Indian CIOs Viz-a-Viz Consumerisation of IT

S P I N E

Technology for Growth and Governance

CT

O

FO

RU

M

Indian

CIOsvis-à-vis

consumerisation of ITCTO Forum's comprehensive survey

provides insights into what CIOsthink about this hot trend

Page 21

From Information to Innovation OfficerPAGE 12

NO HOLDS BARRED

I BELIEVE

The NextBig Wave

PAGE 04

BEST OF BREED

Best Practicesfor InnovationPAGE 14

Volume 07 | Issue 16

April | 07 | 2012 | 50Volume 07 | Issue 16

TH

E E

TE

RN

AL

ST

RU

GG

LE

| CL

OU

D S

OU

RC

ING

, INF

O A

GE

AN

D G

LO

BA

LIS

AT

ION

| TH

E H

EA

RT

AN

D S

OU

L O

F VA

LU

E IT

A 9.9 Media Publication

Scan using your QR code readeror download one from www.mobile-barcodes.com/qr-code-software

Given the increasing data businesses generate today, Gartner* predicts that a typical datacenter will be obsolete in just seven years. Imagine pumping hefty capital into building datacenters ground-up, every seven years!

At CtrlS, we have all the space for you to grow, with design features to maximize space usage and power efficiency. What’s more, with flexible infrastructure that lets you scale up or down as you require, you could save up to 40% in Total Cost of Ownership. And use it to your advantage instead.

WHY LOSE CAPITAL,

DR on demand | MyCloud - Private cloud on-demand | Managed Services | Messaging SolutionsCtrlS Business Solutions

Visit www.ctrls.in/mumbai-data-center

`` `̀

``

`

```

``

WHEN YOU CAN USE IT PROFITABLY?

Scale up or down in no time with 5,000 racks available

Save up to 40% in Total Cost of Ownership

Slash your CAPEX on IT infrastructure

Get freedom from managing technology changes, upgrades and versions

Be assured of uninterrupted business during disasters with DR on demand and a 600-seat BCP set up

Benefit from India’s most secure datacenter

Asia's Largest Tier IV Datacenter

` `` ` `

``` `` `

``` ` `

``

`

` `

`

``

* http://www.forbes.com/2010/03/12/cloud-computing-ibm-technology-cio-network- data-centers.html

```

` `

1 07 april 2012 cto forumThe Chief

TeChnologyoffiCer forum

editorialyashvendra singh | [email protected]

editor’s pick

The Hidden Opportunity It may be a

headache for CIOs but if leveraged properly, consumerisation of IT has

a strong case for business growth

7 Points to AnalyseTechnology leaders give their mandate on seven astute questions on consumerisation of IT

Just when the Cio thought he had everything under control,

another trend or technology emerged that left him unsettled. The new trend of consumerisa-tion of iT, seeping rapidly into enterprises, has started to give Cios sleepless nights.

The explosion in the growth of tablets and smart phones, and their rapid ingress into the work-place is turning into a security and management nightmare for any Cio. he no longer has to take care of a single operating

on the other hand, has realised that allowing employees to bring their own devices to work stands to revolutionise productivity. The employee, thus, has a wide range of devices to choose from, and the mandate from his manage-ment to get it to his workplace.

That consumerisation of iT will proliferate in the next few years is corroborated by various reports. According to one such report from gartner, enter-prise sales of media tablets will account for about 35 percent of total tablet sales sold in 2015. gartner expects enterprises to allow tablets as part of their buy your own device (ByoD) pro-gram. more of these tablets will be owned by consumers who use them at work.

This leaves technology deci-sion-makers like you with little choice. They way ahead for Cios is to quicky put a comprehen-

system. Today, there are multiple devices running multiple oSs. Besides, these issues are not restricted within the four walls of the enterprise. Tech lead-ers now have to shoulder the responsibility of securing these devices outside the office too.

manufacturers, meanwhile, have taken the cue. They are increasingly coming out with devices that can play movies and games with equal ease as they can handle a power point presentation. The management,

sive strategy in place to securely harness these technologies and leverage them to increase productivity and speed up the decision-making process.

i feel consumerisation of iT is like a powerful weapon in the hands of a Cio. if used irrespon-sibly, it can cause a lot of harm to the enterprise. however, if used judiciously, it can help his organ-isation ward off competition.

one thing that is certain for a Cio is to realise there is no run-ning away from this trend. he needs to proactively frame a strat-egy that takes into consideration the requirements of his employ-ees and his organisation.only then will he have everything under his control, till another disruptive trend comes up!

21

2 07 april 2012 cto forum The Chief


Cover Story

21 | 7 Points to Analyse Technology leaders give their mandate on seven astute questions on consumerisation of IT

CoPyrIghT, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson house, Plot Printed at Tara Art Printers Pvt ltd.A-46-47, Sector-5, NoIDA (U.P.) 201301

ColumnS4 | I belIeve: The NexT bIg Wave Supporting the devices that employees want, creates a secure enterprise and helps in employee retention By Oliver Bussman

48 | vIeW poINT: The MagIc of aMazoNAmazon recently announced some big price cuts for its AWS and eC2 services, amongst others By steve Duplessie

FeatureS14 | besT of breed:besT pracTIces for INNovaTIoN Steps to ensure processes yield optimum value

Please Recycle This Magazine And Remove Inserts Before

Recycling

Co

ve

r D

eSi

gn

by

a

nil

t |

ill

uSt

ra

tio

n b

y r

EtH

iSH

K r

co ntE nt S theCtoForum.Comapril 12

21

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das Mathur

EditorialExecutive Editor: Yashvendra Singh

Consulting Editor: Sanjay Gupta Assistant Editor: Varun AggarwalAssistant Editor: Ankush Sohoni

dEsignSr Creative Director: Jayan K Narayanan

Art Director: Anil VK Associate Art Director: Atul Deshmukh

Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Sristi Maurya & NV Baiju

Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony, Peterson

& Prameesh Purushothaman C Chief Photographer: Subhojit Paul

Sr Photographer: Jiten Gandhi

advisory PanElAnil Garg, CIO, Dabur

David Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on

Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

salEs & MarkEtingNational Manager – Events and Special Projects:

Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)

Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)

Senior Sales Manager (North): Aveek Bhose (+91 98998 86986)Product Manager - CSO Forum and Strategic Sales:

Seema Menon (+91 97403 94000)Brand Manager: Gagandeep S Kaiser (+91 99999 01218)

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar

Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bungalow No. 725, Sector - 1, Shirvane, NerulNavi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd.

A-46-47, Sector-5, NOIDA (U.P.) 201301Editor: Anuradha Das Mathur

For any customer queries and assistance please contact [email protected]

www.thectoforum.com

34 | NexT horIzoNs: MobIlITy: The fuTure Is NoW organisations can ensure that the use of mobile is on their terms

regularS01 | edITorIal06 | leTTers08 | eNTerprIse

rouNd-up

advertisers’ index

CTRLs IFCSAS Institute 5Microsoft 7, BCRicoh 37Dell IBC

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

40 | Tech for goverNaNce: cyber self defeNse for NoN-geeks The direction of a strike depends on where your opponent stands

40

no holDS barreD

12 |From Information to Innovation officer In conversation with CTo Forum, David he, huawei’s President of Marketing, Enterprise Business group, reveals his strategies and the challenges that lie ahead

34

12

I BelIeve

currentchallenge



Managing and Making data accessible on Mobile devices anytiMe, anywhere

ity of the information. first of all, maybe you need three to five clicks to get you to the information, instead of going to your laptop, logging in, going to the Website, etc. here it takes 20 or 30 seconds or less and you have access to the information. So the joy of the consumption of that information is going up.

on the other side, if you also provide real-time updates of this information, then the desire to go into that mobile app and see how is my business doing is there. We have applications that measure our entire sales business globally, to see which deals we are working on, is there progress, are there any seeds of opportunity. So, there’s much better insight, and if there’s a crisis we see this immediately.

i also see a huge change of con-sumption behavior, which is similar to the introduction of mobile email. Compared to 10 years ago, everyone's checking email every 5 or 10 min-utes now. We see this now also with mobile devices, looking at real-time business results, updated financials. Because i can jump into that informa-tion between meetings, i am always on top of that. So i think that's the next big wave that we will see in the corporation: the combination of managing huge amounts of data, and making it accessible on mobile devices anytime, anywhere. That's a big change that we already see inter-nally, and my prediction is that we'll also see it in entire industries, that you have to be on top of your business and be always available [to react].

We had the infrastructure enabled to manage tablets in may 2010. We added more mobile apps — business analytics, workflow, customer rela-tionship management tools. We have more than 40 apps now and working fine for us. —This article was first published in CIO

Insight. For more stories, please visit

www.cioinsight.com.

In our experience, the best use-case scenario in the enterprise is busi-ness intelligence. Typically you have a lot of dashboards and reports available on laptops, etc. moving them onto mobile devices, there's a different mobility, a different usability. We see a huge increase of usabil-

The auThor Is a global IT executive with over 20 years of influential leadership with

SAP, Allianz, Deutsche Bank & IBM.

By olIver Bussman CIO, SAP

The Next Big Wave Supporting the devices that employees want, creates a secure enterprise, attracts young talent, drives innovation and helps in employee retention

LETTERS

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how

to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

ARE CTOS mORE InTERESTEd In SATISfyIng ThE CfO & BOARd RAThER ThAn ThE COnSUmER?

If CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.Arun guptA, Group CIO, Shoppers' Stop

Fit technology to SpeciFic need

Fitment of technology to specific organisational needs should be the approachTo read the full story go to: http://www.thectoforum.com/content/fit-technology-specific-need

CTOf Connect Costin Raiu, Director, Kaspersky Lab talks to Varun Aggarwal about security challenges in cloud.http://www.thecto-forum.com/content/need-cloud-securi-ty-standards

OpiniOn

N. EswaraNatrajaN HEad – OpEratiONs aNd tEcHNOlOgy, icici lOmbard

CTOforum LinkedIn groupJoin over 900 CIOs on the CTO Forum LinkedIn group

for latest news and hot enterprise technology discussions.

Share your thoughts, participate in discussions and win

prizes for the most valuable contribution. You can join The

CTOForum group at:

www.linkedin.com/

groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are:Open Source vs Proprietary SOfTWARE

Practically how many of you feel OpenSource Free

software are best solutions than any proprietor software's?

I would rather mention that, you call should depends on

the criticality of the application to serve the enterprise

business requirement, as opensource application can

have security breaches and lack of support in worst

come senario

—Vishal Anand Gupta, Interim CIO & Joint Project Director HiMS at The Calcutta Medical Research Institute

technology should not be used just because it is the cutting edge solution to a business problem

S P I N E

Technology for Growth and Governance

CT

O

FO

RU

M

“We spend a lot of time with customers and translate their needs into something that makes sense for our engineers.”—Hugh Njemanze

“The power of analytics is allowing the business to be agile and correct before it hits a wall.”—Sudipta K Sen

“Having a mentor is an extremely valuable resource that can help guide CIOs

through the many challenges that they face.”—Harvey Koeppel

“With cloud encryption solutions, you do not need to worry

about your data landing into the wrong hands.”—Chris Fredde

“There is no doubt in my mind that real-time

communications in the cloud is coming and will drive broader adoption”—Andrew Miller

“There is no doubt in my mind that real-time

communications in the cloud is coming and

will drive broader adoption”—Andrew Miller

“With cloud encryption solutions, you do not need to worry about your data landing into the wrong hands.”—Chris Fredde

“Having a mentor is an extremely valuable resource that can help guide

CIOs through the many challenges that they face.”—Harvey Koeppel

“We spend a lot of time with customers and translate their needs into something that makes sense for our engineers.”—Hugh Njemanze

Strategic Sourcing, Pathetic DeliveryPAGE 04

I BELIEVE

Market ResearchPAGE 52

VIEWPOINT

Virtualisation Journey of India BeginsPAGE 14

A QUESTION OF ANSWERS

Five interviews with top business

leaders on topics ranging from cloud to security and from UC to leadership | Page 25

HighFive

“The power of analytics is allowing the business to be agile and correct its course before it hits a wall.”—Sudipta K Sen

Volume 07 | Issue 14

March | 07 | 2012 | 50Volume 07 | Issue 14

HO

W T

O S

ET

UP

A H

IGH

-PE

RF

OR

MIN

G S

EC

TE

AM

| BIG

DA

TA A

$50 BIL

LIO

N M

AR

KE

T | W

HA

T IT

PR

OF

ES

SIO

NA

LS

RE

AL

LY W

AN

T

A 9.9 Media Publication

Andrew MillerCEO Polycom

Sudipta K SenCEO & MD – SAS Institute (India)

Hugh NjemanzeArcSight Founder and VP & CTO, HP Security Solutions

Harvey KoeppelExecutive Director, Centre for CIO Leadership

Chris FreddeCEO, SafeNet



E nt E r pr i s E ro u n d - u p

8 07 April 2012 cto forum The Chief


Enterprise

Round-up

FEATURE InsIdE

Cyber Attacker of Indian govt sites

Traced to China Pg 10

Expected worldwide SaaS Revenue in 2012

India Mobile Services Market to Reach $30 bn By 2016 India’s mobile connections to exceed 900 millionThE india mobile subscriber base is forecast to reach

696 million connections in 2012, up nine percent from 638 million in 2011, according to gartner, inc. Total mobile services revenue in india is projected to reach $30 billion in constant uS dollars in 2016. The average revenue per user (ArPu) began to stabilise in 2011 — a notable change from the double-digit decline of ArPu between 2008-2010.

“The staggering growth of mobile connections has been driven by the expansion of mobile services in semi-urban and rural markets and the availability of cheap mobile devices,” said Shalini Verma, principal

analyst, Consumer Technology and markets, at gart-ner. “however, the other performance indicators of the indian mobile market seem modest in compari-son to those of markets such as China.”

At $40, the ArPu in india is among the lowest in the world and about one-third of that of China. india also lags behind China in mobile service penetration. The mobile service penetration in india is currently at 51 percent and is expected to grow to 72 percent by 2016, whereas China already achieved 71 percent mobile penetration in 2011 and is forecast to grow to 119 percent in 2016.”

$14.5dATA BRIEFIng

Billion

Illu

st

ra

tIo

n b

y a

nIl

t


9 07 April 2012 cto forumThe Chief


“The line between IT and the business is disappearing. It is becoming essential to how they all conduct their businesses. They want choices about where their technology lives, from the hybrid cloud to public cloud infrastructure.”

The combined serial inkjet and page printer, copier and multifunction product (MFP) market in India totaled 641,274 units in the fourth quarter of 2011, a 5.9 percent decline compared to the fourth quarter of 2010, according to gartner

QUICK BYTE On ImAgIng And PRInTIng

50% Corporate Apps to be on Cloud by 2014 Us and Europe are more conservative in cloud adoption LaRgE companies in latin America and Asia Pacific are the most aggressive

adopters of the cloud computing paradigm, while their european and uS coun-terparts remain conservative about shifting applications to the cloud. A study by Tata Consultancy Services (TCS), involving senior managers and corporate iT executives from over 600 large companies across the globe, reveals that while cloud applications are still in the minority of all applications, companies in latin America and Asia Pacific have a much higher proportion of cloud applications to total applications.

The average latin American company has almost two-fifths (39 percent) of its total applications in the cloud. Asia Pacific follows closely behind with over a quarter (28 percent). in contrast, less than one fifth (19 percent) of the average uS company’s applications are hosted in the cloud. in europe, the figure is closer to one-tenth (12 percent). The findings come from an extensive study conducted by TCS into the factors driving companies to shift on premise or put new applications into the cloud and the competitive advantages those applications are generating.

“Do you want to sell sugar water for the rest of your life, or do you want to come with me and change the world?” was Steve Jobs’ legendary pitch some 30 years ago enticing John Sculley, then PepsiCo's president, to join a fledgling Apple Computers. In an email inter-view with Economic Times, Sculley looks back at his career and also looks ahead at the tech world.

— John Scully,Former CEO, Apple

—Source: Gartner

ThEy SAid iT

John SCully

Illu

st

ra

tIo

n b

y c

ha

ru

dw

Ive

dI




Cyber Attacker of Indian Govt Sites Traced to China Attack is similar to a spy operation, shadow network, targeting the govt since 2009 a bREach of computers belonging to

companies in Japan and india and to Tibet-an activists has been linked to a former graduate student at a Chinese university — putting a face on the persistent espio-nage by Chinese hackers against foreign companies and groups. The attacks were connected to an online alias according to Trend micro researchers.

The owner of the alias, according to online records, is gu Kaiyuan, a former graduate student at Sichuan university, in Chengdu, China, which receives govern-ment financing for its research in computer

network defense. gu is now apparently an employee at Tencent, China’s leading internet portal company, also according to online records. According to the report, he may have recruited students to work on the university’s research involving computer attacks and defense.

The researchers did not link the attacks directly to government-employed hackers. But security experts and other researchers say the techniques and the victims point to a state-sponsored campaign. “The fact they tar-geted Tibetan activists is a strong indicator of official Chinese government involvement,”

The use of last-click attribution, may cause marketers to undervalue social media’s website impact by up to 94 percent

said James A. lewis, a former diplomat and expert in computer security who is a director and senior fellow at the Center for Strategic and international Studies in Washington. “A private Chinese hacker may go after econom-ic data but not a political organisation.”

“The Trend micro report describes sys-tematic attacks on at least 233 personal computers. The victims include indian military research organisations and ship-ping companies; aerospace, energy and engineering companies in Japan," said Baburaj Varma, head — Technical Services (india & SAArC), Trend micro. he further added, “At least 30 computer systems of Tibetan advocacy groups have been attacked so far. The espionage has been going on for at least 10 months and is continuing.” “This was not the only attack that was started and is stopped, it is a continuous effort by the Cyber criminals to attack government web-sites and Defence authorities in india.”

Trend micro researchers traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks. They mapped that address to a QQ number — China’s equiva-lent of an online instant messaging screen name — and from there to an online alias. The person who used the alias, “scuhkr” — the researchers said that it could be shorthand for Sichuan university hacker — wrote articles about hacking, which were posted to online hacking forums and, in one case, recruited students to a computer net-work and defense research programme at Sichuan university’s institute of informa-tion Security in 2005.

The new york Times traced that alias to gu. According to online records, gu studied at Sichuan university from 2003 to 2006, when he wrote numerous articles about hacking under the names of “scuh-kr” and gu Kaiyuan. Those included a master’s thesis about computer attacks and prevention strategies. The Times connect-ed gu to Tencent first through an online university forum, which listed where stu-dents found jobs, and then through a call to Tencent. reached at Tencent and asked about the attacks, gu said, “i have noth-ing to say.” Tencent, which is a privately managed and stock market-listed internet company, did not respond to several later inquiries seeking comment.

glOBAl TRACKER

Impact on Social Media Websites

so

ur

ce

: ad

ob

e

Ima

ge

by

ph

ot

os

.co

m




is Cloud Creating Tension Between Business & iT?Strategy needed to tackle growing tension between business and iT

Big dATA

anew in-memory business

intelligence (bI) solution

from sas uses a highly visual inter-

face to bring powerful analytics to

a broader class of users than ever

before. sas visual analytics, the

newest product in the sas high-

performance analytics family from

the leader in business analytics,

provides a fast, simple and cost-

effective path to business insight

and better decisions.

sas visual analytics combines

in-memory architecture, intuitive

data exploration, hadoop sup-

port and information-delivery

options, including the ipad, claims

a company release. It is the only

in-memory engine designed spe-

cifically for business visualisation

of big data on inexpensive, non-

proprietary hardware. “the speed

of in-memory architecture offers

tremendous benefit. Firms can

explore huge data volumes and

get answers to critical questions

in near-real time,” said dan ves-

set, programme vice president of

Idc's business analytics research.

“sas visual analytics offers a

double bonus: the speed of in-

memory analytics plus self-service

eliminates the traditional wait for

It-generated reports. businesses

today must base decisions on

insight gleaned from data, and

that process needs to be close

to instantaneous.” “sas visual

analytics helps business users to

visually explore data on their own,”

said sas ceo Jim goodnight.

bMc software has announced the

findings of a new commissioned

cloud survey conducted by Forrester

consulting. the survey, published

in a study entitled “delivering on

high cloud expectations,” reveals

increasing tension between busi-

ness and It stakeholders.

with a growing demand for pub-

hp has announced new Application Transfor-mation solutions designed to help enterprises drive an enhanced user experience by integrating mobile-based enterprise applications into the tra-ditional computing environment.

The growing adoption of smartphones and mobile applications is changing the way enterpris-es create value and drive competitive differentia-tion. in fact, the economic survival of enterprises

Solution to integrate Mobile, Social Apps new software offerings from HP

FACT TICKER

lic cloud services, cIos are rightly

concerned that business teams are

willing to circumvent It in order

to acquire cloud services on their

own. the survey included in-depth

responses from 327 enterprise infra-

structure executives and architects

across the united states, europe and

asia-pacific (apac).

high expectations for speedy,

low-cost implementation of new

software systems in the cloud are

putting unique pressures on It

departments within the enterprise.

Initial findings of the survey reveal

that while It teams work to meet the

needs of the business, the demand

for more speed and agility is creating

an environment in which business

teams are looking outside the organ-

isation to provision services in public

clouds. as a result, It departments

must expand plans to incorporate

public cloud services into their over-

all cloud strategies.

now depends on their ability to respond to cus-tomer and citizen demands, generated through enterprise applications as well as social applica-tions such as facebook, Twitter and linkedin.

The expanded hP Applications Transformation solutions portfolio enables clients to design, build and manage applications that drive interaction between people and enterprises while optimising traditional application environments to deliver an improved user experience.

“modern enterprise applications require a dif-ferent approach to design and testing than tradi-tional applications,” said Amit Chatterjee, Direc-tor, hP Software and Solutions, hP india. “hP ensures that enterprise applications provide the highest level of quality, availability and scalability while elevating the user experience to an entirely new level.”

The enhanced hP Application lifecycle intel-ligence (Ali) improves collaboration among deliv-ery teams and reduces cycle times by offering real-time visibility and traceability of activities across the application life cycle.

As part of hP’s iT Performance Suite, hP and Perfecto mobile, a provider of cloud-based testing and automation solutions, have extended hP uni-fied functional Testing to support multifunctional applications by allowing developers to emulate and test the user experience of mobile applica-tions across devices and networks.

Additionally, new software offerings from hP complement the agile development of mobile appli-cations and drive social collaboration that include hP Anywhere and hP enterprise Collaboration. The hP Application Transformation solutions port-folio of software products is also complemented by new services for enterprise applications.

Illu

st

ra

tIo

n b

y p

rIn

ce

an

to

ny

N O H O LDS BARR E D PE RSO N ' S N A M E

12 07 april 2012 ctO fORum The Chief


Huawei is aggressively targeting the enterprise IT market. It plans to ramp up its revenue from this

segment from nine percent to 20 percent by 2015. In conversation with

CTO Forum, David He, Huawei’s President of Marketing, Enterprise

Business Group, reveals his strategies and the challenges that lie ahead

Huawei is looked at as a company providing solutions to telcos. Do you feel this image will come in your way when

pushing into the enterprise IT segment? We already provide advanced technology, reliability and stability to network vendors. This is proof that we have the technical strength and delivery capabilities. This image would serve us well when we enter the enterprise market. We also want to emphasise on our strong relationships with part-ners because in the enterprise space we need to work closely with them. in terms of the technology, there is technology that can be used both in the enterprise and the carrier space. for example, in the carrier space, there is router, lAn, data centre, all of which can also be seen in the enterprise customer space. There are vendors such as iBm who supply to both the carrier and enterprise customers. Besides, we know that both these seg-

From InFormatIon toInnovatIon offIcer

13 07 april 2012 ctO fORumThe Chief


DAv i D H E N O H O LDS BARR E D

ments need to be addressed in differ-ent ways. Therefore, we have entirely different sales models in the carrier network and enterprise segments. in the former, we provide products and services directly, while in the latter, we will rely on our partners.

So what could be the biggest challenge for your growth?

The biggest challenge for us is brand awareness. We have strong iCT solu-tions. The challenge for us is to ensure that every customer in the enterprise space knows about us. every market in the world is important to us. i don’t like to rank any country with respect to importance to huawei. Currently, the enterprise business contributes nine percent to our overall revenues. We want to increase this to 20 percent by 2015. We are confident we will be able to reach the target.

But you are taking on biggies like Cisco and Apple. Do you

stand a chance against them?of course we will have opportunity to be successful in the market. The most important differentiator for us is that we have a comprehensive iCT solution. We have a wide spectrum of products ranging from cloud comput-ing, network, and data centre. This is what differentiates us from competi-tion. We will certainly run into stiff competition with Cisco but then we compete with them everyday, and have been growing steadily. in terms of cloud computing, we are not com-peting with Apple. Apple’s cloud com-puting is consumer oriented. in other words they are actually operating their cloud. We are providing products and solutions to enterprises, which is dif-ferent from operation cloud.

How are trends such as social networking, BYOD and

cloud computing impacting a CIO? i would say these trends are impact-ing Cios significantly. After the advent of cloud computing and the convergence of iCT solutions, iT has become the driving force behind businesses. A recent report from gartner says it is time to change what the word Cio stands for. from Chief information officer, it is time to change it to Chief innovation officer. Similarly, another report from forrest-er says iT should not be called infor-mation Technology. instead, it should be called BT (Business Technology) as technology is the driving force for business innovation. i think this is a great change for a Cio.

So how should a CIO approach these trends?

one area that a Cio needs to focus is to rework on is the network plan-ning. it is important for a Cio to standardise his network. i personally feel that lots of Cios face challenges when they migrate to the cloud because they use a lot of proprietary products. With the advent of cloud, huge amounts of data are stored in cloud data centres. This is an impor-tant asset of an enterprise and in the future it will be necessary to expand the capacity. in the future it will be very important for a Cio to adopt open standards when it comes to his network. This will ensure data acces-sibility and business continuity.

It is believed that your OS is more complex as compared

to Juniper’s Junos and Cisco’s IOS. What are your comments on this?i don’t think so. our routers and

switches are very simple and very compatible. We have been there for 20 years. i know Cisco’s routers because before entering huawei, i was a r&D engineer. i can confi-dently say that huawei products are not at all complicated.

What message would you like to give to CIOs?

i would like to tell Cios that huawei is a better choice for them to face the challenges. i believe the biggest challenge for a Cio today is cloud computing, which is a new business model. There is no doubt that secu-rity is an issue with respect to cloud computing. however, in huawei this is at the top of our mind. We will continue to enhance our security and r&D strength in this area.

You are focusing a lot on the government vertical in

India. Why? The government vertical is looking towards end-to-end iCT solutions for cementing its security and gover-nance related infrastructure. huawei enterprise has emphasised on its capability to develop and deploy iCT driven solutions specifically designed for the government seg-ment. We have a unique approach towards solving government issues and problems. We have our iCT solu-tions and solution platforms, others can develop unique applications on these solutions and together we can deliver localised applications that are cost-effective for the government segment. We have solutions directed towards the citizens like e-city, e-education, e-health etc. which can be delivered to different stakehold-ers. We are in an ideal position to enable office collaboration. We have products for iP, iT and CT and all these can enable converged com-munication among different depart-ments of a government system. So our solutions can help government in improving efficiency, facilitating service and realising the full potential for e-governance.

DoSSier

Company:Huawei Technologies

Co. Ltd.

EstablishEd:

1988

FoundEr:

Ren Zhengfei

produCts:

Mobile and fixed

broadband networks,

consultancy and

managed services,

multimedia technology

nEtwork:

Total employees

140,000

Products deployed in

140 countries

Serves 45 of world's

50 largest telecom

operators

“the challenge for us is to ensure that every customer in the enterprise space knows about Huawei. Every market in the world is important to us”



Best of

BreedThe CIO-CMO Team: Rules for Success Pg 16

The Heart and Soul of Value IT Pg 18

FeaTuReS InSIde

organisations are facing mounting pressure to innovate in order to spur growth and increase the bot-tomline. Despite belief to the con-trary, the invention of new prod-

ucts and services does not occur spontaneously. There is a process involved, and organisations can take practical steps to ensure that their innovation processes yield maximum value.

APQC has identified 10 key elements in the innovation processes at iBm Corporation, Ken-

nametal inc, and mayo Clinic that make these organisations best-in-class for innovation.

in this two-part series, we will look at the 10 ele-ments and dive into how the three best-practice organisations have incor-porated the elements into

their innovation processes. This first installment of the series focuses on the first five elements:

Drive innovation from the top and bottom. Cross traditional organisational boundaries to

help innovation thrive. Strategically select opportunity areas through

the eyes of customers. Distinguish among different types of innovation. Cast the net wide for ideas.

drive innovation from the top and bottomit is a given that leadership support for innovation is important. Without this support, few resources would be allocated to these efforts. however, sup-

Best Practices for InnovationFirms take these steps to ensure that their innovation processes yield optimum value By Becky Partida

illu

st

ra

tio

n b

y s

hig

il n

Innovation is part of each business unit's strategic focus in IBM



I n n ovat I o n B E S t o f Br E E D

port from employees who work closely with customers is also important. Without buy-in from these employees, it is difficult to source ideas and embed a culture of innovation throughout the enterprise.

Thus, support from both the top and the bottom is of the utmost importance to innovation. Securing buy-in from front-line employees while aligning innovation efforts with top-down strategy enables relevant ideas to surface and be taken through to production or implementation.

for several years, iBm has stressed that innovation is the responsibility of every employee. however, it recently shifted innovation accountability to focus more on employees who engage regularly with customers. This shift has given front-line employees greater decision making power regarding innovation. however, even with the spreading of accountability, iBm holds that senior level sponsorship is vital to ensure that the organisation maintains sup-port, guidance, and direction for innovation.

Cross traditional organisational boundariesinnovation is not isolated to specific areas within an organisation. The best-practice organisations identified by APQC encourage innovation within areas of the business that may not normally be associated with innova-tive thought. They also facilitate innovation by creating collaborative teams comprised of members from multiple business units.

Collaboration is vital to mayo Clinic’s innovation strategy. The organisation has established cross functional innovation teams that meet regularly to analyse ideas generated by staff members and to identify strategic targets for innovative projects. Separate leadership teams, made up of physicians and non-physicians, also meet to brainstorm and execute new projects. These collaborative teams have generated ideas for new products and services, suggested qual-ity improvements, and designed new busi-ness models for the organisation.

in addition to the responsibility for innovation placed on each employee, iBm includes innovation as part of each business unit’s strategic focus. iBm has an integra-tion and Values Team that meets regularly to discuss important issues and innovations across business units.

select opportunity areas using customer inputThe best practice organisations identified by APQC make a point of gathering customer feedback, determining customer require-ments, and aligning their processes with the customer in mind. By keeping customers front and center throughout the process, organisa-tions can tailor innovations to their target audi-ences. in the end, the creation of new products and services means nothing if the organisation isn’t giving customers what they want.

Kennametal is a maker of tooling, engineered components, and advanced materials consumed in the manufactur-ing process. it considers innovation to be a constant process focused on the demands of the market. The organisation has developed the term “exciters” to describe innovations that are radical in that they satisfy unarticu-lated needs. The organisation connects with customers at regular intervals to determine where the potential for exciters exists.

iBm has implemented a programme called first of a Kind that relies on customer input for solution development. here iBm con-ducts research in a customer’s own environ-ment and applies technologies that it feels are appropriate solutions for the customer.

embrace technologies and tools for innovationAdopting the right enabling technologies for innovation can support the creative process, facilitate collaboration, and provide a way to capture new ideas. however, technology is pointless unless it matches an organisation’s innovation objec-tives. Best-practice organisa-tions focus technology adoption

on the needs of the enterprise as well as individual innovation teams. The organisa-tions also consider whether open source technologies can provide them with the tools they need without a lot of extra cost.

The best-practice organisations studied by APQC favour tools that allow a large number of employees to capture and build on ideas. for example, mayo Clinic imple-mented a software application to capture, categorise, and archive ideas for innovation around a defined topic. Virtual events are held to drive brainstorming, and users can rate others’ ideas as well as submit com-ments, suggestions, and observations.

mayo also adopted social media tools to facilitate collaboration among employees. Wikis enable staff to capture and modify notes and other project-related communi-cations. The organisation has created an innovation toolkit that serves as a central location for materials and resources needed during the innovation process.

focus on experimentationfor every successful idea, there are many ideas that do not make it through the process. Best-practice organisations accept this fact and do not allow failure to hinder innovation. The organisations studied by APQC emphasise

the effort behind the innovations, even if the ideas do not yield profitable results. This fosters a culture in which employees feel free to explore all creative solu-tions and ideas.iBm balances its research agenda among three groups:

exploratory research (under-standing how nature works);

Applied research (connecting the understanding to issues); and

For several years, IBM has stressed that innovation is the responsibility of every employee. However it recently shifted innovation accountibility to focus more on employees who engage regularly with customers

$1.3 bamount lost

by companIes

globally due to

phIshIng attacks

In 2011



B E S t o f Br E E D I n n ovat I o n

Development (making the research usable to iBm customers).

The organisation measures success not only by the innovation but also by how its research increases scientific understanding. unsuccessful projects are considered learning experiences and are documented so that the lessons-learned can be applied to future work.

recognise the human side of innovationThe best-practice organisations studied by APQC use more than just financial rewards to encourage innovation. These organisa-tions create spaces conducive to innovation, and they tailor their rewards programmes to suit employee interests.

To reward innovation, iBm uses internal programmes such as peer-to-peer awards, recognition of technical accomplishments in a particular research area, and an innova-tion client value award given to teams that exemplify dedication to client success. The organisation also seeks publication in exter-nal journals and recognition through profes-sional societies to gain external exposure for its employees’ efforts.

Keep measurements simpleiBm, Kennametal, and mayo all recognise that no one metric can convey innovation success. however, when measuring innova-

detailed view of the innovation process and its outcomes:

Project metrics; rD&e functional metrics; and Special focus metrics (such as the percent-

age of employees trained in Six Sigma).

Look to the future and the pastWhen developing measures and improve-ment plans, it can be easy to focus solely on results. however, the organisations studied by APQC emphasise predictive fac-tors as well as outcomes when developing measures. The organisations look both at leading indicators that provide a foundation for performance (such as employee train-ing and environmental conditions) and the results of innovation processes (such as cycle time and customer satisfaction). most importantly, the best-practice organisations allow their measures to change over time to meet enterprise needs. frequently updated measures are balanced with consistent mea-sures to enable longer-term trending. — Becky Partida is knowledge specialist with

APQC, a member-based nonprofit and one of

the leading proponents of benchmarking and

best practice business research.

—This article has been reprinted with permission

from CIO Update. To see more articles regard-

ing IT management best practices, please visit

www.cioupdate.com.

the CIo-CMo team: rules for successa look at the rules needed to build a dream CIO-CMO team By Jim Nash

the best-practice organisations

use more than just financial rewards

to encourage innovation

tion and its results, these organisations use only a select group of measures which are meaningful to users. Although innovation can involve multiple activities and processes, the metrics selected for use should be cus-tomised. Kennametal, a maker of tooling, engineered components, and advanced materials con-sumed in the manufacturing process, uses only a few high-level, cross-functional mea-sures to evaluate the success of innovation. These measures include the percentage of revenue resulting from new products and the cycle time of new product development.

By keeping measures high-level and sim-ple, the organisation can easily communicate performance across the enterprise in a way that employees at all levels can understand. Kennametal also tracks three other groups of performance measures to obtain a more

Among history's more implausible relationships — reagan/gorbachev, Van halen/roth, unger/madison — the budding hookup between Cios and Cmos is not so much bizarre as it is unexpected.

market trends including social media are forcing Cios to look at the world beyond the firewall and prompting Cmos

to focus as much on employees as on would-be customers.Combined, their complementary skills and backgrounds can

profitably address a mobile, vocal and savvy audience at home in an inherently insecure digital world. however, neither they nor their companies can expect to succeed in this era without a strong alliance with the other.



m a n ag e m e n t B E S t o f Br E E D

in fact, some companies are creating chief customer officer posts, says Prof. Peter fader, marketing professor at the university of Pennsylvania's Wharton School. fader is also co-director of the Wharton Customer Analytics initiative.

“The post is going to be tight with the Ceo and the Cio — because it’s designed to create hard-number metrics — and the Coo, because it will analyse the supply chain,” says fader. it will gain respect that the Cio and Cmo by rights could be getting by collaborating.

So, what are the cardinal rules you need to follow in order to foster and maintain a deeply collaborative partnership between the Cio and Cmo? of course, it's all about communication and earning trust. it has to be broken down to elementary actions.Recognise that technol-ogy isn't the business. Technology is just one tool in a company's arsenal. it's not even the most strategic tool all the time, says Craig neeb, Cio and VP of multichannel market-ing for international Speedway Corp, which owns and/or operates 12 nASCAr tracks. it's relevant only to the extent that it's under-stood internally and it delivers on the corpo-rate strategy.

A corollary to this: “True” marketing is instinctively distrusted by would-be buyers, says neeb. That's why social media is the revolutionary business development that it is. it opens the messaging to the entire market, dismantling iron-sided brand statements. And Cmos need Cios if they ever hope to organ-ise the chaos of social networks in their favor.Leave your ego (and career fears) in the car when you arrive at work. There absolutely is risk involved for Cios and Cmos when they are told to reach over the divide, says Sri raju, Ceo of Smartbridge, a business-app maker and consultancy.

But the hard truth is that it's easier to hire people who understand this critical need than it is to retrain senior executives.

Ceos are less and less likely to allow a “shadow iT unit” to exist in marketing, says raju. And Cios who are most proud of the money they save will fall out of favor in organisations pushing for innovations.There must be a healthy overlap of skill sets for the CIO and CEO. Too many glassy stares for one while the other excitedly discusses important developments means the pair are moving in separate directions. each has to have a solid grounding and appreciation for the lot of the other.

Dahlberg goes so far as to say the Cio and Cmo should be able to fill in for each other in certain situations.The model needs to be applied across the C suite. As revolutionary as it can be to have Cios and Cmos who are joined at the hip, the same needs to be true among all of their peers, says Dahlberg. The site of the Cfo heading for one's office, for instance, can't be cause for anxiety.The integration must go deeper than the chiefs. iT and marketing staffs have to get the religion and permission when it comes to interacting with each other. Departmental stovepipes must be replaced with flex-

ible hierarchies that promote cross-organisa-tional communication, which leads to innova-tions.The CMO and CIO both need to be involved in the R&D budget pro-cess. Dave Dahlberg, Cmo of model metrics, an international cloud-computing consultancy, says they have separate but parallel views of products and product capabilities informed by being in the field with customers and in the trenches with iT sup-port.Where possible, free IT from commodity tasks. Dahlberg says his firm, unsurprisingly, has dumped all of its servers in favor of cloud

computing. “John (Barnes, Cio of model metrics) is able to take his team and focus on being innovative.”

Barnes and Dahlberg say this reduces the incidences of iT refus-ing reasonable requests for lack of resources. it also cleanses tech staffs of those who are overly comfortable with the familiar.Don’t underestimate your value to marketing. lisa Arthur, Cmo of marketing software maker Aprimo, says Cios are “an absolute gem” in helping to create strategic marketing roadmaps because technolo-gy underpins and promotes the firm's conversation with its market.If you’re the CIO and the firm is looking for a new CMO, get involved. Collaborative teams more often occur when one or both Cio and Cmo are hired for that purpose. execs unanimously said that it's hard to retrain for this need.

So when you get word that a new Cmo is being sought, work with the C-suite to describe the ideal candidate. Suggest people you've met who might meet the needs. interview candidates in depth. And then, following these rules, build a dream team. —This article was first published in CIO Insight. For more stories, please

visit www.cioinsight.com.

CEOs are less likely to allow a “shadow IT unit” to exist in marketing

illu

st

ra

tio

n b

y s

hig

il n



B E S t o f Br E E D m a n ag e m e n t

the Heart and soul of Value ItCIOs are quickly forgetting what the critical skill of business analysis entails By marc.J. schiller

for years Cios (or should i say, iT managers) were chastised for being too reactive, too tech-nical, too tactical. in an effort to address this “shortcoming,”

Ceos and their consultants schooled iT managers on how to think strategically. And what fine students you have become.

During the last few years (which we all know have been very tough on iT budgets) iT leaders the world over have put in place a number of strategies to maximise effi-ciencies, drive cost savings and generally improve the speed and responsiveness of iT.

unfortunately, the highly lauded strate-gies of yesterday have had some very nega-tive consequences for Cios and their teams. Consequences that are so significant that, if we don’t do something about them soon, will relegate the Cio (and the iT group overall) to a position of vastly diminished relevance to the business. i’ll explain.

strategic It management: Unexpected side effectsin the quest for ever-improving efficiency and customer responsiveness, Cios the world over have applied three basic strategic themes.1 Standardise around key packages: Avoid

custom applications like the plague. go for standardised software. And what’s more, if it can be SAP or oracle, even better. Build a focus and competency in a specific applica-tion suite and work it.2 Outsource, outsource, outsource: Wher-

ever possible, outsource to a third party. ASP, mSP, BPo, consultants, bodyshop.

Whatever could be found that offered a cost and speed advantage to doing it in house.3 Get “tight” with the business side: in

order to get closer to the business side of the operation, improve understanding, shorten implementation time frames and increase

accountability, Cios made a number of organisational changes. Chief among them: creating the iT-business liaison role.

These are all basically sound strategies driven by good intentions. But the way in which these strategies have been imple-

illu

st

ra

tio

n b

y r

aj

ve

rm

a



b u s I n e s s a n a lys I s B E S t o f Br E E D

mented has brought about one particularly disastrous consequence: The virtual disap-pearance of the business analyst (BA).

in the rush to standardise on specific packages and to improve business rela-tionships, the traditional in-house busi-ness analyst role has morphed. first, outsourcing brought about a reduction in the number of BAs needed. After all, the outsourcer said they would cover that work as part of the contract.

Second, with solution development firmly focused on a specific application environ-ment (such as SAP, oracle or Siebel) much of the traditional duties performed by the BA shifted to the application analyst. Just with-out a whole lot of business analysis. Because with a solution already in hand, the applica-tion analysts focused their efforts on config-uring and administering the chosen package solution and “making it work” for the busi-ness. This meant that the classic role of busi-ness analysis and solution definition yielded to the force of the customisable package.

finally, the role of the iT liaison, which many BAs took on in early days, turned out to be more about managing budgets and expectations, and providing a single face to the customer than it was about engaging in problem analysis and solu-tion design. The problem analysis and solution design work was left to the out-sourced solution provider.

the changing role of the Business Analyst i first noticed this change in the BA role about 10 months ago, when two separate clients had great difficulty coming up with a single BA to participate in the project with which i was involved. it took almost two months to finally get budget approved to bring in a new person once the Cio gave up on finding anyone internally with the right skills.

At first i thought these were just isolated incidents, until i noticed this issue recur-ring nearly every place i went. i finally realised how pervasive this issue is while attending a recent industry conference.

Sitting at a table with 10 Cios who are employed by companies with revenues of $1 billion or more, i asked the group whether they had noticed the virtual disappearance of the BA in their organisations. Without

the posts were placed by outsourcing com-panies, professional services firms, software companies and contract labor companies. Very few of these positions are for in-house BA jobs.

Digging just a little deeper into the job postings reveals that the list of key skills required of today’s Business Analyst falls far short of what we all know is needed for success. of the 50 skill areas identified in the posted positions, only three are related to a specific functional business compe-tency. The rest of the required skills are all iT-specific technical or process skills. many of the posted jobs are essentially describing project managers.

BA and the Bottom lineBusiness analysis is the absolute most important competency for an iT organisa-tion. it is the very heart and soul of the value iT is meant to bring to the business. Despite the best intentions, many Cios have lost this critical skill in their organisa-tion and they are quickly forgetting what it really entails.

Therefore, strategy no. 1 for any Cio look-ing to retain a strategic role vis-a-vis your busi-ness peers is to bring back the business ana-lyst with the right skills and capabilities.

— Marc J. Schiller, author of “The 11 Secrets

of Highly Influential IT Leaders,” is a speaker,

strategic facilitator, and an advisor on the

implementation of influential analytics. He

splits his time between the front lines of cli-

ent work and evangelising to IT leaders and

professionals about what it takes to achieve

influence, respect and career success.

—This article was first published in CIO Insight. For

more stories, please visit www.cioinsight.com.

In a rush to standardise on specific packages and to improve business relationships, the traditional in-house business analyst role has morphed

missing a beat, the Cio of a famous con-sumer packaged goods company said: “Are you kidding me? it’s an absolute disaster. i dread getting a call from a business unit to discuss an issue or problem they are hav-ing. if it’s not about SAP, i’ve got no one to send them who can have an intelligent conversation. All i can do is send them a consultant.” ouch.

What happens when the Business Analyst goes away?The decline of the business analyst has been gradual. yet, their traditional capabilities are crucial today for iT to add value to the business. in particular i’m talking about the skills of:

Problem analysis; requirements definition; Business case formulation; Project scoping and definition; And finally translating all that into a set

of solution options and sound technical requirements.

Without in-house BAs to do this work, iT organisations now find themselves with a major void in their service capabilities. iT’s customers are feeling these effects, even though they can’t quite identify how or why. But it won’t be long now. Pretty soon they won’t bother calling iT at all. They will just reach out to the consultants and the outsourcers, since these are the people with whom they end up dealing anyway.

What’s even more distressing to me is that it seems that most iT leaders have lost sight of what a real BA is suppose to do. Case in point:

i recently searched the job site Dice.com for “business analyst” and found about 2,500 relevant postings (about three percent of all iT jobs). yet, when i examined these closely, it turned out that the vast majority of

Technology leaders give their mandate on seven astute questions

on consumerisation of ITby TEAM CTO FORUM

to AnalysePoints7

Imag

Ing

: anIl t

IllustratIo

n by rEtH

IsH K r



coVE r S torY co n sum e r i sat i o n o f i t



Subhash Mittal,SrED (MS&IT) & Group CTO, IFFCO

“No, I do not consider it a risk. Rather it is an opportunity. However,

a careful approach is required.”

Do you view consumerisationof IT as a risk?1/

Work is so much more

fun than before!

YES

NO

ASSESSMENTSELF




Saradindu Paul, Associate Vice President Corp IT,

Electrosteel Group

“Yes, it is driving unrealistic expectations. There is a huge investment both in managing and providing

mobile devices to employees. This scenario is putting a lot of burden on the IT department.”

Is consumerisation of IT driving unrealistic expectations from IT departments?

2/

Yes, you can do

it!

YES

NO

ASSESSMENTSELF




Hold on, I'm getting the signals now

Pratap Gharge, Exec.VP & CIO, Bajaj Electricals ltd

“Yes, to ensure this support, we have started to implement a private cloud and virtual desktops. This will help us in making application

delivery possible in a well-controlled and secured manner. We are now about to implement a BYOD policy.”

Is support for employee mobility possible considering their reliance on external networks?

YES

NO

ASSESSMENTSELF

3/




Is your IT department fully involved in enterprise mobility projects?

Excuse me! Will anyone bother to explain?

“No, not at the moment. Presently, we are supporting only a few projects.”

Bala Variyam, VP, Collabera

4/

YES

NO

ASSESSMENTSELF




Ha-ha, I got a new paper

plant!

Suresh Shanmugam,National Head BITS and CIO,Mahindra Finance

“Yes, we now have a better understanding of the end-users' external needs. This has helped us in proving

them the best of breed solution.”

Are you able to get a deeper insight into end-users' experience of applications?

Here, take this watering can and put life back into

the plant

Save this plant from dying

YES

NO

ASSESSMENTSELF

5/




Is your IT department prevented from supporting SAAS and social media applications?

Get back to work!

“Yes, we do not allow such applications and therefore we have built our

own social media application”Subbarao Hegde,

CTO, GMR Infrastructure Limited

6/

YES

NO

ASSESSMENTSELF




VijaySethi,VP and CIO,Hero MotoCorp

Yes, consumerisation is here to stay and IT teams have to gear up to meet challenges and use this as an

opportunity to improve processes, systems, value to business and user delight”

Are you trying to provide your users with enterprise apps that have user interfaces akin to consumer apps such as Facebook, Gmail, Yahoo etc.

YES

NO

ASSESSMENTSELF

7/I am pleased to

announce double bonus for all our

emplooyees




The survey covered a total of 119 CIOs. Of the CIOs included in the survey,

a whopping 94 per cent say that support for employee mobility is possible

considering their reliance on external networks, while 61 per cent felt that

consumerisation of IT is driving unrealistic expectations from IT departments.

More than three-fourth of the CIOs (78 per cent) felt that their IT department

is fully involved in enterprise mobility projects, whereas majority of CIOs (55

per cent) view consumerisation of IT as a risk. Of the respondents, 72 per cent

felt that they are able to get a deeper insight into end- users' experience of

applications. Only 33 per cent of the CIOs felt that their

IT department is prevented from supporting SAAS and

social media applications. Surprisingly, there has been

equal voting from the CIOs (50 per cent), in terms of

providing employees enterprise applications that have

user interfaces akin to consumer applications such

as Facebook, Gmail, Yahoo etc. The other important

takeaways from the exercise are given below.

SurvEY FiNdiNgS

Do you view consumerisation of IT as a risk?

Is consumerisation of IT driving unrealistic expectations from IT departments?

Is your IT department fully involved in enterprise mobility projects?

Are you trying to provide your users with enterprise apps that have user interfaces akin to consumer apps such as Facebook, Gmail, Yahoo etc.

1/

2/

Is support for employee mobility possible considering their reliance on external networks?

3/

4/ 7/

YES

NO

YES

NOYES

NO

YES

NO

YES

NO

78%

Is your IT department prevented from supporting SAAS and social media applications?

6/YES

NO

67%

33%

39%

61%

55% 45%

94%

6%

22%

Are you able to get a deeper insight into end users' experience of applications?

YES

NO

5/72%

28%

50%

50%





E VE N t r E Por t A k A m A i

Event

CTO Forum hosted Brad Riklin, CMO, Akamai to talk about the increasingly connected world

Hyperconnected World, a recent concept was discussed in detail by Brad Riklin, CMO, Akamai

The term hyperconnectivity was coined by John friedmann, the author of the famous book The World is flat. in its recent State of the internet

report, Akamai noticed that we are already living in a hyperconnected world. The older generation used to go online to check their mails, or look for information etc. however, the youth today do not have to go online because they are always connected online. from a business perspective as well, we are constantly connected and online.

To throw more light on this subject, CTo

Living in a Hyperconnected World

Delegates networking with each other during the event

forum hosted, Brad riklin, Chief marketing officer, Akamai. in a session moderated by Shivangi nadkarni, Consultant, 9.9 media, riklin talked about the opportunities and challenges that this new concept brings along in today’s enterprise.

“Previously you had to download all your mails before getting into a flight and then go through them. Today, you can access your mails and even make Skype calls right from the airplane. That’s the kind of world we are living in. right from watching mov-

Shivangi Nadkarni, Consultant, 9.9 Media

introducing the panel



A k A m A i E VE N t r E Por t

It was an excellent opportunity for the delegates to connect with their peers during the event

Delegates listen as Brad Riklin highlights key trends in the hyperconnected world

ies, listening to music, paying bills, sharing business reports—all these things had noth-ing to do with the internet about 10 years ago. But today, all these activities rely on an internet connection,” riklin said.

This concept of hyperconnectivity comes with not just challenges but also great opportunities. giving an anecdote, riklin said, “The internet itself used to be a nice-to-have to our business model. now, inter-net has become the most important channel of growth for most businesses.”

“your online presence is now your face to the world. Also, with an online presence you have to be up and running 24X7. This also presents a great opportunity as you can monetise the concept of hyperconnectivity and turn it into an innovative lead into the market place and disrupt the existing busi-ness models,” he elucidated.

for Cios, hyperconnectivity means that

there is a lot less cost involved for business-es to work online. it also allows the Cios to be better aligned with the business and take part in shaping the P&l for the company. now the Cio can show a precise return on investment in every iT investment.

riklin highlighted the key trends in hyperconnectivity as media, mobile, cloud and security. “While the first three trends are positive trends, the security issues that hyperconnectivity comes with, is something that Cios need to seriously consider. With hyperconnectivity, your organisation is exposed to a lot of different types of threats from across the world,” he said.

“your online presence is now your face to the world. Also, with an online presence you have to be up and running 24X7. This also presents a great opportunity as you can monetise the concept of hyperconnectivity and turn it into an innovative lead into the market place and disrupt the existing busi-ness models,” riklin concluded.

One of the delegates interacting with Brad Riklin post the event



EventNullcon Goa 2012Security professionals gather in Goa to discuss security issues and suggest countermeasures

government and policy-makers should get involved on the information secu-rity front was delivered by Janardhan Swami, the member of Parliament from Karnataka.

The first two days of the event were dedicated to

training sessions and workshops. Some of the themes of the training sessions were XtremeXploitation, Xtreme Web hacking, Advanced Wi-fi security etc. A new concept called ‘Jailbreak’ was introduced this year (This is one of a kind game challenge where the participants are kept in house arrest to

With the digital infra-structure expanding and new computing platforms being adopt-ed, organisations are

beginning to realise that they have more to manage than ever before. They now require a focus on security continuity that allows them to continuously respond not only to online threats but also external changes.

To address this issue, nullcon goa 2012- a four day vendor neutral event brought together security companies, buyers, con-sultants, business decision makers etc. from across the globe. The prime focus of this conference was to spread security aware-

ness and provide a platform for consultants, security companies, security buyers and security professionals to share expert knowl-edge and experience.

The conference was held from 15- 18th february, 2012 at the Bogmallo Beach resort, goa. The conference’s inaugural note on why

During one of the training sessions, audience paying keen attention to the trainer

One of the speakers at the event being felicitated

E VE N t r E Por t n u l lco n

nullcon 2012 brought together training sessions, workshops and technical sessions from various security professionals



Audience paying attention to one of the sessions at the conference

A speaker at the event taking questions from the audience

A speaker at the event sharing his views on the current security environment

combat the real life hurdles and yet make a mark, solving complex security challenges or finding a vulnerability is what makes them free from the Jail (house arrest). Tor-ture and difficult conditions to be tackled to be a winner).

Keynotes speakers for nullcon 2012 included muktesh Chander, the center director for national Critical infrastructure Protection Centre (nCiPC) who spoke on cyber-crime prevention, and Alok Vijayant, the director at national Technical research organization (nTro) on the need for understanding the changing nature of cyberspace and cyber security. The keynote by Kamlesh Bajaj, the Ceo of Data Secu-rity Council of india (DSCi) spoke on the topic ‘Cyberspace - A global commons or a national asset’.

The conference witnessed some excep-tional security professionals who stunned the audience with their expertise. one of them were a group of security experts who demonstrated the vulnerability of gSm mobile networks, which can be eas-ily exploited by hackers enabling them to impersonate a user's identity and make calls from his account without a clue to the consumer. The group claimed that most of the telecom networks were not encrypting signals, which is common at the interna-tional level.

Another leading cyber security expert explained today how iVrS can be a hacker’s paradise for stealing anyone’s personal information using their phones as these sys-tems remain mostly unaudited and lack key security features. he also said that said one of the major lacunae with the iVrS is lack of confirmation procedure whether data is entered by human or machine — called as CAPTChA. “The worst part is most of these phone banking methods are usually unau-dited for security checks and the programs are also not up to the mark, making them vulnerable”, he said.

With every new technology comes some

risk and even the Smart electricity meter is not spared of vulnerabilities according to one of the experts from the uS who spoke about Smart meter hacking at the confer-ence. in his opinion, in the uS which has used smart meters for a decade, he said that hackers have recovered passwords stored in the optical interface and used them to attack other smart meters causing massive blackouts.

Along with these some of the other topics that were spoken about were WarTexting, secure capacity building for developing nations, android hacking, CAPTChAS, open source revolution etc. The conference covered all walks of the cyber- security thus

promising a better and brighter future in the space of cyber security.

nullcon- an initiative by null is a four day vendor neutral event will bring together business decision makers and security pro-fessionals from national and international arena to address the important security issues and innovative mitigation solutions.

The prime focus of this conference is to spread security awareness and provide a unified platform for consultants, security companies, security buyers and security professionals to share expert knowledge and experience. it also provides companies an exclusive platform where they can display their competencies to the audiences.

n u l lco n E VE N t r E Por t



NEXTHORIZONS Features InsIde

Illu

st

ra

tIo

n b

y a

nIl

t

Crowdsourcing, Info age and Globalisation Pg 36

Throughout the modern history of business, there have been countless technological innovations that have improved the way companies

work. however, a few stand out from the rest in their capacity to disrupt the status quo. Perhaps the most obvious recent examples of such technological advances are the PC and the internet. for younger generations, it is nearly impossible to imagine doing business (or anything for that matter) without these technologies, and for older generations, it is painful to imagine ever going back to the way things were before them.

We call these “disruptive technologies” and we are now witnessing another such technology firmly entrench itself in the business world: mobile devices. Smart-phones are now being used by hundreds of millions of people throughout the world to access corporate information to keep up with today’s 24/7 business cycle. indeed, the current generation entering the workforce and future generations will wonder how business was ever done without such devices.

To learn the extent of mobility’s reach into the enterprise and organisations’ perception

employees will use mobile devices one way or another but firms can ensure that the use is on their terms By Brian Duckering

Mobility: The Future is Now



mo b i l i t y N E X t H or I Zo N S

of the benefits and challenges of the ever increasing swarm of devices flowing into and out of their infrastructures, Symantec recently fielded a survey of 6,275 organisa-tions of all sizes in 43 countries. The survey shows that we have reached a tipping point in the business use of mobile devices. however, this all comes with a price, both in terms of resources and risks. Despite this, most organistions feel the benefits are worth the risks.

The enterprise mobility tipping pointThe survey highlights how mobile devices have become essential tools for doing busi-ness. employees are seeing significantly improved productivity by being able to access business resources from anywhere at any time and as a result, 59 percent of respondents to the survey said their compa-nies are now making line-of-business appli-cations accessible from mobile devices.

even more impressive is that mobile device enablement is commonplace enough that nearly three out of four businesses are now looking at implementing a corporate “app store” for mobile applications.

Just why is it that so many organisations are going all-in on mobility?

The survey asked about the most impor-tant business benefits companies hope to achieve from mobility and the top answers were a desire for increased efficiency, increased workplace effectiveness, and reduced time required to accomplish tasks. Taken together, these represent major busi-ness agility gains.

Ask any iT manager and they will tell you that such expectations of imple-menting a new technology are rarely ever matched by the results. Amazingly though, when it comes to mobility the survey shows that expectations much more closely match reality. for example, about three-quarters of businesses expected to increase efficiency through mobile computing and 73 per-cent actually realised that gain.

interestingly, the survey showed that these results largely held true for both small busi-nesses and enterprises alike; with efficiency being the top goal

across the board. enterprises were slightly more optimistic in the benefits they would realize but did do as well as they expected. SmBs, on the other hand, had slightly lower expectations that were exceeded. The main difference was that smaller businesses were less likely than enterprises to have plans regarding custom apps or corporate app stores.

Mobility is consuming significant IT resourcesfor all of mobility’s perceived and realised benefits, the survey also demonstrates that it is also creating challenges for iT as they try to balance it with other critical focus areas. in fact, nearly half of the organisa-tions who responded to the survey said they see mobile computing as “somewhat to extremely challenging.” As a consequence, mobility in general is requiring significant effort to manage. in fact, an average of 31 percent of the iT staffs at the organisations surveyed are involved in some way with mobile computing.

And just what is it that is demanding so much of their time and resourc-es? They reported their top pri-orities to be security, backup and dealing with lost or stolen devices.

When the survey asked where mobility ranks in terms of iT risk as compared to other con-temporary technology trends, it was cited as one of the top three risk areas by 41 percent of respondents — more than

$1 bnAmount

microsoft hAs

spent to Acquire

800 plus pAtents

from Aol

any other trend or initiative, including virtualisation, Web 2.0 and even public cloud computing. iT’s top mobile-related concerns include device loss, data leakage, unauthorised access to corporate resources and malware infection.

in this brave new world of enterprise mobility, organisations are grappling with some very real challenges. however, mobil-ity also offers tremendous opportunities for organisations of all sizes. Businesses should be exploring how they can take advantage of this trend and develop a phased approach to build an ecosystem that supports their plan.

The simple truth is that employees will use mobile devices for business one way or another but, by getting out ahead of the curve, companies can make sure that use is on their terms. This all comes down to companies thinking strategically, enforc-ing appropriate policies and managing and securing devices and data efficiently and comprehensively.

—Brian Duckering is a senior manager, Enter-

prise Mobility at Symantec. Brian is responsible

for product marketing of Symantec’s mobility

initiatives, covering everything from mobile man-

agement and security to protecting the networks

that mobile devices rely on.

—This article has been reprinted with permission

from CIO Update. To see more articles regard-

ing IT management best practices, please visit

www.cioupdate.com.

Gartner says Worldwide Media Tablets Sales to Reach 119 million Units in 2012worldwide media tablets sales to end-

users are forecast to total 118.9 million units in

2012, a 98 percent increase from 2011 sales of 60

million units, according to Gartner, Inc.

apple's ios continues to be the dominant media

tablet os, as it is projected to account for 61.4

percent of worldwide media tablet sales to end-

users in 2012. Despite the arrival of Microsoft-

based devices, and the expected international

rollout of the Kindle Fire, apple will continue to

be the market leader through the forecast period.

“Despite PC vendors and phone manufacturers

wanting a piece of the pie and launching them-

selves into the media tablet market, so far, we

have seen very limited success outside of apple

with its iPad,” said Carolina Milanesi, research

vice president at Gartner. “as vendors struggled

to compete on price and differentiate enough on

either the hardware or ecosystem, only 60 million

units actually reached the hands of consumers.

the situation has not improved in early 2012,

when the arrival of the new iPad has reset the

benchmark for the product to beat.”



N E X t H or I Zo N S crowd so u rci n g

Crowdsourcing is becoming an increasingly crucial component of successful globalisation By roB VanDenBerg

Crowdsourcing, Info Age and Globalisation

more and more companies are choosing crowdsourcing as a way to outsource and innovate. from big corporations like Kraft foods to sole proprietorships, companies are accessing software platforms to capture

ideas and labour from an anonymous collection of people who can collectively accomplish a task. Whether it be research and development (r&D) or Web design, crowdsourcing often generates quality results more quickly and at a lower cost than in-house alternatives.

Crowdsourcing holds numer-ous benefits, as proven by its viral adoption across compa-nies and industries. Perhaps the biggest advantage is that crowdsourcing can effectively replace employees, making it a less expensive way to accom-plish a task. The crowd also diminishes the time commit-ment associated with finding and vetting labour. Crowdwork is often done in a competitive setting, enabling the best tal-ent and most clever solution surface quickly and with little effort on the company’s part. instead of launching a search for the best global talent, companies tap into a massive talent pool that comes to them.

Because of the number of people involved, a crowd generally encompasses a more diverse knowledge base and skill set, lead-ing to creative and unexpected solutions. A crowd can generate a greater variety of solutions and innovations for a company to choose

from. not only can companies build the products that best suit their needs, they can build a pipeline of innovations by harvesting the many ideas generated in a crowdsourced project.

With crowdsourcing and open innovation — a similar process in which companies consult with a designated crowd of people rather than launching an open call to the public — companies can also

outsource important functions such as r&D, innovation and design while saving money and increasing efficiency. As an example, personal products company Kimberly-Clark, used open innovation to decrease the time it takes to launch new products by 30 percent, accord-ing to editor Paul Sloane’s A guide to open innovation and Crowdsourcing. Problem solv-ing and bringing products to market almost become just-in-time, on-demand propositions empowering companies to keep up with the breakneck pace of business today.

Crowdsourcing and competitive advantageThe crowd is a powerful tool for companies wanting to thrive in today’s fast-paced global busi-ness environment. Business is

moving more quickly than ever before and is ignorant of time zones. Companies face losing market share if they don’t keep pace with their competitors, who may be international or multinational.

Companies need to globalize more quickly and in a more net-worked, efficient manner. Because crowdsourcing can quicken the pace of everything from manufacturing optimisation to video market-Il

lus

tr

at

Ion

by

an

Il t

advts.indd 58 3/23/2010 2:32:15 PM



N E X t H or I Zo N S crowd so u rci n g

ing, it is a powerful tool for any business penetrating a new market.localization is another ingrained benefit. A business can crowd-

source functions that require localisation, such as customer support and product design, to a crowd located in a global target market. The crowd of that country will automatically create products and services that fit local culture. for example, if a company crowd-sources the design of a product it wants to launch in Singapore to a crowd of malaysians, the product will gain built-in local flavor that will automatically suit the cultural preferences of the target market. Companies save time and energy trying to figure out the tastes of their target market. moreover, if the community is aware that it is crowdsourcing for a specific company, that company can gain brand recognition and affinity within that community.

Create the right crowdsourcing environmentCrowdsourcing isn’t without its risks, however. The facebook Turkey localization fiasco is a prime example. facebook crowdsourced the translation of its user interface into Turkish. A swarm of anonymous translators took it upon themselves to imbue the ui with X-rated error messages and dirty words.

To ensure successful crowdsourcing projects, companies need to create an environment that encourages quality. The solution is to provide incentives and stay engaged with the crowd. incentives could include:

rewards; Contests; The advancement of individuals within the crowd; Achievement milestones; and

advts.indd 56 12/22/2009 3:02:47 PM

Community events.individuals in the crowd need to feel engaged and like they’re part

of the solution, otherwise companies risk skewed or even mutinous results. other techniques to ensure engagement include:

Setting clear objectives for each crowdsourced project, so results stay on-target.

engaging with participants during the course of the project, to ensure motivation.

giving participants clearly-defined and achievable tasks, to pre-vent burnout.

Crowdsourcing is becoming an increasingly crucial component of successful globalisation. The speed, quality and creativity provided by crowds is taking the pace of globalisation to a new and interde-pendent level. understanding why to crowdsource and how to do it right is poised to become one of the major competitive advantages of today’s businesses.

—Rob Vandenberg is President and CEO of Lingotek, a provider of transla-

tion services to global companies. Prior to Lingotek, Rob was one of the

first 20 US employees at Intershop Communications where he helped build

its worldwide business and helped make the Intershop IPO one of the most

successful enterprise software company IPOs in US history - ($10 billion

market cap).

—This article has been reprinted with permission from CIO Update. To see

more articles regarding IT management best practices, please visit www.

cioupdate.com.

The direction of a strike depends on where your opponent stands, what he is doing at the moment, and what target on his body you want to hit By jeffrey carr

POINTS5

If you are on

Twitter and receive

a tweet with nothing

but a shortened URL,

ignore it

Passwords should be longer

than 10 characters

all aPPlIcatIonsrunning on your

computer should be up

to date

don't use removable media to

transfer data between

computers

don't oPen email received with

attachment from

unknown person

Cyber Self DefenSe for non-GeekS

TE CH F OR G OVE R NAN CE s e cu r i t yIl

lus

tr

at

Ion

BY

pr

Inc

e a

nt

on

Y

40 07 APRIL 2012 CTO FORum The Chief


When you find yourself being attacked, you need to position your arms and your torso in such a way that you shrink the number of vulnerabilities exposed to the attacker. This is known as “shrinking the attack surface.”

Trained fighters will angle their body to present a reduced attack surface to their opponent. They’ll keep their arms up to cover everything from the bottom of their ribcage to the top of their skull because most of the lethal points of the body are in those regions.

They’ll still get hit, but it probably won’t be on a vital point. Similarly, there’s no way to stop an attack against your network, but you can make sure that the attack hits only non-vital data rather than your company’s most valuable information.

The following are some basic principles for you to follow both at home and abroad to help keep your valuable data safe. They won’t be sufficient for when you’re in high-risk locales and they won’t stop a targeted attack, but they will make it much less likely that you’ll suffer a serious breach because of poor cyber secu-rity habits or an over-reliance on your antivirus or firewall application.

A 64-year-old friend of mine who’s been a lifelong bodybuilder and a fighter is fond of saying “i may not be able to feed a guy his lunch any more, but i’ll definitely feed ‘em a sandwich.” That’s all we want to do with this strategy. if someone wants to attack you, we want that person to know that it’s going to cost them something — and that may be enough to get them to leave you alone.

Develop a healthy paranoia about everything in your Inbox or your Browserif you receive an email from an unknown per-son with an attachment, don’t open it. if you recognize the name of the sender but the text in the email doesn’t sound like her, pick up

the phone and call her to verify that the email is legitimate. if the email asks that you click on a link, read the link first.

A lot of malicious links are designed to look like the real thing but won’t stand up to close scrutiny. is the word spelled correctly? Does it end with a “dot com” or a “dot co”? Take a minute and check before you click.

if you’re on Twitter and receive a tweet with nothing but a shortened url, ignore it. if you receive a Direct message from someone you know with a shortened url, but the message doesn’t sound like it would have come from that person, pick up the phone and make a call to verify that your friend Jody actually sent you the message “you should see what this guy is saying about you at fakeurl.com!”

Use the most secure Web browser that you can findit doesn’t matter if you’re a microsoft geek or Apple chic. Don’t let your loy-alty to a company brand determine your online safety. find and read independent research on which browser is the most secure and make your decision from the evidence. for example, Accuvant labs recently published “Browser Security Comparison: A Quantitative Approach” on December 14, 2011.

They examined internet explorer, mozil-la firefox, and google Chrome for security flaws and came to the conclusion that Chrome was the most secure browser. however, take your time and read the full report so that you understand what the issues are and why Accuvant made the decision that it did. feel free to look for contrary findings as well and make an informed decision.

The only rule you need to know about passwordsThere is one simple rule to remember about constructing a password: make it as long as possible — definitely longer than 10 charac-ters. one example is to use the latitude or lon-gitude of your favorite city. for example, rio de Janeiro’s latitude is “latitude:-22.9181189”.

That password has 20 characters of all 4 types and it’s almost impossible to crack using any of the password cracking tools out there today. if you like that idea, visit www.findlati-tudeandlongitude.com and pick your favorite destination. if you can’t memorise it, write it down and keep it in your wallet, but be sure to obfuscate it in some way that only you know.

for example, just write down the number portion and obfuscate that by adding numbers to it: e.g., 22.918118904, or turn it into some-thing that looks like a credit card number: 2291 8118 9040 5592. you’ll remember that everything from the 0 onward is extraneous but no one else will know that. Add an expira-tion date 01/15 and anyone who finds your little cheat sheet will automatically assume that it’s a credit card number.

it’s important to remember that no mat-ter how complex your password is, if your computer becomes infected with a keylogger (an application that captures your keystrokes), you’re done.

Do preventative maintenance on your computeryour computer is a tool just like all of your other tools, including your automobile, and as such it requires regular maintenance. make sure that all of the applications running on your computer are up to date. one way to do that is by using a free program called Secunia Personal Software inspector (PSi).

The website address is http://secunia.com/vulnerability_scanning/personal/. once it’s

loaded on your machine, it will search for security patches for applications that you use, notify you if any are out-of-date and point you to the download site.

Avoid free Wi-Fione of the most popular ways for bad guys to steal your login credentials is to hang out at cof-fee shops, airports, and other locations that offer free Wi-fi

s e cu r i t y TE CH F OR G OVE R NAN CE

$1 bnAcquisition size

of instAgrAm by

fAcebook

41 07 APRIL 2012 CTO FORumThe Chief


The best way to think about cyber security and self defense is to compare it to boxing or any martial art. your body, like a computer network, has numerous vulnerabilities



TE CH F OR G OVE R NAN CE s e cu r i t y

An application can never be considered a viable product unless it respects the rights of users By Parker Higgins

Applications Need to Respect User Rights

A new iPhone app called highlight is poised to be this year’s breakout hit at South by Southwest, the Austin tech and media conference that has become known as a web service kingmaker after

launching services like Twitter and foursquare to a wide audience in years past.

in the context of a major tech conference, highlight makes an appealing promise: let it run in the background of your phone, persistently collecting your location data, and it will notify you when your friends, their friends, or people with shared interests are nearby. highlight is only the most prominent in a collection of apps offering this sort of “ambient social networking.”

These features are nifty, and could certainly help enhance serendipity for users in Austin and elsewhere. But the appli-cation and its website provide no privacy or data retention policy, or even any technical explanation for how it works in order to allow users to make an informed decision about their data. We’ve e-mailed highlight to ask about their pri-vacy policy, but haven’t yet heard back. instead, upon instal-

and use an application known as a “sniffer” to intercept your username and password for whatever application you’ve logged into while drinking a cup of coffee or waiting for your flight. So, use the mobile hotspot that comes with your smartphone or pay for a service that protects your session. Both are secure from wireless sniffers.

Don’t use USB thumb drives or other removable mediaone of the worst breaches ever to occur at the uS Department of Defense came about because of the popularity of transmitting data from one computer to another via thumb drives.The following article was writ-ten by Deputy Defense Secretary William J.

lynn iii for the magazine foreign Affairs in the September/october 2010 issue:

“in 2008, the uS Department of Defense suffered a significant compromise of its clas-sified military computer networks. it began when an infected flash drive was inserted into a uS military laptop at a base in the middle east. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the uS Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. it was a network administrator's worst fear: a rogue programme operating silently, poised to

deliver operational plans into the hands of an unknown adversary. This previously classified incident was the most significant breach of uS military computers ever, and it served as an important wake-up call. The Pentagon's opera-tion to counter the attack, known as operation Buckshot yankee, marked a turning point in uS cyberdefense strategy.”To put it simply: don’t use removable media to transfer data between computers. The only time it should be used is when you travel and then only to store your own critical data as an alternative to storing it on your travel laptop. —The article is printed with prior permission from

www.infosecisland.com. For more features and

opinions on information security and risk manage-

ment, please visit Infosec Island

Illu

st

ra

tIo

n B

Y p

rIn

ce

an

to

nY



S e cu r i t y t E cH f or G oVE r NAN cE

lation, the application tells the user that it requires a connection to her facebook profile and access to her iPhone’s location sensors. unlike “check in” services like foursquare, highlight collects and shares loca-tion data with other users continuously unless you manually pause it.

it doesn’t take much to figure out how sending such a steady stream of location data to a third party with no posted privacy or data retention policy could go very wrong: the application could be indefinitely stor-ing location histories on their servers for every user. further, highlight has access not only to locally stored personal data but also can access the facebook photos, profile details, and other data on that service.

in the process of installing and authorising this app, users don’t know how much information they are hand-ing over. Without more details about their policies and practices, how confident can they be in the security of that data against the threat of government subpoenas, unauthorised intrusions, or rogue employees?

John Biggs at TechCrunch has already written an article about highlight’s privacy practices,complaining that their text message feature “leaks” the phone numbers of other user contacts — the equivalent of using “CC” instead of “BCC” on a bulk email. Biggs doesn’t point the finger directly at highlight (his actual words are: “i don’t want to go all eff on you”) but it’s not a very auspicious introduction for the newly launched app.

highlight’s creators are probably well-intentioned, and their prac-tices seem to be common in the world of mobile app development. But “industry standard” is no defense, and as companies like Path and hipster have learned the hard way, the right time to implement good

privacy and security practices isn’t after there’s been a problem and bad media coverage — it’s during the initial development.

These issues bring to the fore a bigger problem in the world of mobile development today. in an effort to work quickly to put out a “minimum viable product” and see what sticks, developers are sometimes cutting one too many corners.

An app can never be considered a viable product unless it respects the rights of users, and one without a published privacy policy runs

afoul of our recent mobile user privacy bill of rights; with-out providing a user with the transparency and account-ability of a policy, an app can’t even be evaluated to see if it respects the other rights.

of course, a privacy policy that’s readable and accu-rate is one necessary step: the California online Privacy Protection Act of 2003 requires operators of online services that collect personally identifiable information from California residents to conspicuously post and comply with a privacy policy.

Application developers need to think about both poli-cies and practices from a privacy perspective, and do their part to respect their users from the ground up.

highlight may yet come out of South by Southwest as the most-buzzed about new service. But unless they change their privacy problems, they could be undone just as quickly by another privacy scandal. —The article is printed with prior permission from www.infosecisland.

com. For more features and opinions on information security and risk

management, please visit Infosec Island

If you can deal with never-ending security war then do gird your loins and wade into battle By Scot terBan

The Eternal Struggle

T he Five Stagesit seems today, with the ever

present cyberdouchery over “cyberwar” and the seeming eter-

nal specter of Dr. Cyberlove (richard Clarke) prognosticating our doom vis-a-vis China, i feel compelled to talk about it all again.

mostly though, i want to impart to you all a sense of how things are going, where we are headed, and the general malaise that i feel the world of “infoSeC” is faced with on a daily basis. in listening to the last el podcast, i once again heard the frustration in lizzie’s

and Chris’ voices and, as i was having a stel-lar week myself (which will be talked about on the podcast tonight) i came to some conclusions on what it is we all do, perhaps some motivations behind why, and a feeling that perhaps nothing will ever really change in how things happen within this business.

in the past i have lamented, but, like any process of grieving or other, there are stages right? i guess this means that i have come to the last stage, that of “acceptance” This is a conclusion i have come to recently and i think all of you out there may in fact come to

the same conclusion eventually in your own infoSeC experiences. i personally have come to the stage of acceptance recently. i accept that in truth, there is only so much i can do and beyond that which i have direct control over, nothing else can be done.

The Hype and The Realitieslike i said, we have Dr. Cyberlove out there every day it seems, hitting a new news resource to get his name and his company out there with outlandish plots of how we are already pwn3d by China.

$70 b Amount of it

exportS done by

indiA in 2011-12

finAnciAl yeAr



TE CH F OR G OVE R NAN CE s e cu r i t y

The generals in the military and the gov-ernment movers and shakers are all moving with fear tinged with desire, for more control over the internet as a whole while the beltway bandits are all in the wings, like a murder of crows on a powerline, watching dark eye’d, waiting for their moment to strike. you see, it will be the crows that have the best day of all…

for every headline, every law enacted, and every grab at power made, there will be one person that will have to deal with the out-comes..you.

on they will roll with cyberwar talk and fearful stories of how the world will come to a screeching halt once the hackers (or APT if you listen to Dr. Cyberlove and others) hack into the power grids and the nuclear silo’s. We will be at an existential threat to humanity because of the likes of Chinese hackers or worse... Anonymous.

We muST protect our-selves by making many more laws to govern how we act on the internet as well as grant ultimate domain to protect intellec-tual capital for hollywood!! We must prevent world war iii in CyBerSPACe!

or so Dr. Cyberlove would like you to believe….

The realities are much more pedestrian and not as sexy a story line befit-ting a new “Die hard” movie. The realities are that there are issues with digital warfare, that could make our lives a bit more difficult, but, they would not end our way of life. however, the perceptions of many might fit a more com-mon scenario that we in the community and without, may be more familiar with.

Batman and his “rogues gallery” of evil doers. it’s not reality, but, many of us tend to gravitate to the stories and the ethos right? So, lets take a look at it all from the pantheon of Batman. i know, i have gone down this path before but it is an amusing one if not at least an apt one.

“I’m The Batman” You Say?So, you… yes you… the one in the batcowl. Protecting your domain, your “gotham” as the network warrior, the lone sentinel hold-ing back the night of the internet. how are you feeling about your job of late? Post APT and Anonymous, how are you feeling about the safety of your city? Do you feel that you have the tools and the know how to protect it? Are you backed up by the right people? funds? Tools? Do you sleep at night or do you toss and turn... oh, sorry, during the day, as you work at night…

All of you though likely have days when you ask “What the frak am i doing?” We all love the illusions but the realities, like those above about the hype and the douch-ery often creep in and brow beat us into submission. Some of the realities are things like no one wanting to take your advice, oth-ers might take the form of outright loathing of you for your stances being too hard on the users and the management objectives as they are counter to theirs.

Things would be much much simpler if you were just the Dark Knight, alone and

able to mete out justice with a Batarang huh? Still though, this is reality and the closest you will get to being a protector short of either becoming a body-guard or Secret Service.

So Batman, evaluate your goals in life. Do you want to be just like the Dark Knight? A vigilante to some? loved by few? generally seen as some-one to put a stop to? That romantic notion of being the lone sentinel wearing thin a bit now?

Can You Really Protect Your Gotham City?This should be the first question that you ask yourselves if you are in the position of being the “protector” of the domain that you live or work in. As security people, you have a myriad of kinds of jobs, but the majority of them

are not the sexy hacking gigs.no, there are many others out there who

are the grunts doing the security archi-tect work or some other management security positions or, you may even be part of the “C” class and be management. What you will always find though, is that it’s not only the external forces of the rogues gallery looking to take you down, but also the lack of cognition on the part of those you protect as well that may be your demise.

Security, even today, is still seen by many as just a cost-centre as well as a nuisance at the worst

This seems to be a common mentality in many of the network security folks out there, that of the protector, the Batman. you get into this business for sundry reasons, but many have had it from the avocation stage to now being paid fairly well for it. Some of you may have trod the path of Bruce Wayne and gone to live in the crimi-nal world, to test yourselves, to know your enemy. others, may just want to live the dream and be the Dark Knight of the net-work because you think its cool.Il

lus

tr

at

Ion

BY

pr

Inc

e a

nt

on

Y

45 07 APRIL 2012 CTO FORumThe Chief


s e cu r i t y TE CH F OR G OVE R NAN CE

Security, even today, is still seen by many as just a cost-center as well as a nuisance at the worst. your job, every day, is to protect the companies data, and by proxy, depend-ing on the company, the data of clients or perhaps consumers as well.

The business as a whole is seeking profit, and profit means that they do things quickly or “agile” as the term of the day seems to be. To be agile though, the businesses often don’t want to be burdened with the extra steps of security. Steps mind you, that you need to carry out to insure that the “prod-uct” or “the data” that the company uses, manages, or sells, is in fact safe from theft.

you sir/madam are now “The Batman” feared by some, loathed by others, and gen-erally looked upon as someone to avoid as the story goes. Sure, you are likely a hero to still others, but, those are not the majority, and it is your thankless job to protect them all.. .With or without their help.

Are you really prepared for that? Can you keep that fact at bay and do the thankless work or will it trouble your sleep just as much as the chinks in the armor that you aren’t able to fix in your cities defenses?

Do You Have A Commissioner Gordon?in the world of Batman, he has one key player, and that is Commissioner gordon. gordon helps Batman, he agree’s that there is a need for something more than the status quo to protect the city and, Batman has stepped up to help. Do you have a gordon in your organisa-tion? is there someone who really believes in security as a necessity and will fight for it?

or are you the Dark Knight who, after gordon has been killed has little to no help in the crusade. unless you have some real help, all too often you will only find yourself alone fighting a battle that you cannot win.

in the world of infosec, you have to have this advocate as well. unless there is a top down approach, you will end up just flailing around and gnashing teeth trying to protect your gotham, but will only end up frustrat-ed and likely burned out. This is something i have seen and heard a lot about these last couple of years within the community.

Batmen and women are getting burned out, jaded, and angry because they do not have the gordon to help them on top of being misunderstood or maligned because

their beliefs and their willingness to take action are misunderstood or ignored.

So, if you do not have an advocate in a posi-tion of power such as a commissioner, con-sider yourself in an even poorer position.

Is It All Really Worth It?Another good question to ask one’s self

before taking on the cowl, is whether or not this is all worth it. Being the Dark Knight is not glamorous, it is not lauded, it is thank-less and often maligned as jobs go. Sure, it looks really cool in the comic books and movies, but the realities aren’t so pretty.

While Bruce Wayne does all of this out of compulsion, we today in the infoSeC field are doing it maybe out of an avocation, but to most it’s a mix of avocation and a living. once that veneer of fun and accomplish-ment wears off, just what do you have? Will you really want to go to work every day? or would you rather just walk away.

face it, you are protecting things and people who generally do not see the validity in what you do in many places. Sure, some get it, some gotham’s lap it up and are true pockets of belief, but, on average, look at all the corpora-tions out there who got popped this last year even after giving lip service to performing “security” to protect their clients and their data.

The realities are that the majority don’t get it and perhaps don’t care to. hopefully you find yourself in a place that gets it and you have the gordon and perhaps even a harvey Dent (before the scars and insanity) to help you in your quest to guard the line… But... i am not saying you will.

So, is it worth it getting into this career? i guess for some of us there is no other choice. for good or for bad, we toil on in whatever environment we are in to try and make it bet-ter. others, well, they like to break shit, and get to on a regular basis, but even those guys often are heard lamenting the state of affairs because they aren’t just malevolent. They truly want to be Batman too… But they are more nightwing instead.

ultimately, you have to take stock of your battles and wars to decide whether or not this is the life you want.

Time To Hang Up The Cowl?meanwhile, just like the escalation of the rogues gallery, you too will have to face new threats every day. Jack napier made Batman by killing Wayne’s parents in front of him. Batman made Joker by battling napier later on and ultimately driving him insane, thus becoming the main nemesis for Batman. After that others came along, seeing the Bat-man as their nemesis and upping the ante.

Do you see where i am going with this? look at the infoSeC world today.. APT, AnonymouS, hACKerS, CrACK-erS, hACiTViSTS, lulZSeC, lulZSeC reBorn. it’s all about escalation. Some want to one up the other while many are looking for ways to make easy money by stealing.

When you look at the progression and then the response in the government and military sectors as well as the corporate clowns looking to sell security snake oil, you start to see a bleak picture. mostly from the perspective though that no matter what you do, you will never truly be able to staunch the flow of loss.

And that’s the most simple of truths.if you can deal with never-ending war

then do gird your loins and wade into battle. if not, if you take stock and the battlefield is not even remotely in your favour nor will it ever be, consider what you are doing. This is a battle you can never win.

And in that realisation, you have the final of the 5 stages. Acceptance. if you can accept these things, and you feel you can fight on. Then let the battle rage. if not, then you might want to consider moving out of gotham.

— The article is printed with prior permission

from www.infosecisland.com. For more features

and opinions on information security and risk

management, please visit Infosec Island

Unless there is a top down approach, you will end up just flailing around and gnashing teeth trying to protect your Gotham, but will end up frustrated

ThoughTLeaders



Munjal KaMdar

Clients have now started viewing outsourcing as a strategic lever and not just a cost-saving exercise

MunjaL kaMdar is Senior Manager at

Deloitte Touche Tohmatsu India

The outsourcing industry has trav-eled a long way. An apocryphal story on outsourcing revolves around the American company that pio-neeredthe offshoring model. it is believed that their legendary Ceo along with a high-level executive team was traversing the dusty roads of Bangalore to visit sites for offshor-ing. As the convoy of cars was speed-ing down the outskirts of the city, the car that the Ceo was riding broke down. he was immediately trans-ferred to another car. The second car also broke down. he completed the journey in 3 different cars. The Ceo was left wondering whether a loca-tion that could not support a road journey will be able to execute high tech offshoring tasks! When you look at the gleaming towers at Whitefield now in Bengaluru (the new name for Bangalore), that Ceo’s experience seems to be a lifetime away. if at all the problem now is to deal with the volume of traffic at these locations.

outsourcing has matured since its early days. globally it a multi-billion dollar industry with coverage span-ning all corners of the globe.The global outsourcing industry, includ-

or Bulgaria rather than looking at South-east Asia as an outsourcing destination. few of the obvious pros for looking at geographical proximity are easier travel, similar cultures and language speaking population etc.

uSA has been the largest outsourc-ing market globally and accounts for roughly 60 percent of the business for outsourced Service Providers (oSPs). The uS economy has not been very healthy since 2008 lead-ing to high unemployment rates. Correspondingly, wages have risen in emerging economies such as india leading to a narrowing of wage arbitrage. now less expensive labour pool can be found in large metropolitan areas within uSA such as, northwestern Wisconsin and northeastern minnesota. These areas might just be positioned to offer cost savings to companies both now and in the future. And the benefit would be mutual in a region that has long struggled with high unemployment and a lack of well-paying jobs.in some regions, that discussion con-tinues as those having a stake in the region’s economic future try to iden-tify opportunities for rural outsourc-

ing offshoring and on shoring, is forecasted to close the year with reve-nues reaching uS$464 billion, up 9.2 percent from the uS$425 billion rev-enue for 2010. The outsourcing year-end revenue of the offshoring seg-ment is estimated to reach uS$144.8 billion, with india capturing 42.5 percent of the offshore market or uS$61.5 billion in revenues. from the earlier days of time and mate-rial (T&m) billing the industry has evolved into a sophisticated medium to transport skills globally.

We will now look at 4 recent trends in outsourcing industry.

Trend 1 - near shoring (or should we say Farm sourcing??)lately we have seen the word ‘near-shore’ being used along with the legacy terms’ off-shore’ and ‘on-shore’. near-shore is a practice of outsourcing processes to a location which is neared to the base business location rather than engaging a sup-plier across continents. for example, multi-national banks operating in uK may opt to outsource work with-in europe such as hungary, ukraine

Emerging Trends in OutsourcingUS has been the largest outsourcing market globally and accounts for 60 percent of business for outsourced service providers



M u nja l k a M da r t h o u ght Le ad e rs

With the maturing of the outsourcing industry the OSPs have acquired not only technological expertise but also industry knowledge

ing, also known as farm shoring. The topic has been identified as a state-wide strategy for Wisconsin.

how are global oSPs fighting back? for this let’s look at trend 2.

Trend 2 - increased skill and sophistication of osPshere is another apocryphal story about the initial days of outsourcing. one of the currently leading software companies in india wanted to sell the outsourcing concept to a skeptical cli-ent in uSA. finally the client manager got a brainwave. he had a team of soft-ware developers housed in the neigh-boring building with an agreement that they would not physically step into the client office next door but commu-nicate only on phone and email. After observing the progress for a month the client was finally convinced to adopt the outsourcing project.

With the maturing of the outsourc-ing industry the oSPs have acquired not only technological expertise but also industry knowledge. oSPs are capable of running business processes for client with low-error rates and quick response times. With heightened competition most oSPs have acquired multiple service quality, information security and industry spe-cific certifications such as iSo, PCi etc. Clients have now started viewing outsourcing as a strategic lever and not just as a cost-saving exercise.

Where is this sophistication of oSPs causing the maximum innova-tion? look at trend 3.

Trend 3 - Pricing modelsThe greatest impact has been on pric-ing models. The start of outsourcing has fairly straightforward pricing – Time & material (T&m). Basically you had a count of persons attached to a project and paid a fixed cost per hour. As project grew larger other pricing models were adopted. These were fixed price, T&m with a fixed ceiling, Co-development, managed sourcing etc.

As outsourcing comes a full circle it is back to simple pricing model – Transaction-based or unit-based

pricing. Basically the clients pay for what they use. The transactions or units may be specified as workload volumes, device counts, capacity or transactions etc. Typically a base fee is applied within specified bands of consumption with a negotiated increase or decrease in per unit fee for increase / decrease in consumption. This is termed as Additional resource Charge (ArC) or reduced resource Charge (rrC). This provides custom-ers flexibility in contract as well trans-fers a large portion of risk of the user organisation to the oSP.

Which areas are these innovative pricing models pressurising most? refer to trend 4.

Trend 4 - governanceAll outsourced and offshored pro-cesses are witnessing an increased rigor of governance both with the oSPs as well as internally within the outsourcing organisations. out-sourcing has assumed a significant position within any organisation that is utilising the outsourcing function.

outsourcing has gained a seat in the leadership table. This illustrates that companies are considering outsourc-ing as a strategic lever. The gover-nance model asks for a strategic layer involving top management from the client end and the oSPs. This layer is supported by business layer and region level committees and finally at the operations level there are relationship level committees and business level committees. This also helps clients manage their regulatory requirements more stringently.

These trends are manifesting themselves acutely as the outsourc-ing industry matures. There are new and innovative models developing for client service, delivery and engage-ment. Winning organisations are the forefront of these developments.

— The authors are Munjal Kamdar,

Senior Manager and Manish Sehgal,

Manager, Deloitte Touche Tohmatsu India

Private Limited. The views expressed

herein are personal.illu

st

ra

tio

n b

y a

nil

t

VIEWPOINT



I lOVE it when iT vendors poo poo anything Amazon does, but man are they wrong.

Amazon has completely altered, and continues to alter, the way our entire industry operates – or will.

They are simply amazing.They aren’t fast enough. They aren’t enter-prise enough. They aren’t cheap enough. They aren’t, they aren’t, they aren’t. But they do. And they are.They are changing the game. The difference is they aren’t coming into our game and taking over. They are making us play their game. And we don’t like it. We don’t know how to play their game. We got dragged in by the neighborhood kids and now we look like goofballs. The iT indus-try as we know it is built on massive r&D budgets ending up in massive cost structures ending up in huge margin requirements on relatively low volume. Amazon has built one of the world’s biggest businesses on enormous volumes and low margins.

When you have a company like that, more margin is a boondog-gle. When you are built on a margin profile that neeDS big to survive and

iT biz gets it – because his “real” biz does. Disrupting the iT world is SeConDAry in his mission. it’s an accident! And it’s happening.

how many of your favorite iT ven-dors are using Amazon right now? All of them – only none will admit it. Just like in yesterday’s blog when i talked about how no one will admit to using Dropbox or Box for corpo-rate data. But they all are.

Why? Because Amazon represents the best of all possible worlds at the top of the user’s list – perfect eco-nomics in real time. i know exactly how much it costs to use, and i get what i want right stinking now! Swipe!

The real game changer is not that Amazon is going to put the iT indus-try out of business, it’s that its going to force iT to in turn force their ven-dors to enable them to act eXACTly like Amazon for their own internal users – or else lots of folk will be out on the street. maybe selling books.

oh, that job’s been eliminated.maybe raincoats. With all the talk

about clouds, folks will definitely need raincoats. right?.

someone cuts your margin down, you tend to die.

This is a very different business than traditional iT, and running high volume, low margin business is in Amazon’s DnA. As AWS has grown and become more efficient, they have lowered prices, now 19 times, with no competitive pressure to do so (sorry rackspace, but i know Amazon, and frankly, you are no Amazon). Driving cost efficiencies is what they do – but noT because they are an iT company (they now are) – but because they need to do that to support their Bazillion dollar online retail company! Big huge difference. iT is a ancillary benefit to Amazon’s core business – not the other way around!

Jeff Bezos recently stated, “We are willing to think long-term. We start with the customer and work back-wards. And, very importantly, we are willing to be misunderstood for long periods of time.”

That is the most awesome state-ment ever issued in the computer industry right there. he doesn’t give a rat’s ass that no one following the

The Magic Of Amazon Amazon recently announced some big price cuts

for its AWS and EC2 services, amongst others

AbOuT ThE AuThOr: Steve Duplessie

is the founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

Steve DUpleSSie | [email protected]

Illu

st

ra

tIo

n B

Y p

rIn

ce

an

to

nY

Indian CIOs Viz-a-Viz Consumerisation of IT

Documents

Transcript of Indian CIOs Viz-a-Viz Consumerisation of IT