cio september 1 2009 issue

Tracking Performance

How scorecards can help monitor

your business.Page 53

Sharing The Burden

Why e-governance needs a multi-

pronged approach.Page 38

VOL/04 | ISSUE/20

Bu

sin

es

s

T

ec

hn

ol

og

y

l

ea

de

rs

hip

SEPtEmbEr 1, 2009 | rs100.00

www.CIO.IN

Lessons From the third Cio Leadership summit. Page 31

Which way is the cloud blowing? Veteran CIOs give you a forecast. Page 22

Vijay [email protected]

From The ediTor-in-ChieF

TIME: The present.

SCENE: A sparsely-furnished room in the office of the Central Bureau of Investigation. A CIO has been

brought in for questioning. A not too stern looking CBI officer faces him. No one else is present.

CBI OFFICER: Good afternoon, my friend, would you like some tea?

CIO: I don’t want any tea. Why have I been brought here?

OFFICER: Relax, my friend. Have the tea, it will calm you.

CIO: Are you arresting me?

OFFICER: Not as yet, in any case. However, your former CEO stands accused of siphoning

away thousands of crores.

CIO: What has the IT department or I got to do with any of this?

OFFICER: So you say. But my colleagues don’t believe you. They feel it’s impossible to commit

this scale of fraud, without involving the IT guys or the chaps in the finance department.

CIO: I have told you so many times, I don’t know anything! Why are you harassing me?

OFFICER: We haven’t even begun leaning on you as yet, my friend. All we’re requesting is a

bit of help. In any case, let me tell you an

interesting story. A farmer buys crowbars

and hands them to his workers, one of

whom attacks another and kills him.

CIO: So?

OFFICER: So, I arrest the worker in

question and take the crowbar into custody as evidence. Cause and effect, you see. Another

farmer, buys knives and hands them to his workers, one of whom murders a colleague.

CIO: What of it?

OFFICER: I arrest the worker and the farmer, and take the knife into custody as evidence.

The circle begins to widen. Yet another farmer buys guns and hands them to his workers, one of

whom shoots a worker dead.

CIO: What does any of this have to do with me?

OFFICER: Patience. You’ll get to know soon. In the shooting case, I arrest the worker, the

farmer, the gun supplier, and take the revolver into custody as evidence. Things have now moved

beyond the simple.

CIO: So, who do you think I am? The farmer, the worker or the gun supplier?

OFFICER: You, my friend, are the gun. Now convince me you are the crowbar.

How would you account for the sins of your management? What governance controls have

you built into the system? Write in and let me know.

The case for governance controls and audit trails boils down to this: What would you do if your management was accused of committing fraud?

The accountability equation.

The Crowbar or The Gun?

Vol/4 | ISSUE/202 s E p T E m b E R 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2 8/28/2009 12:53:34 PM

Cloud ComputingCOvER StORy CLOuD COvER | 22Pressure for flexibility, savings and speed is driving up CIO interest in cloud computing. But veterans of the tech hype wars say they won’t be won over by big promises alone. Feature by Jarina D’Auria & Kim S. Nash

PLuS:

NINE CLOuD COmPutINg mythS | 28As more IT leaders turn to the cloud, they will be faced by rumors and hearsay floating around the technology. We clear up the fog. Feature by Robert L. Scheier

more» Co

Co

VE

VE

r:

dr

: d

ES

IE

SIg

n b

y M

M S

ha

ng

n b

y M

M S

ha

nITIT

h

h I

Ph

oP

ho

TTo

by

Sr

o b

y S

rIVIV

aaT

ST

Sa

Sh

an

da

Sh

an

dIIl

ya

ly

a


september 1‑|‑Vol/4‑|‑issue/20

contntn enntntn

22

CEO VisiOnThe upturn is around the corner and once again businesses and their CIOs have the chance to do something extraordinary.

32 I Sanjay nayak, Co-founder, CEO & MD, Tejas Networks34 I Gourav jaSwal, Director, Synapse36 I Sumit Dutta ChowDhury, CIO, Reliance Communications

CiO DisCussiOnsThe leadership council provided a platform for CIOs to share their experiences and express their opinions on the value of data to the business, the importance of IT optimization and protecting corporate information.

42 I I iS Data an aSSet?44 I I optimizinG i.t.46 I people power

FOrum48 I a matter of SeCurityThe results of the Indian Information security survey are proof of how enterprises look at security. A panel of eminent IT leaders discuss what exactly is going wrong with information security.

content (cont.)

deparTmenTs

NOW ONLINE

For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. go to www.cio.in

c o.in

Trendlines | 9 Staff management | Keeping Them Happy Quick take | Sunil Kunders on Customer Satisfaction voices | What’s Your Criteria for Hiring New People? Internet | Tapping Into Rural Talent Security | New Age Secret Agents Opinion Poll | Healthcare at Your Service E-mail | Going on an E-mail Diet green It | Datacenters: In the Green Zone

essential Technology | 52 Performance management | Do It Better with Scorecards Feature by Esther Shein Pundit | The Skinny Straw Column by Bernard Golden

From the editor-in-Chief | 2 the Crowbar or the gun?

By Vijay Ramachandran

2 0

Case FileONtARIO tAKES I.t. tO thE NExt LEvEL | 38Ontario’s 13 million citizens get good service from the state via its IT infrastructure, but the local government wanted to do more. So it took a business approach to government IT. Feature by David Carey

peer-to-peerALIgNmENt WIth I.t. BESt PRACtICES | 18IT best practices can continuously improve strategic business performance, but some CIOs are daunted by it. Here’s how one CIO implemented it.Column by Al Kuebler

3 8

6 s E p T E m b E R 1 , 2 0 0 9 | REAL CIO WORLD


All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

Publisher louis d’Mello

AssociAte Publisher alok anand

editoriAl

editor-iN-chieF Vijay ramachandran

AssistANt editors gunjan Trivedi,

Kanika goswami

seNior corresPoNdeNt Kailas Shastry

corresPoNdeNt Sneha Jha

chieF coPY editor Sunil Shah

coPY editor Shardha Subramanian

trAiNee JourNAlists Priyanka

Varsha Chidambaram

Product mANAger oNliNe Sreekant Sastry

desigN & ProductioN

leAd desigNers Vikas Kapoor

Suresh nair

girish a V (Multimedia)

seNior desigNers Jinan K Vijayan

Unnikrishnan a V

Sani Mani (Multimedia)

desigNers M M Shanith

PhotogrAPhY Srivatsa Shandilya

ProductioN mANAger T K Karunakaran

dY. ProductioN mANAger T K Jayadeep

mArketiNg ANd sAles

VP sAles Sudhir Kamath

seNior mANANger Siddharth Singh

AssistANt mANAger Sukanya Saikia

bANgAlore Kumarjeet bhattacharjee,

arun Kumar, Manoj d.,

ajay S. Chakravarthy

delhi aveek bhose, Punit Mishra,

rajesh Kumar Sharma

mumbAi Parul Singh, hafeez Shaikh,

Suresh balaji, Pooja nayak

dipti Mahendra Modi

custom PublishiNg

sr. mANAger mArketiNg rohan Chandhok

coPY editors Kavita Madhusudan

deepti balani

leAd desigNer Vinoj Kn

seNior desigNer Jithesh CC

eVeNts

VP rupesh Sreedharan

seNior mANAger Chetan acharya

mANAgers ajay adhikari, Pooja Chhabra

AdverTiser index

Ibm bC

Interface 1

Krone IbC

siemens IFC

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

mArkeTing & sAles

bANgAlore

geetha building, 49,

3rd Cross, Mission road, bangalore 560 027

Ph: 3053 0300 Fax: 3058 6065

delhi

410, hemkunt Towers,

98, nehru Place, new delhi 110 019, India

Ph: 4167 4230 Fax: 4167 4233

mumbAi

201, Madhava,

bandra Kurla Complex, bandra (E), Mumbai 400 051

Ph: 3068 5000 Fax: 2659 2708

Alok kumAr

global head - Internal IT, TCS

ANil khoPkAr

gM (MIS) & CIo, bajaj auto

ANJAN choudhurY

CTo, bSE

Ashish chAuhAN

President & CIo, IT applications, reliance Industries

Atul JAYAwANt

President Corporate IT & group CIo, aditya birla group

doNAld PAtrA

CIo, hSbC India

dr. JAi meNoN

director Technology & Customer Service, bharti airtel &

group CIo, bharti Enterprises

goPAl shuklA

VP - business Systems, hindustan Coca Cola

mANish choksi

Chief Corporate Strategy & CIo, asian Paints

mANish guPtA

director-IT, Pepsi Foods

murAli krishNA k.

head - CCd, Infosys Technologies

NAViN chAdhA

CIo, Vodafone

PrAVir VohrA

group CTo, ICICI bank

rAJesh uPPAl

Chief general Manager IT & distribution, Maruti Udyog

sANJAY JAiN

CIo, WnS global Services

shreekANt mokAshi

Chief-IT, Tata Steel

suNil mehtA

Sr. VP & area Systems director (Central asia), JWT

t.k. subrAmANiAN

div. VP-IS, Ub group

V. k mAgAPu

director, larsen & Toubro

V.V.r bAbu

group CIo, ITC

governing BoArd



n e w * h o t * u n e x p e c t e d

S t a f f M a n a g e M e n t Tough times make it hard to keep workers — even those at stable organizations — hard to motivated. Here are five ways to keep your organization remains a positive place.

Don't sugarcoat the truth. Open communication is better than silence. Discuss the organization's current situation and future. To the extent appropriate, share plans for riding out the recession. Invite workers to brainstorm about lessons from past downturns could be applied now.

Listen to your staff. By giving your workers a chance to voice their concerns, you'll be able to gauge the overall attitude in the workplace. Because some employees may be reluctant to speak up, you could try strolling through your workplace — do you hear laughter, or are people working in grim silence? Their behavior will provide clues about the prevailing mood.

Assign work strategically.Re-evaluate each staff member's responsibilities and do some fine-tuning so the team can work more efficiently. Make this a collaborative process — ask your staff how best to distribute the workload. There may be duties or projects they would like to tackle, and giving them manageable new challenges can be motivating.

Protect staff from overload. Be realistic about your employees' limits. If you sense that your employees are

overwhelmed, take action before they reach burnout. Determine which projects are urgent and which can be put on hold or redistributed. Or consider bringing in freelancers to provide additional support and relieve pressure.

Reward employees and show appreciation. This is less about offering material things than about the small gestures, such as saying thank you, asking their opinions on ideas and complimenting their efforts. It's a show of how grateful you are for their hard work and loyalty.

Focus on the future. Although you may Focus on the future. Although you may Focus on the future.not be able to make binding commitments or promises, now is a good time to talk with your employees about their career paths. Speak to them about how to make their jobs more satisfying, assist them in reaching their professional goals or provide opportunities for advancement.

—By Dave Willmer

Keeping Them happy

B u S i n e S S i S S u e S Customer delight is something that every company — in every vertical — focuses on. But to gauge customer satisfaction and rake in profits, business and technology need to work together. Kanika Goswami spoke to Sunil Kunders, head-IT, Arvind Brands to find out how it's done:

How does Arvind Brands track and maintain customer loyalty? We have our own loyalty program, a card called Smart One, which we use to track, analyze and reward customer behavior. Basically, the card ensures that that the customer gets the discounts he is entitled to.

What mechanism do you use to measure the level of your customers’ satisfaction?We have a store stock serviceability index. This looks at optimal stock in the store and based on that assesses the basic requirement of that store. The marketing team also conducts a lot of surveys on what customers want, etcetera.

Sunil Kunders on Customer SatisfactionThese surveys are constantly monitored. This is not a pure IT initiative, but a business-IT one.

How high an index does customer satisfactionhold in the retail sector?In the retail industry, it is extremely important, especially, in terms of capturing mind space within the organization. So, all departments focus on how to deliver quality to customers. In other industries, I’d assume it is

as important as it is in retail.

Are CRM applications adequate to manage all your customer related needs? We use a product for loyalty management. In the coming financial year, we plan to invest in a CRM solution. Currently, we have a mechanism where customer feedback is collected and sent back to the head office. Every complaint and feedback is essential as it gives a fair idea of what we are doing wrong and an opportunity to rectify it.

Quick take

Sunil Kunders

Ill

us

tr

at

Ion

by

an

Ilt

REAL CIO WORLDREAL CIO WORLDREAL CIO WORLD ||| s e p s e p s e p TTT e m b e r 1 , 2 0 0 9 e m b e r 1 , 2 0 0 9 e m b e r 1 , 2 0 0 9 999Vol/4 | IVol/4 | IVol/4 | IssussussuE/20E/20E/20

tr

en

dl

ine

S

i n t e r n e t A new online recruitment website in India plans to target the country's rural youth, who have been cut off from jobs in the cities due to a lack of communications infrastructure.

The site, Rozgarduniya.com, (employment world) set up by recruitment firm Monster, will take advantage of a vast network of Internet kiosks in rural areas to help farmers access information on crops, weather, agricultural demand and pricing. The network, called e-Choupal, was set up by ITC to aid its procurement of produce for its agriculture products business.

The website will help employers who are planning to expand their operations in rural areas, besides providing opportunities in urban markets for rural people, said Sanjay Modi, managing director of Monster India.

The tie-up with ITC gives Monster access to about 40,000 villages in nine Indian states. Potentially, one million job seekers could reside in these villages, Modi said.

ITC e-Choupal is expanding quickly, and is connecting three to four new villages every month.

Sanchalaks, the farmers who manage the e-Choupal kiosk for farming communities, are now being trained to help young people submit resumes online, apply for jobs and explore other career opportunities.

There are lots of employment sites, but villagers lack access to the Internet, Modi said. The e-Choupal network helps Monster address a large section of youth looking for jobs in the cities and even in rural areas, he added.

Monster currently gets about 25 percent to 30 percent of applications on its main recruitment website from small cities, but there is very little activity from the villages.

The company's aim is to target all the job seekers in India, whether in the cities and towns, or villages, Modi said.

Monster India and Dishtv, a direct-to-home television company, announced a partnership to offer an interactive online job search service MonsterJobs Active via television. The service targets users in small cities and towns who lack Internet access.

Monster and ITC decided on a separate website for rural job seekers rather than an extension of the mainstream Monster India recruitment site. After surveying rural markets, Monster found that the needs of rural job seekers and the kind of jobs in rural markets are distinct, and required a separate website, Modi said.

The site is managed by ITC e-Choupal and Monster, which will share in the revenue. The site will charge employers, but will not charge job seekers, Modi said.

—By John RibeiroWrite to [email protected]

Lend Your

Voice

What's Your Criteria for Hiring New People?S t a f f M a n a g e M e n t The economy has forced many companies to look for ways to prop up their bottonlines by restructuring. But as the downturn weakens, hiring cycles are slowly picking up. Varsha Chidambaram spoke to some of your peers about hiring strategies, and here’s what they had to say:

“Right now, we are not hiring. We have a huge bench and we are trying to leverage it. Many employees have been pushed into our virtual pool program. We are focusing on getting them back.”

SriniVaS kiShan anapu Head-Internal Is Mahindra satyam

ankur BaSuHead-technology & It Infrastructure, Mjunction services

“One criterion is that they should have inherent competencies in the technologies we work with. A candidate's will to learn, work hard, and be productive as fast as possible are also essential.”

Manoj ShriVaStaVaVP-Group It, reliance aDa

"For senior positions we are looking for well-rounded professionals who can take

on multiple roles across functions rather than

specialists with expertise in a

single domain.”

Tapping Into Rural Talent

Vol/4 | IssuE/201 0 s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Trendlines.indd 10 8/28/2009 12:50:40 PM

tr

en

dl

ine

S

New Age Secret AgentsS e c u r i t y Here are eight cloak-and-dagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations.

Wireless keyboard eavesdropping:Remote-exploit.org has released an open source hardware design and accompanying software for a device that captures then decrypts signals from wireless keyboards. The device uses a wireless receiver that can be concealed in clothing or disguised as a common object that could be left on a desk near a PC to pick up signals.

Wired keyboard eavesdropping: Electromagnetic pulses that keyboards make to signal what key is being hit travel through the grounding system of the keyboard and the computer itself as well as the ground for the electrical wiring in the building where the computer is plugged in. Probes placed on the ground for the electric wiring can pick up these electromagnetic fluctuations, which can be captured and translated into characters.

Andrea Barisani and Daniele Bianco, researchers for network security consultancy Inverse Path, are researching on the topic in the hopes of sparking more public research of these techniques.

Laptop eavesdropping via lasers:Bouncing lasers off laptops and capturing the vibrations made as keys, give attackers enough data to deduce what is being typed. Each key makes a unique set of vibrations different from any other. The space bar makes an even more unique set. Language analysis software can help determine which set of vibrations correspond to which key, and if the attacker knows the language being used, the message can be exposed.

Mobiles: remotely activated bugsSoftware loaded onto certain models of cell phones can silence the ringers and cut off the light displays that would

normally be triggered when calls are made to them. The caller can then listen in on conversations in the room where the phone is located.

Law enforcement wiretapping based on voice print:Phone company voice switches include software that can search all conversations going through it for voices that match sets of voiceprints. Whenever the switch makes a match, it can trigger a recording of the conversation and alert law enforcement officials, says James Atkinson, an expert in technical surveillance countermeasures.

Cable TV as an exploitable network:Because most cable TV networks are essentially hubbed, any node can monitor any other node's traffic, says James Atkinson, an expert in technical surveillance countermeasures. By and large

security is rudimentary and the encryption used could be hacked by someone with basic technical skills and readily available decryption tools, he says.

Cell phone monitoring: Commercially available software claims to capture cell phone conversations and texting. Attackers need to get physical access to the phone to upload the software that enables this.

There are several commercial brands on the market, but there are also online complaints that the software doesn't work as advertised or is more complicated to use than the vendors let on.

Commercial keyloggers:Early keyloggers were devices attached in-line with keyboards, but they advanced to software tools that grab keystrokes and store or send them to an attack server. Commercial versions have the software loaded on memory sticks that can dump the software on a computer and then be reinserted later to download the collected data.

—By Tim Greene

Language analysis software can help

determine which set of vibrations correspond to

which key.

healthcare at Your Service

Electronic medical

records aside, consumers say

IT can make managing their

healthcare more

convenient.

source: nCr/buzzback Market research

Booking appointment

Receiving test results or follow up information

Seeing and managing personal health information

Getting information about healthcare issues

Getting directions to locations within a hospital

Top self-service applications

54%Booking appointment

Receiving test results or follow up information 54%

Receiving test results or follow up information

Seeing and managing personal health information 43%

Seeing and managing personal health information

Getting information about healthcare issuesGetting information about healthcare issues

Getting directions to locations within a hospital

41%

s nCr/buzzback Market research

Getting directions to locations within a hospital 37%


tr

en

dl

ine

S

g r e e n i t The recession is driving green IT into datacenters, and organizations that are facing continued pressure on their budgets and datacenter resource, are now actively investigating software and outsourcing alternatives.

So said analyst house Datamonitor in its , report Can Green IT Bloom in an Economic Downturn.

"The global economic recession has spurred a paradigm shift in the way organizations evaluate, budget for and deploy green IT", said the report's author, Rhonda Ascierto, senior analyst at Datamonitor.

The report said current green IT investments are being driven by compliance with environmental legislation and cost savings. In particular, the report suggested green IT that also eliminates the need for

capex, such as datacenter virtualization, datacenter design and layout, and asset lifecycle management, has become increasingly important as IT budgets remain constrained.

Indeed, Datamonitor says that its research shows IT budgets are likely to remain flat in 2009. This view was backed up when Gartner recently confirmed the gloomy outlook for the IT industry.

Interestingly, Ascierto believes there will be a slowdown in datacenter builds, with a corresponding increase in the use of green IT, with virtualization the main beneficiary.

"Datacenter virtualization is becoming more holistic, whereby various assets, including servers,

storage, communications infrastructure, and business applications, are being virtualized across a pool of datacenter hardware," she said.

Ascierto was also clear that the ROI model for green IT is now compulsory and much shorter. "What has really

shifted nowadays is the ROI model of green IT," she said.

"Before the downturn, enterprises had a vague notion of what ROI green IT would deliver," she said. "It was not necessarily quantified, and there was not a lot of disciplined ROI. But in today's environment, those vague ROI notions have gone, and all capex, and increasingly opex, has to be justified because of constrained IT budgets."

—By Tom Jowitt

GoInG on an E-MaIl DIEt

Datacenters: In the Green Zone The report says that the type of green IT

which also eliminates the need for capex

— such as datacenter virtualization — has become increasingly

important as IT budgets remain constrained.

e - M a i l CIo tony Murabito surveys workers at his company every year, asking them about their experiences and expectations regarding the It systems they use. the responses usually focus on technical issues, which is why last year's comments about e-mail shocked him:

"let's blow up the reply-to-all key!""Why can't people get to the point!""there was just an overwhelming sense that there were no

controls [on e-mail] in place," Murabito says.CIos are in the business of delivering technology, not

curtailing its use. but Murabito decided to do just that. His goal for his company, Cubist Pharmaceuticals is to cut the number of e-mails by 25 percent by training employees how to better use one of the basic tools of the modern office.

this e-mail problem isn't unique to Cubist, says Dianna booher, CEo of booher Consultants and author of E-Writing: 21st Century tools for Effective Communication. "I hear a lot of complains, and there's not a lot of people doing something about it," she says. booher's surveys of clients have shown that 58 percent of workers spend up to three hours a day on e-mail. this isn't a spam problem. Workers at Cubist are complaining about the excessive amount of business-generated e-mails,

Murabito says. they say they trudge through confusing and pointless messages because senders mindlessly hit 'reply all' just to say something like 'thanks.'

Murabito says his research showed that cutting e-mail communications could help each worker recover an estimated 15 to 20 days of lost productivity annually — or 7,000 to 9,000 days every year for the whole organization.

"I never had a project before that could have that kind of roI," he says, noting that his investment was mostly internal staff time and about $50,000 (about rs 25 lakh) in training costs.

He set up a program that would clean out everyone's deleted-mail folders every night and delete all sent e-mails that were over six months old, but some workers resisted, saying they needed those messages.

"It showed they were using e-mails for more than communication. some were using it for document management," Murabito says. this revealed that workers, such as those in the clinical and regulatory areas, need better document management tools (which he's delivering).

Murabito is confident that he can reach the goal of cutting e-mail by 25 percent once everyone is trained later this year.

—by Mary K. Pratt


Trendlines.indd 14 8/28/2009 12:50:41 PM

He was the managing director for a strategic business unit that was part of an international enterprise. I first met him when he was looking for an IT project manager.

I found out, though, that the IT system development project he wanted me to manage had been under way for three years and that it was one year late. Worse, it had been reported to be 99 percent complete each month for the past seven months. The individually contracted junior programmers responsible for the software were nowhere to be found. Instead of the industry standard of three seconds or less per transaction, the response time for the system's online functions averaged about four minutes.

I declined the job offer in a letter in which I suggested that systems being built to improve the productivity of his business unit needed their basic requirements established upfront. I went so far as to say that all such IT systems needed to be developed using something called a ‘systems development methodology’, or SDM. I also sent him a couple of books that explained that SDMs were IT best practices.

Three years went by, and suddenly he wanted to see me again. I found him in a new office, occupying a corner of the corporate building 50 floors above Manhattan. He was now the COO of the entire enterprise, reporting to the CEO and chairman.

He started off by filling me in on what had happened after I had refused his offer. "We did what you suggested in your letter. It cost us a lot to do it, but the darned thing has been running just fine since we redeveloped it using that 'best practices' thing."

He went on, "My responsibilities have changed, and guess what. IT development projects like the one you know about are everywhere I look."

Al Kuebler Peer-to-Peer

Alignment with IT Best Practices IT best practices can continuously improve strategic business performance, but some CIOs are daunted by it. Here’s how one CIO implemented it.

Ill

us

Tr

aT

IOn

by

sa

sI

bH

as

ka

r

VOl/4 | IssuE/201 8 s e P T e m B e r 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn_1_Getting the best out of IT best practices.indd 18 8/28/2009 12:49:33 PM

Al Kuebler Peer-to-Peer

That was why he had called me in. "Here's the deal. I've created a new IT management position. No one knows exactly what it means yet, but I've clearly indicated enterprisewide that I'll no longer fund unproductive business unit IT projects unless my new senior director of systems assurance approves them."

Now, I'm somebody who really likes to build things, and here was an opportunity with an interesting twist: to have some influence over building things properly. I had a few concerns over the staying power of such influence, however.

"I know," he said. "You'll be needing these." He handed me an envelope full of his business cards. "I need the word to get out that I will be happy to personally engage anyone that wants to build a system that doesn't do what is needed, is late or is over budget."

Putting It in PlaceWith that kind of air cover, things began to happen. Still, it took about a year for the best practice systems development approach to be fully adopted. IT folks both at corporate and in the business units were required to attend training in how to apply a standard SDM approach to IT development.

While some parts of some IT development projects had to be completely redone, none of them were declared an entire failure and scrapped. The whole idea was to build on what was already

in place whenever possible. The process of ‘cross-walking’ an existing IT development project to the standard SDM approach continued to improve and, at some level, it always worked. IT projects were now usually on time, as specified and at the agreed cost. An IT fairy tale, with everyone living happily ever after? Not really. Something was still missing.

The Need for ImprovementEven though we were doing everything right, we still wound up with all or partial ‘white elephant’ systems. They either were awkward to use, had features that were no longer needed by the business that funded them, or both. The results weren't disastrous. Changes could usually be made to those white elephant systems to make them more usable. But clearly this was not the best use of IT dollars, either.

Why did this happen? Well, I was too busy cross-walking things to see what was right there before my eyes. It was too obvious. We were using system requirements that had been established up to two years before a system was implemented. With the passage of so much time, we had done nothing to account for changes in the business that occurred in the meantime.

But aren't SDM approaches built to accommodate changes throughout the development process? Yes, certainly. But by itself,

no SDM, no matter how rigorously followed, can automatically accommodate the sudden acquisition of a new subsidiary with a different business model into the capabilities of a system under development. Ditto the divestiture of an existing company or a suddenly imposed major regulation.

Ultimately, the answer was to adopt a higher-order IT best practice. Individual IT development projects would no longer be thought of as standalone ‘IT transactions’. Under a new framework, each IT development effort would be considered an integral and connected part of improving the enterprise's strategic performance through IT. That is, every project would be conceived as a way to avoid cost, improve service and increase revenue at every level. Proposed changes to business or enterprise strategies would now involve something called an ‘IT impact assessment’, which considers not only existing IT operational issues, but IT system development effort issues under way at the time as well. The result? No more white elephants.

Useful FrameworksThese days (with everything Googleable), if I were asked about IT best practices and where they'd be most usefully applied, I'd start by suggesting CMMI for predictable system development outcomes and a way to continuously improve IT development

productivity and IT strategic alignment. For IT operational issues, there is the ITIL, which is useful for those in IT operational roles to consider their contributions as part of what their client's experience, with emphasis on process results instead of precise organizational assignments. And these can be built upon with the ISO 9000 framework for quality management systems.

Something you may find useful to keep in mind in all of this is the fact that every IT best practice embodies the basic principle to continuously improve strategic business performance through the effective use of IT. The upshot of this should be no surprise to you: Stockholders always consider investing in and managing IT around this principle to be smart leadership.

So what? Well, if you're in IT management and you haven't yet looked into IT best practices, you may wish to consider how one or more of them might apply to your situation. All IT best practices contain wonderful guidance to show and communicate their value in business terms. Once past the awareness and trial steps, you'll wonder, as I did, "Why didn't I do this sooner?". CIO

Al Kuebler was CIO for AT&T Universal Card, Los Angeles County, Alcatel and

mcGraw-Hill. He is now a general management and IT consultant and graduate

school lecturer at NYU, De Paul and UCLA. send feedback on this column to

[email protected]

With that kind of air cover, things began to happen. Still, it took about a year for the best practice systems development approach to be fully adopted.

REAL CIO WORLD | s e P T e m B e r 1 , 2 0 0 9 1 9VOl/4 | IssuE/20

Coloumn_1_Getting the best out of IT best practices.indd 19 8/28/2009 12:49:33 PM

The business purpose of customer relationship management (CRM) is to capture new customers more quickly, grow them more predictably, and keep them as loyal repeat customers. A CRM

system should streamline the revenue business process and make every revenue dollar more profitable. And it will — providing IT leaders focus on optimizing the overall revenue business process, not individual point measurements like ‘new leads’.

The revenue business process starts with market planning, audience targeting, and outreach campaigns, and it ends with collections. The process spans marketing, sales, customer service, delivery/fulfillment, and accounting departments. While the sales cycle may take only a few weeks, the revenue process cycle can take as long as several months (if not several quarters) in B2B environments. A flow-chart of the revenue business process will often take up an entire wall, and will include a surprising number of question marks. Trust me, it's more complicated than you think.

Why do leads lie? Leads lie because we think they're saying something that they aren't. A lead is not ready to buy. They're typically not even ready to talk with one of your sales representatives. A lead is merely somebody who indicated "tell me a little more," by clicking on a link, responding to an e-mail, or registering on a site.

Marketing wants to look good, so they market the value of leads. Their thinking goes like this: Easy to measure, straightforward to buy. Declare victory.

Unfortunately, sales departments wants to make money this quarter — and they optimistically jump at the idea of

David Taber ApplieD insighT

Getting Sales and Marketing to Team UpYou can help solve the ongoing row between sales and marketing over leads by focusing on CRM’s true purpose: providing a solid basis for collaboration among marketing, pre-sales, and sales teams.

Ill

us

tR

at

Ion

bY

pC

an

oo

p

Vol/4 | IssuE/202 0 s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn_2_Taking a Hammer to Your Data.indd 20 8/28/2009 12:48:52 PM

David Taber ApplieD insighT

100 new prospects a day. But they quickly find that those 100 leads don't want to take a meeting, and the inevitable frustration with marketing starts to set in.

What’s a Lead, Really?Let’s look at this another way. If you think of the revenue business process as a refinery, it takes in low-grade ore and purifies it to gold. Leads are the low-grade ore, often with conversion rates of 1 percent or less, ready for refining but not for final use. Until the leads are cultivated, nurtured, qualified, and converted to contacts, there can be no sales cycle.

In many B2B and B2C businesses, the unqualified leads that are in the nurturing cycle may be numbered in the millions. Industry statistics show that up to 40 percent of leads may make their first purchase after having been in what’s called a ‘remarketing database’ for 18 months or longer. Even though the exact statistics depend on your industry and target market, this principle applies equally to B2B and B2C markets. This is the whole purpose of marketing automation systems that integrate with your CRM system.

When do leads lie? For most companies, the number of leads is, by itself, almost always meaningless for the big

picture. (The exception is when you're getting almost no leads: this can't be good.) Leads are a nice indicator of market interest, but like measures of ‘visibility’ or ‘market impressions’ it is not a direct predictor of good times ahead for an organization.

Leads start to get meaningful when you include measurements of lead quality, such as conversion ratios, scores, and frequency of activity. They get more and more significant as the leads pass through qualification and conversion steps. But understanding and assessing all the subtleties takes way too much time for most users: they just want to see a number that's meaningful.

And the meaningful number, both for the sales boys and the overall business process, is the number of sales cycles started in a period. The number will be much lower than what the executives like to throw around — and it's throttled by the speed and skill of the sales representatives. But by focusing attention on the number of sales cycles started, it forces the marketing, pre-sales, and sales teams to work together. They have to think about what it takes to create and execute a first customer meeting, and figure out how to do that in a more repeatable manner. Instead of trying to

load up the CRM system with 10,000 new leads, marketing will be trying to figure out how to get 100 people interested and motivated enough to take a call. They'll collaborate on scripts for the telesales folks, and work to solve conversion rate problems, and try to optimize the number and cost of those sales-cycle starts.

Leads and Your CRMOf course leads are a good thing. But there's one more problem with them: despite what you think, they don't really connect with the revenue pipeline. Here are three reasons why:

When a lead matures, it doesn't become an opportunity or a deal. It becomes a contact in your CRM system.

When a contact matures and starts a sales cycle, it doesn't become an opportunity either. The contact might be connected to an opportunity, but in real world CRM systems this happens less than 40 percent of the time (in B2B environments, it may happen less than 10 percent of the time).

So when you look at your revenue pipeline, most of the deals won't refer back to leads. It'll make your lead generation look less important than it really is. This goes double if you use the ‘Named Account’ model of selling.

Even though leads are part of the revenue business process, in most real-world CRM systems it’s hard to connect lead analysis to pipeline analysis.

The bottom line: by focusing on sales-cycle starts (opportunity-creates) rather than leads (visibility events), you'll be able to measure something that's meaningful to the business and provide a solid basis for collaboration among marketing, pre-sales, and sales teams. And that's the whole point of CRM. CIO

David Taber is the author of the new Prentice Hall book, Salesforce.com

Secrets of Success and is the CEO of SalesLogistix, a certified Salesforce.com

consultancy focused on business process improvement through use of CRM

systems. Send feedback on this column to [email protected]

By focusing on sales-cycle starts rather than leads, you'll be able to measure something that's meaningful to the business and provide a solid basis for collaboration among marketing, pre-sales, and sales teams. And that's the whole point of CRM.

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9 2 1Vol/4 | IssuE/20

Coloumn_2_Taking a Hammer to Your Data.indd 21 8/28/2009 12:48:52 PM

Reader ROI:

Where the cloud is on the CIO radar

Which apps are suited for the cloud

The people costs

Vol/4 | ISSUE/202 2 s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Gather a few hundred CIOs in a room for a day and talk of cloud computing billows forth. For CIOs who are already dabbling, projected savings are debated. From bullish analysts and eager vendors, more dazzling benefits are predicted. Yet just as quickly come the caveats. Questions abound on security, reliability and control over corporate data. The biggest shadow of all is cast over what, exactly, cloud computing means.

A recent academic study identified at least 22 definitions of ‘cloud computing’ in common use, from the broad notion of using the Internet to access any sort of managed technology services to the wide-eyed optimist's view that a diverse, powerful lineup of cloud services will be delivered in real time by crash-proof distributed servers "without complicated deployment worries."

The sorry economy is prompting more CIOs to explore cloud computing and its cost-cutting promise, says Doug Tracy, former global CTO for Rolls-Royce. "But it's still an idea that a lot of people don't know a whole lot about."

The core attraction of the cloud is that companies can avoid buying and running hardware, software and other equipment by contracting with a services vendor to run selected systems or applications on its own infrastructure of virtualized servers. The ‘services’ you purchase are delivered in a standardized, multi-tenancy fashion that observers say will save one-third to one-half of your current costs.

That's certainly appealing as this recession forces CIOs to seek ever-greater efficiencies from IT infrastructures already as lean as starving wolves.

Cover Story | Cloud ComputingP

ho

to

S b

y S

rIV

at

Sa

Sh

an

dIl

ya

Ill

US

tr

at

Ion

by

MM

Sh

an

Ith

REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9 2 3Vol/4 | ISSUE/20

"We're under tremendous pressure to provide flexibility and agility and to be driving cost models down," says Charles Soto, vice president of IT at Motorola's Broadband Mobility Solutions business, which recently tested cloud computing services for four different applications. But thinking that cloud computing will release an instant reservoir of savings is a mistake, he adds.

To Arthur Winn, head of pricing at BT Group, the cloud is nothing but a marketing term. The $41 billion (about Rs 205,000 crore) London telecommunications company has been doing what could be considered cloud computing for several years, he says. That is, handing over BT customer calling data to a third party to analyze and then let BT access via the Internet. "As long as we are getting more service for less money each year, we're happy," he says.

Making decisions about an over-hyped, under-delivering technology amid today's unrelenting economic pressures certainly isn't easy. So to help uncloud your thinking, we looked into exactly how several companies across various industries are experimenting with cloud computing.

What we found is that the cloud is an umbrella term for many services, including SaaS and virtualization — anything but traditional computing behind the walls of your own datacenter. If you're worried about being behind the cloud curve, don't be.

Spinning the hype CyCleCIOs recognize this latest hype cycle all too well. When client-server computing was all the early-90s' rage, every vendor slapped the term onto its marketing pitch whether it fit or not. Then it was data warehousing lining up to provide a single view of all your customers at the touch of a button. Next came ERP systems intended to replace the disparate best-of-breed software across business operations.

All of these hype-cycled technologies eventually had a significant impact on corporate computing environments, but invariably at much greater complexity and expense than initially promised.

First, a definition of the cloud that most CIOs understand: You don't own software or hardware and, unlike outsourcing, no equipment is dedicated to you. You access vendor's systems over the Net in a secured

Pressure for flexibility, savings and speed are driving up CIO interest in cloud computing. But veterans of the tech hype wars say they won't be won over by big promises.By Jarina D'aBy Jarina D'aBy Jarina D' uria , Kim S. naSh


Cover Story | Cloud Computing

way. For that access, you pay a subscription fee that rises or falls with how much or how often you draw on the vendor's systems.

Google, for example, offers office basics such as e-mail and word processing, with password protection and a per-user fee. Amazon offers substantial systems such as complete e-commerce or storage facilities, and charges per hour or per gigabyte for various configurations. From a newcomer such as Seattle-based Skytap, which provides virtual datacenter services, you get access to application development and testing environments for a monthly base charge and pay extra for virtual-machine, storage and data-transfer options. Cloud permutations range from network plumbing to business applications (see The Cloud Takes Many Forms).

But using a cloud of someone else's technologies isn't as simple as calling Amazon and then writing a check every month, cautions Motorola's Soto.

He would love to re-jig Motorola's IT to match computing power and cost-to-user demand, whether it falls during a bad economy or rises during a good one. "How do we find a consumption-based model to pay for what we use, to be able to spin them up quickly or shut down without having to be burdened with depreciation schedules in the normal IT process?" he asks.

That idea appeals to many IT leaders considering cloud computing, says Tom Pettibone, managing partner of consulting firm Transition Partners. CIOs have had to design their datacenters to take peak loads. But during off-peak times, that capacity

sits unused and idling at great expense, Pettibone says. "That costs you every day."

In the Skytap experiment, Motorola put four apps on Skytap servers: a project management tracker, a Web design app , an IT asset management database and a Microsoft Active Directory app. For $1,000 (about Rs 50,000), a small group of Motorola employees could test how those apps worked on Skytap's cloud for 30 days.

Motorola is used to getting IT from outside, with 33 SaaS apps in production, including Salesforce.com. But what the cloud experiments showed is that agility and savings come with trade-offs. While Soto estimates the cost at one-third to one-half of what Motorola normally spends on those apps, Skytap's security needs work, he says. Motorola's people could see each other's data, he says. "That's very significant."

Plus, adds Sujit Sinha, senior director of IT strategy and architecture at Motorola,

complying with SOX rules about segregation of duties in the cloud appears difficult. "We didn't see a way to segregate who has rights to do what," Sinha says. That raises concerns about failing a SOX audit, which requires clear evidence of employee assignments that present no conflicts of interest when handling company financial data.

Skytap is learning from its customers, says Ian Knox, the vendor's director of product management. Security settings can be changed to protect data from the eyes of others, he says. A few weeks after Motorola's test ended, Skytap added several reporting and role-based access features to address SOX concerns, Knox adds. In cloud computing in general, Sinha notes, other issues also need to be worked out, such as who has rights to your data. With no universally accepted terms of what a cloud vendor can and cannot do, he says, "you have to work it out in your contracts."

Despite the obstacles, Motorola is moving forward with its cloud initiatives. Next, they will pilot cloud services from a bigger player and, soon, they hope to have a small cloud application in production. Says Soto: "We'd do it yesterday if we could."

game Changing abilityAt BT, what Winn considers a cloud began years ago. Winn's group, which sets rates and deals for cell phone calling plans, had to compete with other departments for time on BT's internal, massively parallel servers. The group couldn't get enough time to test new pricing ideas, Winn says, so they looked outside the company for computing power.

— Atul JayawantPresident Corporate IT & Group CIO, Aditya Birla Group

“I see SaaS and cloud computing “I see SaaS and cloud computing as transformative IT. Of course, there will be risks. But, IT executives should stick their necks out."

— K. murli KrishnaVP & Head CCD, Infosys Technologies

“The risks are high in a cloud environment but it is fairly cost effective.”


BT contracted with Kognitio for "data warehousing as a service," done on the vendor's servers on data BT ships via the Internet. Each month, BT sends the vendor hundreds of millions of call center records, or about 3.6TB of data. Kognitio then performs regression analysis so BT can study customer churn, for example, and what-if scenarios to discover how new price plans would play out.

BT pricing specialists can log in to Kognitio's machines through a Citrix server to play around with the data, making queries using Business Objects tools. "The concept of interested people sharing a common resource has been around forever," Winn says. "It's the model of the combine harvester."

Augmenting its computing resources this way has allowed BT to launch ground-breaking cell phone plans. A few years back, cell phone competition was a race to the lowest per-minute rate.

BT wanted to know whether capped pricing would be profitable. That is, no call would ever cost more than, say, five pence. By applying that theoretical pricing package to a month's worth of real calling data from every BT customer, the company determined that such a scheme would be profitable. So BT went ahead with it. "BT is never going to be the lowest per minute," Winn says. "We needed to change the game."

Winn's group might have done such modeling with Excel spreadsheets on a subset of BT data. But aggregates and averages are a risky way to model, he says. Abstractions can distort results. Working out pricing problems on Kognitio's servers lets BT use actual customer data — and lots of it. "When the answer comes out, it has a lot more credibility," he says. "This isn't a few assumptions in a spreadsheet. It is truly penny perfect."

a Cloud by any other nameJim Swartz, CIO of Sybase, sees potential in cloud computing but isn't ready to give up data to a third-party host. Instead, he has virtualized Sybase's servers — essentially creating his own private cloud — so he can study the best way to use the architecture.

At Sybase, a private cloud of virtual servers inside its datacenter has saved nearly $2 million (about Rs 10 crore) annually since

When putting your systems in the cloud, a few options are available depending on exactly what you want to put there and for how long. Although each vendor offers essentially the same service — a place to move your computing efforts away from your own infrastructure — they break down the pricing in a number of ways. Here's a sample.

amazonElastic Compute Cloud (EC2) provides an environment to run computing resources while keeping control over the data in users' hands and emphasizing pay per use. As users' requirements change, EC2 allows for easy scaling of capacity. Pricing is per terabyte per month, which decreases a few cents as the data amount increases. Users build their own Amazon Virtual image to include customizable features such as an operating system, starting and ending usage dates, security and network access controls, APIs or other management tools and the number of locations.

GoogleApp Engine allows you to build your own virtual application to run Web applications on Google's servers in either Java or Python environments. Resources used by the applications, such as bandwidth and storage, are free for up to 500MB of data plus the CPU and bandwidth needed to serve more than five million page views a month. Once users surpass the free limits, prices are per gigabyte only for the extra resources used. Usage limits can be set so you never use more than what you are willing to pay for. Features include dynamic Web serving, automatic scaling and load balancing, storage sorting, APIs for authenticating users and more.

SkytapVirtual Lab supplies users with a ready-made platform to operate their applications and virtual machines without needing to build virtual machine images. As such, it gives users instant gratification for moving servers to the cloud, especially those requiring temporary usage of computing. Users are able to customize features of the platform, such as access and assets, through a provided management tool. The services target development and testing environments. Subscriptions for limited use of the self-service lab management application start at $500 (about Rs 25,000) per month. For additional fees based on usage of storage and data transfers, users can select an unlimited capacity option.

VmwarevSphere 4 is a virtualization operating system providing the capability to move physical infrastructures into the cloud. By moving all physical datacenters, companies not only save money on computing and energy-related costs but also have one silo for storage and resource management. Pricing starts at $166 (about Rs 8,300) per processor or $995 (about Rs 50,000) for three physical systems and varies depending on the edition purchased. Depending on the size of the company, different versions are available and include different features, such as vMotion management tools, VMsafe security APIs and data recovery, among others.

— Jarina d'auria

Many FOrMSThe Cloud Takes

A sampling of service providers, prices and features.



2006, Swartz says, because the company can share computing power and storage resources across servers. The virtual setup also lets Sybase move data electronically from one physical site to another, for a more agile disaster recovery program.

Whenever you hear the term private cloud, understand that it's "nothing more than virtualization," notes David Linthicum, principal of Linthicum Group, a consulting firm that specializes in enterprise architecture and Web technologies. Virtualization lets CIOs take advantage of the economics of cloud computing but within their own walls and under their own control.

Virtualization has certainly saved money for Norton Healthcare, a non-profit hospital system, although CIO Joe DeVenuto declines to cite exact figures. Norton recently revamped its datacenter with vendor Emerson Network Power, installing 160 virtual servers. The goal was to milk every drop of computing power and storage capacity from its machines. Virtual servers scale up and down fast, and new ones can be added in less time than it takes to configure a traditional server, DeVenuto notes.

Cloud vendors might be even more efficient than he is, De-Venuto says, but that extra oomph isn't worth the risk of letting go of patient data from Norton's four hospitals, 10 urgent care facilities and 60 doctor's offices. He would consider cloud for disaster recovery, he says, but not for primary computing. "I'm fairly conservative. It's a struggle for me to put patient information in the public cloud."

e-mail optionS to exploreOne organization more willing to farm out some of its data is the United States Golf Association, which governs the rules of golf and runs 13 championships every year. Daily operations at the USGA rely heavily on their own e-mail system because they are in continual contact with their constituencies, such as state and regional golf associations, USGA members, championship host clubs and the general golfing community. Even an hour of downtime would cause major disruption to this workflow, says Jessica Carroll, managing director of IT.

Carroll wanted to revise an existing e-mail backup plan that would take hours or days to recover. Under theplan, IT would handle the entire recovery process, including ordering new hardware to start from scratch. To take the weight off her team's shoulders and to make sure the company wouldn't lose data

or productivity, she signed a deal with IBM to host a replication of USGA's e-mail system in IBM's datacenters.

If a USGA server hits a problem, Carroll can click a button to switch to the replicated version that IBM maintains for her without USGA users noticing a thing. Then her IT department can fix the internal issues. The e-mail system carries USGA's most critical data, such as membership information and correspondences between the constituents.

But before Carroll could feel comfortable with the deal, she extracted stringent service-level promises from IBM. For example, in the event of a short-term outage like as a hardware failure, IBM must immediately provide a year's worth of backed-up e-mails for senior management of the USGA staff so they can continue work. In the event of a full-blown crash, IBM would provide multiple years' worth of messages. The hardware and software for this kind of backup and recovery system would have cost the USGA too much to do on its own, Carroll says.

Hamilton Beach Brands also dipped a toe into cloud computing via e-mail. When the time came to upgrade Lotus Notes last year, the appliance company hesitated. Hamilton Beach hadn't refreshed Notes in three years and Jerry Hodge, senior director of information services, knew jumping from Notes 6.53 to version 8 would force him to upgrade his IBM iSeries servers and retrain the 500 users on the system. A lot of expensive work just for e-mail, he thought.

Hodge asked his staff to look into Google's Gmail service, among other alternatives. E-mail isn't a competitive differentiator,

— sunil mehtaSr. VP & Area Systems Director, Central Asia , JWT

“There should be a complete risk-“There should be a complete risk-mitigation analysis of the cloud. And risk mitigation will effectively negate for what you are trying to save.”

— manish ChoksiChief - Corporate Strategy & CIO, Asian Paints

“The technology is in a very early “The technology is in a very early “The technology is in a very early “The technology is in a very early stage and we are in no hurry to stage and we are in no hurry to become early adopters.become early adopters. We are still considering the kind of applications we considering the kind of applications we can put on the cloud; a combination of SaaS and cloud computing is an interesting possibility."


he reasoned. By subscribing to Gmail for a monthly per-user fee, Hamilton Beach would avoid the expense of new hardware, software licenses and training. Because Google provides archiving and retrieval, Hodge also figured he'd save on items such as backup tapes and disks and the IT labor to support electronic discovery for lawsuits or audits. "Over five years, the cost would be half," he says. Such savings in capital and ongoing operating expenses were too compelling to pass up, he says. "Let someone in the cloud run e-mail and free up my guys' time to work on stuff that does make a difference."

doubting the CloudIt's one thing to put a basic, almost self-contained system like e-mail into the hands of an outside service provider. Quite another to off-load more interdependent applications filled with sensitive customer or competitive data, says Tracy, who recently left Rolls-Royce to become CIO of Dana Corp. "I don't think there's a mad rush for people to put their ERP systems in the clouds," he says.

For Tracy and other skeptics, security and reliability issues raise serious questions. Outages of Gmail for several hours in February and April frustrated a mass of customers. Amazon, too, has experienced outages due to authentication overloads and other problems.

How much these issues matter will vary depending on the criticality of the system and the risk tolerance of a CIO, Tracy says.

Security is especially important at Rolls-Royce, which makes such items as jet engines for military aircraft and power systems for

Navy ships. (The fancy cars are made by BMW.) As a defense contractor, the company is bound by strict federal technology and physical security regulations. He contemplated cloud computing but not with Amazon or Google partly because, he says, they won't let customers inspect their datacenters — and that's a show-stopper for Tracy. "You say you want to try cloud computing, but it's only a few hundred bucks a month to them and they say it's not cost effective to allow this tour," he says.

Google, for one, has heard this criticism before. Its response is that customers can feel comfortable with Google Apps because its systems and processes have passed a SAS 70 Type II audit of controls in place to protect data. Google has also published on its enterprise blog some of the ways it manages customer information.

That helps a little, Tracy says, but it's far from enough when he worries about

exporting sensitive data. "That requires us to understand where the data is hosted and who has access, [even] the nationality of everyone who is a system administrator," he explains. "That's not feasible in cloud computing, where processing could be in any datacenter around the country at any given moment."

the people CoStSAdopting cloud whole hog could cut IT staff by 10 percent to 15 percent, according to McKinsey. That's just what no one below the CIO wants to hear. At Hamilton Beach, which simply handed over e-mail to Google, Hodge says he saw fear. "My team was apprehensive about the cloud. Thought it would put them out of a job." But no one has lost his job because of cloud computing, he adds. Instead, he's been able to reassign duties to let staffers do more productive work in areas such as business continuity.

At a CIO Perspectives gathering of IT leaders, the enthusiasm about cloud computing's potential was tempered by sobering worries about early-stage hurdles. Still, the group estimated that within five years, between 25 and 30 percent of most companies' IT strategies will include cloud services.

"The will to experiment is there," notes Shiva Swamy, executive vice president of IT services firm ZSL and one of the attendees. "Surely the bad economy provides the impetus, but there are many unknowns that we all have to figure out together." CIO

Kim s. Nash is senior editor. Jarina D'Auria is a boston-

based freelance writer. send feedback on this feature to

[email protected]

— satish DasCSO, Cognizant Technology Solutions

“We have deployed the cloud for “We have deployed the cloud for some internal consumption but some internal consumption but found that there are significant security risks; significant contractual, legal, and disruption risks.”

— K.T. rajanDirector Operations, Information Systems & Projects, Allergan India

“It will take some years for the “It will take some years for the model to mature but the technology model to mature but the technology is highly beneficial for SMEs.is highly beneficial for SMEs. It It makes sound business sense for them because of the flexibility it provides and its cost effectiveness.”

Wherever you turn, someone's ready to tell (or sell) you something related to cloud computing. Cutting through the myths is essential to deciding whether, when, and how the cloud is right for you. Here's our top list of myths.

Myth No. 1There's one single ‘cloud’There are at least three forms of cloud computing, each with different benefits and risks. They are:

Infrastructure as a service (bare-metal virtual servers available on demand from the likes of Amazon's Elastic Compute Cloud)

Web services providers, or ‘platform as a service’, which are APIs or development platforms that let customers create and run apps in the cloud

Software as a service, applications such as Salesforce.com's CRM software that users access over the Internet with little or no code running on their own machines

The type of application you're running and the kinds of data you're generating also make a big difference in whether — and how — to move to the cloud. Which leads to:

Reader ROI:

Why the cloud isn’t as easy as vendors claim

How its different from virtualization

What to expect in the future


As more IT leaders turn to the cloud, they will be faced by rumors and hearsay floating around the technology. We clear up the fog. By RoBeRt L. ScheieR


Cloud Computing


Myth No. 2All you need is your crediT cArdIf you're a lone developer with time to

burn, configuring a virtual bare-metal server from the command prompt may be no problem. But if you have a business to run, installing and configuring the OS, multiple applications, and database connections could get in the way of generating revenue. And if you're big enough to have any standards for security, data formats, or data quality, someone has to do that work, too.

Some vendors imply that a business user "can just go in and buy a development server in 15 minutes that's as good as the one it would take their IT department three or four days to provision," says Michael Kollar, chief architect at Siemens IT Solutions and Services North America, which virtualizes about 2,500 servers to provide cloud-based application services to internal users as well as external customers. However, he says, that cloud-based server may not be secure, meet corporate standards, or be integrated into the wider IT environment.

For example, even a Web server thrown up in the cloud for a short-term marketing campaign might need to meet corporate security and data format standards. That's because the customer data it gathers is subject to the same corporate and legal standards as ‘real’ IT systems, says Kollar, and it must be usable by corporate analytic or customer tracking systems.

Many infrastructure-as-a-service players also can't meet the needs of enterprise applications. Phil Calvin, founder and CTO of Sitemasher, tried to find a cloud provider to manage the servers he now manages himself in a collocation facility. However, he says, "we couldn't find anyone to scale our standard servers" on demand. Nor could the cloud vendors provide the low-latency performance he requires or do global load balancing across datacenters.

Amazon.com recently announced a public beta of new features that include auto-scaling, monitoring, and load balancing. In a blog post, cloud management vendor RightScale said the new capabilities were a step in the right direction but appeared to lack necessary capabilities such as configuration management and lifecycle management.

Myth No. 3The cloud reduces your workloAdIn the long run, maybe. But to get

started, you have to figure out which model of cloud computing is right for you; which applications or services are best suited to it; and how to ensure the proper levels of security, compliance, and uptime. And remember, monitoring the performance of any vendor takes extra time.

"When you're running production applications, there's a lot of thinking that goes on in terms of redundancy, in terms of reliability, in terms of performance and latencies," says Thorsten von Eicken, CTO and founder of RightScale. Before moving applications to the cloud, customers need to ensure those requirements are met, he says, calling it "wishful thinking" that cloud-based systems automatically manage themselves.


In addition, not all apps are right for the cloud. Those relying on clustered servers, for example, aren't good fits for cloud environments where they share resources with other customers, says James Staten, a principal analyst at Forrester Research. That's because they require identical configuration of each server and large dedicated bandwidth among servers, which can't always be guaranteed by a cloud vendor. Again, thinking through these issues requires work, at least up front.

Myth No. 4you cAn seAmlessly blend privATe And public cloudsSome cloud evangelists hold out the

promise of the best of both worlds: the control provided by an in-house datacenter and the low cost and flexibility provided by the cloud, with the ability to drag and drop applications, storage, and servers among them as needed.

But it's not yet that easy, at least for a complex multi-tier application that depends on internal databases and that serves thousands of users with ever-changing access rights.

"Currently, it takes a lot of footwork, and a lot of manual re-configuration, and lots of engineering effort" to move applications among public and private clouds, says Staten. And even then, "we're still in the 'I hope it works' phase." Seamless integration is easier if customers are running the same platforms in both the public and private clouds, he says, but for the typical, more complex environments standards efforts such as the Open Virtualization Format are still "very basic" attempts to ease interoperability.

The key requirements, says Siemens' Kollar, are a security infrastructure that can span both environments, secure and cost-effective ways to either replicate data or access it across the public and private clouds, and orchestration software to ensure that services are working as required and proper steps taken to repair them if they aren't.

Renata Budko, vice president of marketing at virtualization management vendor HyTrust, says the best candidates for movement are those with relatively few modules and tiers, that are relatively "stateless" (not overly dependent on the timing and sequence of processing events), and those with relatively few user profiles to track. "If it's an internal cloud, you can access the policy database within the same cloud," she says, while customers may be reluctant to host sensitive security data in an external cloud or allow external access to their internal security data.

Having said that, beware of:

Myth No. 5you won'T ever be Able To seAmlessly blend your public And privATe clouds

Vendors are scrambling to provide such seamless blending. Kollar, for example, expects to provide it to his customers within 12 to 18 months. Until it's widely available, RightScale's Von Eicken recommends standardizing configurations, data models, and Il

lU

St

ra

tIo

n b

y M

M S

ha

nIt

h

automated deployment policies for both public and private clouds. That allows you to take advantages of the public cloud when it makes sense today, while building a foundation to do more sharing of public and private resources as the technology, standards and processes mature.

Myth No. 6cloud compuTing AlwAys sAves you moneyMcKinsey & Co. recently released a hotly

contested white paper claiming customers are only likely to save money when running specific platforms, such as Linux, in the cloud. For an entire datacenter, the report says, you're better off staying in-house.

McKinsey declined to comment, but in a blog posting, Google Apps senior product manager Rajen Sheth said that the study erred by only considering the savings of using low-cost servers in a highly redundant architecture. It neglected, he says, the additional money customers save by using "the same scalable application server and database that Google uses for its own applications" and not having to purchase, install, maintain, and scale their own databases and application servers.

Another wild card, say Staten, is that under current licensing and support models, customers could pay significantly more to their commercial software vendors by deploying their software in the cloud than they would internally.

Myth No. 7A cloud provider cAn guArAnTee securiTyEven if a cloud provider has every

security certification in the book, that's no guarantee your specific servers, apps, and networks are secure. When it comes to, say, compliance with the credit card industry's PCI DSS (Payment Card Industry Data Security Standard) a retailer or credit card processor is audited on how well their servers and applications are deployed on the platforms provided by a cloud vendor such as Amazon or Google. "If you set up your applications badly," says Staten, "it doesn't matter how secure the platform you're running on is."

Securing Siemens' cloud environment required looking at IT "from the outside in" and securing every conceivable path by which a user could access critical information, says Kollar. Securing each platform was not a significant challenge, he says, but ensuring all the needed security technologies worked together was.

Staten says it may require "architect-to-architect" sit-downs to assure a vendor hasn't, for example, cut costs "by simply giving each customer their own table space in the same database," as that would allow any customer to see any other customer's data.

In the cloud world, it's easier than in the physical world to assign new network interface cards to a virtual machine that might link it to an insecure network, says HyTrust's Budko. An organization's existing firewalls would have no way of knowing


the new NIC exists and that it needs to monitor traffic through it, she says. Potential threats like that make it important to independently assess, rather than blindly trust, a cloud vendor's security infrastructure.

Myth No. 8if you're running vms, you're doing cloud compuTing

Virtualization — creating logical servers or storage that span multiple physical devices — is one of the requirements of cloud computing. But having VMs doesn't mean you have cloud computing. To reap the full benefits of virtualization, IT or its cloud providers also must provide the ability to grow or shrink capacity as needed, provide pay-as-you-go pricing, and let users easily provision new servers and storage themselves as needed.

Letting users do some of the work of ordering virtual servers (especially those preconfigured for specific tasks) is a key money-saving goal of some cloud customers. But such self-service doesn't automatically happen just because you're running software such as VMware Infrastructure 3. Siemens, for example, had to make "a significant investment" in developing a standard catalog of virtual servers and related services users can order as needed from its private cloud, says Kollar.

Myth No. 9cloud compuTing is AbouT TechnologyTechnology makes cloud computing

possible, but realizing cost savings and flexibility also requires that you have the right processes. The virtualization that underlies cloud computing "is very dynamic and allows a very high rate of change," says Budko, as customers move data and applications among physical devices. "What's missing is the ability to manage it smoothly," avoiding a sprawl of unused or underused virtual machines that soak up electricity, cooling, and management time and possibly create security risks — just as unmanaged physical servers do.

Using standardized processes in the cloud can, on the other hand, increase efficiency. Using the Information Technology Infrastructure Library (ITIL) management framework in combination with technologies such as virtualization, Siemens has reduced its IT management and administration task by 25 to 35 percent, says Kollar.

The TruTh AbouT The cloudWhat's the takeaway? That the cloud isn't a magic wonderland of carefree computing, but a complex resource that requires understanding and hard work to manage correctly. And that's no myth. CIO

send feedback on this feature to [email protected]

Vol/4 | ISSUE/203 0 s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

CEO Vision

Depending on who you listen to, the good times are back — or are going to be here soon enough. In a couple of months, risk-taking is going to be back in style, which makes it important to remind ourselves to sniff out the opportunities out there.That is why, at its last Leadership Summit of the season, CIO brought together three people who, individually, bring some of the elements needed to pull off the extraordinary. Sanjay Nayak points out the possibilities; Gourav Jaswal tells you how to make the right choices; and Sumit Dutta Chowdhury explains how he pulled of an idea many CIOs would consider unusual.

The upturn is around the corner and once again businesses and their CIOs have the chance to do something extraordinary.

Hope'sThe upturn is around the corner and once again businesses and The upturn is around the corner and once again businesses and The upturn is around the corner and once again businesses and In the Air

Scanning for OpportunitiesSanjay Nayak, Tejas Networks Page 32

Choice MakerGourav Jaswal, SynapsePage 34

Big New IdeaSumit Dutta Chowdhury, Reliance CommunicationsPage 36Page 36

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9 3 1Vol/4 | ISSUE/20

Sanjay Nayak, Co-founder, CEO & MD, Tejas Networks, says that although India is ripe for product development, it still needs to break a few barriers. as told to priyanka

“People’s mindset is the greatest challenge.”


CEO_Speaking.indd 32 8/28/2009 12:39:16 PM

CEO Vision

The global crisis presents an opportunity for people in India. The technology industry, in particular, works

very peculiarly. One company builds something that is cutting-edge and once that technology starts getting old and ROI has already been derived, the technology moves to the third world countries, now called emerging markets. This is how things used to work. But the global market is now beginning to shift.

For instance, five years ago, 70 percent of capex in the telecom industry was located in the US, Europe and Japan. Today, the traditional western markets hold about 50 percent of this share and the incremental growth is coming from the emerging mar-kets. Thus, new technologies today have to be driven by these emerging markets to become successful.

I also think that innovation now holds the key to a thriving business, and innova-tions in terms of new product development will gradually move to places where pro-cesses are carried out more efficiently. And this is a big opportunity for India.

Advantage IndiaIndia has a fairly large domestic market today with many sectors making huge progress: the telecom sector, consumer electronics, and the Defence industry that is fast becoming the ‘anchor industry’ as it fuels innovation.

India is also favourable because it pro-vides the ground to leverage innovation. Work that is done for 100 $ (about Rs 5,000) in the US can be easily done with a quarter of that amount in India. At the same time, this augments prospects for growth because if a company would spend double the amount in R&D, the work would still be done in half of what it would cost in the US.

That’s why, apart from a growing talent pool, India also offers investors ‘capital efficiency’. Most of the VCs today would

want to invest in India because they are likely to make profits with relatively less capital investment. Finally, industries in India have gradually become partnership-oriented as compared to China or other European countries. Most companies that come here invariably talk of a comfort fac-tor. Companies have now mastered the art of sustaining a long-term relationship with potential investors.

The Flip SideThese factors together create an environment and an ecosystem for Indian companies to become world leaders in product development. But like in the case of any other proposition, there is a flip side to the great Indian advantage too: There are still not too many Indian world-class product companies.

The reasons are many and the underly-ing factors are not difficult to realize. There is a lack of a 'product company' ecosystem. When we started Tejas Networks, the pro-duction of most of the products could not even begin in India. And this is a major problem because when you are building prototypes, you need to be close to a manu-facturing unit, which is difficult to get hold of here.

But that’s just the tip of the iceberg. The mindset of the people here poses, by far, the greatest challenge of all. Most compa-nies view their problems in a very confined sphere and would solve only that minus-

cule part of the larger problem that is indi-vidually handed over to them. For example, they don’t assess whether their product is commercially successful or not. Whereas, product companies usually exhibit the reverse trend. The implementation of the product is definitely important, but the bigger gamble begins with the prospects of using it best for commercial benefit. Most of these challenges are unique to India. Technology is treated as a means and not as an end, and weightage is given to products that provide a higher ROI. In spite of a gradual shift, the Indian market still remains largely capex oriented.

Unlike China and other South Asian countries, there is no government support in India to globalize. Despite these chal-lenges, what we did right as a company is not difficult to replicate. We dreamt big from day one. We realized that as long as the direction we are taking is correct, it doesn't matter if we have all the facts and figures right from the beginning.

We understood the customer and the market well. We could also modify our actions according to the changing environ-ment, and we realized that the bigger prob-lems eventually precipitated to smaller ones that could be easily taken care of. And once you can do that, you get a sense of accomplishment that is both fulfilling and deeply motivating. CIO

priyanka is trainee journalist. send feedback on this

column to editor @cio.inPh

ot

oS

by

Sr

IVa

tS

a S

ha

nd

Ily

a


pros a large and emerging domestic

market.

Favorable for leveraging innovation.

offers investors capital efficiency.

ability to maintain long-term

partnership with investors.

Product Development In India

Cons restricting mindset that doesn't

explore options.

lack of an ecosystem conducive for product companies.

absence of manufacturing units.

Poor government support to

globalize.


Gourav Jaswal, founder and director of diverse

entrepreneurial businesses, talks

about how heuristics can shape a CIO’s

business decisions. as told to kanika Goswami

“Why We Choose

What We Choose.”



CEO Vision

Entrepreneurship is not the easiest of career decisions. The crux of many entrepreneurial decisions lies in an insight of what sells and

how to sell it. The trick is to know what makes customers decide to buy the things they do. Often, many of these purchase decisions are based on the science of heuristics.

In psychology, heuristics refers to the cognitive shortcuts the human brain takes as it solves problems and makes decisions. These are rules that the mind uses unconsciously and are hard-coded into the human brain by evolution.

There are multiple types of heuristics. Here is one example. Most people assume that the more they pack on a retail display (of one type of product, say jams), the more they will sell. The more choice, the better, right? Yet, studies show that 30 percent of people will buy when they are given a choice of six products. Compare that to the meagre 3 percent who buy when they are shown 24 types of the same product. More choice is not always better. A large array of options diminishes the attractiveness of what people actually choose when they are buying, because subliminally they are held back from making a purchase by the thought of the option they didn’t choose. This is called the tyranny of small decisions.

A Multiplicity of HeuristicsHeuristics play an integral role in decisions people make — including CIOs. That is why it’s important to understand how it works. Here are some heuristics to watch out for.

The anchoring heuristic. This is the human tendency to rely too heavily (or ‘anchor’ their decision-making process) on one piece of information to the exclusion of others. Businessmen employ it to their benefit when they put an extremely expensive shoe on display — one they know they will never sell. It’s sole job is to raise the bar, thus making their other shoes (which would normally seem

expensive) seem less expensive. It’s also a trick negotiators use when they start at extreme ends of a price range.

“People’s reaction to estimation problems is strongly influenced by a number they have been anchored by, even if they know it to be random,” says Daniel Kahneman, Paul Slovic and Amos Tversky, in Judgement Under Uncertainity: Heuristics and Biases.

To avoid falling for this, CIOs should ask themselves: What am I anchored to when deciding what price is reasonable for an enterprise purchase? What are the factors I focus on when deciding which companies to partner with for service contracts?

The availability heuristic. This is the propensity people have to base the frequency of an event on how easily they can imagine it. Take for example, how most people are certain that there are far more words that start with ‘r’, than words in which ‘r’ is the third letter — even though the latter outnumbers the former. It’s also why people were so afraid of catching the mad cow disease a few years back (which killed less than 500 people worldwide) — even though they were more likely to die on the way to a restaurant and eating infected beef there.

What does that mean for CIOs? Because they are leaders, where CIOs focus their energies is crucial — and open to influence from unjustifiable perceptions. CIOs should ask themselves: am I allocating my time, money, and resources based on the real needs of my organization, or am I being swayed by the opinions of others?

Representativeness Heuristic. This is a cognitive bias that compels people to assume commonality between objects of similar appearance, or between an object and a group it appears to fit. Take for example, how most people are more likely to slot someone who's intelligent but uncreative and has a clear and orderly mind as engineer rather than a doctor. This can be a worry for CIOs because they could be basing their decisions on who they partner with — be it colleagues or vendors — based on pre-

conceived notions like so-and-so is ‘anti-enterprise’. These decisions could limit their choices and those of their organizations.

Escalation of commitment. As decision-makers, CIOs also need to watch out for this mental trap. It’s the hard-coded rule in people’s heads that drives them to justify an increased investment in something only because it sits on top of a prior investment — immaterial of whether the decision is sound. To the human mind, losses have more than twice the psychological impact of equivalent gains. So people make a sizeable investment and mentally pass the point of no return after they make that first commitment, forcing them to invest further and add to a bad decision. It explains why some people continue to invest in a losing stock, instead of cutting their losses and moving elsewhere. This pushes them to be economically inefficient and to allocate resources badly. Another example is America’s continued participation in Vietnam from the 60’s to the middle of the 70’s despite knowing better. A CIO should keep their guard up and beware of their own technology Vietnams.

Effort heuristic. Another type of commitment that can force people, including CIOs, into pursuing false objectives is effort. According to the effort heuristic, the human mind assigns the value of an object based on the amount of effort that goes into acquiring or creating it. Take for example, how money that comes by without too much work is put in a separate mental account. Some people call this mad money, because people don’t mind parting with it because it was not ‘hard-earned’. For a CIO, this could come in the form of an extra-large budget when things start looking up again.

This is not to point out that heuristic decisions are bad. Often, these hard-coded rules work. But like all systems, it is not infallible and being prepared and warned can help people take a step back and ask whether their deductions are correct. CIO

Kanika Goswami is assistant editor. send feedback to

[email protected]



Sumit Dutta Chowdhury, CIO, Reliance Communication, shares how his personalized Web 2.0 initiative dramatically improved efficiency. as told to sneha Jha

We are in the business o f d e l i v e r i n g communication to the world. It is obvious then

that our internal communication channels should be efficient.

And we thought they were. For about seven years, we had been working with an intranet-cum-knowledge management system called Gyan Mandir. But because it was very static, people were not really interested in it. Nevertheless, they used it for want of a better option. The portal lacked the functions needed for increased collaboration. I saw the need to revamp it and I had more reasons than one.

We have a very young employee base. For example, in my team of 2,500 people, the average age is 27. That’s the demo-graphic profile of our internal consumers. They have grown up in a complex digital world. The new generation of employees

“Create a personal space at the workplace.”



CEO Vision

us suggestions. These user-friendly widgets have created a very different behavior pattern within the organization. It has enhanced visibility and transparency. There is a greater degree of accountability among the employees. The level of employee engagement has gone up by several notches, which is a sign of a healthy organization.

Single sign-on access to various applica-tions and reports on the dashboards has increased visibility of time-sensitive infor-mation. It has also enabled faster decision-making. It has brought down our Internet bandwidth usage by 25-30 percent.

The Web 2.0 intranet has ended the paper trail of office applications. Now that information is uploaded on the intranet, paper usage has reduced. We took a look at the 135-networked printers at our cam-pus in Vashi and in the first month we saw a 19-20 percent reduction in paper use. We also saw 40 percent reduction in the load on backend servers. This has future-proofed my back-end applications.

With scraps, SMSs and chats — modes of communication that people use these days — instead of waiting for an e-mail response or following up continuously, they can get an instant message going between each other and can resolve prob-lems faster. My World has helped us dis-seminate information better. It has boosted enterprise efficiency and team synergy. The initiative has resulted in cost optimi-zation on various fronts, especially at a time like this.

Today, our employees can do 50-60 percent of their work through this per-sonalized interface. Post-launch, we also conducted a survey on the number of pro-ductive hours the users were saving: Users saw an 18 percent improvement in their productivity. These are results that, I can proudly say, are encouraging. CIO

senha Jha is correspondent. send feedback on this

column to editor @cio.in

18 percent increase in productivity

25-30 percent reduction in Internet bandwidth usage

40 percent reduction in the load on backend servers

19-20 percent reduction in printing

Widgetizing the Workplace

want to communicate using Web 2.0 tech-nologies in the form of blogs, wikis and IM. They needed a platform to share knowl-edge and make use of corporate informa-tion more productively.

So, I started looking for an option to boost internal communications, coordina-tion and cooperation.

Welcome to My WorldI decided to use Web 2.0 concepts and put it up on our intranet. We started by looking at the kind of datd people are trying to find most of the time. We looked at questions like: How many hours does a person spend in a week looking for information? This gave us a fair idea of what the emplyees need. Using a single window, we wanted to give them small pieces of data that they seek from within the organization.

We wanted to create a platform that users can customise according to their needs.

And that's why we called it 'My World.' I chose iGoogle as a design framework for this project. We ‘widgetized’ every application. Users could also create new widgets according to their daily needs and build communities. Generally speaking, we don’t have this concept of self-building communities in any organization. I tried to do this in our company and I must say that incorporating this concept has provided the employees with more personal space in the workplace.

Take for example, the ‘My Network’ widget. Here, people can create their own network and upload pictures, clips and anything they want to share within the organization. This has brought people closer and created a community feeling. Going forward, it might lead to a signifi-cant reduction in attrition.

‘My Place’ widget is a document reposi-tory, which is completely password pro-tected. Now, we don’t send any status reports out, we just send a link to My Place.

The railway and airline widget — a widely used widget — enables people to check seat availability between a specified source and destination. All the informa-tion is gathered and reformatted from the railways or airline website on a periodic basis. This has helped people save a lot of time.

Beyond Your WorldWe now have a total of 200 widgets and dashboards and we have a small widget factory which also allows users to give



OntariO takestO theIT NexT LeveL


Ontario’s 13 million citizens get good service from the state via its IT infrastructure, but the local government wanted to do more. So it took a business approach to government IT. Here’s how. By DaviD Carey

Case Study (1).indd 38Case Study (1).indd 38Case Study (1).indd 38 8/28/2009 12:34:36 PM8/28/2009 12:34:36 PM8/28/2009 12:34:36 PM8/28/2009 12:34:36 PM8/28/2009 12:34:36 PM

Case File

As a result of the e-Ontario initiative, a common shared services organization now provides such things as hardware, networking, datacenters and telephone systems for all ministries. It operates on a charge-back basis, with no funding of its own, emulating an efficient, effective, private-sector model of recovery.

“Each of the clusters had their own infrastructures, and we centralized them into a single shared-services organization, moving about 800 people,” says Nicholl. “We consolidated our help desks and our desk-side support, as well as a vast number of different contracts we had for similar products across different clusters. We also consolidated all of our server support and that allowed us to move into virtualization in a big way, because all of a sudden those servers were owned and managed in one place.

I&IT moved very aggressively on its virtualization agenda. Over the last two-and-a-half years, over 1,000 servers have been removed from a total population of about 5,500 to 6,000, and there is a strong commitment towards continuing the trend.

The biggest challenge around virtualization has been moving from an “I own it” to an “I’m moving to shared services and I’m buying a service” model, according to Nicholl. “But we’re making great progress because people believe that the model works, and I think we’ve proven that it works.”

New Directions in ModernizationI&IT is building on its successes with a new strategic plan looking forward to 2013. This plan advances the agenda of modernizing I&IT and aligning it with business directions. One of the key goals is to deliver more reliable, cost-effective solutions.

An important activity for I&IT is the development of enterprise applications as opposed to point solutions. This is another means of significantly reducing costs.

“In areas like finance, for example, we have basically cleared the decks of the siloed systems that had been in government for years. We’ve now got a single ERP for government finances. The same thing is true for human resources — a single system,” says Nicholl. It doesn’t stop there. I&IT is now moving on to other areas of standardization, such as case management and registration systems.

Reader ROI:

how to run government itefficiently

Why it is a great place for shared services

the importance of taking a business approach

To say that David Nicholl has a lot on his plate as corporate CIO for the Government of Ontario is a considerable understatement.

Not only must the province’s I&IT organization support a large and complex

group of internal customers, it must also provide the operational underpinnings for a vast array of public services — everything from social assistance programs, to ServiceOntario, to online births, deaths and marriage registrations, to helping police catch the bad guys. All of this is done through a wide variety of technologies and business processes.

“We’ve spent the last two-and-a-half years developing the frameworks and the foundation that will enable us to build a world-class service organization within government,” says Nicholl. “Even though we currently have about 70 percent of government services online, we need to do more. Now we need to capitalize on all that groundwork by modernizing applications and driving service levels so that we can provide truly outstanding service to the citizens of Ontario and to the Ontario Public Service.”

A key area of focus for Nicholl is meeting internal client expectations — delivering what ministries need, when they need it, in the most effective and efficient way possible. “It’s really important to us that we drive the agenda for excellence in delivery of new and improved services to our ministries through application development and support,” says Nicholl. “So we’ve embraced enterprise architecture as the core foundation of all of our application development techniques and services.”

Wringing Out the CostsCost reduction has been a major focus for I&IT in the Ontario government, and this is an area which has met considerable success. In fact a major project called e-Ontario, launched in 2005, is now returning annual savings of $100 million (about Rs 500 crore), due largely to changes in the way infrastructure is being managed.

In Ontario, I&IT is organized around eight clusters of like ministries, each of which has three responsibilities. The first of these is application development and support around business solutions; the second is providing service management to the cluster’s business users; and the third is information management.Il

lU

St

ra

tIo

n b

y M

M S

ha

nIt

h


Case Study (1).indd 39Case Study (1).indd 39Case Study (1).indd 39Case Study (1).indd 39Case Study (1).indd 39

“For example, he says, “What we’re looking to do now is come up with a standardized solution to registration. No matter what the registration is for, we’re going to have a single way of doing it. By moving along that standardized continuum, we feel that we’re going to have a strong impact on time-to-delivery and meeting our clients’ expectations.”

I&IT is rolling out an enterprise standard for public-facing online authentication for services to businesses and citizens. An enterprise approach to online authentication will help reduce costs, the risk of duplication and security gaps, and accelerate application development.

Nicholl and the I&IT organization are also looking for a standardized solution to information management across the Ontario government. “E-mail boxes are the de facto document management system for most people, and the first step in getting some control over the business’s information is starting the cultural shift away from that,” says Nicholl. “We have to get people to think about the information they have and classify it in a way that will enable them to put it somewhere that makes sense. Today it all goes into a bucket in their e-mail and they spend a long time looking for old e-mails. We want to get beyond that — information management is the key to reducing our storage costs and improving our ability to access key business data.

Driving much of the change agenda is an aging application portfolio. Older applications are becoming harder and more expensive to support, and it’s getting more difficult to find people to do the work.

Secretary of the Cabinet Shelly Jamieson and the Government’s previous CIO and current Deputy Minister of Government Services, Ron McKerlie, understand the strategic importance of upgrading the Province’s applications. They are terrific champions for this application modernization process, according to Nicholl.

“We view this as being an incredible opportunity,” he says. “As we modernize chunks of applications we can make use of existing common applications, like a registration piece or a finance piece, and that will help us further our modernization agenda.”

Striving for Project ExcellenceIn such a large and complex IT environment, it is essential to execute projects as effectively and efficiently as possible. Towards that end, the I&IT organization has introduced project gating and regular quarterly report backs to ensure that projects are running properly, timelines are being met, budgets are in line, and that the right level of oversight and governance is in place. The organization has also successfully implemented a project management Centre of Excellence. Its responsibility is to drive the development and implementation of project

management and help project teams take on new techniques, methodologies and tools.

With enterprise-wide tools and process, all projects will be approached in a common way across all clusters and the infrastructure organization. That’s especially important because so many projects are now done for a cross-section of ministries, rather than a single ministry.

“We identified early on that project management was an area we wanted to really raise the bar on. It’s critical in moving our agenda forward and key to our success in modernizing both our infrastructure and our applications,” says Nicholl.

According to Nicholl, good governance has been an important factor in I&IT’s success in the Province.

At the top of the governance pyramid is the I&IT Deputies Committee (IITDC), co-chaired by Nicholl and the Ministry of Revenue Deputy Carol Layton. Composed of key Deputy Ministers from across the Ontario government, it provides strategic direction, ensures alignment of I&IT with government business directions, provides leadership in certain areas, and ensures that information technology is used to full effect in supporting public service transformation.

The governing body of the I&IT community is the Information Technology Executive Leadership Council (ITELC), chaired by Nicholl and comprising the CIOs of the various clusters, along with the corporate chiefs responsible for Infrastructure, Strategy, Technology, Information and Privacy and Security.

ITELC is an integral part of everything that the I&IT organization does. The governance group sits together

Case File

SNAPSHOT

Government of OntarioCAPITAL: toronto

POPuLATION: about 13 million

MINISTRIES: about 25


“It’s lIke any It organIzatIon anywhere. if you get out of step with what your business is doing, then you’re going to be in serious trouble because you won’t be delivering what they need in a timely and efficient manner.”

—David Nicholl, corporate CiO for the Government of Ontario

Case Study (1).indd 40 8/28/2009 12:34:37 PM

Case File

every two weeks as a board, managing the IT agenda across all of government. There are no areas that it does not represent. Meetings deal with a full agenda of items that are of both common interest as well as individual interest to each of the clusters.

“I’ve been sitting on ITELC since I first joined the government six-and-a-half years ago, and even then it was an extremely positive and progressive group of people who wanted to move the agenda forward,” says Nicholl. “To me, ITELC has been the key to what IT in the Ontario government has accomplished. It’s a focused team with strong connections to the ministries and an extraordinary sense of ownership of their business.”

Reporting to ITELC is the Solutions Directors Leadership Committee (SDLC), in which all of the business solutions directors, who work for the cluster CIOs, come together with their colleagues from corporate areas to discuss matters relating to their level of operations. ITELC delegates items to SDLC and receives reports from the committee on solutions issues.

On the service management side, the IT Service Management Leadership directors from the clusters and corporate areas meet to resolve issues, problems, solutions and develop new ideas. And again, the committee receives delegated items from ITELC and provides regular reports to the executive on service management issues.

“As and when we need to do certain things, we can have a group that will come in and report to us,” says Nicholl. “It may sound bureaucratic but it’s actually not that way at all.


It is a very high functioning way of focusing on issues and getting things done in the right way.”

A Place at the TableWhen asked what issue he might give top priority to, Nicholl says: “There are many things, but if I had to sum it all up, I’d say it’s ensuring that IT is closely coupled with our business as a contributor to our ministries’ strategies and directions. IT has to be at the table with the key people who are directing where those businesses are going. If we weren’t, it would give me cause for concern.”

“It’s like any IT organization anywhere. If you get out of step with what your business is doing, then you’re going to be in serious trouble because you won’t be delivering what they need in a timely and efficient manner”.

Says Nicholl, “We’ve built a firm foundation. Moving forward we are focusing on improving service levels — making services more accessible, reliable, and cost effective for our internal and external clients, and maturing the framework that we’ve established.”

Nicholl sums it all up by saying, “With one eye on stabilization, the other focus is on modernizing applications. Key to I&IT modernization will be working with our business partners to better meet business objectives. In the end, our goal is to be a service-centered organization. We are focusing on better delivering services internally to ministries, as well as externally, making it easier and simpler for to the citizens of Ontario to obtain government services”. CIO


of its government services are already online.

70%

shared servICesa shared services set up between

multiple ministries saves the state about

rs 500 crore a year.

standardIzatIonOntario does not develop point

solutions for each department. For example,

it created a single online authentication application for muliple citizen-facing processes.

an enterprIse approaChOntario treats government iT like

a business, which means it: Has a chargeback system

uses enterprise applications like ErP instead of government-typical point solutions.

vIrtualIzIng

1,000 serversof about

6,000 servers.

But the province wanted to Better. here’s how:

ontario’s newdirection

The local government of Canada’s second largest province took a multi-pronged approach to better the state’s IT. took a multi-pronged approach to better the state’s IT. took a multi-pronged approach to better the state’s IT

According to Moore’s Law transistor counts on integrated circuits will double every two years. Kryder’s Law states that disk capacity will double

every year and Butter's Law of Photonics maintains that optical fiber bandwidth doubles every nine months. But the corresponding growth in memory and disk access speeds sees only a few percent of increase every year. With this handicap, the challenge is turning data into knowledge, without which the question that is begging to be asked is: are we really creating business assets with the data we collect?

At a CIO roundtable on the subject S. Sridhar, head-IT, Corporate Enterprise Business, Voda-fone, maintained that in a telecom company, data is definitely an asset because retaining a customer is much cheaper than acquiring a new one. “With structured data available for analysis, it can be used to make many decisions. Once we applied a number of tools to find a correlation and draw inferences from seemingly disparate data, we have a completely different perspective. It’s given the strategy team a lot to think about,” he said.

It’s a point of view that Avinash Arora, director-IS, India & S.E. Asia, New Holland Fiat, stands by. In his opinion, the question of whether data — structured or not — has ever been anything but an asset has never arisen. He points to the way many old economy companies were run purely on data, working on what would today be called management information system — to the point where owners did not even visit their factories or offices. “Sure only 30 percent of data is structured, but a lot of decision-making processes still use unstructured data,” he said.

But with every department in every organization creating and storing reams of data, are companies today maintaining too much of it? And, if so, is there a case for chucking some of it away? Sumit Chowdhury, CIO, Reliance Communications, tends to agree with this hypothesis because he says that it is not clear what is to be done with a lot of the data corporations collect. He exemplified from personal experience. “I asked all my business people for five pieces of information they needed at 8 AM to take sound decisions. They don’t know which five!” he said.

With the amount of data organizations produce, clubbed with rising compliance, the question is: if we aren’t transforming data into intelligence, are we just asking for trouble? Should we then just stop collecting?

Is Data an Asset?

“Business is looking at an end result, not data as an element of information. It’s not easy for business to understand and structure it. That needs to be done by an IT person.” — N.Kailasanathan, CIO, Titan Industries

“Sure only 30 percent of data is structured, but a lot of decision-

making processes still use unstructured data.”

—Avinash AroraDirector-IS, India & S.E. Asia,

New Holland Fiat

CIO

dIs

Cu

ss

IOn

sP

ho

to

S b

y S

riv

at

Sa

Sh

an

dil

ya

vol/4 | iSSUE/204 2 S E p T E m b E r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Greenplum_01.indd 42 8/28/2009 12:32:10 PM

NOW ONLINE

For more presentation and opinions on the importance of data, log on to our companion website. Go to www.cio.in/leadership-summit c o.in

CIO

dIs

Cu

ss

IOn

s

Arora’s own experience differed. “A couple of years ago, when we integrated our messag-ing system with the ERP, everyday between 8.30 and 9AM, we made sure five or six data points were delivered to decision-makers on their mobile phones to allow them to work without opening their laptops.”

Your Data, My Responsibility If data is so important to the business, then why is classifying it almost always the responsibility of the IT department? N. Kailasanathan, CIO, Titan Industries, offered an answer. “Business is looking at an end result, not data as an element of information. It’s not easy for business to understand and structure it. That needs to be done by an IT person sitting next to them.” Yet, he admitted, this level of collaboration does not exist in most organizations.

Umesh Mehta, VP-IT, Asia Motor Works, agreed with the fact that it was up to IT departments to design a data struc-ture — according to the requirements given by the business. He presented another reason for this. While every other asset of the company has a measurable value data, he said, does not. It's possibly why “we don’t invest in data management,” he said.

Data GoldYet better data management is possibly what companies need if they want to be able to extract value from their data. It’s not something CIOs don’t know. How to get there, however, is another question. Every CIO has at least one memorable story of when they battled data silos and tried to create sense from almost nothing.

“We had a lot of islands when we started integrating our enterprise systems. We consolidated two customer databases into one. But during the integration, the biggest challenge was data quality. So we formed a dedicated team for data migration that attended to cleaning the data. It’s a massive exercise,” said V. Subramaniam, CIO (India & UAE), Otis Elevator Company.

When Sundaram Fasteners tried to get to the fabled ‘single version of the truth’ senior GM-business strategy & systemsS.Srinivasan recalled the grief. “The mandate before we got into ERP was to reach data consistency and data integrity. There were no hassles on the business side, but on the data side there were many. Today, there is no disagreement on any figure and that itself is a gigantic step.”

Another challenge is data visibility. “Where it came from, and what it translates to in business terms, that’s important,”

said S. Hariharan, Sr. VP, Infrastructure Solutions and Services Group, Oracle Finan-cial Services Software.

Which brings up the next problem with hoarding data: compliance. This is especially true for real-time, transactional data. Each industry has a different mandate for storing data; the fertilizer industry needs to have sub-sidy data ready, the telecom industry has to store customer information for seven years; and the automotive companies have to main-tain a decade of production data handy.

“Of late we are facing the challenge of accuracy,” said K. Prem Kumar, chief manager-IT, Zuari Industries. “We are an old plant so things are running on pneumatic control. But today the government has become very strict, if there is a question about why something was produced, we can face an uncomfortable situation.”

In Reliance Communications, Chowdhury is bound to maintain data for seven years and it consumes plenty of space. “We have a lot of micro transactions. Each call is a transaction and for each call we have roughly a kilobyte of data. We do about 2 billion CDRs everyday. A lot of it is free; I don’t even get revenue for it.”

Hariharan faced a similar situation. He shared how he had to once retrieve data that was fifteen-years-old from a floppy that was no longer readable. To which Sridhar from Vodafone added, “We don’t think of data only as an asset. Some part of our data has to be kept for compliance, we have no choice. We have 500-600 compliance requests across the country, asking at least for 300-400 KB of data.”

So how is a CIO to ensure that data is error free? Subra-maniam offered a solution. “We need to ensure the quality of real-time data. At Otis, we have a call-line which is automated real-time with real-time data quality checks. Users have been trained on accurate data entry and generating error-free reports. Then we follow the maker-and-checker system. By using a quality management principle, we minimize errors at the root.” CIO

Send feedback on this feature to [email protected]

brought to you by:

CIO Discussions

REAL CIO WORLD | S E p T E m b E r 1 , 2 0 0 9 4 3vol/4 | iSSUE/20

58%of CIOs

said that business intelligence would be a top technology priority in 2009.

Source: State of the CIO 2008

Optimizing IT operations to save money for the business is on top of every CIO’s agenda. While the worst of the slowdown might be behind us, there’s still a way to go

before businesses can heave a sigh of relief. And that means that IT still has to contribute its share towards cost cutting.

At a CIO roundtable on how optimizing IT could do just that, S.C. Mittal, senior executive director (management services and IT) at the Indian Farmers Fertiliser Cooperative (IFFCO), said that despite high employee productivity during the good times, he was seeing a drive to cut costs within the organization — and this applied to IT too. “We are conscious of this and we

are making efforts to optimize IT. Consolidation is one way. It improves system performance, allows for backups and disaster recovery, and saves costs like electricity and real estate,” he said.

T.G. Dhandapani, CIO, TVS Motors, added his inputs on consolidation, saying that of the eight group companies he is responsible for, three had datacenters which are now consolidated at one location. He said this move had helped tremendously with management and with costs. Uptime had increased and non-availability is

now measured in parts per million instead of percentages. The availability of IT services is now taken for granted, like power, and is no longer on the CIO’s agenda. But Dhandapani added that the contribution of IT towards cost savings by consolidating datacenters is “not that significant.” He agreed that there were savings but added that to the business these savings were marginal. He said that IT is expected to “help the business and, if required, invest more so that the business can save much more elsewhere.”

Virtualization and It’s Challenges With IT optimization on the agenda, the discussion quickly turned to virtualization. A quick show of hands demonstrated that most CIOs had implemented virtualization in some form or the other.

But T.P. Ananteswaran, head-IT, Mumbai International Airport, was not very supportive of virtualization, and stated his reasons: “We run mission-critical applications. Our business is not comfortable with the concept of running multiple applications off a single server. Even if we waste

Every CIO worth his salt sees the need to optimize IT operations. What isn’t as clear is how to tackle the challenges this entails.

Optimizing IT

“Our business is not comfortable with the concept of running multiple apps off a single server. Virtualization is for active directory or print servers, not for an airport management system.

—T.P. AnanteswaranHead-IT, Mumbai International Airport

“Optimization is a continuous process. It is an everyday

task and not something CIOs should only do to tackle

the slowdown.”

—Sudesh AgarwalVP-IT, Lifestyle International

CIO

dIs

Cu

ss

IOn

sP

hO

TO

s b

y s

rIv

aT

sa

sh

an

dIl

ya

vOl/4 | IssUE/204 4 s e P T e M b e r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Wipro_02.indd 44 8/28/2009 12:31:07 PM

NOW ONLINE

For more presentation and opinions on IT optimization, log on to our companion website. Go to www.cio.in/leadership-summit

c o.in

CIO

dIs

Cu

ss

IOn

s

CPU power, it is better to run applications on separate boxes because they are mission critical.” Virtualization, he said, was for active directory or print servers, not for an airport management system.

Amit Mukherjee, CIO, RPG Group, couldn’t agree more. In his opinion, CIOs should not take chances with customer-facing applications by virtualizing them. He said that if something failed, a CIO’s decision would haunt him when the business question his rationale for virtualizing a critical service.

S.S. Soni, executive director (IS), Indian Oil Corporation, took the middle ground and said that in his company virtualization was a “50-50”. By this he meant that mission critical applications and services had not been virtualized. The big question at this point was: why is it so difficult to convince business to put mission critical applications on a virtual server?

Soni said that it wasn’t the business’s fault. When virtualization becomes an IT decision, he said, and CIOs were convinced of the technology, the business would back them. “If we CIOs feel virtualization is the way to go for mission critical applications, the management will listen to IT’s advice.”

Echoing him was Sudhir Kumar Bahuguna, CIO, Reliance Gas Transportation Infrastructure, who strongly felt that CIOs themselves first needed to be convinced about virtualization. All management required was uptime, he said, just how that is achieved should be handled by IT. In his case, he said, he was shocked to see that process utilization for applications was between 1 and 23 percent.

Anantheswaran found it hard to agree with Soni and Bahuguna. “It is business need that drives virtualization and not IT,” he said.

Mukherjee said that the decision to virtualize also depends on the culture of an organization. He said that companies that are part of a larger group may not necessarily have to follow the same route the group follows.

Taking the optimization discussion beyond virtualization Sudesh Agarwal, VP-IT, Lifestyle International, said that the consolidation approach could also bear fruit. Besides virtualization, Agarwal had consolidated servers in various warehouses. From his experience, accessibility and the ease of maintenance were immediate benefits. He also said that “optimization is a continuous process. It is an everyday task and not something CIOs should only do to tackle the slowdown.”

At Indian Oil, Soni said that the group companies that were running different systems were all brought under SAP and this alone introduced a healthy dose of optimization.

But many on the roundtable agreed that optimization also involved the difficult task of challenging business requirements. That is the only way that projects, which were strictly not necessary, could be debated. “After a vendor makes presentations to the business, it finally comes to the CIO. At this point, the CIO should be able to say no if he feels the need to do so. At a time like this, CIOs should only cater to must-have requirements and make nice-to-have requirements wait,” says Bahuguna

What About Outsourcing? Outsourcing is another approach many CIOs take to cut costs. What isn’t always clear is just what services can be outsourced and what roles must be retained in-house. Mukherjee was convinced that “the operations people can be outsourced, but the critical applications people like architects should be retained.” Mukherjee, who also oversees his company’s supply-chain, brought an important perspective to the table. “Once you sit on the business side, the issues related to business are so huge that IT occupies only a small space of your radar. Most of the time, you are happy when IT delivers what it is supposed to,” he said.

Ranganathan Iyer, AVP-IT and CIO, JBML, had another tip for his peers. “CIOs should talk business and not technicalities when interacting with management. If CIOs are in a position to convert IT into a business scenario and present it, things should work fine,” he said.

What’s perhaps most important is to have the business believe in IT and look at it not merely as a support function, but as a business enabler. Once management sees the fruits of IT optimization, they will be more than willing to spend on IT. In the case of IFFCO, Mittal said, business is actually open to the idea of hiring IT personnel, while they were not doing so elsewhere in the organization. He said that this was because when IT introduced consolidation across departments the benefits were easy to see. CIO


CIO Discussions

brought to you by:

3rdthe

importanceCIOs gave to

controlling IT costs in a list of priorities

for 2009.source: state of the CIO 2008

REAL CIO WORLD | s e P T e M b e r 1 , 2 0 0 9 4 5vOl/4 | IssUE/20

If you are a bank or a credit card company and have ever lost customer information — even for accounts that are no longer valid — you know the impact it has on your

brand. This is what’s driving the concept behind identity crisis management, says Amit Sood, manager-enterprise risk services at Deloitte & Touche.

But in their eagerness to put up walls to protect data, most organizations find that they’ve hampered their employees from doing their work and ultimately their businesses. The battle is to strike a balance between protecting data and allowing access.

The problem is more palpable at the operations level. For instance, a BPO requires that sensitive data is shared even with new recruits. For a CIO, that thought can be scary. “We have very tight methodologies to prevent unauthorized access of information as well as unauthorized use of information,” said P.V. Ramadas, VP-technology, HCL Technologies, at a CIO roundtable organized to find out how Indian IT leaders tackle the information security challenge. “At the managerial level, we allow access only to a limited

number of shared files and folders, which automatically prevents them from using paper or documents. At the same time, different values are assigned to all information and ownership of these documents is strictly defined,” he said.

It’s About PeopleInevitably, most information security conversations boil down to managing staff and how cautiously each member of a team handles information. Many CIOs believe that of the three components to successful IT (people, process and technology) people is most critical — especially for security. “Security has nothing to do with the physical or technical control,” said Satish Das, CSO & director-ERM, Cognizant Technology Solutions. “It is about people’s behaviour.”

It is difficult, he said, to clearly ascertain whether it’s the new entrants or the older players who are more disciplined about security processes. The younger generation, in his opinion, though tech savvy, is more willing to share a physical document, whereas their older counterparts are more careful. “The online behavior of older staff members is clearly very

As the importance of information grows, so has its safety. A CIO roundtable on the challenges of ensuring data security re-opened an old truth: data security is about people.

People Power

“We send a very clear message to all members, whether they are the older or the younger generation: security policies are non-negotiable. This is a zero- tolerance zone.”

—V. SubramaniamCIO, Otis Elevator Company

“We started many surprise audits of potential risks of what can go wrong

within an organization, and began brainstorming sessions where staffers

could figure out other possible security lapses.”

—B.L.V. RaoVP, Infotech Enterprises

CIO

dIs

Cu

ss

IOn

sP

hO

tO

s b

y s

rIv

At

sA

sh

An

dIl

yA

vOl/4 | IssUE/204 6 s E P t E m b E r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Novell_03.indd 46 8/28/2009 12:27:45 PM

NOW ONLINE

For more presentation and opinions on information security, log on to our companion website. Go to www.cio.in/leadership-summit

c o.in

CIO

dIs

Cu

ss

IOn

s

different from the younger ones. So, there are a completely different set of controls that one needs to put in place for each. Controls have to be segregated,” said Das.

But Das also knows that controls are not the silver bullet that eliminate data security challenges. “Controls will be broken, we have to accept that. The way out is to create an increased awareness; and remember: keep your instructions simple.” It’s advice he has been following. In the last month, Das has been working on a campaign to teach senior executives to create stronger passwords. Though, the exercise runs the risk of being perceived lightly, maintaining strong passwords and employing strategies like constantly changing them are an important tool for data protection, he said. It’s also a way to change people’s behaviour.

It’s an approach many organizations are now taking, albeit at varying degrees. “We use an application called PCR,” said V. Subramaniam, CIO, Otis Elevator Company. “It involves the creation of a process, making people aware of it and then training them to use it. It is a continuous process. We introduce new recruits to it and make them aware of our security policies. This is then reviewed over time,” he said.

He also suggested systems to support these security operations. IT leaders, he said, can build a common security module based on .Net, and also incorporate many security parameters like standard passwords, single sign-offs, a locking mechanism after three attempts of logging in and so on.

Physical InformationWhat really bothers Subramaniam, however, is the lack of integration between physical and digital data security. And his worry reflects a real world problem CIOs have to deal with: Forget digital, plenty of data can leave an organization in a physical form. Participants at the roundtable repeatedly voiced their concerns over the challenge. They also shared some measures that they were taking to ensure that hard copies are not used carelessly. One CIO said he used colored printers specifically for documents that are important, and guards at the gate check staff bags for any signs of colored paper.

When documents need to be discarded, shredders are used to completely destroy it. Some companies are even limiting the use of printers. “The KPO business has additional constraints like staff not being allowed to carry in their bags. They have to keep them in lockers within the office premises,” said R.Muralidharan,

CIO, Syntel. But even with these processes in place, it’s easy for employees to let their guard down in the rush of their daily routines. It’s a fact CIOs are aware of and some have taken steps to ensure complacency is kept at bay. “We started many surprise audits of potential risks of what can go wrong within an organization, and began brainstorming sessions where staffers could figure out other possible security lapses,” said B.L.V. Rao, VP, Infotech Enterprises.

Manoj Shrivastava, VP-group IT, Reliance ADA Group, reiterated that in certain sectors

such as telecom, besides customer’s information security, there is also the business risk of not following process discipline. This could lead to security breaches, intentional or unintentional. “We are working on various security initiatives, including increasing the sense of an employee’s belonging to the company. It’s a softer issue, but it’s preventive,” he said.

Customer security issues hold far more importance especially in an e-commerce company, where transactions take place often and customer information is available online. In his business, every transaction has a legal consequence, said Ankur Basu, head technology, Mjunction Services. “Data security is on the top of the list of our priorities,” he said.

He offered his peers an innovative solution to track physical documents with the help of IP-based reporting. Each IP is mapped to a business unit head, and this number is lined to the balance core card parameter. Thus the amount of visibility is very high. Digital signatures is another option, he said.

Recapping the general feeling that data security challenges cannot be solved solely by technology, other CIOs at the roundtable said that trusting an organization's employees was important. In all their attempts to deflect security challenges, CIOs must not forget that by imbibing certain values in their employees, they stand a better chance of defeating the problem. It’s an idea Das shared. “Security is a factor of an organization’s culture,” he said. CIO


CIO Discussions

brought to you by:

REAL CIO WORLD | s E P t E m b E r 1 , 2 0 0 9 4 7vOl/4 | IssUE/20

87%of CIOs

report that current and former employees, and contractors were

responsible for data breaches.

source: Indian Information security survey

th

e c

io e

xe

cu

tiv

e c

ou

nc

il A Matter of Security

l e v e r ag i n g t h e u p t u r n

ideas & insights from the cio Leadership counciL

the results of the Indian Information Security Survey 2009are out, and things do not look very bright. For one, the survey suggests that security threats still loom large over enterprises. What is more disturbing is that a large percentage of IT leaders are not aware of what’s really happening with security. Eighteen percent of respondents, according to the survey, didn’t know how many security breaches their organizations had been subjected to last year, and as many as 31 percent didn’t know the amount of financial loss they suffered as a result of breaches.

They Don’t Want to Talk About ItFor most enterprises, security is a sensitive topic. Satish Das, CSO & director-ERM, Cognizant Technology Solutions, says, "I don’t agree that enterprises don’t know where breaches are occurring. I do believe that they would rather not talk about them.” More often than not security breaches are detected, he believes, but enterprises choose not to report them. “It really depends on the culture and the value system of a company,” he says.

His views find resonance in S. Hariharan, senior VP-Infrastructure Solutions & Services Group, Oracle Financial Services. “Even when breaches do occur, we are likely to underplay them, because it compromises our brand,” says Hariharan.

It's hard to disagree with him. The survey reveals that 32 percent believe that a stained reputation is the biggest loss as a result of a breach.

Like everything else, security too comes with a price tag. And with the economic depression looming large over organizations, they are less inclined to invest in security. Today, 84 percent of security professionals report that slowdown induced cost cutting has made security harder to do. Many sectors, especially banks are increasingly outsourcing some of their security functions.

Keep It SimpleThere seems to be general consensus that security policies are lengthy and vague, making them altogether ineffective. “Practically no one reads security documents,” says Hariharan.

R.Muralidharan, CIO, Syntel, reiterates the point. “Security documents use too much jargon and terminology. This confuses people. Yet, making employees sign a security document is still the most prevalent and popular security practice in place."

Das of Cognizant backs up this theory. "It is generally agreed that legal documents need to be cut down to size. “The aim should be to achieve a one-page security policy.”

Some CIOs have found a way to make it work. Avinash Arora, director-IS, India & South East Asia, New Holland Fiat, shares an interesting idea from personal experience at his organization. “Our code of conduct document is Web-based. It takes about 10 minutes to go through it. After reading it, each employee has to answer a set of questions based on the

[one Liner]

31%The number of CIOs

who were unaware of the amount of financial loss they suffered because of

security breaches. Source: Indian Information Security Survey 2009

“Our code of conduct document is Web-based and takes about 10 minutes to go through. After reading it, each employee has to answer a set of questions based on the document. Only when they have got all the answers right can employees register.”—AvinAsh ArorA, Director-is, inDiA & south eAst AsiA, new hollAnD FiAt


The CIO Leadership Council is a professional organization for CIOs founded by CIO India. To learn more about the council, contact program director Alok Anand at [email protected] India. To learn more about the council, contact program director Alok Anand at [email protected]

th

e c

io e

xe

cu

tiv

e c

ou

nc

il

document. Only when they have got a 100 percent of the answers right can employees register."

But, is there something fundamentally wrong with the way enterprises approach security? “We’ve noticed that the more restrictive the security policy is, the more curiosity it creates. In the last couple of years, we have actually relaxed security and adopted a more lenient stance with our employees. They are allowed greater freedom, but at the same time, they have to bear in mind the consequences of their actions,” says Hariharan.

Building TrustIT leaders agree that there is a strong co-relation between employee behavior and how comfortable they feel in their work atmosphere. According to Syntel’s Muralidharan, “establishing trust is the most important step. One should rely on human psychology to create responsible behavior such that each person feels a sense of accountability for his or her actions.”

Muralidharan extended his arguments saying that even contractors should be treated like employees to help them develop a sense of belonging to the company. Hariharan, however, disagrees. He advocates a stricter set of rules for contractual employees and a more relaxed one for permanent employees. Nevertheless, both agree that security regulations need to be updated more regularly, incorporating the changes in the environment. “People are constantly devising new and innovative policies to outsmart security,” says Hariharan.

Crack the Whip or Go Easy?Given how expensive it is to implement security, the use of policy seems like the only way forward. But CIOs agree that these are hard to enforce. Sumit Dutta Chowdhury, CIO, Reliance Communications, says he has the answer to the problem. “None of these security measures can deter a person who is determined to play the bad guy. The only way is to make employees personally and financially liable. Make contractual or legal documents ominous.” Das, however, disagrees with this approach saying that civil liberties will interfere with making people personally liable.

S. Srinivasan, senior GM-business strategy & systems, Sundaram Fasteners, has started a unique and proactive practice at his organization. He sends e-mails to his employee’s stating: I am reading your e-mails and I can track your Web browsing. He does this because he says that "unless deterrents are demonstrable, they won’t have the desired effect. In most security measures the demonstrative action is missing.”

Two distinct schools of thought emerge when it comees to the enterprise’s attitude toward security. The first opts for an offensive security approach. “We need to take a more pro-active approach, if we want to mitigate threats," says Chowdhury. "We need to be on the offensive and not defensive.” Hariharan, on the other hand, believes in more informal ways of communicating. “We have organized road shows to communicate and remind employees of the consequences of their action in a less threatening way,” he says. CIO

varsha varsha v chidambaram is trainee journalist. send feedback to [email protected]

What’s wrong with today's security policies?

Enterprises have good policies but what really matters is their effective implementation. Organizations need to get closer to their people and create a sense of accountability and responsibility in them. This should help tackle security issues.

R. Muralidharan CIO, Syntel

Policy has to be defined to the people at the junior most level. It should address the concerns of customers, employees and stakeholders. It needs to bring out what can go wrong and how the organization will be impacted because of a breach, Also, policies need to change with time because we live in a dynamic environment.

Satish DasCSO & Director-ERM, Cognizant

Technology Solutions

S. HariharanSr. VP-

Infrastructure Solutions &

Services Group, Oracle Financial

Services

Security policies are explained to recruits when they join and

are soon forgotten. We need to remind them by way of street

plays and spot questions. Also, when a breach occurs, instead

of keeping it hush-hush, we should be open about it and

ensure that the culprits are punished.

forum l e v e r ag i n g t h e u p t u r n

How are you reacting to the slump? Write in to [email protected] with your thoughts.

Ph

ot

oS

by

Sr

IVA

tS

A S

hA

nd

Ily

A


Forum.indd 49Forum.indd 49Forum.indd 49

Various leaders from the financial sector

came together to evaluate how

effectively IT tools and technologies

can be used to make the best of the

economic upturn.

fit for theupswing

EVEnT REPORT

InformatIon Is one of the most valuable assets an organization can boast of and it can help the enterprise gain competitive advantage over others. In the financial sector, information is the key to generate and sustain business. More and more organizations are now using tools like BI, information tracking, analysis, and performance management to make the best of the economic incline. At the forum of CIOs, organized by SAP Business Objects, various organizational heads exchanged their experiences and best practices.

Talking about some of the initiatives taken to identify and simplify processes in his organization, Joydeep Dutta, CTO, ICICI Securities, said, “We have dismantled all the departmental MIS teams by using BI tools. We have completely scheduled and automated our reports and have a dissemination mechanism for all reports that run through schedulers.” In stark contrast, P.A. Kalyanasundar, GM, Bank of India, mentioned, “We have some legacy data, but we are able to do statistical reporting with it. However, we need to deal with data enrichment and updation." Continuing the discussion

Presenting Partner

on implementation of BI and information tools, Sanjay Deshmukh, VP- business unit, SAP Business Objects, said that enterprise applications could improve business efficiency. He added, “We are empowering employees to obtain information from existing data resources, without any IT support.”

Echoing the same thoughts, Sundaram Krishnan, Head – IT, Universal Sompo General Insurance, said, “With BI efficiency can be increased by enabling users to work with user-friendly analytical tools.”

Countering the popular usage of spreadsheets, Bharat Rele, Director - Solution Engineering, SAP India pointed out that, Excel-like front-end tools allow easy manipulation of data and that this could be avoided by analyzing and creating a single business and database vocabulary for everyone in an organization and thus help build greater visibility. Giving his views on the usage of data processing tools, K.R. Bhat, GM – Department of IT, nABARD, said, “We should not overrate the pros and cons of any data processing tool. Instead, the focus should be on retaining the integrity and granularity of data.” Citing an example of data management in the mutual fund industry, Srinibash Sahoo, Senior VP – Technology, DSP BlackRock Investment Managers, said, “In this segment, one can’t have an integrated platform for all processes and data. Thus, we have reconciled our processes by automating them.”

Of course, most companies where business processes have been automated or BI analytics tools have been implemented would have required a strong consent from the top management. Seconding this view, Harnath Babu, Senior VP – IT, Star Union Dai-Ichi Life Insurance Company said, “We need to know the end user’s requirements and convey them to the top management.” Security and reliability of

EVEnT REPORT

corporate data is also a matter of concern for most companies. Citing the case of his company, in the context of risks and legal compliance, Sandeep Phanasgaonkar, President and CTO, Reliance Capital, said, “We have taken steps to manage risks and BI has helped us with that. This influences the way investors, shareholders, customers and the regulators look at us, because sanctity of financial data is important.”

As businesses grow they witness data explosion, necessitating data structuring and management. Large unstructured data flowing in and out of organizations, according to Deshmukh, does not allow proper utilization of information.

Summing up the role of analytics systems and performance tools in benefiting businesses in the recovery phase, Phanasgaonkar said, “Analytics has become an important feature in terms of understanding and processing of data. The next thing is forecasting, which builds up on analytics and allows you to create business models. We have started focusing on retention of customers and profitable customer segments, and BI is going to help us progress in this direction.”

sanjay deshmukhVP - Business Unit, SAP Business Objects

“We are empowering employees to obtain information from

existing data resources, without any IT support.”

“Analytics is an important feature in understanding

and processing of data. the next is forecasting.“

sandeep phanasgaonkarPresident and CTO, Reliance Capital

“while processing data, the focus should be on retaining the integrity

and granularity of data.“

k.r. BhatGM, Department of IT, NABARD

“we have a control mechanism in place for

monitoring the flow of data across the organization.“

p.a. kalyanasundarGM, Bank of India

“we have completely scheduled and automated

our reports with the use of Bi tools.“

joydeep duttaCTO, ICICI Securities

From leFt: Bharat rele, Director - Solution Engineering, SAP India, sriniBash sahoo,Senior VP - Technology, DSP BlackRock Investment Managers, harnath BaBu, Senior VP – IT, Star Union Dai-Ichi Life Insurance Company, sundaram krishnan, Head – IT, Universal Sompo General Insurance.

Performance management | At the 600-bed Maine Medical Center, information comes pouring in faster than ambulances rushing in with the wounded — or at least it can seem that way. Hospital officials felt they needed a more efficient way to gauge their performance in areas including clinical outcome, patient satisfaction, doctor performance and safety, and then coordinate all of the data and make it available 24/7.

"We had PowerPoints, paper, Excel worksheets, and nothing was standardized," explains Peter Chingos, data analysis manager at the medical center. Executives wanted to centralize that information and get data to senior-level administrators in a standardized way so it had the same look and feel, he says. The idea of creating balanced scorecards was tossed around, and, after observing an implementation at Boston's Brigham & Women's Hospital, Maine Medical Center decided to deploy Strategic Performance Management software from SAS.

Scorecards let you get to the root of a performance

problem and quickly see how

you're doing in key areas by linking

application data with financial or other business

objectives.

technologyEssEntial From InceptIon to ImplementatIon — I.t. that matters

Better Performance with ScorecardsBy EsthEr shEin

Ill

uS

tr

at

Ion

by

MM

Sh

an

Ith

Vol/4 | ISSuE/205 2 s E p t E m B E r 1 , 2 0 0 9 | REAL CIO WORLD

Essentisl Tec (1).indd 52 8/28/2009 12:21:52 PM

$2.7 billion

the size of the app

performance management

software market

by 2013.source: Forrester

technology The hospital has created dozens of scorecards. Among the metrics: how often staffers wash their hands and whether a patient with both congestive heart failure and pneumonia is offered a flu vaccination. The scorecards allow hospital staffers to see how these changes — compliance with best practices, process redesign and team building — affect patient care and the hospital's finances. By checking progress on the intranet, staff members can see how their groups are doing on a monthly basis.

Today there are between 50 and 60 scorecards in use, each with some 25 metrics that give the ability to do subsequent drilldown to get charts, graphs and tables that provide more granular information, says Chingos. The hospital selects measures where improvement is needed, which makes the scorecards a tool for focusing employees on top priorities.

Maine Medical's leadership identifies these measures each year to reflect the hospital's quality- and safety-related strategic priorities. The current batch shows a focus on internal policies as well as regulatory issues, Chingos says.

It's an up-and-coming area. Business intelligence is scorecards' "parent on the

software evolutionary tree," notes Ezra Gottheil, an analyst at Technology Business Research. Performance management software is a refinement and a refocusing of business intelligence data so it is now matched up with goals and budgets, he adds.

Companies are using this approach to refine or outright change their current methods for measuring performance. Another way to use the technique is if the competition is gaining market share and they want to figure out what to do about it, Gottheil says.

Digging DeepOfficials at Trican Well Service, an oil and gas well servicing company, found they were spending way too much time organizing and analyzing financial data and then getting the information into a forecasting model for each of the company's worldwide geographic regions. All told, some 80 percent of the time used for financial data was spent organizing the information, and 20 percent was spent on analysis.

"The immediate problem was replacing" the old budget-forecasting tool — Pillar from Hyperion — with something that would allow Trican to get information out quickly to the regions, says Randal Wichuk, director of finance corporate development.

Executives wanted the different regions to take ownership of their financial performance so they could maximize profitability by looking at how to increase sales and decrease costs in each geographic location, Wichuk says.

After looking at performance management software from Cognos and SAS, Trican chose Hyperion's Performance Management Software and implemented it in September 2007. The software lets finance officials enter

the data and run multiple scenarios to do very quick what-if analyses, Wichuk says.

He estimates that the tool has saved a minimum of six days each month in terms of loading data into the models and then doing the actual forecasting.

Keeping ScoreNow, Wichuk says, "what we're doing is measuring our key performance indicators." The software lets Trican analyze the data in multiple ways and drill down to the root cause of most issues.

One recent example: the ability to identify an area of the operation where sales were lower than expected. Once staffers drilled down further into the data, they discovered the company was losing market share in that region because salespeople weren't targeting the right customers, Wichuk says. Trican adjusted its prices for the region, "which helped us increase market share and revenues."

The real value of the software is its ability to see data in real time and conduct analyses, Wichuk says. "You're not gaining a value-add in terms of organizing the data; it's in terms of analyzing it to make quicker decisions" and react more quickly to the market."

Maine Medical's Chingos says the use of the balanced scorecards is voluntary, but in some areas, the metrics have been very high profile and have helped move the hospital in a more positive direction. For example, the hospital has a medication reconciliation metric that tells officials whether hospital staffers are comparing the medications a patient was on when he or she arrived to the medications that were prescribed during their stay.

ESSEntIal technology

Scorecards allow you to see how changes — compliance with best practices, process redesign and team building — can affect your finances.

REAL CIO WORLD | s E p t E m B E r 1 , 2 0 0 9 5 3Vol/4 | ISSuE/20


"It's a step that would sometimes get done, but not always get documented well," Chingos says. Officials started measuring medication reconciliation about two years ago, and the results were "abysmal." It was in the 40 percent range, but using the scorecard to broadcast the issue has helped raise the number to the 90 percent range.

"The scorecard didn't do it per se; people did," notes Chingos — but the scorecard helped staffers track that metric "every step of the way, and that motivated people." The biggest surprise for Chingos has been his end users' appetite for producing data in a more streamlined way, and there is a waiting list for other clinical areas such as the newborn nursery, the digestive disorder program, neurosciences and radiology that want to use scorecards. "It's driven demand beyond my expectations, and the demand for data in health care right now is huge. We're lucky

and happy we have a tool that allows us to satisfy that demand."

How Other IT Metrics Fit InIn the purest sense, measuring Web site performance and availability may not relate directly to the notion of performance scorecards. Yet it does fall under the umbrella of trying to find the root cause of poor performance — something that enterprises certainly measure and track. The New York Office of Temporary Disability Assistance (OTDA), for example, is in the midst of a year-long program to provide better services and assistance for families in need.

As such, the OTDA developed a Web site, www.mybenefits.ny.gov, that allows clients to look for services related to nutrition, federal/state health insurance coverage and other forms of help. These constitute the services and money that people need when they're on disability, to pay for food, fuel and

other essentials. "So there's a pretty high level of expectation around performance and availability because people's livelihood depends on the use of these applications," says CIO Daniel Chan.

The OTDA wanted to measure all of the activity coming in to its Web servers and then conduct different levels of analysis on how the public is using different applications, says Dan Donnelly, an OTDA consultant. The agency chose Transaction Performance Management from Precise, which enables IT officials to manage the availability and response time of some 27 internally developed applications.

"We'd like [users] to be able to complete a transaction in less than 15 minutes, and we're trying to understand how long it takes them," says Chan. The software also gives IT information about user behavior and demographics, so the Web site can be

changed to allow users to find what they want more quickly. "Another component is making sure the Web site continues to be available and performing 24x7 and the response time has to be really in less than one second," Chan explains.

The Precise software lets officials proactively monitor the Web site throughout the day so they can detect problems before they occur. For example, last December the OTDA had a problem with one of its redundant servers crashing. That server could not recover cleanly, although it appeared to, which put both Web servers in danger of failing. The Precise software discovered the situation and allowed IT to do a controlled restart of the failed app server and both Web servers, completing everything without user outages. "As long as we could identify that the service was hung up within 24 hours, we could recover the system without having an outage," Donnelly says.

If an outage occurred, Chan explains, users would be forced to call the help desk at a cost of $25 (about Rs 1,250) per call. The myBenefits site receives an average of 25,000 hits a month, and Chan estimates that without the Precision tool, some 10 percent of users would call the help desk. Since much of the site's activity occurs on the weekends, if a server goes down on a Friday, it has the potential to be down all weekend, causing additional strain on the backup server, adds Donnelly.

"Performance management is about trying to find the root cause of poor performance, such as availability of a Web site or response time," observes Jean-Pierre Garbani, a vice president at Forrester Research. If IT develops an application that is supposed to have a response time of less than three seconds and an availability of 99.9 percent, and the level of performance is breached, performance management helps get to the root of the problem, says Garbani.

The concept is broader than application performance management, however, which delves into code and bandwidth issues. It can also focus on capacity planning, to determine whether the available capacity of servers and storage is being exceeded. "The trend is to bring all of that together into a single dashboard," says Garbani.

Forrester projects that the application performance management software market will reach $2.7 billion (about Rs 13,500 crore) a year by 2013, and Garbani calls it one of the fastest growing segments of IT management. While performance management issues are nothing new, they have become more complex as applications have grown exponentially in size, he says.

Adds Chan, "Until we had these tools it was difficult to have meaningful dialogue about issues because without data we had a tendency to do a lot of finger pointing about a problem in IT," since the datacenter is managed by another state agency. "Without tools we wouldn't be able to keep applications up." CIO

Esther shein is a freelance writer and editor. send

feedback on this feature to [email protected]

ESSEntIal technology

Performance management is about trying to find the root cause of poor performance — even the availability of a Web site or response time.

Vol/4 | ISSuE/205 4 s E p t E m B E r 1 , 2 0 0 9 | REAL CIO WORLD


Pundit

Cloud Computing | Implementers of virtualization found that the key bottleneck to virtual machine density is memory capacity; now there's a whole new slew of servers coming out with much larger memory footprints.

For cloud computing, bandwidth to and from the cloud is a bottleneck. Some apps use or generate very large amounts of data, and users may find that there's just not sufficient bandwidth to shove data through. A term often used for this is ‘skinny straw’

inspired by the frustration one experiences when trying to suck an extra-thick milkshake through a common beverage straw.

This problem is only going to get more difficult. The excellent UC Berkeley RAD Lab Report on Cloud Computing noted that price/performance of network capacity lags that of both compute and storage, indicating that this will be an issue well into the future. On the other hand, this is a price/performance issue, which is to say another way it could be addressed is to drop pricing of transit bandwidth through making more available.

As a cloud user, the fact that network traffic is becoming a far larger part of application deployment will affect cloud

computing applications and architectures for the foreseeable future. This is going to be a tricky topic because, as noted earlier, as bottlenecks are addressed, they shift. With respect to cloud bandwidth, one can expect that the bottleneck will be gradually and incrementally relieved, meaning that assumptions about network cost and availability will need rethinking every six months or so.

So, what should you do to address the skinny straw issue?

Evaluate and price application data transfer needs: Obviously, the foundation of dealing with the skinny straw is to evaluate how much data you're likely to transfer because cloud providers typically charge a network traffic fee based on volume. Furthermore, because application use changes over time (which is one of the reasons the scalability of the cloud is so desirable), remember to incorporate projections of data use into the evaluation.

Another aspect to evaluate is the variability of data transfer. Some applications, particularly those associated with analytics, have large load early in the life of the application, when ETL is performed;

subsequently, there is little data transfer. The download portion of an analytic is typically reports or aggregated data structures, which may not be that expensive.

Evaluate application architecture and consider application partitioning: An application may have sections that transfer lots of data and other sections that do not. It may make sense to partition the application so that data transfer-heavy portions reside where data transfer is cheap (i.e., an internal datacenter or a hosting provider), while

other portions reside with a cloud provider. However, careful evaluation is important because one might run into unexpected surges in data volume causing increased costs. The thing you want to avoid is to end up with an application where part of it resides in an external cloud and has high data traffic along with low latency requirements — that's a recipe for high costs and poor performance.

For more ways on dealing with the skinny straw, read Golden’s column in the next issue. CIO

Bernard Golden is CEO of a firm which specializes in

virtualization, cloud computing and related issues. Send

feedback on this column to [email protected]

You want to avoid ending up with an application which partly resides on an external cloud and has high data traffic along with low latency requirements.

essential technology

The Skinny Straw if you’ve ever sucked on extra-thick milkshake through a common straw you know the frustration bandwidth will create for cloud computing. By BErnard GOldEn

Vol/4 | issUe/205 6 S E p t E m B E r 1 , 2 0 0 9 | REAL CIO WORLD

ET-Pundit.indd 56 8/28/2009 12:18:37 PM

cio september 1 2009 issue

Documents

stern looking cbi officer

gun supplier

burdenwhy egovernance

cloud computing myths

governance controls

shooting case

real cio worldcontent

cio leadership summit