASE STUDY | USHA MARTIN GROUP

COMPANY SNAPSHOT A Rs. 3600 Crore, integrated Speciality Steel & Global Wire Rope Company, Usha Martin group is engaged in mining, manufacturing, distribution & services related to steel & value added products. The company’s business is spread across 4 continents, 14 countries and 24 global locations. Usha Martin has emerged as India’s largest steel wire rope manufacturer.

We singled out the entry points of the threats to our network and the exit points of the stolen data over the internet from our network.” CHALLENGES: Managing multiple systems, their updation and patching, besides the patching their respective OS which again had their own normal issues. Secondly, it took a Herculean effort to create a complete report against an user as one had to collect his/her mailing report from one server in one format and his browsing record from another server in another format, then collaborating them to form a single report, often on request from the appropriate authority? SOLUTION: The solution was decided after the products and placed the device first at centralized internet traffic entryexit point of corporate office and strategically within the internal network at different locations, to filter out unnecessary & unwanted traffic locally itself, before it reaches the corporate office.

30

per the organisation’s requirement from the load of products available in the market. And the solution lies in a logical, step-by-step approach. Our approach included: 1. Listing our requirements point-wise and as precisely as possible. 2. Major modules or functions that we checked were: a.Efficiency in plugging the unused ports and saving them from online port-scanning attacks from the net. b.Threat management: It should always be identity-based, which makes it easier to find the problem-causing system, irrespective of how many IPs it has changed. c.The depth of the anti-virus scan in an anti-virus function. d.Spam filtering depth and efficiency of the anti-spam function, etc. e.HTTP proxy detection and efficiency of the URL filter and its customisation. f.Simplicity of web publishing of the internal services and security offered over the same. g.In built storage: Important for the log, reports and caching facility, to save internet bandwidth. 3. We checked and compared the features of every particular function with equivalent standalone products. 4. We checked and compared the management of the UTM policies through the management console.

5. We checked and compared the ‘reporting and monitoring’ aspects of the devices. 6. After shortlisting a few products, we ran a ‘Proof of Concept’ test for all of them. Finally, we zeroed in on one of the products and placed the device first at the centralised internet traffic entryexit point of our corporate office, and strategically within our internal network at different locations, to filter out unnecessary and unwanted traffic locally itself, before they reach the corporate office. This also served the dual purpose of saving internal bandwidth and reduced the overhead of the mother device placed at the corporate office. Besides being effective, the other significant benefits of this solution have been: Saving time and man-power: Given that all of the required and necessary functions are combined into one box, reducing the complexity of the security system, we need not spend time and man-power to figure out how all our security devices are working, and how well they’re working together. Once you understand how the device works, you understand your entire security system. Simple, required and easy-to-understand reports can be instantaneously generated on demand. Also, a single solution means a single vendor, a single point of contact for support. Saving bandwidth: Strategic placement of the device saves the internal bandwidth. Unwanted and unnecessary content are screened, thus saving the organisation’s net bandwidth too. Saving money: Given that the whole security system is in one device, we had to invest in one system instead of different systems for different solutions. Saving bandwidth itself saved us costs on bandwidth augmentation. The implementation of UTM has significantly reduced costs from our earlier security system, without compromising on data security, and further availing of different levels of protection. Saving time and money made it a worthwhile investment for us.

ITNEXT | M A R C H 2 0 1 1

Casestudy.indd 30

3/4/2011 3:22:35 PM


INSIGHT | INFORMATION SECURITY

ISO 27001

Recipe The

FOR

Success The benefits of obtaining an ISO 27001 certification go far beyond the obvious. It could even be your USP, giving you that extra edge in these competitive times. BY B E R J ES E R I C S H R O F F

32

ITNEXT | M A R C H 2 0 1 1

Insight_Information Security1.indd 32

3/4/2011 3:36:39 PM


INFORMATION SECURITY | INSIGHT

F

or most organisations today, information is the most vital asset. Information security can be described as the conservation of confidentiality, integrity and the availability of this information — the three pillars of the IT Security Triad. ISO 27001 is an international standard forinformation security best practice. The standard can be implemented in, and is applicable for all types of organisations, including commercial enterprises, government bodies and not-for-profit organisations,for designing a compliant Information Security Management System (ISMS). The standard provides the framework for a vendor-neutral, technology-neutral management system, that assures an organisation and its stakeholders that its information security measures are in place and are effective.

The structure of the standard

PHOTO GRAPHY: PHOTOS .CO M

ISO 27001 has five main clauses (mandatory controls), 11 domains, 39 control objectives and 133 controls. The mandatory clauses include: Establishing the ISMS Management commitment Internal ISMS audits Management review of the ISMS ISMS improvement. A fundamental tenet of ISO 27001 is the ‘Deming Cycle’ of plan, do, check and act. The 11 domains covered under the standard include: Security policy Organisation of information security Asset management Human resource security Physical and environmental security Communications and operations management Network access control

Hence, it affords you the freedom of including your own controls to address the technology rolled out in the organisation. Having said that, it is important to note, that the reason for the omission of any controls cited in the standard, must be mentioned in the Statement of Applicability (SOA). So what is the recipe to ensure the ISO 27001’s success in an organisation? The first and foremost ingredient is to understandthe culture of the organisation, business objectives and garnertop management support. Management support and commitment in terms of manpower resources and financial resources are critical. Recognition of information security as being a priority by top management still remains one of the biggest challenges for CIOs / IT managers, worldwide. The second biggest challenge happens to be,getting sufficient resources. Information security is not only about IT — it is also about, amongst other things, organisational and cultural issues and human resource management. So if your management feels that the IT department can handle this without support from top management and other resources (manpower and financial) or support from other departments, the project is doomed from the beginning. The next step usually involves identifying the scope forISO 27001 compliance. This is a crucial element else it will adversely affect the cost and ROI of ISO 27001 implementation.More often than not, it is not necessary for an enterprise to adopt a companywide implementation of the standard. If need be, this can be extended or staggered to other divisions / business units, at a later stage. Once the scope has been identified, it is crucial to have a plan in place for

THE ISO 27001 CERTIFICATION GIVES YOU THE EDGE OVER A FIRM THAT IS NOT CERTIFIED, AND IT COULD BECOME YOUR UNIQUE SELLING POINT, ESPECIALLY IF YOU HANDLE CUSTOMER SENSITIVE DATA.

Information systems acquisition, development and maintenance Information security incident management Business continuity management Compliance Albeit the standard does not touch upon areas such as ‘green computing’ or ‘wireless technology’ per se, there is nothing stopping you from including this in your list of controls. In fact, the controls cited in the standard are general guidelines to ensure that the important areas under these domains are not erroneously omitted.

5800 companies worlwide are certified under ISO 27001 standard

M A R C H 2 0 1 1 | ITNEXT

Insight_Information Security1.indd 33

33

3/4/2011 3:36:42 PM


INSIGHT |INFORMATION SECURITY implementation. Although this is not part of the standard, it can be one of the major pitfalls — failing to plan means planning to fail. If youthink you will be able to roll this out in two to three months, then you will land up with a pile of procedures, polices and other documentation, which nobody will care about. The standard is not just about documentation — but you should be able to implement and measure the documented procedures and processes as well. The backbone of a majority of, if not all, information security standards, is decision-making based on risk assessment. The ISO 27001 is no exception to this rule. In fact, the standard explicitly states the requirement of a risk assessment to be conducted prior to the selection of any controls. From a business, compliance or contractual perspective, the risk assessment exercise mustidentify the threat and vulnerability for each asset, which has a likelihood of impacting the information security triad of confidentiality, integrity or availability. This also makes business sense, since the organisation would be able to divert its funds towards addressing the most critical risks identified. The risk assessment process would also enable the management to identify ways of addressing this risk — whether the risk needs to be mitigated, avoided, transferred or accepted. Building a good team is another crucial ingredient for success. In my experience, involving cross-functional teams, including legal and HR professionals is absolutely necessary, especially when it involves framing policies and penalties for violation of the policies. A CIO / IT manager cannot be expected to frame these policies without seeking guidance from these functional areas. Compliance (Domain 11) mandated by law applicable to the organisation for example, need to be addressed by involving the legal team. The costs involved for implementation and certification need to be conveyed to the top management, as well as the ROI. Some of the costs which could come into play are - cost of internal resources to produce policies and

34

What is an ISO 27001? ISO 27001 is aimed at organisations who wish to assess their information security risks and implement ways of addressing them. The ISO 27001 standard requires management to: Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities and impacts;Design and implement a coherent and comprehensive suite of information security controls and/ or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and Adopt an overarching management process to ensure that the information security controls continue to meet the organisation's information security needs on an ongoing basis.

The benefits ISO 27001 shares many benefits with other m anagement standards, like ISO 9001 and 14001.  y having documented procedures B and processes in place, the greater

procedures, cost of external consultants, cost of registration for certification, etc. So what is the ROI for an organisation implementing ISO 27001? Is being ISO 27001 certified just a marketing gimmick? The ISO 27001 certification does definitely give you the edge over an organisation that is not certified, and it could become your unique selling point, especially if you handle customer sensitive data. The ISO 27001 certification instils confidence in your customers that their personal information is protected. Obtaining an ISO 27001 certification demonstrates that you have addressed,

efficiency and transparency from their implementation reduces risk of mistakes and the consequent cost of re-work. These benefits are even more apparent in larger organisations where the clear channels of communication improve utilisation of time and resources. With all of this in place, employees can feel more at ease and confident in their roles. A knock-on effect is happier clients too, because you will reduce mistakes and have traceability if things were to go wrong. Importantly, ISO 27001 will ensure you meet current legislation. With rules changing regularly, it's important that this aspect is kept on top of. By using a Certification Body that will re-audit you each year, you're safe in the knowledge that you are meeting all legal requirements. Because you're reducing risk and demonstrating professionalism and accountability, your organisation can also benefit from reduced insurance premiums and better credit terms.

implemented and controlled the security of your information. From the firm’s perspective, it can lead to cost savings. Imagine the loss to an organisation because of a leakage of company confidential data, for instance, business strategy, the loss of reputation built over the years, the cost of the customer’s private data being compromised and subsequent law suits, etc. By obtaining the certification, you effectively establish that relevant laws and regulations have been addressed. Berjes Eric Shroff is Manager IT, Tata Services

ITNEXT | M A R C H 2 0 1 1

Insight_Information Security1.indd 34

3/4/2011 3:36:43 PM


advts.indd advts.indd advts.indd 54 54 54

12/22/2009 12/22/2009 12/22/2009 2:54:15 2:54:15 PM2:54:15 PM PM


17 THE

SECOND SOLUTION Thoughts + feelings + actions = attitudes = results. Hereâ&#x20AC;&#x2122;s how a goal image and 17 seconds can help achieve positive results.

BY MANIS H S I N H A

36

ITNEXT | M A R C H 2 0 1 1

insight_mind management NEW.indd 36

3/4/2011 3:46:00 PM


MIND MANAGEMENT | INSIGHT

W

e work with our mind but what makes all the difference is when we know how our mind works. It often explains why we get results we don’t want at all.

As we play a number of roles simultaneously in our life, we do fail to achieve or maintain a balance between our professional and personal life. The same failure is experienced by a corporate house in terms of revenue leakage, employee retention, team management, sales graph and innovative strategies. If you had to recall memories from your past — your first day at college, your first boss, your favourite meal — your mind instantly supplies you with images. The point here is that we want to achieve goals but how often do we supply our mind with an image to that goal. The difference between how our conscious and sub c o n s c i o u s mind works is that the former chooses, accepts, rejects, and it is where a thought originates. And the latter must accept, can’t reject and can’t distinguish between real or imagined. Our conscious mind has the ability to think. Information and ideas flow from different sources and through our five senses, i.e.,

sight, smell, taste, touch, and hearing. They feed the conscious mind with information throughout the day and this often distracts our attention from our goals, which could be project delivery, team management, and risk analysis. Science says we live 90 per cent of our lives subconsciously which means our habits are stored in our subconscious and that’s why when we learn to write with the right hand, we continue to do so. If asked to write with our left hand, the shift in pattern doesn’t allow us to do so accurately. The subconscious has stored the instruction to write with the right hand, and to do otherwise triggers the thought that it would be difficult and hence the inability. The thoughts, ideas, expression, emotions our conscious mind chooses are accepted by our subconscious which doesn’t have the ability to think. So, it can’t reject a thought or an idea. And a thought, an idea or emotion we impose on it over and over becomes a habit. While we are unaware of some habits, which are the hidden results of our failures, they do reside in our subconscious. And they will stay there until we replace them with new thoughts and ideas (provided that moves us in the direction of our goal), chosen by your conscious mind. The subconscious is the basis for feelings and actions. If we feel bad, it means we’re having a bad thought about something consciously. If we think a positive thought, it helps us feel better. Every activity we perform has three basic parts: thoughts, feelings and actions, when added up they offer the result. The equation is thoughts + feelings + actions = attitudes = results To change the results we have to go back to the basics, i.e., thought which originates in our conscious mind first, which when accepted makes our brain cells work in that direction. Say you get a call from the CEO and he is very angry about a decision you made. The feedback is coming through your senses (hearing), if your conscious mind accepts his anger, it triggers feelings

M A R C H 2 0 1 1 | ITNEXT

insight_mind management NEW.indd 37

37

3/4/2011 3:46:03 PM


INSIGHT | MIND MANAGEMENT and the result would be frustration can retrain your brain and trigger the Best practices for team right action. and tension. management The other trick to change the way But you can fool the conscious mind On a worksheet write a brief bio of the with a 17-second solution. As every we think is to write what we want to team members including their goals thought has a frequency, it takes 17 achieve. It could be any concern area for their career. seconds to mature, attract feelings and like project delivery, deadlines, teams Check if the team can help each other then action. The key is to shift conscious not working, wanting to achieve a through sharing or transferring thoughts at that moment for 17 seconds top position at work, relationships, knowledge to each other. towards another thought, for instance a recognition at work, money, repayment Pass this vision clearly to the team goal you want to achieve. But you must of big house loans... When you think members; it would be great if you have an image of the goal with you of these your mind starts receiving could convert that as an image which either on your desk, your cell phone, a images, for example, loans and EMIs; the subconscious accepts easily. small sticker on your watch or a goal your mind moves in that direction As a catalyst, add the corporate goal card (like a visiting card) in your wallet and leaves behind a negative feeling. image along with employee goals. or pocket. Focus on that for 17 seconds Shift the focus of your thoughts for 17 Whenever they see it, it will remind and it will change your mood, extend it seconds towards your goal and you’ll them about both. This works like to an extra 17 seconds and your neurons find that adds energy instead of panic. the cybernetics mechanism used in You can control things by writing will change direction from anger, guilt, setting up the autopilot function in frustration to the joy, peace and love down your goals and dreams because an airplane. The images serve as an you would achieve after achieving your the process of writing makes you think. autopilot throughout the project, goal. The key here is the image as the Thinking creates an image of your especially when the team deviates from subconscious mind accepts them faster. goal and that triggers feelings and that project deadlines, team conflicts, testing triggers action and it is your actions that But how does all of this help a CIO? bugs, delayed query responses, but the If a project is stuck, the project create results. image sets the tuning of the team and manager (PM) has to resolve the issue reminds them of the goals and how to but at the same time s/he has family accomplish them. engagements and others tasks as well. Another technique to maximise the This is a very real example of problems benefit is to hold a 10-minute conference people face. call, related to project, at say 10:30 pm Likewise every CIO has a fixed or at 6:30 am to discuss unanswered number of working hours; it’s a ratio points. This is when sensory organs are at rest and the subconscious gets active of 1:2 hours at work and outside.  If with ideas and emotions. Science says we apply the principles of reverse it takes 22 days of repetition to form engineering and give them the tools or release a habit. This could be used to manage 16 hours, the eight hours at to give every member a supportive work will be more productive.  More hand to replace a bad habit with a often than not, CIO’s cut into their new, good one. It’s only then personal time to spend time that you can truly call it at work; they’re successful a team which makes a at work but not at a social Do I want to take this decision? collaborative effort rather level. And this can be After taking this decision, would I be moving in the than one that indulges stressful. direction of my goal? in people politics and So the next time unhealthy competition. you feel negativity Would taking my decision harm others? This will help channelise surrounding you, simply If the answer to the first two questions is YES and the last is the energy of team and reject the thought and NO, then you know you’re doing the right thing. no matter how big a order your conscious project is, despite even low mind to shift for 17 Choose a simple matter initially and then apply it to any budgets, the collaborative seconds towards your goal other situation in your life, personal or professional. effort will work wonders for image. You will be in a lesser These conscious questions serve as a foundation the organisation. negative frame of mind and stone for solid decisions. that’ll trigger new feelings at Manish Sinha is Head IT, OnDot the end of it. An implicit memory Couriers & Cargo Ltd. system is responsible for what a person believes, thinks and does. You

Ask yourself these 3 questions when you have to make a major decision:

38

ITNEXT | M A R C H 2 0 1 1

insight_mind management NEW.indd 38

3/4/2011 3:46:04 PM


RISK-BASED AUDITING | INSIGHT

RUN THE K S RI

Incorporating a Risk-based Auditing management system is one of the most effective solutions for the successful implementations of business critical IT systems.

PHOTO GRAPHY: JAYAN K NARAYANAN

JAT I N M O D H

C

hoosing the right business critical IT systems that will meet an organisationâ&#x20AC;&#x2122;s business requirements is the first and most important decision towards accomplishing successful implementation; closely followed by the choice of the system integrator or implementer. During the implementation, organisations face several significant challenges or tasks which they need to overcome. These include the reengineering of the current business processes, reconfiguration of existing controls, adoption of the new business processes and new

M A R C H 2 0 1 1 | ITNEXT

Insight_risk based management.indd 39

39

3/4/2011 3:52:37 PM


INSIGHT | RISK-BASED AUDITING internal controls. Hence the need to integrate a Risk-based Auditing management system is recognised as one of the keys to successful implementations of business critical IT systems. The focus here is on the best practices which need to be followed for risk-based auditing during the implementation cycle. In a typical implementation cycle, the Project Management Office (PMO) is engaged or responsible for the risk assessment processes. The most common risk management standards used by the PMO are ISO 31000:2009 and Enterprise Risk Management – Integrated Framework (COSO ERM). The PMO has the most obvious risk to assess — whether the project is ready to go live. Apart from this, there are several other risks which need to be mitigated for successful implementation. Some examples are: Compliance with industry regulations such as BASEL II, PCI DSS, HIPAA, etc. Compliance with various national, state and local data security and privacy laws. Risk that business requirements will not be fulfilled during the implementation. Risk that business requirements are not properly confirmed during the testing process. Risk of delay and budget overshooting during the implementation. Stability of the application. Internal & external security systems. Every firm doesn’t have the same degree of risk appetite and risk mitigating controls. The PMO has its limitations in the form of expert manpower & time, to mitigate all the risks which arise out of huge business critical implementation projects. How can the PMO effectively identify and manage risk in such business critical implementations? The answer is to have a Risk Advisor/Auditor who will provide vital inputs with corrective actions at the critical stages of the implementation, to the PMO.

40

THE THREE SUGGESTED APPROACHES ARE:

1

Implementer providing the Riskbased Auditing services The organisation must make

IDENTITY THEFT STATISTICS 2010 The average cost for a business to recover from a data breach is $6.75 Million. The average cost to implement identity theft, social engineering and data breach training? In most cases, less than $50,000.

62% of those breaches reported exposed Social Security Numbers, and 26% involved credit or debt card information. 15.7% of the data breaches involved state and federal agencies and the military. Medical and health care facilities accounted for 24.2%, educational institutions accounted for 9.8% and the banking industry, 8.2%. That leaves businesses as the largest percentage of breaches - 42.1%.

Malicious attacks, according to the report, account for more breaches than human error - the former constitutes about 17% of breaches, while the latter, just 15%. However, almost 40% of those breaches reported did not identify the manner in which information was exposed. Although the risks of hacked databases often make headlines, the report finds that paper breaches account for nearly 20% of known breaches. Only 200 of the 662 breaches were credited to information provided by states and agencies with mandatory reporting. Source: Identity Theft Resource Center

sure that it gets qualified resources for both the implementation and the riskbased auditing services. Pros: Project Planning is well integrated and more seamless, as both the services are provided by a single entity. Resources are well managed since there are lesser coordination and conflict efforts involved. Cons: Independence and objectivity of the auditing function is eliminated. Inherent conflict of interest between the implementation staff and the auditing staff on achieving on time and on budget can lead to quality issues and risks left unaddressed.

2

Organisation’s audit firm providing Risk-based Auditing services This is one of the common approaches followed. Pros: An independent review of the project status, deliverables and results are obtained and will protect the organisation from facing any issues from their stakeholders against any critical decision made during the implementation. As they are already aware of the existing processes and controls, the design of the new processes and controls, and acceptance of the same is easier. Cons: The skill sets and experience of the consultants in the implementation or in use of the application might not be adequate.

3

Independent firm providing Risk-based Auditing services This is one of the most professional approaches. Pros: The consultants are focused and experienced, and experts in their respective domain. An independent review in the true sense is achieved without a bias towards any firm or stakeholder.

ITNEXT | M A R C H 2 0 1 1

Insight_risk based management.indd 40

3/4/2011 3:52:37 PM


RISK-BASED AUDITING | INSIGHT Cons: The brand credibility needs to be verified before appointing the same. ROI needs to be evaluated and approved as it is a costly affair. Irrespective of the approaches, the key issue is the type of services offered and selection of the required services for an organisation. The services on offer include:

Complete Risk Assessment Services: The Risk Advisor/Auditor needs to be involved at all stages of the implementation, right from the design phase to the go-live phase of the project. A well-defined risk assessment programme needs to be in place before the commencement of the project, as it helps the PMO identify strategic and tactical risks at the right time.

Specific Risk Assessment Services: These services are specially tailored to meet the specific demand of the PMO in which they want to identify and mitigate specific risks, rather than a complete risk assessment package. The common services available are: Internal Controls Design — targeted to the design of internal controls. Business Process Design — targeted towards the design of the to-be new business process and its alignment to the to-be internal controls. Software Configuration & Change Management — targeted to the initial configuration of the application as per the designed business processes and internal controls and also the design of the change management process to comply with the best practices. S ecurity Role Definitions & Assignment — targeted towards the definition of the roles and the security of the application to achieve the integrity of the system’s business processes and applications. Testing — targeted towards Final User Acceptance Testing Results to confirm the readiness of the system. Controls Related Software — targeted towards analysing the need of the

WHAT’S AT RISK? If you are a young adult or a small business owner, you would tend to engage in riskier activities that can lead you to be victimized more frequently. Youngsters, especially college students, are likely to use library computers or share computers in their dorm rooms with roommates and others who they do not know very well. Small business owners tend to complete a large number of financial transactions by mail or over the net, often using their personal accounts and home address to aid in processing these transactions. You are also more at risk to be a victim of fraud if you get a letter in the mail from a company that has access to your personal information stating you’ve been a victim of a data breach. While these letters are, unfortunately, becoming pretty commonplace, it’s important to pay close attention to them and not simply drop them in the recycling or the trash. The majority of recipients tend to do so (a) because

THE RISK ADVISOR/ AUDITOR NEEDS TO BE INVOLVED AT ALL STAGES OF THE IMPLEMENTATION, RIGHT FROM THE DESIGN PHASE TO THE GO-LIVE PHASE OF THE PROJECT. third-party software to identify any segregation of duties issues, audit trail and overcome the common deficiencies of the system. G o-Live Readiness Assessment — this is the combination of the

they doubt the legitimacy of the letter or (b) because they are so used to getting them that they don’t really think too much of it anymore. If you receive one of these letters, your chances of being victimized by an identity thief go up to one in four. It’s not wise to sit idly by and not worry about it. Whether your odds are one in 20 or one in four for becoming an identity theft victim this year, those are pretty high odds; high enough that they should encourage you to act. One action you can take is to sign up with an identity theft protection company. This plan can include credit monitoring, fraud detection, database monitoring, address change notifications, a lock on your credit file and more. It all depends on how much security you want to add to your accounts. Of course, a higher security plan will provide you with the most protection, but having a basic plan is infinitely better than having no plan of action at all.

software configuration and change management, security role definitions and assessment and testing, and is done just to check out the go-live readiness of the system. An organisation has investments made for the brand image perceived in the market while implementing business critical systems, with an expectation that the new system to be implemented will meet their business objectives and control objectives, and will catapult their organisation into the magic quadrant. Risk-based Auditing services can definitely play a quality assurance role for the implementation. Jatin Modh is Manager IT, MettlerToledo India Pvt Ltd

M A R C H 2 0 1 1 | ITNEXT

Insight_risk based management.indd 41

41

3/4/2011 3:52:37 PM


INSIGHT | VDI

THE NEW

FACE OF

ZERO Virtual Desktop Infrastructure and a ‘Zero Client’ model are addressingthe complexities of growing eterprises effortlessly. C H A N D R ES H D E D H I A

42

ITNEXT | M A R C H 2 0 1 1

Insight_VDI.indd 42

3/4/2011 3:58:56 PM


VDI | INSIGHT

O

ver the past few years, enterprises h ave invested in making their datacentres more efficient and optimising them through server consolidation. This works almost as an antidote to the earlier server sprawl. The fundamental behind implementing virtualisation is that it optimises the server’s hardware resources, thereby decreasing costs related to maintenance, utility power, support and additional hardware servers. Virtualisation has changed the way an IT infrastructure works; there have been profound benefits to all the organisations from SMEs to enterprises. Virtualisation as a model has now matured enough for all organisations to reap the benefits. Enterprises have achieved the goal of optimising their datacentre-level hardware by way of server consolidation or rather server virtualisation, but what about desktops? It has been a daunting task to manage thousands of desktops with all the ideal system hardware and wastage of utility power. So, is there a way to optimise desktops too? Yes, there sure is, and that is why Virtual Desktop Infrastructure (VDI) is so popular these days. Now one could comfortably say that virtualisation as a model is spreading its footprint from servers to desktops. But desktop PC management is an overly complex job. IT departments have to deal with a countless number of desktops to deploy, maintain, patch, update and track. Licencing and end point security is also a major concern. More often than not, each employee’s PC is unique with customised experiences that complicate the centralised management of each resource. In a

DISADVANTAGES OF VIRTUALISATION Virtualisation Technology Is Not Perfect Single point of failure, powerful machines, lower performance, and specific applications, which can't be virtualized, are among the disadvantages of virtualisation.  irtualization Solutions Have a Single V Point of Failure  hen the machine, on which all the W virtualised solutions run, fails or when the virtualisation solution itself fails, this crashes everything.  irtualisation Demands Powerful V Machines  irtualisation might save money V because thanks to it less hardware is required and this allows to decrease the physical number of machines in an enterprise but this does not mean that it is possible to use archaic computers to run top-notch virtualization solutions.

 irtualization Might Lead to Lower V Performance Even if the machines on which virtualized operating systems and virtualized applications are run are powerful enough, performance issues are still possible. What is more, one of the most unpleasant facts is that very often there is no problem with a particular application when it is not virtualized but when it is deployed in a virtualized environment, all sorts of issues start to surface.  pplication Virtualization Is not Always A Possible  hile in most cases it is not possible W to predict if a particular application will misbehave when virtualized or not, there are also many applications, which are known to experience performance degradation when virtualized. Databases are one of the most common examples of such applications

Source: www.suite101.com

nutshell, IT departments struggle to optimally manage the huge number of desktops deployed across the enterprise.

The ‘Zero’ effect The ‘Zero Client’ model addresses the complexities of a growing enterprise with ease. It expands a desktop PC environment from a single physical machine to a multi-client/server computing model. This means, a user’s desktop is hosted remotely and accessed via a ‘Zero Client’ device over the network. A user no longer has a physical PC on the desk. The ‘Zero Client’ access

devices do not use PC-based processors or chipsets and do not run a local operating system. All the primary functionality is integrated into a single chip that has an optimal set of resources for working with the ‘Zero Client’ virtualisation software and extension protocol. This System-on-Chip (SoC) contains patented technologies to deliver unmatched performance from a very low-power device. The device also contains a DRAM used to perform a local screen display. We evaluated a ‘Thin Client’ model and ‘Zero Client’model. Our organisation

M A R C H 2 0 1 1 | ITNEXT

Insight_VDI.indd 43

43

3/4/2011 3:58:56 PM


INSIGHT | VDI implemented the ‘Zero Client’ solution in two phases.

Phase 2: Once we had more requirements for desktops for new hires and desktop updates, we deployed a VM Hypervisor on theserver hardware and created four ‘Windows 7’ VMs, which gave us the capacity to connect up to 40 ‘Zero Client’ devices. This model was scalable with each ‘Windows 7’ VM that could allow adding at least 10 ‘Zero Client’ devices. Tech Specs: A ‘Zero Client’ device consists of a SoC (System-on-Chip) with a VGA port, USB ports, Ethernet port, mic & speaker ports.

Business Benefits The ‘Zero Client’ access device costs less than half the price of entry-level PCs and the on-going savings are even higher. With no moving parts or

BENEFITS - DESKTOP VIRTUALISATION  ustomers receive a DCBG virtual workstations with limited access to system C resources, increasing security in terms of the danger of house leaks;

Source: Virtualization – advantages and benefits, infodatacenter.com

Phase 1: We started with a desktop with a Core 2 Duo/4 GB RAM configuration with a Windows 7 OS and all the standard enterprise applications. This desktop acted as the ‘HOST’ system and we connected five ‘Zero Client’ devices to this model. We got five virtual desktops ready and from day one, we began to realise the benefits.

 ramatically reduce the costs of new machines (terminals) for replacement D of obsolete or defective ones;  nhances the efficiency and extend the working condition of the existing E computers;  asy and fast administration saves time and money in support of the E company’s IT infrastructure; Increase labor productivity 24 hour support teams from DCBG

Benefits of Server Virtualisation Direct customer benefits in terms of server virtualization Reduction of the size of the data center;

Reduction of staff; Drastically reducing maintenance costs; Time savings in case of hardware problems and other negative incidents

Small Setup Desktop: Core2Duo/4 GB Ram Windows 7 OS Supports up to five‘Zero Client’devices

Large Setup Server: Quad Core/16 GB RAM VMware ESX/Xen Server/ Microsoft Hyper-V Windows 2008 R2 OS Up to 30 ‘Zero Client’ devices supported per Windows 2008 R2 VM E.g.: 4 Windows 2008 R2 VM x 30 ‘Zero Client’devices = 120 ‘Zero Client’devices

44

local storage systems, repairs are very rare and maintenance costs are kept in check because you only have to maintain and upgrade the shared PCs or Virtual PC. Also, whenever an enterprise has to upgrade to the latest PC technology, the ‘Zero Client’users will automatically enjoy an increase in performance. The ‘Zero Client’ access device is the size of a small handbook, consumes less than 5 watts of power, generates a negligible amount of heat, makes no noise and produces less e-waste.

Large scale implementations in India The ‘Zero Client’ solution has been successfully deployed across India & the globe. It includes projects, like, the AP School project — 5000 schools using 50,000 units of ‘Zero Client’ devices, Employee State Insurance Corporation — across India 31,000 units of ‘Zero Client’, and, Maharashtra Knowledge Corp Ltd (MKCL) — 1000 centres use 10,000 units of ‘Zero Client’. Chandresh Dedhia is Sr. Manager- IT, Fermenta Biotech

ITNEXT | M A R C H 2 0 1 1

Insight_VDI.indd 44

3/4/2011 3:58:57 PM


INTERVIEW | SUDHIR NARANG

“IT IS NO LONGER JUST A COST CENTRE” In India, British Telecom (BT) has its network presence in eight key business locations from where it connects its customers with its managed global IP network. In a candid interaction, Sudhir Narang, Managing Director, BT India, talks with Jatinder Singh about the company’s strategies, new technologies and changing business BT has recently announced its plans to invest heavily across the Asia-Pacific (APAC) region. What were the reasons for this and what opportunities are you looking at? At BT Global Services, we actually follow our customers. That means most of our expansion programmes are aligned with the way customers and their needs grow. We are investing in the APAC growth and new services, and expanding in the fast-growing Asia-Pacific market, where we already have a strong market presence. To meet clients’ expectations, we are working on a programme, through which, we plan to expand our platform across the APAC. And this will begin from investing in an additional portfolio and resource capability that will be aligned to the growth plans of our global customers, as our base continues to expand across the Asia-Pacific. This means that all the services that

46

are available to our global customers, in the US or in Europe, will also be available seamlessly to our customers across the APAC region as well. Since we plan to expand our platform, we would also need a higher skill set to support that model. We are recruiting over 300 people in the region for the same. In terms of sectors, we aim to drive market leadership in four key areas over the next three years, namely, network services, managed security, unified communications and contact centres. We will create technology showcase centres where customers can interact directly with BT’s leading-edge products.

How will this impact BT’s India operations? India and China are emerging countries. This investment that we are making will help these economies as well. We have grown in terms of customer acquisition in India. In 2007, we got licences for NLD/ILD in

India after the acquisition of i2i. Since then, out of the 300 people we have hired, 60 to 70 people have been from India. We aim to provide our global portfolio of solutions to the Indian customers as well. With this expansion programme, we are bringing eight to nine services, including voice, cloud and telepresence services, into the market. In the past, we have invested significantly in key IP platforms and transfer of services onto an integrated platform for voice, video and data. Core services offered in the Asia-Pacific region include convergence, customer relationship management, conferencing, outsourcing, security, IT transformation and mobility.

You said the business model works in line with the varying market demands, and that calls for innovation. How have you planned for it? When you talk about innovation, whether it’s in terms of technol-

ITNEXT | M A R C H 2 0 1 1

Interview-new.indd 46

3/4/2011 4:01:49 PM


SUDHIR NARANG | INTERVIEW

M A R C H 2 0 1 1 | ITNEXT

Interview-new.indd 47

47

3/4/2011 4:01:54 PM


INTERVIEW | SUDHIR NARANG ogy or in terms of a commercial model, or IPR, it varies. While we are expanding our platforms and hiring talent, we also understand that in a commercial model, the customer requires something that’s exclusively for him, and that’s where innovation comes in. For any business, the commercial model should be totally aligned to the customer requirements. One should innovate with the commercial model. It’s not about revenue sharing, but more about outcome-based commercial modelling. Hence, we work upon a customer satisfaction model. For instance, we have customers across the sectors. However, except IT or ITeS clients, not too many have understood the concept of outsourcing in its entirety. We understand that in terms of commercial value, most companies are under pressure because of CAPEX. We are innovating along with them, too, by offering them selective outsourcing, with a very strong SLA-based modelling. You might not necessarily have a revenue-sharing model, but it must be a value-based model for customers.

Do you think the outsourcing priorities of businesses have changed majorly in the postrecession era? Companies here are much more open, much more advanced in terms of outsourcing, and it is strategy outsourcing which has proven its strength. You are giving a piece of the operations to people who are best at doing those things. Earlier, the key factor behind the outsourcing model was time and money (T&M). However, recession has taught us a lesson. Now businesses are asking whether they should continue negotiating about T&M, or opt for an outcome-based model. There is definitely a shift in the industry’s buying behaviour. Earlier,

48

vendors used to define their own SLAs, but now since they have varied customers, they have to provide the right combination to keep a customer happy. Now, you can measure everything.

BT has also been a strong advocate of cloud computing. Will implementing a cloud strategy help service providers? Cloud services help service providers and enterprises to be agile and responsive. In the modern world, IT heads also get connected to their businesses. For them, IT is no longer just a cost centre, but is a business centre as well. Some of the key questions included in their cloud strategy are: Does it really

“With our expansion programme, we are bringing many services, including voice, cloud and telepresence in the APAC region”

Find other interviews online on the website www.itnext. in/resources/ interviews

help us to create a green environment? Will it help improving the existing efficiencies? Is it possible to sustain the technology longer? Unless they get the support, and their queries are resolved properly, this technology can’t be accepted. That means pressure is back on the technology providers and service providers. And they have also started working on specific solutions, which could meet specific demands and needs.

ITNEXT | M A R C H 2 0 1 1

Interview-new.indd 48

3/4/2011 4:01:57 PM


15MINUTE MANAGER

TRAINING EDUCATION WORKPLACE COMPENSATION WORKFORCE TRENDS SKILLS DEVELOPMENT PERSONAL DEVELOPMENT

BATTLE FOR THE FUTURE PAGE 52

Strategy CIO on demand THIS PAGE People Management Having the best of both worlds PAGE 53 Healthy habits Excercises at office PAGE 50

BY VISHAL ANAND GUPTA

A

PHOTOG RAPHY: PHOTO S .CO M

CIO-on-Demand service or an ‘Outsourced CIO’ may be a fairly new terminology in the Indian scenario and it may sound conceptually similar to outsourcing the IT needs of an organisation, but the difference lies in the core essence of the service rendered. The service provides an affordable way to inject a blue chip CIO’s leadership to the business of an SME that cannot afford a full-timeCIO, as part of an interim management. The service works with the business to manage the demand for technology needs in a timely manner. It is an on-going management service for SMEs in need of direction to bridge the gap between business and technology. It helps organisations align themselves between business strategy and IT strategy by providing a roadmap for the IT function of an organisation backed by an offshore team to guide it forward.

The need for CIO-onDemand services Every organisation needs somebody who can join in on calls for vendor or service provider selection, to make sure that the organisation’s interest is been looked after.

OUTSOURCING

CIO-ONDEMAND The CIO-on-Demand service helps to infuse a top CIO’s leadership to a business that can’t afford a full-time CIO M A R C H 2 0 1 1 | ITNEXT

15 Minutes Manager.indd 49

49

3/4/2011 3:01:10 PM


15-MINUTE MANAGER

50

HEALTHY HABITS

EXERCISES @ OFFICE

FACTS Office chair squats can be one of the most effective body-strengthening movements. While the desk press exercise strengthens both your upper body and core, the business flight exercise will target the hamstrings and the midback regions.

Sitting all day at the office can be quite taxing to the body. But that should not be a deterance, as here are some quick office exercises that can be done on the go.

Office chair squat This exercise can be one of the most effective body-strengthening movements. Begin by standing as tall as possible and relaxing your shoulders. Lift your toes up to the top of your shoes. While keeping your back perfectly straight, lower your hips to within 1 inch from the seat of your chair. Perform a 10-second hold at the bottom of the rep. Remember to keep your knees well behind your toes. Your hips should be the first muscles to lift your body back to the standing position.

Desk press This strengthens both your upper body and core. While keeping your body in a straight line using your core muscles, hold a push-up position with your elbows at a 90-degree angle. While holding this position, execute 10 knee-drives, followed by 5 push-ups. Repeat 3 to 4 reps.

Business flight

Doing a minimum of 35-50 pushups daily takes from 1-4 minutes and will help you prevent muscle strains

This office exercise targets the hamstrings and the mid-back regions. Begin by standing as tall as possible. Pull your head and your shoulders back and down to create a “perfect posture” position. Using your hips as a hinge, bend over while standing on one leg and extending the other leg so that it and your torso are parallel to the floor. Hold for 3 seconds, then return to the original starting position. Perform this exercise for 1 minute before switching legs and repeating.

PHOTO GRAPHY: PHOTOS .CO M

Most SMEs do not require a full-time IT Head. Even if they hire a full-time CIO, the technical requirement is not sufficient to keep the CIO occupied full-time; hence he is often also assigned non-technical responsibilities, which in turn diminishes the core job profile of a CIO. On a broader scope, the services offered by a seasoned CIO range from strategy planning to defining a roadmap for IT acceleration, to defining the annual IT budget that is aligned with business priorities, to something as simple as to helping select and implement a project. Categorically, the consultancy services offered by a CIO for a product’s core could include: Business process review to identify the gaps in processes and increase overall productivity. Business-effective infrastructure readiness assessment for the need to simplify. Automate and standardise processes to improve service levels, increase performance while reducing downtime and cost. IT service desk for consistent, efficient service management issue resolution. Datacentremanagement for increased productivity, efficiency through better SLA management to upkeep/maintain uptime of power, servers, applications, database, security solutions, network, etc. End user support to provide a heterogeneous environment, resulting from silo-focused system deployment. Database services/management for secure and accessible services without building additional infrastructure or increasing administrative workload. Application management servicesfrom SLA maintenance of application availability to cross integration for better productivity, delivery and performance. IT project management for achievement of business goals. Managed security services to increase responsiveness, scalability, flexibility for ensured data privacy in an increasingly complex and dynamic security threat environment.

ITNEXT | M A R C H 2 0 1 1

15 Minutes Manager.indd 50

3/4/2011 3:01:12 PM


15-MINUTE MANAGER

“I sincerely try to be honest to myself first and then to others as well” —Sudhir Arya, Senior Vice President, Amtek

WHAT MAKES A GOOD LEADER? Communicate your emotions Effective leaders are masters of the classical elements of rhetoric. Truth should be told A key element of being a good business leader is the capacity to tell the hard truths. Invite criticism We all make mistakes. The important thing is to find our mistakes before they get too big. All committee leaders should ask “What criticism do you have of me?” to their members.

“If you’re serving people & giving people what they ask for, it might not be what they need. It’s always good to create healthy tension.” —Mike Rose, CIO, EVP, Juniper

A CIO-ON-DEMAND HELPS THE ORGANISATION GAIN ACCESS TO KNOWLEDGEABLE WORLDWIDE A INDUSTRY-SPECIFIC RESOURCES. Network management for monitoring multi-location activities; maintain heterogeneous network topology for improved availability of the business systems. Inventory management for monitoring and managing IT assets for optimised cost and better utilisation. Develop and manage an annual IT budget plan that is aligned with business priorities.

Changes in the IT department over time In the ‘90s, IT was merely an ElectricalData Processing centrewithin each department (the EDP section), which reported to line managers from middle management, who reported to top management. The command flowed from top to bottom and in reverse order. EDP’s core job was handling MIS and

Beware of opportunism Leaders should uphold the principle that work is good & honorable, that the hardest-working people are the best people, and that lazy & opportunistic people should be called what they are. Don’t be arrogant Leaders should commend those who have done good work; & members should praise leaders who have provided good direction.

looking after hardware issues ofthe organisation. This approach changed in 2000 when the IT department became a facilitator towards achieving the strategic goals of the business. This was when Organisational Integrated Application was implemented; all departments were on a single platform and monitored accordingly. The IT Head came into the picture and now worked on guidelines given by top management, in tandem with peers. Today, IT is a full-fledged department which reports to the CIO who is part of top management. SMEs to a certain extent still followthe historical IT approach, although some have adopted other approaches. It is not feasible or affordable for an SME to adopt a layered approach. And this is where an outsourced CIO comes in — a modern-day IT approach. The outsourced CIO is an outside entity executing the role and all the

M A R C H 2 0 1 1 | ITNEXT

15 Minutes Manager.indd 51

51

3/4/2011 3:01:17 PM


15-MINUTE MANAGER COMPUTING PLATFORMS

THE BATTLE FOR THE FUTURE

responsibilities of a full-time CIO, working in tandem with the top management and not as part of a business approach layer; working in conjunction with the business owner / share holder to meet and streamline the IT roadmap to meet the strategic business goals.

As war between tablets, smart phones, laptops and netbooks heats up in 2011, let’s analyse which one will suit what type of usage. MULTIMEDIA CONSUMPTION: The tablets, with their 5-inch, 7-inch and 10-inch screens offered a much better experience than the good old smartphone. And they offered the same performance in a form factor much more convenient to carry around than the netbook and laptop. Most tablets offer extremely good multimedia playback in general. Some may suffer if you are looking to play back HD video content, but will do just fine with standard definition videos and your music library.

1

DOCUMENT VIEWING/EDITING: For document viewing, the tablet is a lot more convenient than the smartphone and the laptop. The 7-inch and 10-screen tablets offer a lot of screen space. However, if you have to churn out a complete article or make a presentation on the move, then a netbook will suit your requirement. A tablet, with its touch-only screen, will make typing out long text documents a bit of a pain. Or use a phone with a QWERTY keypad.

2

PHONE USE (VOICE CALLS): The smartphone will be the best companion here. It fits in your pocket. You can take it out when the phone rings and see who is calling before deciding whether to answer or not. With a tablet, you can only see who is calling if the device is in your hands at that time.

3

PHONE USE (TEXT SMS & EMAILS): For the serious text and email user, a touchscreen phone has never been an option. It has always been a QWERTY keypad loaded phone. This is why the heavy text and email users prefer something like a Blackberry phone. The touchscreen bit limits the tablets as well, along with touchscreen phones. If you rely on text messages and/or emails on the move, we would recommend you use a phone with a physical QWERTY keypad.

4

GAMING: In this segment, not all tablets are equal. The ones with iOS and Windows 7 have an advantage over Android tablets. iOS and Windows tablets have a lot more games available to them, while Android as a platform is still playing catch-up.

5

— Vishal Mathur

52

From an operational point of view, an organisation gets quick answersto questions on what products or applications to opt for and getsproper feedback pertaining to them. They help the organisation gain access to knowledgeable worldwide and industry-specific resources. They serve as a ready performance reference for a service provider’s assessment and deployment of services. With hands-on project management, licensing and pricing policy of vendors, they provide the best technology decision support. With a vast experience pool, they package best practices to handle specific projects based on discussions with peers of the organisation on past project handling techniques. They enhance the business value of the implemented project by implementing project portfolio management techniques which ultimately helps the organisation move towards a leaner, meaner IT organisation. On the strategic front, they act as a catalyst that helps devise a longterm IT strategy roadmap, aligned with technological needs, to serve the business. They conduct a pencil review of strategic documents by organising IT and Business Integration sessions. They help chart a service provider’s relationship roadmap based on SLA terms with the business. The ultimate outcome of their services is package implementation of total cost of ownership to position the business value of the technology investment. The author is Deputy Manager (System), The Calcutta Medical Research Institute.

IL LUSTRATIO N: PHOTO S .CO M

The Business Value of a CIO on Demand

ITNEXT | M A R C H 2 0 1 1

15 Minutes Manager.indd 52

3/4/2011 3:01:19 PM


15-MINUTE MANAGER

PEOPLE MANAGEMENT

HAVING THE BEST OF BOTH WORLDS Sears India has attracted a large pool of talent with their option to ‘work from home’, making the most of technology advancements.

IL LUSTRATIO N:SHI GIL N

BY A LO K K U M A R

T

echnology has made it possible for every employee not involved in physicalwork to work from any location. It is a common practice in the US to telecommute and is being projected as an effective measures to save the environment. In India, although the practice is much talked about, it has not caught the fancy of the corporate world or is being used very cautiously. The

adoption of this practice has been rather slow in this part of the world and is mostly limited to MNCs who already have the practicein place, in their country of origin. When I started Sears India, one of the main factors that attracted talent to us was the option to ‘work from anywhere’, leveraging the advancements in technology. Sears India took a bold step to implement this practice right from Day One.

The management team was under the impression that this practicewhich is common in the US, can easily be replicated in India, and it would be better to have a smaller office with several people working from home, all the time. We also deliberated over the question that if we created larger work spaces and made it compulsory for every employee to come to office, how could we make the employees more productive? As a company, we made a policy of providing every employee a company laptop, secured with a company image and VPN, a broadband data card or a fixed line connection and a mobile phone connection. Each laptop is loaded with a Microsoft communicator and also an AT&T Connect, which helps with voice and video calls from the laptops. We soon realised that it is a tremendous tool to bring in higher productivity and retain employees, if managed properly. Over more than one year of working with this policy, we encountered several cases which helped us fine-tune the policy to benefit the company immensely. While the policy worked very well with some employees, it was not very

M A R C H 2 0 1 1 | ITNEXT

15 Minutes Manager.indd 53

53

3/4/2011 3:01:21 PM


15-MINUTE MANAGER effective for a few. Eventually, we figured that we needed to add some regulations around the policy to make working from home truly effective. The first element we initiated was that work from home was an option

only with the manager’s permission and intimation. This ensured that there were no surprises when the person wasactually needed on site. This was followed by an audit check to see if the employee had the right infrastructure to

Form IV Statement of ownership and other particulars about the publication, IT NEXT as per Rule 8 1.

Place of publication

Nine Dot Nine Mediaworx Pvt. Ltd., A-262, Defence Colony, New Delhi-110024

2.

Periodicity of its publication

Monthly

3.

Printer’s name Nationality (a) Whether a citizen of India? (b) If a foreigner, the country of origin Address

Vikas Gupta Indian Yes N.A. A-262, Defence Colony, New Delhi-110024

4.

Publisher’s name Nationality (a) Whether a citizen of India? (b) If a foreigner, the country of origin Address

Vikas Gupta Indian Yes N.A. A-262, Defence Colony, New Delhi-110024

5.

Editor’s name Nationality (a) Whether a citizen of India?

Vikas Gupta Indian Yes

(b) If a foreigner, the country of origin Address

N.A. A-262, Defence Colony, New Delhi-110024

Names and addresses of individuals who own the newspaper and partners or shareholders holding more than one per cent of the total capital

Pramath Raj Sinha, N-154 Panchsheel Park, New Delhi 110017.

6.

Vikas Gupta, C-5/10 Safdarjung Development Area, New Delhi 110016 Asheesh Kumar Gupta, 103, Tower II, The Palms, South City-1, Gurgaon 122001 Anuradha Das Mathur, C-144, Sarvodaya Enclave, New Delhi 110017 Kanak Ranjan Ghosh, BH-44, Sector II, Salt Lake City, Kolkata 700091 Helion Venture Partners India II, LLC, Les Cascades Building, Edith Cavell Street, Port Louis, Mauritius TVS Shriram Growth Fund I, JE JayaLakshmi Estate # 29, Haddows Road, Nungambakkam, Chennai 600006

I, Vikas Gupta hereby declare that the particulars given above are true to the best of my knowledge and belief. Sd/Dated : 1st March, 2011 (Signature of Publisher)

54

work from home. If the infrastructure was inadequate, the employee was helped to upgrade the same at the company’s cost and only then allowed to work from home. The third step we took was to define clear deliverables while the employee worked from outside the office. This ensured that there was a definite amount of work for the person to do from home. The team managers were held accountable for the timely delivery of the services they were assigned, and were made accountable to regulate the work of their home-based staff if that affected the output. Since each employee of Sears India is provided with a company laptop which has a corporate build installed, it makes the laptop very safe. No one is allowed to work without logging on to the corporate VPN whereby all security policies are automatically enabled on the employee’s machine. A year later, we now have 28% of our employees working remotely for four to ten days in a month. We have observed that there have been no delays or issues from the user community and the feedback from employees on this policy have been excellent. In fact, the company is able to provide services to the user community at odd hours 24x7, through the domain experts who can work from home as and when required. This has also been a blessing for female employees who have other duties to fulfil apart from work. Working late nights from home has also become possible for female employees and other staff who have personal duties to fulfil. Our analysis also revealed that the productivity of the work from home employee is the same or higher than the office staff. We’ve been able to hire better talent and make an optimal use of it by offering this freedom. CIOs should motivate and enable employees to try out such avenues which help them remain productive for their organisations and balance family life. The author is MD & Head - India Operations, Sears IT & Management Services (India) Pvt. Ltd.

ITNEXT | M A R C H 2 0 1 1

15 Minutes Manager.indd 54

3/4/2011 3:01:22 PM


UPDATE

OPEN DEBATE

BOOK FOR YOU A platform to air your views on latest developments and issues that impact you

Should enterprises ban FaceBook?

UNNI NAIR, MANAGER IT, ARAMEX To be honest, FaceBook has become a big distraction within the enterprise space. Not only do most employees spend much time on this social networking medium, it also chokes up the bandwidth with all the videos that are being played on it. There needs to be some sort of control that needs to be employed to check the situation. According to me, the best thing will be to adopt a policy that states clearly what is acceptable and what is not. But even then, I don’t think blocking or banning sites like facebook will help. For all you know, such a step could be counter-productive.

CHETAN MANJREKAR, MANAGER IT, SKYPAK FINANCIAL SECURITIES The biggest danger that social network sites like FaceBook and Twitter face is in terms of information security. What happens if an employee inadvertently divulges privileged information on the sites? There have been numerous such cases in the past. If any confidential information is mistakingly revealed on any online social medium, other organisations might use it for their own advantage, thus putting the company in peril. So, employees need to be carefully educated on how to use these sites and not ban them.

SUDISH BALAN, BUSINESS DIRECTOR, TONIC MEDIA Blocking Facebook can be counter-productive. As it is, most people check their accounts on their mobile phones. Hence, banning it on the enterprise network won’t prove to be of much help. It could also send wrong signals to the employees in lieu with transparency and openness and there could be instances where employees by-pass the firewall using third-party sites. On the contrary, the enterprise could look at a good substitute like Chatter or Yammer. If the employees are hooked on such sites, it could be a good alternative to Facebook.

Banking Villians Liaquat Ahamed’s first book has made the great depression of 1920s readable. Bankers can write. TITLE: LORDS OF FINANCE AUTHOR: LIAQUAT AHAMED PUBLISHER: WILLIAM HEINEMANN PRICE: RS 1199

There’s an old saying, “When nothing else works, blame the bankers.” After the fiscal collapse of a few iconic banks in 2008 around the world, we have adulated anyone who has written against the ‘greedy bankers’. Banking on this hate wave, Liaquat Ahamed, a banker by profession, has come out with his first title called ‘Lords of Finance’, a book on the collapse of the world economy from 1929-1933, a.k.a. the great depression. The plot of Britain, France, and Germany in ruins – with their economies saddled with debts, population impoverished by rising prices, and their currency collapsing with unemployed youth, would easily qualify as a riveting script for the next Quentin Tarantino cult. With the central bankers as protagonists, the book traces back their efforts to reconstruct the system of international finance after the First World War. Though they did succeed for a while in between (mid1920s) – when the world currencies were stabalised, capital became readily available and economic growth resumed once again – the cracks appeared in the fragile picture of prosperity soon. IT NEXT VERDICT

Your views and opinion matter to us. Send us your feedback on stories and the magazine to the Editor at editor@itnext.in

The jargon-free account of the futile attempts of central bankers is a must read for everyone who has played in the hands of recession. STAR VALUE:

M A R C H 2 0 1 1 | ITNEXT

OpenDebate.indd 55

55

3/4/2011 4:40:13 PM


MY LOG

TANU KAUR HR Consultant

ILLU ST R AT ION: ANIL T

A Wake Up Call! A manager needs to make sure that there is enough scope for partners

56

3 ESSENTIAL

READS

15-MINUTE MANAGER

15-MINUTE MANAGER responsibilities of a full-time CIO, working in tandem with the top management and not as part of a business approach layer; working in conjunction with the business owner / share holder to meet and streamline the IT roadmap to meet the strategic business goals.

COMPUTING PLATFORMS

THE BATTLE FOR THE FUTURE

The Business Value of a CIO on Demand

MULTIMEDIA CONSUMPTION: The tablets, with their 5-inch, 7-inch and 1 10-inch screens offered a much better experience than the good old smartphone. And they offered the same performance in a form factor much more convenient to carry around than the netbook and laptop. Most tablets offer extremely good multimedia playback in general. Some may suffer if you are looking to play back HD video content, but will do just fine with standard definition videos and your music library. DOCUMENT VIEWING/EDITING: For document viewing, the tablet is a 2 lot more convenient than the smartphone and the laptop. The 7-inch and 10-screen tablets offer a lot of screen space. However, if you have to churn out a complete article or make a presentation on the move, then a netbook will suit your requirement. A tablet, with its touch-only screen, will make typing out long text documents a bit of a pain. Or use a phone with a QWERTY keypad. PHONE USE (VOICE CALLS): The smartphone will be the best compan3 ion here. It fits in your pocket. You can take it out when the phone rings and see who is calling before deciding whether to answer or not. With a tablet, you can only see who is calling if the device is in your hands at that time. PHONE USE (TEXT SMS & EMAILS): For the serious text and email 4 user, a touchscreen phone has never been an option. It has always been a QWERTY keypad loaded phone. This is why the heavy text and email users prefer something like a Blackberry phone. The touchscreen bit limits the tablets as well, along with touchscreen phones. If you rely on text messages and/or emails on the move, we would recommend you use a phone with a physical QWERTY keypad. GAMING: In this segment, not all tablets are equal. The ones with iOS and 5 Windows 7 have an advantage over Android tablets. iOS and Windows tablets have a lot more games available to them, while Android as a platform is still playing catch-up. — Vishal Mathur

52

The author is Deputy Manager (System), The Calcutta Medical Research Institute.

PEOPLE MANAGEMENT

HAVING THE BEST OF BOTH WORLDS Sears India has attracted a large pool of talent with their option to ‘work from home’, making the most of technology advancements. BY A LO K K U M A R

I L LU ST R AT I O N : P H OTO S . C O M

As the war between tablets, smart phones, laptops and netbooks heats up in 2011, let’s analyse which one will suit what type of usage.

From an operational point of view, an organisation gets quick answersto questions on what products or applications to opt for and getsproper feedback pertaining to them. They help the organisation gain access to knowledgeable worldwide and industry-specific resources. They serve as a ready performance reference for a service provider’s assessment and deployment of services. With hands-on project management, licensing and pricing policy of vendors, they provide the best technology decision support. With a vast experience pool, they package best practices to handle specific projects based on discussions with peers of the organisation on past project handling techniques. They enhance the business value of the implemented project by implementing project portfolio management techniques which ultimately helps the organisation move towards a leaner, meaner IT organisation. On the strategic front, they act as a catalyst that helps devise a longterm IT strategy roadmap, aligned with technological needs, to serve the business. They conduct a pencil review of strategic documents by organising IT and Business Integration sessions. They help chart a service provider’s relationship roadmap based on SLA terms with the business. The ultimate outcome of their services is package implementation of total cost of ownership to position the business value of the technology investment.

ILLUSTRATION:SHIGIL N

Appraisals, for instance, is one fine example to substantiate that claim. I’ve seen many employees leaving their existing organisation right after their yearly appraisals. What does that signify? Are they greedy and moving to another place just for the sake of raking in some more money? Or is it the fault of management, which has not been able to give proper appraisals? My experience tells me that it is more to do with the incapability of the immediate supervisor and uncertain business practices being followed by the company. This could have unforeseen repercussions like talent poaching by rival firms, business plans getting leaked, profitoriented units turning negative and so on. And since the immediate managers have kept their seniors in the dark right from the beginning, it’s challenging for them to understand the reasons behind this fallout and to keep businesses profitable. In a matter of time, an organisation can lose many employees, just because of bad people practices being followed at various hierarchy levels. More so, the notorious deeds of a company can be spread out within minutes to the entire partner community through social media. Hence, the modern day manager needs to act like an entrepreneur who makes sure that there is enough scope for partners—be at any level —to grow and flourish. Act before it’s too late.

T

echnology has made it possible for every employee not involved in physicalwork to work from any location. It is a common practice in the US to telecommute and is being projected as an effective measures to save the environment. In India, although the practice is much talked about, it has not caught the fancy of the corporate world or is being used very cautiously. The

adoption of this practice has been rather slow in this part of the world and is mostly limited to MNCs who already have the practicein place, in their country of origin. When I started Sears India, one of the main factors that attracted talent to us was the option to ‘work from anywhere’, leveraging the advancements in technology. Sears India took a bold step to implement this practice right from Day One.

The management team was under the impression that this practicewhich is common in the US, can easily be replicated in India, and it would be better to have a smaller office with several people working from home, all the time. We also deliberated over the question that if we created larger work spaces and made it compulsory for every employee to come to office, how could we make the employees more productive? As a company, we made a policy of providing every employee a company laptop, secured with a company image and VPN, a broadband data card or a fixed line connection and a mobile phone connection. Each laptop is loaded with a Microsoft communicator and also an AT&T Connect, which helps with voice and video calls from the laptops. We soon realised that it is a tremendous tool to bring in higher productivity and retain employees, if managed properly. Over more than one year of working with this policy, we encountered several cases which helped us fine-tune the policy to benefit the company immensely. While the policy worked very well with some employees, it was not very

ITNEXT | M A R C H 2 0 1 1

M A R C H 2 0 1 1 | ITNEXT

53

How to attract a large pool of management? Pg 53 RISK-BASED AUDITING | INSIGHT

INSIGHT | RISK-BASED AUDITING

RUN THE RISK

internal controls. Hence the need to integrate a Risk-based Auditing management system is recognised as one of the keys to successful implementations of business critical IT systems. The focus here is on the best practices which need to be followed for risk-based auditing during the implementation cycle. In a typical implementation cycle, the Project Management Office (PMO) is engaged or responsible for the risk assessment processes. The most common risk management standards used by the PMO are ISO 31000:2009 and Enterprise Risk Management – Integrated Framework (COSO ERM). The PMO has the most obvious risk to assess — whether the project is ready to go live. Apart from this, there are several other risks which need to be mitigated for successful implementation. Some examples are: Compliance with industry regulations such as BASEL II, PCI DSS, HIPAA, etc. Compliance with various national, state and local data security and privacy laws. Risk that business requirements will not be fulfilled during the implementation. Risk that business requirements are not properly confirmed during the testing process. Risk of delay and budget overshooting during the implementation. Stability of the application. Internal & external security systems.

Incorporating a Risk-based Auditing management system is one of the most effective solutions for the successful implementations of business critical IT systems.

Every firm doesn’t have the same degree of risk appetite and risk mitigating controls. The PMO has its limitations in the form of expert manpower & time, to mitigate all the risks which arise out of huge business critical implementation projects. How can the PMO effectively identify and manage risk in such business critical implementations? The answer is to have a Risk Advisor/Auditor who will provide vital inputs with corrective actions at the critical stages of the implementation, to the PMO.

JATIN MODH

C

hoosing the right business critical IT systems that will meet an organisation’s business requirements is the first and most important decision towards accomplishing successful implementation; closely followed by the choice of the system integrator or implementer. During the implementation, organisations face several significant challenges or tasks which they need to overcome. These include the reengineering of the current business processes, reconfiguration of existing controls, adoption of the new business processes and new

PH OTO G R A PH Y: JAYA N K N A R AYA N A N

B

eing a HR consultant, I’ve been fortunate enough to observe the rise and descent of some organisations. Not so surprisingly, one of the major factors that define the scope of winning or losing is the way businesses handle their partners— both external and internal. While many of them take utmost care in dealing with their external customers, they simply lack skills to meet the expectation of employees— their growth partners, inside the premises. And that is where the emotions of deep and bitter anger and ill-will start to penetrate, which causes the demise of a project and lead to a complete failure of a division. In most of the cases, it is the manager who is largely responsible for the outcome. The problem persists when managers are incapable in leading a team because of their limited understanding of the way modern businesses work. And to hide that discomfort, they tend to chose those people in their team who are apparently less capable than them. If someone is more capable, the manager simply tries to cut him out of the picture. People look for better opportunities and targets that should drive their ambitions; but beyond a point, they also want to grow as a person and look for steady growth and transparency. And if this is absent in their present organisation, there is no other option than to walk off.

M A R C H 2 0 1 1 | ITNEXT

39

40

THE THREE SUGGESTED APPROACHES ARE:

1

Implementer providing the Riskbased Auditing services The organisation must make

IDENTITY THEFT STATISTICS 2010 The average cost for a business to recover from a data breach is $6.75 Million. The average cost to implement identity theft, social engineering and data breach training? In most cases, less than $50,000. 62% of those breaches reported exposed Social Security Numbers, and 26% involved credit or debt card information. 15.7% of the data breaches involved state and federal agencies and the military. Medical and health care facilities accounted for 24.2%, educational institutions accounted for 9.8% and the banking industry, 8.2%. That leaves businesses as the largest percentage of breaches - 42.1%. Malicious attacks, according to the report, account for more breaches than human error - the former constitutes about 17% of breaches, while the latter, just 15%. However, almost 40% of those breaches reported did not identify the manner in which information was exposed. Although the risks of hacked databases often make headlines, the report finds that paper breaches account for nearly 20% of known breaches. Only 200 of the 662 breaches were credited to information provided by states and agencies with mandatory reporting. Source: Identity Theft Resource Center

sure that it gets qualified resources for both the implementation and the riskbased auditing services. Pros: Project Planning is well integrated and more seamless, as both the services are provided by a single entity. Resources are well managed since there are lesser coordination and conflict efforts involved. Cons: Independence and objectivity of the auditing function is eliminated. Inherent conflict of interest between the implementation staff and the auditing staff on achieving on time and on budget can lead to quality issues and risks left unaddressed.

2

Organisation’s audit firm providing Risk-based Auditing services This is one of the common approaches followed. Pros: An independent review of the project status, deliverables and results are obtained and will protect the organisation from facing any issues from their stakeholders against any critical decision made during the implementation. As they are already aware of the existing processes and controls, the design of the new processes and controls, and acceptance of the same is easier. Cons: The skill sets and experience of the consultants in the implementation or in use of the application might not be adequate.

3

Independent firm providing Risk-based Auditing services This is one of the most professional approaches. Pros: The consultants are focused and experienced, and experts in their respective domain. An independent review in the true sense is achieved without a bias towards any firm or stakeholder.

ITNEXT | M A R C H 2 0 1 1

Why Risk Based Auditing is important for business critical IT system? Pg 39 CASE STUDY | LOWE INDIA

LOWE INDIA | CASE STUDY

KNOWLEDGE MANAGEMENT

From ‘Ignorance Tolerated’ to IT Loweconnect is regarded as a model solution in the advertising industry. Here’s why… BY PRAVIN SAVANT

W

h at ’s common between ‘Daag Acche Hain’ and Microsoft Sharepoint server? Well, both are recognised ideas which have made an impact and stay with you for a very long time. And each of these was created by Lowe Lintas and yes, incidentally, they also use the Microsoft Sharepoint server in a very productive way. Lowe Lintas is one of India’s top advertising agencies and it believes that the greatest service it can render is the power of a high-value idea. The company has built a reputation for quality and innovative services, and it relies on a robust information technology environment to help deliver what its customers need.

26

Unfortunately, until about a year ago, it was difficult to share creative work across all its offices in India, in order to generate more region-wise ideas, brand building, feedback, and launch a national-level campaign. While most of the work done by

WE DECIDED TO IMPLEMENT A SOLUTION THAT COULD SATISFY A RANGE OF BUSINESS NEEDS TO DEVELOP AN EFFICIENT PORTAL ENVIRONMENT.

creative individuals was brilliant and a huge asset for the organisation, there was no central repository of the same, for future reference or any other business usage. This limitation imposed constraints on collaboration and managing knowledge effectively. This lack of a knowledge base and collaboration made the organisation person-dependent rather than processdependent. Especially, when there are almost 800 talented employees working across brand servicing, planning, creative, operations and production - creating in excess of thousands of artwork. Anything to facilitate this process would obviously have a direct impact on the organisation. We soon realised that we needed to develop an efficient portal environment that would enable us to share information and collaborate easily within and across business units. So, we decided to implement a solution that could satisfy a range of business needs. This needed to serve as a potential knowledge management system that provided the ability to easily publish

COMPANY SNAPSHOT Founded in 1939 as a part of Hindustan Lever, Lowe Lintas is one of India’s largest and most storied communication groups. Headed by Chairman and Chief Creative Officer R. Balakrishnan (Balki) and CEO, Joseph George, Lowe Lintas employs spread across eight divisions and nine cities all over India.

We chose to go with an Office SharePoint Server, as it satisfied our criteria & we felt confident in the Microsoft platform. CHALLENGES: Giving people

a robust yet simple to manage platform to share & collaborate. The famous myth around feasibility to merge mercurial creative talent with a routine and steady systems environment. Hence change management is the biggest challenge. SOLUTION: Given our usage of Microsoft platform (Email on exchange, Office communicator for chat) it made a good sense to evaluate MOSS & it’s been a good solution giving us desired results BUSINESS BENEFITS: The single

place to collaborate & shared has unleashed many business opportunities and most essentially it has paved the way for all future initiatives like Knowledge management & Business intelligence. The qualitative benefits far outweigh the operational time & efforts savings.

documents on the intranet, effectively search for information, collaborate and share information among all business units. Then, it was time for the implementation. To set the ball rolling, change management, business support and involvement were key factors. Essentially, it implied that the solution had to be robust, scalable from a longterm perspective and at the same time had to be simple to use. “We chose to go with anOffice SharePoint Server because it satisfied all our criteria and we felt confident in the Microsoft platform,” says our CTO Pravin Savant. “With the Office SharePoint Server, we not only received a great deal of value for our investment, but we were also able to put effective, usable technology into the hands of our business users,” he added. The planning and execution efforts for the readiness of the technology platform had to be run in tandem with business alignment and change management initiative. To this end, the top management and the core user group’s involvement had been terrific, right from the solution design, launch and sustenance efforts. With an average 70% usage and at least one login per week and the highest usage being from regional offices, Loweconnect has been a success story. The various services provided are channelised into the following dimensions: Communication: It includes top man-

agement communication, internal news and communication, industry and client-specific news of interest, and a creative library with updates on new creative work. This includes an average of 3 messages from the CEO’s desk per month and over 300 industry news items, 150+TV commercials and print items in a few months. Interaction: This includes discussion forums, blogs, office communicator chat, polls, surveys, and brain food. There is an average of 10 blogs/ discussions per month on varied topics. Transactions: It includes leave records and links to various key applications. Change management: It has helped us explain the importance of technology usage across the organisation. It has also led to many new ideas and concepts which is rare in this industry. In the future, it will give us technical uniformity across various layers. The success of an IT initiative is defined by its business relevance. Collaboration is the critical aspect in our line of business. Right from concept to implementation and sustenance, Loweconnecthas enjoyed good business buy-in. It has also paved the way to introduce more technologybased initiatives at Lowe. In fact, it is regarded as a model solution in the industry and has already been included in a Microsoft reference case study at their global site. With the proven success and adaptability of the platform, more plans to leverage technology have been unleashed using the MOSS framework. Knowledge management and business intelligence are the two key initiatives, and very importantly, it’s part of the unified platform effort, so that the business leverages all key pieces of data, derives useful information from it for business intelligence and then is able to retain the knowledge which is retrievable. As Pravin says, IT is no more ‘Ignorance Tolerated’ at Lowe Lintas, but it’s doing more of what it should be — supporting the business to deliver its goals.

ITNEXT | M A R C H 2 0 1 1

M A R C H 2 0 1 1 | ITNEXT

27

Loweconnect is regarded as a model solution in the advertising industry. Pg 26

ITNEXT | M A R C H 2 0 1 1

My Log.indd 56

3/4/2011 4:57:08 PM


IT Next Magazine March 2011  

March 2011 Issue of IT Next Magazine

Advertisement
Read more
Read more
Similar to
Popular now
Just for you