At the Heart of Collboration

What began as a small collaboration effort in M&M has now become a launch pad for innovationsacross the group| PAGE 20

A 9.9 Media Publication

AT

TH

E H

EA

RT

OF

CO

LL

AB

OR

AT

ION

| AU

TO

MA

TIO

N IM

PE

RA

TIV

E | N

OT

IGN

OR

ING

TH

E B

AS

IC N

OR

MS

Volume 05 | Issue 10

January | 07 | 2010 | Rs.50Volume 05 | Issue 10

CollaborationAT THE

CollaborationAT THEHEARTollaboration

AT THE

ollaborationAT THEHEARTHEARTHEARTOF

A QUESTION OF ANSWERS

Not ignoring

basic security normsPAGE 12

Adopting

automationimperativePAGE 16

BEST OF BREED

Beyond the BASICSPAGE 04

I BELIEVEI BELIEVEI BELIEVE

Technology for Growth and Governance

CT

O

FO

RU

M

editorialRahul Neel MaNi | [email protected]

2thectoforum.com 07 JANUARY 2010 cto forum

Think outside the mailbox: Harness the

modern-day technologies to foster innovation

It is believed that the 21st century corporation will not win unless

it excels in collaboration – the ‘C’ word is becoming the universal recipe for success. The focus so far has been on the strategy of collabo-ration, the technology to collaborate seamlessly, and to ensure that it happens in a secure manner. More-over, it is about collaborating with the ‘external’ world – the multitude of a corporation’s stakeholders...

What seems to escape the corpo-rate radar is the potential benefit of ‘internal’ collaboration. Organisa-

paid to the ‘internal’ community. Even those who contemplate

greater internal collaboration, have limited their efforts to conventional uses – specifically, emails. But this brings in uncomfortable degrees of accountability and transparency. And can compromise the privacy of employees. So the baby gets thrown out with the bathwater...

If we push ourselves to think beyond, then the advantages of internal collaboration with tools beyond email become more than obvious. The immediate benefits are enhanced productivity and effectiveness of work groups; fast-er delivery of information; reduced response times; and the list goes on. The intangible advantages are as – if not more – important.

For example, an open and con-nected culture could become a reality within reach if collaborative techniques are deployed internally. Enhanced teamwork and ‘collec-

tions can achieve greater transpar-ency, participation, productivity and accountability – by simply being more collaborative within.

Then why aren’t we? I believe it is because most enter-

prises are externally focused to start with. The obvious advantages of being connected with those outside your company are over-whelming - kudos for cutting-edge technology solutions, the glamour and recognition, and of course, the real dollars to save and spend – dwarf any attention that could be

tive wisdom’ begin coming to the fore. A short movie I saw recently on the world-renowned innova-tion company, IDEO, brought home the point, once again, that there is substantial value to be cap-tured internally...

With this in the background, we looked for some pioneers using collaboration as a tool to foster within the enterprise. This issue’s cover story depicts how Mahindra & Mahindra (M&M) uses 'One Mahindra' portal to collaborate, ideate and innovate across geog-raphies. It is a great testimonial of how modern-day technologies like Web 2.0 and Unified Communica-tions (UC) can help the employees across the company in connecting with each other for personal and professional excellence.

editors pick20 At the Heart of

CollaborationWhat began as a small collaboration effort within Mahindra & Mahindra has now evolved into a full-fledged launch-pad for innovations across the group.

2 07 JANUARY 2010 thectoforum.comCTOFORUM

JANUARY10VO

LUM

N 0

5 |

ISS

UE

10

CTOFORUM

CO

VE

R D

ESI

GN

: B

INES

H S

REE

DH

AR

AN

PH

OTO

BY

JIT

EN G

AN

DH

I

COVER STORY

20 | At the Heartof Collaboration What began as a small collaboration effort within Mahindra & Mahindra has now evolved into a full-fledged launch-pad for innovations across the group.

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o K.P.T House, Plot Printed at Silverpoint Press Pvt. Ltd. TTC Ind. Area, Plot No. A-403, MIDC Mahape, Navi Mumbai 400709

COLUMN4 | I BELIEVE:BEYOND THE BASICS A CIO has to make an impact and deliver significant value to business. BY S.R. BALASUBRAMANIAN

52 | VIEW POINT: MAKING TECHNOLOGY WORK. It's peope-centric pro-cesses that often fail the technologyBY DYLAN PERSAUD

FEATURES16 | BEST OF BREED: AUTOMATION IMPERATIVE The adoption of automation will de-pend on which side of the data centre you are sitting.

20

CO NTE NT S THECTOFORUM.COM

20 | At the Heart20 | At the Heart

“The Mahindra One portal offers ease of use to employees across the enterprise and helps in sharing ideas instantly”

—Vijay Mahajan

“Unified Communications has been embraced by all M&M employees and

has become a part of the group’s business culture”

—Aravind Tawde

3thectoforum.com 07 JANUARY 2010CTOFORUM

JANUARY10

A QUESTION OF ANSWERS

12 | Stop Ignoring The Basic NormsBanks in India need to instill confidence amongst users when it comes to online banking says Govind Rammurthy, MD and CEO, eScan.

VOLUME 05 | ISSUE 10 | 07 JANUARY 2010

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das Mathur

EDITORIALEditor: Rahul Neel Mani

Resident Editor (West & South): Ashwani MishraSr. Assistant Editor: Gyana Ranjan Swain

Consulting Editor: Shubhendu ParthPrincipal Correspondent: Vinita Gupta

Sr. Correspondent: Jatinder SinghCorrespondent: Sana Khan

DESIGNSr. Creative Director: Jayan K Narayanan

Art Director: Binesh Sreedharan Associate Art Director: Anil VK

Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha

Sr. Designers: Prasanth TR & Anil T Photographer: Jiten Gandhi

ADVISORY PANELAjay Kumar Dhir, CIO, JSL Limired

Anil Garg, CIO, DaburDavid Briskman, CIO, Ranbaxy

Mani Mulki, VP-IS, Godrej IndustriesManish Gupta, Director, Enterprise Solutions AMEA, PepsiCo

India Foods & Beverages, PepsiCoRaghu Raman, CEO, National Intelligence Grid, Govt. of India

S R Mallela, Former CTO, AFLSantrupt Misra, Director, Aditya Birla Group

Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices

Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

Vijay Mehra, Executive VP, Global Head-Industry Verticals, Patni

SALES & MARKETINGVP Sales & Marketing: Naveen Chand SinghNational Manager Online Sales: Nitin Walia

National Manager-Events and Special Projects: Mahantesh Godi (09880436623)Product Manager – Rachit Kinger

Asst. Brand Manager: Arpita GanguliCo-ordinator-MIS & Scheduling: Aatish Mohite

Bangalore & Chennai: Vinodh K (09740714817)Delhi: Pranav Saran (09312685289)

Kolkata: Jayanta Bhattacharya (09331829284)Mumbai: Sachin Mhashilkar (09920348755)

PRODUCTION & LOGISTICSSr. GM. Operations: Shivshankar M Hiremath

Production Executive: Vilas MhatreLogistics: MP Singh, Mohd. Ansari,

Shashi Shekhar Singh

OFFICE ADDRESSNine Dot Nine Interactive Pvt Ltd

C/o K.P.T House,Plot 41/13, Sector-30,Vashi, Navi Mumbai-400703 India

Printed and published by Kanak Ghosh forNine Dot Nine Interactive Pvt Ltd

C/o K.P.T House, Plot 41/13, Sector-30,Vashi, Navi Mumbai-400703 India

Editor: Anuradha Das MathurC/o K.P.T House, Plot 41/13, Sector-30,

Vashi, Navi Mumbai-400703 India

Printed at Silverpoint Press Pvt. Ltd.D 107,TTC Industrial Area,

Nerul.Navi Mumbai 400 706

www.thectoforum.com

32 | NEXT HORI-ZONS: CREATING COMPETITIVE ADVANTAGE Xie Qin explains how he used SOA to create a smarter, more efficient system. BY KEVIN WEI

WANG

REGULARS

01 | EDITORIAL08 | ENTERPRISE

ROUNDUP50 | BOOK

REVIEW

advertisers’ index

VERIZON IFC

TATA COMMUNICATION 25

TATA INDICOM IBC

SAS BC

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

48 | HIDE TIME: NATURAL IN-STINCTZoeb Adenwala, CIO, Essel Propack, is relent-lessly upbeat, erudite to the core, and enjoys his position of being at the helm of technology.

12

32 48


I BELIEVE

CURRENTCHALLENGE

UNDERSTANDING THE CURRENT ORGANISATIONAL BUSINESS PRIORITIES

THE AUTHOR HAS over 30 years of experience in information technology area and has

got a vast exposure in deploying technology and strategising for business.

BY S.R. BALASUBRAMANIAN | Exec VP IT, Godfrey Philips

Beyond the basicsA CIO has to make an impact and deliver significant value to business.

IT HAS MOVED a long way from being a backend work churning data for processing to a frontend position catering to organisational growth and profitability. CIOs have also been moving up the ladder to fulfill these roles, but if you were to ask me if the CIO has arrived, I would not be very sure.

Alignment with business, innovation, organisational agility, change management are terms that do the round these days. No doubt these terms matter, but for being a leader, I believe the CIO has to move

beyond these terms and clichés to a position where he plays a significant role in the organisation.

I believe that just speaking the right language or applying known formulae is not enough to get the CIO home. As a CIO, I have to get around to some basics. I first have to understand the business that I work for, the industry/competition/the market/the consum-ers etc., and hence the strategic intent of the organisation. I have to form my thoughts and strategize my moves and understand the organisational priori-ties. I have to be proactive and work for solutions that address business interests. I need to understand the organisation’s work culture, problems that people face, and requirements both that are long and short-term. I would then need to formulate a plan that addresses both, the immediate issues and long-term goals. I would have to formulate my vision and then detail it well before presenting it to the management. Further it is not about software to be installed or a package to be implemented, but about business benefits that would accrue in terms of addressing a business proposition, market expansion, enhancing value to customers, collaboration with partners, work efficiency, reduction of costs and so on. I believe that communication plays key role in interaction with all stake holders, enrolling them into my vision and seeking their cooperation.

The position, I believe, is that of an entrepreneur. As a CIO I have to run my function so that it stays viable. In an era of outsourcing, I have to be aware that the company can outsource the entire function. It is no evil and therefore I need to evaluate what is in the best interest of the organisation. I can either resort to partial or complete outsourcing where I play the role of an interface between the management and the outsourcing agency. The CIO has to make an impact and deliver sig-nificant value to business.

PH

OT

O B

Y D

R L

OH

IA

S TORY NA M E S E C T I O N N A M E

LETTERS

COMMUNITY BUILDINGThe CTO Forum team has been doing a great job over the past

one year to bring out issues of great interest to the focus of the

CTO/CIO community. CTO Forum has the mark of quality and will

go places. The challenge will be to keep it that way, always.

R KRISHNAN

Robert Bosch Engineering & Business Solutions Limited.

ROLE OF A CATALYSTThe most daunting task facing us is to completely transform and

adapt to the new role of the CIO - especially in the SME segment.

The penetration of IT and awareness of the same as a strategic

tool is yet to be realised from the top to the bottom of an organisa-

tion. CTO Forum provides us the required knowledge which helps

us in doing this.

PRAKASH PRADHAN

Head-IT, Jagsonpal Pharmaceuticals Ltd

WRITE TO US: The CTO Forum values your feedback. We want to know what you think about the magazine and ways

and means to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in mak-ing The CTO Forum the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

“I am glad to hear from you very regularly. I am proud to be a part of this platform. It really provides deep insights on latest technolo-gies, which are in use across enter-prises. I look at every issue of the magazine with utmost curiosity and go through it with great passion.” K. VASANTHA KUMAR

MAS Linea Fashions India Private Limited

6thectoforum.com 07 JANUARY 2010CTOFORUM6 07 JANUARY 2010 thectoforum.com

CTOFORUM


Enterprise

ROUND-UP

STORY INISDE

Worried of global warming, companies

are thinking of funding clean and green tech Pg 11

Exabyte of storage will be needed to store video from new surveillance deployments in 2012.

Konkan Railways Deploys TMS. The system ensures commuter safety and reduces cost by 20 percent.THE KONKAN Railway is deploying train management

system developed by IBM which would ensure com-muter safety and reduce energy consumption costs by 20 percent.

With more than 4,500 employees and 14,000 pas-sengers travelling daily on the route, Konkan Railway manages a large network of passenger and freight trains. The primary goal of the railway system is to improve service for its passengers, replace redundant manual procedures with efficient technology solu-tions to ultimately bring greater operating efficiency.

The 'Railway Application Package' (RAP) system

helps to manage, analyse and maintain train running information, schedules and reduce the passenger delays.

The solution requires minimal staff and takes care of all aspects of Konkan's business, from real-time management of train-running, collecting ticket rev-enue, managing finances and HR, to automatically controlling platforms lighting with train-movements.

"IBM has helped us keep our IT management costs down, while supporting rapid growth of our railway system," says Vijay Devnath, Chief Manager (IT), Konkan Railways.

3.3DATA BRIEFING

E N T E R PR I S E RO U N D - U P


Data centre deployments of 10G Ethernet are helping to drive the market, according to Dell'Oro Group. The firm expects the global Ethernet switching market to grow modestly in 2010, to $16.3 billion from $15.6 billion in 2009. This is down con-siderably though from the $19.3 billion market in 2008, Dell'Oro notes.

QUICK BYTE ON ETHERNET SWITCH MARKET

Changing the way people dia-gram. Five Reasons to Try Visio 2010.AS INFORMATION becomes more complex, the way people interact with that has evolved. Diagrams are an easy, simple way to convey ideas — and Visio 2010 is the next step in this diagramming evolution.

The advanced diagramming tools in Visio 2010 are easy to use, can create dynamic data-driven visuals, and provide new ways to share in real-time. Visio 2010 is simple and easy to use. Out of the box it comes with 66 preset templates and now has the Office Ribbon incorporated into its user interface — making it easier for all types of workers to find the tools they need to build, update or view a diagram. Identify operational inefficiencies. Use Visio’s comprehensive and robust business process analysis capabilities to capture, explore and communicate current business processes and identify operational inefficiencies.Reduce IT costs and risks. Document IT infrastructure and improve critical IT pro-cesses to enhance compliance and reduce IT costs.Improve project management. Create, edit and modify project plans using Visio to bet-ter understand and more effectively communicate key information.Reduce costs using server consolidation. Quickly assess server usage at both the rack and individual server level to help support decisions around shifting workloads. —Source: www.microsoft.com/presspass

THEY SAID IT

STEVE BALLMER

Microsoft CEO Steve Ballmer was once in surpris-ingly good form, as he kicked off the company's annual Financial Analysts Meeting last year. His presentation was one of the best in years. Perhaps his most piercing comments were about Apple, a competitor that has nipped away Windows PC mar-ket share and proved to be a formidable opponent in mobile devices markets.

"Mac market share gain is a rounding error. Apple's share globally cost us nothing."—Steve Ballmer

E NT E R PR I S E RO U N D - U P


It's Time for Asia-based CIOs to Make an IT Bet on the Economy. IDC Study highlights top-10 issues CIOs should be aware of in 2010IDC during December 2009 announced the

top-ten insights that highlight the key issues Asia/Pacific CIOs need to be aware of in 2010 and IDC’s view of the key end-user strate-gies for the next year and beyond. During the last year or more, companies in Asia have mostly applied 'wait-and-see' or 'back-burner' IT tactics - but this will no longer work as the economy starts to turn again. In the list of insights, IDC highlights how IT is in the midst of a renaissance and the significance of this renaissance to businesses has been

increased by the economic crisis. “In 2010 companies will have to adopt a sense of urgency and be more proactive with how they will deal with an economic recovery," said Claus Mortensen, Principal for IDC Asia/Pacific Emerging Technologies Research Group. "The economic downturn has taken its toll on all lines of business in the last year and that makes it even more vital to be ready to deal with the next upswing. Companies will have to make strategic bet on when the economy will turn and plan their IT investments accordingly.”

IDC's study provides a 5-year mobile worker population forecast through 2013 and analysis across 3 major categories and 13 subcategories in five regions: US, Western Europe, APAC, Japan, and the rest of the world.

At the core of IDC's top-ten CIO insights for 2010 is the concept ’dema-terialization’ of IT. For many compa-nies, on-premises IT may have a seri-ous economic flaw. The on-premises model can potentially hold IT to ran-som with fixed assets that are typically underutilized and escalating in cost to support. ’Dematerializing’ these assets by moving them off the premises and off the books is one such alternative of overcoming this dilemma.

"This process of ‘dematerialization’ is already taking place in various forms," said Claus. "We see them in the market as in cloud computing, cloud services, virtual dynamic IT, elastic infrastruc-ture, on-demand architecture, web-oriented architecture and software plus services - all sharing the same core ele-ment of virtualization."

IDC's 2010 top-ten CIO check-list highlights how companies can respond better and more dynamically to future market change. It also pro-vides insights into how the choice of IT architecture can provide business technology a rapid and flexible way to revise, scale, upgrade and change BPM and workflows in minutes rather than in months. IDC sees the top-ten issues that CIOs should be aware of are:

1 Adopting an IT Recovery Strategy 2 Cost Reduction and the

Dematerialization of IT 3 Cloud Migration 2010 4 Protecting Business from Disruptive

Innovation and Subsequent Technology Churn

5 Security and Identity & Access Management

6 Cloud Multi-Tenancy is About Innovation

7 Virtual Private and Hybrid Cloud 8 Business Intelligence as a Service 9 Social Enterprise Architecture 10 Green IT

IDC’s 2010 top-ten CIO checklist is part of IDC’s newly launched “Recov-ery Watch” program and for this study, IDC teamed up with Joe Bourque, who until recently held the position of Futurist at New Zealand Post.

GLOBAL TRACKER

Growth in mobile worker population

SOURCE: IDC

CR

ED

IT N

AM

E &

DE

TAILS

Year 2008 Year 2013

919.4million

1.19billion

E N T E R PR I S E RO U N D - U P


IT investment important for business recovery: Research

GREEN TALK

FUNDING CLEAN TECH

The ongoing economic downturn

seems to have taken a toll even

on the most talked about issue

global warming. Mirroring the

impact, investments by venture

capital (VC) companies in clean

technology companies fell 13 per-

cent in 2009.

As per a recent report from

Cleantech Group and Deloitte,

Indian companies raised $190

million last year compared to $218

million in 2008.

Biofuels was the pick of venture

capitalists with the segment

witnessing 55 per cent of the

investments.

Over the last two-three years,

Indian companies engaged in

developing clean or green technol-

ogy had attracted significant inter-

est from local and global venture

capital and private equity compa-

nies. A number of private equity

funds targeting the clean technol-

ogy space are raising capital from

investors to invest in India.

Among these, private equity

firm Olympus Capital, is raising

$250 million to invest in renewable

energy and environmental services

companies in Asia.

Global Environment Fund and

YES Bank are also jointly raising a

$200 million clean energy fund for

South Asia.

Source: Cleantech.com

GREATER investment in IT

by businesses will help aid

recovery in the wake of the

anticipated economic upturn,

a new study by telecoms giant

BT showed.

Nearly two-thirds of

respondents said that out-

of-date IT solutions have

proved a barrier to organisa-

tions being more enterpris-

ing and succeeding in the

global marketplace.

The company stated that

the perception of cloud com-

puting among chief informa-

tion officers (CIOs) and execu-

tives also needs to be changed

if widespread adoption of

the solution is to take place

among businesses in 2010.

Further findings from the

study revealed that over half

of the CIOs questioned said

they were uncomfortable

with storing data outside of

their home country.

Hanif Lalani, chief executive

officer of BT Global Services,

said: “Although we are already

delivering enterprise-level

cloud services, such as UC

(unified communications),

CRM (Customer Relationship

Management) and VDC (vir-

tual datacentre) many organi-

sations are still in the early

stages of adoption.”

Cloud adoption wi l l

improve the chances of a

business receiving a strong

return on their IT investment,

he explained.

Datamonitor was commis-

sioned to work on the study by

BT and questioned more than

2,400 IT users and 270 CIOs

and senior executives.

RED HAT'S current fiscal year’s third quarter results indicate at one very visible trend: the com-pany is gaining greater market and mindshare of enterprise IT budgets. The world's leading provider of open source solu-tions mostly met, or beat, expec-tations on all key metrics: rev-enue, deferred revenue, billings’, deals signed and earnings.

"Continued solid execution drove another quarter of strong results for Red Hat. Our double digit growth in the current economic environment was driven by our compelling value proposition and outstanding service. Our customer focus has clearly differentiated us from the competition. Red Hat was recently ranked as number 1 among software vendors by IT

executives for the fifth time in six years in the Ziff Davis CIO Insight Study, with the highest marks for reliability and value," stated Jim Whitehurst, President and Chief Executive Officer of Red Hat. "We also continued to introduce new products, including the November release of RHEV that advances our position in server virtualiza-tion and cloud computing. RHEV provides customers the choice of a high-value, low cost, open man-agement solution that was not pre-viously available in the $2 billion virtualization market."

Simply put, Red Hat is execut-ing well.

Part of Red Hat’s momentum can be attributed to landing big deals. Red Hat has won high-pro-file endorsements in the govern-ment sector with the US Depart-ment of Defense and the White House. The company also landed a big deal with NTT, the large Japanese telecom service provider. Jim Whitehurst also noted that the company had “several wins, which include a large private cloud implementation project with a major movie studio.” These deals are a mix of virtualization manage-ment applications and the core Red Hat Enterprise Linux.

—Source: www.redhat.com/news

Red Hat making deeper in-roads, silently. Bagged some large scale deals in the last fiscal

study revealed that over half

of the CIOs questioned said

they were uncomfortable

with storing data outside of

their home country.

FACT TICKER


A Q U E S T I O N O F AN SWE RS G OV I N D R A M M U R T HY

GOVIND RAMMURTHY | eSCAN.

Norms The BasicStop Ignoring

Banks in India need to instill confidence amongst users when it comes to online banking says Govind Rammurthy, MD and CEO, eScan. He talks to Ashwani Mishra on the areas of concern in the online banking space and other emerging security threats. Excerpts from the interview:

Do you think 2010 will witness an increase in incidents attrib-

uted to organised crime? The kind of intrusions and hacking that we are talking about is already happening in the Western countries. In India, customers lack the confi-dence in carrying out online banking as they think that the medium is still not secure. This is the reason that the online attacks in banking are lesser in India and not because the IT systems are secure. So we can say that India is safe today because online transactions in India are not in great numbers as of

now. But as banks evolve by providing safer and secured platforms to con-sumers, and as more customers start banking online, hackers will surely direct their attacks on such systems.

Take the example of Brazil - a coun-try with one of the highest number of online bankers in the world. But it is also the place where the highest num-ber of security breaches take place. This is because it is a challenge for hackers to break into the systems of such banks that has a large number of online users. The other clear motive for the hackers is money.

However, in the next two to three years, as banks in India cut down on paper and as more users start transacting online, we will see hackers diverting their attention towards India.

What do you think the CIOs need to do to instill this miss-

ing confidence among users? There is a huge disconnect between the technology implemented within banking enterprises and the kind of services that they provide to their exter-nal customers. There are two areas where security comes into action. The P

HO

TO

BY

JIT

EN

GH

AN

DH

I


G OV I N D R A M M U R T HY A Q U E S T I O N O F AN SWE R

Govind Rammurthy feelsthat security is one of the

most evolving fields as far as technology is concerned.


A Q U E S T I O N O F AN SWE RS G OV I N D R A M M U R T HY

first is security within an organisa-tion (for internal users) and the other is security for customers (external users). Employees can misuse or steal the data. Now these employees have access to all the customer data. So banks need to conduct audits on a continous basis to ensure that cus-tomer data is safeguarded.

The customers on the other hand access a bank’s system to avail servic-es. Many banks have introduced ‘two-factor authentication’ to verify the credentials of their customers. These are some of the important things that banks have initiated to increase customer confidence but there is still a lot to be done. For example, if we look in the US, we will not find banks sending out advertising emailers to customers. It is primarily because this medium is also used by hackers. How do you expect a customer to differenti-ate between an email sent by the bank or by a hacker?

In India, there are some banks which on one hand educate their cus-tomers not to open these mails and on the other hand they themselves send such advertising mails.

We have intercepted many genu-ine mailers from banks thinking that they could be phishing attacks. We end up blocking at least 20 percent genuine mailers sent by the bank themselves. So in this case, these banks are breaking the rules to engage customers and this is a wrong way of doing business. Banks in the US and the Europe do not follow this kind of pattern. In order to advertise to the customer, they use a third-party provider and do not carry out these messaging by themselves.

In India, most of the banks do not follow this method. These are prac-tices that needs to be corrected by the banking enterprises and I am sur-prised why this is not yet happening. This kind of callous behaviour will only harm the image of the banks.

Gartner says that security vendors are booking high-

Security is one of the most evolving fields as far as technology is concerned. Social networking has emerged as a medium that can reach out to a huge number of users and so there are peo-ple who want this medium to remain as porous and insecure as possible. We have already seen instances of Twitter and Facebook attacks.

Today every device that you carry (like like mobile phones and laptops) has the function to store and com-municate data. They become potential targets for hackers. So enterprises can no longer look at protecting just the servers or workstations.

With the growing number of devices, the security cloud has become larger, complex and dif-ficult to monitor and protect. We are already seeing the movement of PCs giving way to thin clients or virtual desktops. Virtualisation will have a significant impact and influ-ence on the security landscape in the coming years.

profit on products. Do you think the objection is genuine? (Laughs and takes a pause) Well, I will not comment on the report but I will surely say that we invest a lot of time, efforts and money in research and development of the security products that we offer to the end users. We should understand that it takes a lot of effort to protect a fool, but it takes a lesser effort to protect a smart guy. I know of a few cases wherein the enter-prises have not patched their systems for the last four years. When I asked them, they had no convincing answer. Either they did not have the tools or they did not have a proper mechanism to audit what is happening inside their networks. When such a thing happens, any amount of money that a security product/service company pours into research and development goes waste.

What are some of the key security threats that banking

enterprises need to guard against?

“Banks need to conduct audits on a continous basis to ensure that customer data is safeguarded”

There is a huge

disconnect

between the

technology

implemented

within banking

enterprises and

provided to the

customers Virtualisation

will have a

significant impact

and influence

on the security

landscape in the

coming years

THINGS I BELIEVE IN


BEST OF

BREEDFakes & Forgeries: Can a biometric identity be forged with very little technical know-how Pg 18

DLP - Disturbing Lack of Process?DLP technology is best used as a process enforcement tool Pg 19

FEATURES INSIDE

One of the most often repeated themes at this year's virtual conference VMworld was that of automation. Everybody claimed they had it, closer investigation suggested otherwise.

Now why is infrastructure automation or the dynamic manipulation of physical resources important?

The automation ImperativeThe adoption of infrastructure automation will largely depend on which side of the data-centre you are sitting on. BY KEN OESTREICH

Although software automation usually captures atten-tion, remember that there is a whole set of physical datacentre infrastructure layers that has to deal with as well. When a new server (physical or virtual) is created, much of this infrastructure also has to be provisioned to support it.The IT industry has evolved into a morass of technologies and resulting complex-

of 300 CIO respondents to a recent survey feel that compli-ance and audit will drive the automation market.

19%DATA BRIEFING

PH

OT

OS

BY

PH

OT

OS

.CO

M


AU TOM AT I O N B E S T O F BR E E D

ity; the way applications (and datacentres) are built today is not greenfield anymore. Datacentres are stove-piped, hand-crafted, tightly-controlled and reasonably delicate and automating IT is the only way out. Automation has its advantages: lower oper-ating expenditure, greater capital efficiency, and greater energy efficiency. It also poses challenges typical of distrust, organisational upheaval, financial and business changes.

The art or science of introducing automa-tion into an existing organisation is to reap the benefits, and mitigate the challenges. As infrastructure automation, also known as Infrastructure 2.0, moves forward, it appears to be bifurcating along two different philosophies. There are two fundamental approaches to automation in-place and virtualised infrastructure automation. Each approach is valid, but appropriate for differ-ing types of uses:

In-place infrastructure automation: (dis-tinct from run-book automation) It seeks to automate existing physical assets, derive its value from masking the operational by orchestrating in-place resources. That is, it takes the physical topology (servers, I/O, ports, addressing, cabling, switches, VMs etc.) and orchestrates things to optimise a variable such as a service level agreement, energy consumption, etc.

Virtualised Infrastructure automation: It seeks to first virtualise the infrastructure and then automate their creation, configura-tion and retirement. That is, I/O is virtu-alised, networking is frequently converged, and network switches, load balancers, etc. are virtualised as well.

Each of these two approaches has its pros and cons. I'll try to elucidate a few of the high points in each of the case:

In-place infrastructure automation: Cassatt (now part of CA), Scalent

Automates existing assets: Usually, there is no need to acquire a new network or server hardware (although not all hardware will be compatible with the automation software). Thus in-place assets are generally re-pur-posed more efficiently than they would be in a manually-controlled scenario. Clearly this is one of the most significant value propositions for this approach - automate what you already own.Masking underlying complexity: While

in-place automation simplifies operation and streamlines efficiency, the datacen-tre's underlying complexity is still there: redundant assets to maintain, suboptimal cabling, outmoded multi-layer switching and physical limitations.

Alters security hierarchy: Since assets such as switches will now be controlled by machine, this architecture will neces-sarily modify the security hierarchy, sin-gle-point-of-failure risks, etc. All assets fall under the command of the automa-tion software controller.

Broad, but not complete, flexibility: Because this approach manipulates exist-ing physical assets, certain physical limita-tions must remain in the datacentre. For example, physical server NICs and HBAs are what they are, and can't be altered. Or, for example, certain network topologies might not be able to be perfectly replicated if physical topologies don't closely match. Nonetheless, if properly architected, some of these limitations can be mitigated.

Use with OS virtualisation: This approach usually takes control of the virtual machine (VM) management software, or directly controls the VMs itself. So, for example, you would allow the automation manager to manipulate VMs, rather than vSphere.

Installation: Usually more complex to set up or maintain because all assets, versions, and physical topography necessarily need to be discovered and catalogued. But once running, the system will essentially main-tain its own configuration management database (CMDB).

Virtualised infrastructure automation:

Cisco UCS, Egenera, XsigoReduction or elimination of IT components: The good news here is that through virtualis-ing infrastructure, redundant components can be completely eliminated. For example, only a single I/O card with a single cable is needed per server because they can be easily virtualised or presented to the CPU. And, a single virtualised switching node can pres-ent itself as any number of switches and load balancers for both storage and network data.

Complete flexibility in configuration: By abstracting infrastructure assets, they can be built or retired or repurposed on-demand. e.g. networking and load balanc-ing can be created at will with essentially arbitrary topologies.

Consistent or complementary to OS Vir-tualisation models: If you think about it, virtualised infrastructure control is pretty complementary to OS virtualisation. While OS virtualisation logically defines serv-ers, infrastructure virtualisation similarly defines plumbing and allows I/O and net-work consolidation, as well as movement or duplication of physical server properties to other locations.

New networking model: With a completely virtualised or converged network, network (and its security) management changes. Organisations may have to re-think how (and who) creates and repurposes network assets. (Somewhat similar to coping with "VM Sprawl" in the software virtualisation domain)

Use with OS virtualisation: This approach is usually 'agnostic' to the software payload of the physical server, and is therefore neutral/indifferent to the VMM in place. Frequently the two can be coordinated, however.

Installation: Usually relatively simple. Few components per server, few cables, especial-ly in a greenfield deployment. Installation of software/BIOS on physical servers is prob-ably not what you're used to, though.

Ideal use of these two approaches dif-fers too. Obviously, in-place infrastructure automation is probably best-suited for an existing set of complex datacentre assets. As you'd expect , a number of existing lab auto-mation products out there target this mar-ket. On the other hand, virtual infrastruc-ture automation can certainly be deployed

THE ART OR SCIENCE OF INTRODUCING AUTOMATION INTO AN EXISTING ORGANISATION IS TO REAP THE BENEFITS, AND MITIGATE THE CHALLENGES.


B E S T O F BR E E D FA K I N G I D E N T I T Y

on existing assets, but its real value is for new installations where minimal hardware or cabling or networking can be designed-in from the ground up. Most of these products are designed for production datacentres, as

well as cloud or utility infrastructures.My overall sense of the market is that adop-tion of in-place automation will be driven primarily by progressive IT staffs that want a taste of automation and service-level man-

agement. Virtualised Infrastructure Auto-mation adoption, on the other hand, will tend to ride the technology wave driven both by networking vendors and OS virtualisa-tion vendors.

Fakes & ForgeriesCan a biometric identity be forged with very little technical know-how? BY BOZIDAR SPIROVSKI

Security of biometric ID's like biometric passports is a very frequent topic of discussion, and we all know there are issues. But most of those issues are related to encryption, materials and generally anything that requires a lot of technical knowledge.

Here is an example of the possibility to create a fake Biometric ID with very little technical knowledge. In order to understand this possibility, we need to discuss the two biometric elements within the ID:

Facial informationEach biometric ID contains a very clear and accurate photo of the owner of the ID. And facial recognition is used in a lot of systems, most frequently in organizations which require non-intrusive identi-fication - like casinos and some border controls. So facial recognition systems are quite common and commercially available.

But facial recognition has an inherent weakness. It cannot be cali-brated to 100 percent accuracy. This is simply because some features of your face can actually change at a daily basis: facial bloating, skin discolouration, facial hair, acne, minor injuries. So the facial recog-nition system needs to be flexible - most facial recognition systems are set-up to match at around 70-80 percent.

FingerprintsFingerprints are also stored in the biometric ID, with most ID's storing only one or two fingerprint - the index finger of the right hand or the fingerprints of both index fingers. It is common knowledge that fingerprint readers can be easily fooled, with very simple and available methods.

One simply lifts the fingerprints and creates a copy using photoshop, laser printer and gelatin or wood glue. Here, is an example of a simple fingerprint lifting

method - the first step in recreating a fingerprint. So far, these two elements may be fooled, but how can we create a fake biometric ID with such information?

Technically, it is very difficult to modify a manufactured biometric ID into a fake one, which was the initial idea. But what if you can alter the input data into the process of creating a new legal biometric ID? The process is quite simple: The seller of fake ID must create the fake ID for a person that has

similar facial features to him or her, so the facial recognition soft-ware matches the expected 70-80 percent similarity. The seller will prepare fake fingerprint covers of the buyer and

attach them to his or her fingers. The seller simply enters the appropriate authority and applies for

the biometric ID. He or she gets photographed and the fingerprints get scanned on a scanner that is in front of a bulletproof glass. These authorities are staffed by overworked people and there is usually a lot of commotion, so very few people will ever notice your fake fin-gerprint covers. Moreover, the application software rarely compares the previous fingerprints with the currently scanned ones

If all goes well, the seller will receive an original ID, which contains a face of the seller as well as his or her personal information, but the fingerprints are of another person, the buyer. He can now take that ID and actually pass most con-trol checks.

For all legal purposes such an ID is very much a fake, and there is no way to prove that the seller faked his/her information - even if the fake fingerprints are found on file, how will you prove that the seller faked his fingerprints?

Easy, isn't it?

—Bozidar Spirovski of Information Security

Short Takes is an information security expert.


DATA LO S S PRE VE N T I O N B E S T O F BR E E D

DLP - DisturbingLack of Process? DLP technology is best used as a process enforce-ment tool not as a compliance trade off BY DANNY LIEBERMA

Ted Ritter (Sr. Research Ana-lyst at Nemertes Research) has suggested that we rename DLP a Disturbing Lack of Process. Indeed DLP

is not a well-defined term – since so many vendors have labelled their products “Data loss prevention” products in an attempt to turn the tide of data breaches into a franchise that will help them grow sales volume.

I disagree however – that DLP might be renamed as a “Disturbing lack of process”. Not even as a joke. I do not think that lack of business process is the issue.

Any company still afloat today has business processes designed to help them take orders, add value and make money.

They understand by themselves that they must protect their intellectual property from theft and abuse. The question is not lack of process but whether or not security is being used to help enforce business process in the relevant areas of product safety, customer service, employee workplace security and information protection in business-to-busi-ness relationships.

In a profitable company, the business pro-cesses are aligned with company strategy to one degree or another.

Good companies like Intel are strong on business strategy, process and execution while government organizations tend to be strong on strategy (President Obama) and regula-tion (FISMA) and short on execution (Obama Nobel Peace Prize).

This is true in most countries, maybe Ger-many, Singapore and Japan do a better job than most.

I think we are doing most businesses an injustice by asserting that they have a “disturb-ing lack of process”- instead we should focus on the question of where and how security fits

into the business strategy and how it can help enforce relevant processes in the areas of cus-tomer protection and privacy, customer ser-vice, employee security and privacy and infor-mation protection with business partners.

An approach that uses data security for process enforcement automatically aligns data security with company strategy (assum-ing that the business processes support the company strategy, we may assume an asso-ciative relationship).

Using data security for process enforce-ment also simplifies DLP implementations since the number of business processes and their data models is far smaller than the number of data types and data records in the organization.

Easier to enumerate is easier to protect.It is indeed immensely easier to describe a

7 step customer service process and use DLP to enforce it than try and perform e-Discovery on 10 Terabyte of customer data contained in databases and workstations.

The 3 basic tenets of information security are data confidentiality, integrity and avail-

ability. DLP addresses the confidentiality requirement, leaving integrity and avail-ability to other technologies and procedures that are deployed in the enterprise.

The key to effective enter-prise information protec-tion is making information security part of enterprise business processes – for example:Confidentiality: not losing secret chemical formulas to the competition. (Note that credit card numbers on their own, are not confi-

dential information according to any of the US state privacy laws. A single credit card number without additional PII is neither secret nor of much use).Integrity: not enabling traders to manipulate forex pricing for personal advantage.Availability: protecting servers from DDOS attacks.

DLP is having an uphill battle this is a point solution deployed for privacy compliance rather than for business process enforcement and enterprise information protection.

DLP is best used as a process enforcement tool not as a compliance trade off.

It is easier to buy a piece of technology than fix the bugs in your software – or enforce your business processes.

—Danny Lieberman is a technology innovator and

leader – implementing ideas from brain to busi-

ness. Since 2003 – Danny has been doing data

security consulting and data protection/informa-

tion assurance projects. This article is reproduced

with permission from www.Information-Security-

Resources.com

COVE R S TORY X X X X X X X X X X

20 07 JANUARY 2010 thectoforum.comCTOFORUM20 07 JANUARY 2010 thectoforum.comCTOFORUM

“The Mahindra One portal offers ease of use to employees across the enterprise and helps in sharing ideas instantly”

—Vijay Mahajan

“Unified Communications has been embraced by all M&M employees and has become a part of the group’s business culture”—Aravind Tawde

COOOOOOOOOOOOOOCOC LLLOLO LLLLLLLLLLLLL AAAAAAALALLALLAL B B B AB AAB AAB AAB ACOOOOCOC LCOOOOOCOC LL

PH

OT

O B

Y J

ITE

N G

AN

DH

I

X X X X X X X X X X COVE R S TORY


What began as a small collaboration effort within

Mahindra & Mahindra has now evolved into a full-

fledged LAUNCH PAD FOR INNOVATIONS

across the group.By Ashwani Mishra

AT THE HEART OFAT THE HEART OFAT THE HEART OFAT THE HEART OFAT THE HEART OF


CO L L A BO R AT I O N COVE R S TORY

OOOOORRRRROROORO AARAR TATA ITITOIOI NONO


Sandip Patel, a senior technical associate at Tech Mahindra, the tech arm of $6.3 billion Mahindra & Mahindra (M&M) group, had last year posted an idea on the company’s portal about how a multimedia solution could enhance mobility of low powered devices.

Even before he could get a serious note of apprecia-tion from his boss or his colleagues, Patel was accost-ed by a team of serious-looking geeks from CanvasM, a technology collaboration between Tech Mahindra and Motorola. They were willing to bet on this simple yet inspiring innovation with the project detailing and feasibility testing already in progress.

Today, the group is truly fostering innovation by enabling collaboration among nearly 1 lakh employ-ees, located across the globe. For a group that has presence in sectors such as automobile, financial services, information technology (IT) and infrastruc-ture development, collaboration was best achieved through a mechanism that captured both domain and tacit knowledge across the group. Let’s get a lowdown on this mechanism.

THE POWER OF ONEIt all started in early 2008 when the corporate monolith built a platform called 'One Mahindra' for

all its group employees, where they could connect with each other through a common platform using collaborative technologies for personal and professional development.

“With such a diversified group, we realised that there were many synergistic opportunities to lever-age knowledge and best practices. This could only be achieved by bringing people within the group together and imparting best practices wherever pos-sible. Obviously, IT was the best enabler to achieve this objective,” recollects Arvind Tawde, Senior Vice-President and Chief Information Officer, Mahindra & Mahindra Limited.

The vision was identified. The mission needed to be achieved. After evaluating a slew of technologies, the corporate IT team made its choice of technology that among things would also deliver powerful Web 2.0 support. The result: Microsoft Office SharePoint Server 2007 was chosen as the platform on which the portal would be deployed.

Initially, the ‘One Mahindra’ portal included news and announcements, sector specific company pages, and updates on various group initiatives. Employees could also use the portal to search for information and people across the group. However, this portal was still short of rich collaborative features.

Even if the idea had originated from the overtly fertile mind of a 20-something techie, it would have only invited a “nice try”

remark from his circle. But living to see it getting shape in the labs of one of India’s largest diversified companies, one is left wondering that there is still hope in the world.

“We have created a collaborative environment across the

group. Ideas, knowledge and

opinions are being exchanged. The journey will continue in the years to come.”

—V S ParthasarathyEVP – Finance, M & A and Corporate IT, M &

M Limited.


The corporate IT decided to revamp the portal with a touch of business networking and relaunched an upgraded portal in April 2009. The need to restructure the portal arose with the emergence of technologies like Web 2.0 and Unified Communications (UC) that brought people together and allowed knowledge sharing.

“We observed that many employees within the group had formed Mahindra communities and groups within social networking sites such as Facebook and Orkut. Obviously there was a latent need for us, especially the younger generation to interact closely on both professional and personal fronts,” says Tawde.

FOSTERING INNOVATIONSThe new upgraded portal now had enhanced collaboration and networking features. It had applications, designed and developed by using the same platform and Web 2.0 technologies. Some of the key applications included MahiSpace, Ask Mahindra and Innovation Pad.

MahiSpace allowed employees to facilitate sharing through common interest communities and search domain experts. Using this feature, employees could create their profiles and showcase their expertise, skills and domain knowledge. Users could form their own communities for discussion on various topics, which would aid in sharing of knowledge.

Moreover, Ask Mahindra allowed employees to post their questions across the group companies and get replies from experts. Innovation Pad, on the other hand, served as a platform to facilitate innovation where users could put forward ideas and if accepted, the ideas got implemented in line with business goals. The feature also provided a mechanism to rate and discuss ideas submitted by other users and pro-

mote it for development. Major idea submissions are in the areas of cost reduction, automobile and tech-nology categories. The ideas in automotive category include vehicle reviews, improvement areas and new functionalities that can be considered for assessment.

“With such a huge number of employees who had varying technology capabilities, it was critical that the portal offered ease of use to everyone,” says Vijay Mahajan, Head-Centre of Excellence, Corporate IT, Mahindra & Mahindra Limited.

Until December 2009, over 48,000 employees had visited the ‘One Mahindra’ portal. More than 100 communities had been formed in MahiSpace with 9,700 plus profiles being created. Ask Mahindra had attended to over 4,000 questions and around 450 innovative ideas have been posted under the Innova-tion Pad platform.

“Getting such encouraging response in such a short span of time has certainly boosted the confidence of our team. But I feel the business benefit would be realised only when people start using the platform innovatively,” says Tawde.

RINGING IN CHANGEThe group did not stop here and wanted to create a collaborative environment that was beyond web usage and interaction. So while employees where still gung-ho over the ‘One Mahindra’ portal, the corporate IT team took up its next mission:

deployment of a UC platform.In mid-2008, the M&M decided to implement

Microsoft Office Communications Server (OCS) 2007 and provided users the flexibility to collabo-rate anytime, anywhere and through any device. The features included instant messaging, on-line

file sharing, real-time editing, user presence, search from active directory, desktop sharing etc. Using these features, M&M streamlined all forms

of communication such as email, voice, video and web interactions. The group then decided to explore

the prowess of OCS by integrating other com-munication modes such as traditional

telephony, IP telephony, AV calls to the new platform.

For example, the Presence feature of the OCS informs

whether an employee is at his desk, avail-able or busy, and the mode through which

he can be reached. This has helped various busi-

ness functions to benefit immensely as information sharing can now be done in real-time.

CHANLLEGES

The biggest challenge faced in adoption of collaboration is dealing with cultural issues and behaviour dynamics Second most impor-tant challenge to han-dle is user encour-agement to use collaboration tools for the purposes they are meant for The third important challenge is to con-vince the manage-ment that there is no quick ROI to collabo-ration adoption

“Getting such encouraging response has certainly boosted

the confidence. But the business

benefits would be realised only when

people start using the platform innovatively”

Arvind TawdeSenior Vice-President and Chief

Information Officer, M & M Limited.

CO L L A BO R AT I O N COVE R S TORY

thectoforum.com

Moreover, Ask Mahindra allowed employees to post Moreover, Ask Mahindra allowed employees to post Moreover, Ask Mahindra allowed employees to post their questions across the group companies and get replies from experts. Innovation Pad, on the other hand, served as a platform to facilitate innovation hand, served as a platform to facilitate innovation hand, served as a platform to facilitate innovation where users could put forward ideas and if accepted, where users could put forward ideas and if accepted, the ideas got implemented in line with business goals. The feature also provided a mechanism to rate and discuss ideas submitted by other users and pro-

the corporate IT team took up its next mission: deployment of a UC platform.

In mid-2008, the M&M decided to implement Microsoft Office Communications Server (OCS) 2007 and provided users the flexibility to collaborate anytime, anywhere and through any device. The features included instant messaging, on-line

file sharing, real-time editing, user presence, search from active directory, desktop sharing etc. Using these features, M&M streamlined all forms

of communication such as email, voice, video and of communication such as email, voice, video and web interactions. The group then decided to explore web interactions. The group then decided to explore

the prowess of OCS by integrating other communication modes such as traditional

telephony, IP telephony, AV calls to the new platform.

For example, the Presence feature of the OCS informs

has helped various business functions to benefit

immensely as information sharing can now be done in real-time.can now be done in real-time.


COVE R S TORY CO L L A BO R AT I O N

Using OCS, users can also share desktops and send files. For example, the R&D department requires col-laborative tools for sharing the product designs/con-cepts with team members across different locations. Through the use of OCS, the communication has become much faster because they can now share their desktops with other users in the team spread across different locations and collaborate on the same.

“Several of my colleagues, including me have been using Office Communicator in the R&D department. I personally find it very useful as it is similar to hav-ing a face-to-face meeting. It also assists us to review three dimensional design data clearly with other colleagues across locations,” says Nitin Ranade, Vice President, Product Development from the Nashik plant of M&M’s Automotive Sector.

The OCS 2007 was implemented by Microsoft. Migration to OCS R2 was done by the IT team at Mahindra with the help of Microsoft. OCS R2 has provided the flexibility to collaborate through Inter-net when users are away from workplace. Cisco was involved in the implementation of IP Telephony and its integration with OCS. For all these implementa-tions, M&M was used as the beta site.

But the big story lay somewhere else. The group successfully integrated IP telephony with the OCS as part of a pilot exercise. IP telephony is deployed in three locations viz. Chakan plant in Pune, Mahin-

dra Research Valley (MRV) in Chennai and Kandivli datacentre in Mumbai. Initially, the company plans to target locations that can be easily integrated with the OCS platform and where the business interactions are high in volume.

For integrating IP telephony with existing PABX systems, the team has decided to use a common or single numbering schema across locations by using the Active Directory services from the Microsoft OCS platform. So any employee in Mumbai can make a call to someone in MRV Chennai without any cost as the call is now routed through existing WAN.

“So an employee sitting in Mumbai can make a call to someone in MRV Chennai for free, as the call is now routed through existing network,” says Mahajan.

Mahajan points out that in such kind of IT initia-tives, RoI is difficult to calculate, but it benefits the organisation immensely. "We treat such initiatives as future investments. UC has definitely helped us to improve the business-decision making cycle or what we call as lead time," he says.

Today, UC has been embraced by all M&M employ-ees and has become a part of the group’s business culture. The employees have accepted the technology and realised the benefits that UC provides to busi-ness. Today, the demand of UC is also seen coming from other group companies.

“The younger generation of our workforce was excited, as they already had a feel of social networking tools. It was the older generation that needed a gentle push towards using this new technology,” says Tawde who is now fairly recognised for his ability to bridge the digital as well as generation divide within the group.

According to V S Parthasarathy, Executive Vice President – Finance, Mergers and Acquisition and Corporate IT says, “We have created a collaborative environment across the group. Ideas, knowledge and opinions are being exchanged. The journey will con-tinue in the years to come. The future plan is to take collaboration to the next level and build further inter-activity along with personalisation,” he says.

For this year, mobility is the core focus area for the group. With a large number of employees using mobile phones and PDAs, the group wants to make the One Mahindra portal available on these devices. The OCS capabilities can be deployed through a client on the mobile device. The company is also looking at having telepresence capabilities within the next few months.

“Our next challenge is to link all data sources, devices and portal and of course people for more value-addition and interesting engagement,” says Parthasarathy.

—[email protected]

BENEFITS

Deploying collabora-tion solution can instantly increase pro-ductivity of work groups It can help in achieving faster delivery of infor-mation and shrink the response time Collaboration link teams located in geo-graphically dispersed locations and provide common, central records resource to help improve the cus-tomer service.

RISE OF THE KILLER APPNearly 90 percent of Nemertes*

research participants say they operate “virtual” organisations, defined as companies that have employees who work remotely from their supervisors and/or workgroups. Within these compa-nies, about 30 percent of the employees work virtually, and in that capacity, they must collaborate with each other, as well as with partners, suppliers and custom-ers operating across multiple offices, regions, or countries. As a result, effec-tive collaboration is no longer a “nice-to-have,” rather it is a critical requirement for success in the modern economy.

Research participants say effective col-laboration is a prerequisite for establish-ing an agile organisation, one that is able to quickly respond to new opportunities and meet emerging ones. The changing workplace has led to growth in adoption of collaboration applications and ser-

vices such as Voice Over IP, unified com-munications, video conferencing, Web conferencing, and document sharing.

Adoption of collaboration tools contin-ues to grow. More than half of Nemertes research participants are deploying applications, such as Web conferencing and instant messaging, to meet their requirements. More than 75 percent are deploying or planning to deploy video-conferencing solutions and tele-presence platforms. Enterprises increasingly are integrating these disparate applications under the umbrella of UC,” enabling sharing of presence information across applications, in addition to the ability to easily shift modes of collaboration. Source: Nemertes Research. *Nemertes Research is a research-advi-sory firm that specializes in analyzing and quantifying the business value of emerging technologies.


The new year begins with new challenges. Here is a guide to the existing and emerging identity thefts for 2010. BY ROBERT SICILIANO

IDENTITY THEFT PREDICTIONS FOR 2010

TOP

10

T E CH F OR G OVE R NAN CE I D E N T I T Y T H E F TP

HO

TO

BY

PH

OT

OS

.CO

M


I D E N T I T Y T H E F T T E CH F OR G OVE R NAN CE

1 More scams: The recession will lead to more scams. Whenever the US has faced a difficult time, thieves have found a way to use the problem

to their advantage. I’ve never seen more vari-ations of old scams and such a wide range of sophistication in newer scams.

2 Job scams: Criminals will take advantage of increasing unemploy-ment rates by tricking desperate people searching for job listings.

These fake job listings and work-at-home scams will result in job seeker providing Social Security Number (SSN) and other important details to the criminals.

3 Low-tech desperate identity theft: There will be an increase in the number of individuals – who have no criminal history – begin-

ning to explore the crime of identity theft for financial gain. For these thieves, it will be about quick money. Once desperate people wreck their own credit histories, they will start to use SSN for easy access.

These new identity thieves will take advan-tage of low-tech methods such as stealing credit card numbers, dumpster diving, making phone calls, or phishing for credit card numbers. These techniques may also include placing ads in auctions to lay their hands on credit card numbers or cash.

4 All-in-the-Family identity theft: Desperation will lead to more ‘all-in-the-family’ cases, as well as the fraudulent use of numbers belong-

ing to close friends, roommates and fellow workers. It has long been documented that a significant percentage of identity theft cases are perpetrated by people close to the victim.

We predict that this number will increase during these tough economic times.

5 Child identity theft: The ITRC has noted that nearly 10 percent of its case load, for the past six months, involved child identity

theft issues. These cases often involve more varied components of identity theft than ever before. Some people have finally realised that a child’s SSN can be used for more than just opening a line of credit.

6 Medical identity theft: While not a new crime, this will reflect the distress of those who have become unemployed. High insurance pre-

miums, growing individual medical insur-ance costs and the inability to afford insur-ance or medical care will cause a spike in this area of identity theft. The Social Secu-rity Administration has noted an increase in uninsured people using the coverage of a friend, relative or even a stranger to get medical care.

7 Insider identity theft: In the coming year, identity theft will increase due to the failure to fol-low simple security protocols in

the workplace. This will create opportuni-ties for thieves to gain access to personal identifying information retained in data-bases or paper files. Additionally, the lack of computer security measures and the increasing skill levels of hackers will lead to larger and more financially harmful breaches. These thieves are also educating young protégées on high-tech methods to access secured information and will likely continue to coordinate malicious attacks from their jail cells.

8 Governmental identity theft: More individuals will discover that they have become identity theft victims as they apply for govern-

ment schemes. Not only will their own SSN be used, but they may be temporarily denied benefits due to the fraudulent use of their child’s SSN. This type of identity theft will also include complications with the IRS, Social Security Administration, Departments of Motor Vehicles, Medicare and Welfare.

9 Criminal identity theft: The number of cases of criminal iden-tity theft will continue to grow. This type of crime is defined as the

use of an individual’s personal information to avoid being tied to their own criminal record. In the current environment, the effects of criminal identity theft on the victims will be more apparent with the loss of employment, loss of benefits and the increased number of arrests of victims rang-ing from failure to appear warrants for traf-fic citations all the way to felony level crimes.

10 Social Media identity theft: The meteoric rise in social media use has also cre-ated a launch pad for identity

thieves. Social media identity theft happens when someone hacks an account via phish-ing, creates infected short URLs or creates a page using photos and the victims identify-ing information. My prediction for 2010 is that the increase in social networking activ-ity, along with a user’s failure to implement security and privacy settings and protocols, will lead to an increased exposure of not only the user’s personal information but possibly that of their friends.

Bottom line, there will be an increase in identity theft crimes and the number of victims over the next two years unless sig-nificant changes are made in information security. Our most important asset is our identity. And we are functioning under a completely antiquated system of identifica-tion. When state governments agree with federal agencies on effective identification and industry comes together, only then will a secure environment will prevail. —Robert Siciliano is an expert on personal security

and identity theft as the CEO of IDTheftSecurity.com.

I’ve joined forces with the Identity Theft Resource Centre (ITRC) to expand the pool of knowledge about identity theft issues. As globally recognised experts in crime detection, we have come up with ten predictions for one can expect in the identity theft in 2010 and beyond.


T E CH F OR G OVE R NAN CE I N F O R M A T I O N S E CU R I T Y

There are several challenges to the successful implemen-tation of sound informa-tion security (IS) in many organisations today. It is not

because the management considers security trivial; these issues exist because they do not grasp the complexities of information security, thereby making decisions that fail to build a proper security posture.

Here are a few major challenges to good InfoSec:

Misconception of information technol-ogy complexity

Misunderstanding IS Underestimating business risk

Be Sure & InsureOpting for an information security solution is like buying an insurance policy. Buy it to secure your business; not to make money out of it. BY ANDREW BAKER

Insufficient staffing and training

Information Technology is not get-ting more simpleDon’t let anyone fool you: technology can make it easier and faster to get results, and it may allow us to do many more things than in the past, but it doesn’t make things simpler. Nor does it really reduce costs. Ultimately, it just facilitates the transfer of costs from one place to another, whether inside the organisation or outside of it. Also, our business environments get more com-plex each day, as we employ increasingly sophisticated technologies to try and do more with less.

Misunderstanding information securityOver the past few years, I have seen many of my colleagues and associates attempt to press requests for IS tools and technolo-gies as they would for all other technology investments. I really don’t subscribe to the thought that security professionals have to learn to speak the language of the business if they have to get their security investments approved. It does not really reflect what security is all about.

InfoSec is about risk mitigation. It’s about preventing or reducing incidents that negatively impact the business, and also dealing with the after effects of security incidents. A standard Return on Invest-ment (ROI) on IS can be substantiated only in a few cases, as security investments are about revenue protection and not revenue enhancement. They are about ensuring business continuity in the face of ongoing threats. Can one every have an ROI on a business continuity or a flood insurance or a life insurance plan?

Good IS practice reduces the chance of a closure and that is really the way it needs to be sold. As business promoters already understand the concept of insurance, this should be a much easier sell. Trying to push the IS peg into the same hole as other technology expenditures will only lead to frustration.

This does not mean that I think that security costs don’t need a justification. There must be a way to properly articulate and calculate the benefits being provided, with the costs being incurred. It’s just that the concept of risk must be a core compo-


I N F O R M AT I O N S E CU R I T Y T E CH F OR G OVE R NAN CE

nent of the calculations in order to avoid flawed conclusions.

Underestimating business riskMost businesses, particularly small enter-prises, are not equipped to understand technology-based risks. For instance, they believe that they do not have IS because they are not a bank. This perspective ignores the fact that there are multiple types of threats that every internet-connected business regu-larly faces:

Honest mistakes Disgruntled workers Random or scripted external attacks Targeted external attacks

Honest mistakes can occur through server and network configuration errors by admin-istrators and other technical staff. They can also occur by naive employees who would attach wrong files to emails, send data to the incorrect addresses or carelessly leave critical data on the system. These prob-lems occur as regularly as malware attack through emails.

Disgruntled workers can cause all sorts of problems for an organisation. Over the past few years, there have been a number of news accounts of disgruntled staffers selling or giving away vital corporate information to competitors, or otherwise exposing a busi-ness to liability.

The first two categories, also known as insider threats, constitute bulk of security inci-dents. There are reports that put them as high as 75 percent of all reported security incidents.

Random or scripted external attacks are occurring all the time, with ever-increasing frequency. These attacks not only target operating systems, but also the applications that run on them. Scripted attacks can hit you and your organisation at any time. Nobody here is bothered to first find out the money you have because the relative cost of initiating these attacks is so small that it doesn’t really matter to keep a check on the victim. They’re just setting off their scripts and waiting for the data to come pouring in from their botnets. Most internet attacks tend to start out this way.Targeted external attacks represent a small portion of reported attacks – probably less than 5 percent of all security incidents. These involve attacks against a known target, usually with a pre-mediated objec-

tive. Industrial espionage and cyber-warfare by government agencies usually fall into this category. Some internet-based attacks start out as a random scripted attack, but once valu-able data gets captured by the botnet, the nature of the attack is made more deliberate and personal, in order to reap a much better harvest.

Most executives seem to think that this is the most prevalent type of attack (but it is not), and unfortunately, they base their decisions on protection and risk around this assumption. Many organisations do not know how much their data is worth until they have been deprived of access to it. That is why ransomware attacks are on a rise, because if someone can hold onto your data, you will find it necessary to pay huge sums of money to regain access to it.

Insufficient staffing and training is often marred because a small team of engineers, with a multitude of tasks on hand, also needs to mastering the increasingly evolv-ing security threat. Do you suppose that they need to be trained on the latest threats and use of the effective tools? Sure, you can decide to outsource this function so that you do not have to bear the direct costs of

staffing and training the secu-rity function, but what about employee training? If your employees are not adequately trained or are overworked, you can rest assured that they will make more mistakes, and that at least some of those mistakes will have security implications.

ConclusionCompanies need to acknowl-

edge the significance of IS. If promoters and senior managers wish to boil every deci-sion down to ROI, then they must start fac-tor the cost of downtime of not just in terms of systems alone, but in terms of people and productivity as well.

Can somebody estimate the cost a compa-ny will have to incur if its employees or this department stops operating for a certain period of time? Or can somebody compute the impact of a downtime on their projects and revenues? The damage caused to the reputation of the company is altogether a different topic of discussion.

Yes, we have to be able to talk the lan-guage of the business, but we need to understand that we are in the risk mitiga-tion business, not the add-ons business. And it is essential for the CFOs to under-stand the language of risk, and apply it to all aspects of their businesses. We live in a world with geopolitical instability, and where all sorts of pandemics can arise, not to mention cyber-warfare.

As IS professionals, let's spend a little more time educating our users, business partners and senior executives about the risks we face, and let us endeavour to cost-effective decisions on IS, so that we do not try to buy $10 million solutions to protect data worth $2 million.

Opting for good IS measures is like buy-ing an insurance policy. You buy it to secure your business from future threats and not to reflect returns on your balance sheet. Once organisations understand that, they will begin to thank us for helping them protect their major investments and revenue streams.

—Andrew Baker is an accomplished IT leader

and has vast experience in IT Operations, Com-

pliance, Information Security and Technology

Integration

Good IS practice reduces the chance of a closure and that is really the way it needs to be sold. AS BUSINESS PROMOTERS ALREADY UNDERSTAND THE CONCEPT OF INSURANCE, THIS SHOULD BE A MUCH EASIER SELL.

$79BILLION WILL BE

THE MARKET FOR

INFORMATION

SECURITY

PRODUCTS IN 2010


How to Fix IT Planning The design of a better IT planning process is not A quick fix approach. It requires a serious thinking. IN RESPONSE to the article “IT Plan-

ning is Broken” one commenter noted: This planning is deeply flawed, even if you “fix” it as described. An effective organisation is not a collec-tion of competing interests, and IT is not a resource to be divvied up. Where is the organisation’s overall strategy

short-term and longer term organi-sational investments within and across business units. In fact, my friend and progressive IT thinker Chris Potts said “that’s why there shouldn’t be an IT budget at all.”

Most large organisations got large through organic and/or M&A based growth, driven by entrepre-neurial leaders who, by definition, have competing priorities. Very few companies I have worked with in 20+ years of consulting have struck a successful balance between enterprise level and business unit investment priorities, IT included. That is NOT to say that they are not successful companies, but that the individual business needs have driven the majority of investments, with ERP and BI investments as a few exceptions.

Eliminate wasted effort, then improve the processAs the commenter pointed out, reducing the waste in IT planning doesn’t “fix” it, but it does begin to free up management time that can be better spent leading the work and building a better planning process

and goals in this scenario? How will organisation-wide improvement occur when projects are isolated into depart-mental silos?

These are all good questions and I think hint at the underlying frustra-tions that business and IT leaders have in connecting and balancing

THINKINGBEYONDCHRIS CURRAN | [email protected] CHRIS CURRAN is Diamond Management

& Technology Consultants’ chief technology

officer and managing partner of the firm’s

technology practice. He writes the CIO

Dashboard blog at www.ciodashboard.com

Attribute Firm 1 Firm 2

IT Organisation Style

Strong central CIO with direct reports who serve individual business units and functions

Central CIO with direct reports with dual reporting to LOB heads

IT Budget Responsibility Chief Information Officer LOB Heads for Applications and CIO for

Infrastructure and Enterprise Systems

IT Planning Approach CIO-driven multi-year and annual planning CIO-driven multi-year planning, LOB driven

annual planning with CIO consolidation

Goal

Align

Too muchIT Planning Time Spent

Not EnoughNot Very Good

IT PlanningCapability

Excellent

Simplify

Today?

FirstStepSteps to

EffectiveIT Planning


CU S TOM E R S E RV I CE T H I N K I N G B E YO N D

Customer Channel Dis-Integration A first hand account of how badly integrated customer touch points can hamper the prospects of an enterprise trying to deliver a seamless customer service.

that aligns and balanced business priorities. So, I look at improvements in 2 steps, reducing the waste and improving the process by driving it from and aligning it to the business.

The design of a better IT planning process is not a one-approach-fits-all proposition. Many factors are in play that will impact the approach and maybe more importantly, the interplay of the enterprise planning with the individual business unit and functional planning. Like it or not, all organisations do not drive operational planning and invest-

Airport Counter

Ticket CounterWeb/

Phone

Purchase Ticket No Yes Yes

Print Itinerary No Yes Yes

Change Reservation No Only if purchased

from Ticket Counter Yes

Print Boarding Pass Yes Only if purchased

from Ticket Counter No

CONSIDER the experience my part-ner Rajesh and I had in the Delhi airport a few weeks ago with one of the newer, progressive airlines as an example why integration across cus-tomer touch points is critical to everything from revenue generation to long term customer retention.

We entered the front door of the terminal with only a printed itiner-ary in hand. “Checked” by secu-rity guard, we were let in.

At the ticket counter, we were shown that our itinerary was for Dec 18, not Dec 16 (oops Rajesh!). Unfortunately, the “ticket” counter couldn’t make a change to our reservation. To do that, we would have to exit the terminal and go into a separate ticket office adja-cent to the terminal.

At the ticket window, we were told that yes, there were seats avail-able, but unfortunately, since we booked online, she could not help

us. Instead, we needed to call the online booking call center.

As Rajesh called, about 6 people got in line ahead of us. On the phone, the agent told us that the 8:20 pm flight was unavailable but that we could get on the 9:20 pm flight. Fine.

Back through security (with the right flight date – kudos to the first security guy – NOT) and to the “ticket” counter where we were told that the original flight was still available (“who told you it wasn’t?”) but that, of course, she couldn’t fix it. So, exasperated at this point, we just took the board-ing passes for the later flight.

Finally, with 2 hours to kill, Rajesh asked for passes to the lounge which he and a guest are entitled to as a premium club member. “Sorry,” she said “but you are on the later flight which is our budget service and we don’t offer club

passes with that class of ticket.” Quickly, Rajesh countered that we wanted the earlier flight and that we were willing to pay for it but they couldn’t get their stuff straight. Passes issued.

Good grief – we think we have it bad in the US. A horrible experience all around – as a customer and for the airline. One view on improving this is to look at the capabilities avail-able in each customer touch-point. Something like this:

At a glance, it looks like the Web channel is pretty capable but that the rest of the business needs to catch up. What do you think?

ments top-down into each unit.I work with two different insur-

ance companies of similar sizes ($10B+) and complexity. However, each has a significantly different model for setting strategy and pri-oritizing IT investments.

Regardless of the organisation style and culture, it is possible to vastly improve IT planning by driving it from the business. Many organisa-tions I have worked with like the terminology “business capability” as the lynch pin to link a high level set of objectives to a more granular set

of things a business needs to be able to do. Maybe we will someday be in a place where there are no IT plans or IT budgets. But, in the meantime, we need to pay close attention to the time we waste trying to figure out what the business wants and instead, become part of the business planning process. Maybe IT’s engi-neering roots can help the business become more rigorous and repeat-able in planning and together, create a better approach to multi-year and annual planning.


NEXTHORIZONS

It was early 2008 when Shanghai Mobile’s GM IT, Xie Qin, realized that he would be facing some difficult times in the future. The Chinese government had outlined plans to

shake up the nation’s sprawling telecom industry—plans that included creating three integrated nationwide carriers and offering new 3G licenses. The upshot was that in early 2009, the existing fixed-line and wireless duo-polies, which had divided up local markets, were set to disappear. At the time, Xie believed that competition would increase markedly. With 20 million customers in China’s finan-cial capital and most populous city, Shanghai Mobile is a key operating unit for the China Mobile group.

Even before the government’s plans took shape, Xie knew that Shanghai Mobile’s com-plex legacy architecture presented competi-tive problems that would create even greater stumbling blocks in the new era. First, the company’s IT systems were largely siloed by customer channels—local branch stores, call centers, and online stores—which had incon-sistent business policies for common process-es, such as approving a subscriber’s eligibility for new prices or services. That translated into costly duplication for writing and maintaining software applications and increased spending on IT infrastructure. Second, the complex IT systems were very challenging to maintain.

By the spring of 2008, Xie launched what would turn out to be a ten-month overhaul of

Creating Competitive Advantage with IT ArchitectureXie Qin explains how he used service-oriented architecture to create a smarter, more efficient system. BY KEVIN WEI WANG

XIE QIN SAYS

“The improved capabilities of our channels allow us to launch every new product and price plan simultaneously across all channels.”

SOA N E X T H OR I ZO N S


Shanghai Mobile’s IT systems to improve its sales and service capabilities and to make the system easier to maintain. The transforma-tion required Shanghai Mobile to dismantle the existing architecture and to replace it with a new IT blueprint based on service-oriented architecture (SOA), which created a unified business-service layer for different front-end channel systems and allowed the channels to share customer information. The result: improved sales and service capabilities for the channel systems; an optimal use of program developers, data centers, and other resources of the IT infrastructure; and a more maintain-able system.

In this interview with McKinsey’s Kevin Wei Wang, Xie explains how he executed the strat-egy and how it has changed the carrier.

What were the management lessons that resulted from this transformation?Xie Qin: Change is inevitably painful and risky. Therefore, we needed a clear articulation of the business value. Once we were able to do that, we really got support from top execu-tives. Secondly, you need to realign certain roles to ensure that people stick with the new approach. Finally, you need to have risk miti-gation measures to ensure there is minimum disruption to the business.

What caused you to consider the new direction?The Chinese telecom market was becoming increasingly competitive. The quality of net-works was converging, and product offerings were becoming more and more similar. So if you are a telecom operator, you need to dif-ferentiate yourself with superior customer ser-vice. After ten years of strong business growth where we rapidly expanded the capabilities of our systems, we started hitting a wall—the IT systems of Shanghai Mobile were falling short in delivering the level of services our business units need.

How did transformation address that?The improved capabilities of our channels allow us to launch every new product and price plan simultaneously across all channels. That reduces time to market by 30 percent. It also cuts our development effort by at least 50 percent by eliminating redundant cod-ing across different channel systems. Our customer service agents across channels can

readily pick up a customer complaint or an inquiry about a new product made in the past. So we can improve the customer experience and have better tools to improve sales conver-sion. As for system performance, we can now shorten the time it takes to diagnose a perfor-mance issue from an average of two hours to two minutes.

What were the ground level problems?First off, there was inconsistent business logic and a lack of information sharing across our channels, including the branch service offices,call centers, and online. For example, customers using different channels to check their eligibility for a new pricing plan could experience different business policies. If a cus-tomer inquired about a new product in the call center and showed up a day later in a branch office, the branch service agent wouldn’t know the customer had already expressed interest in the new product and would miss the chance to follow up with a proactive sales effort. Also, system performance setbacks inv certain areas sometimes escaped our centralized monitor-ing and caused customer complaints.

How does SOA address this?First of all, it helps ensure that the business logic across all channel systems is consistent and that we have real intelligence on customer interactions. Second, we need a completely transparent reading of the performance of our business transactions. That means knowing what is happening across all business areas, channel interfaces, and transaction flows. We need to be able to diagnose the root causes of problems when they occur or even preempt them before users find them.

How did you implement this?For the channel integration, we first created

an SOA service layer that provides standard-ized business services to all front-end systems of the channels. Then, one by one, we reen-gineered IT systems for each channel so they could all access this standard business service layer. In the meantime, we enabled each chan-nel to access records of customer interactions and the history in other channels.

To manage system performance better, the key wasn’t just to build more monitoring tools but to improve the way we write business applications. In doing so, each step of a busi-ness transaction could be tracked, from the initial online request to the final update in the database. If I can get a bit more technical, we essentially created a “base-class library” for our programming efforts, with builtin per-formance-monitoring functions. Now, every new application we develop will automatically inherit the ability to monitor and generate a traceable log of the business transactions.

How difficult was it to push it through?We completed the whole transformation in ten months with an IT team of about 40 people. We knew it was complex and we didn’t want to cause unnecessary business breaks or problems.

Therefore, we took a phased rollout approach, starting with the base-class library and the service layer. We then moved to the applications, transforming them gradually, channel by channel. We didn’t change the underlying database structure right away, so the old and new systems could run in paral-lel during the transition. This kept open the option of directing users back to the old sys-tem if there was a temporary glitch in the new.

How did you convince your people to go along?We had to present the business case in a tan-gible way. We got the buy-in by addressing the real business issue—inconsistent business logic and lack of information sharing across channel systems—which is a real concern for the customer experience across our channels. While an SOA transformation also reduces IT costs and improves system performance, I don’t think we would have gotten our busi-ness team as excited by addressing these two factors alone. —Kevin Wei Wang (Kevin_Wei_Wang@McKin-

sey.com) is an associate principal in McKinsey’s

Shanghai office.

To manage system performance better, the key wasn’t just to build more monitoring tools but to improve the way we write business applications.


N E T WOR K O F TH E F U T U R E M A N AG E D S E RV I CE S

Teams handling data offsite/offshore should have good under-standing of the critical-ity of the data/system to the user-business.

Watch out for some issues in managed service environments, which may cause serious damages if not dealt with precision. BY RAHUL NEEL MANI

ChecklistTHE MANAGED SERVICES

While dealing with your Managed Service Provider (MSP) be vigilant and careful about these points or else be ready to get friendly with sharks.

Watch for co-mingled user informa-tion: Although the potential security concerns arising out of managed IT services are essentially the same as from in-house services, with one major addition - the possibility of co-mingled client information. This can not only create chaos but also a great deal of breach in data security. There needs to be a very clear understanding of what infrastructure is shared, what technical resources are shared, and what pro-cesses (and technology) are in place to ensure that data does not get co-min-gled across clients at the end of your

When I contacted IT professionals from different parts of the world for their opinion on MSPs, I got a mixed bag of responses. What are the potential security concerns in the managed IT services environment that could worry you the most? Is your agreement with the MSP letting you sleep well at night? What is that you need to look for? What is that you must not ignore at any cost? Experts made some assertive comments to these questions.


M A N AG E D S E RV I CE S N E T WOR K O F TH E F U T U R E

MSP’s information infrastructure. “There needs to be strict monitoring, logging and reporting in an MSP con-figuration than when you are manag-ing your own infrastructure. And, it's a good idea to ensure that this is true for both the primary hosting location as well as the backup/DR site, which might not be configured or staffed as thoroughly as the primary location,” suggests Andrew Barker, VP-IT Opera-tions at AGRI, US.

Does your MSP know you well: Teams handling data offsite/offshore should have good understanding of the criticality of the data/system to the user-business. They should also be aware of the security/privacy policies of the organisation they are supporting. Most of the time misses are not delib-erate; it comes more from ignorance/lack of understanding or sensitiv-ity. And as for in-house or offshore required security controls need to be ensured (segregation of duty, strong access control, access to data only for the process, perimeter/network/systems security etc). “If your data is very sensitive, you need to look at Digi-tal Rights Management (RMS) and Encryption at various levels. Related metrics need to be defined and moni-tored for all these controls with your MSPs,” suggests Sunil Varkey, Infor-mation Security & Privacy Professional with Barkleys.

Are you communicating your expec-tations assertively: Communication of expectations is a crucial step. As a user of a fully managed hosting provider, you must transmit all security require-ments to the potential hosting provider before committing to their service. Most high-end managed IT services will be able to consult with their poten-tial clients. Will they be able to meet the "caged server" requirement? Do they offer PCI compliance scanning and fixes? Are they SAS-70 Type II? What experience do their system administrators have with cryptogra-phy? Do they have brute force detec-tion services? A lot of these questions need to be asked before committing to a solution or signing on dotted lines.

As a CIO you’d ideally assign all the resources needed prior to establishing any relationship. An investment of this magnitude is not temporary, you would hope it would last for at least the duration of the contract or may be lon-ger. “Craft a well designed RFP, which by the way can take several months. You should also develop a comprehen-sive list of business requirements and expectations. Additionally, the vendor selection process must be planned and very selective. The business must buy in into this process and must support and guide any decision. Your legal department also plays a critical role during the contract negotiation; not only they will spot check your contract but they will make sure your compa-ny's investment is secured,” says Zane Williamson, Sales Manager at Liquid Web, a US based hosting company.

Keep the relationship going: After all this is done, another key point is to sustain an ongoing relationship with the managed service provider. As there are disgruntled employees that pose serious internal risks, there are MSPs - who with your IT environment in their hands - can cause as much or even severe harm. “The partnership needs to be well managed, both ways. They can have as many SAS 70, PCI certifi-cations, HIPPA, etc. behind them but what matters the most is the results you will get on a daily basis,” suggests Elliott Bujan, Senior IT Auditor, For-tune Brands.

Is your MSP explicit: Enterprises – big or small - often use MSPs to man-age their networks, perform periodic checks, to have latest updates, off-site back up and remote troubleshooting – the whole nine yards. The vendor needs to make clear to the client what all is needed, so that if the client neglects some area with some vendor, intending to contract that to someone else, it is clear to future employees on the contracts, that the first vendor said this needs to be done, but you asked us not to do it. Otherwise stuff can fall through the cracks.

“The client needs to make sure the outside vendor is informed on any

compliance requirements regarding the data, and get something in writing to verify the vendor is fully cognizant of the implications,” says Al Macintyre, CIO, Kauffman Engineering, a Leba-non based engineering company. Some of the MSPs even have satisfac-tion guaranteed – ‘We fix the problem, or you don't pay’. You would want the billing to have clarity.

Grill yourself before you grill your MSP: In this time of economic crisis, the trusted advice is to find answers to the following questions:

- What would happen if my service provider goes bankrupt? Can I still access my data?

- What is the economic condition of my managed service providers? Do they have to reorganise any time soon? What will be the impact of that on the integrity of the employees (=grudge due to layoffs)?

- Will my service provider be engaged in a merger or separation soon? What are the consequences of that in regard to the integration and separation of IT systems (= downtime, mistakes etc.)

“A sound disaster/backup plan in case of any possible future avail-ability problems can prevent a lot of headache. However, issues with integ-rity and confidentiality require more intrusive measures like monitoring and auditing your service provider. Don't be blinded by their ISO 127002 certifications or other compliance statements. If they fool up, your head is in the noose,” concludes Michiel Broekhuijser Security Consultant, Advisor of Express in Bits.

The partnership needs to be well managed. They can have as many SAS 70, PCI certifications, HIPPA, etc. behind them but what matters the most is the RESULTS YOU WILL GET on a daily basis.


C TO F CU S TOM S E R I E S W I D E A R E A N E T W O R K I N GP

HO

TO

S B

Y P

HO

TO

S.C

OM

PotentialWAN’s Real

Leveraging The


WI D E A RE A N E T WO RK I N G C TO F CU S TOM S E R I E S

“Cisco and Datacraft share a unique relationship which is grounded in mutual trust and reinforced by a genuine business relationship. This has generated customer affinity and brand preference.”— GB KUMAR, Senior Vice President, Customer Advocacy, Cisco India & SAARC

Datacraft and Cisco iron out the technical glitches in Hindustan Unilever’s WAN and makes it perform at almost 100 percent availability

Executive background Hindustan Unilever Ltd was experiencing per-formance issues with its wide area network (WAN). The company needed a stable, faster convergent, high availability network.

Company background HUL is one of India's largest Fast Moving Consumer Goods (FMCG) company. It is present in Home & Personal Care and Foods & Beverages categories. HUL and Group companies have about 15,000 employees, including 1200 managers.

The company posted a net profit of around Rs 24, 964 mil-lion for the year ended March 31, 2009. The total income was at Rs 2, 08, 071 million during the same period.

Business challenge HUL was experiencing performance issues with its wide area network (WAN). The existing network lacked the capa-bility to scale operations as per the business needs. At that time, the company was using a point-to-point network. Load balancing was a challenge between service providers. Only half of the WAN bandwidth was actually being used.

Initially HUL relied only on BSNL as a service provider to address its communication needs but soon realised that to ensure better connectivity it needed other service providers who would help it to reach across every part of the country. So in addition to BSNL, it partnered with Tata, Airtel and Reli-ance for Multiprotocol Label Switching (MPLS) connectivity.

One of the major issues was the under-performance of the Open Shortest Path First (OSPF) protocol being used, which had its limitations. OSPF is a dynamic routing pro-tocol for use in Internet Protocol (IP) networks. Firstly, the OSPF protocol did not work very well with the MPLS links from various service providers. Secondly, the sham link of the protocol deployed across MPLS links would disrupt the routers of the various service providers that connected to the HUL network. A sham link is required between any two sites

that share a backdoor link. The reli-ability of the network was at stake and the company had to quickly spring into action to take corrective measures.

“What we needed at that point was stability, faster convergence, high availability of our network for our data centre and effective back up,” recalls Subramanyam Narayanan, Group IT Manager – Infrastructure and Security, Hindustan Unilever (HUL).

Solution Another problem that HUL faced on the network was that a branch router had the same routing table size as the data centre routers. To address this issue, the Datacraft team came up with innovative route optimisation techniques to reduce the routing table size. They also did a proper IP planning for load balancing.

Datacraft started the project by creating the architecture of the MPLS link in consultation with the IT team at HUL. Datacraft designed the architecture by keeping the business goals and future needs of HUL in mind. This design also ensured adequate security and control of network as well. The team then decided to implement Cisco’s virtual switching system that would ensure high availability of the network. The system would have a load balancing solution that was not dependent of the services of any service provider. This trans-


C TO F CU S TOM S E R I E S W I D E A R E A N E T W O R K I N G


lated into smooth functioning of the network even if there were issues at the provider’s end.

Datacraft choose Border Gateway Protocol (BGP) in place of OSPF as it makes the network more scalable with MPLS links. BGP does not sup-port load balancing but does support load sharing. Datacraft tweaked the solution to distribute the loads. It also provided training to HUL’s telecom partners. Datacraft along with the Cisco team carried out the technology migration plan to ensure that all the

IN A NUTSHELLCustomer name: Hindustan Unilever Limited Industry: Fast Moving Consumer Goods (FMCG) Challenge: WAN limitations. Optimisation and high availability of datacentre. Many single point of failures.

Solution: Implemented virtual switching system based solution for high availability.

Service provider independent load balancing solution.

Innovative route optimisation techniques to reduce routing table size.

Proper IP planning for load balancing. Benefits: Close to 100 percent network availability. Increase in available bandwidth. Memory and CPU utilisation reduced drastically. Stability and performance. No single point of failure.

“The migration of HUL from point-to-point network to a MPLS network has been cost effective. Our partnership with Datacraft and Cisco will go a long way”— Subramanyam Narayanan, Group IT Manager – Infrastructure and Security, Hindustan Unilever

hardware and software components of HUL network were standardised for future scalability and better uptime.

As a networking partner for HUL, Datacraft ensured that the managed services offering resulted in 100 per-cent network availability. This was pos-sible through a collaborative effort of both Datacraft and Cisco that covered Cisco hardware and software support, onsite engineer support and Cisco technical support.

“HUL is predominantly on Cisco’s platform and is probably the only network using virtualisation at the data centre routing layer,” says Balan Banerjee, Regional Manager, Datacraft.

According to Narayanan, Datacraft also helps the company in providing value added services. It maintains and monitors the various routers and switches and provides HUL an uptime guarantee on the hardware. “They also provide services on the network like integrating new technologies or moving to newer configurations on the WAN,” he says.

Business value The availability of the new network is now calculated at close to 100 percent. In the point-to-point network, the uptime was around the range of 92 to 94 percent. There has been a dra-matic increase in available bandwidth which was achieved by load balancing between all service provider links.

Memory and CPU utilisation reduced drastically (less than 300 entries against 700 entries). The new network has improved the stabil-

ity and performance with no single point of failure, requiring no manual intervention. This has been achieved through total automation.

“The migration of HUL from point-to-point network to a MPLS network has been cost effective. Point-to-point links are 20 to 30 percent more expensive than MPLS networks,” says Narayanan.

Last year, HUL launched a go to market (GTM) initiative in Mumbai in an attempt to refurbish its national distribution network and streamline its supply chain. With the network tuned, HUL now has the capability to expand its network to any loca-tion in the country by using any of its four service providers. This has given the company a lot of flexibility to support new business initiatives. The project has been reportedly a success in Mumbai, where it began in June. It will be brought forth in 42 cities and towns across India by the end of 2009.

The Datacraft network solution also offers HUL to change a service pro-vider even at existing locations in case of any connectivity issues. Datacraft has also provided a complete design and implementation documentation for future reference to HUL.

Commenting on the future relation with Datacraft, Narayanan says, “We have already started working with Datacraft to make our data centre more resilient and robust. We are planning to implement Cisco Nexus platform with them.”


H I G H AVA I L A B I L I T Y C TO F CU S TOM S E R I E S


RELIABLENETWORK

Cost EffectiveTelephony on a

Datacraft and Cisco build a highly available network, deploy Cisco’s contact centre solutions, and ensure the uptime of the solutions at Maersk.

Executive background Maersk needed a robust and reliable network to ser-vice its customer calls from across the globe. It was also looking for a solution to better manage the call

resolution, while bringing down the costs.

Company background Maersk Line, a leading liner shipping company, is a part of the A P Moller - Maersk Group which has its headquarters in Copen-hagen, Denmark and is present in more than 125 countries. Its fleet includes 470 container vessels and more than 1.9 million containers ensuring a reliable and comprehensive worldwide coverage. Maersk Line’s feeder vessels, trucks and dedicated trains offer the unique concept of door-to-door services. Apart from container shipping activities the group is also involved in logistics and terminal operation, tankers, oil and gas activities, retail, shipyards and manufacturing activities.

Business challenge Maersk’s IT infrastructure is supremely critical to the smooth running of its day-to-day business operations. The business needs to track the status of its various containers across the world and be able to convey the same to the cus-tomers. Maersk has built e-commerce solutions to provide users "round the clock", up-to-date information about the


C TO F CU S TOM S E R I E S H I G H AV A I L A B I L I T Y

status of their containers, cargo, etc. Maersk India wanted a highly avail-

able IT network to enable them to run applications that would help them do their job with the highest possible accuracy and speed, and at the same time reduce costs. The company wanted to create a redundant network architecture that would eliminate net-work downtime caused by any single point of failure.

“We needed high availability of our network, so that even if one network failed, the other could takeover and ensure smooth functioning of busi-ness activities,” says Rajesh Nair, CIO, Maersk India.

For this the company wanted to partner with a service provider who could understand and analyse the business needs, help in technology selection and suggest the appropri-ate network architecture, choose the product as well as provide end-to-end service delivery.

Cisco was an obvious choice as Maersk’s global offices were already using solutions from the company.

Cisco along with its Gold Premium Partner, Datacraft recommended that with the new redundant net-work, Maersk could opt for Cisco IPCC contact centre solution and IP Telephony solutions to smoothen out customer service operations in a cost effective manner.

Solution Cisco and Datacraft teams designed and deployed a reliable IP-based network with redundant architecture ensuring that there would be no single point of failure. Maersk India

“Our choice of selecting

Cisco systems and getting the

necessary support from Datacraft has helped us to have a redundant voice

network.”— RAJESH NAIRCIO, Maersk India

“Datacraft over the years has worked closely with Cisco,

delivering on Advanced Services

especially in the Service Provider

segment.”— GB KUMAR

Senior Vice President, Customer Advocacy,Cisco India & SAARC

IN A NUTSHELLCustomer name: Maersk India Industry: Transport & Logisitics Challenge: Create a redundant network. Reduce costs. Streamline support operations.

Solution: Designing and deployment of new IP-based network

Cisco IPCC and IPT solution. Virtual cluster phones deployment.

Benefits: High network availability. Cost reduction by reducing number of lines. Quicker response times for meeting customer needs and queries because of routing based on skills and independent of location.

decided to deploy Cisco’s IP Contact Centre (IPCC) and IP Telephony (IPT) solutions. The deployment of these solutions was done in Chennai and Pune as these two locations serve as Global Service Centres or GSCs for the company. Cisco and Datacraft played critical roles in understand-ing, designing, deploying and main-taining the entire solution.

“The deployment was critical as most of our business across the globe (remote support) is managed through these two GSCs,” says Nair. The deployment was done in three months. Nair adds that skill-based routing was also an important criterion in the deployment process. The Cisco solutions enabled the routing of calls based on the complexity of customer issue and forward it to the agent best equipped to answer him quickly.

“There were some challenges like dependency of certain equipments but Datacraft helped us sail through with their expertise and support,” says Nair.

For any new configuration and troubleshooting issues, engineers from Datacraft would go onsite while for routing and switching related prob-lems, it provided L1 and L2 support for hardware to Maersk. In case Datacraft could not solve the problem, it was escalated to Cisco.

Business value Cisco and Datacraft’s analysis of Maersk’s business process showed that not everyone at the company’s GSCs required a dedicated phone line. Cisco recommended that a virtual cluster phone environment could be created. This translated in significant cost savings for Maersk.

Maersk also took benefit of Cisco’s virtualised call centre offering that helps in routing calls to contact centre agents independent of their location. This solution has helped the com-pany to service customers even when agents are out of service or work hours as they can address issues even on the move or from home.


N E T WO RK U P T I M E C TO F CU S TOM S E R I E S

WAN AvailabilityWAN AvailabilityDelivering High

Manipal Education and Medical Group (MEMG) opts for a managed service contract with Datacraft, driven by ‘Uptime

powered by Cisco Services’; and sees huge improvements in network and IT infrastructure uptime.


C TO F CU S TOM S E R I E S N E T W O R K U P T I M E

“Datacraft is the first tier1 partner in India and APAC to work with Cisco on our Smart Connected

communities and we at Cisco are keen to capitalise on the knowledge and experience

that Datacraft provides”— GB KUMAR

Senior Vice President, Customer Advocacy, Cisco India & SAARC

Company background Manipal Education and Medical Group (MEMG) is one of Asia’s largest healthcare management groups. It is commit-ted to three interwoven purposes: dissipating knowledge, applying knowledge and creating knowledge. To this end, the group has been an innovator in the field of education, medicine and research. It is a leader in deliver-ing global standards of excellence in education. It has also established a Stem Cell Research Centre. There are five group companies in MEMG. These are Manipal University, Sikkim Manipal University, Manipal Cure & Care, Manipal Health, and Manipal Universal Learning. Business challengeMEMG has presence in 40 locations across India. One of the major challenges that MEMG faced was the downtime of its Wide Area Network (WAN), and this led to improper func-tioning of the applications. The group had various tier 2 and tier 3 service providers and was finding it difficult to handle them. They were also unable to provide proactive support and services which impacted the daily operations. There

were delays in provisioning and non-compliance to Service Level Agreements (SLAs).

Further, the group did not have integrated monitoring or management of its systems. So there was no single view of the performance of the links and devices on the WAN either.

“We did not have the internal strength to monitor, manage and maintain our WAN in terms of people, skills, products and tools and were looking for a provider who could help us to sort these issues with ease,” says Balakrishna Rao, CIO, Manipal Universal Learning.

MEMG wanted a service provider who could manage the coordination with various vendors and Internet Service Pro-viders (ISPs). The group currently is on the MPLS network of BSNL which connects its 40 locations across India.

MEMG wanted a service provider who could constantly assess and review the health of the network and its resources, address security issues, suggest best prac-tices, and bring in optimisation measures and improve-ments from time to time. The group was looking at a nation-wide partnership with a service provider. After a process of evaluation, MEMG chose Cisco’s Gold Premi-um Partner, Datacraft, as its managed service provider. The selection was based on the skills and capabilities to manage big projects. The presence of a full-fledged Net-work Operation Centre (NOC) with integrated tools and products for remote monitoring/management also was a key reason for Datacraft’s selection.

Solution MEMG signed a three-year multisourcing contract with Datacraft to manage the WAN infrastructure comprising MPLS links, Cisco routers and firewalls for its five group companies across 40 locations.

Proactive, remote monitoring of infrastructureDatacraft monitors and analyses the various devices that are connected to the MEMG network (both education and

Executive background Manipal Education and Medical Group faced major issues on its WAN that resulted in downtime and improper functioning

of applications. That’s when the group decided to opt for a managed services solution.


N E T WO RK U P T I M E C TO F CU S TOM S E R I E S

IN A NUTSHELLCustomer name: Manipal Education and Medical Group (MEMG) Industry: Education and Healthcare

Challenge: Lack of skills, products and tools to monitor and manage the WAN Lack of ability to manage network configurations proactively Working with multiple vendors and ISPs was turning out to be a huge headache

Solution: Proactive, remote monitoring of infrastructure Managing ISPs to ensure adherence to SLAs Providing onsite support Managing Cisco equipment through Uptime

powered by Cisco Services.

Benefits: High availability of WAN, as Datacraft’s NOC team proactively ensures that failures are averted in time.

Process driven approach to call management, problem resolution and escalation

MEMG’s team can now get a single view of WAN and incident statis-tics, WAN asset inventory and management through a portal.

The pain of having to deal with several vendors and ISPs, and enforcing SLAs with them has come down significantly, as Datacraft manages the entire coordination. With this intervention, MEMG now sees much improved adherence to SLAs by all vendors and service providers.

Datacraft has a team of experienced Cisco-Certified Engineers look-ing after the MEMG network, and are thus able to deliver better configuration management on Cisco equipment deployed.

hospital) through the NOC in Bangalore. The support cen-tre is proactive and can identify if a link or router is about to collapse. The support team can then take preventive measures to ensure that there is no downtime.

Managing ISPs to ensure adherence to SLAsIf one of the 40 locations where MEMG is operational gets disconnected from the network, as this happens, the global support centre swings into action and raises a ticket to BSNL. Support personnel from Datacraft and BSNL visit the site where the fault has occurred and analyse the reason for the connection failure. This could be because of various issues like cable failure, modem not working, etc. Datacraft works in sync with BSNL to fix the issue as per the SLAs.

for MEMG, the group has in place an excellent process for change management, incident management, reporting and reviews. Datacraft and Cisco have provided a portal which gives a dashboard view of how the infrastructure is perform-ing at any given point in time.

Datacraft has helped the group in providing technol-ogy solutions that ensure high availability of the network infrastructure. Datacraft also acts as a consultant for the group by providing insights on various available technolo-gies and solutions that could be adopted to enable the growth of the group.

Rao informs that MEMG is already engaged with a couple of other end-to-end solution projects with Datacraft. “We want to grow on the IT maturity curve and adopt new solu-tions and technologies to keep our operations efficient and agile,” he says.

“Datacraft has been truly professional in the managed services space with a process driven approach and a fully integrated system for network monitoring and management”— Balakrishna Rao, CIO, Manipal Universal Learning

Providing onsite supportDatacraft has also deployed IT personnel within the Mani-pal premises, who look after IT issues such as upgrading applications, installation of programs, etc. There is a pro-cess-based approach to call management and problem resolution, complete with escalation.

Managing Cisco equipmentDatacraft also manages the various Cisco devices con-nected to the network of Manipal as MEMG has signed up for the ‘Uptime powered by Cisco’ support service, which ensures quick problem resolution and replace-ment of faulty equipment. ‘Uptime powered by Cisco’ ensures that Cisco works together with Datacraft to provide MEMG world class support. In case of criti-cal situations MEMG has the option to involve Cisco. MEMG also gets access to Cisco’s technical resources. This service also has tight SLAs that ensure speedy resolution and restoration at MEMG.

Business valueWith Datacraft now managing the network and IT services


C TO F CU S TOM S E R I E S M I G R A T I O N

New NetworkDatacraft helps Patni BPO move to a highly available, IP-based network and streamlined systems, and manages the network infrastructure

Migrating to a


M I G R AT I O N C TO F CU S TOM S E R I E S

Executive Summary Patni BPO was looking to streamline its net-work architecture that consisted of disparate IT

systems. Cisco and Datacraft recom-mended that it moves from the existing TDM-based network to an IP-based network for better management of resources and business requirements.

Company backgroundPatni Business Process Outsourcing (BPO) provides customised global sourcing solutions to a diverse group of clients for vertical-specific pro-cesses, as well as shared corporate services. The BPO unit is an exten-sion of Patni Computer Services that provides a broad range of horizontal services including IT Helpdesk, Finance and Accounting, HR Services, Enterprise-wide Service Desk and Product Support.

Business challenge To deliver timely services to its clients, the BPO unit realised that they needed to have technology availability around the clock to run business processes smoothly and to also meet the Service Level Agreements (SLAs) with their cli-ents. Stringent process SLAs demand-ed 99.999 percent uptime, and failure to achieve this could result in penalty and/or business loss. In addition, the company had disparate systems and applications being used which posed challenges like availability of resources for business critical applications.

“We wanted to have an integrated solution with a single point of owner-ship that would be easier to manage, control and modify our business solutions as per the business require-ments,” recollects Praveen Upreti, Technology Head, Patni BPO.

A single view of processes would help the company take care of net-work issues as well. For example, load balancing in a disparate system is more difficult to achieve than in an integrated system. Load balancing

is a technique to distribute workload evenly across two or more comput-ers, network links, CPUs, hard drives etc. For this, the company needed a partner who could help and guide them with the required expertise and skill sets.

“We choose Cisco because of their expertise in IP telephony network solutions. Both Datacraft and Cisco have helped us to manage our voice network,” says Upreti.

Patni decided to partner with these vendors because of their skills and ability to execute projects, and vast experience in a similar industry. Patni was also convinced of cost effective services from them, their adherence to quality standards and the positive atti-tude of the Cisco and Datacraft teams in resolving problems. Patni BPO had a Time-Division Multiplexing (TDM) network. Cisco and Datacraft recom-mended that moving to an IP-based network would mitigate the challenges that the company was facing.

Solution Patni BPO first decided to simplify its infrastructure by opting for a single service provider to manage all its solu-tions and systems. This would ease out the integration issues that the company often faced with the network and its components.

Cisco and Datacraft teams worked with Patni to restructure the network as per the best industry practices and built a redundant network with minimum investments. In addition, the entire network security architecture solutions from various service provid-ers, is now managed by Datacraft. Datacraft also monitors the various Cisco devices connected to the Patni BPO network.

The services being delivered by Datacraft along with Cisco includes uptime maintenance support services and 24x7 delivery. So if devices like routers or UPSs or Ethernet cables are faulty, Datacraft rectifies the fault or replaces the equipment. The replace-

ment of these devices is done as per the signed SLA. For critical issues, Patni BPO can access Cisco’s exper-tise for faster resolution.

Business valueBy making the necessary changes in the network, Patni BPO achieved a single point of ownership, regular updates on the health of the system, and regular operation reviews to excel and improve their business operations. “The support has been excellent from both Datacraft and Cisco. We have achieved better network design and increased performance with enhanced productivity and less OPEX and CAPEX costs,” says Upreti.

IN A NUTSHELLCustomer name: Patni BPO Industry: IT/ITeS CHALLENGE:

Disparate systems leading to issues in management Challenges in adhering to high uptime SLAs which could potentially impact business negatively.

TDM-based network was coming in the way of conducting smooth business operations.

SOLUTION:

Move to a single service provider who could manage the network, all IT systems and solutions including security, and opt for managed services.

Datacraft and Cisco enabled the migration from a TDM-based network to an IP-based network.

Datacraft manages the network security by managing the various security service providers.

Maintenance services of IT equipment. BENEFITS:

A highly available network with redundancy built in now helps Patni BPO ensure that they adhere to the SLAs it has have with its customers.

IP based network has enabled business efficiency. Patni BPO team does not have to deal with several vendors to make their IT setup run. So management of the IT infrastructure has become easier.


CI O D I SCU S S I O N S

Cloud computing is seen as the convergence and evolu-tion of several concepts from virtualisation, distrib-uted application design, grid

computing and enterprise IT management to enable a more flexible approach for deploying and scaling applications.

Cloud promises real cost savings and agility to customers. Traditionally, once an application is deployed, it is bound to a particular infrastructure, until the infra-structure is upgraded. This results in lesser efficiency, utilisation and flexibility of the

infrastructure. Clouds allow applications to be dynamically deployed onto the most suitable infrastructure at run time.

To further the discussion around the emergence of cloud computing and to know the challenges CIOs face in adopt-ing cloud, CTO Forum in partnership

Cloud GazingWith economic scenario posing unprecedented challenges to the CIOs, Cloud Computing appears to be an alternative.

with business application major Oracle organised roundtable discussions in Mumbai and New Delhi in the second week of November this year. The CIOs came out with their

apprehensions and challenges in adopting cloud as an alternative to the existing com-puting options.

In Mumbai, Pratap S Gharge, Vice Presi-dent & CIO, Bajaj Electricals Limited said that there was uncertainty in the cloud model in terms of risk associated and its

Cloud Computing is the latest buzzword in enterprise technology. Panelists in Mumbai discussing the pros and cons of the technology.

Dr.V K sehgal, Jt. Director (FA), Petroleum Conservation Research Association (PCRA) talks about the challenges in adoption of cloud computing during the session in Delhi.

Kiran Sukhtankar, Director Sales Consulting Technology Solutions, Oracle India presenting to the delegates during the roundtable session in Mumbai.

Event


CI O D I SCU S S I O N S

adoption depended on the business needs of a company. "Most of the CIOs would start with secondary applications and not mission-critical applications to test if the uptime and SLAs commited by the service providers are met or not," he said.

Suhas Mhaskar, GM-Corporate IT, Mahindra & Mahindra (M&M) opined that companies whose applications or data is critical will not go for the cloud model. He cited an example of M&M that has around 100 group companies where it made sense to have an internal or private cloud to opti-mise IT costs.

"To migrate from our current inhouse data centre model to a private cloud, we would have to look at our investment pro-tection, as we have already invested a huge amount of money in applications from SAP, Oracle and Microsoft," he said.

Dhiren Savla, CIO, Kuoni said that the company was looking at a Software-as-a-Service (SaaS) solution, a flavour of the cloud model, for one of their high-volume, low-margin business, as it would give them flexibility and protect them from market fluctuations. He also informed that one of their other business units, a BPO called VFS, which is Kuoni's visa services arm would not be in a position to opt for a cloud model as it involves sensitive data and the clients were not ready yet to share public data on a shared infrastructure.

Taking queries from delegates in the Mumbai roundtable, Kiran Sukhtankar, Director, Sales Consulting, Technology Solutions, Oracle India, gave a convincing perspective and shared Oracle’s Enterprise Architecture Framework that can help customers discover a cloud roadmap that works for them.

CIOs in both the cities agreed that since the cloud computing model allows applica-tions to be launched through the Internet makes it vulnerable to any form of attack. According to few CIOs, enterprises should understand their IT ecosystem before they move their entire IT solutions or specific functions on a cloud model.

In Delhi, Upal Chakraborty, CIO, DLF raised concerns on the concept of cloud comput-ing thrown by various service providers and termed them "cloudy." "There is a need to arrive at a basic definition of the cloud model," he said and added that the company was looking at using cloud computing in the future as the business demanded, especially in terms of server usage.

S S Sharma, Chief General Manager-IT, JK Tyre and Industries said that the con-cept of cloud computing was good. "How-ever, we have to see whether our existing business applications and processes are compatible with this new model. In this procees we also have to see whether the

migration would save costs or be more expensive," he said.

V.G. Sundar Ram, VP, Technology Sales Consulting, Oracle APAC presented Oracle's Architectural Framework for Cloud Computing and highlighted how the company is helping corporate customers in addressing issues in PaaS, IaaS and SaaS.

The event in both the cities saw a major-ity of the CIOs agreeing that cloud com-puting has been a hot topic of discussion amongst peers and many have shown interest in this model. However, it would take a few years before the technology sees a sizeable amount of adoption within enterpises.

Upal Chakraborty, CIO DLF Limited was forthcoming in accepting the fact that cloud computing will take a long time before it becomes a technology of choice.

Suhas Mhaskar, GM-Corporate IT, Mahindra & Mahindra Limited making his comment at the session in Mumbai.

V.G. Sundar Ram, VP, Technology Sales, Oracle APAC, presenting Oracle's Architectural Framework during the roundtable in New Delhi.


HIDE TIME | BOOK REVIEW Edito

r: M

icha

el

Kins

ley

“A gaffe is when a politician tells

the truth.”

A compassionate capitalism Despite increases in inequities between rich and poor in the developing world, a recent collection of essays reminds us that markets can be harnessed for the needy

IN SPITE of great economic reforms and advances in India, the divide between the rich and the poor seems to be increasing and it’s uncertain that progress is always trickling down to the poor. A 2007 study by the Asian Development Bank showed the gap in standards of living increas-ing between the haves and the have-nots in India, China, and several other countries in the region. The Organization for Economic Coopera-tion and Development (OECD) found the same result in 2008 among many of its member countries, including the US. Into this scene comes a time-ly book that acknowledges this grow-ing divide, and urges big corpora-tions to play a hand in solving the problem: Creative Capitalism, edited by Michael Kinsley (Simon and Schuster, 2008).

Bill Gates gave a speech at the World Economic Forum in Davos in 2008, proposing a new and some-what revised system of capitalism—what he called Creative Capitalism (CC)—“where governments, busi-nesses and non-profits work together

• William Easterly (professor of economics at New York University and senior fellow at the Brookings Institution), Richard Posner (a judge and senior lecturer at the University of Chicago Law School), Clive Crook (Financial Times columnist), and Gary Becker (Nobel laureate and pro-fessor of economics and sociology at the University of Chicago).

Gates' CC is different from the stand-alone CSR divisions currently present in many MNCs. But he’s not the first to conceive the concept. Nobel laureate Mohammad Yunus and management guru C K Prahalad have their own terminology for this concept such as Humanistic Capitalism, and 'democratizing commerce', respectively.” However, it may take someone as high profile as Gates to really bring this compassionate capitalism to the fore and get the discussions, debates and the movement going. —Ranjani Iyer Mohanty

*The review was published in The Mint

on 19th July 2009

to stretch the reach of market forces so that more people can make a prof-it or gain recognition doing work that eases the world’s inequities”.

This is a book that arose from a blog where economists were invited to comment on Gates’ proposal of CC. The editor, Kinsley, is a very experienced and well-known jour-nalist and his wife Patty Stonesifer was CEO of the Bill and Melinda Gates Foundation and continues as a senior adviser.

The book begins with Gates’ speech and goes on to give com-ments on the speech from some 40 renowned economists. The com-ments and reviews are mixed and the debate is lively. Of those that support Gates’ proposal of CC are:

• Ed Glaeser (professor of econom-ics at Harvard University), Matthew Bishop (business writer/editor of The Economist, and co-author of Philan-throcapitalism) and Abhijit Banerjee (professor of economics at MIT)

Those who question Gates’ pro-posal are also present in equal mea-sure, such as:

ABOUT THE REVIEWER

Ranjani Iyer

Mohanty is a

writer and busi-

ness editor based

in New Delhi.

She writes blogs

actively and can

be contacted at

ranjani_mohanty@

yahoo.com

49thectoforum.com 07 JANUARY 2010 CTO FORUM

HIDE TIME | CIO PROFILE

Natural InstinctZOEB ADENWALA CIO, Essel Propack

FAR FROM the stereotypes of a techie in the boardroom, Zoeb Adenwala, the global CIO of Essel Propack, is relentlessly upbeat, erudite to the core, and enjoys his position of being at the helm of technology.

While the former two qualities can be attributed to the socialisation process in his family, the latter trait is something Adenwala credits to his collection of toys. While boys his age played with toy guns, Adenwala broke open the gun to find the physics behind the trigger. He has come a long way since then.

Adenwala was born in Surat and grew up in a middle-class family. His father had a small cycles repair shop, which was very insufficient to maintain a large family. So, one day he moved to the Middle East in search of greener pastures. “My father moved to Aden, and that’s how I got my surname,” says Zoeb Adenwala, CIO (global) of Essel Propack.

Adenwala’s formative years were inspired by his parents who did not study beyond fifth grade and that too in vernacular medium. “My parents gave me the best education, and I would always remain eternally indebted to them,” he says adding that he lost his father when he was nine, and since then his mother had single-handedly brought up all of his siblings.

Post his schooling in Surat, Adenwala joined Fr Agnel Technical High School. Here he cultivated independent thinking and penchant for all things technical and non-technical. He joined Parle college in 1970,

FOND OF ALL SPORTING ACTIVITIES: Adenwala was an avid follower of Cricket, Table Tennis, Carrom and Chess during his school and college days. He has won many a titles in the indoor games, and he still participates in office tournaments.

HEALTH IS WEALTH: His day begins early at 5:30 am with Yoga or the Treadmill followed by prayers. He had

done a six months yoga course. He is not fussy about food, but he is cautious about what he is eating. He spent six long years of his life in a hostel, so he is not very choosy about food. Yet he prefers healthy stuff to the rest.

READING KEEPS ONE UPDATED: He spends lot of time in reading. He reads IT and management books and magazines like Reader Digest.

PH

OT

OS

BY

JIT

EN

GH

AN

DH

I

completing his studies up to Inter Science and College of Engineering, in 1972 for Bachelor of Engineering in Electronics and Telecom.

“The best part of engineering studies is that it exposes one to large volumes of subject matter, smaller cycles of

HIDE TIME | BOOK REVIEW Auth

or: J

ames

Su

row

ieck

i

"Xxxxxhe right circumstances, groups are intelligent, and are

often smarter "


HIDE TIME | CIO PROFILE

examination (every six months) and variety of subjects," says Adenwala. During this point of time he had limited exposure to computers, and his fascination for programming got him an admission for Masters in Computer Engineering into IIT - Kharagpur. He passed out from IIT in 1978 and was recruited from cam-pus by Tata Consultancy Services (TCS).

About his nine years stint in TCS, Adenwala says, “my main contribution at TCS was to successfully execute a very large project for a client in USA which later became the benchmark of TCS’s prowess.” He left TCS and joined SKF Bearings India as an EDP Manager. At SKF he successfully implemented an ERP for the first time in SKF India. From there on, he ventured into an unlikely business: chemicals

Adenwala joined Pidilite Industries in 2003 and found it very challenging to stride from an engineering Industry (SKF) to a chemicals and retail major which manufacture a household brand, Fevicol.

“My main reasons to take up Essel Propack and leave Pidilite was two-fold. I wanted to work on SAP, and secondly I wanted to work for true Indian multina-tional,” reveals Adenwala.

Adenwala believes that he had always received great moral support from his family and extended family. He adds, “I have a caring, loving and practical part-ner in Yasmin, and we have been blessed with a son Zaheer who is 25 years old, a mechanical engineering graduate from Drexel University USA and daughter Shakera pursuing her graduation in information in information technology.” It seems like the love for technology runs in the family. —By Vinita Gupta

Traveling is a great teacher. As part of his job,

he had traveled across the world; he feels that it makes

a person more humble. His travels taught him to be

sensitive to various cultures and their ways of living.

Loves to interact with young minds. He

takes time out as a guest speaker in educational

institutes. It makes him feel younger and provides

him, a perspective of the new generation and their

aspirations.

Any challenge motivates him. According to

him, threats and challenges are part of life. He likes to

resolve challenge and see a smile on the face of his

beneficiary.

Always asks his team to think big but start small. He feels that keep the team happy, and they

would keep you happy. He had always coached and

mentored his second line to advance in their careers.

Whenever he finishes with a major project, he

acknowledges those who have done well.

Snap Shot


VIEWPOINT

Making technology work. It's peope-centric processes

that often fail the technology

AS WE continue to live in an ever-changing world and a more glo-balised economy, enterprises are now forced to examine how to do global trade. While organisations continue to source from abroad, inventory control and visibility has taken prece-dence over anything. Near shore, off-shore and outsourced services have compelled organisations to find ways to control and reduce costs.

If your procurement happens from abroad and so does the manufactur-ing, it is imperative that the right hand knows what the left hand is doing. A solution that supports your business practices of checking sup-plier quality standards, adherence to regulatory compliance, adherence to service level agreements (SLA), cur-rent volume of inventory in the chain and expected quantity are all factors that require close vendor collabora-tion to run smoothly. There is also the transportation component and calculations of lead times, customs clearances, port storage and finally transportation to your warehouse or point of sale locations.

Organisations are really not leverag-

delays can be managed to control the process and adapt to the new deadline, which will save time in the end. If a specification were to change, other dependent manu-facturers that had to complete the previous part or add something to complete that part can be adjusted by preparing pieces that can be made in parallel or possibly to prepare the material for production to save time when receiving the product.

In case of Airbus, the individual project managers responsible failed to understand how the existing informa-tion can be used. Parts suppliers that changed specs failed to report them using the design software and conse-quently other dependent processes were caught off guard and were forced to accommodate the changes which led to time delays and project overruns.

Organisations need to ensure that at least one Project Manager is in charge of presenting the big pic-ture and one that understands the local impacts that are manifested throughout the system. All parts of the project plan must be completed, validated and finally executed.

ing technology enough to simplify these processes and make it easier. A simple web-enabled portal that allows collaboration between suppliers can easily be created and leveraged. As lessons learned from the Airbus A380 project, the technology didn't fail. It was a ‘people-centric’ process that failed. All the information was avail-able however, non stringent standards such as different versions of supplier software being installed on different supplier sites (causing incompatible file types and unnecessary delays), people not checking the portal for new specification changes to materials, tolerances, sizes etc. were factors that could have been avoided if the tech-nology was rightly used. The cause and effect in this scenario was really multiplied because if one manufac-turer delayed it impacted the deadline throughout the supply chain - causing the delay and impact the entire manu-facturing process.

When a portal for trade manage-ment is used, a central repository can be created, viewed and managed effectively. Updated specifications, new tolerances and other possible

ABOUT DYLAN PERSAUD: MD of Eval Source,

Canada, Dylan is

also a business

analyst and

project manager

with ERM, Retail,

Supply Chain,

Manufacturing,

CRM, PLM, social

media, HCM, BPM,

and enterprise

systems including

Oracle- retail, SAP

and many major

WMS vendors. He

has consulted for

large companies

such as Indigo,

Nike, Sears, GM,

Ford, IBM, IDC etc.

DYLAN PERSAUD | [email protected]

Documents

At the Heart of Collboration