at your service

Infrastructure 2.0 A step closer4

Best of Breed

Capacity,Reliability&QualityPage 44

no holds Barred

OnlineSecurityCiO’smajorconcern Page 10

a QUestIon of ansWers

ServiceAt Your

Enterprises are in a new era of computing where everything is now being offered as a service (EaaS) | Page 18

A 9.9 Media Publication

At

Yo

ur

Se

rv

ice

| cA

pA

cit

Y,re

liA

bil

itY

& Q

uA

lit

Y | S

tAN

DA

rD

De

viA

tio

NS

Volume 05 | Issue 08

December | 07 | 2009 | Rs.50Volume 05 | Issue 08

Technology for Growth and Governance

CT

o

fo

Ru

m

2 07 DECEmbEr 2009 thectoforum.comTHE cTo forum

editorialRahul Neel MaNi | [email protected]

1thectoforum.com 07 DECEmbEr 2009 cTo forum

New era of computing Technology will have a new meaning with services

as the most preferred option

Enterprises are ushering into a new era of computing; an

era where a sourcing-delivery hybrid is altering the concept of assets as we have known them. Everything is now being offered as a service (EaaS).

The obvious reasons are the recent widespread recession and technology advances. Are there other not-so-obvious reasons that are equally compelling? Is the future where we are going to see more infrastructure, application

How will these be offered? - Either from on-premises next-generation data centres, services abstracted from legacy systems, via outsourced IT operations or from a growing ecology of third-party cloud providers.

Like most other things that constantly aim to improve, cloud computing is also aiming to be more than just a small chunk of the business operations. Some of the renowned Internet com-panies are not just content in being a small part of the opera-tions. With their hardware capa-bilities, they could become the provider of the entire business processes. Internet giants such as Google, Microsoft and Sales-force.com have begun offering EaaS or Everything as a Service to business users.

EaaS offers a lot of benefits including decreasing dependency

development, applications, data, business intelligence, and IT management delivered as servic-es a desirable end-state? Should we collectively encourage this? Or is it given that the tech decision-making community must adopt/adapt itself to?

The answers are still evolv-ing. But given the pace at which change descends upon us, we must prepare ourselves with an understanding of what the ‘EaaS’ world will be. For example:

on the hardware. Even without any application stored in the desktop, online services could be extracted. Most of the cloud com-puting services could be accessed online through major browsers. There is no specific location required to deliver services. EaaS also improves tenancy.

But the question whether asset and hardware vendors will lose out if they don’t participate in the EaaS market is yet to be answered. We will probably run a poll soon to get the popular man-date on this.

In this issue, we offer a com-prehensive perspective on EaaS to help you evaluate what is good and what is not.

editors pick14

Infra 2.0: A Virtual AnalogyWe’ve seen where OS virtualisation is taking us. Let’s now see where network operations will go in the future.

2 07 DECEmbEr 2009 thectoforum.comcto forum

S e c t i o n n a m e S tory Na m e

3thectoforum.com 07 DECEmbEr 2009 cto forum

December 09Vo

lum

e 0

5 |

iSS

ue

08

ctoforum

co Nte Nt S thectoforum.com

co

Ve

r D

eSi

gn

: b

iNeS

h S

ree

Dh

ar

aN

Ph

oto

gr

aP

he

D:

Pho

toS.

co

m

coVer Story

18 | At Your Service. Smaller enterprises leveraging these on-demand services can compete with larger, well-established businesses using a fraction of the initial cash outlay

CopYright, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine interactive pvt Ltd. is prohibited. printed and published by Kanak ghosh for Nine Dot Nine interactive pvt Ltd, C/o K.p.t house, plot printed at Silverpoint press pvt. Ltd. ttC ind. Area, plot No. A-403, MiDC Mahape, Navi Mumbai 400709

column04 | I BelIeve:ActIon At the helm. The CIO justifys why IT is known as “Value Centre” and not “Cost Centre”By rajesh munjal

56 | vIew PoInt: the threAt wIthIn. The perils of telecommuting and enterprise securityBy simon heron

featureS14 | Best of Breed: InfrA 2.0: A vIrtuAl AnAlogy. After OS virtualisation, its now time for IT network optimisation.

a QueStion of anSwerS

10 | "Cios should understand that just having antivirus installed won’t help”. Yaron Dycian, head,products for identity protection and Verification, rSA

Volume 05 | Issue 08 | 07 DeCember 2009

managing Director: Dr Pramath raj sinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das mathur

Editorialeditor: rahul Neel mani

sr. Assistant editor: Gyana ranjan swainConsulting editor: shubhendu Parth

Principal Correspondent: Vinita Gupta sr. Correspondent: Jatinder singh

dEsignsr. Creative Director: Jayan K Narayanan

Art Director: binesh sreedharan Associate Art Director: Anil VK

manager Design: Chander shekhar sr. Visualisers: PC Anoop, santosh Kushwaha

sr. Designers: Tr Prasanth & Anil T Photographer: Jiten Gandhi

advisory PanElAjay Kumar Dhir, CIo, Jindal stainless

Anil Garg, CIo, DaburDavid briskman, CIo, ranbaxy

mani mulki, VP-Is, Godrej Industriesmanish Gupta, Director, enterprise solutions AmeA, PepsiCo

India Foods & beverages, PepsiCoraghu raman, Ceo, National Intelligence Grid, Govt. of India

s r mallela, Former CTo, AFlsantrupt misra, Director, Aditya birla Group

sushil Prakash, Country Head, emerging Technology-business Innovation Group,Tata Teleservices

Vijay sethi, VP-Is, Hero Honda Vishal salvi, Cso, HDFC bank

Deepak b Phatak, subharao m Nilekani Chair Professor and Head, KresIT, IIT - bombay

Vijay mehra, executive VP, Global Head-Industry Verticals, Patni.

salEs & MarkEtingVP sales & marketing: Naveen Chand singhNational manager online sales: Nitin Walia

National manager-events and special Projects: mahantesh Godi (09880436623)Product manager – rachit Kinger

Asst. brand manager: Arpita GanguliCo-ordinator-mIs & scheduling: Aatish mohite

bangalore & Chennai: Vinodh K (09740714817)Delhi: Pranav saran (09312685289)

Kolkata: Jayanta bhattacharya (09331829284)mumbai: sachin mhashilkar (09920348755)

Production & logisticssr. Gm. operations: shivshankar m Hiremath

Production executive: Vilas mhatrelogistics: mP singh, mohd. Ansari,

shashi shekhar singh

oFFicE addrEssNine Dot Nine Interactive Pvt ltd

C/o K.P.T House,Plot 41/13, sector-30,Vashi, Navi mumbai-400703 India

Printed and published by Kanak Ghosh forNine Dot Nine Interactive Pvt ltd

C/o K.P.T House, Plot 41/13, sector-30,Vashi, Navi mumbai-400703 India

editor: Anuradha Das mathurC/o K.P.T House, Plot 41/13, sector-30,

Vashi, Navi mumbai-400703 India

Printed at silverpoint Press Pvt. ltd.D 107,TTC Industrial Area,

Nerul.Navi mumbai 400 706

www.thectoforum.com

36 | next horI-zon: stAndArd devIAtIon. There can’t be two ways to standardised business practices in technologyBy andrew Baker

regulerS

01 | edItorIAl06 | enterPrIse

rounduP

advertisers’ index

IBM RGF

VERIZON IFC

TATA COMMUNICATION 5,23

CISCO 13

FUJITSU 17

TATA COMMUNICATION 31

SYBASE 33

SAS IBC

CANON BC

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

52 | hIde tIme: PrAtAP ghArge, vP&cIo, BAjAj electrIcAls. The life and time of the homely CIO of one of India's largest home ap-pliances companies

18

10

36 52


I BelIeve

currentchallenge

new business rules, expansion, new requirements

The auThor Is part of the core management team at Carzonrent and is

involved in all major business and technology decisions.

By Rajesh Munjal | head IT, Carzonrent

Action at the helmaction speaks louder than words. here is a practical specimen of this approach

We are in the personal ground transportation business and diversified into different micro-verticals like Chauffeurs, Self Driven Cars, Limou-sines, Airport and Radio Taxies. While from outside it looks simple but actually it is a dynamic, critical and complex business. A lot of effort and technology support goes in to provide an ‘on-time’ delivery.

Technology plays a critical role here. We operate in 13 cities through 50 offices. We have designed, developed and implemented many proprietary appli-cations which have helped us achieve improved productivity, reduced cost and better turnaround time.

Technology has always been the key differentiator in our business as we have implemented CRM for our car rental business and ‘Taxi Dispatch System’ and ‘Taxi Management Sys-tem’ for our Radio Taxi business which takes care of automated allocation of car. We have recently created a shared service centre driven solely by technol-ogy. All business applications need 24/7 availability. To ensure this we have built dual redundancy and have imple-mented the MPLS networks across major offices.

These initiatives are customer-focused. We work on improving customer experience. Customers can book services using various modes like phones, online, SMS, mails etc.

We face new challenges every day - be it new business rules, expansion or new requirements. As usual, every-thing is required as on yesterday. It is tough but not impossible. Any busi-ness problem which is resolved by IT motivates us. This is possible because IT is fully aligned with business. That is the reason the IT is known as “Value Centre” and not “Cost Centre”.

I am working on a company vision of “being a process-driven organi-sation”. We are incorporating and implementing all the necessary changes. This is a unique experi-ence wherein I get to know business insights which help me in under-standing the ground realities. This is challenging. At times you get trapped and there is no way to come out. But I believe there’s no fun without being challenged. For me, the only channel to survive and differentiate is action. One can only win through actions. That is what I am trying to do.


E ntE r pr i s E ro u n d - u p


Enterprise

Round-up

opinion inisde

“For your own good, protect your identity”

pg 09

year on year was the growth rate for ex-ternal disk storage market in india in 2008

Research and Markets has announced the ad-dition of WinterGreen Research's new report “Worldwide Cloud Computing Market op-portunities and segment Forecasts 2009 to 2015” to its offerings. The report highlights include: Worldwide cloud computing mar-kets are poised to achieve growth.

Vietnam number one source of spam for November 09. india follows closely with sevent percent a New zealaNd national has been ordered to pay

$15.5 million in fines due to his participation in an international spam network.

Vietnam has become the number one source of spam – being responsible for more than 10 per cent of the world’s spam emails – and the UK has entered the virus production charts, being respon-sible for 2.79 per cent of the world’s viruses. (Bra-zil, the US and Korea still dominate when it comes to virus production.)

As we have said before, it is incredibly important that there is effective international policing and

enforcement when it comes to cybercrime. Yes, it’s good news that governments are willing to levy such massive fines against perpetrators, but what is the use of such a fine if it the offender can simply choose not to pay it?

Although we have developed strong measures to track and trace production, there needs to be a sub-stantial international effort from the authorities to educate the end user and co-operate over the policing and enforcement of malware production.

—News courtesy: http://blog.network-box.co.uk/

19%daTa BRieFinG

QuiCk ByTe Cloud CoMpuTinG

Us navy successfully tests Cloud-based iaas. The commit-ment of cloud will get more winslast moNth as part of the US Navy’s annual Trident Warrior exercise, Dataline, LLC successfully demonstrated, that a standard shipboard communications infra-structure could be used to manage a commercial cloud infrastructure-as-a-service (IaaS) platform. Presented during the fall Trident Warrior’10 (TW’10) lab period, Dataline’s Secure cloud computing experiment used a simulated shipboard infra-structure to demonstrate secure access to selected collaboration and Geospatial Information Service (GIS) applications.

The purpose was to validate the ability of a IaaS platform to support Department of the Navy (DON) requirements for global connectivity, server failover and application access. For this portion of the exercise, Dataline used the Amazon EC2 IaaS platform. The experiment also used SecureParser as part of the Unisys Stealth architecture to provide ‘data-in-motion’ security. Applications used included Oracle Beehive, ERDAS Apollo and the Joint Forces Command (JFCOM) developed Transverse collaboration suite.

The increased IT efficiency delivered through cloud computing would also enhance mission accomplishment by making more resources available for investment into naval mission platforms (ships and planes). — Kevin L. Jackson

they said it

larry ellison Ceo and Co-foUnder, oraCle

The chief executive of Oracle at the Churchill Club sat down with former Motorola CEO Ed Zander for a fire-side chat about the future of the company he co-found-ed, the pending acquisition of Sun and the implications thereof, and the state of the economy in general.Most amusing however, was his ranting on cloud com-puting, captured on video by TechPulse360.

—Source www.researchandmarkets.com

“Cloud Computing is a nonsense and water vapour. Cloud is not the future; it is the present and the entire past of computing.”

PH

OT

Os

BY

PH

OT

Os

.CO

M

E nt E r pr i s E ro u n d - u p


E ntE r pr i s E ro u n d - u p


infosys launches flypp mobile app enables operators deliver next gen experience

threat management

Google Phone Comes Real. employees confirm the company will release its own cell phone in 2010.RumouRs have been doing rounds for over

a year that Google would release its branded mobile phone. But the company officials, until now, repeatedly denied the gossip, emphasiz-ing its concentration on Android as a mobile operating system that it licenses to existing cell-phone makers. Recent report in New York Times suggests that Google employees have

received a Google-designed handset to test. An official Google blog entry, calls the handset a "mobile lab" that company employees are using "to experiment with new mobile fea-tures and capabilities." Google has not com-mented beyond this.

The touch-screen smart phone is made by HTC--maker of most commercially available

Gartner's Magic Quadrant for Business Intelligence platforms presents a view of the main software vendors that should be considered by organisations seeking to develop (BI) applications.

iNfosys has announced

the launch of ‘Flypp’ - an

application platform which

will empower mobile service

providers to delight digital

consumers through a host

of ready-to-use experiential

Android handsets--to hardware and software specifications set by Google. Reports claim that the company plans to sell the new phone directly to con-sumers over the Internet.Several reports say the phones being given to employees are unlocked, meaning they are not tied to a par-ticular wireless carrier. It is not clear if Google would sell unlocked phones directly to consumers. A Google employee said the phone was made by the Taiwanese company HTC and runs a new version of Android.

applications across the uni-

verse of devices.

Worldwide, the mobile

applications market is rap-

idly evolving and emerging

markets including India are

a hot bed of opportunity and

innovation. The emerging

digital consumer is driven

by convenience, choice and

instant gratification.

Flypp is a “Ready to Launch”

Application platform for

mobile operators. This

“operator centric” platform

enables mobile operators to

offer a bouquet of applica-

tions, including third party

ones to its subscribers with a

rich and engaging customer

experience. The platform

can be easily integrated into

operator’s current technol-

ogy environment and can

also plug-and-play with their

existing on-deck applications.

It provides independent

software vendors (IsVs) a

viable and attractive channel

to showcase and monetize

their proprietary applica-

tions across multiple geog-

raphies and service pro-

viders. The platform also

includes an Application

Toolbox to test and certify

the satisfactory operation of

applications on service pro-

vider environments.

oN decembeR 13 during the United Nations 15th Climate Change Conference (COP15), the European Environmental Agency (EEA) unveiled two new Microsoft-powered applications: the Environmental Atlas of Europe - a digital platform for educating citizens about climate change; and Bend the Trend - an online global program that helps people make pledges to reduce their carbon emissions.

Paul Lloyd Robson, Microsoft’s Environmental Sustainability lead for the Nordic region, said the two applications are perfect examples of a key message Microsoft is delivering at the conference – that the powerful combination of envi-ronmental data and technology can educate, inform and empower people to address climate change.

“The governments of the world realize they can’t do it all alone,” Robson said. “They need industry

and NGOs (non-governmental organizations) and their citizens supporting them because we’re fac-ing such a momentous challenge.”

Microsoft has sent a delegation of issue and technology experts to support COP15, Robson said. That group is participating in a series of briefings, events and partnerships to showcase the power of informa-tion technology to help address the daunting global energy and climate challenges the world faces. (News from Microsoft PressPass).

In an announcement about the atlas, Microsoft Chief Environ-mental Strategist Rob Bernard emphasized how storytelling can help raise environmental aware-ness. “The atlas stories, told by eyewitnesses across Europe, can help people understand how our world is changing as a result of climate change and – through examples of positive actions taken by governments, communities and people – inspire them to take action and make a difference,” he said. “Our contribution to the proj-ect is to help spread the message through technology.”

The atlas application is also built on top of Windows Azure, with Bing Maps and Microsoft Silver-light providing the interface, said Bing Maps Technology Specialist Johannes Kebeck.

microsoft’s Climate Change tools. Releasing technology that helps people manage their envi-ronmental impact.

GloBal TRaCkeR

FaCT TiCkeR

Gartner Bi Magic QuadrantLeadersChaLLengers

Visionaries

Completeness of visionas of January 2009

niChe pLayers

abi

lity

to e

xecu

te oracle

sas

iBM (Cognos)

Microsoftsap (Business objects)information Builders

MicrostrategyQlik Tech

arcplan actuate

Tibco spotfireBoard international

panorama software

Security professionals intuitively

think proactively.

Our job is to predict and prevent

what the bad guy will do next.

My job specifically is to instil this

mindset into the consumer - sMB

or large enterprises.

Sage advice: Businesses are famil-

iar with the PCI security standards

Council’s requirements, yet card

fraud incidents go undiscovered.

Verizon’s 2009 Data Breach Inves-

tigations Report says 75% of com-

promises were discovered weeks

after the compromise. Data securi-

ty is not all about prevention; it also

requires detection and monitoring.

In the event of a breach or card

fraud, proper monitoring can

detect and eliminate additional

fraud quickly.

Consider the following tips:

1. Ensure your organisation keeps

timely and accurate records of

what has taken place within the

cardholder data environment to

protect it in event of data compro-

mise and resulting investigation.

2. Monitoring also can include

physical surveillance.

3. You simply cannot afford to

overlook monitoring as a primary

detector of card fraud and the trig-

ger to eliminating ongoing crimi-

nal activity.

And my advice: For your own

good, protect your identity.

—By Robert Siciliano

This article is reproduced

in arrangement with www.

information-technology-

resources.com.

PH

OT

Os

BY

PH

OT

Os

.CO

M


A Q u e s t i o n o f An swe rs Ya ro n DYci a n


Ya ro n DYci a n A Q u e s t i o n o f An swe rs

Yaron Dycian, the Head of Products for Identity Protection and Verification at RSA spoke to Vinita Gupta about online threats, security challenges and the steps a CIO should take to reduce security risks. Here are the excerpts:

Online security: Yaron Dycian, the Head of Products for Identity Protection and Verification at RSA talks about online threats, security challenges and the steps the CIO should take to reduce security risks

What are the security chal lenges the CIOs

face today?Online crime is constantly evolv-ing, and fraudsters do not spare any organisation or person in their attempt to perpetrate fraud. Online criminals work day and night to steal identities, online credentials, credit card information or any other information that they can efficient-ly monetise. They target organisa-tions across all sectors, as well as any person who uses the internet at work or at home; mobile devices that enter the organisation’s fire-

wall during the day may be infected by malware at night and then brought back into the enterprise the next day. Organisations should realise that they are exposed to this risk and begin to work towards tak-ing protective measures.

What are the key drivers fuel-ing the growth of information

security in India?In India, security adoption is at various stages of maturity. There are organisations which are still looking at anti-viruses and firewalls as their primary guards for the information

security infrastructure, while oth-ers - especially the larger enterprises - are more mature in their approach. They have well-groomed informa-tion and network security policies and infrastructure in place to help enhance their business productiv-ity. For instance, the banks wants more customers to use their online banking service, as it helps them in reducing cost. But this can only be possible when the banks assure the customers that they have good secu-rity solutions in place to protect the transactions from online frauds. The key drivers for the security

YarOn DYcian | RSA

“Online securityis a major concern for the ciOs”

PH

OT

Os

BY

JiT

en

Ga

nd

Hi


A Q u e s t i o n o f An swe rs Ya ro n DYci a n


Ya ro n DYci a n A Q u e s t i o n o f An swe rs

market growth are – increasing use of internet for ecommerce and online transactions, growing num-ber and sophistication of threats, compliance to Indian as well as global regulations. Several Indian companies are now gearing up to compete with their global counter-parts and that is another big boost to the market here.

What are the basic steps that the enterprise user organisa-

tions should follow to reduce the security risks?Since more organisations seek to migrate customers, members and partners from offline to the cost-effective online channel, the need to instill confidence and imple-ment stronger security measures becomes critical for CIOs of all organisations irrespective of the industries which they belong. In addition, online threats such as phishing, pharming, trojans etc. are constantly evolving and CIOs should understand that just having antivirus installed in their environ-ments won’t help as it’s just the basic necessacity to prevent from risks. The key things to consider are: a multi-layered approach that combines both risk detection with threat mitigation; adaptability of the solution to mitigate rapidly changing threats; and a smart balance between security and util-ity to provide maximum security without hampering productivity or creating unnecessary costs.

Should the IT organisations follow the old world security

approach or should they also explore the linkage between tradi-tional security and business risk?As online threats become more technologically advanced, a basic authentication solution is simply not enough to combat online frauds. Fraudsters have become very adept at stealing authentication creden-tials, and recent research indicates that critical access credentials for

How does RSA detect the online threats and how do you

help the users know about them?RSA incorporates three key ele-ments to effectively fight fraud: intelligent software tools that rapidly adapt to changing threats; in-depth knowledge of the threats through extensive intelligence col-lection; and facilitation of coopera-tion between organisations.The RSA Anti-Fraud Command Centre is a 24x7 war room that helps organisations detect, block, moni-tor, track and shut down phishing, pharming and trojan attacks across more than 140 countries. Protecting more than 300 organisations against online attacks, the RSA Anti-Fraud Command Center has shut down more than 2,40,000 phishing attacks to date and is a key industry source for intelligence on new and emerg-ing online threats.

—[email protected]

practically all fortune 500 companies are available to fraudsters who can further use it to penetrate into mis-sion-critical applications and cause unprecedented damages.It’s therefore very important for the organisations to verify intelligently whether the credentials used to access an application is a genuine one. Intelligent solutions will have to combine multiple methods to achieve this. For example, check for behavioural abnormalities such as access from an unknown location. Two-factor authentication is an important security enhancements, with out-of-band authentication via phone or SMS being an important defense layer against Trojan horses who may be controlling infected users’ computers.Also information sharing through industry-wide forums and cross industry collaboration within specific sectors is an important element of threat and fraud prevention.

intelligent solutions will

have to combine

multiple methods.

Organisations

should realise

that they are

exposed to this

risk and begin

to work towards

taking protective

measures.

The key drivers

for the security

market growth

are – increasing

use of internet

for ecommerce

and online

transactions.

tHIngS I BelIeVe In

“recent research indicates that critical access credentials for practically all fortune 500 companies are available to fraudsters”


B e s t o f Br e e d I n fr a s t ru c t u re 2 . 0


I n fr a s t ru c t u re 2 . 0 B e s t o f Br e e d

Best of

Breed Ken Oestreich is VP of Product Marketking with Egenera.

ABOUT AUTHOR

Is OS virtualisation an end in itself? Is it both necessary and sufficient for all things Cloud and IaaS? Is it the panacea IT Operations has been looking for? From where I see it, abstracting the OS

is certainly a great start, but it’s actually only 50 percent of the goal.

To a degree, OS virtualisation is a ‘shiny metal object’ captivating everyone’s attention. It is of

course very valuable, and is causing an impor-tant inflection point in datacentre operations and economics. But there is a less-visible, less sexy side to data-centre that lies below the CPU in the stack – it’s the I/O, network, network devices and address space. And this represents the other 50 percent of the transition to more agile and effi-cient IT.

The value of OS vir-tualisation is in its ability to abstract the OS so that higher-level services are possible – workload con-solidation, portability, migration, failover, scaling, etc. But viewing this purely from an above-the-CPU, software-centric perspective is myopic. Lots of other things need manipulation in a production datacen-tre. For example, when a server (or service) gets moved, I/O and addressing needs to change; security policy (and/or devices) need to follow the application; switch/router ports may change; load balancing and other IP devices need to be reconfigured. While OS virtualisation simplifies application workload man-

Infra 2.0: A Virtual Analogy

agement, it certainly doesn’t address these network-centric and QoS-centric issues.This whole idea was neatly encapsulated recently in a blog by VMware’s Mark Thiele: “When you can log into a console and use your mouse pointer to drag a server into a network or resource pool and have the appro-priate network security and routing policies applied, you’ll be getting close to IT nirvana”

And that’s the first big takeaway for what a more dynamic infrastructure (“Infrastructure 2.0”) will bring: The same level of agility, con-trol, security and efficiency to the network that OS virtualisation brings to the workload.

Unfortunately, the networking half of the dynamic IT story is still sadly lacking in maturity, as evidenced by the many static network diagrams I see pinned to walls, and by the many manually-administered IP addresses and DNS spreadsheets sitting in managers’ offices. This dynamic network infrastructure is what marketers call a “Latent Want”. It’s a need that’s unfulfilled, but also largely unrecognised.

How’d we get into this mess?The statically-defined address/naming

space and networking topologies arose mostly as a function of the evolution of the CPU itself, and how datacentre networking, storage and security components evolved around it. Briefly, server technology slowly became laden peripherals like I/O cards with static state such as addresses and WW names; once these servers were cemented in the datacentre, the network and its devic-es had to be similarly statically configured.

Fortunately, there are a number of products that keep coming to market and beginning

to bring virtualisation/abstraction to the I/O and networking world as well. Also with the advent of unified computing concepts, virtual I/O, and converged networking, some of these tight I/O and network bonds are just now being broken. In an excellent Illuminata summary of the burgeoning abstraction of the network, Gordon Haff observes how more dynamic infrastructure is also helping: “I/O virtualisation brings these principles to the edge of the network. Its general goal is to eliminate the inflexible physical association between specific network interface control-lers (NICs) and host bus adapters (HBAs) and specific servers.”

The next step will be to extend these dynamic principles from VMs and I/O, now to the network.

Where we need to focus attentionWayne Gretzky once famously said he "skates to where the puck is going, not to where it is." We’ve seen where OS virtualisation is taking us. But let’s now anticipate where IT network operations will go in the future.

Let’s begin again with an OS virtualisa-tion analogy: Take VMware’s DRS – which orchestrates the creation, scaling and migration of VMs dynamically as demand changes. It’s a great illustration of workload management adapting to demand and to utilisation. Similarly, we’d expect infrastruc-ture to have similar dynamic properties - I/O, network switching, balancing, security and even inter-datacentre connectivity which would need to have the same level of fluidity.

Think we’re there now? Think again. Here are some examples that just don’t have generalised solutions yet – (whether in the physical or virtual server world):Local server repurposing: A server farm sits behind a firewall; each server has a specific I/O configuration, and needs access to a load balancer to handle spikes in traffic. Problem: if a server in this group should fail – or should more servers need to be added – only servers in that physical cluster (which have been configured with specific I/O) can be swapped-in. No one else has an access to the firewall or load balancer.

Virtual server migration to a new datacen-tre: Say you have a VM on a specific VLAN behind a specific firewall. And you want to live-migrate that server to a remote datacen-

We’ve seen where OS virtualisation is taking us. Let’s now see where network operations will go in the future. By Ken Oestreich

While OS vir-tualisation simplifies application workload, it doesn’t ad-dress net-work-centric and QoS-cen-tric issues

When you can log into a console and use your mouse pointer to drag a server into a net-work or resource pool and have the appropriate network security and rout-ing policies applied, you’ll be getting close to IT nirvana

PH

OT

O B

Y P

HO

TO

S.C

OM

App App App

O/s O/s O/s

Virtual containers

Physical Processing

i/O and Local network

Backbone switching, routing, balancing

remote Data centers

nic nic hBA

cOnVentiOnAL WOrKing AssumPtiOn:Agility & dynamics are based at the software layer, usually using VMs

inDustry's reALizAtiOn:The physical layer must be agile, flexible, & adaptive as well

Source: Ken Oestreich


B e s t o f Br e e d I n fr a s t ru c t u re 2 . 0

tre. Good luck with that – the firewall prob-ably won’t be available, nor may the address-ing be available (or portable) and neither may be the VLAN. Environment failover: Now, say you have a complete server environment whose topology includes both physical and virtual servers, switches, load balancers, firewalls and VLANs. Now say you need to recreate this environ-ment elsewhere due to a disaster. Your best hope is a team that can identically reconfigure this topology fast. But today, your options are limited in being able to accomplish this in SW.Just a reminder here: OS virtualisation is not the answer to any of the cases above. Rather, what we ideally want to solve is a dynamically-reconfigurable infrastructure – one where net-work components are able to be created and implemented on-demand. (This is not unlike Lori MacVittie’s recent observation of AWS’ dynamic load balancing and scaling, where in effect, load balancers can be defined and instantiated in software.)

the completed analogy: the next step for the datacentreThe punch-line here is that there needs to be analogous “2.0” functions embedded in the network/infrastructure to what we already are familiar with in the software realm. Take for example:

Infrastructure abstraction – allows for logi-cal provisioning of I/O, networks, network devices, storage connectivity and network devices in software; analogous to the cre-ation and placement of virtual workloads in the software spaceInfrastructure consolidation – by defining I/O in software, and by using converged networking, this greatly simplifies utilisation and configuration of the physical infrastruc-ture; analogous to logical consolidation of VMs and their workloadsDynamic networking – networks, multi-pathing and addressing that adapts to sizes and locations of workloads, as well as adapting to failures and bottlenecks. Roughly analogous to high availability and wide-area migration services that are deliv-ered in virtual OS environments. Logically-defined load balancing and secu-rity policies – where IP load balancing, fire-walls, etc. can be invoked for any processor in any location, and where IP loads can be distributed locally (or globally) on-demand; roughly analogous to virtual scale-out ser-vices and grids. Dynamic QoS management - allows for optimal use of network capital, and (hope-fully) best infrastructure efficiency; this is analogous to dynamically managing CPU utilisation in the software world.

rise from the dustWhile this idealised picture is only a future, there are certainly companies and products beginning to chip-away at the market. But

point-products (non-systems solutions) are never the entire answer. Rather, it’s high-time for the industry to begin to think about an approach to address this space. Like most industry maturity models, I would expect to see something like the following evolve over the next few years:1.Point-products: That address specific issues e.g. I/O virtualisation, converged network techs, software-based network mgmt appliances2.Industry awareness: For example, devel-oping what the ‘infrastructure 2.0’ working group is proposing3.Common communications: APIs and protocols to allow interoperation of the infrastructure components and their logi-cal configuration4.Standards-based innovation: e.g. the DMTF or similar standards organisation take on this set of issues for broader adoption5.Automation: A broader set of tools get devel-oped to orchestrate the infrastructure similar to what we’re seeing in the VM spaceAnd finally: technology is only part of this story. But there is also the fact that any form of auto-mation will massively impact IT operations, and therefore will botch up against organisational structure, jobs, roles and people. So the sooner we recognise both the benefits and organisa-tional impacts, the sooner we’ll be prepared to gladly absorb the changes this approach to infra-structure management will cause. —Ken Oestreich is VP of Product Marketking

with Egenera, a frequent blogger as Fountain-

head, and can also be found quipping on Twitter.

I/o virtualisation brings these principles to the edge of the network. Its general goal is to eliminate the inflexible physical association between specific network interface controllers (NICs) and host bus adapters (HBAs) and specific servers

infrAstructure cOmPLementing Os VirtuALisAtiOn

Source: Ken Oestreich

server Virtualisation "infrastructure 2.0"Logically abstracts software Logically abstracts infrastructure

Permits software agility Permits I/O, network & storage agility

Logical CPU provisioning Logical infrastructure provisioning

Allows for software portability Allows for device address portability

Consolidates virtual servers Consolidates I/O & networking

Utilization management Qos/Network management

Workload automation Mesh & Network automation

Server High Availability Network Dynamic Multipathing

Server Live Migration Network Dynamic Addressing

Scale-out services Dynamic/Elastic load balancing

e ve ry t h i n g a s a s e rv i ce cove r s tory




A rich businessmAn of Delhi whom I met incidentally, had neither a house nor a car. What he possessed as his personal belongings included just some plastic money and a mobile phone. And for the rest he depended on the hotel, where he lived in. But to my utter surprise he could convince me why he is smarter than the rest. “Instead of investing so much in buying a house, car, domestic appliances, food etc. over the years, why can’t I go to the hotel and use their services,” he asked. “Do your calculations for buying those stuff and then use it or just use the services provided by the hotel and that too world class facility without hassles—which turns out to be more expensive?” he questioned while adding that he prefers to get everything as service. He said this nine years back, and that was when I had heard of the term called ‘everything as a service’.

Smaller enterprises leveraging these on-demand services can compete with larger, well-established businesses using a frAction of the initiAlcAsh outlAy. By Gyana Ranjan Swain

At YourService

CASE STUDIES24 | Delhi Freight Carriers26 | Janalakshmi Bank

FEATURES28 | Everything will be Fine

OPINION30 | SaaS and the need for

Enterprise ArchitectureIMA

GIN

G:

BIN

es

h s

re

ed

hA

rA

N

Ph

OT

O B

Y P

hO

TO

s.C

OM

cove r s tory e ve ry t h i n g a s a s e rv i ce




software services deployment and a Springboard Research says the mar-ket for SaaS in India is expected to touch US$ 165 million by 2010.

Small, medium and large busi-nesses alike are realising the busi-ness benefits of SaaS and are actively considering SaaS deployment. According to Gartner, SaaS repre-sented approximately 5 percent of business software revenue in 2005 and, by 2011, it is estimated that 25 percent of new business software will be delivered as SaaS. While this is a huge opportunity for hardware business, the ripple effect of this massive opportunity would also encompass software. It is important here for us to consider how SaaS influences the economics of this seg-ment. The ‘pay-as-you-use-model’ enables the small businesses to pay less upfront compared to the tradi-tional license sale. As a result, there is a natural bias and built-in appeal for smaller businesses to consider and quickly deploy SaaS. A McKin-sey report says that the proportion of CIOs considering adoption SaaS applications in the coming year has gone from 38 percent a year to 61 percent and by 2010, at least 65 per-cent of businesses will have deployed at least one SaaS application

Need for attitudinal changeFor any large enterprise, transition is a major decision which involves immense procedures, cross check-ing, segment wise applicability etc.

And now, that’s going to happen in the information technology arena. The technology industry is witness-ing a paradigm shift. The new wave is set to be driven by a new method of computing. Replacing the old way of installing hardware and packaged software applications, people and businesses would use the virtual hardware and applications, just by using their web browsers. And these applications would lie in the ‘cloud’. Business houses would not be both-ered about anything other than their

core competency. They want every-thing on demand, from hardware to software, from security to services and they would just pay for this, as per their use.

SaaS was the beginningCouple of years back the buzz word in the business town was Software as a Service (SaaS), which is a model for making software applications available on-demand over the Inter-net. Enterprises who did not wish to develop their own application asked IT vendors like Microsoft, IBM and HP for some specific applications. These applications were not meant to be installed on user’s machines; rather enterprises accessed these applications over the Internet.

But SasS was the beginning. The industry is now moving towards a different era where everything will be delivered to the customer as a service, and it can be catered as per the need. In ‘Everything as a Service’ or “EaaS’ individuals and businesses will have full control to customise their computing environments and to shape the experiences they want to have. This applies to enterprises as well as individual consumers, look-ing to personalise a variety of cloud services based on their lifestyle and requirement, which will increasingly turn to dynamic cloud-based offer-ings to meet their most demanding computing requirements.

“It’s just like you use electricity in your home. You are not bothered

deployment platform. This new approach, unlocks the Web's full potential by using a native platform to create and deliver applications in the same environment in which they're meant to be used.IaaS: IaaS is at the lowest layer and is a means to deliver basic storage and compute capabilities as stan-dardised services over the network. Servers, storage systems, switches, routers, and other systems are pooled (through virtualization technology, for example) to handle specific types of workloads — from batch process-ing to server/storage augmentation during peak loads. The finest exam-ple of IaaS is Amazon’s EC2 (Elastic Compute Cloud) services. The basic components include Virtualised serv-ers and their resources like CPU, Memory, and Disk space and these are dynamically allocated and scaled based on requirement..CaaS: Communication as a Service is a generic term for several com-munication related services VoIP, remote automated call distribu-tion (ACD), hosted Private Branch Exchange (PBX) etc. however, this service is at a nascent stage. Skype is a good example of an inexpen-sive, high end CaaS service.

Opportunities galoreIndia is one of the most progres-sive economies with respect to the adoption of cloud computing and hosted services. Analysts predict that by 2010, India will be the leading market of the Asia Pacific region in

“A vital aspect of SaaS is how the vendors are keeping their data secure and ensuring that security is not compromised.” Laxmi NarayaN rao, Marketing Director,Global Channel Programmes, Jamcracker.

As cloud computing grows along with services newer options

are now available for IT intensive shops. Organisations with a

large IT staff may build their software based on a customised version

for its specific needs. This may be especially true if they are already

using a component of software from Force.com, Zoho, Netsuite,

Amazon etc. Before building your own erM, see to it that the fol-

lowing issues are addressed.

What happens if the expert builds the application and leaves? Is

there a strategy to continue use of the application and how?

Will software applications developments and ITIL methodologies

be implemented and followed? Is there any reference to source

code or documentation?

how does a network administrator manage multiple applications

that reside in the cloud and in-house?

how is data managed if enterprise search is an initiative?

how intricate is the integration between applications?

does this help or destroy the content management

While we think building on a platform is a good ,all aspects should

be considered when undertaking this strategy.

— Dylan Persaud, MD,Eval-Source, Canada

PaaS ProvideS thebAse for GrowinG biz

38%CIOs consider SaaS deployment in 2007—McKinsey

about who is generating the power or who is laying the cable to your home. What you are bothered is how much you use and how much you pay,” says Santanu Ghose, Country Head, Infrastructure Software and Blades, Enterprise Business, HP India.

The eaaS ecosystemThe EaaS model can be defined as the realisation of Internet-based development and use of computing technology delivered by an ecosys-tem of providers. SaaS is the oldest among the services under the ‘Every-thing as a Service’ umbrella. How-ever, the other such localised services are Platform as a Service, Infrastruc-ture as a Service and Communication as a Service.SaaS: SaaS is at the highest layer and features a complete application offered as a service, on demand, via multi-tenancy — meaning a single instance of the software runs on the SaaS vendor’s infrastructure and serves multiple client organisations. PaaS: Platform as a Service is the newest entry to the service bouquet. It is at the mid layer and enables a development environment abstrac-tion. Vendors like Salesforce.com offers PaaS which comprises a whole range of other services including user interface, logic, inte-gration, and database as services. PaaS helps organisations bypass problems of inadequate and dated technology issues - by moving the entire Web application lifecycle to an online unified development and

In such a scenario, it becomes chal-lenging to adopt the changes and start running with it immediately. Amongst concerns such as data control, management and acces-sibility, security is also one such prime reason which holds back large enterprises from taking the cloud decision. Indeed, the cloud has brought a paradigm shift in the

5%business software revenue

was from SaaS in 2005—Gartner

37.6%was the growth of CaaS

market in 2007—IDC

65%of businesses would be deploying SaaS by 2010—McKinsey




vault. Some Data recovery vendors secure data by replicating it among multiple hard disk-based pools of storage while others have ‘mirror databases’ at multiple locations often on different continents.

It is absolutely important and a client’s right to seek information from their SaaS vendor. Any good SaaS vendor should take appropriate measures to secure their servers and be able to thoroughly outline this process

for each client when asked for.

reaping benefitsPrecisely, after cost effective-ness, the greatest advantage of this model is that it creates a level playing field on which small companies can compete with the larger ones. Smaller enterprises leveraging these on-demand services can compete with larger, well-established businesses using a fraction of the initial cash outlay ordinarily required to purchase hardware, software, and to hire the expe-rienced personnel to setup and maintain those services. The on-demand model works well because it is based on subscrip-tion and usage. Customers pay per use. If you use the service for 2 hours a day, you need to pay only for 2 hours of usage. Everything as a Service is a good idea and not just in theory — EaaS can help your business go toe-to-toe with the big guys with very little up-front cash and minimal investment in time to get started.


way the service is delivered. This has brought about a set of challenges of quality assurance and service levels. The standards are evolving rapidly and customers are becoming more aware of their privileges. In short, the cloud is a new paradigm not only for the way it delivers services, but also from a business transaction perspec-tive. Indian enterprises have been

warming up the idea of a EaaS. The interest level is currently on the cusp between awareness and consider-ation. While nearly all enterprises are aware of the concept, over 50 percent are actively considering deployment in the 12-18 month time-frame.

On the international front, devel-oped markets such as US, Europe, Australia, Japan have all adopted the EaaS trend. The markets are abuzz with SaaS growth bucking the recessionary trend and going on to record healthy double digit growth. “I would say that the EaaS trend is moving from Mainstream adoption to Ubiquitous adoption rapidly,” says Laxmi Narayan Rao, Marketing Director, Global Channel Programs of Jamcracker.

The promises that the EaaS model has and the rate of adoption among enterprises and SMBs alike, most analysts have concurred that EaaS is a technology disruptor and is here for the long haul.

role of governanceThough SaaS, as a trend has been hovering around the Indian business space for few years now, the role of governance has not been defined properly. And for an industry to behave maturely a certain kind of regulation or industry defined frame-work is needed. “Governance plays a major role in the emerging technol-ogy trend,” says Rao. Government regulations and standards play an important role in assessing the value of cloud services for enterprises

“We realise that absolutely and for that very reason our operational com-pliance team works across operation, product, and service delivery teams and with internal and external audi-tors to ensure Microsoft is in compli-ance with relevant standards and regulatory obligations,” says Vikas Arora, Group Director-Enterprise Services Division, Microsoft India

However, there is spirited debate about defining this movement, but at the core this business is where vendors host applications and make them available to customers over a network. While unarguably, the benefits to customers include ease of use, scalability, speed to deploy, reduction in overheads or manage-ment and pay-per-use advantage, there are several concerns around service levels, data security, data access, compliance, IP ownership etc. Customers would be careful in evaluating and partnering with the right cloud computing vendors. Cloud computing and SAAS models increase the complexity of securing data. “Because customers put their key data in a virtual world, they need to be doubly sure of their vendor,” says Salesforce.com APAC market-ing Vice President Jeremy Cooper.

As more and more companies embrace cloud computing for their IT business needs, the question arises as to how secure is the data that in some cases may reside on another continent.

A vital aspect of SaaS services is how the SaaS vendors are keeping

$165 mnexpected Indian SaaS

market size by 2010—Springboard Research

30%is expected growth of SaaS by 2011—IDC

$15.2 bnthe size of the global PaaS

market by2017—Forrester

their data secure and ensuring that security is not compromised. “A good vendor will have multiple, mirrored data centers, which means that client data is backed up in multiple loca-tions and is always available,” adds Rao.

There are various ways to secure client data. While some vendors store data encrypted on a collection of disk arrays, a few vendors use the traditional approach of a ‘secure vault’, with the data being locked up safely in a large

“It’s just like you use electricity. You are not bothered about who is generating or who is laying the cable. It's about how much you use And pAy” SaNtaNu GhoSe, Country Head, Infrastructure Software and Blades, HP India

“Our operational compliance team works across operation, product, and service delivery teams to ensure we comply with relevAnt stAndArds”vikaS arora, Group Director, Enterprise Services Division, Microsoft India.





Delhi Freight Carriers (DFC), which doesn’t even have its own website, is a classic example of the cloud pen-etration in Indian business. DFC is a Bangalore-based mid-sized trans-portation having operations across the country. It is spread over 40 loca-tions and use over 200 trucks carting essential cargo such as Oil.

Transportation woesManaging the data of a transport company having over 200 carriers

is really a tough task if you are not using the power of IT. DFC faced challenges of a typical transport company—delay in data recep-tion, trouble in vehicle tracking and most importantly, revenue leakage. With all possibilities of using manual techniques, it failed to justify the calculated revenue and the actual revenue. Also, there was drop of nearly 30 percent in capacity utilisation. The company was using basic computing applica-tions like Microsoft Excel and other manual documents which were piling up gradually. Business Intel-ligence (BI) was out of the question for DFC.

The company wanted a solution that could provide truck movement, cargo monitoring and collaboration capabilities between supervisors located in different customer plants, responsible for difference trucks and customer accounts. Also, a systemat-ic alerting mechanism was required to generate different vehicle related payment alerts to avoid payment pen-alty on the company. Other require-ments included keeping track for all vehicle. On top of it, the system had to be simple enough to be used by its non IT savvy workforce.

The solutionIn order to get rid of these prob-lems and to increase customer sat-isfaction, DFC decided to automate the entire fleet movement, back office reporting and tracking func-tions. The company decided to go for Jamcracker - a Bangalore-based cloud solutions integrator. Jam-cracker in turn got the solutions developed from Wolf Frameworks using on demand ‘Platform-as-a-Service’ (PaaS). PaaS was used for developing and deploying DFC’s multi-user, cloud-based fleet man-agement SaaS business application.

Fleet Management Systems help to manage a fleet of vehicle by gaining control of travel records and time. They eliminate the time-consuming task of manually com-

pleting mileage logs, trying to track down missing data or verify hand-written information.

Jamcracker along with Wolf team helped DFC to develop a web-based logistics and fleet management SaaS application accessible through a web browser. The application inter-face was designed similar to excel sheets currently being used, thereby enabling non-technical users to eas-ily adapt to the system. Introduced the categorisation of the various vehicle related alerts and created a process for easily monitoring and adding-updating of new alert items. ‘‘The moment we finished the appli-cation design, our fleet solution for all trucks was up and running with no coding at all,” says Kishan Agar-wal, MD, DFC.

“The field staff is able to enter data using the excel-like interface, and this is an impressive platform,” adds Agarwal.

The benefitsThe solution was taken as a subscrip-tion by DFC from Jamcracker for which it pays a monthly fee of Rs 5,000. Jamcracker estimates, had it been an on-premise solution, the total expenditure including the initial set up cost and utilization cost over a period of three years could have been close to Rs 17 Lakh. “But it just cost Rs 3.3 lakh for the same calculation for the same period,” says Lakshmi Narayan Rao of Jamcracker.

The web application further enabled collaboration of geographi-cally dispersed teams and stream-lined the process of data consolida-tion by replacing the existing excel sheets and minimising the use of printed paper records. It also auto-mated the process of report genera-tion based on custom criteria and predefined business conditions via locations or trucks. Moreover, the cloud solution implemented custom interfaces for viewing and printing of the expenses based on different criteria. —[email protected]

Small companies are picking up SaaS smartly not only to optimise their limited resources but also to leverage best-of-breed technology By Gyana Ranjan Swain

SmaLL iSthe new biG

the Advent of cloud computinG has changed the whole dynamics of IT, and it has coined a new definition of comput-ing. Getting the best solutions using the power of IT is no more the pre-serve of large enterprises that have huge capital to invest in IT. Even the small companies who are not IT savvy are going for the cloud solutions. In a way, the cloud is now becoming a level-playing field for the large enter-prises and small businesses alike.

BENEFITS

Able to avoid

multi-location

hardware

and software

deployment

Development

time reduced to

15 days instead

of 3 months

in on-premise

solution

Pay-per-use

model

Pays monthly

subscription

fee of Rs 5,000

against an

upfront payment

for development

3 year cost

out-lay at Rs 3.3

lakh against Rs

17 lakh in on-

premise solution

Savings of Rs

13.7 lakh

No maintenance

fee

COMPANY DASHBOARD

Company name:Delhi Freight Carriers

Corporate offiCe:Bangalore

area of operation:Cargo Carrier

no of Carriers operating:200

Coverage:40 cities in India

mD:Kishan Agarwal P

hO

TO

BY

Ph

OT

Os

.CO

M





ed in all levels of the company. Spread over several locations, the organisation needed a system to manage operations efficiently. The operations were also in many ways exactly like a bank, though in some ways distinctly different. This included a solution that would help organise customer information and pro-vide a single customer view, to support new product development and improve cross-selling capabilities. Finally, the system had to be quick to deploy, easy to use and technically robust.

cloud comes callingAccordingly Janalakshmi selected a combination of solutions, which were all based on cloud computing:

a core banking system for the banking operations

a smart card system for field operations

a CRM system for the management of the customer relationship through the life of the same

“We selected the applications on the cloud, because it did not require upfront capital expenditure and met with their technical specifications,” says Janalakshmi’s Vice President - Special Projects,Ramaswami Dasarathy.

FINO is the service provider for the core banking system and the smart card system. The microfinance company then selected Wipro as the implementation partner for the Sales-force.com and leveraged the bank’s documented business processes to ease implementation. The first stage of roll-out involved the collection module and later extended to the cus-tomer acquisition module.

Janalakshmi's technology infrastruc-ture is defined by a three-tier frame-work. At the foundation lies the IT architecture comprising the technology services and infrastructure. The archi-tecture enables growth and ensures scalability of the business. Next, the core banking system (CBS) complemented by the CRM application drives the busi-ness processes of the company. Finally, delivery mechanisms such as the smart card seamlessly interface with CBS and CRM to cater to the needs of the cus-

tomer. Janalakshmi utilises the CRM application to streamline the collection process from the customer acquisition to the collections phase. This custom-ised solution allows for one data set for all to view and enables management to update on a real time basis.

The benefits The applications have helped Janal-akshmi’s employees to have a single view of the customer, across the various levels of the organisation and take appropriate action. “The solu-tions helped fill gaps in information which in turn helped in streamlining processes and managing operations more efficiently,” adds Dasarathy.

Salesforce CRM helped the bank to improve information sharing, which was critical to planning and selling related financial products to the same set of customers.

“Additionally, the company can reduce the costs and complexities associated with a cash-based transac-tion environment, intrinsic to the microcredit world,” he adds.

Future plansThe company is now planning to create a single and uniform informa-tion system based on processes and procedure. It plans to launch a 'portal' which will host the CRM applications and organisation wide processes and documents. The portal will enable all location offices to access the applica-tion and data seamlessly and provide a reliable and consistent IT Infrastruc-ture through the implementation of a Network and Security management system. This includes an Enterprise Data Storage solution for corporate data requirements.

The company is also planning to implement an additional delivery channel interfaced with CBS and Salesforce.com. “This is to be accom-plished through mobile phone based solutions particularly for the collec-tions and customer update require-ments,” says Dasarathy.


Serving the financial needs of the sub-prime customers, Janalakshmi Financial Services banks upon cloud to minimise its capex By Gyana Ranjan Swain

micro debitmeGA credit

bAnkinG And finAnciAl institutions thrive upon customer satisfaction and trust, and it is achieved when you entirely focus on providing the best service to the customer without any hassles.Bangalore-based Janalakshmi Financial Services (JFS), a midsized microfi-nance firm is mainly focused at the Indian sub-prime sector. Commencing service in 2006, it currently serves more than 55,000 customers.

BENEFITS

Reliable, Authentic and uniform customer view

– The applications

have helped

Janalakshmi’s

employees to

have a single view

of the customer,

across the various

levels of the

organisation and

take appropriate

action.

Streamlined operations –

The solutions

helped fill gaps in

information which

in turn helped

in streamlining

processes

and managing

operations more

efficiently – thereby

aligning the

organisation.

Reduced business risks

– Salesforce CRM

helped the bank to

improve information

sharing, which was

critical to planning

and selling related

financial products

to the same set of

customers.

COMPANY DASH BOARD

Company name:Janalakshmi Financial

Services

Corporate offiCe:

Bangalore

area of operation:

Microfinance

Customer base:55,000+

establisheD:July 2006

mD & Ceo:R Srinivasan

challengesEarly on, Janalakshmi had made an investment to define and document the processes of the core business life-cycle. Beginning with the customer acquisition phase, loan disbursement, collection phase, and finally the clo-sure phase, the mapping of processes identified the vital role of technology in driving business processes.

These documented procedures now ensure that standardisation, improve-ment, and compliance are implement-





if we truly are reaching the point where there is an ‘everything as a Service’ offering then we must expand what we mean by everything By ThomaS STRuanfine

everythiNGwiLL be

The marketMuch discussion has taken place about the future of cloud computing, the types of applications that can be tweaked into outsourced or hosted solutions, or even the complete dis-mantling of the current technology environment by virtualizing every-thing. HP, and other companies, are betting heavily on the future of cloud computing. Over the past few years, HP has acquired more than 10 different software companies in an attempt to position them as the mar-ket leader in the EaaS market. .

But what is the future of cloud computing? Thinking long-term has never been a forte of large companies like HP or IBM. They are position-ing themselves to capture market share, not to expand the realm of cloud computing service offerings. The true pioneers in the EaaS mar-ket space are smaller companies

like Evolution CE (specialising in Open Source Cloud Computing) and researchers, who are taking cloud computing solutions to the next level.

The future The ability of software systems to intuitively predict user behavior, or assess corporate computing needs, is indeed the future of cloud com-puting. Running applications or software across the internet, even across secure pipelines / VPN / SSL is being done and has been done for the past few years. ADP (the world’s largest payroll solutions company) has had a cloud computing solution across VPN for at least three years and it is widely used. But, the real future for cloud computing is the true virtualisation of scalable systems across geographical boundaries. Intuitive in nature, such systems would be easily replicated, dupli-

cated, or failed over by design. This ‘cloud clustering’ concept is in the proof of concept stage in test facili-ties in the United States.

Not only would such systems be available as a human interface, but manufacturing systems could be operated globally. Via complex and intuitive intelligent computing, Gen-eral Motors could simply allocate that 25,000 of a certain vehicle be built and the system would instantaneous-ly calculate which factories around the world had the capacity and would then analyse cost data to determine the overall cost (including logistics) for distributing such vehicles from the various locations. An incredible feat that is currently handled manu-ally because the global computing systems do not exist which can control robotics, MRP systems, shop floor systems, etc… in a seamlessly integrated worldwide solution.

Global cloud computingThink of a cloud environment as a single computing centre and then combine various virtual comput-ing centres around the world where resources are drawn as needed – computing centre “A” is too busy so computing centre “B” is chosen as the next resource in line. It is the ultimate in virtual load balancing. Likewise, virtual storage centers can be set up as virtual ‘SANs’ across the globe. Instead of load balancing one hundred servers in an operations centre, you end up load balancing one hundred cloud computing envi-ronments. The end result: Every-thing as a Service, available around the globe, all of the time, with literal-ly unlimited storage and computing power. This creates a seamless inter-action between end-user and applica-

tion in which available resources can be allocated globally.

Such geographically disbursed environments have tremendous advantages. For one, disaster recov-ery becomes moot. Unless the entire planet is stricken by some malevolent force or a global catastrophe wipes out all life on the planet it would be virtually impossible to destroy the computing needs of a going concern. And, if such events did occur there would be few of us left to really care about whether or not Tata Motors could still operate its robots.

in the pipelineThat sounds idealistic and even unre-alistic, but when you think about it the technology nearly exists today to make such systems a reality – the right combination of innovation and investment could bridge the gap

or upgrade. However, you cannot just add another internet connection. At some level you simply run out of pipe – the fibre is completely utilised, there is no more copper, and satellite bursting is very pricey. It is an infra-structure issue that can only be solved by laying more fiber-optic cable, adding additional routing, and finding more efficient ways of streaming packets of data from point “A” to point “B”.

Tweaking rulesArchaic laws also need to be beaten into the dust. Data storage laws that prohibit information from transcend-ing national boundaries need to be re-examined. The old way of think-ing whereby “They that control the data, control the power” is outdated. The true power comes not in own-ing the data, but in doing something with it. Truly distributed and virtu-alised data architecture actually fos-ters the integrity, security, availability, and redundancy of data.

Under the pretense of protecting confidential information, govern-ments around the world – yet again – fail to tackle the actual problems of securing data. A hacker is little deterred by the fact that data sits in France instead of Thailand. And, there is little evidence that shows any one country does a better job of securing data than any other country.

True innovationInnovation in cloud computing can-not just stop at providing software to a customer; it has to expand into providing a service. If we truly are reaching the point where there is an ‘Everything as a Service’ offer-ing then we must expand what we mean by ‘Everything.’ Currently most companies like HP really mean almost everything as a service. Vir-tualisation of existing client-server platforms is far from innovative and in this race - the cloud computing race - it will be the innovators with the best products on the most diverse platforms across the most dispersed area that ultimately succeed.

ThE TRUTh AbOUT ClOUD COmPUTINg is that no mat-ter what ser-vice you offer, nor how large the operations centre, getting information to flow is based on bandwidth and it comes at a premium

WhAT IS ThE FUTURE OF ClOUD COmPUT-INg? thinking long-term has never been a forte of large companies like HP or IBM. they are positioning themselves to capture market share, not to expand the realm of cloud comput-ing service offerings

As it professionAls there are very few of us who have not heard of SaaS (Software as a Service) or AaaS (Application as a Service) and now the ultimate acronym EaaS (Everything as a Service). If you are an IT executive and haven’t heard of at least one of these terms you might want to reconsider your role in the realm of technology. These cloud computing solu-tions are here now, and it appears that they are here to stay.

“ArchAic lAws Also need to be beAten into the dust. Data storage laws that prohibit information from transcending national boundaries need to be re-examined. ” thomaS StruaN, Technology Advisor at Infotraxx Systems LLC.

quickly. There is only one prob-lem that has yet to be solved, and it has been the bane of internet based technologies at every level – bandwidth. The truth about cloud comput-ing is that no matter what service you offer, nor how large the operations center, getting information to flow is based on bandwidth and it comes at a premium.

Need more storage capacity in your opera-tions centre – go buy another NAS. Need more processing power – go buy another server





Activities such as Enterprise Architec-ture Planning (EAP) serve this need and are essential to IT governance. Other activities relate to the application of EA to specific domains, such as Line of Business (LOB) portfolios, technical and application architecture.

So, given this definition–yes, EA is essential because even if the applica-tions and business processes leave the enterprise four walls of SaaS, planning and governance are needed to ensure alignment to strategic goals.

The role of EA is to periodically adjust those long-term goals and the trajectory to attain them in response to changing technologies and busi-ness drivers, etc.

So as new paradigms like SaaS and other types of Cloud Comput-ing emerge, EA must evaluate them and establish standards, guidelines, policies, etc.

For example, EA may incorporate SaaS on the basis of cost benefit and its compatibility with various enterprise needs.

the emergence of business architec-ture to a new height because of the direct empowerment of LOB own-ers. Acquisition and deployment of real solutions is now within grasp of business owners (seemingly) without the need for conventional IT delivery and support.

But many of the above questions may go unanswered without engage-ment of EA, and latent risks such as compliance and security may turn into real issues.

Coby Royer has over 20 years tech-

nology experience in software and

security start-ups, consulting, to large

enterprises. This information is brought

to you by the Information-Security-

Resources.com and the publisher gives

permission to link, post, distribute, or

reference this article.

enterprise architecture may incorporate SaaS on the basis of cost benefit and its compatibility with various enterprise needs By CoBy RoyeR

And in addressing whether there is a need to architect solutions while adopting SaaS, then yes, there is still a critical need to define how SaaS integrates with the enterprise tech-nology landscape.

The other questions that need to get answered include: what is the master of my data? How do I manage identi-ties and accounts? How do I produce compliance reporting? How do I migrate to adopted and sunset SaaS Apps? How do I establish trust rela-tionships? How do I provide quality and service to my constituencies? etc.

These issues require solutions in the domains of information architec-ture, security architecture, network architecture, application architecture, technical architecture and so on–pre-sumably envisioned and vetted by architects of various types.

So while the game may have changed, the need for the players has not. Architecture–in all senses of the word–remains essential. In closing I will say that SaaS pushes

SaaS & the Need For

enterpriseArchitecture

“As new paradigms like SaaS and other types of Cloud Com-puting emerge, EA must evaluate them and establish standards, guidelines, policies, etc.”

Coby royertechnology Consultant.


does sAAs diminish the need for enterprise architecture? This is a good question, but we have to understand what is meant by Enterprise Archi-tecture (EA). It is generally accepted to be a discipline and sometimes that stra-tegically aligns an organisation to its technology and business goals.


BY INVITATIONRod King | [email protected] Dr. rOD KINg is a thought leader,

consultant, and trainer on Trade-Off

Mapping & Customer Experience Innovation.

You can reach out to his blog http://

businessmodels.ning.com/

many books have been written about the strategy of disruptive inno-vation and creative destruction. The most famous is probably Clayton Christensen’s seminal book, The Innovator’s Dilemma. Although Christensen’s book is comprehensive and insightful, his conceptual frame-work appears abstract and not imme-diately useable in strategic planning. Kevin Maney’s new book, Trade-Off also covers disruptive innovation. Good enough fidelity and high con-venience are defining characteristics of products that reflect a disruptive innovation strategy. Disruptors try not to initially develop high perfor-mance products or services, which are usually expensive, complex to use, and inaccessible for the mass of the population. Successful disruptors know that high performance prod-ucts and services often have a high degree of trade-off and therefore present opportunities for disruption. By monitoring trade-off in customer experiences, disruptors can virtually smell where opportunities lie for dis-ruptive innovation.

The degree of trade-off can be con-sidered as a ratio of customer pain to customer delight. By focusing on the degree of trade-off as a metric, one can get further insights into the trade-off

which sometimes fundamentally change their ecosystem as well as rules of the game.

Customer fidelity and inconve-nience are strongly related. Often, by reducing customer fidelity of a mar-ket leading product and especially by lowering performance, customer inconvenience is also reduced. The main risks of disruptive products include product imitation, com-moditisation, and/or price war from incumbents that eventually lead to bloody Red Oceans. But for many disruptors, the benefits of disruption outweigh its costs and risks.

In a world sailing towards greater abundance in products and services, ‘good enough’ may just be the new ‘great.’ But, for how long? History shows that a ‘good enough’ product eventually evolves towards a higher performance and more complex product that is inconvenient and alienates the mass of population. And the product becomes a ‘prey’ for a new generation of disruptors. And the evolutionary spiral continues … with the degree of trade-off for the species of product getting smaller, smaller, and smaller … The ideal final result is zero trade-off. And that’s exactly what the mass of customers want: free, perfect, now!

strategy of disruptors. The main strat-egy of a disruptor is to significantly reduce the degree of trade-off by reduc-ing customer pain or inconvenience through a decrease of customer fidelity. This disruptive approach goes against the mindset of market leaders who usually focus on providing greater customer delight or fidelity at higher cost, that is, at the expense of customer convenience. The result is that market leaders develop products that have high performance, but are highly inconvenient for the masses who hardly buy and use the products.

Disruptors mainly reduce cus-tomer fidelity by laser-focusing on the fundamental functionality, char-acter, or meaning of a product; “the 20 percent feature or functionality that is used 80 percent of the time.” Disruptors have a ‘no frills’ mindset. Disruptors are often aided by emerg-ing technological innovation.

However, higher performance prod-ucts can be disrupted with little or no innovation in technology; process and business model innovation do not necessarily require technological inno-vation. One advantage of technological innovation is that it enables disruptors to redefine the meaning and value proposition of the product and thereby create a Blue Ocean of opportunities

By monitor-ing trade-off in customer experiences, disruptors can virtually smell where opportuni-ties lie for disruptive innovation.

The Trade-off Strategy of Disruptive Innovators. Have you ever wondered how innovators come up with ideas for disruptive products?

l i t t le g iant s B U S I N E S S - I T A L I G N M E N T


B U S I N E S S - I T A L I G N M E N T l i t t le g iant s


To fulfill all these, it is important for finan-cial services companies like Destimoney to implement technology solutions that are repeatable, extensible, accessible and build trust and provide a sense of personal and financial security.

Challenges galoreAlignment of different business verticals towards company’s common business goals, customer engagement, employee involvement and utilisation are some of the challenges that Destimoney faces in the business.

In the interest of business, it was neces-sary for the company to look at implement-ing solutions like Sales Force Automation (SFA), CRM, client server architecture and also put up a technological infrastructure for starting currency, commodity, margin funding, advanced risk and surveillance management system for broking vertical.

Dipesh Thakar, CTO at Destimoney India strongly believes that delivering high-quality service with core customer-facing applications sets a foundation for developing customer relationships. “If minimum service standards are not met, however, financial services com-panies face the possibility of alienating cus-tomers,” says Thakar.

Maintaining customer relationshipSolution like CRM not only allows customer relationships to be managed more efficient-ly, but also encourages a focused customer-centric approach to conducting business. CRM includes Front-end (direct interaction with customers e.g. face to face meetings, phone calls, emails, online services etc.) and Back-end (operations that ultimately affect the activities of the front office) office opera-tions, business relationships and analysis of key CRM data in order to plan target-

marketing campaigns, conceive business strategies, and judge the success of CRM activities (e.g., market share, number and types of customers, revenue, profitability).

To achieve this, Destimoney implemented two types of CRM solutions - operational and analytical. Operational CRM provides support to front office business processes, for example sales, marketing and service staff. Interactions with customers are gener-

ally stored in customers' contact histories, and staff can retrieve customer information as necessary. Operational CRM processes customer data for a variety of purposes like managing campaigns, enterprise market-ing automation, sales force automation and sales management system.

“Analytical CRM generally makes heavy use of data mining and other techniques to produce useful results for decision-making. It is at the analytical stage that the impor-tance of fully integrated CRM software becomes most apparent - the more the information available to analytical software, the better its predictions and recommenda-tions are,” says Thakar.

Streamlining the salesSFA (Sales Force Automation) has helped to streamline the sales process. With a robust SFA in place, there is now a uni-form sales process across the organisa-tion. “Technology along with BI deploy-ment is helping us to cross-sell products. It’s also helping in combining database across vertical which will increase the lead base many folds,” adds Thakar.

Benefits achievedAccording to Thakar, technology is trying to make systems and processes common across all the verticals without taking away their distinction. With common systems and common database, there is unifor-mity coming in the way which business is being conducted.

Also, technology along with all the busi-ness verticals is planning out a complete customer engagement programme right from lead generation to client retention. It is developing a common customer data-base across products which will give cus-tomers a single interaction point with the company and has created internal systems for tracking the activities and productivity of employees.

The organisation’s IT spend for the cur-rent financial year is approximately Rs. 1 crore. In future the company would be looking at the Software as a Service (SaaS) technology as they believe that rather than buying products as whole which needs a lot of changes as business is in a state of flux, it is advisable to buy them as services. —[email protected]

Technology had helped Destimoney Enterprises to achieve benefits like less setup time for a business, faster implemen-tation of systems, robust tracking and monitoring. By Vinita Gupta

COMPANY DASHBOARD

Company:Destimoney

Enterprises Pvt. Ltd.

EstablishEd:2006

Was purChasEd by:New Silk Route

in 2008

sErviCEs: Loans, Mutual Funds,

Equity Broking &

Wealth Advisory

nEtWork: Total employees

3000

Total Branches 137

Covering 72 Cities

497 Distribution

Partners

A true cAse of

Alignmentit- business

Financial services providers have a daunting challenge to balance several potentially conflicting goals. These include lowering costs by automating customer service; ensuring the retention of high-value customers; reduce the transaction time for compliance with federal mandates; increase the number of direct interactions with customers and provide high-quality and responsive service.

“technology along with bi deployment is helping us to cross-

sell products. it’s also helping in combining database across ver-

tical which will in-crease the lead base

many folds”

PH

OT

Os

BY

JiT

en

Ga

nd

Hi

36 07 DECEmbEr 2009 thectoforum.comcto forum 37thectoforum.com 07 DECEmbEr 2009

cto forum

s ta n da rd i sat i o n n e x t h or i zo n s

NEXTHORIZONS

Raise the Bar Technically a CIO can never be complacent Pg 39

FeaTuRe InsIde

I experienced a wide range of emo-tions as I read this allegedly tech savvy article in the Wall Street Journal, written by someone who is deemed a columnist for reasons

which clearly have no basis in reality. Most-ly, I was surprised, because this is not the caliber of information that I expect from a publication such as the Wall Street Journal.

Not only does the author appear to oper-ate in a context that bears little resem-blance to what is commonly found on earth, but he ignores a host of things that businesses actually have to contend with in this day and age.

His premise is essentially this: Employ-ers, along with corporate IT departments, are holding back the productivity of work-ers, by enforcing standards on them and restricting them from treating corporate technology as their own.

“At the office, you've got a sluggish computer running aging software, and the email system routinely badgers you to delete messages after you blow through the storage limits set by your IT depart-ment. At home, though, you zip into the 21st century. You've got a slick, late-model computer and an email account with seemingly inexhaustible storage space.”

Standard DeviationsWhy there can’t be two ways to standardised business practices in technology By Andrew BAker

Let’s ignore the fact that not everyone has the latest computer at home. Perhaps he’s forgotten that the economy has not really been conducive to people running out and purchasing the latest and greatest – at home or at work. Let’s focus on the subset of people that fall into his target range of tech-savvy workers, frustrated by the lack of flexibility to change things around on the computer network as they do on their own systems at home.

My first question is, why stop at comput-ers? Why not include all of the other things your employer won’t let you change, like the office furniture? Why don’t we let employ-ees print their own business cards, and handle their own stationery?

Let’s face it: Flexibility does not always lead to an increase of productivity.

What our intrepid reporter does not realise or acknowledge, is that there are sev-eral accommodations that need to be made to handle the flexibility that he desires. And these are not free accommodations.

This article has so many flaws in it that I am forced to address only a few of them in one sitting, but that should be enough to show how much thought really needs to go into this sort of decision before true ROI can be obtained.

Here are the issues that were misrepre-sented or ignored outright in the article:

Cost Control & Vendor Negotiations Technology Integration Information Security, Compliance & Risk

Mitigation Staffing & Training For the purpose of my examples, I will ask

you to consider a mid-sized organisation of 1,200 users across 3 offices, with 1,000 desk-tops, 300 laptops, and 250 servers. Total IT infrastructure staff is 30 members, across help desk, desktop, server, and network sup-port, and information security.

Cost control & vendor negotiationsSome forward-thinking companies are already giving employees more freedom to pick mobile phones, computers and appli-cations for work—in some cases, they're even giving workers allowances to spend on outfitting themselves. The result, they've found, is more-productive employees.Unfortunately, Nick Wingfield, the author of this opinion piece, doesn’t take the time

to substantiate how these employees were deemed more productive.

Beyond that, he failed to consider that it costs much more to have every employee select their own technology. There’s no way to get the same kind of discounts from a vendor for 1,000 desktops and 300 laptops when any particular vendor might only see 20-33 percent of that volume, depending on how many vendors are available to choose from. Anyone who has had to purchase on this scale also realises that the initial price of the technology is only the tip of the iceberg. The support costs are a large part of the deal as well (not to mention integration costs, but that’s coming). So, right off the bat, our costs are up, as we have undermined our potential for volume discounts and other cost-effective bundles, and we have obtained nebulous and anecdotal productivity gains.

Technology integrationThe rise of the consumer market also means people have gotten a lot smarter when it comes to technology—and a lot less patient with substandard stuff at the office. Even with the weak economy, companies will find it harder to recruit savvy workers if they don't let them use

their favored technology. As someone who has worked in IT for almost two decades now, I have found that people are more technology savvy today only in a very narrow sense. Yes, they know about newer technologies and purchase devices that are more powerful than hardware of the past. However, they are no better at getting all these technologies working together than they have been in the past. If anything, the situation today is worse than before primarily because of the com-plexity and number of integration options that today’s devices offer.

How many people who have purchased a smart-phone with email capabilities have actually gotten it to work with more than a single email provider? How many of these supposedly tech-savvy employees manage to navigate their own wireless home networks and peripherals at home in order to connect successfully to the corporate network with-out calling on their corporate IT team?

What do you suppose happens to pro-ductivity when 30 people in a department purchase 6 different PDAs and brands of laptops, running different operating sys-tems, and then try to connect successfully to some line of business application? And which member of corporate IT is supposed to be proficient enough in all six of the PDA and hardware choices, plus the 3 different operating systems in use?

I can only laugh at the recruitment sen-tence above. Even in a great economy, that strategy is an ignorant one. I would do my best to ensure that employees with such a degree of unhealthy entitlement were sent directly to my firm’s competitors, for the entertainment value as well as for the com-petitive advantage to our firm.

Technology integration is where the bulk of dollars are spent on any technology-based project. Making things work together is where technologists spend most of their time, despite the abundant use of terms and phrases such as plug-and-play, standards-based, seamless integration, compatible and 15-minute installation in vendor’s market-ing literature. Both valuable dollars and time are spent to make things work as ven-dors claim they will, on a regular basis.

And this happens today even in environ-ments that are largely standardised. Want to guess what the impact is of lowering the

sOme FORWaRd-ThInkIng COmpanIes aRe alReady gIvIng emplOyees mORe FReedOm TO pICk mOBIle phOnes, COmpuTeRs and applICaTIOns for work—in some cases, they're even giving workers allowances to spend on outfitting themselves

PH

OT

OS

BY

PH

OT

OS

.CO

M


cto forum

cu s tom e r s e rv i ce n e x t h or i zo n sn e x t h or i zo n s s ta n da rd i sat i o n

standards of standardisation? It’s not cost savings, productivity or time management – I can assure you of that.

It wasn't always this way. For years, the big breakthroughs in computing technology came in corporate IT departments and uni-versity computer labs.

Since when was corporate IT the place of big breakthroughs? University labs have been a source of many an invention or application of technology, for sure, but almost never corporate IT, except, possibly, in the area of local area networks.

Looking back over the years, the advances offered in computing technology were always offered by Intel, Dell, HP, and IBM in their consumer lines before offering them in their enterprise and small busi-ness lines. This is not a new thing, and it exposes the author’s lack of knowledge concerning the subject he tries to talk so authoritatively about.

Information security, compliance & risk mitigationEven more galling, especially to tech-savvy workers, is the nanny-state attitude of employers who block access to Web sites, lock down PCs so users can't install soft-ware and force employees to use clunky programs. Sure, IT departments had legit-imate concerns in the past. Employees would blindly open emails from persons

unknown or visit shady Web sites, bring-ing in malicious software that could crash the network. …

But those arguments are getting weaker all the time. Companies now have an array of technologies at their disposal to give employees greater freedom without break-ing the bank or laying out a welcome mat for hackers. "Virtual machine" software, for example, lets companies install a package of essential work software on a computer and wall it off from the rest of the system. So, employees can install personal programs on the machine with minimal interference with the work software.

Did Nick say that the problem of employ-ees opening up malicious attachments are in the past? Really? Is that why the Conficker virus is still spreading one year after it came on the scene? And bear in mind – they are thriving primarily on home machines, where security is often much more lax than at the office. And this issue is not limited to any particular operating sys-tem or platform. Application vulnerabilities make up the bulk of vulnerabilities today across Windows, Linux and the Mac, so the concept of safety by OS is still reserved for the realm of science fiction.

I wonder how Nick expects that this vir-tual machine that is walled off from the rest of the corporate network is going to get to the Internet? I wonder what he thinks

is going to happen when employees go to the Internet from their walled off virtual machines, and download the information which will make them productive, and find that they are not connected to any corporate resources like printers and email?

I wonder if Nick actually understands how virtual machine technology works, or has fig-ured out who will be paying for the operating systems that will be running on the virtual machine instances? I wonder if he realises that most people still don’t secure their wire-less networks properly, or use passwords prop-erly on their home networks?

What does Nick suppose will happen to an organisation when its 1,000 desktop users are running their 1,000 virtual machines which have internet access and a mere two percent of them get their machines infect-ed? (Mind you, I am being very generous by not assuming double digit infection rates.) Does he suspect that the other machines will be unaffected when those 20 systems end up in a botnet? Does he believe that there will be no corporate liability if those 20 systems are used to attack or compromise some other corporate or government entity?

Still, financial-services companies, law firms and others may feel the need to maintain stricter control, for regulatory and legal reasons.

There are many more organisation than just financial and law firms that have regu-latory concerns.

Every organisation which falls under the Sarbanes-Oxley act

All medical related businesses that fall under HIPAA regulations

Other regulated industries such as Phar-maceuticals and BioTech

Those organisations that need to be PCI DSS compliant

Anyone impacted by eDiscovery rules But wait! There’s more…The most common threats for businesses

are actually insiders, whether deliberate or accidental. Infected machines are a signifi-cant drain on business resources and pro-ductivity. These two statements are facts, borne out by documented evidence. Giving insiders more control of their own increas-ingly diverse environments will absolutely not lead to improved security. Any poten-tial productivity gains would be wiped out by the liability incurred by the organisation,

as well as the inevitable loss of productiv-ity due to loss of intellectual property and efforts related to virus cleanup. And what happens when an employee leaves your organisation – with much of your corporate data all over their private systems?

Staffing and trainingThe technology team in most firms repre-sents significant costs, if only because of the level of expertise needed to run all the tech-nology that powers businesses today. While it was once possible to be very strong in a many current technologies, that is virtually impossible today because of the frequency of change in the industry.

More than that, the issue is not just that one must be proficient in the use of Products X, Y and Z, but that one must be well versed in the possible interactions of the combinations of

Raise the Bar In the ‘new normal’ phase of time, successful CIOs will search for value by experimenting with customers and partners By MichAel chui, Pär edin, And JAMes MAnyikA

As economies around the world emerge from the current downturn, many executives understand that what fol-lows probably won’t be just another turn of the busi-ness cycle. This new period will see a restructur-ing of the economic order. Some are calling

it a ‘‘new normal’,’ a phase in time marked by persis-tent uncertainty, tighter credit, lower consumer spending, and greater government involvement in business.

For executives who run major IT organisations, the implications are clear: they will have to make the IT function dramati-cally more productive, use IT more effectively to meet larger company goals, and embrace disruptive tech-nologies that will shape the new economic terrain. Drawing upon our experience with clients, recent McKinsey surveys of execu-tives, and a range of interviews with experts, we have analysed what the ‘new normal’ means for CIOs in the Europe. While some of the forces impinging on them are specific to that region, many of our findings are applicable to IT leaders elsewhere as well. First and foremost, CIOs will

have to overcome hurdles that have limited IT’s performance in recent years:

• They must promote a much closer align-ment between IT and the business units by embracing new organisational models that call for joint decision making. IT leaders will need better business skills, not just technical know-how.

• IT productivity efforts must leap beyond cost cutting at the margins. CIOs will have to make fundamental changes in the way IT operates and campaign for technological improvements that will transform cost structures and operating models throughout the enterprise.

• IT leaders must join with their business counter-parts to seek out and implement technology-based innova-

tions that will give companies long-term competitive advantages in a tougher economic climate.

In the past, IT performed satisfactorily if it made marginal progress in these areas. In the ‘new normal’ phase, it must truly excel in all of

those products. The vastness of today’s tech-nology landscape means that technologists are either reasonably familiar with a wide variety of different technologies (mostly from a stand-alone perspective), or they are expert-level in 3, maybe 4 different technologies. It is the very rare individual who can be broad and deep across many platforms and technologies.

This means that organisations will need to increase their technology staff and technology training to enable their teams to manage the increased integration load. Or, organisations will offload that burden of support to the indi-vidual employees. I’ll bet that this removes whatever nebulous productivity gains were generated by the flexibility.

The role of an organisation’s technolo-gists are to protect the technology and information assets of the company, while facilitating productivity to move the busi-

ness forward. This is always a balancing act, as no technology department that I am aware of today has anything resembling an unlimited budget. These goals must be handled as cost-effectively as possible. Let-ting everyone do what looks good to them is as far from cost-effective or productive as you can possibly imagine. For a good read on this subject, I would recommend that you read the following book:

Andrew S. Baker is a business-savvy, hands-on

IT leader with expertise in mentoring people,

mitigating risk, and integrating technology to

drive innovation and maximise business results

What do you suppose happens to productivity

when 30 peOple In a depaRTmenT

puRChase 6 dIFFeRenT pdas and BRands OF lapTOps,

running different operating systems, and then try to connect successfully to some line of business

application?


cto forum

n e x t h or i zo n s cu s tom e r s e rv i ce

products through IT-backed self-service.Despite the pressures, companies can’t

lose sight of the opportunities for the kind of transformation that would help them estab-lish market leadership in the ‘new normal’. Our research has shown that 47 percent of market-leading global IT companies before the 2000–03 recession didn’t hold onto their leadership positions after it.

In a positive sign, 31 percent of Euro-pean executives— when asked to list their

top priorities—included the development of new products and services in response to changing consumption pat-terns, and 22 percent included the search for new markets in response to changes resulting from the economic crisis.

Hurdles for the CIOWhile the ‘new normal’ creates a novel set of challenges for CIOs, the problems that made IT less productive before the downturn haven’t disappeared.In some cases, their impact has

deepened as a result of aggressive cost cut-ting and unresolved structural issues. At many companies, the IT function and the business side fail to coordinate their activi-ties sufficiently, which makes organisations less efficient and effective and impedes the collaborative effort needed to adopt and apply game-changing technologies.

Responding to our survey, 71 percent of European IT and business executives said that IT must be tightly integrated with busi-ness strategy, but only 27 percent thought that this actually happened at their companies. In addition, fewer CIOs in Europe than in other regions report to the CEO : only 31 percent in Europe, versus 56 percent in North America. This finding suggests that European compa-nies continue to think IT leaders should focus on back-office operations rather than strategy and growth efforts.

Many of the European IT executives sur-veyed believe that there is room to improve the effectiveness of traditional IT activities, such as managing the IT infrastructure (38 percent), strategic sourcing (68 percent), and IT performance (60 percent).

Business executives believe that IT could support their units more effectively by forg-ing better partnerships to reconceived and upgrade existing processes and systems (81 percent) and by innovating with new technolo-gy-supported capabilities (77 percent).

In an increasingly tough operating environ-ment, structural factors make the tasks facing Europe’s CIOs even more difficult than those of their counterparts elsewhere. European markets remain fragmented by language and culture, and their laws and regulations still dif-fer substantially, despite EU standardisation efforts. What’s more, many European compa-nies have long used M&A to enter new mar-kets, so their operations are larded with com-plex legacy systems and governance issues.

them—the performance bar is higher, and the expectation that IT should contribute to corpo-rate success is more insistent.

Europe’s challenging landscapeWhile recent data suggest that the economic downturn may be bottoming out, rapid, robust recovery may prove elusive. Fewer than half of European executives—similar to their counterparts in other developed markets—expect their companies to per-form better in 2009 than 2008: 38 percent expect profits to increase in 2009, com-pared with 42 percent in North America and 44 percent in Asia-Pacific. In contrast, executives in developing markets (including China and India) are more optimistic, as 53 percent expect profits to increase in 2009.

In this environment, overall cost pres-sures on companies will remain unrelent-ing. IT organisations will therefore have to do their part in reducing budgets through productivity savings, as well as self-funding investments in everything from new servers to improved IT architectures.

In fact, Europe’s IT organisations appear to face higher cost pressures than their counterparts in other regions do: in another survey, 82 percent of the respondents from European companies expected flat or falling IT budgets for operating expenses in 2009, compared with 68 percent in North America, 80 percent in the Asia–Pacific region, and 62 per-cent in developing markets.

IT will also be required to help improve both the efficiency and the effectiveness of busi-ness operations (such as payroll and transactions) throughout the enterprise—and dramati-cally. Our survey of IT and busi-ness executives found that for European and non-European IT organisations alike, making business processes more effi-cient is the top priority and mak-ing them more effective a close second.

Banks, for example, suffer from lower leverage and thus lower revenues in the aftermath of the crisis and must reduce operating costs substantially. Some institu-tions are therefore using powerful new cross-border IT platforms to gain efficien-cies and provide more and better banking

CIOs will have to make fundamental changes in the way IT operates and CampaIgn FOR TeChnOlOgICal ImpROvemenTs ThaT WIll TRansFORm COsT sTRuCTuRes and operating models throughout the enterprise

ClOud COmpuTIng and saas allOW companies to purchase computing power and application services that scale with demand

80%asia Pacific

comPanies

exPected flat

or falling it

budgets for

oPerating

exPenses in 2009

Telco, for example, operates in almost 20 European countries, with separate IT platforms and data centres that prevent it from achieving economies of scale. In pan-European companies, country-level CIOs tend to make IT decisions individually, impeding efforts to improve company-wide systems.

Government regulations may impose new demands on IT, such as stringent require-ments for safeguarding personally identifiable information. Labour laws, which tend to be less flexible in Europe than in some other areas, make performance-based incentives and IT projects harder to manage.

Partly because IT-enabled staff reductions would have been difficult to realise, one Euro-pean pharma company chose to continue operating some parts of its finance operation manually rather than invest in IT systems.

Seventy-four percent of the European IT and business executives we surveyed believe that their companies are very or extremely susceptible to disruptions stemming from IT —a percentage higher than those in other regions—yet only 48 percent believe that their companies are very or extremely well-prepared for them. As for IT’s ability to transform the competitive landscape, some companies have yet to recognise the role of technology in help-ing them succeed: a third of the European IT and business executives we surveyed didn’t view IT as being among the top three levers for creating competitive advantage.

Succeeding in the ‘new normal’To meet the new demands, CIOs should start with efforts to tear down the remaining walls between IT and the business in order to focus on ambitious targets such as upgrading IT operations and enabling IT to improve corpo-rate performance.

Demonstrating early successes helps CIOs earn the right to address more far-reaching goals by leading the company-wide adoption of new technologies, such as Web 2.0. A flex-ible and focused IT organisation will be better positioned to enable top-line growth and more open to innovative technologies and the new business models they imply.

Aligning IT with the businessThe imperfect relationship between busi-ness managers and their IT counterparts is a long-standing problem. But the ‘new normal’ brings more urgency to finding a solution—

one that will demand better governance, as well a broader range of management skills among IT executives. Step number one should be establishing a joint-governance model for IT and the business to facilitate bet-ter decisions and alignment around priorities.

These governance practices should, for instance, promote joint decision making, which will give IT better insights into the needs of the business and help business managers understand IT’s capabilities and potential. Here’s one illustration of why this is so important: in the new economic landscape, customers will wield more power than ever before, and IT systems can provide the inter-faces (such as online self-service) for reaching them. It’s therefore essential for IT managers, at all levels, to understand the needs of the

business’s customers—not just those of IT’s internal customers—and to think creatively about how to help the business meet them.

Joint participation in decision making will help IT to anticipate the evolving needs of the businesses it supports and to deploy its resources accordingly. At one utility company, for example, the trading function’s IT team provides 24-hour support. As a result of this close collaboration, the team has significantly shortened the time required to develop fea-tures for new trading instruments, and trades therefore adjust more rapidly to shifting mar-ket conditions.

When a company chooses its IT leadership, it must recognise that technical skills alone are no longer sufficient. To be valuable partners for business unit leaders, their IT counterparts must not only be well-grounded in strategic planning, finance, and executive-level commu-nication but also have deep industry knowledge and experience. Recruiting remains critical to filling talent gaps, but companies can develop capabilities across functional areas by rotating IT leaders through business roles and business leaders through IT roles.

Closing performance gapsSince the downturn began, many CIOs have scrambled to control costs by delaying invest-ments where possible and pushing service

7 Keys to Customer Experience in 2010

In the December issue of CRM Magazine which

focuses on customer experience, I wrote an

article called “7 Keys to Customer Experience”

that provides advice for companies as they look

ahead to 2010. Here’s how the article starts:

Despite the economic difficulties in 2009, we’ve

seen a significant up-tick in real customer expe-

rience efforts. What do I mean by real? Efforts

which address systemic issues like poorly

designed interactions, broken processes, outdat-

ed business rules, insufficient customer insight,

and cultures that are far from customer-centric.

After the introduction, I outline these 7 areas of

focus for next year:

1.Drop the executive commitment facade

2.Acknowledge that you don’t know

your customers

3.Don't get too distracted by social media

4.Stop squeezing the life out of customer service.

5.Restore the purpose in your brand

6.Don’t expect employees to get on board

7.Translate experience into business terms

I’ll provide more details for all of these items in a

later post. For now, you can read the CRM Maga-

zine article if you want to see more.

The bottom line: 2010 will be a busy year for cus-

tomer experience

—By Bruce Temkin

The content of this article is not related in any

way to Forrester Research

Bruce Temkin is Vice President and Principal

Analyst at Forrester Research and focuses

on Customer Experience. Temkin’s blog

‘Customer Experience Matters’ can be

viewed using the URL (http://experiencemat-

ters.wordpress.com/).

cu s tom e r s e rv i ce n e x t h or i zo n s


n e x t h or i zo n s cu s tom e r s e rv i ce

providers to cut prices. Some CEOs are raising cash through the sale and leaseback of assets such as datacentres.

But as competition intensifies, a more fun-damental restructuring of IT operations will be in order. Certain companies are rethinking their current approaches to procurement in hopes of replacing the current model of capi-tal spending on infrastructure with a more flexible approach to operating expenditures. Cloud computing and software-as-a-service, for example, allow companies to purchase computing power and application services that scale with demand and thus to avoid large capital outlays on infrastructure capacity to meet peak loads. The cash savings from such efforts can be critical for self-funding addi-tional IT investments: shifts in certain basic IT operations, for instance, could finance a streamlined IT architecture that will improve long-term productivity.

IT can achieve even bigger productivity gains—up to ten times bigger—by enabling major improvements in the way business units work, thus radically transforming their cost structures and service to customers. Financial institutions, for instance, can gener-ate savings by extending high-performance IT systems and platforms across regions and borders. As much as 90 percent of the syner-gies from banking mergers flow from reduced operating costs, which in turn are related directly to the consolidation and standardisa-tion of IT processes. After launching a com-mon cross-border IT platform, for example, one European bank cut its operating costs,

especially those incurred running the banks it had acquired, far below those of its peers. In one acquisition, it achieved 95 percent of the expected total synergy savings in the first year, providing ample funding for further invest-ments and new acquisitions.

Technologies for collaboration enabled by IT—including the now familiar Web 2.0 tools, such as wikis, blogs, and social networking, as well as others that facilitate live communica-tion and the sharing of documents—can help make knowledge workers more productive. In a recent survey, most respondents reported that they had achieved measurable business benefits from their use of collaborative tech-nologies, but work remains before companies can realise their full benefit.

Enabling transformative movesTo meet the demands of the ‘new normal’, companies must adopt technology-based innovations in products, services, processes, and business models. They’ll need to develop the ability to identify transformative oppor-tunities, along with a heightened awareness of the competition’s possible disruptive manoeuvres. CIOs and business executives can improve their competitive intelligence by participating actively in technology forums, networking with their partners in academia and start-ups, and assuming a perspective that takes them beyond their comfort zone in thinking about business sectors and geo-graphical markets. They must also foster and reward experimentation by role modelling the new mind-set, clearly communicating the new

objectives, investing to give executives and staffers alike higher-level skills, and creating new incentives.

Some CIOs in Europe are already navigating these disruptive currents. A major European utility revamped its business model by install-ing interactive ‘smart’ meters across its entire customer base to provide a flow of detailed data on energy usage and customer behaviour. The company used this information to reduce its losses from unbilled delivery, saving an estimated €600 million annually on a €2 bil-lion investment. With a better reading of the needs of customers, the utility could also offer new pricing models (for instance, hourly or weekend rates) to attract and retain them in a deregulated energy market.

A major European fashion retailer uses real-time information to achieve a cycle time of one to two weeks from initial design to final sale of new clothing. Its designers use real-time data from retail sales to gain insights into which fabrics, cuts, and colours are in highest demand and use that information to design new clothing lines or modify existing ones. The retailer also exploits real-time information gained by testing products in representative stores to determine production quantities and reallocate slow-moving stock to locations where demand is stronger. In this way, the company limits its markdowns to half the industry average.

The traditional IT mindset aims to capture the value of technology through top-down planning, formal structures, and clearly defined processes. In the ‘new normal’, the mind-set for success will emphasise a bottom-up search for value through experimentation with customers and partners.

Winning CIOs in this new era will view uncer-tainty and an extremely demanding operating environment as opportunities to challenge pre-vailing assumptions about the role of IT.

Michael Chui ([email protected])

is a senior expert in McKinsey’s San Francisco

office; James Manyika (James_Manyika@McKin-

sey.com) is a senior partner in the San Francisco

office; and Pär Edin ([email protected])

is a senior partner in the Stockholm office

as much as 90 peRCenT OF The syneRgIes FROm BankIng meRgeRs FlOW FROm ReduCed OpeRaTIng COsTs, which in turn are related directly to the consolidation and standardisation of IT processes

Scot t Dav i S N O H O LDS BARR E D

45thectoforum.com 07 DECEmbEr 2009 ctO fORum

What are the latest trends in the storage space?

The world is changing very fast, so are the industries. The storage industry is no exception. Demands are increasing day by day, not only in terms of size but in terms of capacity and reliability. Massive capacity, low power consumption and quieter stor-age media are the main trends across industry segments. Increasing stor-age capacity without increasing cost of storage with data compression is one more thing that the industry demands these days.

Financially, it’s a difficult time now. How do you see the

storage industry contributed to reduce the impact of the global economic meltdown?Well, truly the world is going through a bad financial situation. However, the impact of the reces-sion in our industry is negligible and in Western Digital we did not witness any changes during the period. Interestingly we have sold 10 per cent more units during the last six months compared to the previ-ous period of same duration.

You are present in almost all storage space. What are the

changes that you witness in your industry w.r.t reacting to the recession?The recession did not bring any changes as such in the storage indus-try, however the changes that are visible in our space are the result of continuous evolution in the storage industry fuelled by demands. When the notebook industry started design-ing smaller and smaller notebooks, as a result we shrunk our storages but increased the capacity. Ultimately

Size wise, storage devices are shrinking day by day

and capacities increasing. What do you think would drive the next generation storage devices?With the explosion of data in the infor-mation age there is a strong demand for better, faster, and more efficient ways to store, process, and serve data to the market. There are three key driv-ers- capacity, reliability and quality- that would drive this market forever. And future evolutions would by far be based on these three things.

The whole ICT industry is going green, becoming more

environment conscious. How does your industry contributing to the data center industry becoming more efficient and cost-effective?Well going green means how effec-tively and efficiently you stick to your industry without putting much harm to your environment, or rather how you can reduce your industry impacts on the environment. The storage industry is doing its bit in that regard. We, by shrinking the size, help use less raw materials. We try to use the materials which are easier to recycle and try to exploit as less resource as possible.

How do you suggest an IT manager of an enterprise

to act smart while going for new enterprise range storage devices?Well, it all depends what exactly you want to do. Selecting a right prod-uct which fits onto your require-ment and simultaneously gives you enough flexibility for improvement holds the key.


it saves money and that’s how you react to a bad economic scenario.

In terms of sales, what is India’s contribution to WD’s

revenue?Well, we do not share the break up revenue of our individual country markets but yes, India falls in our APAC zone and APAC contributes around 54 per cent of our global rev-enue. And India holds a very sizeable pie of this revenue.

“The recession did not bring any changes, however the changes are the result of continuous evolution in the storage industry fuelled by demands”

DOSSIER

Name: B Scot Davis

DesigNatioN: VP,

Worldwide Sales

orgaNisatioN: Western Digital

PreseNt Job role: To oversee sales of

WD’s desktop and

enterprise hard drives

across its three

geographic regions

- Americas, Asia/

Pacific and Europe/

Middle East

Previous Job role: Directed WD’s

sales in the Americas

as vice president of

Americas sales.

Key iNitiatives: Directed WD’s sales

in the Americas as

vice president of

Americas sales.

Scott Davis, Vice President of worldwide sales for Western Digital, whooversees sales of the company’s storage products in all computing and consumer market segments, speaks to Gyana Ranjan Swain about the storage industry. Excerpts:

Capacity, Reliability & Quality Would Drive the Next-gen Storage Industry

PH

OT

Os

BY

dr

lO

Hia

N O H O LDS BARR E D Scot t Dav i S

44 07 DECEmbEr 2009 thectoforum.comctO fORum

N E T WOR K O F TH E F U T U R E n e t wo rk s e cu r i t y

46 07 DECEmbEr 2009 thectoforum.comcTO FORUm

n e t wo rk s e cu r i t y N E T WOR K O F TH E F U T U R E

47thectoforum.com 07 DECEmbEr 2009 cTO FORUm

Once a company has decided what it needs, it can determine how many layers of protection their system would need

there are an incalculable number of threats that are encountered along any data transfer. These include viruses and worms, spyware and adware, zero-hour attacks and kicker attacks, or even data interception and identity theft.

For instance, Verizon Business recently combined their Private IP and network devices for Nikon Cor-poration. This way the latter were able to manage network traffic while being able to respond to security threats at a greater speed. Cisco also offers a host of products that can be picked depending on the require-ment—firewall security, VPN secu-rity, intrusion prevention or email and web security.

Any competitive network security architecture would incorporate anti viruses and anti spyware, firewalls, intrusion prevention systems and virtual private networks. All of these perform different functions to offer complete security to the user. So what exactly do companies need to know before they embark on a network security project? First and foremost, they need to know their requirements in terms of the business they are into and by measuring their current security measures. This way companies are able to understand what security network program will best meet their needs. If they know their existing security levels, companies are better able to gauge what gaps they are required to fill in. Not only should a comprehensive network security package include firewalls, VPNs, intrusion prevention, and virus protection, all of these facets of security should be seamlessly able to connect with each other.

Once a company has decided what it needs, they can accurately deter-mine how many layers of protection their system would need. The pick of a network security solution can depend on the important assets of a company to be protected, the important information of a company, and the address of important assets

within a system. The one thing that must be kept in mind is that require-ments keep changing. So a network solution should be flexible enough to be able to manage an increase in network traffic or changing network security requirements.

There are numerous benefits associated with network security. They benefit the security of custom-ers, vendors, business partners and employees. Therefore, with the implementation of a safe security network, customers and employees are able to safely use your systems. For instance, Access Guardian from Verizon IT is a security manage-ment product that has specifically been designed so that companies are able to manage customer net-work element traffic while offering them a secured connection. Access Guardian allows a single sign-on authorised remote access to mis-sion critical network elements. Access Guardian is certified on the IBM RS6000 platform using an AIX operating system and a relational database. Cisco also offers products to answer emerging threats such as malware spread via email, phishing

attacks on hosting companies, or attacks to XML and SOA.

Other advantages with network security are that they offer enhanced mobility. This is because employees and customers can use your network along the way. Network security pro-grammes also improve productivity for all users. The one huge benefit on network security is that customers are able to access company systems anytime they need. They do not have to bear with unnecessary downtimes or security alerts.

Network security essentially works because it offers a common configuration across different products. This leads to greater productivity of the solution. They are more effective against risks and provide greater operational control to the user. Best of breed networks security solutions are the best way to meet security threats to your data and systems. What companies need to look out for is that the infrastruc-ture should be so through that it does not ruin day-today business processes. The systems should be able to work effectively and in tan-dem with one’s business.

There can never be a day in an IT executive's life where s/he doesn't think about the security of the data and systems By team ctof

Network Security? What’s the rage about

Because network security is meant to protect a gamut of company informa-tion and IT, they do not work in silos or in isolation. Instead, they work in layers. Multiple layers of security with different configurations and capacities are installed on networks. This ensures that if some threat is able to break through one security code, there are other barriers to stop it from entering the systems. Net-work security is a serious issue with companies today because internet security is becoming increasingly daunting. This is primarily because

What is the most effective way to safeguard ourselves from the sophisticated internet threats that are sprawling all over cyber world? Network security is the simple yet powerful answer to this seemingly large issue grappling the businesses across continents. Small, medium and large organisations are all worried about the threats. Network security doesn’t simply provide protection but also is meant to secure the usefulness, reliability, and integrity of internal IT systems.

The Asia-Pacific network security market is expected to grow by 6.5 percent this year, dropping nearly

two-thirds from the robust growth in 2008. According to Frost & Sullivan industry manager Arun

Chandrasekaran, however, despite the weak sentiments and businesses exercising caution in spend-

ing, the commitment to network security investments remains strong. Most companies recognise that the

risks of not implementing adequate IT security far outweigh the cost of investing in it.

Amidst pressure to control CAPEX (capital expenditure) and stretch every dollar, companies are more

likely to deploy the more affordable converged security solutions.

New analysis from Frost & Sullivan, Asia-Pacific Network Security Market, finds that the market—

covering 14 Asia-Pacific countries—was worth an estimated $1.81 billion in 2008, growing 17.9 percent

from the year before. A modest CAGR of 7.5 percent is expected from 2009 to 2015, to gross revenues of

just over $3 billion by end-2015.

The growth in 2008 continued to come from the epicentres of emerging markets like China, India as well

as ASEAN countries like Vietnam and Indonesia, all registering y-on-y growth rates of above 20 percent.

Firewall and Internet protocol security virtual private network solutions continued to be the dominant

choice, accounting for the bulk of revenues last year at 74.6 percent ($1.34 billion). This trend is likely to

continue through to 2015.

—Source: Frost & Sullivan 2009 Report

Network Security Market in APAC

48 07 DECEMBER 2009 thectoforum.comcto forum 49thectoforum.com 07 DECEMBER 2009

cto forum

s e cu r i t Y tE cH f or G oVE r NAN cEt E cH f or G oVE r NAN cE s e cu r i t Y

Caesar dead is more powerful than Caesar alive” so wrote Shakespeare a few hundred years ago about the power of Julius Caesar. That’s how he

summed up the influence of Caesar even after his death. I cannot think of a better quote to explain how dangerous an ill-con-figured (dead) firewall can be.

Firewalls, on many occasions, are con-strued as a solution for all security prob-lems, while in reality they themselves can end up as the source of many problems. Organisations satisfy themselves stating that they are secure and protected because they have firewalls in place. True, they are protected to some extent, but firewalls are not the solution for all the security woes. When ill-configured, they themselves can turn into a problem. Moreover, security as often described in a people issue and not a technology issue. So, no amount of technol-ogy deployment shall make the place 100 percent secure.

The National Institute of Standards and Technology, USA describes firewall as “it is a strategy for protecting an organisation’s resources and not a single component.” In other words, the firewall controls the flow of traffic between trusted networks and non-trusted networks and as the definition goes consists of multiple components.

A firewall can act as a gatekeeper to your organisation’s network. The basic duty of the firewall is to enforce a security policy to control the flow of network traffic. As an enforcer of the security policy, it is only as good or as bad as the security policy config-ured on it. An ill-configured or mismanaged firewall is much more dangerous than not having a firewall at all.

Without going into the technicalities of the various types of firewalls, let me share with you a must-do list for an ideal Fire-wall Security Policy. This policy shall be applicable independent of the technology you may use.

Traffic originating from the internal net-work, irrespective of the host address of the source, should appear as if it had originated from the firewall and hence none can com-

prehend any internal machine’s address. All requests for usage of a particular

service, either for downloading or upload-ing any information should go through the firewall and no direct connection or contact with any internal machine should be pos-sible from any external source. The same criteria are applicable for traffic from inter-nal hosts to external hosts.

An external attacker sending some mali-cious information as if it is sent from any internal hosts is called as spoofing attack. The firewall should be configured to prevent any such attacks.

Any connection to any third party net-works should be assessed for potential risks and should be allowed through the firewall.

Audit trail or logs should be maintained of any such connections. In general, the log-ging mechanisms available should be utilised appropriately. While immense logging may impede the performance of firewalls, selective prudent logging and regular purging of logs shall mitigate any such performance issues. Logs, so generated, must be analysed on a regular basis for any non-conformities or for spotting of potential odd events. Many tools are available in the market to analyse the logs and generate reports and deployment of such tools shall make the job easier.Multiple individuals – more than one - should be assigned as firewall adminis-trators to make changes and manage the firewall. One person should be the standby

of the other person and both of them should not be able to access and make changes concurrently.

All changes to the firewall should go through normal change management pro-cess. Where possible and appropriate, the changes should be tested before it is put through. Where it is not economical for the organisation to have such a test environ-ment to undertake testing of the changes, there should be review of the physical changes by the standby administrator.

Remote access to the firewall for adminis-tration purposes should be restricted from the internal network only. Where it is need-ed from external networks, say for support by a third party vendor, access should be preceded by strong dual factor authentica-tion. Wherever possible, it must be ensured that the access permitted is restricted to certain pre-agreed timings only.

User account details of the firewall admin-istrators, including the passwords, should be stored off-site in a sealed envelope in a safe. This could be used in the event of a disaster or should a need occur to access the firewall in any emergencies in the absence of the administrators. The data stored in such a manner must be updated on a periodic basis to keep it current – in other words, whenever the administrators change their passwords on the system, the change must reflect in the offsite stored envelopes.

Another typical problem encountered in

Firewalls are construed as a solution for all security problems, while in reality they can end up as a source of multiple problems By Gan SuBramaniam

All changes to the firewall should go through normal change management process. Where pos-sible and appropri-ate, the changes should be tested be-fore it is put through

POINTS4

Remote access

to firewall for

administration should

be restricted from the

internal network only

UseR accoUnt

details of the firewall

administrators should

be stored off-site

DocUmentation

to the firewall should

be developed and

maintained

theRe shoUlD

be adequate firewall

backup procedures

In the Lineof Fire

PH

OT

OS

BY

PH

OT

OS

.CO

M

50 07 DECEMBER 2009 thectoforum.comcto forum 51thectoforum.com 07 DECEMBER 2009

cto forum

t e ch n o lo gY e t h i c s tE cH f or G oVE r NAN cEt E cH f or G oVE r NAN cE s e cu r i t Y

frequent so that they could go through the security guidelines, under-stand incident response process etc . I think with this kind of a soft interface between CISO and users, all of them can be brought under a single umbrella of information security. Unless the branch level mem-ber is aware about such frauds, how can they advise customer about the nuances of phishing incident? How would they know the process to be followed aftermath the security incident?

Developing information security portal for employees will defi-nitely help in creating security awareness. Once top management sends clear message about its benefit and encourage employees to

participate, then ‘visitor hits’ to the portal will automatically increase by many folds. Conducting an opinion poll on a daily basis and felicitating top participants at the end of the quarter can help popu-larising the portal.

What has been emphasised here is “Arrange our own house first” and then educate external customers via SMS , Emails , News paper ads .

Believe me, if your internal employees are well aware about informa-tion security and modus operandi of frauds, they will act as ‘Human Delivery Channels’ and spread the awareness to external customers. —Sameer J Ratolikar is the ciSo of Bank of india

firewall management is the prevalence of ‘Any – Any – Any’ rule. ‘Any – Any – Any’ rule means traffic is permitted from any source to any destination via any port. Such rules are required by administrators when they wish to do some troubleshooting, how-ever, on most occasions are forgotten to be removed after the investigation or trouble-shooting is completed.

Complete documentation to the firewall should be developed and maintained. This should also be kept in a safe and a secure place. This should be kept up-to-date to reflect all changes made to the firewall rules on a regular basis. Should the administrator part company with the organisation for any reasons, any appropriately skilled individual should be able to comprehend the firewall

rules and related configuration by going through such documentation.

Any potential attack on the firewall indicated in the log should be classified as an incident. Incident management procedures should govern the way the incident is investigated for any action, if any, where appropriate. Any internal or external access bypassing

the firewall negates the purpose of existence of the firewall.

Above all, there should be adequate firewall backup procedures. Backups should be taken on a periodic basis and stored offsite. Back-ups should preferably be done on a read-only media so that the information is not over-writ-ten inadvertently. Such backups should also be stored in a secure manner so that it remains accessible to appropriate individuals only.

Last but not the least, if appropriate skills are available, request your internal audit department to undertake an audit on the firewall configuration and management on a periodic basis. You never know as to what surprise may await you. Remember, Caesar dead is more powerful than Caesar alive. — [email protected]

Noted security profes-sional Alastair Mor-rison was right on the dot when he said: “If I were a terrorist or

criminal who wanted to disrupt and steal from your company, I would look at your vulnerability through your staff.” The people aspect of processes and technology will always remain the weakest link in the entire gamut of information security offerings.

My industry CISO friends have been going through the pain of Internet banking frauds like Phishing 1.0 (traditional identity theft), Phishing 2.0 (advanced identity theft) and Vishing etc . When such frauds occur, typical questions asked by top management are:

How did we fall prey to it despite being ISO 27001 certified? (Process in place)

What was the use of sanctioning a budget on upgrading the firewall and IPS? (Technology in place)

They are right about their concerns regarding customer loss, but a tricky situation will be created for such spontaneous questions thrown at CISO becomes difficult to prove that technology doesn’t solve this issue but it is lack of people awareness. Task in hand is to

Make internal customers aware about importance of information leak prevention for the organisation

and net banking frauds make external customers aware about net banking frauds and

precautions to be taken These points can be very well addressed by creating a ‘single window

system’ of security for all the employees at places where they regularly

By the People

Powerpoint Cop

Information security as a culture cannot be sensitised unless you involve your key stakeholder – your em-ployees – in the process By SamEEr J raTOLiKar

Enhancing work ethics using technology By richard GOuGh

Can technology be used to enforce better ethical behav-iour in workplace? Ethical behaviour, in its most basic form, is behaviour that con-

forms to accepted professional standards of conduct. The use of the Internet in the workplace can cause problems especially if some staff use it to access pornography. Using tools like Websense organisations can enforce an Internet acceptable usage policy that ensures they provide a workplace that is welcoming to everyone.

Automated auditing tools are also an impor-tant way of ensuring ethical behaviour is observed in the handling of financial account-ing and other financial based services. Likewise tools that ensure email is not used to disparage other organisation or individuals can also be used. In a survey in the USA it was revealed that around 1-in-five companies had fired an employee for violating email rules. This survey, conducted by the American Management Association and ePolicy Institute, found that 22 percent of the 1,100 U.S. employers who participated in the study said they had fired an employee for email infractions.

I may have sounded like a proponent of moral policing, but this is not the point I’m trying to make. Organisations must have a clear vision and ethics policy in place before it deploys these tools. The staff needs to under-

stand that professional standards of conduct is expected for the business to perform effec-tively. Moreover, these technology tools can work to help enhance the company’s vision, and they can also be used to educate the inter-nal stakeholders.

The delivery of training in work places to the desktop is easy to achieve now by combin-ing computer-based learning modules with corporate videos and seminars. Linked to the network login system organisations can also make sure these training programs are engaged with by all their staff helping get the message across to the entire organisation.

A good example of this approach is the US Department of Agriculture (USDA), which uses a web, based ethics-training program for their staff. The new employee ethics orienta-tion can be viewed here. I think this is a good example where a simple use of technology can be used to enhance ethical behaviour in a company through education.

Providing a means of enforcement and training of ethics are not the only factors technology can take a part of in a company’s ethical work sphere. Used correctly it can pro-vide a channel to report unethical behaviour. An important part of a company’s ethics is allowing and providing a way for employees to report the unfair activities of their colleagues or superiors. For example, a head of a depart-ment who attends lavish events paid on com-pany’s expense. An anonymous web form on the Intranet, a secure voicemail number can also be ways technology tools can help support this vision as well as an internal whistle bow-ing policy to protect the staff.

However, whatever a company chooses to do it must be honest and ethical about the way is goes about its business and this means informing staff of the practices in place that support the ethical behaviour of the organisation. Richard Gough is a chartered iT Professional &

Fellow of the BcS, The chartered institute for iT.

He can be followed at www.richardgough.comILLU

ST

RA

TIO

N B

Y P

HO

TO

S.C

OM

Incident management procedures should gov-ern the way the inci-dent is investigated for any action, if any, where appropriate


Hide time | BOOK REVIEW Auth

or: R

oger

L.

Mar

tin

“Integrative thinkers choose not between,

but of.”


Hide time | CIO PROfIlE

the Opposable mind: imbibe integrative thinking as a part of your pedagogy

Outliving an erapratap gHarge VP and CIO, Bajaj Electricals

this book on integrative thinking, is based on the experience of the author, who is the Dean at Rotman School of Management in Toronto University.

Roger L.Martin provides a work-ing definition of integrative thinking thus: “The ability to face construc-tively the tension of opposing ideas and, instead of choosing one at the expense of the other, generate a creative resolution of the tension in the form of a new idea that contains elements of the opposing ideas but is superior to each.” Roger advocates that integrative thinkers who use the opposable mind go past a series of either-or propositions and in the words of poet Wallace Steven, choose “not between, but of.”

Roger Martin got his idea on opposable minds from the works of Scott Fitzgerald and Thomas Cham-berlain. For Fitzgerald integrative thinking is a naturally occurring capability that is limited to those born with “a first-rate intelligence.” For Chamberlin, it is a skill and discipline that even those of us who

Accepting challenging assignment and making sure that every assign-ment delivers the business benefit is the greatest motivating factor for Prat-ap Gharge, VP and CIO at Bajaj Electricals.

Gharge is a reticent by nature, and he is known to be a workaholic person. He firmly believe honesty, character, integrity and sincerity are the attri-butes one should religiously adopt and success will follow.

According to him, the values passed by parents contributed to make a per-son with character. His father and grandfather played very important role in shaping him. “In-spite of working in police department, my father worked honestly. During my childhood, I had spend most of my time with my grandfather and probably his proximity made me a sincere and hardwork-ing person,” says Gharge.

In spite of getting lot many opportunities to go out of India, he stuck to his roots. He spent a large part of his childhood in Mumbai. He has four brothers and one sister. Three of his brothers are working in Mumbai police. Gharge was not very interested in joining the police force.

the typical features of the integra-tive thinkers’s personal knowledge system comprising stance, tools and experience. He believes that the personal knowledge system that he outlines can help one to become more proficient, provided one has the needed patience and reflection as one proceeds. It takes time to build the skills and discipline.

Towards the end, Roger quotes Peter Drucker in the spirit of whose insight the book was attempted to chronicle the obvious that is usually taken for granted: “One always finds that the most obvious, the simplest, the clearest conclusion has not been drawn except by a very small fraction of the practitioners. One always finds that the obvious is not seen at all. Perhaps this is simply saying that we never see the obvious as long a we take it for granted.”

I consider this book a must for every teacher, student and practi-tioner of management, not just for reading but also for imbibing as a part of their pedagogy. —Prof. C. S. Venkata Ratnam

aren’t geniuses can develop. For, the opposable mind is there waiting to be used. When faced with a dilemma to choose between two diametrically opposite solutions, instead of resort-ing to a trade-off which involves compromise, persist and persevere to generate additional alternatives until you find a creative solution with opti-mal benefit to all stakeholders.

In the second half of the book, Roger gives umpteen examples of how he and his colleagues at the school have developed and used integrative thinking pedagogy in both MBA and executive education programs.

Roger describes the process of thinking and deciding in the follow-ing four phases/stages:Salience: what features do I see as important? Causality: how do I make sense of what I see? Architecture: what tasks will I do in what order? Resolution: How will I know when I am done/

And, then, he proceeds to map

OTHER BOOKS IN THE SERIES

Why education isn’t educatingBy Frank Furedi Price: Rs. 1,393

a Sociological perspective By Alan Cribb & Sharon GewirtzPrice: $69.95

CriCket lOver: Gharge enjoys watching cricket and he loves watching it in stadium. He likes the 20-20 matches, as they are small and interesting. He mentions, “Cricket teaches attributes of life like passion, commitment. Earlier I used to play cricket, but now I do not have much time.”

liSten tO Old SOngS: He is fond of old songs and his favorite singer is Kishore Kumar. He says, “I do have a CD player at home and also I listen to music while travelling, I have good collection of old songs and I also listen to radio programs that plays old songs like Purani Jeans.” One of his

unfulfilled dream is to play musical instruments like Tabla and he is planning to learn it. “I always felt that I can play Tabla very well, but never got opportunity to learn it,” he adds.

reading-tO gain knOWledge: He has forcefully developed the habit of reading as it helps to increase the knowledge and thus makes the person mature. “I have read most of the Marathi literature. I keep reading computer magazines, business magazines, newspapers and of course lot of web content while commuting in my car,” he says.

PH

OT

Os

BY

JiT

en

Ga

nd

Hi

Hide time | BOOK REVIEW Auth

or: J

ames

Su

row

ieck

i

"Xxxxxhe right circumstances, groups are intelligent, and are

often smarter "

55thectoforum.com 07 DECEmbEr 2009 tHE cto forum54 07 DECEmbEr 2009 thectoforum.com

cto forum

Hide time | CIO PROfIlE

Till the time Gharge passed out BSc, he was not aware of anything related to com-puters. After completing graduation in chemistry, he joined one of the textile mills as quality control supervisor. He had hardly completed six months in that job, and there was a textile mills strike that kept him idle. One well wisher from his village who was working in BARC as Scientific Officer guided him to join the computer course. The first computer course he attended was from Datamatics for Cobol Programming. And Gharge liked the concept of programming and automation so much, that he decided to make his career in computers.

He joined Bajaj Electricals in July 1985 as a programmer. During these 25 years, he got several promotions and since the year 1997 he is heading the IT department of Bajaj Electricals. He had developed and re-developed almost all the business applications in four different technologies in these 25 years. The legacy ERP last developed was in Powerbuilder and Oracle database and was used for 12 years. Last year, Bajaj Electricals went for ready ERP applications, along with CRM, SCM, BI, supplier and dealer connectivity solutions from Oracle applications. This project was named as SMILE and Gharge was the project manager.

His wife Mangala is home maker, and he has two sons Vivek and Vinay both are doing engineering. “I personally believe that large portion of my success in life can be attributed to my wife’s dedicated and passionate contribution of managing the home front successfully. She has always taken care of my kids, and she is definitely the biggest support for me,” concluded Gharge. —By Vinita Gupta

Firm follower of karma. He feels that there is

nothing called luck, but whatever one does it will pay

back. If a person is sincere, hardworking and honest

then sooner or later he will achieve what he wants.

Biggest dream is to implement latest technology. Gharge wants to take Bajaj Electricals

on the latest technology platform and the SMIlE

project was one of his biggest dream. Now he wants

to implement the balance score card dashboards for

all decision makers in an integrated manner, which

can help the company to go the next level of

performance management.

Believes in team work and contribution. ecognition and pat on the back are most motivating

factors for most of the people, and he believes in using

them excessively to keep his team motivated.

narayan murthy is his inspiration all along. He feels that Narayan Murthy has changed

the face of Indian IT industry, and this was possible

because of his hard work, sincerity and honesty.

Snap Shot


THINKINGBEYONDCHRIS CURRAN | [email protected] CHrIs CurraN is Diamond Management

& Technology Consultants’ chief technology

officer and managing partner of the firm’s

technology practice. He writes the CIO

Dashboard blog at www.ciodashboard.com

One Million Dollars or One Year The running joke in business is IT departments reply to project requests with one of two answers: it will cost one million or it will take one yearAs We Are nearing the end of the 2010 planning cycle, it’s as good time to reflect on how we plan projects for the next year and whether our pro-cesses this year were as effective as they could be. At one point or anoth-er, everyone working in IT has asked themselves: “Why is everything so complicated.” Priorities change, proj-ects grow in scope, budgets shrink. All the while, we’re forced to explain to the senior management what it is we actually do.

I recently read “IT’s Hidden Face,” a book written by Claude Roeltgen, the former CIO of Credit Suisse in Luxembourg. It explores the inner workings of an IT shop (without a single spaghetti diagram!), and I came away realising it might be the first time I read a book that talks comprehensively about management process and procedures of IT in a no-nonsense manner. Roeltgen ties several sections of the book together with stories and anecdotes that at first appear to be non sequitur, but after digesting the content, I found that all the pieces worked together nicely. Take, for example, a short chapter entitled, the punchcard

permanent within the IT department – as it is in most facets of business. It is permanently necessary to solve problems that others have created. I think we’ve all grown accustomed to this truism, which also gets to the heart of why planning never ends.

IT planning for most companies originates with several IT leaders eliciting business requirements for the year, part of a ‘bottom-up’ process. But a CIO needs the abil-ity and the platform within his or her company to say: Here are the 10 projects on our roadmap and these will guide the majority of our investments, thus greatly stream-lining the process. But at the same time, we need to resign ourselves to the fact that nothing we work on today has a great deal of stay-ing power; it’s simply the nature of technology. Roeltgen notes that when we start projects for new systems, we often know from the outset when that project will be decommissioned.

sorter, and his tale of eating lobster for the first time.

IT planning never truly ends, and it tends to eat up more time than we think. But if CIOs and their teams are getting leaner in planning, they must also help their counterparts on the business side make sense of the organised jungle, a term Roeltgen uses to describe the state of IT in 2009. A jungle of any sort is a chal-lenging environment to map out, but Roeltgen does an excellent job of diagramming the IT shop.

The book devotes significant space to ‘one million or one year,’ the run-ning joke that IT departments reply to project requests with one of two answers: it will cost one million or it will take one year. In my opinion, this chapter is the true heart of the book, and I’d almost suggest read-ing it first. It’s essentially a map for anyone who’s ever wondered about the myriad reasons IT projects can become so expensive and laborious.

Roeltgen describes the notion of near-endless planning in chapter five, Change is the only constant. As he writes, change brings instability and, therefore, instability is inevitable and

“IT planning originates with several IT leaders eliciting business re-quirements for the year, part of a ‘bottom-up’ process”

56 07 december 2009 thectoforum.comcto forum

VIEWPOINT

The threat within. The perils of telecommuting and

enterprise security

remote working, or working from home, is becoming increasingly pop-ular as companies seek economic benefits of moving some of its team out of the office, or having employees that are able to log on at home.

But, businesses could be expos-ing themselves to more risk by using remote workers if the process is not properly thought through and monitored.

Employees that work from home, even on an occasional basis, may do so from their personal computer, rather than a company provided system.

The family computer is unlikely to match the level of security found on the office system. Company data can be easily stored on the machine, and it will stay there unless the employee knows how to purge the data from the system.

Other members of the household are likely to use the PC for their own purposes, such as file-sharing and gaming, which may break company guidelines and bring an additional risk of infection.

In a guide, published last week, we

6. Have strict guidelines in place to prevent others using the company computer (for example children of employees). Educate employees on the risks, and consequences of breaching security policy. 7. Ensure that password protection is strong. 8. Encrypt data, particularly for work-ers ‘on the road’ with laptops that may be stolen.9. Limit risk by avoiding highly con-fidential data being transferred to the remote computer altogether, by using technology such as thin client (Terminal Services over VPN or third parties like Citrix) which process data on the server, without that data leav-ing the server.

Remote working may be a good economic move in times such as these, but failure to produce and enforce procedures designed to con-trol the risk involved in remote work-ing, undermines all of the stringent security measures the business has implemented internally and ulti-mately risks breaching the security of the entire network.

advise businesses to carry out the fol-lowing in order to minimise the risk involved in remote working:

1. Provide the remote worker with a company computer, making this the only way that the worker can connect to the company network.2. Ensure that the approved com-puter is updated with the latest patches, anti-virus software and endpoint security.3. If the employee does connect from a home computer, put policies in place to keep this computer updated with security software (maybe issue an endpoint security license to the user). Limit access to company files and the network, to minimise the threat of a breach.4. Keep full control over what’s installed on the approved computer, and how it is configured. Do not allow unauthorised software or appli-cations to be used. 5. Only allow internet access via the VPN so that company policy on internet access can be enforced at the company’s gateway.

abOuT sImON hErON: Simon Heron

has developed

and designed

technologies

ranging from

firewalls, anti-virus,

LANs and WANs.

He has an MSc

(attained with

Distinction) in

Microprocessor

Technology and

Applications, and is

a CISSP (Certified

Information

Systems Security

Professional).

Simon Heron | [email protected]

at your service

Documents

service eaas page

eaas world

eaas market

business operations

online services

cloud computing

cloud computing services

service capacity