January 1 2008

Alert_DEC2011.indd 18 11/17/2011 3:38:09 PM

Vijay [email protected]

From The ediTor-in-ChieF

While all panel discussions at Cio | 08 The Year Ahead generated debate, none

was as heated as the one which went over the evolution of the CIO role. Interestingly, all

the panelists were convinced that moving forward the role would fall more often to a non-

technical person.

As you might guess this was not a statement that their peers in the audience left

unchallenged. Among the barrage of questions that followed, the one that intrigued

me the most was — “How would an admin guy know which router is best suited for

an organization?”

Leaving aside why a CIO needed to be the person choosing routers, say five years from

now, I was more worried about the present role of the IT leader who raised that issue.

Strategic? I don’t think so.

It’s not too difficult to figure out that

among the CIOs out there, there are a fair

number who have allowed themselves

to be consumed by the operational, the

day-to-day, the routine. They’ve remained cost, purchase and control focused.

So why haven’t they been able to make the logical leap? There’s a hypothesis in my mind

that I’ve been testing over the past few months. My premise is that often the factor that

hinders the growth of a CIO professionally (personally as well) is that redoubtable C-suiter:

the CFO.

Reporting in to a CFO gives CIOs a blinkered vision — those who do so, I’ve discovered,

see their organization overwhelmingly from the restricted angle that finance provides.

When I bounced these thoughts off Ericsson CIO Tamal Chakravorty, he reverted: “My

experience very clearly states that as long as a CIO is under the aegis of a finance guy he will

slowly but surely start feeling out of place as the business grows. A control attitude does not

go hand in hand with a growth attitude. It is then that a CIO feels out of place.”

Chakravorty went on to add that as long as a CIO could think and act like a CEO of his

own little business there was hope. “For this to happen he needs to be part of the board room

agenda, maybe through reporting to the CEO. This is the only way he can become business-

savvy and not just relate to costs,” he observed.

Do you report in to a CFO? Has this impacted your role and career? Write in and let

me know.

Reporting in to a CFO makes CIOs view their organization from the restricted angle that finance provides.

He can ensure that you remain cost and control focused.

Beware of the CFO

Vol/3 | ISSUE/042 J a n u a R y 1 , 2 0 0 8 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2 1/3/2008 12:54:06 PM

Co

VE

r:

dE

SIg

n b

y b

InE

SH

Sr

EE

dH

ar

an

48 | Cio VieWpoinTMedical Marvels | Advances in medical technology are putting a strain on storage systems. Feature by Sunil Shah

56 | peer SpeakStorage Woes in 2008 | Efficient and secure storage could partially define the CIO role. Feature by Balaji Narasimhan

58 | SECURITY 59 | experT VieWEnough with Technology | PwC’s Sivarama Krishnan on how Indian CIOs aren’t investing enough in monitoring and compliance for security. Interview By Sunil Shah

60 | ColumnThe Human Element in IT Security| You have a security policy. Great. Now it’s time to send the word out. Column by Linda Brigance

65 | FeaTureThe End of Innocence | Everyone knows how bad the security problem. They just don’t know how to fix it. Feature by Scott Berinato

74 | peer SpeakSecure or Quit | If CIOs have enough to do without worrying about security, who’s in charge of compliance? Feature by Kanika Goswami

76 | InfRASTRUCTURE 77 | experT VieWfuture Proofing IT Infrastructurefuture Proofing IT Infrastructuref | PwC’s Vikas Agarwal on how IT needs to be more aligned with business strategies in 2008. Interview by Kanika Goswami

78 | Column Carrier Ethernet Grows up | Ethernet, a low priority a few years ago, now corners a lot of CIO mindspace. Column by Thomas Nolle

91 | FeaTure 5 Predictions for the Year Ahead | 2007 was a year of BI vendor mega mergers. How will that affect you in 2008? Feature by Diann Danielmore »

25 | GETTInG STARTED 30 | experT VieW Getting Aligned | Dr. Patrick Chan of IDC on how CIOs need to align if they want to deliver business value. Interview by Balaji Narasimhan

26 | ColumnGet Outside Your Comfort Zone | To make a great leap forward, you need to study something completely different. Column by John Baldoni

34 | FeaTureLook Out: Vendor Consolidation Ahead | Vendor consolidation is changing things. Here’s what to expect and what you should do.Feature by Thomas Wailgum

38 | peer SpeakThe future is Herefuture is Heref | The identity of the CIO has never been under such scrutiny.Feature by Balaji Narasimhan

40 | STORAGE 41 | experT VieWLifecycle for Storage Success | PwC’s Pradip Bhowmick on the importance of information lifecycle management and how companies need to start looking at this now. Interview by Shardha Subramanian

42 | ColumnProtecting Data Against Humans | Continuous data protection can help guard against human errors. Column by Bert Latamore

50 | FeaTureSolid State Drives: Coming To a Datacenter near You | SSDs need to clear the cost and capacity hurdle to become mainstream. Feature by John Brandon

30

JANUARY 1 2008‑|‑Vol/3‑|‑issUe/4

Vol/3 | ISSUE/046 J a n u a r y 1 , 2 0 0 8 | REAL CIO WORLD

30

content (cont.)

Trendlines | 11CIO Role | New Roles for IT LeadersQuick Take | On Unified CommunicationsCIO Growth | Expanding HorizonsSecurity | Workers Ignore Security PoliciesResearch | Network Skills in High DemandOpinion Poll | Stocking UpBy the numbers | Learn to Really Love Web 2.0Leadership | Meetings: Threat or Menace?Storage | IT Disasters Push Archive Software SaleVirus | Silent Rootkits Attack PC’sInfrastructure | Study Predicts Data Center Energy Spike

Essential Technology | 95 networking | IPv6 Checkup Time. By Bob ViolinoPundit | Fix It Already!By Thomas Wailgum

Endlines | 100 Joining the Dots in 2008 Joining the Dots in 2008 By Nancy Weil

From the Editor-in-Chief | 2 Beware of the CFOBy Vijay RamachandranBy Vijay Ramachandran

DEpaRTmENTS

NOW ONLINE

For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. go to www.cio.in

c o.in

Vol/3 | ISSUE/048 J a n u a r y 1 , 2 0 0 8 | REAL CIO WORLD

DVD To celebrate its second year, CIO India brings you CIO|08 The Year Ahead. This CIO India brings you CIO|08 The Year Ahead. This CIO Indiaprogram brings together experts from security, storage and infrastructure and leading Indian CIOs to discuss the challenges and solutions of the coming year.

WhaT’S in iT For YouExpert Watch | Footage from talks by industry experts, members of research agencies, and top Indian CIOs. Presentations | Next year’s challenges and potential solutions on paper, complete with the numbers and invaluable statistics. White Papers | How you can solve some next year’s storage, security and infrastructure problems.Photo Gallery:A behind-the-scenes peek at the conference in Malaysia.

ManageMent

Publisher & editor n. bringi dev

Ceo louis d’Mello

editorial

editor-in-ChieF Vijay ramachandran

assistant editor gunjan Trivedi

sPeCial CorresPondents balaji narasimhan

Kanika goswami

senior CoPY editor Sunil Shah

CoPY editor Shardha Subramanian

design & ProduCtion

Creative direCtor Jayan K narayanan

designers binesh Sreedharan

Vikas Kapoor; anil V.K

Jinan K. Vijayan; Sani Mani

Unnikrishnan a.V; girish a.V

MM Shanith; anil T

PC anoop; Jithesh C.C

Suresh nair, Prasanth T.r

Vinoj K.n; Siju P

PhotograPhY Srivatsa Shandilya

ProduCtion T.K. Karunakaran

T.K. Jayadeep

Marketing and sales

vP sales (Print) naveen Chand Singh

vP sales (events) Sudhir Kamath

brand Manager alok anand

agM (south) Mahantesh godi

Marketing Siddharth Singh

bangalore Santosh Malleswara

ashish Kumar, Chetna Mehta

delhi Pranav Saran;

Muneet Pal Singh;

gaurav Mehta

MuMbai Parul Singh, Chetan T. rai,

rishi Kapoor,Pradeep nair

JaPan Tomoko Fujikawa

usa larry arthur; Jo ben-atar

singaPore Michael Mullaney

events

vP rupesh Sreedharan

Managers ajay adhikari, Chetan acharya

Pooja Chhabra

adVerTiSer index

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: N. Bringi Dev. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

aDC Krone 87

aMD 89

aPC 3

avaya 4 & 5

Compuware 55

EMC 52 & 53

Emerson BC

Epson IBC

Fluke 33

HP 37 & 69

Interface 13

LG 1

Microsoft IFC, 18, 19, 20, 21, 67 & 93

Molex 49

Oracle 9

ricoh 7

SaS 15

Sify 80 & 81

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

abnash singh

group CIo, Mphasis

alaganandan balaraMan

Vice president, britannia Industries

alok kuMar

global Head-Internal IT, Tata Consultancy Services

anwer bagdadi

Senior VP & CTo, CFC International India Services

arun guPta

Customer Care associate & CTo, Shopper’s Stop

arvind tawde

VP & CIo, Mahindra & Mahindra

ashish k. Chauhan

President & CIo — IT applications, reliance Industries

C.n. raM

Head–IT, HdFC bank

Chinar s. deshPande

CIo, Pantaloon retail

dr. Jai Menon

director (IT & Innovation) & group CIo, bharti Tele-Ventures

Manish Choksi

Chief-Corporate Strategy & CIo, asian Paints

M.d. agrawal

dy. gM (IS), bharat Petroleum Corporation limited

raJeev shirodkar

VP-IT, raymond

raJesh uPPal

Chief gM IT & distribution, Maruti Udyog

ProF. r.t. krishnan

Jamuna raghavan Chair Professor of Entrepreneurship,

IIM-bangalore

s. goPalakrishnan

CEo & Managing director, Infosys Technologies

ProF. s. sadagoPan

director, IIIT-bangalore

s.r. balasubraMnian

Exec. VP (IT & Corp. development), godfrey Phillips

satish das

CSo, Cognizant Technology Solutions

sivaraMa krishnan

Executive director, PricewaterhouseCoopers

dr. sridhar Mitta

Md & CTo, e4e

s.s. Mathur

gM–IT, Centre for railway Information Systems

sunil Mehta

Sr. VP & area Systems director (Central asia), JWT

v.v.r. babu

group CIo, ITC

adViSorY Board

Vol/3 | ISSUE/041 0 J a n u a r y 1 , 2 0 0 8 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10 1/3/2008 12:54:28 PM

n e w * h o t * u n e x p e c t e d

C I O r O l e Steward, revenue generator, holistic business expert and change management architect are just a few of the new roles today's IT leaders are

"I am no longer being asked to provide computers and software," says Matthew Kesner, CTO at Fenwick & West. "I am asked to work with clients,

drive revenue, create market differentiators and automate business processes."

Derek Chan, head of digital operations at DreamWorks says, "Understanding

the environmental impact of the choices we make is something that has gained

prominence in recent years. Power consumption and efficiency are such global concerns these days, and technology is such a significant user of resources, it is imperative to establish best practices and continue efforts to be

as efficient as possible." Wynne Hayes, CTO at Constellation Energy,

includes change management — specifically, people

change management — among her expanded areas of responsibility. She says one of the goals of standardizing technology is to make it possible for employees to change roles or move across departments within the company and not have to learn an entirely new set of computer systems when they do move.

Verizon Wireless CIO Ajay Waghray chalks up the many changes in his role as top IT executive to the extremely fast pace of innovation in the wireless industry. "Even up to a few years ago, many CIOs could get away with supporting the way things have always been done," he says.

"I need a deeper understanding of the business. Staying current with industry developments and maintaining my understanding of business operations are both essential," Waghray says. "More of my time is spent thinking of ways to make our systems more seamless with the business processes they support. Over these past few years, the focus of IT has shifted more and more to the user. "

—By Julia King

New Roles for IT Leaders

C O l l a b O r a t I O n Many companies are resorting to unified communications so that they can create more efficiency and save considerable time for knowledge workers by transforming an employee's handheld device into a universal ‘inbox’ for all communications. To find out how useful unified communications can be, Balaji Narasimhan spoke to Vinod Sadavarte, CIO of Patni Computer Systems.

What do you think are the benefits of unified communications?The biggest benefit is the cost savings from time. Employees, when looking for information, need to look at multiple channels, and unified communications can cut down on such wasted time. However, there are also costs associated with deployment, and companies will have to balance these costs against the savings accrued.

Vinod Sadavarte on Unified Communications How do you see unified communications transforming

your enterprise?Thanks to unified collaboration, employees can enhance collaboration and this will lead to superior output. But I am not looking at an enterprise-wide deployment of unified communications today. This is bound to get implemented at a later date.

If you are trying to push unified communications in your company, how will you justify the RoI?I feel that it can cut down on the time taken to make decisions. The value is high when compared to the cost of technology. I think that unified communications is an exciting area that holds a lot of promise.

Is upfront cost a hindering factor for unified communications?This depends on where a company is on the maturity curve.

Quick take

Vinod Sadavarte

n e w

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 8 1 1Vol/3 | ISSUE/04

C I O r O l e

business expert and change management architect are just a few of the new roles today's IT leaders are taking on.

"I am no longer being asked to provide computers and software," says Matthew Kesner, CTO at Fenwick & West. "I am asked to work with clients,

drive revenue, create market differentiators and automate business processes."

Derek Chan, head of digital operations at DreamWorks says, "Understanding

the environmental impact of the choices we make is something that has gained

prominence in recent years. Power consumption and efficiency are such global concerns these days, and technology is such a significant user of resources, it is imperative to establish best practices and continue efforts to be

as efficient as possible." Wynne Hayes, CTO at Constellation Energy,

includes change management — specifically, people Ill

US

tr

at

Ion

by

MM

Sh

an

Ith

tr

en

dl

Ine

s

s e C u r I t y It's one thing to have a companywide information security policy in place. But it's a whole different ball game to get employees to actually follow the policies — even those that are IT types.

A startling number of technology professionals often knowingly ignore security policies or break them because they are unaware of them, according to a survey of more than 890 IT professionals by the Ponemon Institute.

More than half of the respondents in the Ponemon survey said they had personally copied confidential company information into USB memory sticks, though more than 87 percent admitted that company policy forbids them from doing so. In addition, 57 percent believe others in their organization routinely use memory sticks to store and transport sensitive or confidential company data. Among the reasons cited for non-compliance were lack of policy enforcement and convenience.

Similarly, about 46 percent said they routinely share passwords with colleagues, even though a two-thirds majority of the respondents said their company's security policies prohibit them from doing so.

In some cases, the violations appear to happen because employees are unsure about company policy. For instance, 33 percent of survey respondents said they sent workplace documents home as e-mail attachments. Nearly half the sample didn't know whether that practice constitutes a breach of policy. In the same vein, eight out of 10 of the IT professionals in the survey said they were unsure whether turning off network firewalls is a policy breach — which may explain why 17 percent admitted to having done so.

For instance, despite widespread concerns about data leaks resulting from insider abuse or negligence, 60 percent of respondents said their companies have no stated policy forbidding the installation of personal software on company computers. "The reason why these things are happening [is] because compliance is not enforced," Ponemon said. Though companies have for years focused their efforts on securing networks against external attacks, fewer have focused on accidental and malicious data leaks from inside.

Drug maker Pfizer disclosed in June that an employee's wife had exposed confidential data belonging to 17,000 employees after installing P2P file sharing software on a company computer.

—By Jaikumar Vijayan

Expanding Horizons

C I O G r O w t h While not all CIOs can become CEO, it is imperative that they attempt to expand their role beyond just IT. How far can they walk that line? Balaji Narasimhan asked a few of your peers, here’s what they said:

alok kumarGlobal head - It, tCS

t.k. SubramanianDivisional VP - IS, United Spirits

“A person who can draw a business scenario from end to end can become either a CIO or a CEO. For example, the CEO of Wal-Mart was a CIO. Both the CIO and the CEO need to know how to deliver to the customer at a cost that the customer wants.” m.ViSweSwaranCIo, Macmillan India

Write to [email protected]

lend Your

Voice

“I know the CIO of a retail company who is definitely growing in his role. He knows the supply chain so well, he was made chief logistics information officer. CEO's role? He’s getting there.”

“In my company, once we stabilized ERP, we started shared services, which are

bringing in a lot of profit. CIOs are in a good position

to do this because they cut across the

entire organization."

WOrKErS IgNOrE

Security Policies: Survey

Vol/3 | ISSUE/041 2 j a n u a r y 1 , 2 0 0 8 | REAL CIO WORLD

Trendlines.indd 12 1/2/2008 2:59:52 PM

tr

en

dl

Ine

s

r e s e a r C h IT professionals proficient in networks could find themselves in demand next year, because a majority of CIOs polled cite network administration among the most sought-after skills.

research by IT staffing and consulting company robert Half Technology, shows that nearly one-fifth of 1,400 CIOs polled by an independent research firm cited networking as the single job area in which they expect to see the most growth. Seventy percent of CIOs also ranked network administration as the second-most in-demand skill, behind Windows administration, which topped the list with 73 percent of CIOs seeking such skills.

Database management came in as the third-most in-demand skill, with about 60 percent saying they see an impending need to find expertise around

Oracle, Microsoft and SQL Server. Firewall administration ranked fourth, with approximately 55 percent seeking those skills; and wireless network administration rounded out the top-five sought-after skills.

According to robert Half's executive director Katherine Spencer Lee, network managers also can expect to see their salaries increase by an average of 7 percent in 2008, as companies delve into such technologies as Web 2.0 and depend more on network infrastructure to support the new endeavors.

The need for network skills doesn't surprise technology industry watchers, who say network expertise serves as a foundation for any new technology endeavor. "IT professionals need to have a broad understanding of IT and its role within the business, and that

means be able to tie the basics," says Neill Hopkins, vice president of skills development at CompTIA.

Other jobs considered hot include help desk and user support, with 15 percent of respondents expecting more demand for those skills. Applications development came in third, with 14 percent reporting that job as hot going forward. And rounding out the top-five hot jobs was Internet/intranet development, with close to 10 percent of CIOs saying those positions are on their radar.

About 13 percent of the CIOs polled said they expect an IT staff hiring increase in the first quarter of next year, 3 percent plan to cut staff and 82 percent said they expect no staff changes for the next three months.

—By Denise Dubie

39%

14%

Network Skills in High Demand

Source: CIo India research

Up to 5

26 to 30 Above 31

5 to 10

21 to 25

11 to 15

16 to 20

Stocking Up

25%8%

9%

16%19%

9% 14%

research indicates that soon digital information will surpass available storage. Here's how much Indian CIOs plan to spend on storage as a percentage oftheir budgets.

IMa

GIn

G b

y b

InE

Sh

Sr

EE

Dh

ar

an



tr

en

dl

Ine

s

B Y C . G . ly n C h

1 Find out what’s out there. learn which Web

2.0 tools business users have adopted and what kind of data flows to them. you need to know the reality of users’ needs before you can craft policy.

2 Establish boundaries. Decide what’s appropriate

and what’s not within apps like wikis, blogs and IM. this might mean shutting down information flow to certain applications for compliance and risk reasons.

3Develop a policy to provide authorized

alternatives. Don’t take away business users’ Web 2.0 tools without giving them an alternative – perhaps an app secured behind a firewall or one delivered via SaaS. robust tools have emerged in this area, and you can easily pilot test them with, say, 50 to 100 users.

a recent report by Forrester research suggests that corporate IT departments have seen demonstrable value from Web 2.0 technologies in the workplace and should continue to adopt more of those applications at their own pace. But the report also reveals that the unsanctioned use of consumer, Web-based applications (a phenomenon known as rogue IT or shadow IT) remains high, behooving IT managers to get in the trenches to find out where sensitive corporate data could be exposed.

"Of the rogue usage going on, it's often difficult to see which poses privacy or security concerns," says rob Koplowitz, a Forrester analyst and one of the authors of the study Web 2.0 Social Computing Dresses Up for Business.

Around 15 percent of the IT decision-makers surveyed at firms with 500 or more employees say their workers have used technologies like blogs, wikis and really simple syndication (rSS) for business purposes. On average, about 27 percent of those companies have already made formal enterprise investments in all three of those technologies and another 16 percent have at least considered it. At least 89 percent saw limited to substantial value from the use of blogs, rSS and wikis.

Meanwhile, Koplowitz says the numbers reported for rogue usage — which at Forrester's last count range from 3 percent to 8 percent — remain deceptively low.

"It could be a lot higher because unsanctioned use is, by definition, under the radar," he says. "The best an IT manager can do is have some anecdotal evidence and then work from there."

To avoid an ad-hoc approach to Web 2.0 adoption, Koplowitz says IT departments should start by getting a better handle on what applications users have flocked to and embrace them rather than shunning them. In doing so, IT eliminates an adversarial environment, allowing IT managers to form a long-term strategy with their users that encourages testing, setting usage policies and training.

"It's becoming increasingly difficult for IT to control what tools people use in their day-to-day activities," Koplowitz says. "It's in IT's best interest to find out what's going on and offer a sanctioned alternative."

89% 15% 27% 16%

“I see business value in Web 2.0

applications”

“My workers already use

them”

“I have made a formal investment in those

technologies”

“I’m considering making an

investment”

IT LEADERS SAy: SO WhAT ARE yOu WAITINg FOR?

Learn to Really Love Web 2.0you can't control the apps your end users download, but you can (and should) work with them to generate business value in a safer environment.

Wikis and Blogs and RSS, Oh my!

BestPractices

Source: Forrester research



tr

en

dl

Ine

s

l e a d e r s h I p There's nothing like the announcement of another meeting to fill your employees with dread. Meetings are often seen as pointless time wasters. And too many are.

“The main thing people hate about meetings is that they are poorly run or don’t accomplish anything,” says glenn Parker, team building consultant and author of Meeting Excellence: 33 Tools to Lead Meetings That Get Results.

goal-oriented employees are often turned off, according to Steven g. rogelberg, professor of industrial and organizational psychology at the university of North Carolina. He found in a 2005 study that the job satisfaction of driven employees decreases as the number of meetings they attend increases. (Employees who aren't so driven actually liked meetings, presumably because they were seen as a chance to be social).

So how do you make sure your meetings are not killing morale?

Here are five tips:ScHedUle only WHen neceSSAry. The purpose of a meeting is to make a decision, says Parker. No decision needed.

No meeting. And include only the people whose input is required. redUce freqUency. A lot of meetings are just updates, progress reports and announcements, says Parker. That information could be communicated electronically. creAte An AgendA. A clear purpose (and time limit) for your, meeting is crucial, says Parker. review the objective at the start. recAp. When the time limit has been reached, close the meeting. Summarize the accomplishments, decisions and next steps. “You don’t want people going out with a different understanding of what’s been decided,” says Parker.do tHe MInUteS. Send out a draft and ask for input. Final versions should be sent once input has been incorporated. Sooner rather and later is always better.

—By Diann Daniel

s t O r a G e the demand for replication software is starting to slow down, but sales in archiving software have grown sharply, driven by concern among CIos over recent incidents, according to market research firm IDC in its Quarterly Storage Softwaretracker report. tracker report. t

"When I talk to CIos, the themes that I hear are business continuity, disaster recovery, information risk management and security," said laura Dubois, IDC's program director for storage software. the market for archiving software grew by 13 percent between the third quarter of 2006 and the same period in 2007, according to the IDC report.

one 'formidable' product in this market is EnterpriseVault.It includes a mailbox management feature, designed to automate the backup of e-mails, and to retain copies of all e-mails without exceeding the quotas and message size restrictions of messaging servers.

IDC's revenue figures include licensing costs and maintenance fees but do not include any spending on integration or consulting. the data protection market started

to cool off during the third quarter, as users are reluctant to replace the systems they already have, Dubois said.

"backup applications tend to be very sticky," she said."It causes a significant amount of pain to disrupt and move in a new product so once you have one in place you tend to keep it for a while."

although the survey did not track continuous data protection (CDP) products, Dubois said the reputation of this technology has suffered partly over confusion of what CDP is.

"the innovation in continuous data protection by and large came from small startups and emerging companies which have largely now been acquired," Dubois said.

"It provides shorter recovery points but in the last couple of years there's a lot of buzz, which can be offputting users." She added confusion over CDP "probably stymied adoption early on but long term I think that's where the market's going to go."

—by Greg Meckbach


Meetings: threat or Menace?

it disastersIncrcreeaasse Ae Arcchive hive SoSoftware ftware SSaalee

Ill

US

tr

at

Ion

by

bIn

ES

h S

rE

ED

ha

ra

n

Trendlines.indd 17Trendlines.indd 17Trendlines.indd 17Trendlines.indd 17Trendlines.indd 17Trendlines.indd 17

tr

en

dl

Ine

s

s t u d y an aMD study has revealed fascinating changes to global data center energy use, suggesting that even small shifts in operational procedures could cut electricity consumption.

the study, conducted by Dr. Jonathan Koomey, using data from industry analyst firm IDC, documents energy use across five regions: the United States, Western Europe, Japan, asia/Pacific and the rest of the world.

It forecasts data center energy consumption, estimating that by 2010 US consumption will decline relative to consumption worldwide from 40 percent in 2000 to about one-third by 2010. the asia/Pacific region (excluding Japan) will increase its share from 10 percent to about 16 percent over that period.

Koomey's report shows that electricity used by servers in the United States and Europe currently comprise about two-thirds of the world's total, with Japan, asia/Pacific and the rest of the world each falling at between 10 and 15 percent of the total.

Examining electricity use by region from 2000 to 2005, the study found that server electricity use in the asia/Pacific region (excluding Japan) grew at a 23 percent annual rate, compared to a world average of 16 percent a year, making this region the only one with server electricity use growing at a rate significantly greater than the world average.

the Western European growth rate of 17 percent was slightly above the world average, while growth rates in the other regions were lower than the world average.

relatively modest changes in the way data centers are designed and operated could offset approximately half the expected growth in global data center electricity use in 2010.

this new research adds detail to an aMD-sponsored study that identified the worldwide costs associated with data center energy use. both of Koomey's studies were subject to peer review by It industry, government and energy efficiency policy professionals.

"according to a recent US EPa report, data center energy consumption could be cut by as much as 20 percent with relatively minor efforts by data center managers, including turning on available power management features, enabling higher rates of resource consolidation, shutting off unused servers and improving infrastructure operations," said aMD marketing person bruce Shaw.

"With the findings released today we can begin to take next steps, including examining how we can power data centers around the world while addressing impacts on global climate," said larry Vertal, senior strategist for aMD Green.

—by Manek Dubash

V I r u s Malware researchers at Prevx have highlighted what they are calling a 'massive growth' in the number of PCs harboring rootkit infections.

More than 725,000 PCs were scanned using the Prevx CSI malware scanner over a two-month period. Of the around 291,000 users who scanned their PCs during October 2007, some form of spyware or malware was found on one in six.

Significantly, although rootkits were detected on 15.6 percent of PCs during October 2007, that figure had risen to 22 percent by early December.

According to Prevx's Jacques Erasmus: "The rise of the rootkits has begun."

rootkits are often 'dropped' or buried by other infections. They then modify a PC's operating system to hide themselves from both the user and any security products installed on the computer. By so doing rootkits can allow criminals to remotely monitor, record, modify, steal and transfer data from the victim's PC.

Some rootkits are undetectable by conventional anti-virus and anti-spyware applications. A tech-savvy user may believe his or her computer is 'clean', and unwittingly pass on increasingly valuable personal and financial data.

Since 1 December 2007, 114,891 new users have run Prevx CSI with rootkit-detection features enabled. Of those PCs, 1,678 had what Prevx describes as 'significant rootkit infections'. That equates to 1.46 percent or approximately one in 70 systems, which is almost 15 times higher than the one in 1,000 rootkit-infected PCs previously estimated by industry experts.

Ninety-three companies used the free Business scan feature of Prevx CSI. Of these companies, 68 had one or more infected PCs. Thirteen companies, or 14 percent, had one or more PCs harboring rootkit infections.

"Consumers and businesses have a significant new threat to security and privacy to worry about," said Erasmus.

"rootkits are often undetectable and extremely difficult to remove. Both detection and removal are well beyond the capabilities of traditional anti-virus, anti-spyware and Internet security suites," he added.

—By Matt Egan


SIlent RootkItS AttAck Pc'S

Ill

US

tr

at

Ion

by

bIn

ES

h S

rE

ED

ha

ra

n

Study Predicts Data Center energy Spike


Ima

gIn

g b

y b

InE

SH

SR

EE

DH

aR

an

Blueprintuepuep2008

uepuep22

uep2

uep0000

uep00

uepfor

To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, To celebrate its second year, CIOCIOCIOCIOCIO brings brings CIO brings CIOCIO brings CIO brings brings brings brings brings brings brings brings together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and together experts in security, storage and infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to infrastructure and leading Indian CIOs to discuss the challenges and solutions of the discuss the challenges and solutions of the discuss the challenges and solutions of the discuss the challenges and solutions of the discuss the challenges and solutions of the discuss the challenges and solutions of the coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.coming year. Here are their thoughts.


24 | GETTING STARTED

40 | A LOOK AT STORAGE

72 | INFRASTRUCTURE FOCUS

56 | AN EyE ON SECURITy

StartedGetting

Index

26 | ColumnGet Outside Your Comfort Zone To make a great leap forward, you need to study something completely different.

30 | expert VIewGetting AlignedIt's a requirement if CIOs want to deliver business value to their organizations.

34 | FeatureLook Out: Vendor Consolidation AheadThere's more uncertainty for CIOs as vendor consolidation changes the enterprise application landscape. Here's what you can expect and what you should do.

38 | peer SpeakThe Future is HereThe identity and future of the CIO has never been under such scrutiny.

Ill

us

tr

at

Ion

by

pc

an

oo

p


A long time ago I had the opportunity to spend a season following the Grand Prix circuit in Europe. My role was that of cameraman, but more often I was a utility person, doing

whatever needed doing, especially when it came to lifting, hauling or moving things. As unglamorous as my job was, I did have the opportunity to observe race teams up close.

Then, as now, Ferrari was king of the hill. I marveled at the raw power of the highly tuned machines and the synchronized actions of the pit crews. I never thought that what I was observing would become a model, a generation later, for how surgeons manage patient care.

One of the challenging tasks that surgeons face is the patient handoff, that is, transferring a patient from the OR to a hospital room. Research shows that such transfers account for a high percentage of patient errors, some of which can be injurious. Why? According to the Wall Street Journal, handoffs require patient history, proper medication and a full assortment of equipment, all of which needs to be managed with exquisite timing and forethought.

For just this reason, Great Ormand Street Hospital in London has partnered with Ferrari racing to discover how its pit crews manage and plan for routine events as well as the unexpected ones that occur during a race. What the physicians learned contributed to their development of a new standard for patient handoffs that have resulted in a significant reduction in technical and communications errors that could have been harmful to patient health, according to the Journal report.

Get Outside Your Comfort Zone To make a great leap forward, you need to study something completely different.

John Baldoni Leadership


Ill

US

Tr

aT

Ion

by

pc

an

oo

p

Coloumn_Get Outside Your Comfort Zone.indd 26 1/2/2008 4:22:57 PM

Look Beyond Your BordersAmazing? In one sense, yes. But what the good doctors did is what savvy businesspeople have done for generations — learning from the best, even when the best is not in your own field. Benchmarking is standard practice in most companies; but often such benchmarking focuses on companies in like industries. Manufacturers study manufacturers; healthcare providers study other healthcare providers.

Such studies are useful, but they only end up generating incremental improvements. To make a great leap forward, you need to break out of the benchmark to study something completely different, as the doctors who studied Ferrari did. Before embarking on such a venture, however, it's good to consider what you hope to gain from such an exploration. Here are some questions to consider.

What's your aspiration? More than fifty years ago, one man had a harebrained idea that an amusement park could be a nice clean place where families could come and have a good time. That man was Walt Disney. He set about creating the modern-day theme park that would be based, at least in part, on animated or movie attractions that his company had created. People thought he was crazy; the only models for such entertainment were traveling circuses and carnivals. Disney was undeterred. He took as his model the idea of service entertainment in which the park was the stage, customers were guests and the total show was the ‘unique guest experience’. Not only did Disney create a Magic Kingdom, he created a role model for the hospitality industry itself.

What do you want to improve? For generations of customers, buying a car was one of the single most unpleasant experiences of their lives. Customers felt alternately irritated, hassled and mistrusted every time they walked onto a dealer lot. Such experiences are not what Japanese luxury carmakers wanted to follow when they introduced their upscale models to the US. So whom did they study for comparison? Not car dealers, but luxury hoteliers. The Japanese put their US dealers through an immersion course in hospitality. Eventually the entire auto industry caught on to the practice, and today customer satisfaction has improved over what it was years ago.

What can you learn? Once a year, the University of Pennsylvania's Wharton School puts its MBA

candidates through a one-day session at the Marine Corps' Quantico training center. There, future corporate leaders experience a bit of the rigor, hardship and induced stress that Marines undergo in preparation for becoming officers. Such an experience not only gets the students out of the classroom, it forces them out of their comfort zone. It gives students an appreciation for making decisions under pressure and when feeling physically uncomfortable. Through this experience they gain insights into situational awareness, that is, what is happening around them and what they must do about it.

Knowing Your LimitsAs valuable as information and insights gained from outside sources can be, it is essential to remain true to your roots.

For example, as much as the hospitals can learn from racing teams or lean manufacturers about improving patient care, the lessons in diagnosis, treatment and therapy will come from fellow medical professionals. It is not likely that Ferrari can teach doctors about cardiac surgery techniques, any more than a doctor can teach a Ferrari technician about minimizing fuel consumption during a race.

Looking outside your own world has strong benefits in enabling you to do what you do better, but there is another advantage. Looking beyond your own four walls is liberating. By getting outside of your own place, you can observe what others do. It is like being a traveler into a foreign land. Everything looks, feels, tastes and even acts different from what you are accustomed to. Your powers of observation are heightened; you pay attention to the slightest details. And in doing so, you are exposing yourself to new ideas. What's more, being in new places stimulates the creative juices.

You cannot help but wonder: what if we did that in our place? Sometimes the results would be disastrous, but sometimes magic occurs. And that's worth all the observation in the world. CIO

John Baldoni is a leadership communications consultant who works with

Fortune 500 companies. He is the author of six books on leadership, the

most recent being How Great Leaders Get Great Results. Send feedback

on this column to [email protected]

John Baldoni Leadership

Looking beyond your own four walls is liberating. it is like being a traveler. Your powers of observation are heightened and you pay attention to details. Being in new places stimulates the creative juices and in doing so you are exposing yourself to new ideas.

REAL CIO WORLD | J a n u a r y 1 , 2 0 0 8 2 7Vol/3 | ISSUE/04

Coloumn_Get Outside Your Comfort Zone.indd 27 1/2/2008 4:22:57 PM

In a fast growing economy like India,In a fast growing economy like India,what are the risks of ignoring master what are the risks of ignoring master data management?data management?From an IBM perspective, the biggest problem From an IBM perspective, the biggest problem is that you’re going to follow the same path, is that you’re going to follow the same path, and the challenges, that other countries have met. There’s an opportunity for India to leapfrog all the legacy investments that most of the world’s banks and large, older companies are dealing with. These companies are having to deal with extra IT expenses as they try to reduce redundant IT and find ways to take old technology and bring it into the future. India can start with fresh technology that delivers value and connects people and processes and data. It’s almost like looking into the past and asking yourself: how can I avoid those mistakes?

From what I know, one of IBM’s larger clients like Bharti Telecom is a huge story of leapfrog. I worked with another division of IBM before and I’ve seen examples of other Indian companies leapfrog their peers in other countries — even if they do not compete directly. If you look at their technology investment, their speed-to-market, their bottom line metrics, they are doing much better.

Can you be more specific about these Can you be more specific about these challenges that India can avoid?challenges that India can avoid?Let’s take an example of a website. The Let’s take an example of a website. The usual solution has been to make a database usual solution has been to make a database that supports that website. And rather than that supports that website. And rather than look internally at what your supply chain uses, you’re going to start from scratch, make a completely new database – which means that it’s not connected to the rest of your enterprise.

Now, take a chocolate bar in a retail environment. Product information about

that chocolate bar goes through a pre-defined process. It needs to be manipulated and used not only by the people who manage that product but also by the marketing people, the logistics people, the supply chain people, the procurement people and the people who manage the website and the catalogues. And to some extent you want give your external vendors — who work with you on your website and catalogues — access to that data. The more correct data they receive, the fewer reiterations they will have with your catalogue, etcetera.

MDM isn’t at the top of an Indian CIO’s MDM isn’t at the top of an Indian CIO’s priority list. Are there pointers— like a priority list. Are there pointers— like a company’s size — to warn CIOs that its company’s size — to warn CIOs that its time to invest in MDM?time to invest in MDM?It’s hard to say. The largest companies It’s hard to say. The largest companies realize that they have about 48 different databases of customer information and they need to make it one, if they want to deliver value to their customers.

But then again, there’s Bi-Lo, a medium-sized grocer that only serves four states in the US. They have found the need to use MDM. They have 20 people on their IT department. Another customer of ours has 1,200. But both of them have found the need for MDM.

It really comes down to how much better you want to be than your competition. If you really want to be a lot better, then you’re going to make these investments because they deliver value to big and small companies.

Let’s approach this from another angle. Let’s approach this from another angle. How many processes does Bi-Lo have?How many processes does Bi-Lo have?They probably have about at least 18 They probably have about at least 18 processes, including new product processes, including new product introduction, supply chain, merchandising, introduction, supply chain, merchandising, payment, procurement, etcetera.

But what’s also important was that they had four different databases for information that should have been on one. So initially, they were like: “let’s build another data warehouse!” Then they said “wait a minute, maybe not.” They paused because we had been talking to them about some of our new innovations.

All their processes were feeding off raw data and when that data is not available that’s when mistakes begin to happen.

How do you help CIOs convince their How do you help CIOs convince their managements about the need to use MDM?managements about the need to use MDM?We’ve found that it is most important to get to

“The decision to use MDM really comes down to how much better you

want to be than your competition. If you want to be a lot better, then you’re going to make these investments."

Lauren SkryzowskiSr. Marketing Manager, Information Platform Solutions Distribution (Retail, CPG, Travel and Transport) Information Solutions, IBMDuring her tenure at IBM, Skryzowski’s worked on projects involving IBM’s on-demand business and performance benchmarks for the retail industry and on IBM's SaaS opportunities. Prior to IBM, Skryzowski was director of competitive strategy for ChoicePoint, an information services firm, where she was responsible for competitive strategy, due diligence on M&A and market opportunity.

Putting Humpty Dumpty TogetherSo that executives can make real decisions that add business value.

CIO EXECUTIVE VIEW POINT

SPECIAL SECTION

the line of business as well as IT. We found that the line of business as well as IT. We found that these are very big joint decisions. Sometimes these are very big joint decisions. Sometimes IT understands the problem, but they feel that they are being asked to do things that they don’t have the resources for. At the same time, there are business users who demand that IT deliver certain types of results without really knowing that IT is not capable of doing it because of the way the architecture is set up — both organizational and IT architecture.

So we try to being both sides to the table. We show them both how business works today with the IT they currently have. Then we show them how business could work tomorrow with some adjustments. We’ve only won in cases in which we have been able to get IT and business to see eye to eye.

I like to think of ourselves as the champion of the CIO. Because often — and I have seen this — you have these round table of executives with about seven lines of business and you have the solitary CIO. That’s one lone representative of technology when in reality there’s a lot of IT departments he or she is trying to represent.

When you can’t get both to the table, do When you can’t get both to the table, do you fall back on numbers to help move the you fall back on numbers to help move the argument? How do you get these numbers?argument? How do you get these numbers?We have business value assessment teams We have business value assessment teams who go and talk to business users who use the who go and talk to business users who use the actual data on a day-to-day basis. These value assessment teams show users examples of 20 other clients they have worked with to show

the benefits of doing things differently. The key is to analyze what people are doing today and estimate — based on what we’ve seen with other industry players — what benefits they can gain. We’ll try to look at it beyond saving on some licensing and IT redundancy and tell them that we can deliver productivity or other bottomline improvements.

As long as an enterprise is willing to let us engage in this two week process, we can give them these bottomline impacts.

Can you give an example of bottomline Can you give an example of bottomline impact?impact?Customer research has shown that most Customer research has shown that most product introduction takes about 90 days. product introduction takes about 90 days.

But if you put in a process, you can bring this down to weeks or days. That’s the sort of improvement you can get.

IBM’s MDM solution has two unique IBM’s MDM solution has two unique features: multi form master data features: multi form master data management and the dictionary database. management and the dictionary database. Can you elaborate on these?Can you elaborate on these?What we mean by multi-form is that there What we mean by multi-form is that there are multiple data domains and we believe that it’s not only about managing product data or customer data but it’s also about understanding how these interact. Most of the market is about managing product data or customer data.

The other piece is like a name encyclopedia. It’s really one of its kind. Now that there’s so much more screening going on with people’s names, it’s important. Even at a call center, if you have someone input a name phonetically, this technology can suggest some names it could actually be.

We have some law enforcement groups that are using it. This technology runs the name of everyone who crosses a border and fifty iterations of that name, including nicknames and translations. It also checks for last and first name switches to find out if that person should not be allowed into the country.

How does IBM’s MDM solution impact How does IBM’s MDM solution impact people? people? MDM is like a bridge. MDM gives you the MDM is like a bridge. MDM gives you the ability to get IT and business to work ability to get IT and business to work together. And because they are both part of together. And because they are both part of the same process, it’s a joint decision. They start figuring out roadmaps and how they can work together. The people side is among the better benefits we’ve seen.

The Impact Bad Customer Data Could Have on Your Company:66 percent of companies indicate profitability of their companies as a whole was negatively affected by poor information quality 75 percent indicate bad customer data quality is harming customer service,quality and loyalty52 percent identify the integration of diverse systems as a major source of inaccurate information

What Master Data Management Can Do:Increase revenue and customer retentionCost reduction and avoidanceIncrease flexibility to support existing and new business strategyMeet compliance requirements and reduce risk exposure

The Business Value of MDM

SPECIAL SECTION

70%The amount of an executive's time that is spent searching

for data. Only 30 percent of their time

is spent making decisions thanks to a lack of master

data management.

CIO: You say that alignment, focus and direction are critical for an enterprise. How can a CIO drive this for his company?Dr. PatrICk Chan: From a CIO’s perspective, you have to understand the vision of the organization to accomplish their corporate vision. Today, if you look at IT as a tool, it has been ingrained in the business. The CIO has to be a change agent in order to align the organization’s vision with the corporate world.

CIOs are expected to cut costs and also innovate. Aren’t these pulling in different directions?

Cost cutting is always there. The alignment aspects have changed. But cost cutting and innovation don’t always contradict. For example, with virtualization, the CIO can reduce physical server costs and improve agility at the same time.

What are the unknowns that every CIO should be aware of?

The CIO should be aware of exceptions in business response. This is very poor in the Asia-Pacific. A lot of organizations don’t have processes for this. This is crucial — for instance, in manufacturing, this can impact the whole supply chain. CIOs should spend time answering one question: can they predict what is abnormal for their businesses?

You say that you have seen a lot of failures in SOA. What is the main cause? How should it be handled?

The CIO should get support from the top management, and get support from business unit heads. Without this, SOA is doomed to fail. He should also be big on both vision and implementation. If the vision is small, or if it changes midway, then the implementation will not be great.

What should CIOs look out for in virtualization?

With physical servers, problems are difficult to fix. With a virtual server, it is definitely easier. But this apart, the CIO should remember that all physical server problems — like server sprawls — are also found in the virtual world. So, CIOs should plan carefully when they are using virtualization.

How should the CIO cope with the increasingly mobile organization?

It all boils down to the CIO’s ability to lock and have control over the mobile workforce. The first step is to educate your workforce about the right processes that should be followed. The CIO should also find the sweet spot between control and flexibility. He should not force too much control upon his users.

What leadership skills should a CIO possess?

The CIO should be a good negotiator. He should know how to blend IT with business. He should be a visionary in terms of instituting transformative processes within the organization. He should have communicative skills and must be able to tell the CEO about the importance of IT in the organization. Finally, he must be a change agent across all levels.

How will the next-generation enterprise differ from the present ones?

Today’s organizations take months, if not years, to react to business changes. The enterprise of the next generation will be able to do this in a matter of weeks. Today’s organizations are reactive, but the enterprise of the next generation will be more predictive, and therefore, more responsive. Finally, the enterprise of the next generation will have deep insights into all the existing assets, like people, processes, and IT. CIO

Send feedback on this interview to [email protected]

Getting AlignedBy Balaji narasimhan

ExpErt ViEw Dr. patrick Chan


“The CIO should be a good negotiator.

He should know how to blend IT with business. He should

be a visionary in terms of instituting

transformative processes within the

organization.”—Dr. Patrick ChanResearch Director,

Emerging Technologies, IDC Asia Pacific

EXPERT VIEW Dr. Patrick Chan.indd 30 1/2/2008 7:17:48 PM

In your opinion, does virtualization have In your opinion, does virtualization have security issues that need to be resolved?security issues that need to be resolved?There are two parts to this. If you are talking There are two parts to this. If you are talking about security vulnerabilities, the answer is about security vulnerabilities, the answer is no. The code of the latest virtualization is no. The code of the latest virtualization is very thin and is becoming thinner. It is now losing 98 percent of its footprint.

Second, virtualization is now used to augment security. You can build the virtual machine the way you want. The software will take you through simple steps, so if you want to provide for end point security and block certain devices, you can do it. If you want to restrict some network access, or build a sandbox, that can be done too. Virtualization allows you to build a secure shell of a machine by defining the devices and networks. Security is actually one of the big benefits of virtualization.

How are CIOs responding to desktop How are CIOs responding to desktop virtualization?virtualization?At VMWare, desktops are our fastest growing At VMWare, desktops are our fastest growing area, especially from large organizations. area, especially from large organizations. There is quite an interest in taking a laptop There is quite an interest in taking a laptop and putting it in the datacenter. The biggest driver for this initiative is security. Every

time someone loses a laptop with company information, we see a spike in interest.

How can a CIO approach virtualization?How can a CIO approach virtualization?There are a number of easy entry points. One There are a number of easy entry points. One is virtualizing testing machines, because is virtualizing testing machines, because it makes no sense to buy boxes for testing. it makes no sense to buy boxes for testing. Increasingly, a second entry point is disaster Increasingly, a second entry point is disaster recovery. Virtualization allows all that recovery capability on much less hardware.

Another entry point would simply be network infrastructure servers — virtualizing all those servers which are very lightweight and non-mission critical. And as organizations get familiar with this, they can run more mission critical production servers, as a second phase, and then web servers and exchange databases.

When resources are already well utilized, When resources are already well utilized, how does virtualization help?how does virtualization help?We wouldn’t recommend it as a phase if an We wouldn’t recommend it as a phase if an enterprise hasn’t deployed virtual machines enterprise hasn’t deployed virtual machines yet. If they already have some competencies yet. If they already have some competencies around building and operating virtual machines, we would recommend this to a later phase typically.

Having said that most of the users are operating databases. SAP, for instance, is supporting virtual machines. The advantage in doing so is its ability to move it box to box. Virtualization quickens the pace of server maintenance; you can drag and drop the whole virtual machine into a virtualized environment without stopping it. That gives more uptime. So while underutilization is a big driver, there are bigger drivers for enterprises bringing in virtualization. There are a lot of other advantages in terms of flexibility, mobility, etcetera, that come with the demotion capability.

Innovative solutions for the difficult problems facing ITIncreasing utilization, availability and flexibilityUp to 70 percent savings in operational costsServer provisioning cycles cut from weeks to minutes

Freedom to run your choice of operating systemRun unmodified Linux and Windows OSsDramatic hardware costs savings'Same Day ROI'Increased service availabilityPlanned downtime no longer affects service availability

What VMWare Can Deliver

Jim LenoxGeneral Manager, VMWare, Asia SouthBased in Singapore, Lenox is responsible for developing and managing VMWare’s virtualization business in the region’s emerging markets. He brings with him over 15 years of experience in international channel and sales management. Prior to VMWare, he spearheaded international sales and channels management at companies across diverse industries such as wireless technology, aerospace and defense.

Roadmap to Virtual InfrastructureSecurity is one of the big benefits of virtualization.


SPECIaL SECTION

“Every time someone loses a laptop with

company data we see a spike in interest for

virtualization.”

What is the business impact of slow What is the business impact of slow networks?networks?Subconsciously, people are aware of a loss in Subconsciously, people are aware of a loss in productivity. For example, in a BPO, if what productivity. For example, in a BPO, if what you can do in ten seconds takes 45 seconds you can do in ten seconds takes 45 seconds — there's a huge loss in productivity. Organizations only have tools to alert them of a service outage — not of service degradation. It is common sense that there is a huge potential of reducing the intensity and duration of service degradations.

Why does service degradation arise? Why does service degradation arise? There are three basic laws when it comes There are three basic laws when it comes to networks: first, networks never become to networks: first, networks never become slower, second networks never get smaller slower, second networks never get smaller and third, networks never stay the same. and third, networks never stay the same. This is why service degradations arise. All we need to do is plan for high speed which will guarantee increased throughput and reduced response time.

How do you plan a WAN’s capacity?How do you plan a WAN’s capacity?You have an infrastructure already in place. You have an infrastructure already in place. But, do you know if it is being optimally used But, do you know if it is being optimally used for business purposes or non-business for business purposes or non-business applications? For instance, if somebody is applications? For instance, if somebody is sharing music then that’s a completely non-business purpose. This is the first thing we

need to understand. Once you have an idea of who is using your bandwidth, then you can plan your WAN capacities. People do not have even a faint idea of how this bandwidth is being used. Forget about planning, there is a long way to go.

How does your integrated framework How does your integrated framework model reduce response time?model reduce response time?Network availability is at the base of the Network availability is at the base of the pyramid and then there is infrastructure pyramid and then there is infrastructure availability. Everyone has invested in it, but availability. Everyone has invested in it, but no one has a clue about how it is being used or about its response time. The integrated framework consists of a series of functions like availability, usage, response time and business views. Once you know what you want and are sure about your resources then that by itself will reduce your response time.

What do you mean when you say What do you mean when you say network performance has to correlate network performance has to correlate with delivery?with delivery?Any of the network performance issues that Any of the network performance issues that are hindering the successful delivery of are hindering the successful delivery of applications can affect delivery. A lot of times, organizations run converged applications they have voice, real time video, etcetera,

on one single network. There is a sudden surge in information and this upsets traffic. We need to understand the parameters and the status of the network today. Users lack an understanding of its impact. We can help them with that.

What does the Network Tracker do? What does the Network Tracker do? We provide high quality solutions that are We provide high quality solutions that are easy to use, deploy and manage. We have easy to use, deploy and manage. We have faster application servers that provide faster application servers that provide efficiency with less risk. Our Network efficiency with less risk. Our Network Tracker does exactly that. It tells you how your bandwidth is being utilized, it looks at the usage portion and response analysis.

Business Benefits Resulting From Managing Performance:

Faster implementation of new and improved business servicesImplement competitive advantage initiatives or ‘keep up’Unified communications

Inventory, logistics, CRM, ERP Risk mitigationBetter control over the infrastructure that delivers business critical servicesTop line revenue Incurred expense Customer satisfaction

Benefits for C-level Executives

A. SitaramaiahGM Sales, Fluke Networks India Sitaramaiah has over 20 years experience in the IT industry with CMC, R&D, Tyco Electronics and now at Fluke Networks. Sita, as he is popularly known in the industry, is passionate about pioneering technology that help organizations derive competitive advantage in their operations. He has a Master's degree in communications systems from the University of Roorkee and a Master's in business administration from Osmania University.

No Network FlukeA speedy, reliable network doesn't happen by itself.


SPECIAl SECTION

“Once you have an idea of who is using your bandwidth, then you can plan your WAN

capacities.”

Trendline_Nov11.indd 19 11/16/2011 11:56:19 AM

If 2007 was any indication of what's to come, the one thing companies using expensive enterprise applications — ERP, CRM and supply chain management systems — can expect is more change in vendor alliances, pricing schemes and software innovation in 2008.

On top of that, gloomy economic forecasts for 2008 could have significant financial consequences for CIOs and their IT budgets.

So with an uncertain financial outlook, it looks like CIOs will (again) be asked to do even more with even less. And nowhere is that more critical than with a company's core enterprise apps and software platforms.

"Globalization, rapid market change, a changing workforce and regulations have made more agile and usable applications into a business imperative," says Sharyn Leaver, research director of business process and applications at Forrester Research. "The result: process and applications professionals are on the hook to deliver more agile and usable applications."

In addition, Jeff Woods, a research VP at Gartner, says that mounting pressure from the business side to get ‘real business benefits’ from enterprise systems while also taking advantage of advances in technologies such as SOA to stabilize computing environments leaves CIOs to "make strategic decisions that are more important than the ones they had to make pre-Y2K."

Here are six areas that will have a big impact on CIOs' 2008 enterprise plans:

More App Vendor ConsolidationIBM buys Cognos. Oracle gobbles up Hyperion. SAP swallows Business Objects. HP acquires Opsware. And Microsoft buys a number of software makers.

This past year will be forever known as the year of enterprise software consolidation and acquisitions.

Vendor Management

By Thomas Wailgum

Enormous vendor consolidation has

changed the enterprise application landscape

forever. But there's more change and uncertainty on the horizon for CIOs.

Here's what you can expect and what you

should do.


Vendor Consolidation

Ahead

LookOut

Feature - Look Out.indd 34 1/2/2008 4:32:03 PM

Billions were spent by the big boys (SAP, Oracle, IBM, Microsoft) on smaller competitors that offered tantalizing application sets.

So what should CIOs expect in 2008? According to a survey from technology consultancy The 451 Group, people in the software industry expect more mergers. More than 85 percent of corporate development professionals at companies that have acquired other companies within 2007 said that they ‘expect to maintain or increase current-year levels of merger and acquisition (M&A) activity in the coming 12 months’, with half of the companies expecting to increase M&A spending. The survey polled corporate development and strategy professionals from companies that collectively have spent more than Rs 600,000 crore to acquire nearly 500 target companies during the past five years. Less than 10 percent of the respondents said they expect their acquisition volume to decline.

A survey by Duke University and CFO Magazine found that 40 percent of US companies plan to acquire assets in 2008. One-third of those plan to buy a company or companies, and 22 percent plan to acquire assets of another company but not the entire company.

Forrester's Leaver says that she expects 2008 will see more consolidation, primarily in industry-specific niche application sets, adding: "I don't think it'll be as big as 2007. It terms of the really big offerings, there aren't that many left."

The Rise of the Vendor EcosystemBefore you roll your eyes at the sight of another vendor buzzword like ‘ecosystem’, at least consider the logic and potential importance of the New World Order of vendor management in 2008.

As a natural extension of all the consolidation, and with fewer midsize and bigger players to choose from (which is relatively speaking, of course; there are thousands of smaller software vendors out there), CIOs will have fewer options to choose from. That said, the enterprise vendors realize that innovation and their future success is all tied to their relationships with smaller players, business partners and developer communities.

So while CIOs may be buying an SAP or Oracle software package on the surface, they should also do their homework and figure out who are the businesses and alliances that are a part of SAP's ecosystem, for example, and how they match with the CIOs' enterprise technology strategies. "The ERP system is basically a platform for an ecosystem to develop around,"

says Gartner's Woods. "This is the way you have to look at sourcing your ERP today, and the trend will only become more dominant in the future."

Forrester's Leaver stresses that CIOs need to become less of an ‘observer’ with their application investment strategies (for instance, letting one or two of the large vendors drive their strategy). Instead, CIOs need to be more proactive about determining which vendors' ecosystem synchs up best with their own long-term ERP strategy.

This is critical because if your vendor's ecosystem includes industry-specific applications (say you're in the retail industry) that meet your long-term needs, you will have an easier time identifying and integrating the next killer application into your ERP backbone.

The differences in the major vendors' plans are obvious, Woods says. Oracle, for example, has bought or developed in-house industry-specific apps, such as in the retail or telecom space, whereas SAP has relied on its platform and its partners to develop its future killer applications, he says.

The importance of what each vendor's ecosystem can deliver shouldn't be overlooked by CIOs. "Remember, without a killer app, " Woods says, "a platform doesn't live very long."

Fierce Competition ContinuesWhile the competition in this space has always been intense, CIOs can expect more hand-to-hand combat among enterprise application providers. "I don't see, at this point, any relaxing of the competitive intensity of this industry," says Woods. And that's one piece of good news for CIOs.

Even as the enterprise vendors accumulate more areas of expertise and technology platforms (through organic development or acquisition) and become economies unto themselves, there still is plenty of vendors to play against each other during negotiations, say analysts. That's because "there is so much margin on the line," Woods says.

The advice for CIOs: don't be afraid to play the vendors against one another. "The vendors are getting smarter about when to compete and when to coordinate — what's worth fighting over and what's not," Woods says. And if your business is worth fighting over, you should be able to get a

sweet deal in 2008. In addition, with all of the freshly minted M&As, adds Ray Wang, a principal analyst at Forrester, now is as good as time as ever to negotiate longer maintenance contracts and buy new modules at significant discounts. "In the history of post-merger announcements," he says, "sales reps typically will be offering sweetheart deals to close out the quarter and status as an independent company."

Vendor Management

Reader ROI:

How you can deal with vendor consolidation

The advantages of this trend

What to watch out for in third-party maintenance business models



We Know About the Goliaths. Don't Forget About the DavidsThe goliath enterprise vendors aren't known for their innovation. But smaller vendors are.

In the future, those small vendors will be building applications with greater flexibility and ‘plug and play’ adaptability than what comes out of the bigger companies' R&D departments. For example, Leaver notes that most small vendor apps are being built so that they can run on top of IBM Websphere, SAP NetWeaver and Oracle middleware products so that IT departments can ‘configure it and change it on the fly’. And with these applications, IT people have to worry less about architecture decisions, and just base their purchases on the relative usefulness of the application itself.

In addition, Albert Pang, IDC's director enterprise applications research, notes that all this innovation will lead to more Web 2.0 applications for enterprise users. "It will not be long before business users are able to take advantage of tools from vendors such as Serena Software that essentially allow them to create mashup content on the fly," he says.

The overriding message for CIOs, according to Pang, is that they "need to balance their systems landscape in a way that doesn't allow any one vendor to have undue influence over their strategies," Pang says. "When that happens, they can play them against each other, and they can take advantage of all these development efforts going on."

What's to Come of Enterprise License Maintenance Fees?It seems like CIOs have forever complained about the sticker shock of enterprise software maintenance fees. The costs, which historically have averaged right around 22 percent a year for enterprise implementations, are a huge financial hit for many IT departments.

"When the vendors emphasize tactical improvements as the primary value delivered by maintenance, that has caused people to say: 'What am I getting for my maintenance dollars?'" says Woods.

During the last year or so, many CIOs have either looked into or completely turned over their ERP or CRM systems maintenance to a third-party provider such as TomorrowNow or Rimini Street. But the lawsuit that Oracle slapped upon TomorrowNow and SAP's missteps in handling the situation at TomorrowNow has cast a shadow on the third-party maintenance business model.

Even so, third-party maintenance has piqued IT executives' interest and will continue to do so in 2008. "What TomorrowNow is a manifestation of the market questioning

the value of maintenance," says Woods. "Almost everyone asks the question: can we rethink our maintenance approach? Now is that third party, or going off maintenance altogether, or stabilizing the system?"

A big reasons for CIOs' frustration is that some vendors aren’t doing a good enough job articulating their path to

the next generation of enterprise tools, Woods says. "It's a complicated decision, and there are not easy answers for it. It has to be linked to the business strategy and risk portfolio."

Of course, maintenance fees are infamous for their 90 percent margins. Which makes vendors loathsome to even talk about them, let alone consider making some significant changes. Leaver, however, says that could start to change in 2008. If they want to keep their current customers happy, she says, "the application companies are going to have to rethink

their pricing schemes and maintenance fees."

The Supply Chain Gets Even More Wireless — and DangerousWireless technologies will continue to influence the future of the supply chain. At the forefront and gathering much of the attention is RFID, which, while still nascent, will continue to expand in 2008, say analysts.

But it is other advances in the supply chain, such as increased use of wireless technologies for data transmissions and operational transactions in distribution centers, that have made supply chains even more efficient.

Analysts point out, however, that wire-free does not mean risk-free. A recent report from Retail Systems Research (RSR) details the growing dependence on wireless technologies and monumental risks posed by the new breed of devices in the supply chain and beyond.

RSR analyst Steve Rowen describes the current situation as this: wireless attackers, who now have motive and technological savvy, have identified companies' "lackadaisical treatment of data flow as a viable opportunity, extending well within the reach of highly organized crime factions," Rowen writes. "Theft of retailers' customer data is no longer just for 'hacks;' it has become very big business."

Rowen’s first piece of advice for 2008: elevate the conversation. "The most successful security programs are those which gain the interest of C-level executives — early on," he writes. "This process will slightly vary from one retailer to another, but is commonly bound by a joint presentation of the company's current — and needed — security status to the board of directors." CIO

Send feedback on this feature to [email protected]

Vendor Management


85%The number of

corporate development professionals who

expect to maintain or increase last year's

levels of M&As.


Ramachandran set the ball rolling by saying that, for many, CIO stands for ‘career is over’. What should CIOs concentrate on: business or technology to take their careers forward, he asked.

Gupta said that one problem that CIOs face is that a lot of users believe that they know technology better than the CIO, and also added that many users also believe that their grasp of business is better than the CIO's. He said that their views sometimes lend new perspectives, but added that, a lot of the time, they don't get you anywhere. Gupta also said that, business and technology apart, the CIO should ensure that he can

'make progress' — for himself, for his users, and for the organization’s end consumers.

What Makes a CIO: Technology or Business?Ramachandran then wondered if one could become a great CIO without a deep understanding of technology. Kumar believed that first, one needs to be current with business. He said that the CIO should look at what the CEO of his company is looking for: is he interested in business transformation, or growth, or business processes? The CIO should realize that the CEO is looking for a partner

In a panel discussion titled ‘The Future is Here’, Arun Gupta, customer care associate and CTO, Shopper's Stop; Alok Kumar, global head-IT, TCS; and T.K. Subramanian, divisional VP-IS, United Spirits, debated the career progression of CIOs. The panel was moderated by Vijay Ramachandran, Editor-in-Chief, IDG.

Panel Discussion

By Balaji NarasimhaN

TheFuture

is hereis here

TheFuture

The identity of the CIO has

never been under such scrutiny.

Vol/3 | issUe/043 8 J a n u a r y 1 , 2 0 0 8 | REAL CIO WORLD

Panel Discussion.indd 38 1/2/2008 4:33:00 PM

who understands the needs of the business, and can implement what he wants with the aid of technology. Therefore, said Kumar, while the CIO should understand technology, his business skills are of greater importance.

Then, is the CIO responsible for creating an aura around technology, and making business people believe that technology is not something that they really understand? Subramanian said that, in the old days, the CIO was no more than an IT manager, and the business heads had to listen to whatever he said. At the same time, he said, the line-of-business heads also didn't have much choice, and had to take whatever was given to them by the CIO. Later, the CIO entered a new phase of cost cutting and process standardization.

Subramanian added that, over a period of time, the CEO realized that the CIO had a complete view of the organization. So, CIOs became involved in all aspects of the company that involved information process and flow. Because of this, the CIO is also responsible for information security and compliance today, he averred, and went on to add that this change means that the CIO has to focus more on business rather than technology.

Does this focus on business mean that anybody can do a CIO’s job? Gupta said that the CIO's role in the future is not expected to continue the way it is today. He said that this change is driven by the inherent complexity that already exists within organizations, but conceded that technology has today become more resilient and fail-safe. All this means that the focus is moving away from technology, and therefore, going forward, a lot of future CIOs need not necessarily be technologists.

Adding to this, Kumar felt that today, organizations are more structured than they were around two decades ago. He pointed out that in order to manage business problems, many CIOs have specific departments dedicated, and such departments take on the onus of interfacing with both IT and the business. The CIO sits on top of such groups in order to coordinate their activities, and so, he needs to know a little about all the individual pieces, he said.

And What If You Outsource?Subramanian's opinion was that one can define the role of the IT department as being strategic,

tactical, or operational. He felt that in this day of outsourcing, if a CIO gets a very well structured outsourcing policy, then he could outsource much of the technology activities and ensure that the business can manage the operations.

But Subramanian was also quick to add that all this depends on the maturity of the organization. He felt that, if the organization is mature enough, then this is possible. To buttress his argument, he pointed to Bharti Airtel, which has outsourced most of its IT activities to IBM. But, he conceded, just as Bharti has a CIO to manage strategic activities pertaining to IT, similarly, other companies too will need somebody to take strategic IT decisions.

On the ability of business people to don the mantle of the CIO, Kumar said that, for example, in the retail industry, the person in charge of the supply chain management has a bird's eye view of the entire organization, and therefore, can become a CIO. He also said that he knew of five retail organizations where the CIO was also the head of the supply chain. Kumar also firmly believed that the CIO has to understand the problems of the business, and said that the CIO should take every opportunity presented to him to ensure that he understands the business, and also to communicate with business heads.

CIO++So, if the CIO knows the functioning of the business from end-to-end, then should he be looking to become a CIO++, asked Ramachandran. Kumar said that he knew of CIOs who were expanding their activities and taking on business roles in addition to traditional roles. He said for such a person, the next logical step could be the office of the CEO.

Gupta's take on this was that, as long as the CIO remains involved in technical activities like buying routers, he cannot become a CIO++. Talking about his own experiences, he said that, in the last four organizations he worked in, he headed a profit center or has otherwise been responsible for business functions in addition to his role of a CIO. But he felt that this has more to do with individual interests, and pointed out that organizations are not going to create such positions for CIOs. It is therefore up to the individual to demonstrate that he is capable of moving beyond his current role. CIO

Balaji narasimhan is special correspondent. Send

feedback to [email protected]

Panel Discussion

REAL CIO WORLD | J a n u a r y 1 , 2 0 0 8 3 9Vol/3 | issUe/04

Arun GuptaCustomer Care Associate & CTO,

Shopper's Stop

Alok KumarGlobal Head-IT, TCS

T.K. SubramanianDivisional VP-IS, United Spirits


Index

41 | expert VIewLifecycle for Storage SuccessYou have to start now to make information lifecycle management work.

42 | ColumnProtecting Data Against HumansContinuous data protection can help guard against human errors.

48 | CIo VIewpoIntMedical MarvelsAdvances in medical technology are putting a strain on storage systems.

49 | FeatureSolid State Drives: Coming To a Datacenter Near YouSSDs need to clear the cost and capacity hurdle to become mainstream.SSDs need to clear the cost and capacity hurdle to become mainstream.SSDs need to clear the cost and capacity hurdle to become mainstream.

54 | peer SpeakStorage Woes in 2008Efficient and secure storage could partially define the CIO role.

Ill

us

tr

at

Ion

by

an

Ilt

A Look atStorage

“People want to buy less expensive

infrastructure, just for the sake of it without thinking about what

the organization actually needs. You

need to work your pros and cons out and

then take decisions. That’s what ILM

gives you.”—Pradip Bhowmick

Assistant Director, PricewaterhouseCoopers

Lifecycle for Storage SuccessBy shardha suBramanian

ExpErt ViEw pradip Bhowmick

CIO: What do you mean by a 'formal' data strategy? PradIP BhOwmICk: There has to be a formal policy for managing data, something like a lifecycle flow. It would incorporate developing a strategy of how and when data should be managed, who accesses it and at what point of time. Simply put, it is about archiving of data according to a policy in place.

What are the factors for selecting appropriate information lifecycle management solution?

Relational databases are growing at the rate of 125 percent annually. According to a survey conducted by Sun Microsystems, when data is divided into essential and non-essential, storage size is reduced up to 50 percent. It is important for the CIO to know that data is most valuable when it is created and also the point of diminishing marginal returns.

Considering all this, an appropriate ILM would be the one that has the ability to do an archival, can move storage from one part to another and can create metadata in no time.

Why do you feel that interoperability leads to traps?

People want to buy less expensive infrastructure, just for the sake of it without thinking about what the organization actually needs. Here, interoperability becomes very critical. If you have a defined set of services that you are looking for, depending on archiving data or storing data, then you will not fall for vendor pitches.

You need to work your pros and cons out and then take decisions. That’s what ILM gives you.

How does a service storage value system provide value?

Basically, it defines specifically that infrastructure will provide all the services. The value to CIOs is that they can now ask for definitive features, there is a standard definition.

They also don’t have to bother about questions like whether this talks to that etcetera. In any organization if the whole backbone of managing data is aligned with the policies and procedures, then business value is much better.

What should be the focus of CIOs in terms of storage?

It definitely should be on having this whole policy of formal data strategy for management of data in place. It should be about facilitating communication across the enterprise so that people are informed about who is handling what process.

Knowing the value of data at different points of time, if not quantitatively then qualitatively based on which a policy should be drawn. Creating a strategy, a process and a structure, and then implementing it would be the primary focus in the year ahead. CIO



EXPERT VIEW Pradip Bhowmick.indd 41 1/2/2008 7:22:46 PM

Continuous data protection (CDP) and its close cousin, data snapshot technology (which might be considered ‘CDP on the cheap’), are the latest fashion among backup/

restore vendors.IBM, for example, is promoting its Tivoli Continuous

Data Protection for files product under the slogan, ‘When once a day is not enough’.

The implication, which some vendors are pushing, is that this is a replacement for other kinds of backup, better than tape but less expensive than the three-node architecture.

CDP/snapshot backup, however, is a new approach aimed at a different problem than traditional backup/restore solutions, says Peter Burris, consultant and co-founder of Wikibon.org. "CDP is a first important attempt at providing protection against both human error and against data corruption caused by unanticipated interactions between applications," he says.

While these issues have caused problems since the start of the computer age, they are becoming more important, Burris argues, as end-user computing moves from desktop and laptop systems to mobile handheld devices. "On a PDA, all it takes is an accidental swipe of a stylus or tap on the wrong tiny virtual button to wipe out an important e-mail or document," Burris says. Simultaneously, the advent of service- oriented architecture (SOA) increases the potential for data corruption, not only from unanticipated interactions among applications, but also from among pieces of code inside an SOA application.

Protecting Data Against Humans Humans, tend to make mistakes and make data disappear. Continuous data protection can help.

Bert Latamore TechnoLogy aT work

Vol/3 | ISSUE/044 2 J A n u A r y 1 , 2 0 0 8 | REAL CIO WORLD

Ill

US

tr

at

Ion

by

an

Il t

Coloumn Protecting Data Against Humans.indd 42 1/2/2008 4:36:54 PM

Can you give us a brief background to Softek?Can you give us a brief background to Softek?Softek was bought and integrated into IBM at Softek was bought and integrated into IBM at the beginning of 2006. Mainly, the idea was to the beginning of 2006. Mainly, the idea was to provide a platform for customers to migrate data provide a platform for customers to migrate data easily — from one storage device to another. easily — from one storage device to another.

Why is what Softek offers so much more Why is what Softek offers so much more important today?important today?It is important primarily because of the It is important primarily because of the dynamism that exists in the market. Because dynamism that exists in the market. Because of this dynamism companies are re-locating of this dynamism companies are re-locating data centers for cost reasons. They are also consolidating their numerous data centers reduce the cost of operations, power consumption, management and so on. And over 50 percent of the time, people move data because of technology refreshes — whether it is movement from one server to another or one database to another.

From our survey, over 41 percent of companies migrate on a yearly basis. Out of these 82 percent have some sort of trouble. This is why Softek is gaining more importance.

Can you elaborate on the types of issues CIOs Can you elaborate on the types of issues CIOs face when they attempt migrations?face when they attempt migrations?Mainly, the issues fall into four different Mainly, the issues fall into four different categories. One is data loss and the loss of data categories. One is data loss and the loss of data consistency after a migration. The second is cost consistency after a migration. The second is cost overruns. Third is time; CIOs specify a window of time to move, they plan for it and then the window extends, thereby impacting business. Finally, once data is moved, its performance and availability is compromised because the new environment is not conducive to the new data.

What can Softek do for CIOs who currently What can Softek do for CIOs who currently face these problems?face these problems?Softek goes to the heart of addressing two main Softek goes to the heart of addressing two main issues: the lack of flexibility and the increased issues: the lack of flexibility and the increased complexity in data migrations. These two cover complexity in data migrations. These two cover all the challenges I just spoke about.

What do we mean by a lack of flexibility? Flexibility is the ability to move from anywhere to anywhere, whenever you want, whatever you want. That’s the sort of flexibility that Softek offers and it also offers data consistency and availability, before, after and during the move.

The second aspect is complexity — the inter-relation between data and the different types of data. For example, if you move data, without taking into consideration related data, you may leave orphaned data in the primary, which, by itself, won’t make any sense. The end result? You have an inconsistent target and source and data is completely unavailable.

With Softek, you have an assessment base that can envelope the entire environment so that information — not only data — remains intact.

Today, data migration is an inevitable challenge. Softek gives CIOs flexibility and masks complexity

It Isn’t EasyPercentage of users who experienced problems during data migrations:64% Unexpected downtime38% Application performance issues 38% Data corruption38% Data corruptionAnd it Cost Them:85% Excessive staff time54% Budget overage51% Technical compatibility issues

What Softek TDMF Can Do:Eliminate application downtimeImprove performance with load balancingFree up the maintenance window for other tasksImprove the total cost of ownership of an IT environmentReduce lease/maintenance costs

Move Anything, Anytime

Subram NatarajanSenior Consultant-SSG Asia Pacific & EBC Program Manager, IBMIn his current role, Natarajan engages with key customers across the Asia Pacific region, helping them address their IT challenges by providing them creative solutions. He recently moved from the US to help with IBM’s regional storage business. Prior to this, he was a solutions architect for the storage group in Asean /SA region. In that role, he solidified his reputation as a strong, capable technical leader who delivers results. Here he talks about a data migration solution.

Making Data Migration a CakewalkGive your storage more flexibility and less complexity.


SPECIal SECTION

“Over 41 percent of companies migrate on a yearly basis. Out of these

82 percent have some sort of trouble.”

Killing Mosquitoes with a SledgehammerTraditional backup/restore approaches are focused on protecting against device failures ranging from a hard drive crash up to the loss of an entire data center in a regional disaster. Going to backup tapes to try to recover a spreadsheet someone accidentally deleted is like killing mosquitoes with a sledgehammer.

CDP works on a more granular level, focusing on individual applications or files down to the end-user device level. Thus, a CDP system may back up the Exchange database on a specific user's PC. If a user accidentally deletes a critical file, that specific database can be restored quickly and comparatively easily to the state just before the deletion without involving anyone else. The danger of this is that it can create discrepancies between the restored database and the rest of the system, so, for example, e-mails that arrived after an incident may be lost from the user's Exchange database. These, however, can be restored from the server.

This, however, is exactly why CDP/snapshot shouldn't be considered as a replacement for normal backup technologies such as tape, warns Wikibon co-founder David Floyer. The discrepancies that are easily fixed on one PC or one application become impossible to manage when trying to restore an entire database.

CDP also has a large price tag. Because it captures each individual database write and then adds a time stamp and sometimes other metadata, it can easily triple the total storage needed by the application. In some installations, Floyer estimates it can use five times the base storage capacity, with a similar traffic load on the network. Many data centers today are struggling to keep up with the astronomical growth in storage demand. Thus, CDP, or even snapshot backup — which puts less demand on corporate systems but still has a considerable cost — is best reserved for applications with critical latency demands, says Burris.

By its nature, CDP is also a short-distance technology. Basically a near-parallel approach to data preservation, it usually backs up to a local network appliance. This precludes backing up to a safe, remote site and leaves the CDP data vulnerable to many of the same interruptions that affect the main database. An electrical outage will hit the CDP network device just as hard as the database being backed up, and a

regional disaster that wipes out the data center will take the CDP system with it. So CDP isn't a replacement for tape in a vault.

Snapshot AdvantagesSnapshot capture has its own advantages that go beyond cost and complexity. Because CDP captures data as it is written to disk — while most applications hold data in buffer before writing to disk — at any given moment, it doesn't have all the most recent data. A snapshot system can trigger a buffer dump to disk just before each snapshot. This can give it a near equal latency as CDP on average, depending on the rate of change to the data and frequency of snapshots, says Floyer. Depending on exactly when in the cycle the backup occurs, it could have more complete data than continuous CDP. However, it does have performance implications, because the application must pause every time it dumps its buffer.

For all these reasons, Burris says, "users need to recognize that CDP is not a new solution to the old problem of device failure but rather an answer to different problems." He says that while those problems have always been with us, they are becoming more important as hardware dependability increases and the opportunity for unanticipated application interactions also increases — and the threat of human error remains.

"As a result," he says, "we will see a shift in emphasis in information protection that will increase the urgency of the need for new, creative answers over the next decade. Vendors need to step up to the plate, and users need to be clear on what they are protecting against, or they risk sticking their thumbs in the wrong hole in the dike." CIO

Bert Latamore is a journalist with 10 years' experience in daily newspapers

and 25 in the computer industry. He has written for several computer

industry and consumer publications. Send feedback on this column to

[email protected]

Bert Latamore TechnoLogy aT work

cDP also has a large price tag. Because it captures each individual database write and then adds a time stamp and sometimes other metadata, it can easily triple the total storage needed by the application. In some installations, it can use up to five times the base storage capacity.

Vol/3 | ISSUE/044 4 J A n u A r y 1 , 2 0 0 8 | REAL CIO WORLD

Coloumn Protecting Data Against Humans.indd 44 1/2/2008 4:36:54 PM

What is Business Service Management?What is Business Service Management?Business Service Management (BSM) is a Business Service Management (BSM) is a concept that aligns IT to the business of an concept that aligns IT to the business of an organization. Keeping business success as organization. Keeping business success as the topmost goal, BSM helps tie business the topmost goal, BSM helps tie business expectations to the IT elements that support its smooth functioning.

For example, on the billing day of a mobile phone service provider all related IT components supporting billing have to perform. The emphasis is on whether the organization can publish all the bills rather than measuring the individual performance of underlying components like billing applications. This can be accomplished once you are able to relate all the supporting IT elements and do an intelligent correlation. The concept is quite different from conventional silo-based management approach.

While BSM is the end-goal, the Vantage set of products help organizations in a lot of areas like end-user experience monitoring, application performance on network, server performance, etcetera. Based on how mature an organization’s IT is, Vantage can be deployed to implement

concepts like application service management (ASM), IT service management (ITSM).

Vantage gives organizations the ability to correlate performance metrics from different components of deployed IT with representations in the form of dashboards for a hawk eye view of IT performance and subsequent drill down in case of performance degradations.

In Oxigen's case, Vantage is used as an In Oxigen's case, Vantage is used as an outsourced app. Have there been issues? outsourced app. Have there been issues? This tool is being offered by service providers This tool is being offered by service providers worldwide in an outsourced environment. In the worldwide in an outsourced environment. In the outsourced model, customers get the advantage outsourced model, customers get the advantage of third-party services without compromising on the functionality of the tool. A service provider can bring more value by adding additional service elements. There has not been any issue with the tool because it is outsourced.

Have there been any other implementation Have there been any other implementation issues related to BSM? issues related to BSM? As long as we can map the critical business As long as we can map the critical business processes of an organization to the underlying processes of an organization to the underlying

IT elements, the implementations typically go through quite smoothly — environmental issues not withstanding.

What kind of market do you see for Vantage, What kind of market do you see for Vantage, going forward? going forward? Any organization running mission critical Any organization running mission critical applications to service their customers and applications to service their customers and generate revenue is a potential candidate for generate revenue is a potential candidate for BSM deployment. This applies to organizations in the areas of banking, finance, insurance, telecom and portals. Large organizations in the areas of manufacturing, retail have a strong track record of deploying BSM worldwide.

Current Status:Over 35,000 points of saleOver 7 million transactions a monthCustomer support in all citiesCentralized call center

By End 2008:Footprint in 50 major towns.100,000 points of saleOver 3,000 cybercafés nationwideOver 4,000 kiosks in seven states100 kiosks in south India

250 Internet kiosks now, 1,000 in next 12 monthsSMS based roll-out with mobile payments, over 2,000 outlets planned1,000 Internet kiosks at the gram panchayats level in the state of AP, growing to over 5,000 by March 2008250 Internet-enabled outlets in AP for utilities payment and now prepaid, growing to over 2,000 Internet kiosks in six months

How Compuware Helps Oxigen:

Hariharan Ganesan Managing Director, India & SAARCPrior to joining Compuware, Ganesan worked with leading companies like Peoplesoft and Oracle, Microland and TVS Electronics. In a career spanning almost two decades, he has handled regional- and national-level roles, including direct sales, channel sales and strategic alliances.

Tools for BusinessGive your enterprise's applications more oomph.


SPECIal SECTION

“Any organization running mission-critical

apps to service their customers and generate revenue can use BSM."

How can CIOs move their focus from How can CIOs move their focus from technology to information?technology to information?The leap has to come from the organization. The leap has to come from the organization. This may take time because it is primarily This may take time because it is primarily linked to the mindset of the organization. linked to the mindset of the organization.

The day the CIO stops counting the number of CPUs in a server, he will see what is relevant to the business — and then, he will move from technology to information.

Regarding virtualization, what problems Regarding virtualization, what problems should CIOs be aware of?should CIOs be aware of?First, let’s look at the benefits: virtualization First, let’s look at the benefits: virtualization helps a CIO with the optimization helps a CIO with the optimization of infrastructure. of infrastructure.

This is important because a CIO can no longer manage things by just adding more disks in order to boost storage. CIOs must optimize their infrastructure.

Now, coming to the negatives, I don't think we have reached a stage where pitfalls are abundant. Today, virtualization is a very positive move for the industry because it is giving us what the world never had.

The problems will only come when you have done it for a few years. But remember, even the best cars have problems.

In your opinion, is application-based In your opinion, is application-based security going to replace perimeter security going to replace perimeter security, or will they coexist?security, or will they coexist?I think they will coexist. You still need I think they will coexist. You still need perimeter security for organizations perimeter security for organizations that are in the online space or have enterprise portals.

Perimeter security will still play a vital role. But, going forward, application security will be more critical. Let me give you an example. If you store jewels in one room in

your house, you will ensure that this room is always locked. But you will still lock the front door when you go out.

This is the same way in which application security and perimeter security will coexist.

When will words like zeta byte and When will words like zeta byte and yottabyte become as common as gigabytes yottabyte become as common as gigabytes and terabytes are today?and terabytes are today?My personal thought is that people will My personal thought is that people will use such terms in three or four years. We use such terms in three or four years. We have a customer in India who already has 2.2 petabytes.

We are doing such a solution in India for the first time. This is the single largest single-shot implementation in India.

So, today itself, we are talking about petabytes. I’m sure that in 2008 we will be talking about exabytes, and by 2010, we will move to zeta bytes. After that, we may start talking in yottabytes.

In 2007, information growth is expected to In 2007, information growth is expected to overtake storage capacity. Where do we go overtake storage capacity. Where do we go after that?after that?If we don't get innovative with our information If we don't get innovative with our information infrastructure, we will have problems. But infrastructure, we will have problems. But technologies like virtualization and data de-duplication are here to help CIOs.

The technology is there, but it has to be correlated with the information infrastructure so that an organization’s propensity to buy more storage reduces, thereby creating an intelligent information infrastructure.

An EMC study shows that individuals An EMC study shows that individuals create 70 percent of digital information. create 70 percent of digital information. What should a CIO watch out for?

All this information is unstructured data. All this information is unstructured data. We need a set of processes that will ensure We need a set of processes that will ensure that this data is managed in such a way that this data is managed in such a way that it is of relevance to the business.

How should CIOs approach this problem?How should CIOs approach this problem?The CIO should realize that unstructured The CIO should realize that unstructured data has individual value, but no data has individual value, but no corporate value. So, he should make use corporate value. So, he should make use of document and business management of document and business management tools, along with data capturing and conversion tools, along with data capturing and conversion tools, and ensure that unstructured data is converted into structured data.

Ultimately, stored information needs to be Ultimately, stored information needs to be retrieved. What are the issues involved?retrieved. What are the issues involved?

“Let's just look at one thing: reducing

expenditure on storage. From there comes the need to innovate and look at a new way of managing things.”

Praveen SahaiHead Marketing & Corporate Affairs for India and SAARC, EMCIn his role at EMC, Sahai is responsible for spearheading the marketing strategy for EMC in the region. He is also responsible for the corporate brand building and developing and enhancing relationships with internal and external stakeholders. Prior to joining EMC, he was the product marketing manager, South Asia, Sun Microsystems. He has also led a host marketing functions including integrated marketing communications and channel initiatives.

Focusing on InformationStop thinking data, think information.


SPECIAl SECTION

The biggest issue is being able to retrieve The biggest issue is being able to retrieve point information when you want it. To do point information when you want it. To do this, you have to plan in advance.

For starters, don't spend on a half-baked solution. Identify the needs of your organization and then plan accordingly.

Sometimes, CIOs need to store data for Sometimes, CIOs need to store data for over 20 years. Since storage media doesn’t over 20 years. Since storage media doesn’t last this long data has to be copied to last this long data has to be copied to newer media. How can this be automated?newer media. How can this be automated?The complication is about predicting the The complication is about predicting the future. Since you don't know what sort of technology is coming three years from now, you can't create a solution today.

Let me give an example. Look at mobile phones. Even if you have changed your mobile phone in the last six months, you will still retain the number of a contact, which is over seven years old.

The same is also applicable in the corporate world.

Archived information is closely aligned Archived information is closely aligned with non-repudiation. Does it throw up with non-repudiation. Does it throw up requirements for managing data integrity?requirements for managing data integrity?We have a product called Centera, which is We have a product called Centera, which is a hardware device, and it is coupled with a a hardware device, and it is coupled with a few software tools.

Centera makes sure that your data cannot be changed once it is stored. You can only write once, but you can read as many times as you want, subject, of course, to policy settings.This is based on a low-cost SATA product line, and therefore, the cost not as expensive as with a primary storage solution. But Centera is useful in legal situations because you can prove in a court

of law in India — it complies with the Indian IT Act, the Indian Evidence Act, and with SEBI’s Clause 49.

Internationally, it complies with Sarbox and HIPAA, among others.

Store, protect, optimize, leverage, these Store, protect, optimize, leverage, these according to you are the critical parts according to you are the critical parts of managing data. The toughest part is of managing data. The toughest part is obviously leveraging information. How obviously leveraging information. How should a CIO face this challenge?should a CIO face this challenge?I wouldn't call it tough; I would call it instrumental. We call things tough when we have not done it.

When we get the first three things right, we need to wonder: what about the fourth piece? Is the CIO telling the management that we now need to leverage the data? Is the CIO selling what he has done?

CIOs are great when it comes to understanding and managing technology, but they are not always good at highlighting their achievements.

Finally, what should a CIO concentrate on Finally, what should a CIO concentrate on in a storage context?in a storage context?Let's just look at one thing: reducing Let's just look at one thing: reducing expenditure on storage. From there comes expenditure on storage. From there comes the need to innovate and look at a new way the need to innovate and look at a new way of managing things.

CIOs must stop buying more disks and start utilizing the existing infrastructure in a better way.

SPECIAl SECTION

Over the next three years, digital information will multiple by six times to 988 billion gigabytesIndividuals will create 70% of the digital information. Organizations will bear responsibility for the security, privacy, reliability, and compliance of at least 85 percent of that information

Where We Can Engage StrategicallyInformation lifecycle managementGrid and virtualizationPreparing for service-oriented architectures

TacticallyOptimizing backupConsolidation of servers and storageDisaster recovery and business continuityE-mail optimizationDatabase optimizationEnterprise application optimizationEnterprise content management applicationsService level management

Where the World is Going

70%The percentage of the

digital world that will be created by individuals

by 2010. But, it's organizations who will be responsible for its security, privacy and

compliance

Medical MarvelsBy Sunil Shah

peer to peer Manish Gupta


“Healthcare is a fragmented industry.

Not only are there so many hospitals, but no two doctors

think alike and data resides in silos.

There is no one view of the customer. The

electronic data record — the one place where all records of a patient

are maintained — is still a dream. "—Manish Gupta

CIO, Fortis Healthcare

It’s IronIc, the more medIcIne advances, the less the common man knows about the processes that run a hospital. How many realize the various systems that are in place to ensure that doctors and nurses get the right patient data at the right time? Does anyone realize how much information a hospital produces per patient? These were the questions, Manish Gupta, CIO for Fortis Healthcare asked his audience in a presentation titled ‘Getting Your Storage Pulse Right’.

The problem, he said, is that it’s getting harder to deal with the huge amount of data being produced everyday. But for a hospital, “it’s a business-driven fact of life. It’s driven by hospitals in their attempt to create better patient care,” he said. “Before, we used to have 16-slide CT scans, today we have 64. That’s a storage jump from 50 MB to 600 MB. Every step technology takes forward, data grows 10-fold. No one’s really concerned about the data we have to store for an X period.”

the Isolated WardIt doesn’t help that most hospital systems are siloed. It’s a problem that is reflective of the healthcare industry. “Healthcare is a fragmented industry. Not only are there so many hospitals, but no two doctors think alike and data resides in silos,” he said.

In an interview with CIO, Daljit Singh, president, strategy & organizational development, Fortis Healthcare said that over 85 percent of hospitals have an average of less than 30 beds.

Gupta’s presentation exemplified this fragmentation both outside and inside the hospital. He showed how with its various departments like radiology, etcetera, each hospital department was doing a great job — only they were doing it in isolation.“There is no one view of the customer. The electronic data record — the one place where all records of a patient are maintained — is still a dream,” Gupta said.

The Wall Street Journal, found that hospitals make most mistakes while moving patients from the operation theatre to their respective wards. These handovers need a patient’s history, their medication and specialized equipment. They need the seamlessness and accuracy that only an IT system can provide.

the dIgItal 'operatIon'Gupta pointed out that as patient care gets better, giving doctors access to vital information is getting harder. “The move is more and more towards the digital hospital,” says Gupta.

At the moment, Gupta deals with this problem by copying data into a central hub every fortnight. He has added data gateway and storage nodes at each site — be it a hospital or a test center — so that data can be cached locally. This gives data more resiliency, he said.

This also helps answer a second challenge: giving doctors quick access to 600 MB files. Take for example, CT scans. “As doctors access these records, they change them. They could put a note on it or draw a graph on it and I have to link these,” Gupta said.

But this only solves one part of the problem. “There has been much talk about transitional data,” Gupta explained. “But there’s a lot more persistent data in systems — data that needs to last for years.”

Finally, he pointed to another storage challenge. “The total cost of storage is always hard to explain. You won’t believe it, but when I tried to sell this to my management, I used a real estate argument. And that’s what clinched the deal. I could have spoken at length about data standardization but saving 1,000 sq ft of real estate is what did it.”

It seems, storage in the healthcare industry isn’t as easy a play as finding a pulse. CIO


PEER TO PEER Manish Guptha.indd 48 1/2/2008 4:41:02 PM

For laptop owners, flash-memory drives boost battery life and performance while making notebooks lighter and more bearable for frequent business travelers. In the data center, benefits include higher reliability than their magnetic counterparts, lower cooling requirements and better performance for applications that require random access such as e-mail servers.

So far, the biggest barriers to adopting solid-state drives (SSD) in the data center have been price and capacity. Hard disk drives (HDD) are much less expensive and hold much more information. For example, a server-based HDD costs just Rs 40 to Rs 80 per gigabyte, while SSDs cost from Rs 600 to Rs 3,600 per gigabyte, according to IDC.

By John Brandon

Coming to aData Centernear You

StateSoliD

Drives:Hard disk drives have always held fort when it comes to storage requirements. But once SSDs clear the cost and capacity hurdle, they will be the next best thing in data centers.

Reader ROI:

Why SSD’s are a viable option

How SSD’s solve throughput problems

Storage


Feature -Solid State Drives.indd 50 1/3/2008 12:56:26 PM

Capacities are just as disparate. The Samsung SSD drive only holds 64GB, although the company plans to release a new 128GB version next year. Meanwhile, Hitachi America makes a 1TB HDD that's energy efficient and priced at Rs 16,000 for mass deployment in servers.

Enterprise Strategy Group analyst Mark D. Peters explains that solid-state technology has been on the radar for years, but has not been a hit in terms of price and performance for corporate managers. That's about to change, he says, because the IOPS (input/output operations per second) benefits to SSDs are too impressive to ignore. Advantages include how SSD has no moving parts, lasts longer, runs faster and is more energy efficient than an HDD.

And prices are falling fast. Right now, the industry trend is a 40 percent to 50 percent drop in SSD pricing per year, according to Samsung.

The arrival of hybrid drives such as Samsung's ReadyDrives — which use both SSD and HDD technology — and SSD-only servers "suggests the time for SSD as a genuine — and growing — viable option is getting closer," says Peters. He was referring to a IBM announcement about BladeCenter servers that use a SSD.

"Price erosion, coupled with increased capacity points, will make SSDs an increasingly attractive alternative to HDDs" in data centers, agrees Jeff Janukowicz, an analyst at IDC in Framingham, Massachusetts.

Two examples of how SSDs solve persistent throughput problems for high-performance computing shows how SSD technology may make new inroads in corporations in 2008, some industry watchers believe.

Solid-state at the Stanford Linear Accelerator Center

At this research center, SSD is being used for some of the most data-intensive work going on today. The Stanford Linear Accelerator Center (SLAC) in Menlo Park, California, uses particle accelerators to study questions, including where anti-matter went in the early universe and what role neurexin and neuroligin proteins play in autism.

The amount of data is immense — in the petabytes — and the lab uses a cluster of 5,000 processor cores. Despite that, the discrete chunks of data that are requested and analyzed by several hundred researchers are highly granular — usually just 100 to 3,000 bytes of information. At the same time,

scientists tend to perform thousands of data requests, accessing a few million chunks of data per second.

Richard Mount, SLAC's director of computing, explains that the response time for these researchers' data requests is limited not by the number of processors or by the amount of network bandwidth, but rather by disk access time. "Flash memory is over a thousand times faster than disk" drive technology," says Mount. "Hard disks are limited to around 2,000 sparse or random accesses per second. When accessing thousand-byte chunks, this means that a disk can use only 1/50th of a gigabit-per-second network link and less than 1/100,000th of a typical computer center network switch capacity."

This limitation has translated into the need to make what the lab calls 'skim data sets'. In other words, pre-assembled collections of related data that at least one researcher has already requested. "There is no waiting for skim data sets that already exist, but if somebody wants one that does not already exist, then they normally have to wait for a skim production cycle that takes place once every four to six months," Mount says.

To help researchers receive data in a more ad hoc manner, flash storage may be just the thing. "We have no religious attachment to flash, but we can construct flash-based storage at a reasonable cost and around 25ms latency, and we are doing so."

SLAC has developed its own SSD-based system that is in the final debugging stages, Mount explains. "The first version of this will provide about 2TB of storage, but we can easily grow this to 5 or 10TB just by buying flash chips," though he reckons the scalability will require "more serious expenditure." At the 2TB level, it will serve as a test and development system only.

Eventually, the goal is to use SSD technology as a cache for all particle accelerator research, which

will allow scientists to access data at any time from any data store. "SSDs help the entire system run more efficiently by ensuring the I/O capability is in balance with the rest of the application system," adds IDC's Janukowicz. "The characteristics of flash-based SSDs make them a well-suited alternative for high-IOPS applications that are read intensive. SSDs have no rotational latency and have high random-read performance. Thus, with SSDs the time to access the data is consistent and very small regardless of where on the device the data is held."

Storage

40%The current rate

in the drop of SSD prices per year, according to Hard drive manufacturer,

Samsung.



Considering SSD at the Pacific Northwest National Laboratory

At the Pacific Northwest National Laboratory (PNNL) in Richland, Washington, solid-state technology could help alleviate a supercomputer bottleneck. At the lab, researchers run tests that sustain a write speed of 80Gbit/sec. and a read speed of 136Gbit/sec. Yet, one or two slow hard disk drives running at one quarter the speed of other disks causes performance to degrade quickly.

"Solid-state devices such as flash drives can use a RAID striping technique to achieve high streaming bandwidth — just like [hard] disk drives — while also maintaining very low latency for random access," says Robert Farber, a senior researcher at PNNL. "This is a very exciting combination."

The lab has not moved to solid-state technology yet. But Farber says the real debate is whether low-latency access for "seek-limited applications" — in other words, many requests for small amounts of data — can alleviate the pressure of computing bandwidth. It is not solely a price-per-gigabyte debate. "It remains to be seen how much of a price premium consumers will tolerate before robustness, power, storage capacity and physical space differences cause a mass departure from magnetic media," Farber says.

At the PNNL, the latency goal for its last supercomputer was 25Mbit/sec., per gigaflop of peak rate floating-point performance. This is mostly to be able to handle the data-

intensive nature of the NWChem scientific software calculations running. The lab's new environmental molecular sciences facility contains a new supercomputer with a theoretical peak floating point performance of 163 teraflops. And, like at the Stanford lab, disk speed is a critical part of the equation, so solid-state is the forerunner in solving the bottleneck.

One breakthrough Farber expects in the not-too-distant future: operating systems will change their memory hierarchy to directly access SSD, turning the technology into a hard drive replacement for mass storage.

Complementary — Not Replacement Tech

One question that remains: when will SSD really impact the corporate world? Some say SSD in the data center is just on the horizon, since laptops such as the Dell XPS M1330 uses a Samsung 64GB SSD. Alienware also offers a 64GB option in some of its desktop computers. And SSD is applicable across the commercial landscape; while researchers need the speed to study proteins, retailers may need or want faster POS transactions.

One company to watch in this space: Violin Memory in Iselin, New Jersey. The company's Terabyte-Scale Memory Appliance provides over 1Gbit/sec. access for sequential and random-access. SLAC's Mount says he tested a DRAM-based prototype appliance from Violin, and that its upcoming flash-based system "seems a good match for our applications."

A Violin spokesman explains that the two key bottlenecks in corporate computing are network speeds and IOPS for storage systems. Today, disks run at about 100Mbit/sec. for sequential operations, but only 1Mbit/sec. for random 4k blocks, he says.

"In some cases, there are minimal capacity requirements which are well suited for SSDs," Janukowicz adds. "Also, in high-performance applications, the IOPS metrics can favor SSDs over HDDs." However, even with all those benefits, he says that "IDC does not see SSDs completely replacing HDDs in servers. SSDs do offer performance advantages and are a 'green' solution'. However, there are many applications that require the capacity provided by HDDs."

Enterprise Strategy Group's Peters says that throughput requirements will lead to a gradual shift away from hard disk drives to solid-state technology, but it will take time in the corporate world. "Moving wholeheartedly from one technology to another is a rare thing within data centers," he says. CIO

John Brandon worked in IT management for 10 years before starting a full-

time writing career. Send feedback on this feature to [email protected]

Storage


The idea of using flash-based storage in a notebook isn't new. But the high cost of flash has prevented it from replacing hard-disk drives on mainstream notebook PCs, despite some advantages in power

consumption, shock resistance, and speed — until now.As prices continue to drop, flash-based solid-state drives (SSDs) have

become viable options for handling your notebook's primary storage needs. Moreover, today's roomiest SSDs have 32GB of memory, enough to do more than satisfy basic storage needs — making them competitive with 1.8-inch hard-disk drives, which range in capacity from 30GB to 80GB.

Are they worth the extra cost? In spite of price drops, SSDs cost Rs 16,000 to Rs 20,000 more than ordinary hard drives of the same capacity.

So how does SSD justify it's sticker price? With an SSD in your notebook, you'll see better system responsiveness, and a change in the way the system handles drive-intensive tasks such as reading data from the drive, coming out of standby, and booting up. If you tends to bump your laptop around a little and need performance boosts, the extra cost might be worth it.

—By Melissa J. Perenson

SSD verSuS HDD


StorageWoesin2008

Starting the discussion, Ramachandran said that nobody ever seemed to get fired for buying too much storage. So he asked whether 'when in doubt, buy more storage' was a good rule of thumb. is this a good yardstick — when in doubt, buy more storage? Khanna agreed with this argument because, if a business application goes down, then the organization is in trouble.

Subramaniam’s take was that one should look at having optimal amounts of storage. He said that, while organizations spend a lot of time in planning their networks, they don't necessarily give the same attention to detail when it comes to storage. He insisted that companies have to be careful about the information they store — like the data used by applications or e-mail attachments. Therefore, argued Subramaniam, companies should keep a constant eye on their current requirements coupled with

Information is the lifeline of every organization. This is definitely not a debatable issue. But, how an organization stores and manages this information is definitely worth a discussion. Which is why, a panel discussion at the CIO '08 event was titled 'Storage Woes in 2008'. The panelists

were Rajkumar Upadhyay, DGM - IT and BD, BSNL, Bangalore, Ajay Khanna, DGM and

Head IT, Eicher Motors, and V. Subramaniam, CIO, Otis Elevator. The panel was moderated by Vijay

Ramachandran, Editor-in-Chief, IDG.

Panel Discussion

in2008

StorageWoes


Going forward, efficient and secure storage could be the

big differentiator in the CIO league.

By Balaji NarasimhaN


the growth of information, and then come up with a strategy to implement storage.

Upadhyay, whose storage requirements grow at the rate of 4 GB per hour, said that, as long as BSNL had only landline connections, storage growth was not very high. But, when BSNL started offering mobile connections, a data deluge began as government regulations required it store customers data. However, the biggest problem with storage is interoperability, he said. Because of this, he prefered to deal with vendors who are SNIA-compliant.

Storage VoidRamachandran pointed out that research done by CIO revealed that most organizations have around 35-45 percent of storage that was either underutilized or non-utilized. What should the CIO do in a situation like this? Khanna said that this figure could be a lot higher if one were to look at the underutilized storage on individual PCs. He felt that one way to handle this is to probably come up with a technology solution that can collate all this unused space and then enable it to be used.

But, how can one even get an idea of space that is unused? According to Subramaniam, one should have a storage policy that defines what information should be stored on a desktop and what is stored on a centralized server. Information that is identified as an asset of the company has to be stored on the server in a protected form. This way, he said, not only is critical information protected, but both current and future storage requirements can be determined.

Upadhyay said that, in practice, servers have around 50 percent of unused storage and this is more critical than data stored on laptops and desktops because data that resides on server is critical to the organization. Also, the TCO for the SAN will come down only when server consolidation is done.

Catch 22If consolidation is important, should organizations move towards virtualization in order to optimize their storage? Khanna disagreed and said that he was not very gung-ho about virtualization because it has

its own costs associated with it. Upadhyay is pro-virtualization because he has managed to consolidate 13 area servers in Bangalore and has saved on the licenses for Oracle, real estate in terms of data center space occupied, electricity, and others. He said that he has also found virtualization to be useful when he is doing web hosting for customers. But, for his commercial application, he felt that consolidation and not virtualization is more the need of the hour.

Subramaniam, while adding to Upadhyay's comments, said that benefits of consolidation include centralized information, which implies that the information can be managed more efficiently. He felt that consolidation can also avoid duplication of information, and help an organization determine what it needs, besides making disaster recovery easier.

And the Debate Goes OnThe panel then looked at the issues pertaining to outsourcing storage. Subramaniam said that, in this case, you will be allowing a third-party to manage your data, and so the top priority would be to assess the credibility of the person who will be managing the outsourced storage.

While discussing the strategy for storage, Khanna cautioned that CIOs should also look at archiving as an important issue. He said that a lot of data can be moved to offline media, and this can improve performance. Agreeing with this, Upadhyay said that ILM (information lifecycle management) is useful here because it can be used to define data and how long it needs to be stored. But more than this, he felt that consolidation is important because you can then use data mining and business information tools to convert data into information. CIO

Balaj narasimhan is special correspondent. Send



Ajay Khanna DGM and Head IT, Eicher Motors

Rajkumar Upadhyay DGM - IT and BD, BSNL

V. SubramaniamCIO, Otis Elevator

Panel Discussion


A Look atSecurity

Index

59 | expert VIewStaying Secure to the CorePwC's Sivarama Krishnan on how Indian CIOs aren’t investing enough in monitoring and compliance for security.

60 | ColumnThe Human Element in IT SecurityYou have a security policy. Great. Now get the word out.

65 | FeatureThe End of InnocenceFive years ago, few knew how bad the security problem was. Now everyone knows. They just don’t know how to fix it.

74 | peer SpeakSecure or QuitDon't CIOs have enough on their plates without security worries? But then who is in charge of compliance?

Ill

us

tr

at

Ion

by

MM

sh

an

Ith


“Unfortunately, security spending is still focused on

technology. But security is not about technology alone. In fact, it is less about

technology and more about people

and processes. ”—Sivarama Krishnan

Executive Director, PricewaterhouseCoopers.

Enough with TechnologyBy Sunil Shah

ExpErt ViEw Sivarama Krishnan

CIO: Is there too much hype around security? Are CIOs suffering from security-fatigue?SIvarama KrIShnan: That’s partly true. Security has become paranoia. Maybe it is because security priorities are not set in relation to the size of impact. Let me give you an example: the security on a print and file server and SAP server is the same despite the fact that the importance of the latter is more.

What is the cost of this one-hammer-for-everything approach?

This impact is visible from the results of the CIO-PwC security survey. It’s clear that the level of satisfaction or safety-perception is decreasing despite increasing security spends. We spend so much money, time and effort in security but it’s probably not channeled in the right areas.

So where do you feel that CIOs should focus their spending?

Unfortunately, security spending is still focused on technology. But security is not about technology alone. In fact, it is less about technology and more about people and processes.

Having said that, the money that went into technology for security was needed. In the past, India needed those infrastructural barriers. Over the last five years, this infrastructure has been created, so now it is time for organizations to move towards creating security hygiene, creating discipline around security within the organization. This is a huge governance issue.

Are you saying that Indian CIOs have already spent enough in technology for security?

I think, relatively, they have spent enough. I’m not saying they have done enough spending, but that some of the spending should be focused on discipline and processes.

What about monitoring? Is enough happening in that space?

What does a tool do? A tool helps increase effectiveness. What has happened is that we have invested in technologies like proxies and firewalls, but we don’t use the information these technologies produce to increase effectiveness. This has to be improved.

You have been talking only about internal users and not so much about external threats. Why?

That’s because external threats are controllable by technology. And from an Indian perspective, external threats aren’t that high. Our online activities are far lower than much of the world.

We’ve also seen that quite a lot of threats don’t emanate from technology know-how of hackers — it’s more about a lack of awareness by users. Every year our survey returns with this fact: 65 percent of incidents are caused by internal users.

But surely enough has been said to caution users.

Users can’t be blamed entirely. Organizations help them make mistakes. Look at the number of passwords users are required to remember on a yearly basis – it’s about 15. And that’s only work related passwords. On a given day, users have to remember between 20 to 25 passwords.

In this paranoia of security we have created, we have created too much complexity. We have made it hard for our end users. Simplifying these password protocols will probably encourage users to employ stronger passwords. CIO



EXERPT VIEW Sivarama Krishnan.indd 59 1/3/2008 1:10:11 PM

The air express industry, like many other businesses, has rapidly transformed the way it serves customers over the past few years, through the aggressive and ingenious use of the

latest information technology. FedEx spends more than Rs 4,000 crore every year on IT. Frederick W. Smith, founder of FedEx, once said, "The information about the package is as important as the package itself."

But these advances come with a price: the need to protect the system from damaging viruses, accidental data breaches and even deliberate attacks. Breaches can often start in a very personal way — with friends over a cup of coffee, at a café where employees go with a work PC and surf the net or do personal e-mail. Most of us are familiar with the technology fixes that form one side of the picture, including firewalls, passwords and digital certificates. However, the policy that supports these is equally important.

It is becoming vital for any successful global business not only to have an excellent security policy in place, but also to ensure that the policy is prioritized and communicated in an efficient and meaningful way.

A Vital Protection ToolIn the last six months in the US, nearly 40 percent of firms surveyed by the Computing Technology Industry Association reported a major IT security breach. How many of these could have been prevented by considering the human element in the workplace? Many stemmed from the accidental loss of a laptop, Blackberry, or mobile device; employees using unsecured networks from home to conduct

The Human Element in IT Security You have a security policy. Great. Now it’s time to send the word out.

Linda Brigance AppLied insight


Ill

US

tr

at

IoN

bY

bIN

ES

H S

rE

ED

Ha

ra

N

Coloumn The Human Element in IT Security.indd 60 1/3/2008 1:10:54 PM

company business; or employees downloading unapproved software onto the company network. An effective security policy is, in short, a vital protection tool for any kind of enterprise.

The paradox is this: security policies often do not make it onto the management's radar screen until the organization has a major security incident. But the most effective policy is not one that is developed during a crisis, but rather, one that is developed, updated and communicated continuously after a systematic review of security needs.

The question then becomes, how are the best security policies developed? Large companies and those with the most at stake have put significant resources into this area. FedEx delivers more than 33 lakh packages each working day and the information that goes with them, and understands the significance of solid IT security — not only in the server room, but also in the boardroom.

Pathway to a PolicyIn a global corporation, a security policy is most effective when it is aligned with the company's business strategies at both the headquarters and regional level. Otherwise, issues such as varying risk tolerance levels among business units and cultural differences between the legal and business sides of the operation may arise. Security policies also need to be cost effective and be constantly communicated. Everyone in the company needs to be responsible for IT security — not just the IT department.

Legal ComplianceLook at areas where you are legally obliged to have security policies in place. Complying with the relevant laws will mean you have the right controls in place before you are audited or face any new cyber threats.

Prioritize InformationLook at the information used in critical decision-making by your organization and customers. Prioritize the information that is the most business-critical or sensitive. Obvious areas include updated financial information, customer data or company information that should be kept secure, like credit card information used for billing. Sensitive data or systems used by customers or vendors are also key.

Identify Weak LinksIdentify your company's weakest links. Policies that seem simple may often have significant consequences. One example might be how often we insist that passwords be changed. Bringing in the ‘White Hat Hackers’ to your

company can be useful to see what they can find out and assess where you are most vulnerable. They find weaknesses in all areas of the company, like naming conventions used for sensitive data or weak passwords that can be determined easily, to name a few examples.

Nominate EnforcersChoose the people who will own and enforce the policy. Crucially, they should include people from outside the IT department: legal, HR, audit and, of course, various user

groups. You need senior management buy-in to make it happen, and senior management needs to be educated on the importance of information security and the risks of not having a strong policy enforced.

At FedEx, our Enterprise Security Council serves this function. It is led by our US headquarters, with participation by regional representatives from around the world. This group continues to evaluate and expand our security policies to ensure that information is safely guarded at all times. These people also act as the liaison with other stakeholders in the organization to pre-test the policy.

Develop a Clear ProcessFinally, decide on a clear development process. One of the biggest mistakes companies make is that they try to do everything at once, without a grace period for transition, and without defining the resources they're willing to put in. Unreasonable deadlines and expectations only cause resistance. Policy review and update are a vital part of this development process — not a day goes by without new threats emerging, while old ones have yet to be dealt with. It is important to have policies circulated and understood at every level and in every division of the company, so that good security habits become routine and their importance is not questioned. People who own and understand good security policies are also the best weapon in promoting good corporate security. CIO

Linda Brigance is vice president and CIO for FedEx, asia Pacific. Send feedback on

this column to [email protected]

Linda Brigance AppLied insight


identify your company's weakest links. policies that seem simple may often have significant consequences. One example might be how often we insist that passwords be changed.

Coloumn The Human Element in IT Security.indd 61 1/3/2008 1:10:54 PM

Prasanna MeduriDirector Client Business, Microsoft IndiaDuring a 11 year tenure at Microsoft, Meduri has held different roles and recently he led the technology evangelism team. He heads the Windows client business group in Microsoft India and is responsible for the business and marketing strategy for the Windows product family. Prior to that, Meduri was based in Singapore where he built the vertical industries strategy for Microsoft. Here he speaks about securing access to data and cost saving.

Toward Secure MobilityVista can help your enterprise manage security and cost better.


SPECIal SECTION

In the future, securing mobile access to In the future, securing mobile access to data will be a major issue. What tools does data will be a major issue. What tools does Microsoft provide to ensure security to Microsoft provide to ensure security to mobile access to data?mobile access to data?A lot of tools are provided as part of Vista A lot of tools are provided as part of Vista and related offerings. For example, we have a feature called Windows Bitlocker drive encryption, which allows you to encrypt the entire file system on your laptop, and the encryption key can be either stored on the TPM chip-trusted party module, which a lot of laptops have. It can also be stored on an active directory in case you have a directory server running in your organization, or on a USB drive.

Today, if somebody loses a laptop, it is very easy to plug out the hard disc, boot it on another machine, run some diagnostic tools and get access to all the data. Laptop prices are coming down and the market is growing at 200 percent.

More and more companies are buying laptops for users. More than the asset itself, they are worried about data getting into wrong hands. The second part is that customers don’t want to spend too much on rolling out new offices, start branch offices, new locations and so on.

Now we have technology called Intelligent Application Gateway, which ensures that without having a VPN infrastructure, you can connect and have a tunneling into the corporate network with just the normal Internet connection. And all this with the complete level of security that VPN provides.

There is a lot of excitement in the IT community regarding this because all you need is a laptop and an Internet connection. We also have related

technologies as a part of WS 2008 and Vista. Say, you are roaming and you suddenly come back to the office and connect to the network, a health audit is done on your machine. Only if it passes the audit, will it be allowed to access corporate information. This feature is called Network Access Protection.

What is the kind of platform should What is the kind of platform should an organization have before it can an organization have before it can successfully adopt Windows Vista enabled successfully adopt Windows Vista enabled best practices?best practices?The biggest benefit in rolling out Vista is The biggest benefit in rolling out Vista is that you will get some savings. But when you couple those savings with helping your organization move from basic to standardized or standardized to rationalized, the upside on those benefits is much higher.

Let’s say a customer does not have a directory so there’s no mechanism for him or her to authenticate users connecting into the network. Or because he or she doesn’t have a directory, they have got a workgroup environment and every time an application is commissioned, he or she is actually building identity management into that application.

If you take identity management as one of the pillars, CIOs would build in a set of users into each individual application, which used to be a big overhead. One of the pillars here is identity and access management.

If you have an identity management solution in place, you can roll out the new application and that application should get authenticated users off the same central directory. You don’t need to create a separate set of logic and users for each of those individual applications.

How best CIOs can synergize people, How best CIOs can synergize people, process and technology in their process and technology in their enterprises while improving IT maturity to enterprises while improving IT maturity to gain better overall ROI?gain better overall ROI?A lot of companies use imaging technology A lot of companies use imaging technology to roll out an operating system in new software. What they do is they combine the operating system and office and all other applications into a package called the image and push that image on to a new PC which is being commissioned. The challenge that used to be there earlier was each type of PC, laptop or desktop, depending on your vendor, driver and all were unique to that particular machine. It was an independent image, so whenever you created it, you had

“The new technologies that we have around

application virtualization are really helping CIOs bring down the costs

while improving agility.”

to have one image for Lenovo laptop, one for Dell desktop, another for an Acer laptop and so on.

With Vista we have created imaging software that allows you to create a single image for the entire organization. In Infosys, they had three people working part time on imaging. Now they’ve brought that down to just one person. That’s saving. So when people move up the infrastructure optimization model, they see a reduction in the number of people required to do the same task. It means they free up their people to actually focus on the more long term strategic issues, not on firefighting and troubleshooting.

For a typical CIO, how critical are For a typical CIO, how critical are desktop technologies to the overall desktop technologies to the overall enterprise IT environment? enterprise IT environment? In companies today, people are spending In companies today, people are spending more and more time on their PCs. Five more and more time on their PCs. Five years ago, you hardly got any mail, today an average user gets about hundred mails a day. People are working for eight hours on their PCs, and problem on the PC directly impacts the productivity of the people. Desktop deployment technologies are critical.

When a new person joins the company, how quickly does the person have access to my training network, my training resources and the critical applications that he needs to

work on. Earlier it would have taken many days to allow him to do that. Now, day one he gets a laptop, he’s got a smartcard and he’s got access to the entire network. His productivity starts kicking in straightaway.

A lot of new interesting stuff, specially in the area of application virtualization, where there is a lot of cost involved. Today the procurement cost of a PC is only 30 percent of the cost of a license, there are a lot of hidden costs associated with support, application migration, testing, productivity downtime etcetera.

So new technologies that we have around application virtualizations are really helping CIOs bring down those costs while improving agility. In this environment, the applications

are not sitting on the desktop, it also helps in updated version of the applications, the next time the user logs in, he gets the updated application.

A robust desktop platform enables us to combine online services in a very efficient way and delivers efficiency in the employees also. So it is a combination of what resides on the server with what resides on the desktop. A robust platform enables us to combine all the abilities into one productivity leap.

How does Microsoft’s Softgrid take care of How does Microsoft’s Softgrid take care of security vulnerabilities?security vulnerabilities?It allows you a very tight control over your It allows you a very tight control over your entire application environment. I wouldn’t entire application environment. I wouldn’t say just Softgrid, but coupled with certain say just Softgrid, but coupled with certain other technology like having a directory in place. Having something like Vista at the desktop side really helps you jack up security considerably. As an example, one logs in and works on some application. Then some data of that application would be stored in registry or cash, which some other user on the same machine could use to gain access to a particular application.

Softgrid logs on just one user, so every user sees only icons and applications related to his particular work environment. When he logs off, all those applications disappear, there is no data stored, the second user sees no sign of what the first user left behind.

Basic No centralized enterprise directory No automated patch management Anti-malware not centrally managed Message security for e-mail only No secure coding practices in place

Cost to IT: Rs 52,800/PC

StandardizedUsing enterprise directory for authentication Automated patch management tools deployed Anti-malware is managed centrally Unified message security in place


RationalizedIntegrated directory services, PKI in place Formal patch management process Defense in depth threat protection Security extended to remote and mobile workforce


DynamicFull identity lifecycle management. ID Federation, Rights Mgt Services in use Metrics driven update process Client quarantine and access policy enforcement

Core Infrastructure Optimization

SPECIal SECTION

21%Fewer support calls were made for Microsoft Vista in its first 180 days in

operation in comparison to Microsoft XP.

Should CIOs view security differently?Should CIOs view security differently?As the accessibility to computing power has As the accessibility to computing power has increased and become more complex than increased and become more complex than before, the IT environment has also become before, the IT environment has also become equally complex. The IT environment is now so equally complex. The IT environment is now so dynamic that CIOs can never say that security is a ‘solved’ problem. The only certainty in front of CIOs is that security threats will continue to grow and they will need to find new and better ways to ensure immunity.

To do that, they will need to put a comprehensive risk management strategy in place that limits the impact of threats, improves business resilience and creates an enterprise free of fear.

How does the CIO find the sweet spot between How does the CIO find the sweet spot between security and productivity?security and productivity?CIOs needs to understand the trade-offs CIOs needs to understand the trade-offs between security and organizational impact between security and organizational impact when implementing security policies. The key is when implementing security policies. The key is to involve the line of business in discussions and understand the potential impact, if any, early in the game.

The ROI on security spending needs to take into account any possible productivity impact. A coordinated business-IT effort will ensure that security implementations do not hamper productivity but serve to

enhance it by ensuring no disruptions due to security breaches.

Security is a brand issue. Should management Security is a brand issue. Should management be paying more attention?be paying more attention?IT security is important to enterprises, IT security is important to enterprises, regardless of size or type of businesses that regardless of size or type of businesses that they are in. The damages that can result due to they are in. The damages that can result due to breaches in security, loss of financial data and IP cannot be emphasized more. The extent of consequences includes not only brand damage but also law suits, financial losses, etcetera.

You say a focused approach is necessary for You say a focused approach is necessary for managing security. Can you elaborate?managing security. Can you elaborate?When implementing security solutions, CIO When implementing security solutions, CIO should move away from merely looking at point should move away from merely looking at point products that addresses a particular area of products that addresses a particular area of security. They should have a holistic view. They should consider the overall control systems to be put in place, ensure that new implementations can be integrated into the existing infrastructure to avoid siloed products. This is especially true when helping the enterprise grow in a new area of business.

Can you tell us about IBM's security model?Can you tell us about IBM's security model?IBM sees IT security changing as more IBM sees IT security changing as more collaborative business models appear, more collaborative business models appear, more

sophisticated criminal attacks occur, and increasingly complex infrastructures emerge. Today's wide array of security technologies — implemented tactically in silos — is not sufficient to deal with the new reality of risk. IBM's approach is to strategically manage risk end-to-end across all five domains of IT security, namely: information security, threat and vulnerability, application security, identity and access management and physical security.

The IBM security model looks at security from four key areas of: assess, defend, access and monitor. Key to implementing this model is the use of the IBM Security Framework, which looks at these areas from the perspective of the five domains mentioned above.

Deep industry expertiseProven methodologies and best practicesThousands of customer projects Industry-leading technologies and solutions in key focus areasSecurity governance, risk and compliance

Identity and accessInformation securityApplication securityThreat and vulnerability management and monitoringPhysical securityIndustry’s most extensive ecosystem and partner network

Why IBM?

Teo Choo SiongSecurity & Privacy Services Product Manager, Global Technology Services, Asia Pacific, IBMSiong helps manage and execute business through a pan-AP team, driving contracts and projects in security and privacy services with leaders in India, China, Korea, Australia and all ASEAN countries. Prior to this, he has performed many pan-Asia Pacific, pan-Asean and Singapore roles within a period of 13 years at IBM. In his last role, he was product portfolio manager for ITS Asia Pacific where he managed the overall portfolio of services.

Security is EverythingAnd its such a complex issue that it can never be 'solved'.


SPECIal SECTION

“CIOs should move away from merely looking

at point products that address a particular

area of security.”

For the fifth straight year, CIO, CSO and PricewaterhouseCoopers (PWC) present select results and analysis from the "Global State of Information Security" survey, the world's largest, most comprehensive annual information security survey.

And the first question is: are you feeling anxious?Are you feeling the disquiet that comes from knowing there's

no reason why your company can't be the next TJX? The angst of knowing that these modern plagues will keep coming at you no matter how much time and money you spend trying to stop them? The chill that comes from knowing how much you don't know?

Yeah, you're feeling it.You're feeling it because you're seeing it. According to the

2007 survey, a comprehensive canvassing of 7,200 respondents on six continents, you see the information security problem more clearly than ever before. You're seeing it because you've created tools and systems in order to see it. For example:

You've added processes. Three years ago, only 37 percent of companies reported having an overall security strategy. This

year, 57 percent did. Also, nearly four out of five companies conducted enterprise risk assessments, at least periodically.

You've deployed technology. Nine out of 10 respondents said they use firewalls, monitor users and rely on intrusion detection infrastructure, and that number approached 98 percent when responses were limited to larger companies (more than Rs 4,000 in revenue). Encryption is at an all-time high, with 72 percent reporting some use of it (compared to 48 percent last year).

You've hired people. The number of CISOs and CSOs employed continues to rise. And the mean number of information security workers per company has topped 100, most likely due to more outsourcing and the use of contract employees.

You've crafted an infrastructure for understanding. You're seeing it, and that's why you're feeling it. You're undergoing a shift from a somewhat blissful ignorance of the serious flaws in computer security to a largely depressing knowledge of them.

Awareness may be at an all-time high, but awareness doesn't equal improvement. The sad fact is that the strides made to date have not crossed the threshold from seeing to fixing.

Awareness of the problematic nature of information security is approaching an all-time high. Out of every IT dollar spent, 15 cents goes to security. Security staff is being hired at an increasing rate. Surprisingly, however, enterprise security isn't improving.

InnocenceThe End of

The FifthAnnual Global

State of InformationSecurity

By Scott Berinato

Five years ago, when CIO and PricewaterhouseCoopers collaborated on the first Global State of Information Security survey very few people knew how bad the problem was. Now everyone knows. They just don’t know how to fix it.


Global Information Security

Feature - The End of Innocence.indd 65 1/3/2008 1:12:45 PM


"That next level of maturity has not been reached," says Mark Lobel, a principal with PwC's advisory services. "We have the technology but still don't have our hands around what's important and what we should be monitoring and protecting. Where's that console that says, 'Hey, credit card numbers are crossing the firewall and this is a PCI issue that has a real business impact?'"

"I See," Said the Blind ManFive years ago, 36 percent of respondents to the Global State of Information Security survey reported that they had suffered zero security incidents. This year, that number was down to 22 percent.

Does this mean there are more incidents? We don't think so. We believe it simply means that more companies are aware of the incidents that they've always suffered but into which, until recently, they had no visibility. Those once inexplicable network outages are now known to be security incidents. Perhaps a spam outbreak wasn't considered a security incident before, but now that it can deliver malware, it is. Awareness is higher, and that's because companies have spent the past five years building an infrastructure that creates visibility into their security posture.

We've Seen the Enemy; It's YouThis year marks the first time 'employees' beat out 'hackers' as the most likely source of a security incident. Executives in the security field, with the most visibility into incidents, were even more likely to name employees as the source.

Have employees suddenly turned more malicious? Are inside jobs suddenly more fashionable and productive than they used to be? Probably not. Most security experts will tell you that the insider threat is relatively constant and is usually bigger than its victims suspect. None of us wants to think we've hired an untrustworthy person.

This spike in assigning the blame for breaches and attacks to employees is probably more like the dip in companies that report zero incidents — a reflection of awareness, of managers' ability to recognize what was always there but what they couldn't previously determine.

"What's happening is we're doing a better job with logging and understanding situations," says Ron Woerner, former information security manager at ConAgra Foods, now security engineering consultant at TD Ameritrade. "For a while, I think, ignorance was bliss. Now, with all the technology in place, we're learning that we all have the same problems."

Here's how building a security infrastructure can lead to more employees named as culprits in security incidents: A CISO is hired. He has the tools to investigate internal network anomalies and the authority to ask business unit leaders to provide him with information for an investigation. His deployment of user-monitoring tools helps him identify insider threats. Then he centralizes security information management software that automatically detects anomalous network behavior. Then maybe he adds a periodic risk assessment process (another trend on the rise, according to the survey), and suddenly his office is finding previously unknown vulnerabilities being exploited. Perhaps he adds an anonymous e-mail/hotline function for whistle-blowers. With all of this and more in place, a company has increased its odds of detecting security incidents.

But here's an odd paradox: despite the massive buildup of people, process and technology during the past five years, and fewer people reporting zero incidents, 40 percent of respondents didn't know how many incidents they've suffered, up from 29 percent last year.

The rate of 'Don't know' for the type of incident and the primary method used to attack also spiked.

PeoPle: You have a... CSO 21% 28% 13%CISO 22% 32% 17%CPO 16% 22% 14%

Processes: You have... An overall security strategy 37% 57% 13%A baseline for customers/partners 25% 42% 10%Centralized SIM 34% 44% 11%

TechnologY: You dePloY... Firewalls 77% 93% 15%Encryption 43% 72% 25%IDS/A-V/other detection* 57% 90% 28%Data backup 78% 82% 14%User security/ID management* 73% 89% 33%IPS/filters* 44% 83% 22%Internet security* 31% 70% 14%

2006 2007

PrIorITY For 2008

* Before 2007, these categories were not consolidated. The percentage listed is the highest percentage given for one of the subcategories now

consolidated into the new category.

Baseline deployment of people, process and technology continues to rise steadily, sometimes dramatically. Among those companies that don't have these techniques in place, the priority for adding it is remarkably low, indicating that most people who think they need these things now have them.

The Infrastructure Is in Place

likely sources of Incidents

securITY execuTIves

onlY2006 2007

Who aTTacked us?

Employee/former employee 51% 69% 84%Hacker 54% 41% 40%

Recognition of the insider threat is a sign that awareness is increasing, largely due to the controls that have been put in place over the past five years.


What You Don't Know...Could Fill VolumesIt doesn't bode well that after years of buying and installing systems and processes to improve security, close to half of the respondents didn't have a clue as to what was going on in their own enterprises. But when close to a third of CSOs and CISOs, who presumably should have the most insight into security incidents, said they don't know how many incidents they've suffered or how these incidents occurred, that's even worse.

The truth is, systems, processes, tools, hardware and software, and even knowledge and understanding only get you so far. As Woerner puts it, "When you gain visibility, you see that you can't see all the potential problems. You see that maybe you were spending money securing the wrong things. You see that a good employee with good intentions who wants to take work home can become a security incident when he loses his laptop or puts data on his home computer. There's so much out there, it's overwhelming."

Woerner and others believe that the security discipline has so far been skewed toward technology — firewalls, ID management, intrusion detection — instead of risk analysis and proactive

intelligence gathering. If most of the investment has been put into technology, most of the return will come from there too. The tools will do their job. They will tell you what's happening and block the most ham-fisted attacks. But technology is largely reactive. It provides alarms and ex post facto reports of anomalies. Intrusion detection, for example, is not terribly effective at threat intelligence — understanding the nature of vulnerabilities before they affect you. All IDS boxes know is that some preset rule has been broken. Think of a glass break sensor on a window at a museum. That piece of technology is extremely effective

at telling you that someone broke the window; it does nothing to explain how and why a painting was stolen, nor can it help you prevent the next window from being broken and the next painting from being snatched.

Furthermore, even a cursory look at security t r e n d s de m o n st r at e s that adversaries, be they disgruntled employees or hackers, have far more sophisticated tools than the ones that have been put in place to stop them. Anti-forensics. Mass distribution of malware through compromised websites. B o t n e t s . Ke yl o gge r s . Companies may have spent the past five years building up their security infrastructure, but so have the bad guys. Awareness includes a new level of understanding of how little you know about how the bad guys operate. As arms races go, the bad guys are way ahead.

I dunno

2006 2007 2007

cso/cIso

Number of incidents 29% 40% 29%Type of attack 26% 45% 32%Primary method used 26% 33% 20%

Increasingly, those involved in information security reply 'Don't know' when asked about the number and nature of security incidents.

After five years of conducting the survey, we have noted some critical trends in information security. We've also uncovered

non-trends: numbers that remain so constant and predictable that we can now call them conventional wisdom. Here, then, are five pieces of wisdom that never seem to change.Spending lags. CIos are always about 10 percent happier with security policy's alignment with the business than CIos are with security spending's alignment. over the years, 85 percent of CIos have said that their security policies are completely or somewhat aligned with the business, while just 75 percent said that about spending. After all, who doesn't want more money?Partners too. You're more confident in your own security than that of your partners, suppliers and vendors. once again, 80 to 85 percent of CIos were either very or somewhat confident in their security, but when asked about partners and vendors, the number dropped to between 70 percent and 75 percent.

Few are cocky. About one in 12 of you think very highly of yourselves. Since 2003, the number of respondents who claimed 100 percent of their users were in compliance with their security policies hovers around 8 percent.Size doesn't matter. Company size does not affect spending. When the information security budget is measured as a percentage of the IT budget, it remains constant no matter how many employees a company has or what its revenues are. Size of company matters less in security spending than in industry. Technology companies spend the most; non-profits and educational enterprises spend the least.Banks lead. Financial services companies are attacked more but suffer less. over the years, respondents in the money business have reported more security incidents without an appreciable increase in losses or downtime as a result. They do this despite not having significantly larger security budgets than others.

— By Scott Berinato

Five truths have emerged from five years of the Global State of Information Security survey.

Conventional Wisdom



Why You Have toChange Your StrategyWhat can be done about all this? Be strategic. Security investment must shift from the technology-heavy, tactical operation it has been to date to an intelligence-centric, risk analysis and mitigation philosophy.

Information and security executives should, for example, be putting their rupees into industry information sharing. "Collaboration is key," says Woerner. They should invest in security research and technical staff that can capture and dissect malware, and they should troll the Internet underground for the latest trends and leads. Dozens of security companies do just this and provide subscriptions to research services.

"We have to start addressing the human element of information security, not just the technological one," says Woerner. It's only then that companies will stop being punching bags. Only then will they be able to hit back.

IT Strikes BackSpeaking of striking back, the 2007 security survey shows a remarkable (some might say troubling) trend.

The IT department wants to control security again.In the first year of collaboration on this survey, CIO, CSO and PwC

noted that the more confident a company was in its security, the less likely that company's security group reported to IT. Those companies also spent more on security.

The reason CIO and CSO have always advocated for the separation of IT and security is the classic fox-in-the-henhouse problem. To wit, if the CIO controls both a major project dedicated to the innovative use

of IT and the security of that project — which might slow down the project and add to its cost — he's got a serious conflict of interest. In the 2003 survey, one CISO said that conflict "is just too much to overcome. Having the CISO report to IT, it's a death blow."

And every year after that, the trend was for the security function to gain increasing autonomy. More security executive positions were created. More decision-making power was shifted to security. And more security groups reported to functions outside of IT, including the legal department, the risk

department and, most significantly, the CEO. The trend was even more pronounced at large companies. In 2007, this trend didn't slow down; it flipped. What's more, the reversal was most pronounced in the largest companies. For example, respondents chose from 12 possible functions to which their CISO could report. Those 12 functions were divided into three categories:

1. IT (CIO, CTO) 2. Neutral (board, CEO, CFO, COO, legal) 3. Security (CSO, risk, security committee, CPO, audit)To allow respondents to select more than one of these answers,

we created 'shares' — the percentage of respondents with some reporting relationship to one of these three categories. Here are the results.

A 12 percent rise in the number of security executives reporting to IT is hugely significant. And when you slice that by large companies, it's a 19 percent rise. Notice, too, that bigger companies show fewer information security executives reporting to neutral functions.

M. Eric Johnson, an economist who specializes in information security issues at Dartmouth College, says, "We actually analyzed the org charts, and the solid-line relationships are going back to IT and the CIO. CISOs have gobs of dotted line relationships, but IT is dominating reporting structures and the budgets."

Indeed, the trend is even more pronounced when you follow the money trail.

Another hallmark of an evolved security function is its convergence with physical security, usually under a CSO. This makes sense both for operational efficiency and because threats are becoming more converged. Access control is a classic example of convergence paying dividends. By combining building access and network access in one system, you save money, improve efficiency and create a single view into both physical threats (illegal entry) and digital ones (illegal network access).

And for four years, convergence of physical and IT security steadily increased.

Until this year.

reporting to IT

security dollars come from IT

2006 2007

2007 (>$1B revenue)

IT 41% 53% 60%Neutral 76% 79% 68%Security 44% 46% 48%

Respondents have some reporting relationships to the following:

Funding for information security comes from (could check more than one)

FI FInancecoMPlIance/reg.

IT IT

rIsklegal

MarkeTInghr

70%

60%

50%

40%

30%

20%

10%

02005 2006 2007



Privacy Best Practices

We need to Be But are not in compliance With

What Boss Thinks; What You knowCEOs seem to think their enterprises are a lot more secure (and their employees more reliable) than CIOs and security leaders do. Conversely, CIOs and security leaders are a lot more optimistic about their budgets than are their CEOs.

ceo cIo cIsco/cso

InFosec dIr.

eMPloY cPo

seParaTe PrIvacY & securITY

seParaTe securITY

gov. & oPs.

classIFY daTa BY

rIsk

InFosec BudgeT

as % oF IT BudgeT

do noT conducT

rIsk assessMenT

BudgeT WIll rIse

More Than 10% In '07

> 1 daY doWnTIMe

ceo cIo

cIsco/cso InFosec dIr.

Again, CEOs are far more confident than their CIOs and security execs that their enterprises are compliant. Either the CEOs are clueless, or the people who should know aren't telling.

More data points to ponder from the Global State of Information Security survey.State of Information Security survey.State of Information Security

And Furthermore...

"Uh, Boss? Can We Talk?"Are security and IT communicating enough with the CEO? By comparing their answers, one finds some startling disconnects.

More on PrivacyWhile 60 percent of survey respondents posted privacy policies internally, only 24 percent posted policies on their external websites. Only 28 percent audited their privacy standards through a third party. Sounds like a cover-your-butt ploy; after all, if you don't have a policy posted, you can't be sued for violating or not living up to it. And if you haven't had your privacy audited, you don't have to fix all the problems an audit would find.

Region of RiskOne of the areas of the world where the focus on information security has intensified is Latin America, specifically Brazil and Mexico. Researchers and law enforcement believe that cultural differences in acceptance of less-secure online transaction methods and fewer controls and regulations on banking activity have made the region the banking center of choice for the Internet criminal underground. Here are some select findings.

Who Wants to Know?

Privacy — Better, But...Perhaps because of the sheer number of incidents involving privacy breaches, companies have improved their privacy practices. They are increasingly separating privacy from security and also separating security governance from tactical security. That means, for example, the people deploying monitoring tools aren't the ones setting the usage policy for those tools. But more work needs to be done. Some of the key steps to ensuring data privacy — encrypting databases, classifying data by risk level — haven't become standard practice. The industry least likely to have adopted privacy practices is technology. A privacy leader? Consumer banking.

We've had fewer than 10security incidents 74% 65% 53%We've had an unknownnumber of incidents 18% 25% 28%An employee or former employeewas the source of the incident 44% 71% 83%We do not conduct enterpriserisk assessments 31% 21% 13%Security spending will increase in '07 41% 53% 57%Spending will stay the same 41% 32% 28%

Overall 22% 54% 66% 70%> $1B revenue 30% 66% 58% 79%

Financial services 33% 64% 60% 80%Consumer financial 41% 69% 55% 90%Retail 14% 51% 66% 58%Health insurance 53% 73% 49% 81%Healthcare provider 49% 72% 65% 64%Technology 22% 49% 72% 77%

Overall 15% 23% 20% 8%U.S. and Canada 12% 19% 16% 7%South America 19% 36% 30% 15%Brazil 16% 43% 29% 21%Mexico 21% 33% 28% 13%China 19% 32% 26% 13%India 21% 17% 33% 9%

HIPAA 9% 14% 27%Sarbanes-Oxley 9% 20% 32%State privacy breach laws 10% 12% 21%

Respondents who do not keep an accurate inventory of user data: 69%Respondents who do not keep anaccurate inventory of wheredata is stored: 67%

Vol/3 | ISSUE/04Vol/3 | ISSUE/047 27 2 J a n u a r y 1 , 2 0 0 8 J a n u a r y 1 , 2 0 0 8 || REAL CIO WORLDREAL CIO WORLD


Who's in Charge?Signs of IT's control and influence are peppered throughout the survey results. For example, when asked what security guidelines their companies followed, respondents were far more likely — in some cases two or three times more likely — to cite more general IT guidelines like ITIL than security-specific ones like SAS 70 and various ISO security standards.

What's going on here? Johnson has one theory: "Security seems to be following a trajectory similar to the quality movement 20 or 30 years ago, only with security it's happening much faster. During the quality movement, everyone created VPs of quality. They got CEO reporting status. But then in 10 years the position was gone or it was buried."

In the case of the quality movement, Johnson says, that may have been partly because quality became ingrained, a corporate value, and it didn't need a separate executive. But the evidence in the survey suggests that security is neither ingrained nor valued. It's not even clear companies know where to put security, which would explain the 'gobs of dotted line' reporting structures.

That brings us to another theory: organizational politics. What if separating security from IT were creating checks on software development (not a bad thing, from a security standpoint)? What if all this security awareness the survey has indicated actually exposed the typical IT department's insecure practices?

One way for IT to respond would be to attempt to defang security. Keep its enemy close. Pull the function back to where it can be better controlled.

"What I hear from CIOs," says Johnson, "is at the end of the day they're responsible for failures anyway. They're on the line whether security is separate or not." Why wouldn't the CIO want to control something he's ultimately responsible for?

On the other hand, maybe security was never as separate as it seemed. Companies created CISO-type positions but never gave them authority. "I continually see security people put in the position of fall guy," says Woerner of TD Ameritrade. "Maybe some of that separation was, subconsciously, creating a group to take the hit." Woerner also believes that the trend of the security budget folding into the IT department could be a direct result of security auditing that focuses primarily on infrastructure. That is, when auditors look at information security weaknesses, they recommend technological fixes. And IT buys the technology. Why should IT be charged for another department's expenses?

Whatever the reason, the trend is disturbing to some security professionals, especially at a time when they play an ever more central role in corporate crises, and in society in general.

The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet

to remain the juggernaut of commerce and productivity it has become will require more, not less, input from security.

But right when the best and brightest security minds are needed most, they're being valued less. CIO

Scott Berinato is executive editor of CSO. Send feedback on this feature to [email protected]

Physical and Information Security Converge, Then DivergeInformation and physical security are separate.

Information and physical security report to the same executive leader

2003 71% na2004 50% na2005 47% na2006 25% 36%2007 46% 55%

2003 11% na2004 26% 22%2005 31% 24%2006 40% 33%2007 34% 27%

overall

overall

revenue $1B or More

revenue $1B or More

Respondents that do not integrate physical and information security personnel: 69%Of those, percent with no plans to integrate personnel: 80%

Methodology The Global

State of Information Security

2007 survey, a worldwide study by 2007 survey, a worldwide study by 2007

CIo, CSo and Pricewaterhouse-

Coopers, was conducted online

from March 6 through May 4, 2007.

Readers of CIo and CSo and clients o and clients o

of PricewaterhouseCoopers from

around the globe were invited via

e-mail to take the survey. The results

shown in this report are based on the

responses of 7,200 CEos, CFos, CIos,

CSos, VPs and directors of IT and IS,

and security and IT professionals

from over 100 countries and with

498 respondents from India. Thirty-

six percent of the respondents were

from North America, followed by

Europe (28%), Asia (23%) and South

America (12%). The margin of error

for this study is +/- 1%.



Vijay Ramachandran, editor-in-chief, IDG Media, asked a panel of three CIOs at CIO’s Year Ahead Program. He asked Anwer Bagdadi, Sr. VP and CTO, CFC India Services, Amit Kumar, Group CIO, Max New York Life and Max Healthcare and Shirish Gariba, CIO, Elbee Express: do CIOs have enough on their hands, without having to worry about the challenges of organizational security?Everybody acknowledged that CIOs have a lot to handle, but Bagdadi pointed out, “We must understand that its not an issue of one against another but its an issue of what is your market position or competitiveness is, how regulatory your industry is. These factors are important when you take a stance on security.” CFC India Services has a separate security head who doesn’t report to the CIO, he reports only to the board and he is responsible for every aspect of security, Bagdadi said.

However, he said that concept is not accepted in India. To this Ramachandran asked: do CIOs think

Panel Discussion


By KaniKa Goswami

Don't CIOs have enough on their plates, without worrying about organizational security? But then who is in charge of compliance?

QuitSecureSecure

orQuitInformation security is no longer about technology. With time it has assumed an increasingly strategic role. CIOs have more than enough on their plates, organizational security is another field they have to answer for. Given the rapidly advancing scope of IT applications: can a CIO handle anything more and stay competent?


having security responsibility that resides with a CSO works better? And is it time a CSO role emerged in India?Gariba clarified that though his organization currently did not have a CSO role, he, and some CIOs in the audience were in favor of this. They said that security is a business enabler and a risk management tool, and it should be given to experts, not left to CIOs. “It is not a technology conversation so it is best left to a security expert and he should not report to a CIO. It should be a peer position or security will be compromised,” Gariba said.

Kumar from Max, offered a different viewpoint on the issue of having a separate CSO role. He said it depended on the maturity level of the organization. “Organizations come in two types: mature ones which understand information security, right from the CIO level, and those that do not understand it. Having a separate CSO make sense for the first type. For the other half, they cannot handle a separate CSO role and that’s where CIOs should be responsible to ensure that compliance does not fail.”

But is the CIO actually qualified to handle security? Can it be buried in the list of a CIO’s KRA?

From the audience, Ashwini Kumar, DGM-IT, Ircon International said that CIOs do need information on security, despite a separate CSO function since it requires experience in IT to build anything securely.

Avinash Arora, director-IS, New Holland Tractors India, had a clear view on this. “CIOs should be involved in in IT security and its processes. Only when an organization has matured enough can we leave it to a CSO.” He also said that a CSO function should actually report to the CIO, only because technology is so much a forte of a CIO, the final decisions on IT should always be left to them.

The discussion then turned to compliance: with the increasing presence of regulatory controls, is it wise to separate this role?

The RoadmapKumar helped lay down a roadmap for security implementation. He talked about the various activities to ensure security, starting with making policies on security assurance, creating awareness and, of course, security audit. “The quality of any organization is

inbuilt into development and other processes as well, yet companies still have a quality control department. The CSO can decide high-level policies, put together a development department, get legal perspectives, ensure training programs, and also do audits. Then the implementation part can be performed.”

The kind of tools to be used have to be decided by the CIO. As also how these tools are to be monitored, checked, controlled and justified. The CIO should also point out to the CSO the failings of the process, the hurdles and issues, and ask for solutions.

Here Arun Gupta, CCA and CTO of Shopper’s Stop felt, “Internal audits continue to report to CFO, even after so many years. In the same way I can see the role of the CSO also being split over a period of time. I guess it’s a matter of the maturity of the organization and the ability of the CIO to detach from this role and say that he should be more of a facilitator. I guess a lot of organizations are beginning to make this change.”

Is this the way forward? CSOs being the policy face and CIOs being the implementation face of security? Bagdadi had specific views on this: “The role is clear. The security chief role is not a technologist, it’s more of a business interfacing or risk management role.”

He insisted that there are multiple matrices to be taken into account, including geographies, business areas, technology, people and regulations, “Security technology can be a very specific area, and you can choose people who specialize in it. The key in all this is to focus on the kind of position that the company enjoys, and not personal opinions of the CIO,” he said.

But what if there are oversight issues ? Gariba felt that security oversights get highlighted more if they are not buried under the IT label, and besides, security budgets typically do not warrant too much spending. “If it is a separate function by itself, reporting to the board, it will be noticed and that will make sense. In addition, in terms of budget approvals, security is the last on the list, it gets hardly three to four percent.” More importantly, if security is not highlighted separately, the IT team itself, he added, will shove problems under the carpet and pretend nothing’s wrong. CIO

Kanika Goswami is special correspondent. Send feedback

to [email protected]

Panel Discussion


Amit KumarGroup CIO, Max New York Life and

Max Healthcare

Anwer BagdadiSr. VP & CTO, CFC India Services

Shirish GaribaCIO, Elbee Express



Index

73 | expert VIewFuture Proofing IT InfrastructureIT needs to be more aligned with business strategies in 2008.

74 | ColumnCarrier Ethernet Grows upEthernet, a low priority a few years ago, now corners a lot of CIO mindspace.

87 | FeatureFive Predictions for the Year Ahead2007 was the year of BI vendor mega mergers. How will that affect you in 2008?

Ill

us

tr

at

Ion

by

pc

an

oo

p

InfrastructureA Look at

Future ProofingIT InfrastructureBy KANIKA GOSWAMI

ExpErt ViEw Vikas Agarwal

“On one end of the spectrum are

organizations, who traditionally, are

early and aggressive adopters of

technology, the other end is occupied by those which adopt

technology only when compelled by

market forces. "—Vikas Agarwal

Principal Consultant, PriceWaterhouseCoopers


CIO: What role can IT play in securing the future of the organization, in terms of business?VIkas agarwal: IT’s value proposition is so firmly established and so well demonstrated that it can safely be said that business, today, can not survive without it. IT services, built with a clear vision of business outcomes and aligned with business requirements, act as enablers. They help in gaining the competitive advantage and contribute tremendously to growth opportunities.

IT has redefined the speed to market and can be an effective tool to improve efficiency and productivity. It has redefined the way businesses are conducted by enabling offshoring, real time monitoring of business performance and also, by adding new avenues and levels of customer services.

You talked about the importance of IT infrastructure as beyond just technology. Could you elaborate?

It comprises of whatever it takes to deliver ‘business focused’ IT services. Typically, out of the total IT spend of an organization, infrastructure would account for 40 to 50 percent.

IT Infrastructure comprises of technology and non-technology components. Technology includes the hardware, the software, third party services, networking infrastructure and the accommodation for all this. But equally critical are people, processes and documentation. People would include the roles, the skills required and organizational structure. Process includes the standards and guidelines that define the lifecycle of infrastructure. Do you think the way forward will be with tried and tested technologies or emerging technologies?

While business may demand deployment of new technologies, the ‘new’ here may not mean ‘emerging’

at many instances. On one end of the spectrum are organizations, who traditionally, are early and aggressive adopters of technology, the other end is occupied by those which adopt technology only when compelled by market forces.

A mixed approach, with a judicious tilt towards tested and proven technologies would be a good idea. How important is simplification of IT in streamlining the organization for the future?

Complexity in deployment of technology has become an impediment both for business and for IT. From business perspective, complexity may slow down or hold up business flexibility and transformation which in turn may affect efficiency and profitability. From the technology perspective, complexities make IT management a cumbersome job and reduce efficacy.

IT has grown from a back office function to a business enabler and a critical business tool. But somewhere during this transformation, many organizations have got their hands tied backwards in a mesh of multiple layers of architectures and a plethora of interfaces.

Do you think outsourcing could be one of the ways to cut costs?

IT Outsourcing is catching up. But to look at it merely from a cost savings angle would be akin to missing the bigger picture. And unless very well designed and appropriately implemented, outsourcing may not live up to the promise of business benefits including ‘cost savings.’

The key points to be considered are what, why, how much and from where to whom. It would be advisable to take into account all the aspects like service levels, service management and governance. CIO


EXPERT VIEW Vikas Agarwal.indd 77 1/3/2008 1:15:01 PM

There has been interest in carrier Ethernet for a decade or more and — let’s be honest —more than a little hype, too. In the early days, the focus was on how Ethernet was going to

displace SONET and Synchronous Digital Hierarchy as a low-level optical technology.

Then we were going to have Ethernet to the home, or maybe to every business site. Recently, with the advent of Provider Backbone Transport (PBT, also called Provider Backbone Bridging and PBB-TE), we’ve heard people say that Ethernet was going to replace MPLS. Is all this just part of a fascination with technofantasy, or is there something going on here?

There’s something going on. When I surveyed ten network operators about their priorities in 2005, carrier Ethernet didn’t rate in the top three for any of them. Today, ten out of ten rate carrier Ethernet as either No. 1 or No. 2 among their technology issues, and the reason they give is PBT. With PBT, Ethernet acquires traffic-engineering features that many believe are as good as or better than MPLS; that, of course, is why there’s so much fuss about the battle between PBT and MPLS today.

The real story here lies deeper, however. Network operators are looking hard at what should have been the real issue of next-generation networks (NGN) all along, which is how these networks can best form the foundation for all the services future enterprises and consumers will buy.

Ethernet isn’t a replacement for SONET, nor is it the basis for enterprise-transparent LAN services or something; it’s a contender for the foundation of NGNs, and that’s not only

Carrier Ethernet Grows up Ethernet might not have ranked high on the priority list a couple of years back but today, it sits right on top.

Thomas Nolle RealiTy CheCk


Ill

US

tr

at

Ion

by

MM

Sh

an

Ith

Coloumn.indd 78 1/3/2008 1:15:51 PM

big news to the industry, it’s a big change in the Ethernet mission. If Ethernet is going to be useful as the foundation for flexible service delivery, it needs some critical capabilities, and vendors are starting to step up and offer them.

One capability that’s critical is scalability and traffic engineering, which PBB and PBT provide. These let Ethernet infrastructures scale handle not only major metropolitan areas but whole countries, and simultaneously provide for stringent service-level agreements (SLA) and controlled failover modes to handle node and trunk problems.

Nortel has been the vendor champion of PBT from the first, Nokia Siemens and Huawei Technologies have joined in, and smaller players, such as Extreme Networks and Meriton Networks, also have been very visible in their support.

A related challenge is the need for a control plane. PBT achieves its benefit in part by dispensing with all the discovery and adapting that take place with standard Ethernet bridging, but you can’t route traffic or engineer capacity if you can’t find nodes and endpoints. PBT was designed to use an independent control plane, and two vendors have stepped up to provide one: Avici Systems’ Soapstone Networks business unit, which is exiting the router business to focus on control plane development; and start-up Gridpoint Systems. Both vendors offer carrier-Ethernet control-plane tools, and both have demonstrated their ability to create and control predicable, Ethernet-based service infrastructure in a number of trade shows and events.

The third challenge is the support of services, which is what this is supposed to be about. Service support for infrastructure means support for the three connection topology models that the Metro Ethernet Forum (MEF) defined years ago—E-Line for point-to-point, E-LAN for multipoint and E-Tree for multicast.

Hammerhead Systems just announced full support for the MEF models for carrier Ethernet and MPLS, as well as interworking between MPLS and PBT (Hammerhead also announced a partnership with Soapstone).

Network operators BT Group and DT have expressed a level of commitment to carrier Ethernet and PBT, and it’s pretty likely that in 2008 at least four other major operators will join them. Carrier Ethernet and PBT have got the vendors named here good engagement with operators

worldwide; in fact some of these vendors tell me that they’re almost consumed with requests for information and for devices to test.

Not everybody loves PBT, particularly router vendors that favor IP/MPLS. Cisco, Juniper Networks and Alcatel-Lucent are counted in the camp of PBT opponents, though they all surely are considering PBT support as operators become increasingly strident in their demands to hear about it. Ericsson’s position is less clear, but I’ve recently heard there is a movement within that company to provide support for PBT in some form. Foundry Networks is said to be looking at PBT as well, but there are no references to it on the company Web site.

The two main drivers behind PBT are stringent SLA control and cost. The adaptive behavior of IP, with its dynamic reconfiguration and routing, makes it difficult to write enterprises the same kind of SLAs they had for frame-relay services, which inhibits convergence. This is one reason an ex-BT executive has given for BT’s interest in PBT.

While advances to MPLS — particularly T-MPLS — promise similar nonadaptive behavior, carrier-Ethernet switching products are reported by operators to be about 40 percent less expensive than routers, so PBT has a significant cost advantage over T-MPLS, if there are no other reasons to deploy routers.

Whether the network is a greenfield — having neither significant router nor significant Ethernet infrastructure — is the big issue for PBT. If a network is a greenfield, building a carrier-Ethernet PBT network would be significantly less expensive than building a T-MPLS network using routers. Metropolitan networks seem a pretty sure place to deploy carrier Ethernet and PBT, although IPTV in the form offered by Alcatel-Lucent deploys IP features in these networks. In wider-area applications, where some routers are almost certain to be used, the cost advantages of PBT may be smaller. The enhancements to carrier-Ethernet control-plane and service models may make the difference between carrier Ethernet as a niche player and carrier Ethernet as a full-scale infrastructure alternative to IP/MPLS. CIO

Thomas nolle is the president of CIMI Corp. , a technology assessement firm.

Send feedback on this column to [email protected]

Thomas Nolle RealiTy CheCk


ethernet isn’t a replacement for SONeT, nor is it the basis for enterprise-transparent laN services or something; it’s a contender for the foundation of NGNs, and that’s not only big news to the industry, it’s a big change in the ethernet mission.

Coloumn.indd 79 1/3/2008 1:15:51 PM

How is globalization affecting How is globalization affecting infrastructure? infrastructure? Globalization is resulting in the construction Globalization is resulting in the construction of ubiquitous IP networks that connect of ubiquitous IP networks that connect geographically dispersed branch offices geographically dispersed branch offices to their headquarters or to wherever their central applications reside. Technical standards help stitch together inter-provider IP-MPLS networks to construct seamless global coverage to make this possible. Globalization therefore ‘mandates’ network infrastructure to support triple-play applications that can be prioritized on a per customer basis.

To meet the growing business requirements of globally integrated enterprises, the infrastructure layer is clearly witnessing integration with a new multi-services layer, often collectively termed as ‘managed services’. These managed services take comprehensive control of the wide area network, security, applications, hosting and often extend to the local area network of the organization.

Enterprises seeking to collaborate and scale, globally look at high availability data centers to host their services — for both primary as well as secondary (DR) sites, business continuity practices, hosted and/or managed applications including messaging, storage, hosted CRM and SCM; and other workforce management solutions that reside on the service provider infrastructure.

Globalization is also resulting in enhancing of infrastructure for the delivery of e-learning solutions that integrate and homogenize global workforces that are required to operate in uniform and globally-defined environments.

As enterprise requirements evolve from network-centric to application-centric,

infrastructure is adding the smarts to monitor and manage application performance to meet the business requirements more directly — especially in a managed/hosted distributed application environment.

Globalization is also powering the rise of the utility data centers for managed and unmanaged hosting of infrastructure, since in a connected world it does not much matter where the data resides.

Globalization is also the key driver for network virtualization.

If there was one message you had for If there was one message you had for CIOs, what would it be? CIOs, what would it be? They should take cognizance of the fact They should take cognizance of the fact that complex global networks require both that complex global networks require both infrastructure and application expertise to infrastructure and application expertise to succeed and that comprehensive security protocols supported by appropriate policies and controls will determine the ultimate uptime of the enterprise network.

What are the check points in the future? What are the check points in the future? There are several. Managing services There are several. Managing services to achieve economy is a must. Scale to achieve economy is a must. Scale and uniformity on a global basis — be and uniformity on a global basis — be it collaboration, workforce integration, it collaboration, workforce integration, security, software-as-a-service, e-learning, storage and application performance would also be an important check point. Focus should be on comprehensive network security on-net as well as off-net. We need to adhere to global standards that will ensure network longevity and — to the extent possible — a defined path for technology upgrades.

What are key deliberations for the CXO?What are key deliberations for the CXO?The emerging global integrated enterprise The emerging global integrated enterprise fashions its strategy, management and

operations towards the integration of operations towards the integration of production and value delivery worldwide. Key production and value delivery worldwide. Key deliberations for the CXO will be integrating global offices, branch offices, supply chains and mobile workers. It would also include enabling global collaboration, delivery and balanced productivity. In addition, CXOs have to run and manage applications smoothly and reliably. And finally, add and show IT value to business.

How will infrastructure help deliver How will infrastructure help deliver collaboration? collaboration? Globalization inherently and fundamentally Globalization inherently and fundamentally requires integration of geographically dispersed requires integration of geographically dispersed workforces (systems, people and processes) workforces (systems, people and processes) that span multiple countries and cultures.

Arvind MathurChief Achitect, Gobal Services, Sify.com Mathur is responsible for architecting services, solutions and the product portfolio across Sify’s business lines. He is a key driver for Sify’s ‘Smart Expansion’ initiatives which promise a highly-scalable, application-aware core network supporting a variety of hosted applications that will deliver business value to a range of enterprise segments. Mathur has over 18 years of international experience in the telecommunications and networking arena.

The New Digital Big Bang Technology is unlikely to limit infrastructure capacity deployment.


SPECIAl SECTION

" There is a vast gap that needs to be bridged for seamlessly combining and integrating global workforces in terms of

collaboration.”

SPECIAl SECTION

These global work-sites will rarely have the same infrastructure or tools or processes. There is a vast gap that needs to be bridged for seamlessly combining and integrating global workforces in terms of collaboration (voice, messaging, video, SCM, CRM, global training and the like). These unifying, collaboration technologies can be hosted and managed by service providers with global accessibility through an ubiquitous IP network.

What does the multi-service, application What does the multi-service, application aware IP offer? aware IP offer? Broadly, it offers application SLAs. Simply Broadly, it offers application SLAs. Simply defined, they are application performance defined, they are application performance objectives expected from a WAN. It objectives expected from a WAN. It also includes real time application flow monitoring across the entire network. It offers application performance reporting on application performance across the network as well as per user. Other than that, there is a pro-active help desk which would deal with quickly detecting and correcting application performance issues.

It provides an SLA-based cost allocation, which is billing according to application performance achieved. In addition, it also includes network rightsizing and application performance management, which offers the right level of bandwidth to achieve application performance objectives as an ongoing partner to the enterprise. There is an application discovery, which automatically identifies all active

applications. And finally, it offers bandwidth on demand.

What does the innovation-centric demand What does the innovation-centric demand model include?model include?It’s a model that traces the path of innovation, It’s a model that traces the path of innovation, starting from invention. The model would starting from invention. The model would suggest that innovation occurs and user suggest that innovation occurs and user pattern shifts and new applications emerge. The rate and impact of these new behaviors can be modeled historically and projected into the future without knowing the specific details of these changes in advance.

Are networks sized correctly for apps? If Are networks sized correctly for apps? If not, what’s the impact on the organization not, what’s the impact on the organization cost-wise? cost-wise? Let’s put it this way, WAN capacities on the Let’s put it this way, WAN capacities on the national long-distance network are available national long-distance network are available to scale on a fairly massive basis, and thus not a limiting factor for running most

applications. Capacities on international networks exiting India are still expensive but have adequate scale built-in and hence again should not be a show-stopper though additional cable systems and more competition should help drive economics in-line with global trends.

Ubiquitous local access is a challenge for various reasons: not everyone owns copper in the ground (DSL); fiber can be laid by service providers very effectively — but may not prove to be cost-effective for small bandwidths; and wireless access because of limited spectrum, bandwidth or throughput limitations (as compared to fiber) and expensive horizon technologies (WiMax) that are difficult to deploy cost-effectively today on a broad coverage basis.

Enterprise-users can, depending on the criticality of their operations and applications, opt for standard or highly-resilient architectures for their networks, which can be supported via SLA’s by service providers across the access, metro, national and international networks at appropriate price-points.

This time next year, what do you expect of This time next year, what do you expect of changed infrastructure? changed infrastructure? The year ahead holds a lot of promise. The year ahead holds a lot of promise. I would emphasize on enhanced reach, I would emphasize on enhanced reach, resilience and capacities both on the resilience and capacities both on the domestic and international sectors covering semi-urban and metro networks, national long-distance networks and international networks mostly over fiber cable systems. Availability of large data centers that cater to a range of managed services besides utility hosting would also be a part of the changed infrastructure.

Impact on Network InfrastructureBy 2009, the total capacity of the optical backbone is expected to be 3 million Petabytes per month or 3000 Exabytes per monthThis translates to a global optical capacity of 9259 TbpsIn 2007, the amount of information created will surpass, for the first time, the storage capacity availableBandwidth for Data Services in India are expected to grow at CAGR of 47% from 213 Gbps (2007) to 435 Gbps (2009)

Key deliberations for the CxOIntegrate global offices, branch offices, supply chains, mobile workersEnable global collaboration, deliver enhanced productivityRun and manage applications smoothly and reliablyOptimize and reduce cost of operationsAdd and show IT value to the business

Growth of the Digital Universe

47%the amount bandwidth for

data services are expected to grow in India at CAGR.

With WS 2008's launch just around the With WS 2008's launch just around the corner, what should CIOs look out for corner, what should CIOs look out for while chalking out a seamless while chalking out a seamless migration roadmap? migration roadmap? For an early migration to WS 2008, CIOs should For an early migration to WS 2008, CIOs should consider software compatibility, application support, ISV certification, hardware age and of course, training and support.

In your opinion, why will Windows Server In your opinion, why will Windows Server 2008 make CIOs sit up and notice the new 2008 make CIOs sit up and notice the new server OS? server OS? WS 2008 is the next generation server operating WS 2008 is the next generation server operating system that will help maximize control over IT system that will help maximize control over IT infrastructure while providing unprecedented availability and management capabilities. It would also seek to deliver a significantly more secure, reliable and robust server environment than ever before. It is designed to provide organizations with the most productive platform for powering applications, networks, and Web services from the workgroup to the data center.

How does WS 2008 help IT heads maximize How does WS 2008 help IT heads maximize control over infrastructure? control over infrastructure? WS 2008 gives IT heads more control over WS 2008 gives IT heads more control over their servers and network infrastructure, their servers and network infrastructure, allowing them to focus on critical business allowing them to focus on critical business needs. It provides enhanced scripting capabilities and task automation tools. Role-based installation and management eases the task of managing and securing multiple server roles in an enterprise. The new server manager console provides a single source for managing a server's configuration and managing system information.

IT staff can now install only the roles and features they need, and wizards automate many of the time-consuming tasks of deploying systems. Additionally, enhanced system management tools provide information about

systems and alert IT staff to potential problems before they occur.

Why is interoperability being stressed so Why is interoperability being stressed so much in WS 2008? much in WS 2008? Microsoft is committed to ensure that the Microsoft is committed to ensure that the Windows platform works with other key Windows platform works with other key platforms and systems in the heterogeneous platforms and systems in the heterogeneous computing environment of our customers.

WS 2008 provides significant enhancements in network, data, application and management interoperability. This will provide greater flexibility, improve information sharing, reduce computing costs, and help leverage existing investments. Therefore, Interoperability is one of the key pillars of WS 2008.

How does the Forefront family of products How does the Forefront family of products help standardize the way enterprise help standardize the way enterprise security is handled? security is handled? Today’s security market landscape is complex Today’s security market landscape is complex and fragmented. Poor interoperability, separate and fragmented. Poor interoperability, separate management consoles for each product, and a general lack of unified event reporting and analysis all pose challenges to the IT Heads.

The Microsoft Forefront family of business security products helps provide greater protection and control over the security of network infrastructure.

They provide simplified management, reporting, analysis, and deployment and thus help standardize the way enterprise security is handled. With highly responsive protection supported by Microsoft technical guidance, Microsoft Forefront helps enterprises confidently meet ever-changing threats and increased business demands.

Microsoft has expanded virtualization rights for the data center and enterprise versions of WS 2008. What impact do you

see this having on enterprise adoption of see this having on enterprise adoption of the OS? the OS? WS 2008 delivers an enterprise-class platform WS 2008 delivers an enterprise-class platform for deploying business-critical applications.for deploying business-critical applications.

The data center edition includes The data center edition includes unlimited virtualization licensing rights while enterprise edition comprises the right to run up to four additional virtual instances with one server license.

These virtual instances provide a cost effective way to virtualize and deliver significant value along with the scalability and reliability features of WS 2008. It will provide flexibility to rapidly provision new servers and to test and roll out

Pallavi KathuriaDirector-Business Group, Servers, Microsoft IndiaAfter spending about eight years in various capacities at Microsoft’s corporate office in Redmond, Kathuria moved into her present role in January 2007. During the years she spent in Redmond, she worked on various roles in the server business, including pricing and the servicing division. Here she speaks on the roadmap for WS 2008 and the advantages it will afford to the CIO.

Optimizing and securing Core InfrastructureWindows Server 2008 paves way for simplified IT.


SPECIal SECTION

“ Infrastructure optimization makes

infrastructure a strategic asset that

enables agility within the organization. It creates a ‘people-ready' business

environment.”

patches or other changes to business-critical applications. It also reduces infrastructure costs by consolidating underutilized servers and applications with virtualization licensing rights.

How does Hyper-Visor benefit How does Hyper-Visor benefit enterprises? enterprises? Hyper-V provides customers an ideal platform Hyper-V provides customers an ideal platform for key virtualization scenarios, such as for key virtualization scenarios, such as production server consolidation, business production server consolidation, business continuity management, software test and development, and development of a dynamic data center.

A core component of Hyper-V is a thin layer of software between the hardware and the OS that allows multiple operating systems to run, unmodified, on a host computer at the same time. This will benefit enterprises as it provides increased reliability and security for running virtual instances. It provides simple partitioning functionality and is responsible for maintaining strong isolation between partitions. It has an inherently secure architecture with minimal attack surface, as it does not contain any third-party device drivers.

How should CIOs look at optimizing How should CIOs look at optimizing infrastructure to look at maximum infrastructure to look at maximum TCO savings?

Infrastructure optimization helps realize the Infrastructure optimization helps realize the value of investments in infrastructure, makes value of investments in infrastructure, makes infrastructure a strategic asset that enables agility within the organization, and ultimately helps create an infrastructure for a ‘people-ready business.’

To get maximum TCO savings, CIOs should consider optimizing Infrastructure to a state where the costs involved in managing desktops and servers are at their lowest. Processes and

policies have been optimized to play a large role in supporting and expanding the business. Security is very proactive, and responding to threats and challenges is rapid and controlled. Zero touch deployment is used to minimize cost, the time to deploy, and technical challenges.

The number of images is minimal, the process for managing desktops is very low and a clear inventory of hardware and software is maintained. Security is extremely proactive with strict policies and control, from the desktop to server to firewall to extranet. This kind of optimized infrastructure will lead to maximum TCO savings.

aa bulk of an IT budget is spent in just bulk of an IT budget is spent in just treading water rather than adding new treading water rather than adding new business values. How can IT department business values. How can IT department flip that equation? flip that equation? Day-to-day pressures require tons of time, Day-to-day pressures require tons of time, resources and effort, but don’t necessarily push the business ahead. It’s these pressures that consume most of the IT budgets today.

IT departments can flip that equation by moving from an unmanaged environment toward a fully automated management and dynamic resource usage environment. Infrastructure management should be changed from manual and reactive to highly automated and proactive. Security should also be improved from vulnerable to dynamically proactive in a more optimized infrastructure.

The more IT professionals are enabled by systems that can self-manage to adapt to changing business demands, the more empowered they will be to add new business value and contribute to the success of the business.

Turn your IT infrastructure into a strategic asset with a different approach that…

Looks holistically across the infrastructureAddresses underlying structure and complexityCreates an integrated, uniform environmentAdopts IT solutions that support proven Best PracticesPrioritizes and sequences IT projects in a structured, systematic manner

Challenges and TrendsToday’s IT

30% new capability 70% sustaining and running existing capability

Desired IT45% new capability55% existing capability

ChallengesTechnology ChangeRegulatoryComplianceCompetitionSecurityKeep BusinessUp and RunningCustomer ConnectionBusiness results and new valueEnd user productivityCost reduction

A Strategic Infrastructure

70%The percentage of

today's IT infrastructure to sustain and run

existing capability. This number, in a desired IT infrastructure, would

come down to 55 percent.

SPECIal SECTION

What drives change?What drives change?Cost is a big driver for change. It challenges the Cost is a big driver for change. It challenges the fundamentals of business. It makes you reinvent fundamentals of business. It makes you reinvent yourself constantly. People want to do more yourself constantly. People want to do more with less. Change can never happen overnight. with less. Change can never happen overnight. Business is not assured based on past accounts. Vendors like us need to be there before customer arrives with a problem.

Second is the perception of quality. It is the value that you get out of the service that drives change. It may not necessarily be an element of the products design and engineering. It also depends on what channels you use to get to your customer. You can claim you are 24/7 but, are you there when your customer needs you? Demanding environments in the market have driven change.

What do you think should be the focus of What do you think should be the focus of the new CIO?the new CIO?We need to focus on technology, innovation and We need to focus on technology, innovation and on controlling cost. Focusing on information on controlling cost. Focusing on information and getting what you want is being enabled and getting what you want is being enabled through focusing on technology. India is now the undisputable leader in IT; there are lots of

customers based out of US. The dollar is getting weaker and the Indian rupee is getting stronger. It is a great feeling to know that the economy is getting strong even if the software industry is facing a challenge in margin reductions. At the end of the day, you need to address the margins; it’s about people and the infrastructure. There is a need to look at infrastructure that delivers technology. I want to emphasize on the fact that it’s not by buying cheap products that you manage TCO. It’s by managing your TCO that you manage cost. We should not focus on technology for technology’s sake.

What do you mean when you say morphing What do you mean when you say morphing into the realm of facility management?into the realm of facility management?A lot of services have to be rendered to run A lot of services have to be rendered to run the facility. You need heating, ventilation and the facility. You need heating, ventilation and air condition. You need people to be directed air condition. You need people to be directed to parking, security passes, cameras, public address systems, and then you have lighting. Heating, ventilation and power consume a lot of energy. If you had a facility in your computer through which you can decide when you want the lights off and when you want them on, you can program it by building intelligence into the

building management. Using power only when it is required, you save an enormous amount of money.

What is an intelligent building?What is an intelligent building? Intelligent building is basically computerizing Intelligent building is basically computerizing all your energy, ventilation, lighting, all your energy, ventilation, lighting, communications systems, which is already on communications systems, which is already on a technology backbone, and a lot of building a technology backbone, and a lot of building automation. You put everything into a building monitoring system and run it through a twisted cable which you would use for LAN, making the building more intelligent. How does ADC KRONE support?

Solutions and best-practices are Solutions and best-practices are engineered for uptime

Believes and invests in technology Believes and invests in technology Propagates and trains market Propagates and trains market advancements

Understands and supports future- Understands and supports future- proofing in a balanced manner

Intelligent Physical Layer Intelligent Physical Layer management

National reselling arrangements and National reselling arrangements and bonded warehouse facilityADC KRONE was founded in 1935Present in the Structured cabling industry globally since early ’90’sHave survived and grownin a tumultuous industry wherebusiness and sales models haveundergone disruptive evolution

Why ADC KRONE?

K. Bala ChandranManaging Director, ADC KRONE Joining ADC KRONE in 1991 and after serving in various positions in the go-to-market and business development, Chandran is currently the MD for India & SAARC markets. Over the years he has played a key role in positioning ADC through its acquisition of KRONE as a key player in the network infrastructure space covering copper, fibre and wireless within the Indian market and also expanded the company’s operations into cabling infrastructure for enterprises.

It’s What You Don’t See That MattersIt is important for CIOs to reduce power consumption in their datacenters.


SPECIal SECTION

“Focusing on information and getting

what you want is being enabled through

focusing on technology."

Why is datacenter design becoming Why is datacenter design becoming imperative today?imperative today?If you go back into the various stages that If you go back into the various stages that people lived through in IT, design has been people lived through in IT, design has been the most elementary thing — that’s what the most elementary thing — that’s what decided the foundation of the future. The data center’s design, today, is what decides what your data center is going to look five years from now.

This design captures a lot of elements that would probably be missed out. This is because, typically, IT managers were not a part of a building’s design. They were given a floor and were told to do whatever they wanted to do with it. This cycle needs to be broken, because unless companies put their critical equipment in the right place there are chances of having unforeseen surprises.

In your experience, has an oversight in In your experience, has an oversight in data center design ever caused a direct data center design ever caused a direct impact to business?impact to business?Very much. One large organization decided Very much. One large organization decided to outsource a certain amount of their data to outsource a certain amount of their data to a hosted data center. Obviously the design elements were out of their control. They put

in their servers and immediately ran into a roadblock. The rack spacing was such that their regular cable would not go from the server to the storage. This directly impacted their go-live date.

AMD is also an active member of the AMD is also an active member of the Green Grid. Can you explain why the green Green Grid. Can you explain why the green initiative hasn’t taken off in India?initiative hasn’t taken off in India?The Green Grid is essentially a consortium The Green Grid is essentially a consortium of companies whose objective is to evolve of companies whose objective is to evolve better, more sensitive devices from an energy perspective.

You are right about the fact that, in India, it hasn’t taken off the way it should have. The reason is largely because CIOs have never paid the cost of power for a data center’s operations. All those costs were being picked up by facilities.

Also, look at the way power is provided in India. Companies go to the electricity department and request a certain amount of power. If these organizations don’t use the amount of power they asked for, they are penalized. There’s no initiative to reward people for conserving power.

And there isn’t a ceiling on how much they can use. These controls exist in the US and Europe and even in China. What this means is that no one plans backwards and looks for more energy sensitive devices.

What are the cost benefits of going green?What are the cost benefits of going green?Better servers mean less power use and less Better servers mean less power use and less heat. It means less air conditioning. Then heat. It means less air conditioning. Then there more are indirect benefits like a lower there more are indirect benefits like a lower load on the UPS and the consequent costs load on the UPS and the consequent costs savings on back-up generator cost. Look at some baseline calculations. Over a five year period, these intangible costs can add up to five times the cost of your capital.

Budget reductionsStaff reductionsWorkloads/datasets double every 5 yearsPower/Cooling facing 15 percent annual increase1996: 7 servers/rack VS 2006: 22 servers/rack Energy costs could soon exceed hardware costs

What AMD Can DoCost reductionReduction of power consumption/ Reduction of power consumption/ Reduction of power consumption/heat generation

Performance increase Performance increase Memory capacity expansion Memory capacity expansion Dual Core and Quad Core Dual Core and Quad Core Virtualization Virtualization Code migration to 64-bit Code migration to 64-bitDynamic Power ScalingAcceleration for Virtualization

Key IT Challenges

Arvind ChandrasekharBusiness Development Manager, AMD IndiaChandrasekar has held technical and management positions since joining AMD in 2001. Prior to this, he was the technical specialist for India and SAARC for AMD. Chandrasekar successfully held AMD evangelism and technical education that was needed for this developing market. Here he says that electricity, whether Indian CIOs accept it or not, is going to be a major factor soon.

Not Yet, But SoonPower will be a vital factor in a CIO's Datacenter equation.


SPECIAl SECTION

"CIOs have never paid the cost of power for a

data center’s operations. All costs were being

picked up by facilities.”

How can a CIO best drive change?How can a CIO best drive change?The best way is to partner with your vendor, The best way is to partner with your vendor, and together share the experiences that and together share the experiences that vendors have from a global perspective. This vendors have from a global perspective. This is the only way that you can get management is the only way that you can get management to appreciate what you are doing.

It is very important for CIOs to get out of a transactional mode. In many cases, CIOs are still perceived as IT managers, while in reality they should be thought leaders. Their jobs are not to prepare bills of material. Their focus should be on reducing costs and improving profitability through the strategic usage of IT. This is necessary in the future, because the industry has to integrate with a global system and move towards becoming a truly global enterprise.

You say that CIOs should shape the destiny You say that CIOs should shape the destiny of their organizations. Does this not put of their organizations. Does this not put the CIO on a collision course with the CEO?the CIO on a collision course with the CEO?I think it is very important for the executive I think it is very important for the executive team to understand that they are all team to understand that they are all partners. Innovation is not confined to any one individual — innovation can happen at any level. The CIO brings his own perspective,

and I think that it is very important to bring that perspective, because, without IT, you can't build a robust and global business.

Why do you feel that infrastructure Why do you feel that infrastructure management is not a core competency? Do management is not a core competency? Do you think it should be outsourced?you think it should be outsourced?Infrastructure management should not be Infrastructure management should not be the core competency of most organizations. the core competency of most organizations. Organizations are in the business of running their businesses and are not in the business of running an IT organization. Rather than spending money on non-core areas, they should spend it on improving their business.

But why should CIOs outsource specifically But why should CIOs outsource specifically to IBM?to IBM?One of the biggest pluses is that we are one One of the biggest pluses is that we are one of the few global organizations that has the of the few global organizations that has the resources to offer end-to-end solutions. This resources to offer end-to-end solutions. This saves customers from dealing with multiple vendors. Many CEOs still don't understand the power of IT as it is applicable to the next level of business. IBM gives you the power to leverage an organization’s infrastructure

globally on demand, and I think that this is the critical reason why an organization should come to IBM.

Do you think that companies are hesitant Do you think that companies are hesitant to outsource security?to outsource security?With security, there is a certain process With security, there is a certain process and a governance model that is available and a governance model that is available and can be demonstrated. So, I don't see and can be demonstrated. So, I don't see security outsourcing as an issue at all. But it is difficult to give figures pertaining to how many companies outsource their security to us.

Risk MitigationConsulting Data center buildingBusiness continuity High availability Security

Services Management IT resources optimization FM / EUS / Data services

Systems and network ManagementStrategic outsourcing

Enabling growth Fully integrate technology & business Fully integrate technology & business functions to operate together

Innovative business model Innovative business model Leveraging IBM research Leveraging IBM research Robust, scaleable and flexible Robust, scaleable and flexible infrastructure

At Your Service

Rohit KhannaCountry Leader, Infrastructure Solutions, Global Technology Services, IBMRohit Khanna brings over 19 years of deep industry experience in various roles within the IT and consulting industry in India and the US. Rohit's experience spans a wide range of sectors such as healthcare, education and the public sector. His areas of forte include business strategy, business process transformation and technology implementations. Here he says that CIOs should partner with vendors if they want to effectively drive change and make their jobs more strategic.

Managing ChangeCIOs need to outsource infrastructure.


SPECIal SECTION

“In many cases, CIOs are still perceived as IT managers, while in reality they should be

thought leaders."

As the amount of data businesses create increases daily, so does the need to use that information faster, for better decisions.

No longer does business intelligence belong to rarefied analysts closed off in a room. Best-in-class organizations use today's data to make today's decisions and give their frontline employees the tools to do that.

1. IT-Business Teamwork will be CrucialThe business intelligence landscape is changing rapidly — more and different types of data, new tools, frenetic MandA activity — and in this rapidly evolving world, communication between IT and the business side is key, says Colin White of BI Research.

Defining the core values that you want to use to measure business performance, your key performance indicators (KPI), will remain paramount. These values are not about the technology, they are about what's core to your business.

IT's understanding of business needs and communication around technology will become even more important as some types of BI tools become easier for non-IT folks to implement, and as the types of data used in BI change.Last word: In order for BI to help you gain competitive advantage, IT needs to deeply understand the business case for BI-what performance indicators it should measure and how, how employees actually

By Diann Daniel

2007 was the year of BI vendor mega mergers. What will 2008 mean to business intelligence? Here are five predictions for the year ahead-and one wild card to watch.

Reader ROI:

Why teamwork is important

Why BI will be a greater force than open source in the future

for the Year AheadPredictions

Business Intelligence


Feature.indd 91 1/3/2008 1:18:32 PM

work, how BI tools will fit into those patterns and so on.

2. Operational Business Intelligence will Lead the WayFor many companies, business intelligence has been successful in its traditional strategic and tactical use, says BI Research's Colin White. Studying historic data can yield valuable insights on what approaches are working and which need to be changed. But looking at what happened two months ago does nothing to help you save a customer you've already lost, nor does it help you recognize a customer's receptivity to buying more products at checkout time. So the drive to extend actionable business intelligence to a broader audience-frontline employees and even customers and partners-will continue in 2008, putting the spotlight on operational business tools.

Operational BI can automate operational data collection and integration; it can also report and alert creation and certain decisions or actions. For example, operational BI tools can recognize customer inactivity and automatically generate an alert to be sent to an account manager.Last word: Operational BI is the trend for 2008 for the simple and crucial reason that it brings relevant information to employees as it is needed, allowing them to respond to problems or opportunities.

3. Open Source and SaaS Tools will Become More AttractiveLast year's wave of BI vendor consolidations has left room for smaller vendors to innovate. Customers looking for less expensive, easier to manage BI solutions may turn to open-source BI and software-as-a-service tools. "Companies are focused on BI's total cost of ownership, and they want to know how they can acquire BI capabilities without the high prices," says Aberdeen Group's David Hatch.

He and other analysts think that more companies will turn to open-source BI, and in turn, vendors will be likely to respond

by increasing the number of offerings. (Currently JasperSoft and Pentajo are the main open-source BI vendors.) In addition, BI offered via SaaS can help IT respond quickly to business needs and requires less IT manpower than in-house BI, though costs may add up over time.Last word: Look for pockets of business needs that may be served by newer, more targeted BI tools. Keep in mind that while many experts think open-source, BI will become a greater force. Some consider it not adequately tested as a complete business solution. With software-as-a-service tools, carefully evaluate and monitor the costs that may accumulate long-term.

4. Structured and Unstructured Data will be Needed for BIFace it: Your company doesn't have to deal with just more data, but more data in many more places. Consider these types of information: Comment fields, customer comments left on voice mail, competitors' prices listed on the Internet, blogs that mention your product, wikis that contain instructions, and customer complaint e-mails are all potentially valuable sources. This data can help your company price, operate, stock, sell and serve customers more effectively. A car company that conducts automated searches to scan blogs for discussion of problems can use the information to spot patterns that may point to manufacturing flaws.

White says the idea of folding such information into BI may pose a problem for those whose idea of business intelligence is the 'gold standard' of data, similar to those people who see Wikipedia as inferior to traditional encyclopedias. White recommends viewing these new sources as a valuable way to better inform business decisions. Companies will still need to make choices about how they use different kinds of information, of course.Last word: Companies that can find and capitalize on information such as comments by customers and competitors will find themselves ahead of the pack.

5. BI Competency Centers will Increase in Importance.As the amount and variety of data grows, business will need a BI competency center — a group of IT and business leaders whose buy-in and evangelizing will make or break the success of a BI implementation. This group creates the BI vision, manages the spending and tools, sets standards for using those tools and helps define business intelligence success.

This group should also keep in mind the four pillars of a successful BI implementation, according to consultancy Gartner: user training, data stewardship, a focus on metadata and a focus on possible next steps to be taken.Last word: Successful BI requires structure and process support. New tools and new types of information will not change those requirements.

The Wild Card: Effects of BI Vendor ConsolidationFor the BI marketplace, 2007 was all about mergers and acquisitions. What will that mean for 2008? The largest pure-play vendors have already been snatched up by the giants. Experts are divided on just how much MandA activity will continue and what the consolidation will mean for customers. Many analysts say that MandA activity in the business intelligence space will be mostly about megavendors rounding out their purchases to create more complete product lines. Still, it won't be easy for megavendors to integrate all the various solutions they've acquired. And you won't be stuck with only megavendors to choose from: Smaller players will continue to innovate, analysts say.Last word: The results from the IBM- Cognos, SAP- Business Objects, Oracle-Hyperion and other deals have yet to fully play out. While vendor alliances matter, keep your eyes on the prize-your core business goals and whose solutions will best help you reach them. CIO


Business Intelligence


Feature.indd 92 1/3/2008 1:18:32 PM

That's THANK YOU in Malay and sums up our appreciationfor your invaluable support to Malaysia.

Presenting Partners

Knowledge Partners

An Event byHosted by

Terima Kasih!

IPv6 Checkup TimeBy BoB Violino

NetworkiNg | One fact has become clear about IPv6, the next-generation Internet protocol developed to gradually replace the current IPv4: Adoption by US enterprises is not happening on Internet time. Even those who see potential in the technology, like Dan Demeter, CIO of talent management company Korn/Ferry International, are taking it slow. He plans to introduce IPv6 by 2010 as part of a worldwide network upgrade for his company.

“We believe that [by] adopting IPv6 and restructuring our network routers and servers, we can deliver faster and more reliable and secure client solutions,” Demeter says. Also, Korn/Ferry employees use BlackBerry mobile devices to access key company executive search data, and Demeter wants to explore the potential of IPv6 for providing additional mobile services.

Among its top benefits, IPv6 promises a significant increase in the number of addresses available for networked devices such as mobile phones, and simpler administration of networks.

But Demeter says Korn/Ferry is in the exploration stage, with no firm time frame for a pilot test. “Our approach is to focus on the areas where we can derive the most benefits

Despite the hype, enterprises seem

to be in no hurry to adopt the next-

generation Internet protocol.

Here’s why.

technologyEssEntial From InceptIon to ImplementatIon — I.t. that matters


Essentisl Tec.indd 95 1/3/2008 1:19:30 PM

and move ahead in gradual fashion as our experience grows and as we ensure that all the infrastructure components are compatible with IPv6.”

He’s not alone. Federal government agencies are mandated by the Office of Management and Budget to move their network backbones to IPv6 by June 2008 — and so are the contractors that do business with agencies. But outside that space, few organizations seem to be deploying the standard. Research firm Gartner estimates enterprise adoption at less than 1 percent.

Should IPv6 be on your drawing board yet? Consider the key issues and the experiences of early adopters carefully.

Several factors are fueling the sluggish adoption rate. A study by Cisco in 2006 cited the lack of dedicated funding and IT staff for IPv6 implementations.

Another hurdle: “The fact that IPv6 implementation is viewed more as a technology issue than a business benefits driver probably also is an obstacle to its immediate widespread adoption in the US,” says Michael A. Gold, a senior partner

in the litigation group of Los Angeles law firm Jeffer, Mangels, Butler & Marmaro and co-chair of the firm’s Discovery Technology Group.

“This is very shortsighted in terms of global competition,” Gold says. “In the not-too-distant future, many home appliances — even dog collars — will be Internet connected. Many automobiles are connected today. Each of these devices will require using an Internet address in order to communicate across the network.”

Quite simply, the system will run out of addresses some years from now without

IPv6. Other countries, notably China, have pushed the implementation of IPv6 more aggressively than the United States.

Among the other possible benefits of IPv6, the technology enables a more simplified network architecture that removes network address translation devices. This clears the way for powerful peer-to-peer capabilities, says Erica Johnson, senior manager of software and applications and IPv6 consortium manager at the University of New Hampshire’s InterOperability Laboratory. The lab oversees the Moonv6 project, a global effort to test IPv6 equipment from different vendors.

IPv6 also includes a greater amount of usable address space for additional nodes on the network, allowing better utilization of multi-user technologies such as VoIP, interactive video and collaborative applications, she notes. But Johnson concedes that even with the potential gains from IPv6, building a business case for adoption will be a challenge for many. “A lot of that has to do with testing and

education,” she says. “It’s not going to be a light switch; we don’t have a Y2K effect with deploying IPv6.”

Some analysts are more blunt. “Commercial enterprises have little reason to adopt IPv6,” says David Willis, research VP at Gartner. “Migration costs are very high for established IP networks, and attempts to transition even moderate-size networks have revealed many unexpected problems and hidden costs.”

Willis says most of the benefits of IPv6 “can be delivered with current IP [IPv4] workarounds such as network

address translation and IPsec [the Internet security protocol].”

Willis adds that he expects IPv6 to creep into the enterprise as we see stronger Vista rollouts in 2008. Enterprises will use various approaches to support both IPv4 and IPv6 for several years, he says.

Early Adopter LessonsCIOs starting to explore the IPv6 issue can learn from the approach of early adopters like engineering and construction giant Bechtel. By 2003, the US Department of Defense, a big Bechtel customer, had called for department-wide deployment of IPv6 by 2008. Bechtel began seeing RFPs from the US Army and other customers explicitly calling for IPv6 products and services. So in 2004, Bechtel launched a phased, enterprisewide deployment of IPv6 “designed to develop broad awareness and competence in the new protocol, with the initial deployment focused on our government business unit,” says Fred Wettling, Bechtel fellow and technology strategy manager.

The company sees an opportunity to create an IT infrastructure that will be a platform for future innovation, he says. “This is a technology that can transform the way we do business.”

Wettling says Bechtel sees IPv6 as an enabling technology, as the Web was in the 1990s. For example, the company is exploring how IPv6 will help with wireless sensor networks to help track logistics, and with mobile ad hoc networks that can be set up quickly at the start of a project.

Bechtel’s IT group tried to minimize the problems and costs associated with a broad technology change by using a planned, gradual approach spanning several years. This included sending three dozen people to an ‘IPv6 boot camp’ run by Native6 (now part of Command Information, a provider of IPv6 training and services) and creating an IPv6 lab to perform distributed configurations and testing without putting Bechtel’s production network at risk.

Soon, many home appliances — even dog collars — will be Internet connected. Each of these devices will require

using an Internet address in order to

communicate across the network.

source: Gartner


ESSEntIal technology


“We set up small IPv6 labs at four locations, each with a few servers, routers, switches, and put them in isolated networks within each office and interconnected them across the Internet,” Wettling says.

By the end of 2006, Bechtel had enabled IPv6 on the production networks and hundreds of computers at four of its primary sites, and created a scalable model for future deployments.

The company instructed all its application developers on how to configure machines for IPv6. Today, Bechtel has more than 9,000 computers (desktops, portables and servers) in 70 cities worldwide running IPv6. The majority of its offices support IPv6, and the company is turning on other offices one at a time.

Hardware HiccupsWhat challenges did Bechtel encounter on its road to IPv6? While most of the applications weren’t affected by the change in IP version, several presented problems. First, some databases weren’t set up with big enough fields to accommodate IPv6 addresses and had to be expanded.

Also, not all commercial or internally developed applications have the needed IPv6 attributes in them. Some of Bechtel’s monitoring and configuration software had to be tweaked to display IPv6 data.

“Not all products out there [such as Windows XP] have the IPv6 features we want,” Wettling adds. “XP doesn’t fully support IPv6 as well as [Microsoft’s] Vista does.” Bechtel will start deploying Vista later this year, he says.

For these reasons and others, aeronautics manufacturer Lockheed Martin figures its move to IPv6 will be a huge undertaking. “The transition to IPv6 will require a greater effort than the Y2K bug,” says Frank Cuccias, director of Lockheed’s IPv6 Center of Excellence. “Remember that Y2K only affected a subset of systems; IPv6 will affect almost all current systems.”

Lockheed Martin, given its many government customers, began looking at IPv6 seven years ago in its labs. The

company is in the midst of a pilot program to convert part of its Global Vision Network to IPv6. So far the program is progressing well, Cuccias says.

“We realize that if our customers are moving to IPv6, we need to be out in front of the technology,” Cuccias says. The company launched the pilot to illustrate to its customers that it’s not as simple as buying new IPv6 hardware and turning it on, he says.

A potential IPv6 challenge is developing network engineering expertise, says Korn/Ferry’s Demeter. “While IPv6 presents several advantages over IPv4, it requires the engineering and systems operations

talent to design, build, and maintain the network to maximize its potential and to justify the investment,” Demeter says.

Gartner’s Willis sees no urgency to adopt IPv6. “There is no real driver besides the IP address shortage,” he says. “What this means is that we’ll be living in a mixed IPv4/IPv6 environment until well past 2013. Coexistence of both protocols is easy, although it will drive support costs up while we are in this mixed environment.” CIO

Bob Violino is a new york-based freelance writer. E-mail


In economics, someone who hoards resources to drive up its price is rather whimsically

referred to as a troll. Recently, one of my colleagues suggested that perhaps the US government's

interest in IPv6 is part of a plot to drive up the market price of IPv4 addresses.

the U.S. government is the single largest owners of IPv4 address space — and also the biggest pro-

ponent of moving to IPv6. My colleague's semi-facetious theory is that by artificially tightening the

market, the government can increase the value of the resources it owns. "Why wouldn't IPv4 space

be sold off like unused spectrum or surplus computers?" he asked.

He's got a point, even if calling the feds ‘address trolls’ seems a bit much. lately, a lot of enterprises

have been seeking help in smoothing their transitions to IPv6. Yet when they are asked why they

want to move to v6, the answer boils down to, 'We don't want to. We have to.' there's a growing sense

that we're running out of v4 address spaces, and migration to v6 is a painful necessity. But that raises

more questions than it answers, starting with the reality of address exhaustion.

the reality is that thanks to rfc1918, which permits enterprises to operate their own private class a

addresses, no enterprise will run out of private address spaces (so long as it's willing to implement

network address translation, or nat). a number enterprises have implemented nat as a security

measure and for them, this is pretty much a non-issue.

that raises the question of exactly how necessary migration to v6 truly is. If you're a carrier in one of

the countries that got shortchanged during the initial address allocations, you don't have a choice.

the only problem IPv6 indisputably fixes is address exhaustion — which is a problem for carriers, not

enterprises. all the other so-called benefits of v6 come at a cost — v6 consumes considerably more

bandwidth than v4 (because of its larger address space), which is an issue over low-speed links,

such as wireless. What happens in a free market when a manufacturer tries to promote an inferior

product? Easy: the market value of the older version skyrockets. Remember new Coke? If eBay had

been around back then, Coke Classic would have been selling at Rs 240 a bottle.

Which brings me back to my colleague's contention: there's no better way to drive up the market

value of a resource than to create artificial scarcity. Calling the Feds ‘address trolls’ doesn’t sound so

far-fetched after all.

—Johna till Johnson

Is It Really necessary to Upgrade to IPv6?


ESSEntIal technology


Fix It Already! If IT isn't aligned with the business by now, CIOs should quit or be fired.By Thomas Wailgum

Pundit

I.t. management | I've been listening to CIOs, reading about CIOs and hearing their problems for almost 12 years now. And I am sick and tired of having to listen to CIOs' alignment struggles: the seemingly insurmountable challenge of aligning their IT department's mission and priorities with their business’s mission and priorities.

This so-called predicament has been on our radar for decades. We've written ad nauseam about alignment challenges. In addition, my inbox receives a steady stream of survey results that detail the cumulative admonitions from CIOs regarding their alignment failings. According to a CA report, IT executives around the world are

seeking to do a better job of aligning IT investments with business goals, but only about half believe they are doing so. The report polled 300 CIOs and IT executives at companies with more than Rs 1,000 crore in annual revenues.

It gets worse: 74 percent of respondents believe that better prioritization of IT spending based on business needs is a critical IT management goal. Now, there are many ways you can interpret that data point, but to me it says: almost three-quarters of CIOs have yet to align basic IT spending with business priorities. It's a goal. In fact, the survey found that only 38 percent of

CIOs feel that they are effective or very effective in enabling IT to prioritize based on business needs. About half the respondents report their efforts are only somewhat effective, and for 13 percent of companies, the situation is much worse. Mind you, this survey was completed in 2007, not 1987.

From my perspective, alignment woes have become an all-too-convenient excuse for underperforming IT chiefs. The word is a crutch that CIOs use to cover up their fear of actually talking to, engaging with and fleshing out core business needs.

It allows CIOs to hide from actually solving those strategic business problems. And rather than making IT transparent — the

opposite of the unwieldy and unmanageable cost center that it is notoriously known as — CIOs seem to want to stay separate. Aloof.

By this point in IT's evolution it seems incredulous to me that CIOs wouldn't have realized the criticality of solving any potential business-IT disconnect, and then actually doing it. CIOs claim to know all about the alignment imperative.

Results from our 2008 State of the CIO survey, which polled more than 550 IT leaders, show that 100 percent of respondents say that aligning IT and business was their number-one priority. How can CIOs in good faith show their face

every morning at their jobs and collect that pay check when they haven't fulfilled the most fundamental responsibility of their job description?

Please don't whine to me about how the business side doesn't understand IT.

Just look at the insane rise of consumer technologies and applications, and the momentous effect it's already had on enterprise IT. Businesses love technology these days.

The problem is CIOs are either too obtuse in their dealings with their business peers or spend too much time in the air-conditioned server rooms. All business executives worth their salt want to get as much as they can

out of their IT investment. They know how critical IT is to the business.

I believe that one of the chief causes of alignment difficulties is self-inflicted on CIOs' part. In many conversations and interviews I've had with CIOs and other IT personnel, they always refer to the rest of the company as the ‘business’ and themselves as ‘IT’.

For that mindset to change, a revolution has to start at the top, with you, the CIO. Are you ready to do something about it? CIO

send feedback on this column to thomas_wailgum@

cio.com

Alignment woes have become an all-too-convenient excuse for underperforming IT chiefs.

essenTIAl technology

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 8 9 9VOl/3 | IssUe/04

ET-Pundit.indd 99 1/3/2008 1:20:18 PM

Personal Technology

B y N a N c y W e i l

Joining the Dots in 2008We’ve listened to analysts, vendors,

consultants and our geek friends talk

about IT in 2008, accepting some

forecasts and rejecting others. Here

are our predictions for 2008. Believe

us at your own peril.

Who's Hacking Whom?Who's Hacking Whom?A major international incident will erupt when Chinese hackers compromise the defense or security system (or

A major international incident will erupt when Chinese hackers compromise the defense or security system (or





both) of another government. Classified documents will be breached. Accusations will be traded. Relationships



will be tense and ugly for a time.will be tense and ugly for a time.

Network EvolutionNetwork Evolution

Mobile networks will not only

Mobile networks will not only

open up to outside handsets,

open up to outside handsets,

devices and applications, but

devices and applications, but

will increasingly offer Wi-Fi and

will increasingly offer Wi-Fi and

a plethora of location-based

services. Media content, search,

social networks, shopping and

a variety of services will all be

standard parts of the mobile

network experience. Result?

Networks "have to evolve in very

Networks "have to evolve in very

radical ways," says Jake Seid,

radical ways," says Jake Seid,

Lightspeed Venture Partners

Lightspeed Venture Partners

general partner, mobile. general partner, mobile.

A Linux YearA Linux Year

As Vista continues to limp toward wider adoption, Linux

As Vista continues to limp toward wider adoption, Linux

will make major inroads into the enterprise, as well as in

will make major inroads into the enterprise, as well as in

government IT. At the same time, the leaner OS will become

government IT. At the same time, the leaner OS will become

a more attractive option for home users and in consumer

a more attractive option for home users and in consumer

electronics, spurred by the Open Handset Alliance and the

electronics, spurred by the Open Handset Alliance and the

advent of Google's Android mobile platform. Jim Zemlin, the

advent of Google's Android mobile platform. Jim Zemlin, the

president of the Linux Foundation, sees 2008 as a "really

president of the Linux Foundation, sees 2008 as a "really

interesting, breakthrough year for Linux," and we think he's

interesting, breakthrough year for Linux," and we think he's

right about that. Expect assorted open-source applications to

right about that. Expect assorted open-source applications to

follow along.follow along.

Growing Pains Of Social Networking



Social networking will invade corporations by year's



end. Services akin to the Salesforce.com offering will



become standard in that market segment. Increasingly,



social-networking applications will seep into all manner of



companies. "It will be driven more by individual adoptions,"



predicts Konstantin Guericke, co-founder of LinkedIn and



CEO of Jaxtr. "We're social beings -- we like to see what our



peers are doing."peers are doing."

Blurred LinesBlurred Lines

Distinctions between consumer and corporate IT will



continue to blur. iPhone-buying employees will bring that



device into the enterprise in ever-growing numbers, forcing



IT departments to deal with it. Security and protection from



hackers, spam, phishers and the lot of cyber miscreants



will continue to pose a huge headache for network

will continue to pose a huge headache for network

administrators as home IT merges with corporate IT.



Virtualization Comes To The Desktop

Many prognosticators are gazing into their crystal balls and seeing virtualization on desktops.





While some analysts predict that will be a sort of Thin Client 2.0, Barry Eggers, Lightspeed general




partner, enterprise infrastructure, envisions something different. "Thin clients were about reducing



up-front capital costs. Desktop virtualization is about intelligently provisioning applications to




desktop users," he says.desktop users," he says.

He envisions a more successful model will find IT shops using desktop virtualization in




conjunction with virtualized servers. Early adopters are finding that users weren't so keen on




that model because the "user experience [is] much less satisfying than a full desktop," he




says, but that will start to change in the new year. How? And where will it lead? We'll leave that




to the 2009 predictions. to the 2009 predictions. to the 2009 predictions. to the 2009 predictions.

Vol/3 | ISSUE/041 0 0 J a n u a r y 1 , 2 0 0 8 | real cIo World

January 1 2008

Documents

Transcript of January 1 2008