Embed Size (px)
DESCRIPTION
TURNING A CRISIS INTO AN OPPORTUNITY IS THE HALLMARK OF A TRUE LEADER WHOM OTHERS FOLLOW
Citation preview
Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf
Volume 01 | Issue 09
Se
ve
n T
ipS
To
imp
ro
ve
pa
Tc
h m
an
ag
em
en
T | K
ee
pin
g S
af
e in
Th
e c
lo
ud
Volume 01
Issue 09
September 2012150
a QueSTion of anSwerS
Time is Ripe for Intelligent Networks Pg 14
viewpoinT Back to Work Pg 68
BeST of Breed
Build a 'Social Enterprise' to Win in the 21st Century Pg 18
cio
an
dl
ea
de
r.c
om
09Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf
A 9.9 Media Publication
Turning a crisis inTo an opporTuniTy is The hallmark of a True leader whom
CTO FORUM 210x280(TRIM) 213x283(BLEED)_27 Sep 2012
1September 2012
editorialyashvendra singh | [email protected]
Follow Worthy LeadersTesting times present an
opportunity for leaders to find new directions
Finally, whatever anyone says, the truth remains that the traits needed for becoming a great leader have not changed much since Alexander the Great began his military expansion plans to reach the "ends of the world and the Great Outer Sea." So, while markets, processes, technolo-gies and strategies may change, the basics of leadership would remain the same, always.
As the famous author and speaker John Maxwel has said, “People don’t at first follow wor-thy causes; they follow worthy leaders who have worthy causes.” So stand tall and responsibly accomplish the critical assign-ments that will help grow your organisation even in the most challenging of situations.
The best time to gauge the measure of a leader is dur-
ing a crisis. Challenging situ-ations separate leaders from ordinary people. Those who can uphold their sense of perception even during trying times are the ones who will show the way for-ward to their organisations.
I am sure, as enterprise tech-nology decision makers, there would have been times when you too were confronted with challenging situations. In any ordinary individual such cir-cumstances are bound to elicit emotions of frustration, anger, distress or disappointment. Not
working across functions, which may not be happening so easily earlier, for the common good of the organisation.
However, this does not mean that you have to dive into any crisis head first. Several CIOs acknowledge the importance of providing a viewpoint by stand-ing a step back from the arena of action. Just as in a mountain-eering team where the team leader stays at the base camp rather than scaling the summit so that he can direct a response if any untoward incident takes place, an effective leader can play a crucial role by standing back.
In this issue, we invited some of the top technology leaders to share their most exigent professional situations and how they overcame them. Several of you will be able to relate to their experiences. We hope our efforts will help others in get-ting better prepared to take on future challenges.
in a true blue leader, who is built to handle just these situations.
For a CIO, who also has lead-ership abilities, such testing times are an opportunity to dis-play some real pluck. It is also a chance to get his way. During peaceful times, people put up stiff resistance to any kind of change. They want to maintain status quo. A crisis presents just that small window of opportuni-ty when a CIO can push for the changes that we so desperately needed in the organisation.
Technology leaders have also leveraged emergency situations to break down silos and start
editors pick28
Others FollowTurning a crisis into an opportunity is the hallmark of a true leader
2 September 2012
september 2012
Cover story 28 | Others FollowTurning a crisis situation into an opportunity is the hallmark of a true leader
COpyrighT, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine interactive pvt Ltd. is prohibited. printed and published by Anuradha Das Mathur for Nine Dot Nine interactive pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. printed at Tara Art printers pvt ltd. A-46-47, Sector-5, NOiDA (U.p.) 201301
Please Recycle This Magazine And Remove Inserts Before Recycling
regulArs01 | Editorial06 | EntErprisE
roundup68 | viEwpoint
Cover Design by shokeen saifi
Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf
Volume 01 | Issue 09
Se
ve
n T
ipS
To
imp
ro
ve
pa
Tc
h m
an
ag
em
en
T | K
ee
pin
g S
af
e in
Th
e c
lo
ud
Volume 01
Issue 09
September 2012150
a QueSTion of anSwerS
Time is Ripe for Intelligent Networks Pg 14
viewpoinT Back to Work Pg 68
BeST of Breed
Build a 'Social Enterprise' to Win in the 21st Century Pg 18
s p i n e
cio
an
dl
ea
de
r.c
om
09Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf
A 9.9 Media Publication
Turning a crisis inTo an opporTuniTy is The hallmark of a True leader whom
28
3September 2012
xx
39 | top Down money mAtters Ashwani Khillan, CTO, MTS believes that making people realise how they contribute to the revenues is a big motivation factor
49 | the best ADviCe i ever got“people mAtter the most” A CIO should always know the future of technology and its impact in the business that he handles
52 | opinion Context in AsiAn negotiAtions, When you get broken homes, when you call you father by his first name — you get a society far divergent from Chinese cultures where filial piety reigns
43 | leADing eDgeleADing in the 21st
Century Six global leaders confront the personal and professional challenges of a new era of uncertainity
54 | shelF liFe tAking people with you The book is not just about a thought on leadership. It is a workbook and a well developed organised
my story40 | At BPTP, We Value Training a Lot Vilakshan Jakhu, CiO, BpTp speaks with CiO&Leader on some of the industry firsts he has headed at BpTp, leadership lessons, training and using iT to the fullest
speCiAl leADership seCtion pAge 38A to 54
50 | me & my mentee A symbiotiC relAtionship Professional confrontation can lead to value for the company
4 September 2012
A Question oF Answers14 | TiMe iS ripe FOr iNTeLLigeNT NeTwOrkS Mahesh gupta, Vp, Cisco india, talks about the need for networks to become intelligent
Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Anuradha Das Mathur
EditorialExecutive Editor: Yashvendra SinghConsulting Editor: Atanu Kumar Das
Assistant Editor: Varun Aggarwal & Akhilesh Shukla
dEsignSr. Creative Director: Jayan K Narayanan
Sr. Art Director: Anil VKAssociate Art Directors: Atul Deshmukh & Anil TSr. Visualisers: Manav Sachdev & Shokeen Saifi
Visualisers: Sristi Maurya & NV BaijuSr. Designers: Raj Kishore Verma, Shigil Narayanan & Suneesh K
Designers: Charu Dwivedi, Peterson PJ, Midhun Mohan, Prameesh Purushothaman C & Haridas Balan
MARCOMAssociate Art Director: Prasanth Ramakrishnan
Designer: Rahul BabuSTUDIO
Chief Photographer: Subhojit PaulSr. Photographer: Jiten Gandhi
advisory PanElAnil Garg, CIO, Dabur
David Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank
Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo
Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL
Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on
Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank
Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay
nEXt100 advisory PanElManish Pal, Deputy Vice President, Information Security Group
(ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan
Berjes Eric Shroff, Senior Manager – IT, Tata ServicesSharat M Airani, Chief – IT (Systems & Security), Forbes Marshall
Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group
salEs & MarkEtingNational Manager – Events and Special Projects:
Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)
Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)
Senior Sales Manager (North): Aveek Bhose (+91 98998 86986)Product Manager - CSO Forum and Strategic Sales:
Seema Menon (+91 97403 94000)Brand Manager: Jigyasa Kishore (+91 98107 70298)
Production & logisticsSr. GM. Operations: Shivshankar M Hiremath
Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar
Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari
oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt
Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane,
Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd.A-46-47, Sector-5, NOIDA (U.P.) 201301
For any customer queries and assistance please contact [email protected]
This issue of CIO&Leader includes 16 pages of CSO Forum free with the magazine
www.cioandleader.com
advertisers’ index
Iomega IFCHP – PSG 5Fujitsu 9Schneder 12, 13Wipro 26, 27Riverbed IBCIBM BC
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
18 | BEst of BrEEd: build a ‘social enterprise’ to win in the 21st century Any journey needs a guidebook and the journey to social enterprise is no exception
62 | tEch for govErnancE: seven tips to improve patch management Find patching to be an easy part of systems management
56 | nExt horizons: fed finally embraces security US will ensure that agencies using classified computer networks protect info
14
6 September 2012
story InsIde
90% of Downloaded
Mobile Applications Will Be Free in
2012 Pg 08
Will be the smartphone shipment market which China will account for in the year 2012
43 Technologies That Will Impact Indian Cos in Next 10 Years Analysts say Indian firms are more price-sensitive TransformaTional technologies such as virtualisa-tion, cloud computing and data deduplication will enable new ways of doing business across industries, according to the Hype Cycle for information and com-munication technology (ICT) by Gartner, Inc.
The Hype Cycle report identifies 43 key technolo-gies and describes the ways in which they will impact business performance during the next 10 years.
“Among the 43 technologies listed, 24 will mature within the next five years, and 20 of them will have a transformational or high impact on businesses,” said Sanish KB, research analyst at Gartner.
“Some technologies, such as cloud computing, data deduplication and virtualisaation, enable new ways of doing business across industries, which will result in a major shift in industry dynamics and will also lead to the creation of a new and improved — and sustain-able — ecosystem. Some technologies will become mainstream in less than two years. For example, new investments in immersive group systems are increas-ingly being replaced by investments in personal and executive systems. This is decreasing the scale of mar-ket and speeding up the rate at which these types of solution move off the Hype Cycle,” he said.
26%dAtA BrIefIng
EntErprisEround-up
im
ag
e b
y p
ho
to
s.c
om
E n t E r p r i s E r o u n d - u p
7September 2012
“If (leaders) are going to manage in the long term, they will need to build organisational support for their concepts and ideas. And you can only do that in a collaborative environment, with good team work and spirit. And you can’t dictate it and will it — you have to persuade people (to accept your ideas)”
A Gartner study says that companies are increasingly buying false ‘likes’ and social media reviews. the large population of Internet users flocking to social networks has put pressure on companies to increase their following, likes and reviews on social media networks.
QUICK Byte soCIAl medIA
66% of Indians are Victims of Cybercrime study finds consumer cybercrime costs $8 billion in Indiamore Than 42 million people fell victim to cybercrime in the past twelve months, suffering approximately $8 billion in direct financial losses, finds the latest Norton Cybercrime Report. The study was aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts people’s security based on on self-reported experiences of more than 13,000 adults across 24 countries. The 2012 edition of the Norton Cybercrime Report calculates the direct costs associated with global consumer cybercrime at $110 billion over the past twelve months. According to the Norton Cybercrime Report 2012, 66 percent of Indian online adults have been a victim of cybercrime in their lifetime. In the past 12 months 56 percent of online adults in India have experienced cyber-crime, (more than 115,000 victims of cybercrime every day, 80 victims per minute and more than one per second) and the average direct financial cost per victim is $192 up 18 percent over 2011 ($163). Globally, every second, 18 adults become a victim of cybercrime, resulting in more than one-and-a-half million cybercrime vic-tims each day. With losses totaling an average of $197 per victim across the world in direct financial costs, in the past twelve months, an estimated 556 million adults across the world experienced cybercrime.
Palmisano was in Gurgaon to attend the IBM Smarter Cities Forum and he shared his thoughts for building smarter cities for a better tomorrow.
They SaId IT
Samuel J PalmISano
—Samuel J Palmi-
sano, Chairman,
IBM
im
ag
e b
y p
ho
to
s.c
om
E n t E r p r i s E r o u n d - u p
8 September 2012
90% of Downloaded Mobile Apps to be Free Apple, google, microsoft will continue to dominatefree apps will account for close to 90
percent of total downloads in 2012, accord-ing to Gartner, Inc. Worldwide mobile app store downloads will surpass 45.6 billion in 2012, with free downloads accounting for 40.1 billion, and paid-for downloads totaling 5 billion.
“In terms of the apps that consumers are buying, 90 percent of the paid-for down-loads cost less than $3 each,” said Sandy
Shen, research director at Gartner. “Similar to free apps, lower-priced apps will drive the majority of downloads. Apps between 99 cents and $2.99 will account for 87.5 per-cent of paid-for downloads in 2012, and 96 percent by 2016.” Gartner expects Apple's App Store to have more than 21 billion downloads in 2012, which is an increase of 74 percent over 2011 and indicates contin-ued strong demand for mobile app content.
“Apple’s market share is the largest, considering its App Store accounts for 25 percent of available apps in all stores,” said Brian Blau, research director at Gartner. “The number of apps available is driven by an increasing number of stores in the market today that include platform owners, device vendors, communication service providers (CSPs) and others who want to offer core mobile app services. These stores will see their combined share of total downloads increase, but demand for apps overall will still be dominated by Apple, Google and Microsoft.”
Besides a few major app stores from global OS vendors (such as Apple's App Store, Google Play and Microsoft's Win-dows Phone Marketplace), Gartner analysts said there are also stores from third parties that attract users with their brands or take advantage of the lack of dominant players in some markets.
“Amazon has appealed to users with its strong brand, global presence and a good selection of high-quality content while Facebook’s recently launched App Center — supporting both mobile devices and desk-tops — will become a powerful competitor due to its strong brand and leading position in social networking and gaming,” said Shen. “In China, there is a boom market of independent Android stores, due to the lack of presence of Google Play and 'weak' stores from CSPs. We expect to see more new entrants to the market, aiming to deepen relationships with their customers and/or to capture some of this growth market.”
Using an in-app purchase business model is a more effective method of converting casual app users into paying customers and then retaining them with good user experi-ence and continued product updates. This is a different approach from upfront pay-ment where users pay and download, and can be disappointed by the experience and never come back. In-app purchasing opens the door to a recurring revenue stream for developers, but app performance and design will always be the most important factor when attracting new users and keeping them satisfied. In-app purchases will drive 41 percent of the store revenue in 2016. While the market is moving toward free and low-priced apps, in-app purchases will drive downloads as well as app store revenue.
gloBAl trACKer
Supercomputers
so
ur
ce
: p
ti
im
ag
e b
y p
ho
to
s.c
om
By 2017, India plans to develop supercomputers 61 times faster than sequoia, the world’s fastest supercomputer
E n t E r p r i s E r o u n d - u p
10 September 2012
aPaC PC Shipments decline 2.6% in Q2 2012 China experienced the first negative growth
CommuniCations
the goal of unified commu-
nications (uc) is to embed
communications into business
processes to deliver quicker
and better decision mak-
ing, to enhance collaboration
across geographically diverse
teams, and to improve overall
efficiency to make enterprises
more agile and competitive.
there is an imperative need for
effective convergence of vari-
ous modes of communication;
this need for convergence is
also driven by the necessity to
streamline business processes
in line with latest collaboration
technologies.
the 2011 indian uc mar-
ket showed an increase in
awareness of emerging trends
in the industry like social col-
laboration, virtualisation, cloud
communication, and mobile
conferencing. the overall
spending on uc in india has
been estimated at $522.7
million in 2011. the extent
to which these applications
were put to use by enterprises
showed a good y-o-y improve-
ment over 2010. currently,
maximum deployment has
been witnessed among large
enterprises banking, service
providers, government, and
manufacturing are the primary
adopters of uc applications.
to discuss implementation of
successful uc solutions and
tackle associated challenges,
the Frost & sullivan will be
hosting its 3rd conference in
mumbai, bangalore, and Delhi.
asia pacific personal computer
(pc) shipments totaled 30.3 mil-
lion units in the second quarter
of 2012, a 2.6 percent decline
compared with the same quarter
in 2011, according to gartner, inc.
the most notable decline came
from china’s pc market at 5.4
percent, marking its first year-on-
year negative growth ever.
While The global economic slowdown has been putting pressure on IT budgets, security is expect-ed to remain a priority through 2016, according to Gartner, Inc. Worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 per-cent from $55 billion in 2011.
Gartner expects this trajectory to continue, reaching $86 billion in 2016.
The security infrastructure market consists of the software, services and network security appliances used to secure enterprise and con-
Security Infra to Grow 8.4% in 2012 demand is driven by the threat landscape
fACt tICKer
“gloomy worldwide econo-
mies have put a dampener on
pc spending in the region over
the past year,” said Lillian tay,
principal analyst for gartner. “the
wide array of alternate products
entering the market is also affect-
ing consumer spend, resulting in
declining interest in pc spending.”
the overall decline was
reflected in both the mobile pc
and desk-based pc shipment
segments, decreasing 3.7 percent
and 1.7 percent respectively. the
professional segment declined
for the second time this year,
down 8 percent in 2Q compared
with the same quarter a year ago
as organisations deferred pc
purchases where possible and
reigned in their expansion plans,
preferring to be more prudent not
knowing how the market situation
will evolve with all the uncertain-
ties. the consumer segment
managed to show better results.
sumer IT equipment. IT outsourcing (managed security services), secure Web gateway (appli-ance), and security information and event man-agement (SIEM) are the fastest-growing security segments. Demand for cloud-based security is also impacting a number of key security markets, and above-average growth is expected for this new delivery model.
“The security infrastructure market is expected to experience positive growth over the forecast period, despite risks of further economic turbu-lence,” said Lawrence Pingree, research director at Gartner. “Results from the 2012 annual Gartner CIO survey show increased prioritisation for security compared with 2011 and results from Gartner budgeting surveys published in June 2012 underline the fact that organisations globally are prioritising on security budgets.”
Overall, 45 percent of survey respondents expected a security budget increase, 50 percent expected their budget to remain the same and only five percent expected their budget to decrease in 2012. This pattern varied little across regions, although some countries in emerging regions demonstrated a much-higher expectation of an increase.
“Although security remains fairly resilient in tough times, the prolonged financial crises seen in the US and Europe have had some impact on IT security spending globally but to a lesser extent for emerging countries, such as Brazil, China and India,” said Ruggero Contu, research director at Gartner. It expects demand for security products and services to be driven by the persistent threat landscape and influenced by the increasingly tar-geted and evolving attack patterns that are grow-ing in sophistication.
im
ag
e b
y p
ho
to
s.c
om
The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environmentITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and soft-skills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs.
SESSIONS WILL COVER Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise services/infrastructure Thinking strategically about IT Leadership in the corporate context Communication skills for top managers
Visit www.next100.in to register for Pocket CIO programme. The full-day (9:00 am to 6:00 pm) program is entirely free of cost.*
* Seats are limited at each location and will be offered only to qualified candidates
An MBA may not make you a CIO, but this can
MUMBAI :14th – 15th SEPTEMBER
BENGALURU : 21st – 22nd SEPTEMBER
NEW DELHI :28th – 29th SEPTEMBER
DATE &CITY
EVENT BY
APPLY NOW !www.itnext.in/next100
PRINCIPAL PARTNERS
KNOWLEDGE PARTNER MEDIA PARTNERNEXT100 BOOK PARTNER SUPPORTING PARTNER
TECHNOLOGY PARTNERS
12 September 2012
SUMMARY
There are four effects
or attributes of IT virtuali-
sation — The rise of high
density; Reduction of IT
load and its Impact on
PUE; Dynamic variation
of IT loads; Re-look at
the extent of redundancy
required
Without question, IT virtualisation - the abstraction of physical network, server, and storage resources - has greatly increased the ability to utilize
and scale compute power. Indeed, virtualisation has become the very technology engine behind cloud computing itself. While the benefits of this technol-ogy and service delivery model are well known, understood, and increasingly being taken advan-tage of, their effects on the data center physical infrastructure (DCPI) are less understood. Our aim is to describe these effects while offering possible solutions or methods for dealing with them. These effects are fairly long-standing not new and success-ful strategies for dealing with them exist today. There are four effects or attributes of IT virtualisation.The rise of high density – Higher power density is likely to result from virtualisation, at least in some racks. Areas of high density can pose cooling chal-lenges that, if left unaddressed, could threaten the
reliability of the overall data center. Several approach-es for cooling high density racks exist.
Perhaps the most common method is to simply “spread out” the high density equipment through-out the data center floor rather than grouping them together. By spreading out the loads in this way, no single rack will exceed the design power density and consequently cooling performance is more predict-able. The principle benefit of this strategy is that no new power or cooling infrastructure is required.
A more efficient approach may be to isolate higher density equipment in a separate location from lower density equipment. This high density pod would involve consolidating all high density systems down to a single rack or row(s) of racks. Dedicated cooling air distribu-tion and/or air containment could then be brought to these isolated high density pods to ensure they received the predictable cooling needed at any given time. The advantages include better space utilization, high effi-ciency, and that it enables maximum density per rack.
Maximise Benefits From Cloud and VirtualisationWhile the benefits of IT virtualisation technology and service delivery model are well known, their effects on the data center physical infrastructure (DCPI) are less understood. We provide insights into successful strategies for dealing with these effects.
DATA CENTER CORNERMODULARITY
13September 2012
Overall efficiency gets somewhat better with virtualisation but will get much better if physical infrastructure (PUE) is optimised too
%infrastructure. Knowing such things as which servers, physical and virtual, are installed in a given rack along with knowing which power path and cooling system it is associated with should be required knowledge for good VM management. This knowledge is important because without it, it is virtually impossible to be sure virtual machines are being created in or moved to a host with adequate and healthy power and cooling resources. The two-way communication between the VM manager and DCIM software and the automa-tion of action that result from this integration is what ensures physical servers and storage arrays receive the right power and cooling where and when needed.Lower redundancy requirements – A highly virtual-ised data center designed and operated with a high level of IT fault-tolerance may reduce the extent of redundancy. This effect could have a significantly posi-tive impact on data center planning and capital costs.
Those planning to build a new data center with “2N” redundant power and cooling systems, could con-sider building an N+1 data center instead. This would significantly reduce capital costs and simplify the design of the infrastructure. It’s the fault tolerance of a virtualised network that allows firms to consider this reduced infrastructure redundancy as a option now. Before making these types of decisions, of course, IT and Facilities management should always fully con-sider the possible impacts to business continuity.
ConclusionVirtualising a data center’s IT resources can have certain consequences related to the physical infrastructure. If these impacts are ignored, the broad benefits of virtualisation and cloud computing can be limited or Compromised. In some cases, implementing the solu-tions described above will keep a highly virtualised data center running with reliability, efficiency, and with flex-ibility to meet dynamic compute power demand.
50reduction in energy use by combin-ing moving air efficient-ly in a pres-surised en-vironment
Reduced IT load can affect PUE – After virtualisation, the data center’s power usage effectiveness (PUE) is likely to worsen. This despite the fact that the initial physical server consolidation results in lower overall energy use. If the power infrastructure is not right-sized to the new lower overall load, physical infra-structure efficiency measured as PUE will degrade.
To improve post-virtualisation PUE, the data cen-ter’s infrastructure efficiency curve must be improved (lowered) by optimising power and cooling systems to reduce the waste of oversizing and better align capac-ity with the new, reduced load. In addition to improving efficiency, optimised power and cooling will directly impact the electric bill by reducing the power con-sumed by unused power and cooling capacity.
Dynamic IT loads – Virtualised IT loads, particularly in a highly virtualised, cloud data center, can vary in both time and location. In order to ensure availability in such a system, it’s critical that rack-level power and cooling health be considered before the changes.
Data center infrastructure management (DCIM) software can monitor and report on the health and capacity status of the power and cooling systems. This software can also be used to keep track of all the vari-ous relationships between the IT gear and the physical
Tips to realise the full energy-saving benefits of virtualisation
Power and cooling capacity scaled down to match the load (e.g. turn off some cooling units or remove UPS modules from modular UPS) VFD fans and pumps that slow down when demand goes down Equipment with better device efficiency, to consume less power in doing the job Cooling architecture with contained or shorter air paths Capacity management system, to balance capacity with demand and identify stranded capacity Blanking panels to reduce in-rack air mixing of exhaust air with cold supply air
DATA CENTER CORNERC U S T O M P U B L I S H I N G
BROUGHT TO YOU BY
Mahesh Gupta | VP, CisCo india
Given the evolution of technology, there is a need for networks to become intelligent. Mahesh Gupta, VP, Borderless Networks, Cisco India, talks to Varun Aggarwal to give more details
What is the need to have intelligent networks for an
enterprise?The initial way of security was to implement security on firewalls and then you put network security as one measure from stopping anybody, any intrusion or any thefts happen-ing from the internet. Similar way you had physical security, if some-body cannot come through virtual means, if somebody comes through physicals means, you have physical security guard, that how you are protected.
However, now people have started bringing in their mobile phones and tablets into the company. As autho-rized user, they come through the physical security gate. These devices could be productivity enabler or productivity damper. Depending on the way you perceive those devices, on the way you enable those devices.
So now, the firewall policy needs to be intelligent. What access I should I be given on the network, should be decided by the policy deployed on the firewall. Because I am same user who has a corporate login ID and password, I can login to the network. But firewall policy and rule sets need to be different. What we are highlighting here is that, context aware policy is the need of the hour. We cannot have multiple policies being deployed in isolation and multiple security at gateways and access points at the wireless site, at work or multiple VPN gateways. We need to have one consistent policy which defines, that if someone logs in through his mobile, he should get access to certain resources, and if he logs in through his laptop, he should have perhaps a different access. Based on contextual information of the user, you apply the policy.
Take an example, you bring an iPad in to the office and you get full access. But the moment you take the iPad outside office, you don’t get access. How can you deploy that policy today? We can deploy that pol-icy today using context aware policy enforcement using out latest innova-tion called Identity Services Engine. Same iPad- same user when he is on corporate network he gets different access, the moment he is outside he gets different access. That is the reason context awareness is becom-ing more important, because we are being more mobile, and as we go more and more mobile, these are all business productivity requirements.
How have intelligent net-works evolved over the last
couple of years?So there are multiple aspects of intelligence on the network that
Time is Ripefor IntelligentNetworks
A Q u e s t i o n o f A n s w e r s | M A h e s h G u p t A
14 September 2012
Need of the hour: Firewall policy of
any enterprise needs to be intelligent
are coming in. It starts with detect-ing what device is coming on the network. Based on that you need to apply the policy. You cannot just apply policy randomly. Network has to intelligently detect, if it is a laptop, is it a PC, because username is same – password is same. That’s first level of intelligence on network based on context awareness. Then you need to see traffic awareness: What data is coming out of the device? Is it a video traffic, is it voice traffic, is it data traf-fic or is it a critical application traffic? Depending upon this, the intelligent network treats to treat the data dif-ferently and provide right level of classification on the network. And as the data goes through the network, it needs to be identified whether the data requires WAN acceleration, does it need to multicast traffic? Does it need to broadcast traffic?
Even when the number of users in an organisation has not grown, if every employee starts using one tab-let, one mobile and they connect on the network, that means 3X number of devices which IT needs to support today. And that means 3X is traffic and because of these extra iPads and phones coming in, they may be accessing videos, they may be accessing many other things, which will increase significant amount of traffic on the network. So from troubleshooting to management overheads, all the more intelligence is required.
What are the key trends in the networking space?
Security inside cloud, BYOD and video are the three key trends in the network space. What is needed by the end user, what is driving the behaviour change and for this behav-iour change what innovations are needed on the platform are the key areas that need to be addressed. We treat network as a platform. So, for video we have done enhancements across the portfolio as to how we treat video traffic differently. Four years back when we said video will be
tion otherwise MDM solution will not know about a new device on the network. Cisco is working with lead-ing MDM players, like Mobile Iron, to build solutions. And the integrated approach is that moment you connect on to the network, Cisco network will detect there is a new device, which a mobile device, and makes so-and-so policy enforcement and if the device is not registered with MBM, it will redirect MDM framework which is the mobile device manager. Once it get provisioned through MBM, then, it can apply the security policies on the net-work. Then it can check user is coming from what type of device, what location and based on that what policy needs to be enforced. Take an example:
If a doctor carries an iPad in a hos-pital, in a patient room, he can get full access on the same iPad. But the moment he goes to a coffee shop or outside, he will not be able to have the same access. But he can still be available on instant messenger, he
next voice, people laughed at us. And today if you see video is reality.
BYOD is happening very much with most of our customers in the enter-prise space. It is being adopted in not just IT, ITES but all verticals. Since smartphones are becoming common, the IT teams are looking at how to make the most of these devices.
How can BYOD be efficiently managed?
Customer generally gets stuck with one viewer mobile device manage-ment, the real problem starts when they realise that network traffic has suddenly gone up or wireless liabil-ity issues have started to come and people start complaining, then how do you troubleshoot and manage? So we segment this problem:1. We say, you need to have context aware security policy enforcement on the network. Because today when you deploy MDM solution, a device needs to be provisioned to MDM solu-
Customers
generally get
stuck with
one viewer
mobile device
management
One of the
important issues
is how can we
have wireless
network stable in
any environment
Cisco’s
innovation is
at the network
level to help the
customers
thinGs i Believe in
“security inside cloud, BYOD and video are the three key trends in the network space”
A Q u e s t i o n o f A n s w e r s | M A h e s h G u p t A
16 September 2012
Four years back, when we said video will be the next voice, people laughed at us. and today if you see, video is a reality
advts.indd 56 12/22/2009 3:02:47 PM
can be available on his emails, but he can-not access the medical records. Therefore, with mobility to the doctors, availability and presence through communication tools such as video calls can be achieved and unnecessary access outside the organisation can be blocked.
With this example what I am trying to highlight is that network security and policy enforcement, context aware policy enforcement, people are realizing that it is an important step as users come in that are controlled on my network that are coming in and start enforcing policies. 2. Next issue comes that how can we have the wireless network very stable in our environment. So people have deployed wireless for very limited usage, like email traffic or other traffic. And then wireless being on RF Frequency working on export free frequency zone, there are lot of other devices that work on the same frequency. It is an industry, scientific, medical zone on which multiple other devices operate. It could be a Bluetooth device, a microwave oven, a cordless phone. So everything which is wireless works on that frequency
zone. And it will interfere if it is on the same channel, it can interfere with the wireless network as well. That is one of the reason why wireless networks are not being very stable and can be unreliable.
So Cisco has done innovation at the net-work layer where we have enhanced our network access points. We have hardware intelligence that does an RF Spectrum Analysis, and it can check if an interference is coming and if the interference is strong enough, it would change the channel auto-matically, so that it does not get impacted. If the network experiences interference from a third party network or a neighbour network
or any other device, it will change the chan-nel automatically and bring up the network automatically without IT intervention. Then there are special type of innovation for video stream, how do you treat the traffic differ-ently that it is always available with good video experience, all of this is being done on the network platform. 3. When it comes to the third requirement, which comes in is of troubleshoot. When the user is on a wired network or a wireless network, can I search whether the user has logged on to network on how many devices? Today you have separate login through network management on LAN, switching, routing, there is separate network manager is there for wireless network, and then separate for security net-work, many different policy managers. So what we have done with Cisco prime LMS and NCS and ISC we combined this com-mercial thing and management functional-ity into one console and then it can cross launch different solutions from the same window and it can enable it to troubleshoot logging in from a laptop from a wired net-work through LAN switch.
M a h e s h G u p t a | a Q u e s t i o n o f a n s w e r s
18 September 2012
Best ofBreed
CMO + CIO = Mobile Success Pg 20
BYOD: How to Secure the Inevitable Pg 21
How Will BYOD Impact Your Contract?Pg 24
FeatureS InSIDe
Build a ‘Social Enterprise’ to Win in the 21st Century
any journey needs a guidebook and the journey to the social enterprise is no exception By Ben Pring and Paul Roehrig
Though western economies have become increasingly post-industrial, many organ-isations retain business and operating models that would look familiar to factory workers from the Industrial Revolution. Workers may now manipulate paper and code rather than iron and steel, but oftentimes the way in which modern work is done can seem surprisingly old-fashioned: People still travel to work; still work in
shifts; still work in physical spaces that are typically unused for long stretches of the day; and
More
ill
us
tr
at
ion
by
ph
ot
os
.co
m
19September 2012
still use tools that reflect norms of eras long gone (“carbon copy” anybody?).
Why? In spite of increasing economic pressures, old habits die hard, and these conventions are often at the root of some of the major challenges currently facing many enterprise decision-makers. As the free flow of data pervades organisations (at exponential growth rates, mind you) a clear distinction is apparent between those that are thriving in our new digital enterprise era and those that are stalled or sinking. With the emergence of the commercial Internet, interaction costs for knowledge work have plummeted to near zero, rendering old-world industrial operating models obsolete.
Digits not widgetsAs digits, work can travel to people, can be done anytime and anywhere, and can be done with tools that reflect the norms, styles, and values of our modern world. And not just work; anything digitisable. Barnes & Noble, Blockbuster, Newsweek, American Airlines, and Kodak are among the well-known brands that have misread the early warning signs as value migrates to the digital world. These cautionary tales are being noticed by savvy decision-makers who recognise that to maximise the benefits new technologies offer and minimise the associ-ated downsides new workflows, process structures, business models, and organisa-tional structures are required.
Organisations that understand this are embracing these new trends such as Ama-zon, Facebook, Ford Motor Co., the U.S. Intelligence Community, etc. are achieving and reinforcing success by embracing new ways to leverage social technologies and digital value chains. Key to the next chapter of competition is an understanding that the new world of “digital value webs” is quite different to the old world of “physical value chains” and that the new world requires work to be re-imagined in profound new ways; profoundly better ways.
Redefining workAt the heart of this process of re-imagination is the objective of building what we call the “social enterprise," an organisa-tion built to succeed in the 21st
century; not plod along from the 20th (or 19th) century and which reflects the digital age we live in. Outperforming 21st century businesses will rethink, reinvent, and rewire work with new organisational principles facilitated by application of social media, mobility, advanced analytics, and cloud com-puting. We refer to this as the SMAC stack: Use of the cloud will allow the social enterprise to be asset-light and agile, and to sense and respond to change in envi-ronmental factors;
Mobile technologies are enabling the col-lapse of time and space, and the unplug-ging of the historically tethered;
Social media adds a new layer of richness to all interpersonal interactions, and dis-sipates the arbitrary and artificial barriers between people in their work guise, time, and place; and
Advanced analytics provides new insights and outcomes buried in the exabyte of
data in which we now all swim.Each of these technologies
in isolation may be transfor-mative, but in combination, their impact on work can be profound. Winning 21st century businesses will look and feel different because social collabo-ration and mobility are built into how critical work is done. By leveraging SMAC stack tech-nologies and associated next-
With the emergence and maturation of the commercial Internet, interaction costs for knowledge work have plummeted to near zero, rendering old-world industrial operating models obsolete
generation business models, organisations can re-invent themselves to become social enterprises, a firm type that is quite differ-ent from companies that have come before because social collaboration will be the norm amidst digital natives rather than the exception amidst digital immigrants.
The social enterprise blueprint Any journey needs a guidebook (nowadays an e-book or an App, as well) and the jour-ney to the social enterprise is no exception. In working with organisations wrestling with questions about the future of their work, the following guidance provides a good place to start out on the social enter-prise road:
Target work for modernisation. For many organisations, the journey to the future of work should start with identifying work pro-cesses (and their enabling systems) that are ripe for reformation. Look for processes that meet these criteria: Emphasise your digital value chain. Begin with work that is already digitised but that can be injected with innovative social and mobile technologies;
Empower globally distributed work teams. Target workflows between distributed team members to allow the enterprise to fully benefit from talent residing any-where in the world;
Let your customers guide you — really. If you are really listening to your custom-ers, they are telling you where to start. Focus on interactions with employees and customers who have a millennial mindset and are willing to explore and uti-lise the emerging social sell/relate interac-tion models;
Find needles in your haystack. Target Big Data tools at a specific work process to uncover new opportunities and risks previ-ously unrecognised and unrealisable; and
Look for “plateauing” processes and sun-setting systems. Seek out processes and systems where productivity improve-ments or brand differentiation has hit a wall. These are your urgent candidates for decommissioning or reconfiguring.Drop your asset anchors. The virtualized,
dis-aggregated, asset-light, social enterprise will exist in a cloud-first world where infor-mation services from cloud services vendors will be more secure than any organisation
20%will Be the growth of puBlic cloud services
market worldwide in 2012
m a n a g e m e n t | B e s t o f B r e e d
20 September 2012
can achieve themselves. Where work teams participate in 24/7 follow the sun process flows; where asset acquisition is the last resort; and where leader-ship stems from exploiting new uncertainties rather than milk-ing conventional wisdom.
By understanding, accept-ing, and embracing the new to re-imagine how work is done, companies can re-invent them-selves and re-establish their relevance for the new world ahead. Social enterprises will exemplify leading edge thinking about business and technology
models and will thrive in an era of acceleration and dynam-ic volatility.
The successful 21st century business will leverage new service models, implement new commercial models for externalised business solu-tions, and deploy the SMAC stack to be asset light and agile, to collapse time and space, to add new layers of richness to interactions, and to gain
clairvoyance buried amidst the zettabytes (soon to be yottabytes) of data in which we now all swim.
The social enterprise is far beyond “Facebook at work.” It will be born (or re-born) digital, global, and virtual. It will be designed for impermanence, built to fail fast and learn, and will value speed over per-fection. As we have seen already, achieving this new business reality will not be simple, but enough firms are succeeding for all of us to realize the art of the possible.”
— Ben Pring and Paul Roehrig are co-directors,
Center for the Future of Work at Cognizant.
— This article has been reprinted with permis-
sion from CIO Update. To see more articles
regarding IT management best practices, please
visit www.cioupdate.com.
CMO + CIO = Mobile Successthere’s a new executive on the block that will soon be involved in mobility: the CMO By Fernando Alvarez
mobility is the next big phe-nomenon that is already here. According to Cisco, there will be more mobile devices than people by 2016 based on UN
projections that the world population will reach 7.3 billion within four years. While many enterprises are already leveraging a host of mobile applications, cloud comput-ing and even Web 2.0 technologies that are largely powered and maintained by IT, there’s a new executive on the block that will soon be involved in mobility, if they aren’t already: the CMO. Recently Forrester Research stated that the enterprise mobility services market is one of the fastest grow-ing segments in the IT services market. To remain competitive, enterprises must place mobility at the core of their business strat-egy, demanding a shift from an IT-driven to a consumer-driven agenda in which the CIO is no longer the sole gatekeeper. To imple-
45%will Be the growth of infrastructure
as a service market worldwide in 2012
ill
us
tr
at
ion
by
ph
ot
os
.co
m
B e s t o f B r e e d | m o B i l i t y
21September 2012
BYOD: How to Secure the InevitableYour approach to security needs to reflect reality in order for it to truly work By Kevin Flynn
the bring-your-own-device (BYOD) phenomenon is disruptive. It tears massive security holes into an already disintegrating perimeter. It causes IT administrators to lose sleep.
Passing fad? Not likely. In fact, research shows that if the youngest generation of
ment an effective mobility strategy, there must be a meeting of the minds between the CIO and CMO whose very relationship is chang-ing in light of the changes mobility is bringing to the marketplace.
It shouldn’t come as a surprise that marketing budgets are by and large bigger than IT budgets and growing faster every day. Sooner or later, it is expected that IT spending by the CMO will outgrow that of the CIO as confirmed in a recent webinar from Gartner, By 2017 the CMO will Spend More on IT Than the CIO. This finding is especially interesting if you also consider the huge potential for rapid growth in areas like mobile marketing given a significant gap between consumer interest (about 23 percent spent on mobile) and dedicated share of marketing budget (about one percent). Inevitably, the CMO will have more influence than the CIO on the technology decisions made when purchasing mobile solutions for marketing and defin-ing the mobile strategy to work with new channels like social networks. To be effective, the CIO and CMO must work together to evaluate and choose mobile platforms that have both a short and long term focus and work with cross-platform solutions. They should also look to create a mix of responsive websites that look good on all screen sizes and native apps for iPhone, iPad, and Android. Oftentimes, the CMO will focus on creating a mobile strategy for B2C or B2B while the CIO focuses on B2E. For example, how does the enterprise handle customers and employees who buy and bring their own devices? However, it makes sense for the CMO and CIO to formulate and implement a joint mobile strategy. In many ways, this means that the CIO should think of the CMO as a very important client. Just one who is buy-ing IT internally. However, as the Gartner webinar also pointed out, the CIO will likely face a perception challenge from the CMO who thinks of internal IT as slow, negative, and preferring stability
over innovation and change. To change those perceptions, CIOs can help the CMO find an effective way to reach customers through mobile channels. To do so, the IT department needs to find ways of making critical data, such as product information, available to the mobile channels in a secure way. Even if the CIO has adopted a solid service-oriented architecture (SOA), those services are usually not suitable for mobile consumption, which calls for creating mobile or even multi-channel services. If the CIO can also provide the tools to measure the success of mobile marketing activities, that will surely win the heart of the CMO. At best, the CIO will even make it possible to take the mobile marketing to the next level by enabling
business transactions through the mobile channels. The CMO needs the technical knowledge of the CIO and the CIO needs to learn how to embrace change. The CMO needs to understand the long term consequences of technology decisions and the CIO needs to rethink IT processes to be more agile. The CIO needs to learn more about the world outside of the company and the CMO needs to understand the hard IT facts about the company internals. And in perhaps the most difficult challenge of all, the CIO must develop, understand, manage, secure and, to some extent, support social media initiatives launched by the CMO even though social media itself resides in the Cloud and is beyond
IT's direct control. Some say that cooperation between the CMO and CIO is a core requirement for staying relevant. Whether that is true or not, there is no doubt that an aligned marketing and IT team can be very powerful in taking on the challenges and opportunities that mobile channels provide. — This article has been reprinted with permission from CIO Update. To see
more articles regarding IT management best practices, please visit www.
cioupdate.com.
$14bnwill Be the size of
software as a service market worldwide in
2012
workforce employees has anything to say about it, BYOD is here to stay.
A recent Fortinet study underscores that fact. It found that Gen-Y employees are coming into the workplace demanding — not requesting — they be able to use their own mobile smart phones and tablets for
business-related functions.With the rapid acceleration of BYOD
trends, it should come as little surprise that nearly three out of four of Gen Y employees maintain they use personal mobile devices for work. And why wouldn’t they? The tech-nological equivalent of a Swiss Army Knife,
s e c u r i t y | B e s t o f B r e e d
22 September 2012
these devices hold everything near and dear to users from photos of friends to music, maps and games.
Eating cakeCall it having their cake and eating it too, but they want all these functions on just one device. More than half of Gen-Y users consider in no uncertain terms the ability to bring personal devices into the office and use them for work-related tasks a right — not a privilege. In fact, that expectation is so ingrained that more than a third of users said they have or would go against company policy in order to use their personal mobile devices for work. Is this attitude a testament to Gen-Y’s inflated sense of entitlement and expectation? Perhaps. But before you start pointing fingers at the younger generations, here’s something to think about: While disruptive, the concept of using your own device to lighten your workload is hardly a new one. What’s more, throughout the decades, it’s been network level security not
the endpoint that has been instrumental in the transition of every disruptive trend. And because, historically, it has been the foundation of sweeping technological shifts, network security is sure to be integral in the transition to a BYOD environment.
Look at it this way: In the mid-1980s, accountants started to bring their own PCs into the workplace in order to run Lotus 1-2-3 spreadsheets that would expedite their job functions. Users in the media world did the same with Macintosh computers for desktop publishing. In addition, users even wrote these devices off as office supplies.
Needless to say, this trend did not go over well with IT administrators who preferred to maintain control at the helm of mainframes and dumb terminals. But, like it or not, IT administrators were eventually forced to adjust by crafting a network security archi-tecture to support users’ PCs and Macs. Flash forward a decade to the mid-1990s, and you’ll see the same thing occurring with the advent of the Internet. Employees found
that they required access to the Internet for email as well as a resource for information. This, too, created new challenges for IT administrators, now forced not only to pro-vide necessary network infrastructure, but support, maintain and bolster it with secu-rity mechanisms against a burgeoning crop of viruses delivered both via e-mail attach-ments and over the Web. Firewalls and VPN technologies became a critical component of every organisation’s network.
Flash forwardFlash forward another ten years, and you’ll see the same recurring theme, only this time with the emergence of Web 2.0. Now, instead of a one-way street, the Web enabled the free flow of communication between users, opening up worlds of possibilities for marketing, customer service and collabora-tion. And with the Web 2.0 phenomenon starting to gain traction, IT administra-tors predictably had to shift gears in order to accommodate an increasingly porous network perimeter that redefined network security as we know it. Application control and data loss prevention (DLP) technologies were soon deployed in the network.
Lessons learnedIf history should be any guide, the lessons here are two-fold. Whether we know it or not, we’ve been here before. BYOD, like any other disruptive phenomenon, represents a continuation of previous trends in which the demand for technology helps shape the dynamic of workplace culture.
And looking back, those companies that accepted technology’s inexorable forward march and adapted accordingly, are the ones that ultimately prospered. Those that dragged their feet either lost out to competi-tors or were forced to shutter their doors.
The second and perhaps most significant lesson here is that network security tech-nology has been critical to the successful implementation of every technological change over the last four decades. And sub-sequently, the network is and will continue to be key to security as the IT environment continues to evolve.
Security will always surprise. Threats will change. A decade ago, who would have foreseen the proliferation of botnets? Or cyber espionage? Or the fact that almost a
Network security technology has been critical to the successful implementation of every technological change over the last four decades
im
ag
e b
y p
ho
to
s.c
om
B e s t o f B r e e d | s e c u r i t y
23September 2012
billion people would be put-ting their personal information on Facebook and other social networking platforms for the world to see? The big takeaway is organisations will have to think holistically if they want their IT environment to remain safe. With regards to BYOD, that means taking a unified, network-centric approach to security that will provide IT administrators a holistic view, as well as a platform on which to set and control poli-cies, while allowing data to pass back and forth as necessary between devices.
It’s no secret that the network will become increasingly more complex and difficult to manage as a greater number of disparate devices pass data through its gates. And, looking ahead, it’s only going to become more so. Taking a page out of the history books, IT professionals need to instead real-ize that the network provides a cornerstone
for the successful and secure integration of new technologies.
Essentially, because all traf-fic needs to pass through the network, it is also the best place to deploy security in a BYOD world. For one, the personal nature of such devices makes platform standardization practically impossible, and if the survey responses are any indication likely to be met with
strong resistance. To that point, a network security centric approach to BYOD actually provides administrators the flexibility to enable a greater variety of endpoint security approaches by serving as a central point of control for just about everything. Security mechanisms such as application control, network based ant-malware, Wi-Fi security, VPN, two-factor authentication, DLP, URL filtering, stateful-firewalling, intrusion prevention and a slew of others can only be achieved on the network and not the client.
The net-net? Network security has been and will continue to be an undeniably fun-damental component for all IT functions, as BYOD and myriad other anticipated technological trends gain momentum. Holding fastidiously onto an antiquated per-user licensing model for security appli-ances is only going to create more challeng-es that will ultimately thwart the efficiency that BYOD was intended to bring in the first place.
Your approach to security needs to reflect reality in order to truly work. And those that embrace its inevitable changes, while learn-ing the lessons of the past, will be the ones that not only survive the BYOD trend, but will prosper from it in the long run.
– Kevin Flynn is a senior product manager at
Fortinet, an IT security vendor
— This article has been reprinted with permis-
sion from CIO Update. To see more articles
regarding IT management best practices, please
visit www.cioupdate.com.
$206bwill Be the size of total puBlic cloud services
market in 2012, up from $91.4 Bn in 2011
How Will BYOD Impact Your Contract?BYOD will have an impact on every facet of telecom expense management By Matt West
Bring-your-own-device has evolved from trend to the new normal and with that discussions around the risks of implementing a BYOD policy in the enterprise
have become intense. How can enterprises enforce secure remote access to corporate assets? What happens when an employee stores sensitive info on their tablet, then leaves it in a hotel lobby for anyone to see? And, how do we make sense of device and plan reimbursement? For all of its ergo-nomic and economic advantages, CIOs are
still struggling to reconcile risk with reward as they navigate BYOD in their businesses.
There is one risk that’s typi-cally overlooked: the impact of BYOD on the carrier contract. Interestingly, this issue hasn’t gotten much play. At face value, it would seem that more indi-vidual responsible users (IRUs, as carriers call them) would mean less worry, less cost and less contract complexity for the enterprise.
But is that actually true? The answer is no. While the end game may be to shrink (even eradicate) the enterprise car-rier agreement, we’re far from reaching that goal. The imple-mentation of BYOD and the transition of corporate respon-sible users (CRUs) to IRUs can negatively impact your carrier contract and negotiation lever-age. With that in mind, CIOs
should consider the follo-wing as they
35%was the increase in end
user spending in the printer market in india
in 2012
B y o d | B e s t o f B r e e d
24 September 2012
explore and evolve their BYOD strategy:It’s not going away any time soon. Most enterprises deploy a hybrid variation of BYOD that include both corporate and individual users. This has made carrier contracting and contract management more complex, requiring a deeper insight into who’s using what device, how and how much. It’s imperative that companies keep an accu-rate inventory of their telecom assets even as these numbers change on the path to BYOD. Know how many smart phones, voice phones, tablets and other devices are being used in the enterprise, and what the usage is per line (minutes, text messages, etc.). Without this knowledge, you can’t negotiate better discounts and incentives with your carrier. BYOD doesn’t mean you have to give up your volume discounts. Just because you support a BYOD policy doesn’t mean you can’t get credit for IRUs under your current carrier contract. It’s pos-sible to still receive discounts for IRUs by requesting they use the corporate rate plan. Think of it like a “tell a friend” retail pro-gramme where you get a discount for every customer that names you as the referral
source. If you can get large numbers of IRUs to use your carrier/plan, you may get even bigger benefits in the way of credits to your corporate account.Be cautious of early termination fees. If you’re migrating large volumes of CRUs to IRUs, be sure to investigate the rami-fications of your timing. Most carriers go to great lengths to make it difficult to terminate service. One of these measures is an early termination fee. Most carrier contracts specify early termination fees to protect themselves against abrupt termina-tions (especially when they involve large quantities of users). Some enterprises may
BYOD Heralds the Most Radical ShiftGartner believes that we are likely to see successful BYOD programmes in the coming years
the rise of bring your own device (BYOD) programmes is the single most radical shift in the economics of client computing for business since PCs invaded the workplace,
according to Gartner, Inc. Every business needs a clearly articulated position on
BYOD, even if it chooses not to allow for it.BYOD is an alternative strategy that
allows employees, business partners and other users to use personally selected and purchased client devices to execute enter-prise applications and access data. For most organisations, the programme is currently
limited to smartphones and tablets, but the strategy may also be used for PCs and may include subsidies for equipment or service fees, says a release from Gartner.
“With the wide range of capabilities brought by mobile devices, and the myriad ways in which business processes are being
be able to absorb the penalty, but others may not. The wrong timing can deal a hefty blow to telecom budgets.Carriers are new at this, too. Car-riers and enterprises alike are figuring out how to navigate the tactical and strategic implica-tions of BYOD. This environ-ment of uncertainty exacerbates the lack of transparency around pricing and terms within the wireless provider industry. Car-riers are heavily motivated to protect the revenues they garner from large enterprise accounts, and this often comes in the form
of hidden fees, unnecessary charges and less-than-fair pricing and discounts. It’s more important than ever before to bench-mark carrier pricing and discounts to mini-mise disparity and eliminate overspending.
BYOD will have an impact on every facet of telecom expense management, starting with the way carriers’ services are sourced and contracted. Mitigating this risk early on will give CIOs a leg up in getting the benefits that BYOD can deliver. — This article has been reprinted with permission
from CIO Update. To see more articles regarding
IT management best practices, please visit www.
cioupdate.com. ill
us
tr
at
ion
by
ph
ot
os
.co
m
B e s t o f B r e e d | B y o d
25September 2012
The best strategy to deal with BYOD is to address it with a combination of policy, software, infra controls and education
reinvented as a result, we are entering a time of tremendous change,” said David Willis, vice president and distinguished analyst at Gartner. “The market for mobile devices is booming and the basic device used in business compared to those used by consumers is converging. Simultaneously, advances in network performance allow the personal device to be married to powerful software that resides in the cloud.”
Mobile innovation is now driven more by consumer markets than business markets. Affordability is not only putting very power-ful technology in the hands of consumers, but those consumers are also upgrading at a much faster rate. An organisation may better keep up with mobile technology advancements by aligning to the consumer, rather than the much slower pace of busi-ness technology adoption, with its long cycle of detailed requirements analysis, established refresh rates, and centralised procurement heritage. Consumers also enjoy equipment and domestic service pric-ing that often matches the best deals that an enterprise can get on behalf of its users, the release said.
In a BYOD approach, users are permitted certain access rights to enterprise applica-tions and information on personally owned devices, subject to user acceptance of enter-prise security and management policies. The device is selected and purchased by the user, although IT may provide a list of acceptable devices for the user to purchase. In turn, IT provides partial or full support for device access, applications and data. The organisa-tion may provide full, partial or no reim-bursement for the device or service plan.
“Just as we saw with home broadband in the past decade, the expectation that the company will supply full reimbursement for equipment and services will decline over time, and we will see the typical employer favor reimbursing only a portion of the monthly bill,” said Mr. Willis. “We also expect that as adoption grows and prices decline employers will reduce the amount they reimburse.”
While BYOD programmes can reduce costs, they typically do not. As businesses look to drive ever more capability
to the mobile device, the costs of software, infrastructure, personnel support and related services will increase over time. Once companies start including file shar-ing, business applications and collaboration tools, the costs to provide mobile services go up dramatically.
Gartner believes that IT's best strategy to deal with the rise of BYOD is to address it with a combination of policy, software, infrastructure controls and education in the near term; and with application manage-ment and appropriate cloud services in the
longer term. Policies must be built in conjunction with legal and HR departments for the tax, labor, corporate liability and employee privacy implications. Gartner recommends that com-panies start with a standard pol-icy that would apply anywhere, and create customised versions by country if necessary.
“BYOD is not for every com-pany, or every employee. There
will be wide variances in BYOD adoption across the world — by geography, industry and corporate culture,” said Mr. Willis. “Most programmes are at the employee's discretion — they decide if they want to opt in. For the vast majority of companies it is not possible to force all users into a bring your own (BYO) program without substan-tial financial investments — and consider-able support from senior management.”
Despite the inherent challenges, Gartner believes that we are likely to see highly suc-cessful BYOD programmes in the coming years. Many businesses will expand beyond smartphones and tablets and embrace BYO for personal computers. Beyond PCs, it is likely that users will discover new uses for emerging devices not initially understood by IT planners, much like we saw with the iPad.
“It won't stop with bring your own PC,” said Mr. Willis. “Bring your own IT is on the horizon. Once these new devices are in the mix, employees will be bringing their own applications, collaboration systems, and even social networks into businesses.”
7%was the gorwth of
printer market in india in the second quarter
of 2012
im
ag
e b
y p
ho
to
s.c
om
B y o d | B e s t o f B r e e d
C I O & L E A D E R C u s t O m s E R I E s | W I p R O
26 September 2012
BYOD Offers Value for EnterprisesWipro’s BYOD approach enables CIO’s to leverage power of mobility and make future workplaces to be location, device and application independent
The unprecedented growth of end consumer devices including smartphones and tablets has created a sense of urgency in the minds of the CIOs. They are formulating
strategies that can help them embrace the growing trend of Consumerization in their enterprises. Mobile devices have unargu-ably resulted in better connectivity, mobility and flexibility for the end users and have also increased the reach for enterprises. As per a survey conducted by Wipro, 60 percent of the employee’s use a smart phone at work while another 31 percent are willing to use these devices at work.
Companies are, therefore, increasingly allowing employees to ‘bring their own devices’ within the work premises. However, managing the scale and diversity of devices and data security has become primary con-cern for enterprises.
On the surface, its looks like that an enter-prise only needs to allow smart phones and devices at work culture, as a part of BYOD adoption. But it is just a tip of the iceberg. As a technology leader and enabler, a CIO will have to retain and attract top talent who highly-value and know their devices. Data security and protection of intellectual property is also a challenge. With the pro-liferation of mobile OS’s like iOS, Android, BlackBerry and Windows, there is growing need to support multiple device types with-out increasing cost or complexity.
Today’s enterprise scenario demands a strict security policy to be in place before a full access BYOD is enabled for the
W i p r o | C i o & L E A D E r C u s t o m s E r i E s
27September 2012
“As platforms and devices at work begins to grow, enterprises will have to collaborate applications, monitor devices and its usage. They need to craft an access policy based on level of employees, partners and contractors.”— Anuj Bhalla, Vice President and Global Business Head, System Integration and Maintenance Services, Wipro
employees. There is a huge risk of exposing sensitive company information to various devices. Although not allowing choice of personal device for a BYOD program, will be a huge hindrance for successful adoption of the program by the employees.
In today’s ever changing world of personal technology data security is directly linked to device security. While it is relatively easy to observe security protocols and pro-cesses for wired networks, it is complex for mobile devices. Resource accessibility and network connectivity are perplexing issues for enterprises.
Allowing a personal mobile device to access office data, applications, mails and collaboration tools using the enterprise network, poses a very high security risk. Bandwidth allocation and Quality of Service (QoS) also become very critical.
As various platforms and devices at work-place begin to grow, enterprises will have to collaborate applications, Monitor devices and its usage. Enterprise need to craft an access policy of devices based on the level of employees, partners and contractors.
For e.g. a hosiptal can extend its wireless network for employees on a personal device, limiting access based on roles. A doctor can be given complete access to use personal device in hospital premises and limited access off the premise for crucial informa-tion.. At advance level the hospital adminis-trator can be granted full network access to applications with new collaboration services.
BYOD solutions are not just technical in nature. They impact multiple functions like HR, finance and legal. Protecting sensi-tive data is the priority and hence the need to monitor the flow of data in and out is absolutely necessary. It is important to have well defined agreements with employees to address the issue of what happens to cor-porate data when an employee separates or loses the device.
Though the device is personal, loss of a device can impact business and produc-tivity. An enterprise must define the level of support it will offer BYOD users and the expectations that it has from the BYOD users.
Despite challenges, BYOD adoption has a great value to offer to enterprises. It gives the freedom to employees who may want to
use the device of their choice- be it make, brand, OS, hardware specs, capacity etc. Besides one can use feature rich handheld devices to access corporate applications. Employees may not need multiple devices for office and personal use
The other major benefits include cost reduction in hardware maintenance and software licensing which have been one of the major concerns for all enterprises be it small or large. Similarly, it reduces the pressure on IT infrastructure by automating routine user support tasks like user provi-sioning, application management, device capacity monitoring and roaming detection. BYOD adoption ensures all devices in an enterprise are bound by the corporate policy.
BYOD adoption ensures relevant ROI in a short time span. A Wipro study says that it helps an enterprise to lower the power con-sumption, resulting in up to 80 percent fall in electricity bills. WAN bandwidth can be optimized with various virtualization tools and adoption can help in saving 40 percent of the hardware costs.
The administrators major worries like device theft, training and technical support of large variety of devices are reduced to a great extent. Increased employee productiv-ity and faster response times are one of the best incentives for a BYOD initiative.
Planning a BYOD strategy goes a long way in establishing a strong business case and measuring ROI for the implementation. Strict policy and process monitoring mea-sures, if included only adds to the strong case for BYOD. Security becomes a priority with device registration and the definition of
baseline security policies (device certificate based authentication, encryption, secure mobile gateway, password policy etc.)
Similarly, selecting the right technology partner to manage the entire ecosystem of mobile computing platforms, networks and applications can help keep enterprises secure and at the same time flexible to meet employees demands.
Wipros innovative BYOD approach enables CIO’s to leverage power of mobility to the maximum, Our smart solutions are helping the future enterprise workplaces to be loca-tion, device and application independent. Our rollout of prepackage mobile apps are easy to customize , quick to deploy and cost effective than in house applications.
Wipro offers 360 degree BYOD portfolio across entire IT life cycle including design, deploy, manage and sustain.. Wipro provides not only BYOD consulting but helps enter-prises in device purchase, infrastructure upgrade, application porting, policy writing and manages services. Our single partner interface, working at the backend with the best in class OEMs worldwide, is helping enterprises increase accountability and integrate service delivery to ensure a seam-less BYOD experience.
http://www.wipro.com/cio_report/lp.html
Turning a crisis inTo an opporTuniTy is The hallmark of a True leader whom
C O V E R S T O R Y | O T h E R S F O l l O w
28 September 2012
by AtAnu KumAr DAsDesign by shoKeen sAifi imAging Peterson PJ
Coming out of a diffiCult situation triumphant is what makes leaders stand out from the Crowd.
there are numerous situations in the life of a Cio when he has to lead from the front. he not only has
to prove his mettle to the management but also has to Come aCross as a role model for others to follow. he has to ensure that his team members look up to him in the future. we spoke to some
of the top Cios and asked them to share the most Challenging moment in their Careers, and how they
emerged stronger and more respeCted from the situation. we hope their stories will not only be
interesting reads but also help you prepare better for Challenging times ahead
O t h e r s F O l l O w | C O V e r s t O r y
29September 2012
shanmugham Suresh has been associated with Mahin-dra & Mahindra since the last 14 years. The company is one of the largest non banking finance companies in India and concentrates on business
in rural and semi-urban locations. Shanmugham is responsible for IT across all the financial services entities of M&M including retail and corporate loans, mortgages, liability products, insurance and reinsurance broking, proposed insur-ance manufacture, proposed MF and proposed bank.
M&M Financial Services was fac-ing a unique problem in rural finan-ciing industry — that of delivering speedy services to customers. As Shanmugham was managing a team of around 300 employees, he needed to update them on a daily basis about the requirements of the customers in different remote locations across the country. This was also challenging.
“To solve the issue of rural financ-ing, I developed a unique model — the first in rural financial industry
Shanmugham overcame the challenge of rural financing by leveraging it
delivering ruralconnecTiviTy wiTh ease
Shanmugham Suresh, head – it, mahindra & mahindra financial Services
— to demonstrate reach and speedy services all the times,” says Shanmugham.
He launched the Electronic Point of Sale (EPOS) Transaction model through GPRS, VSAT and CDMA connectivity at the rural level, which ensured speedy transactions in remote locations. Shanmugham also launched, for the first time, a unique dynamic currency conversion solu-tion, which addressed the availability of rural cash issues. M&M’s IT strat-egy includes achieving connectivity with all branches and mobility con-nection through its executives.
By launching this new model, Shanmugham not only put in place a CRM system to assist e-business and the cross selling of the company’s other products and services but also improved the credit market risk man-agement of M&M.
He also overcame the challenge of team management.
“Once I deployed the solution, the problem which the team members faced about getting daily updates on tansactions taking place in the rural
locations was resolved. M&M wit-nessed speedy transactions and could also provide effective services to the customers,” says Shanmugham.
The projects include activities like interfacing with steering com-mittee through operating committee, dealing with customers for gathering mobile project requirement needs and managing vendors for solution deployments.
As the point of sale (POS) hub supports acceptance of signature and pin-based credit/debit prepaid cards, it needed a GPRS terminal. Shanmugham’s initiative led to the deployment of the first GPRS termi-nal in the Indian NBFC space. The launch of EMI on POS was equipped to handle POS terminal applica-tion certification including network interfaces using Ethernet terminals PC-based cash register on CDMA/LAN network.
“There was centralised storage with distributed data capture, of merchant acquiring solutions which was a very innovative approach in the project,” he added.
C O V E R S T O R Y | O T h E R S F O l l O w
30 September 2012
Shanmugham Suresh Head —IT, M&M Financial
Services, developed a solution that ensured profitability in the rural market for the company
DashboarDCompany: M&M Financial Services
establisheD: 1991
heaDquarters: Mumbai, Maharashtra
proDuCts: Financial Services
employees: 9,700+
Annie Mathew CIO, Mother Dairy, feels that it is very important to speak your mind out before jumping into any project
DashboarDCompany: Mother Dairy
establisheD: 1974
heaDquarters: New Delhi
proDuCts: Dairy products, edible oils and fresh fruits
employees: 3,000+
IM
ag
e b
y S
ub
HO
jIT
Pa
ul
32 September 2012
annie Mathew has been the CIO of Mother Dairy since 2005 and is responsible for all informa-tion technology related devel-opment of the company around the nation. She championed the migration to a new-age
ERP in the company. She pioneered the implementation of SAP and took up the most challenge of managing process issues and people issues in the new systems environment. Before joining Mother Dairy, Mathew worked for Bharat Shell and brought in Sun-Systems ERP across the com-pany's numerous locations.
According to Mathew, there have been numerous projects which proved to be tough and challenging for her career.
Mathew recalled one such project that she felt could motivate future CIOs and help them deal with such difficult situations in their lives. Mathew was involved in a SAP implementation project in one of her previous organisations where her
role as a consultant was in integrat-ing the manufacturing systems and SAP. The project was getting delayed and there were concerns how the project would get implemented on time. She needed to intervene imme-diately to ensure that there was no further delay in the project.
Eventually a meeting was called by the client where all the shareholders were grilled as to why the project was getting delayed and why were things not working as per the scheduled plan.
“Nobody pinpointed the problems. There was silence for for at least 30 minutes. Finally, I spoke and pointed out that the processes being demanded by the user teams were so horribly complex that unless some attempt at simplification was made, there was no hope of achieving even the delayed timelines. There was no other way but to start reworking on some specifics that needed to be removed, ” says Mathew.
Nobody expected that Mathew would point out all these project
details to the client. However, to everyone’s surprise, the client under-stood the problem and asked the team members to re-look at the pro-cesses and change them so that the project could meet its deadline.
“One of the key things that I learned from that incident was that it is very important to speak up and let people know what is there in your mind and then take things forward from there,” Mathew says.
“One has to have the courage to speak their mind and if one doesn’t speak, people will never understand what the problem is and things will never get resolved. It will all end up in a big blame game,” she says.
According to Mathew, it is also important to understand that a CIO should communicate the prob-lem to the team so that all are on the same page.
“These are very basic things but CIOs tend to miss out of communi-cating the same to the team mem-bers,” she adds.
courage To speak is very imporTanT
annie mathew, cio, mother Dairy
DeSpite facing multiple hurDleS, mathew DelivereD a crucial project on time
O t h e r s F O l l O w | C O V e r s t O r y
33September 2012
u Dubey joined Iffco Tokio General Insurance Co Ltd as Executive Vice President (IT) in 2005 and was promoted to the post of Executive Director (IT) in 2010. Dubey is respon-sible for evaluating, selecting,
procuring and implementing IT hardware, software and services in order to provide IT support in achiev-ing strategic business goals. He has been designed, developed and implemented a business logistics system providing a standard work flow for policy creation, printing, and issuance for streamlining the process and to monitor turnaround time.
Iffco Tokio General Insurance was established in 2000 and the company was growing and maturing in those days. Like any other BFSI company, Iffco Tokio was also driven by IT and it needed full support for ensuring efficient operations and growth. Dur-ing the last seven years, Dubey's team have supported the business by pro-viding various IT solutions with effec-tive enterprise-wide implementations.
One of the difficult projects which showed Dubey’s leadership skills was the implementation of Siebel customer relationship management (CRM) in record time.
“Iffco Tokio was struggling to have proper customer contact informa-tion and the channel partners were not managed in a proper manner. I knew that we had to get the project deployed at the earliest if we wanted to ensure that we are on track to achieve better profitability for the company,” says Dubey.
The CRM was deployed for effec-tive customer contacts, channel part-ner management, customer services, and call centre activities. The service desk, an Iffco Tokio-compliant IT service management software was implemented as were desktop and server management solutions. Also deployed was a document manage-ment system (DMS) to create an electronic document repository for the easy and efficient storage and retrieval of documents.
A CRM-based point of sale (POS)
solution was rolled out for major retail products and claims processing system including e-survey.
A self service portal was set up for online sales of new policies and renewals. He strengthened IT secu-rity measures through information security management system (ISMS) audits and ISO 27001 certification. In coordination with other group com-panies, he achieved a procurement advantage through rate contracts and MOU for hardware, software, net-working and services.
After the deployment of the CRM, Iffco Tokio witnessed proper infor-mation about its channel partners and customers and thus provide improved and effective services.
Dubey is currently evaluating mobile computing, single sign on, identity and access management and cloud computing.
“I feels that a CIO’s endeavour should be to provide an effective and efficient IT setup to enable the busi-ness to achieve its designated goals,” adds Dubey.
deploying crm forbeTTer profiTabiliTy
uc Dubey, executive Director (it), iffco tokio
Dubey overcame the challenge of managing the cuStomerS anD channel partnerS
C O V E R S T O R Y | O T h E R S F O l l O w
34 September 2012
UC Dubey executive Director (IT), Iffco
Tokio, believes in providing an effective and efficient IT set
up to enable the business to achieve its goals
DashboarDCompany: Iffco Tokio
establisheD: 2000
heaDquarters: Gurgaon, Haryana
proDuCts: Insurance
employees: NA
IM
ag
e b
y S
ub
HO
jIT
Pa
ul
SanthoSh babu, founDer anD mD, oD alternativeS SpeakS to atanu kumar DaS about Different aSpectS of leaDerShip
cio should increase hisinfluence in The neTwork
Santhosh babu, founder and managing Director, oD alternatives
Santhosh Babu Founder, OD alternatives, feels the leadership curriculum should have two parts -- the being part and the doing part
36 September 2012
--- the singer --- his ability to motivate and inspire people has always been awe inspiring for me and I always try and follow some of the principles of this singer in my life.
What kind of curriculum should a CIO pursue to boost
his leadership skills?In terms of curriculum, I always believe that there should be two parts to it --- one is the doing part and the other is the being part. Most of the curriculum in India focuses on the doing part and that doesn't help but if there would be the being part then he would learn core values, beliefs, assumptions and life's purpose.
Can you suggest some cours-es or books that can assist a
CIO in being a leader?I would suggest two books which would definitely help a CIO. The first one is 'Immunity to Change: How to Overcome It and Unlock the Potential in Yourself and Your Organization' by Robert Kegan and Lisa Laskow Lahey and 'Leadership on the Line: Staying Alive through the Dangers of Lead-ing' by Martin Linsky and Ronald A Heifetz. These two books would go a long way in helping a CIO understand the dynamics of leadership and assist them in their day to day professional and personal lives.
Do you feel that there are enough institutes in India pro-
viding courses/degrees in leader-ship programmes?I do not feel that there are any insti-tutes which is offering the right way of teaching leadership roles. Almost all the institutes only teach the 'doing' part and no institutes teach the 'being' part. We at OD Alter-natives have come up with a pro-gramme called 'Vision Quest' which focuses on the 'being' part and we have taken inspiration from ancient
DashboarDCoompany: OD Alternatives
establisheD: 1999
heaDquarters: New Delhi
proDuCts: Leadership training
How can a CIO enhance his interpersonal skills?
A CIO must understand his organisa-tion as a complex living system and not look at it in a traditional manner. He should be able to increase his influence in the network in order to enhance his interpersonal skills. The idea is to be able to communicate in a manner where he can garner as much knowledge he can from his peers, seniors and subordinates.
Being a Leadership Guru, what will be your advice for a
CIO looking to evolve into an ideal leader in his organisation?There are two types of problems that a CIO would face in an organisation. One is technical problem which can be dealt with his knowledge of the sub-ject and other is adaptive problem and this is a real challenge. Here he would need to question the existing para-digms and beliefs in order to find the right solution. This is where the true leadership quality of a person evolves.
Honing one's leadership capa-bility is imperative for future
success. In your view, what are the best ways of honing one's abilities?The best ways to hone one's skills is to focus on personal growth and also to focus on adding value to the organisa-tion and the people around. A CIO should be aware of the impact of his actions in the longer ecosystem of things and this way he will communi-cate in the proper manner. One has to be aware of the positive and negatives of his action and this will ensure that he does things which will make the organisation benefit. This way he also hones his skills to the optimum level.
Who has been the one leader that has been an inspiration
for you and what have you learned from him?I am always inspired by Bob Marley
tribes to formulate this programme. There are times when the ancient people who faced problem would go alone to the jungle and talk to the nature to come to a solution. So we have also made a programme where we give a situation to a CIO and make him stay alone with himself and then he comes up with a solu-tion which no institutes can teach. The 'Vision Quest' retreat helps the CIO to decide what is the life he wants to emerge and what is the life that is waiting for him. And this can be achieved if he is willing to give up what comes in the way. There comes a time when one must leave family, friends and work behind and go off alone looking within to discover the changes in the circle of life. The 'Vision Quest' is an ancient rite of passage ceremony, enabling CIOs to engage in an age-old ceremonial pattern: completion of an old life, movement through the threshold of the unknown and return to the world reborn.
Many successful people reach in a point in their life when despite all the success they know there is something that is missing. They know they have achieved more than they thought or dreamt. Now it is about leaving a legacy.
The idea is to have a programme that will enable a CIO to perform at his best without sacrificing his achievements. The progamme will enable the CIO to operate from a foundation that is anchored solidly in what is most important and most enduring (fulfilling) in his life. This will enable the CIO to evaluate his personal leadership style, enhance his personal credibility, recalibrate his expectations and show how to develop a committed organisation.
As Joseph Campbell rightly said, “You must give up the life you planned in order to have the life that is waiting for you.”
O t h e r s F O l l O w | C O V e r s t O r y
37September 2012
DO YOU KNOW
A FUTURE CFO?
2012
DO YOU KNOW
A FUTURE CFO?
NOMINATE YOURSELF OR YOUR COLLEAGUES TODAY!
If you are a CFO or a non-finance professional – please nominate a team member/ colleague by sending us the name, email id and contact
number of the nominee on [email protected]
If you are one of our future winners, please apply at
www.cfoinstitute.in/cfonext100
The winners will be felicitated at a gala event in Mumbai in December 2012.
FOR THE FIRST TIME IN INDIA!
Event by
APPLYNOW
The CFONEXT100 is a first-of-its kind initiative from CFO India magazine, to identify and recognise 100 of the brightest rising stars in the field of finance – future CFOs. A 35 – member strong jury of leading CFOs – most of them winners of our CFO100
programme will identify, evaluate and pick the winners.
“Innovation distinguishes
between a leader and a follower.”
—steve Jobs
38ASeptember 2012
SpecIAl
leAderShIp SectIon
38B September 2012
CIO&LEADER This special section on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:
An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm
The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership
This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors
Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each other’s strengths and weaknesses, opine on each other’s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests
Featuring a top CIO/Technology Company Head and the best guidance/recommendation he received with respect to his personal or professional growth. The advice could relate to dealing with people, managing personal finance, and balancing work and life
A one-page review of a book on leadership
top down Me & MY Mentee
MY StorYleAdIng edge 4340
39 5049
54
the BeSt AdvIce I ever got
ShelF lIFe
I n t r o d u c t I o n
Money Matters Ashwani Khillan, CTO, MTS believes that making people realise how they contribute to the revenues is a big motivation factor
started offering data services, there weren’t many trained professionals to work on the technology an d in order to make people who are used to working on voice based service to transition to data services, a lot of motivation is required. We realised that this was a very effective way to motivate employees. In our IT department, whatever initiatives we take are focused on two key areas—initia-tives that increase revenues and initiatives that save costs. In both the cases, the employee knows how he’s contributing towards organisation’s growth. There have been many initiatives that we’ve taken in this regard. For example, in 2009 we started charging our customers based on the websites they’ve visited. This required Deep Packet Inspection, a concept that was completely new in India. With this, we were able to offer customised data packages wherein instead of calculating their total data usage, we gave them unlimited free access to specific websites that they most often access. Similarly, we were also able to do authen-tication implementation in network, which ensures no revenue leakage by stopping cloning. We were also the first to successfully implement EVDO Rev-B that increased the peak data rate upto 4.9Mbps within same spectrum. All such initiatives directly impacted the top and bottom line of the orgainsation. — As told to Varun Aggarwal
One Of the biggest challenges faced by any manager is to motivate his team members. I believe that translating the impact of an employee’s work into direct revenue terms can be a great way to motivate people. You need to make them realise where are the revenues coming. However, you also need to translate the revenues in simpler terms that an engineer or a young team mem-ber can clearly understand. For example, if you tell them that the BTS they are managing contributes to X amount and any error or delay can cost the company Y amount per hour, then the employee gets to know how his work directly impacts the company.
Most employees work towards the company’s prog-ress. If their efforts are effectively translated into rev-enue terms, then they know exactly how much contribu-tion they’ve made to the company progress and this is a big motivation for most employees. This was especially important for us because back in 2008-09 when we
Top DownAshwAni KhillAnCTo, MTs
39September 2012
ph
ot
o B
Y s
ur
es
h
Vilakshan Jakhu, CIO, BPTP speaks with CIO&Leader on some of the industry firsts he has headed at BPTP, leadership lessons, training and using IT to the fullest
Vilakshan Jakhu is the senior VP and CIO of BPTP. He is responsible for brand building, business planning for handling customer base with KPIs of loyalty development and management.
How do you compare the way you run IT with the the way it's run by other real estate sector
companies in India? We were the first real estate company in India to implement SAP in totality, which simply means the final balance sheet is computed from the ERP. I headed that implementation. Many companies have SAP in place but their balance sheet still comes from 'Tally'.
We have been running a private cloud for the last four years. There are no physical servers dedicated to any physical process. Every server we have is fully virtual-ised, whether it's SAP, middleware etc. This is also an industry first.
BPTP's CRM is cloud based. We evaluated Microsoft Dynamics, Oracle Siebel, Salesforce and even SAP. It took us three years to finalise the vendor. We are again the first real estate company in India to have implemented a completely customer service oriented CRM solution.
What we are doing is cutting edge. The Oracle applications are integrated with the SAP applications using a middleware, which is again unique but not the only one in India. Hero MotoCorp is the only other company to have done this kind of an integration.
Our physical documents will soon get digitised. The contract is being finalised and our document digitisa-tion will begin soon.
Lessons on the importance of organising training sessions as a thought exchange
process.Usually employees have a thinking pattern on how cer-tain activities are worked out. For e.g. A construction engineer has a standard idea of constructing the build-ing. May be, he would not think about the concept of using bricks from soda ash. Although not available easily, they are cheaper, more sturdy, light weight and efficient than the conventional bricks. These ideas can also come from employee who has not worked for the real estate sector.
Training plays an important role especially at BPTP, a seven year old young company formed in 2005. Most of the employees here do not have a real estate background. It works in our favour because ideas of employees from different genres can be gelled togeth-er. But they have to be trained accordingly in a uniform environment. Leader has to play a role in actualising these training programmes. BPTP organises such training programmes on a regular basis.
We have leaders coming from different walks of life with various working styles. For e.g. We just hired a person who was in Singapore, working with a resl estate company. He comes with a totally distinct approach to work. To complete a particular assign-ment, he is ok with a few middle level project manag-ers and groundsmen and he will be good to go. He does not expect a big team of specialists. Employees
“At BPTP, We Value Training a Lot”
My sTory VilAKshAn JAKhu
40 September 2012
V i l A K s h A n J A K h u | i n T e r V i e w
like these can bring in fresh air in the organisation and again training sessions can be the best place to facilitate such thought exchange process.
How are you leading different teams in using IT to the fullest?
One more learning from a leadership angle is about using IT to the fullest. It will only remain a tool to complete the daily tasks until the users identify and take advantage
of all the available functionalities in a given system. For e.g. We have the world's best ERP system. But are we using it as an ERP system? Are all the business users actu-ally checking the SAP reports on a regular basis or are they still relying on a dump of Excel and then processing that informa-tion. Maturity is something that comes into play here. I believe core systems like ERP gives RoI in five years and not three years as claimed by some vendors.
In the first five years, the team is still trying to grapple with the regular func-tionalities and regularising them. We had built about 200 reports in the ERP but the amount of reports actually pursued were only 60.
However, this loose approach has changed. BPTP is using ERP to optimise cash flows. Moreover, we have completely automated a host of functions using the SAP system, which were hitherto lying idle
1 Every server we have
at BPTP is fully virtualised
2 Our physical
documents will soon get
digitised and we are in the
process of finalising the
contract
3 BPTP is using ERP to
optimise cash flows
4 We are one of the few
companies in the business
which send out an electronic
demand letter
5 We are now getting
into trending analysis on
what’s the best way to
convert customers coming
through SMS or email,
phone call or any other
medium
5poinTs
41September 2012
and unused. In the current scanrio, our cash flows, reconciliation is happening at the back end which is automated, form 16 is digitally signed. This has made the core departmental function fully automated.
We understand how the CFO needs to be empowered with the required systems, what his deliverables are and thus we are more cognisant of putting the right systems in place for him to fulfill the needs of the pro-moters, shareholders etc.
What according to you is leadership from a customer service perspective?
In 2005, during the real estate boom, people were so keen on buying real estate properties that they would slip in cheques below the shutters of the closed shop of the broker or the respective agency handling real estate buying. By doing that, they wanted to be the first ones to make the payment to make sure they have the prop-erty entitlement. The objective was to take the advan-tage for the booming real estate market.
The current scenario is different. People are not throwing cheques at you. The customer has to be acquired by offering attractive deals, taking him for multiple site visits, constant interaction and persuad-ing him on why our property is the best.
How does that change the IT systems we have? About an year back, we executed an internet advertis-ing campaign and suddenly we had 400 leads per day and it was too much for BPTP's sales team. We could not call up those customers. So it was a huge failure. But after the CRM implementation, the leads automati-
cally flow into the CRM system in the accounts of the sales team member. If he does not reply to the custom-er within four hours of getting the lead, it will move to another team member and the sales team member who could not respond will be penalised. The CRM system equips the sales team to handle the increasing amount of leads.
We are now getting into trending analysis on what’s the best way to convert customers coming through SMS or email, phone call or any other medium. We are also trying to find out whether the potential customer is more likely to be your customer when he is sending an SMS or email or making a phone call etc. This kind of data is now being built using analytical reports in Siebel. This is the reason we selected Siebel and not SAP or Microsoft Dynamics.
Can you share any particular IT initiative that comes from your business savviness?
The customer wants to know when is the next pay-ment-demand due for the property he bought from BPTP. The usual process would have the customer calling the customer service, the customer service associate would put the call on hold, open the SAP sys-tem and inform the customer about the date. We have made a simple use of technology to make this process more efficient. This initiative, no matter how small it looks has improved BPTP's cash flow.
We are one of the few companies in the business which send out an electronic demand letter and an SMS, the moment a demand is generated in the sys-tem. The real estate sector still has companies that courier the demand letter, which takes some time to reach the customer. An email accompanied by an SMS has improved the cash flow of the company because an email/SMS is faster than a speed post. The customer doesn’t have a problem in making the payment early if he has excess money.
This initiative was my idea becasue I understood the end to end process of how payment demands are generated in the system. I also had an understand-ing of how other real estate companies approach this process.
Share your thoughts on interacting with people having knowledge of ‘ground
situation’?Regular dialogue with the CEO, CFO is important but it's equally important to keep your ear to the ground and be in constant touch with the ground guys.
I spend a considerable amount of time with the MIS employees in our sales team, whose job is to track which real estate properties are being launched, what rate they are currently offered at, what other brokers are doing. So he is the feeler for the market.
42 September 2012
i n T e r V i e w | V i l A K s h A n J A K h u
“the current scenario is different. people are not
throwing cheques at you. the customer has to
be acquired by offering attractive deals, taking him
for site visits, interaction and persuading him on why
our property is the best”
It Is Often saId said that the principles of great leadership are timeless, or based on immutable truths. But when we meet with the men and women who run the world’s largest organisations, what we hear with increasing frequency is how different every-thing feels from just a decade ago. Leaders tell us they are operating in a bewildering new environment in which little is certain, the tempo is quicker, and the dynamics are more complex. They worry that it is impos-sible for chief executives to stay on top of all the things they need to know to do their job. Some admit they feel overwhelmed.
To understand the leadership challenge of our volatile, globalised, hyperconnected age more clearly, we recently initiated a series
of structured interviews with the leaders of some of the world’s largest and most vibrant organizations. Excerpts from six of those conversations appear below. The leaders—Josef Ackermann, formerly of Deutsche Bank; Carlos Ghosn of Nissan and Renault; Moya Greene of Royal Mail Group; Ellen Kullman of DuPont; President Shimon Peres of Israel; and Daniel Vasella of Novar-tis (see sidebar, “Leaders on leadership”)—represent a diverse array of viewpoints. All are grappling with today’s environment in different ways. But the common themes that emerged from these conversations—what it means to lead in an age of upheaval, to master personal challenges, to be in the limelight continually, to make decisions
under extreme uncertainty—offer a useful starting point for understanding today’s leadership landscape.
After presenting the ideas of these lead-ers on leadership, we offer a few additional reflections on the topic. They draw in part on the interviews, as well as on our experiences with clients; on conversations with dozens of experts in academia, government, and the private sector; and on our review of the exten-sive academic and popular literature on the subject. All reinforce our belief that today’s leaders face extraordinary new challenges and must learn to think differently about their role and how to fulfill it. Those who do may have an opportunity to change the world in ways their predecessors never imagined.
Leading in the 21st centurySix global leaders confront the personal and professional challenges of a new era of uncertainty. By dominic Barton, andrew Grant, and Michelle horn
leADing eDge
DoMiniC BArTon, AnDrew grAnT, AnD MiChelle horn
43September 2012
Leading in an age of upheavalA convergence of forces is reshaping the global economy: emerging regions, such as Africa, Brazil, China, and India, have overtaken econ-omies in the West as engines of global growth; the pace of innovation is increasing expo-nentially; new technologies have created new industries, disrupted old ones, and spawned communication networks of astonishing speed; and global emergencies seem to erupt at ever-shorter intervals. Any one of these developments would have profound implications for organ-isations and the people who lead them. Taken together, these forces are creating a new context for leadership.JOsef ackerMann: We experienced a tremendous shift in the global balance of power, which manifests itself in our business.
In the 1980s, over 80 percent of Deutsche Bank revenues were generated in Germany. In the mid-1990s, they still accounted for about 70 percent. Today, Germany, despite its continuing economic strength, stands for 38 percent of global revenues. Over the years, people in our headquarters, in Frankfurt, started complaining to me, “We don’t see you much around here anymore.” Well, there was a reason why: growth has moved elsewhere—to Asia, Latin America, the Middle East—and this of course had consequences on the time spent in each region. Managing risk also has become much more complex for banks. It’s not only market risk; there is more and more political and social risk. Increasingly, financial markets are becoming political markets.
That requires different skills—skills not all of us have acquired at university; how to properly deal with society, for example, a stakeholder that has immensely grown in importance since the financial crisis.carLOs GhOsn: I don’t think leadership shows unless it is highlighted by some kind of crisis. There are two kinds. There are internal crises that arise because a company has not been managed well. Then there are external crises, like the collapse of Lehman Brothers or the earthquake in Japan or the flood in Thailand. In that case, you are managing your company, and all of a sudden there is this thing falling on you.
Business schools may prepare people to deal with internal crises. But I think we need to be more prepared for external crises, where it’s not the strategy of the com-pany that is in question; it’s the ability of leaders to figure out how to adapt that strat-egy. We are going to have a lot more of these external crises because we are living in such a volatile world—an age where everything is leveraged and technology moves so fast. You can be rocked by something that originated completely outside your area.
I think one of the reasons Nissan has been able to cope with external crises better than some of our competitors is that we have a more diverse, multinational culture. We don’t just sit around waiting for the solution to come from headquarters. We are accustomed to always looking around, trying to find out who has the best ideas. Our people in the US talk to our people in Japan on an equal level. We have a lot more reference points.eLLen kuLLMan: These days, there are things that just come shooting across the bow—economic volatility and the impact of natural events like the Japanese earthquake and tsunami—at much greater frequency than we’ve ever seen. You have to be able to react very quickly. And the world is so connected that the feedback loops are more intense. You’ve got population growth and the world passing seven billion people last year, and the stresses that causes, whether it’s feeding the world, creating enough energy, or protecting the environment. We matched our focus, our research and development, and our capital expenditures up against megatrends like these over the last five years. This is the future, so we need to understand how our science relates to it.
44 September 2012
l e A D i n g e D g e | D o M i n i C B A r T o n , A n D r e w g r A n T , A n D M i C h e l l e h o r nil
lu
st
ra
tio
n B
Y p
ho
to
s.c
om
D o M i n i C B A r T o n , A n D r e w g r A n T , A n D M i C h e l l e h o r n | l e A D i n g e D g e
45September 2012
rush to your first meeting. And maybe you already have a conference call in the car on your way into town. You are lucky if you get enough time to take a shower.
And of course, with all the new informa-tion technology, you are constantly available, and the flow of information you have to manage is huge; that has added to the pres-sure. You are much more exposed to unfore-seen shifts and negative surprises and you have to make quick decisions and respond to or anticipate market movements around the world. So you have to have a very stable psyche as well. I see more and more people these days who just burn out.
I’m not a tech freak. I use my iPhone and send text messages, that’s it. I still like to have paper in front of me and I do a lot in
written-memo form. I think people who constantly use their BlackBerry or iPhone easily lose sight of the big picture.
It also helps me enormously that I can sleep anywhere, whether I am in a car or an airplane. If you’re unable to relax quickly, I think you can’t be a CEO for a considerable length of time. Some people do meditation or yoga. I don’t do any such thing. I think you have it in your DNA or you don’t.dan VaseLLa: I talk to my team about the seductions that come with taking on a leadership role. There are many different forms: sexual seduction, money, praise. You need to be aware of how you can be seduced in order to be able to resist and keep your
shIMOn Peres: The last two decades have witnessed the greatest revolution since Genesis. States have lost their importance and strength. The old theories—from Adam Smith to Karl Marx—have lost their value because they are based on things like land, labor, and wealth. All of that has been replaced by science. Ideas are now more important than materials. And ideas are unpredictable. Science knows no customs, no borders. It doesn’t depend on distances or stop at a given point. Science creates a world where individuals can play the role of the collective. Two boys create Google. One boy creates Facebook. Another individual creates Apple. These gentlemen changed the world without political parties or armies or fortunes. No one anticipated this. And they themselves did not know what would happen as a result of their thoughts. So we are all surprised. It is a new world. You may have the strongest army—but it cannot conquer ideas, it cannot conquer knowledge.
Mastering today’s personal challengesThe rigors of leadership have prompted many leaders to think of themselves as being in train-ing, much like a professional athlete: continu-ally striving to manage their energy and fortify their character. There is a growing recognition of the connection between physical health, emotional health, and judgment—and of how important it can be to have precise routines for diet, sleep, exercise, and staying centered.1MOya Greene: The first criterion is: do you love it? It’s a seven-day-a-week job. I think that’s true for anyone in these roles. If you don’t love the company and the people—really love them— you can’t do a job like this.
I’m pretty energetic. I start at five in the morning. I don’t even think about it any-more; the alarm goes off and I’m up. I go for a 30-minute run. I do weight training three mornings a week. I try to eat well, but not too much. I’m a big walker—that’s my favorite thing. I try to get a good walk every weekend. I go on walking vacations.
I’ve usually got three or four books on the go. I’ve given up on novels. I can’t get through them no matter how good they are; there’s no way I’ll finish before there’s some kind of interruption. So I read poetry now: the collected works of Ted Hughes, Emily Dickinson. I’m working my way through
“You need to be aware of how you can be seduced in order to be able to resist and keep your integrity”—dominic Barton
Philip Larkin. You can take a Larkin poem and read it on the bus in 15 minutes. The good ones stay with you and will come back to you. That’s what I like about poetry: you get a little shot of mental protein without a lot of time.JOsef ackerMann: Just to give you an idea of my calendar for the next ten days: Berlin tomorrow, then Seoul, then Munich, then Frankfurt, then Singapore, then the Middle East. I’m almost constantly on a plane. With all this traveling, physical stamina has become much more important.
I remember a time when after flying to Hong Kong you could take a whole day off to recover. Today, right after landing you
integrity. Every CEO needs someone who can listen—a board member, an adviser—someone to whom he can speak in total confidence, to whom he can say, “I’ve had it; I’m about to resign.” Or, “I really want to beat this guy up.” You need someone who understands and can help you to find the balance. Leaders often forget the importance of stable emotional relationships—especially outside the company. It helps tremendously to manage stress. Your partner will do a lot to help keep you in sync. You have to be able to switch on and switch off. Are you entirely present when you’re present? Can you be entirely away when you’re away? The expectation is that your job is 24/7. But no one can be the boss 24/7. You need to have a moment when you say, “I’m home now,” and work is gone.
46 September 2012
carLOs GhOsn: Leading takes a lot of stamina. I became CEO at 45. But I was working like a beast. You think, “So I work 15, 16 hours a day; who cares?” But you can’t do that when you are 60 or 65.
And now companies are more global. So you have jet lag, you are tired, the food is different. You have to be very disciplined about schedules and about organizing everything. Physical discipline is crucial, for food, exercise, sleep. I live like a monk—well, maybe not a monk, but a Knight Tem-plar. I wake at a certain hour, sleep at a cer-tain hour. There are certain things I won’t do past a certain time.eLLen kuLLMan: I spend a lot more time on communication, more time out at plant sites, in sales offices, with customers, in our research laboratories. I’m bringing my board of directors to India in a couple of weeks to help them really see the issues we’re facing. That’s where I get my energy from. It’s contagious. I come away from these engagements with ideas, energy, and a real sense of focus on where we as a company need to go. That’s part of what drives me.shIMOn Peres: The mind of a leader must be free—a mind that can dream and imagine. All new things were born in dreams. A leader must have the courage to be a nonconformist, just like a scientist. He must dream, even if he dreams alone or if people laugh at him. He must not let his heart falter.
Today, the separation between generations is stronger than between nations. Our children
say, “Please don’t impose upon us your own arrogance—the world you created, wounded by war, corrupted by money, separated by hatred. And don’t try to build artificial walls between us and other youngsters.” Because they were born in a new age. For them, the modern equipment of communication is what paper and pen are for us. They can commu-nicate much more easily and don’t feel all this hidden discrimination that we were born with and find so difficult to get rid of.
the (now 24/7) public face of leadershipNearly everyone we spoke with commented on the challenge of dealing with constant scrutiny and of acting as a connector in a complex eco-system. As the face of the organisation, leaders must be prepared to address the immediate, practical concerns of the job while also main-taining and articulating a long-term vision of the organisation’s purpose and role in society—all against a backdrop of 24-hour financial cov-erage, ubiquitous blogs, and Twitter feeds. That means learning new modes of communicating across today’s far-flung networks and working harder to craft clear, simple messages that reso-nate across cultures.JOsef ackerMann: CEOs have become highly public figures. And media scrutiny has become very personal. Particularly in our home market, Germany, it’s always, “Ackermann says this” or “Ackermann’s doing that”—even if I personally had nothing to do with it. You are the institution you lead.
After I became CEO, the former head of the Bundesbank one day took me aside and gave me some advice: “From now on, you must remember that you are two people. You are the person whom you and your friends know, but you are also a symbol for something. Never confuse the two. Don’t take criticism of the symbol as criticism of the person.” dan VaseLLa: People have a legitimate demand for access to the CEO. But you have to modulate that so you avoid overexposure. You’re a product. And the press will paint you as either a hero or a villain—whatever sells. If they paint you as a hero today, you should be prepared to be painted as a villain tomorrow. Not everything you do will work out every time, and you have to accept that people will be unfair.MOya Greene: A decade ago, I’d have said that it was harder to be a public official than an executive in the private sector. But the tables have turned. It’s tough these days to be the CEO of any business—even a very successful one with a balanced view of the corporation’s position in society.
My public-sector experience has helped me to understand how easily sound policies can be derailed by small, symbolic things. It may not matter that the policy change you are advocating is the product of fantastic analytics or years of brilliant stakeholder management; the tiniest little spark can become a flash fire—something that takes hold and transforms perceptions in ways that don’t seem rational. If you work in the public sector, you learn the value of develop-ing antennae for popular perceptions and keeping them finely tuned.
I spend about 15 percent of my time try-ing to help our own people understand how good we are at what we do, which isn’t always easy, because there is so much nega-tivism in the press. I see good internal com-munications as a way to punch through and get our message out, to tell our people—who are the most powerful ambassadors for our brand—“Stand up and be proud.”carLOs GhOsn: In business, there are no more heroes. The media has become a lot more negative about corporate leaders over the past ten years. Small mistakes get blown up into huge things. I cannot imagine myself today doing what I did in Japan in 1999, when I stood up and said: “We’re going to
l e A D i n g e D g e | D o M i n i C B A r T o n , A n D r e w g r A n T , A n D M i C h e l l e h o r n
“every ceo needs someone who can listen—a board member, an adviser—someone to whom he can speak in total confidence, to whom he can say, ‘i’ve had it; i’m about to resign.”—Michelle horn
47September 2012
D o M i n i C B A r T o n , A n D r e w g r A n T , A n D M i C h e l l e h o r n | l e A D i n g e D g e
get rid of the seniority system. We’re going to shut down plants. We’re going to reduce headcount. We’re going to undo the keiretsu system.” I had a lot of criticism. But there were also people who said, “Let’s give him the benefit of the doubt.” Today, if I were to stand up and try to do something like that, I would get massacred. I would need much more emotional stability and certainty. Leaders of tomorrow are going to have to be incredibly secure and sure of themselves.
Leaders of the future will also need to have a lot more empathy and sensitivity—not just for people from their own countries but for people from completely different countries and cultures. They are going to need global empathy, which is a lot more difficult.shIMOn Peres: Words are the connection between leaders and the public. They must be credible and clear and reflect a vision, not just a position. The three greatest leaders of the 20th century were Winston Churchill, Charles de Gaulle, and David Ben-Gurion. Each had a brilliant mind and a brilliant pen. Their ability with a pen demonstrated many things: curiosity, memory, courage. They understood that you lead not with bayonets but with words. A leader’s words must be precise and totally committed.
decision making under uncertaintyA final theme is that leaders must increasingly resist the temptation to cope with chaos and complexity by trusting their gut. At a time of extreme volatility, past experience is an unreli-able guide to future outcomes. Leaders must create cultures of constructive skepticism and surround themselves with people who bring multiple perspectives and have no fear of chal-lenging the boss.JOsef ackerMann: It is a paradox: on the one hand, you have to be more confident and secure, but on the other, you have to be a lot more open and empathetic. You need to listen, but then when you make a decision, that’s it—you must be a very hard driver. Usually, these are not attributes you find in the same person. Once you have done the analysis and made the decision, then you have to learn to simplify the decision in communicating it to others. Everything’s complex, but once you have decided, sometimes you need to simplify so much it’s
almost a caricature. You must say, “Nothing matters beyond this.” You must reduce everything to zeros or ones, black or white, go or no-go. You can’t have too much nuance.
In a crisis, you have to be able to do all of these things—listening, deciding, and then simplifying—very quickly. That is what makes leading in a crisis so interesting. And because you have to move so fast, you have to empower people to make decisions them-selves. That’s the best way to restore calm.MOya Greene: When I came here, we were running out of cash. I was grappling with decisions that would determine whether
have to take the sword and cut through the Gordian knot and make a decision, despite any uncertainties. But the question is: are you being led by the context or do you lead? Are you being led by your followers and are they choosing for you? Or do you choose and do you lead? I think you have to be aware of the context, and what people expect and hope for. But as a leader, you’re not there to feed people with all the things they hope for. Your job is to persuade people to do the things you believe will be the right direction for the long term. People want you to lead. And if you lead, you will hurt. You will satisfy
“Words are the connection between leaders and the public. they must be credible and clear and reflect a vision, not just position”—andrew Grant
or not we could stay in business. But you cannot position your company in the broader social and economic fabric of the nation if all you do is look at the financial dimensions of performance. You have to look at what your customers think, what your employees think, and what you can do for your customers.danIeL VaseLLa: As a leader, to whom can you express your doubts—and should you? In which situation is it appropriate and when not? I believe that you have to be able to express doubt in your team and with a board. If you don’t—and you pretend—then you are playing a role, which eventually leads to an unhealthy situation. That’s not to say you should act like you’re in a confessional. At some point [in decision making], you
sometimes. You will celebrate and you will blame. That’s all part of your job.JOsef ackerMann: Problems have become so complex today that you have to collect the expertise and opinions of a lot of people before you can make a sound decision. Some people say, “Don’t decide until you have to.” I have a completely different view. I hate to be under time pressure. I think it is important that you aren’t confronted with a situation where you haven’t heard anything on a particular issue for half a year—and then suddenly you have to make a quick decision. on the basis of an executive summary. I believe in personal leadership, but no CEO can do it all on his own. You need the expertise, judgment, and buy-in of your team.
48 September 2012
Dominic Barton is McKinsey’s
global managing director
Andrew Grant is a director in
McKinsey’s Singapore office
Michelle Horn is a principal in the
Atlanta office
Preparing for a new era of leadershipIt’s never been realistic to break leadership into a fixed set of essential competences, and that’s particularly the case in today’s complex, volatile environment. Still, the themes our interviewees sounded repre-sent a rich set of opportunities for leaders to boost their effectiveness. To close, we’d like to amplify and extend those themes by emphasising three skills that can help lead-ers thrive in today’s turbulent environment, which for many has prompted a reexamina-tion of fundamental assumptions about how they do their jobs, while underscoring the importance of leading with a purpose. Resilient leaders, as Shimon Peres remind-ed us, are those who have “ambition for a cause greater than themselves.”
1. See with a microscopeOver the next two decades, McKinsey research suggests, the conditions of the late 20th century—cheap capital, low interest rates, a global demographic dividend, and a gradual decline in commodity prices—will either be reversed or seesaw violently. Managing the immediacy of these changes, while also staying alert for the inflection points that signal bigger, long-term “trend breaks,” will require leaders to see the world in multiple ways at once. In different ways, many leaders have told us they’ve needed to develop a facility for viewing the world through two lenses: a telescope, to consider opportunities far into the future, and a microscope, to scrutinize challenges of the moment at intense magnification. Most of us are naturally more comfortable with one lens or the other; we are “farsighted” or “nearsighted,” but rarely both. In times of complexity, leaders must be able to see clearly through either lens and to man-age the shift between the two with speed and ease. Leaders must use the telescope to watch for long-term trends, dream big dreams, imagine where a company should be in five or ten years, and reallocate resources accordingly. The accelerating pace of technological innovation makes this aspect of a leader’s role more important than ever. The microscope, too, affords a critical perspective. Leaders must force their organisations to challenge conventional wis-dom; consider the implications of unlikely,
“long-tail” scenarios; and focus on pressing issues in minute detail. As firms grow larg-er, leaders must work harder to stay in touch with the front line and view themselves as “chief reality testers.”
2. Compete as a tri-sector athleteMany of the forces buffeting leaders in the private sector—slow growth, unemployment, sovereign indebtedness—can be addressed only in concert with the public sector and are heavily influenced by the actions of groups that are neither commercial nor governmen-tal entities. When governments play an ever more active role in regulating markets, and social movements can spring up in a matter of days, corporate leaders must be nimble “tri-sector athletes,” to borrow a phrase from Harvard political scientist Joseph Nye: able to engage and collaborate across the private, public, and social sectors. Leaders of govern-ments and nongovernmental organizations must likewise break out of their silos. Issues such as infrastructure, unemployment, edu-cation, or protecting the environment are too complex and interrelated to deal with in isolation. Many of the leaders with whom we spoke said they have learned the value of examining their business decisions in a social and political context. Even those wary of open-ended discussions say they find it useful to think about managing a “triple bottom line” that reflects their organ-isations’ performance in the public, private, and social spheres.
3. Stay grounded during a crisisEveryone we interviewed agreed that mod-ern leaders spend far more of their time firefighting than their predecessors did. Coping with externally generated crises, many argued, has become a key part of the modern leader’s role. In an age when crisis is the new normal, global organisations need leaders who are able to act quickly and calmly amid chaos. Many leaders highlighted the value of “stress-testing” members of the top team to gauge their ability to cope with crisis. We heard again and again that otherwise competent man-agers can’t always perform in moments of extraordinary pressure. The chief executive of one of the world’s largest companies marveled at how, in the face of a cash flow crisis following the collapse of Lehman Brothers, two of his top reports “shattered like glass.”
The emotional and physical stamina demanded of leaders today is extraordi-nary. Many of those we interviewed reserve crucial decisions for moments when they know they will be rested and free from dis-traction. They also talked about sequencing decisions to focus on key issues first, not after they have been depleted by lesser mat-ters. We are intrigued by the growing body of research in psychology, sociology, and neuroscience that highlights the impor-tance of “decision fatigue.” The implication of this research is that trying to make too many decisions at once diminishes the ability to make wise decisions at all. If the burden of leadership in the modern age seems overwhelming, the potential benefits are overwhelming too. Large organiza-tions— if led well—can do more for more people than they have at any other moment in history.
l e A D i n g e D g e | D o M i n i C B A r T o n , A n D r e w g r A n T , A n D M i C h e l l e h o r n
the mind of a leader must be free—a mind that can dream and imagine. all new things were born in dreams.
the Best advice I have ever got is that “in the end it is all about people.” I have got this advice from my friends, family, my bosses as well. We should all understand that if you do not have the right set of peo-ple working with you, then you are more likely to fail. I have had experiences in my life where I have failed because I did not have the right set of people working for me in the organisation. One can lead a team which has the right set of people, otherwise it becomes increasingly difficult. There is saying that a captain is as good as a team of players and the captain cannot alone win you matches.
One has to understand that people man-agement and getting the right set of people ensures the growth of an organisation and a good leader also cannot do anything pro-ductive or effective if he doesn’t have a able team to lead.
A CIO should always know the future of technology and its impact on the busi-ness that he/she handles. Today, a CIO should have the commercial acumen and should be able to perceive what is beneficial for the business.
But above all, what matters the most is the way a CIO manages his team. A CIO should be able to take the best out of the team and give them a free hand to be able to under-stand what kind of inputs can come from the team members.
There are a lot of CIOs who would do things on their own and this affects the
to work as leaders. This way he ensures that new leaders are being nurtured in the organisation.
In terms of challenges for a CIO today, I believe that he/she has to constantly keep on upgrading skills and competencies. A CIO should be always aware of the constant-ly changing technologies.
And finally, business models are chang-ing very fast, so a CIO should have the right skill-sets to adapt to new business models and look for innovative ways to enhance the business potential of the organisation and thus constantly keep on learning and enhancing their potential.
—As told to Atanu Kumar Das
team members in a negative manner as they are unable to put forward their own thoughts into action.
I also believe, that a true leader's skill sets is defined by the way he/she can manage people and this is one of the greatest asset one can have and I have learned this from my experience of working with numerous multinational companies, in India as well as abroad.
I also believe that there are numerous advices that one gets in his professional life and the way to growth is to take only those advices which would help him lead a team in a professional manner.
A CIO should always respect his team members and always try to encourage them
Anup ViKAlheAD iT & sTATegy, inTergloBe enTerprises
“People matter the most”
The BesT ADViCe i eVer goT
49September 2012
MenTorKK ChAuDhArysenior ViCe presiDenT – group heAD iT & is, lAnCo infrATeCh
MenTee
r sreeniVAs reDDyDgM - CorporATe iT, lAnCo infrATeCh
What do you look for in a mentee?kk chaudhary Mentee shoud always be respectful,
both on a personal note and also on mentor’s boundaries (time, other constrains etc). He also needs to be inquisitive — should ask as many questions as possible on the issue of discussion, but mentor should not get feeling of being checked on his knowledge. He should listen — especially when mentor points to the weakness in mentee that may affect the overall objective of mentoring. Mentee should be prepared — should not only discuss the problem, but pro-pose various solutions also. Finally, he should add value to mentor — in his professional as well as personal growth.
What do you look up to in your mentor?sreenIVas reddy He should be authentic and set
as an example. Having travelled the path that I want travel, he should help me to learn from his experience and mistakes too. He should know my strengths and weaknesses — should help me to exploit my strengths and overcome my weaknesses. Since we are in an ever changing technology field, mentor should have a strong inclination towards learning new things, always and should challenge us with new updates.
How do you identify and priorities areas where you think your mentee needs to focus on for
further professional development?kk chaudhary By observing him at work and during his interaction in various meetings/discussion.
How do you think Reddy can take on more responsibilities and take more/
bigger decisions?kk chaudhary I carry out ‘stress’ test for him. Give him more work (that in my assessment, he is capable of doing) than others and observe his reactions and quality of result.
Are there any conflicts between both of you? If so, how do you resolve them? If not,
what do you think is the secret of your smooth working relationship?kk chaudhary There is no conflict as such. But by men-tee is the oldest (length of service) in my department and has been instrumental in setting up most of the IT infrastructure. Probably he has a feeling that his contri-bution has not been duly recognised and he seems to have turned arrogant – tries to push his points through sometimes even ridiculing/questioning the ability of others. I opened up communication with him and dis-covered that there were some interpersonal issues. After some indirect counselling sessions, he seems to have changed and his peers have started sharing their points of view on any issue of difference of approach and opin-ion. The agreed solution is generally more valuable than what we independently thought of. He has realised on how others feel about him and has turned supportive. The trust relationship built because of this has been the secret of my smooth working relationship.
A Symbiotic Relationship
Me & My MenTee
50 September 2012
51September 2012
K K C h A u D h A r y & r s r e e n i V A s r e D D y | M e & M y M e n T e e
sreenIVas reddy I freely share my thoughts and concerns with my boss and he challenges with critical questions. We do discuss, debate on pros and cons of various options available to achieve certain objective and mostly on the implementation aspects. But most of the times it leads to a better solution & better implementation plan. We both strongly believe that professional confrontation can ultimately lead to a better value to the organisation.
What are the two or three key things you have learned from Reddy?
kk chaudhary Two key things I’ve learned from Reddy are: There is always a better way of doing something – bring in ideas
and press for discussion Good learning quality – he is a prolific reader and is open to
accept challenges.sreenIVas reddy There are many things that I’ve learned from Chaudhary. Some of these include: Always gives constructive feedback Always insists on the root-cause, which sometimes because of
the work pressure we tend to ignore but we have realized it’s impor-tance and also saves lot of time and irony at later days. The importance of the documentation – Be it process, policy, pro-
cedure, responsibility or an incident Practicing Knowledge sharing as a discipline
How do you think Chaudhary could contribute more towards your professional growth?
sreenIVas reddy Chaudhary spends lot of time with us, both formal-ly and informally. We do have knowledge sharing sessions weekly
and monthly – In fact he has Open-Door-Policy, we are allowed to go and discuss anytime. Whenever we share any new thought, he is as excited as we are. That gives lot of encouragement. As per the trends and future requirements, mentor should guide us to upgrade our self, even before the need arises in the organisation so that we can be more valuable to the current organisation in preparing the IT roadmap and we can also be more valuable individuals.
What are the challenges and constraints for a mentor/CIO to devote more time and effort for the development of
their immediate juniors?kk chaudhary Availability of time – not showing up in time due to work pressure may be disastrous in mentee-mentor relationship. Patience – Mentee may not show up the development as
expected. He may not be immediately grateful for mentor’s kind-ness, attention, and friendship. Mentor should have patience and do everything to understand the reason for delay in desired level of improvement.
Does Chaudhary delegate enough tasks and responsibilities to you?
sreenIVas reddy Most of the times I am only told about the objec-tive/goal or management directive and then he allows me to decide on the most suitable solution. He gives me complete freedom in selection and implementation of the solution and never interferes as long as it is in line with the group’s objective.
—As told to Varun Aggarwal
“mentee should be prepared — should not only discuss the
problem, but propose solutions”
“We both believe that professional confrontation can lead to a better
value to the organisation”
ph
ot
o B
Y s
ur
es
h
ph
ot
o B
Y
a p
ra
Bh
ak
ar
ra
o
52 September 2012
DAViD liMopinion
Context in Asian Negotiations When you get broken homes, when you call your father by his first name — you get a society far divergent from Chinese cultures where filial piety reigns
ABouT The AuThordavid Lim, Founder, everest motivation team, is a leadership and negotiation coach, best-selling author and two-time mt everest expedition leader. he can be reached at his blog http://theasiannegotiator. wordpress.com, or [email protected]
We dO business with people that we like. It doesn’t mean we won’t do business with slimeballs, but all things being equal, we award contracts, work with and – especially in the area of return-on-investment type of intangible – peo-ple we like. In Asia, a common mistake is assuming that we, across from the Big Lakes or far from Anglo-centric powers, are just one big group of people who think and behave alike. I can tell you right-away that a Chinese business person from Malaysia, Singapore, China or HongKong will have enough cultural and national biases to make even dealing with ONE Asian race – say Han chi-nese – pretty tricky at times.
Let’s focus on less obvious aspects of doing better in negotiations for example. One of the first things we normally do is to build rapport. This is a complex mix of reaching out through language, gestures, actions, words and protocols designed to bring ourselves closer to anoth-er person – even if it’s someone we have some misgivings about. In Asian cultures where the Chinese race domi-nates, certain threads and cultural underpinnings are key in understanding how rapport works. However, in this article, I want to move away from the more conventional information about do-s and don’ts which are based on more obvious customs and business etiquette.
Instead, let’s go deeper into the Asian psyche.HIGH /LOW CONTEXT: Small things, signs gestures mean a lot in a societies which place hierarchy and respect for rank. First time meetings where you bring a small token or gift that represents your nation or com-pany are welcomed and often a sign of courtesy . We tend to be a bit more higher context than in industrialised Anglo-centric culturesFACE: Enough said. You create rapport by giving appro-
priate face to all staff present. Going over the head of someone in a negotiation process may lead to loss of face and you will not win that person’s support or influence in the future. Here’s an extreme example when it can go wrong. An acquaintance of mine was once assigned to close a multi-million-dollar deal in China. For three days, he had to wine , dine and entertain the buyers. When he fell ill on the fourth days, he excused himself from the evening sessions. Upon his return to Paris, his boss told him that the Chinese feedback included a retort that the harried executive had not shown them enough ‘face’ when in China. They lost the deal.POWER-DISTANCE: Geert Hoftstede’s studies in the concept of power distance in culture continues to fas-cinate me. For many years he measured and studied employye values across cultures. The term “low” and “high” power distance refers to the relative inequality of the distribution of power within a society, culture or organisations. Many Sacndinavian countries for examples have a ‘low’ power distance culture, with fewer layers between the boss and the shopfloor worker. Culturally speaking, Scandinavian countries are also egalitarian in terms of wages, and standards of living. These countries score hovers around 30 on Hofstede’s scale
India has Power Distance (PDI) as the highest Hof-stede Dimension for the culture, with a ranking of 77 compared to a world average of 56.5. This Power Distance score for India indicates a high level of inequality of power and wealth within the society. This condition is, to some extent accepted by the population as a cultural norm. India has Power Distance (PDI) as the highest Hofstede Dimension for the culture, with a ranking of 77 compared to a world average of 56.5. China by com-
53September 2012
D A V i D l i M | o p i n i o n
parison is also high at 80, and Singapore is not very far behind too; and reflect’s the countries distribution of power both political and wealth.
So in this context in an everyday negotia-tion, understand that in high-power distance countries, there are likely to be many more gatekeepers with who you may need to win over before you actually get to negotiat-ing with the economic buyer. In a low-power distance context, far less rapport-building energy may be required. The higher hierar-chy in Indian and many East Asian cultures also suggest that approaches to negotiation may require the unpeeling of the proverbial onion — discerning just who is the eco-nomic buyer mad who are the influencers involved in the process.CONFUCIAN PRINCIPLES: Though not explicit, many East Asian companies are still run with the ethics and thinking of the ancient Chinese philosopher from more than 2000 years ago — who outlined how we should live, run governments ,and lead a household. These include principles that championed respect for elders, filial piety, a strong work ethic, and effective governance of the state. You can’t effectively negotiate any Chinese who has some Confucian exposure, and not realise its influence. So in the con-text of a negotiation — respect your elders, though you may diplomatically disagree with their position.
And when it comes to filial piety — that’s a phrase that’s almost NEVER used in Anglo-centric societies. When you get broken homes, a culture which focuses on individual freedoms over collective interests, when you call your father by his first name (and he’s OK with it) — you get a society far divergent from Chinese cultures where filial piety reigns. It extends to taking care of your parents even if you don’t get along with them.
In a family run business (and many of the largest Asian busineses are still family-owned), understand the power dynamic of the matriarch or patriarch, and ask if the Harvard-educated eldest son will really ride roughshod over his father…no matter what he says.
So if you wish to get of on the right foot, think about these when building rapport with Asian decision makers — show some respect, be open, listen when the oldest/eldest at the table speaks, understand the context of the familial situation. You’ll be mutually respected in liked. It makes a good impression.
These are just some of the lovely complexities that make up negotiating in Asia.
DAVID LIM IS A LEADERSHIP AND NEGOTIATION
COACH AND CAN BE FOUND ON HIS BLOG http://
theasiannegotiator.wordpress.com, OR subscribe to his free
e-newsletter at [email protected]
in a family run business, understand the power dynamic of the matriarch or patriarch, and ask if the harvard-educated eldest son will really ride roughshod over his father…no matter what he says
ill
us
tr
at
ion
BY
ph
ot
os
.co
m
54 September 2012
Taking People With You The book is not just a thought on leadership. It is a workbook and a
well developed organised plan
BOOk sheLf of a manager, aspiring to be a business leader, is always
overloaded with books inculcating leadership skills. Churned out regularly by authors, these books mostly fail in helping a managers to climb the leadership ladder. One of the primary reasons was that the authors themselves were not real leaders who had never laid the foundation and run an excellent business. Often they were observers, who were never under any kind of pressure to increase profitability and run business seamlessly. Ironically, sometimes they did not even have a close access to the leaders they were writing about.
The second reason was that even leadership books by credible authors, often, do not explain the thorough details on what they recommend. A good reason, therefore, to like Taking People With You: The Only Way to Make Big Things Happen by David Novak was that it was extraordinarily good on these critical issues, where other leadership books disappoint.
David Novak is the Chairman of the Borad and CEO of Yum! Brands. Yum! Brands or Yum! is a
United States-based Fortune 500 cor-poration. Yum! operates or licenses Taco Bell, KFC, Pizza Hut, and WingStreet restaurants worldwide. Based in Louisville, Kentucky, it is the world's largest fast food restaurant company in terms of system units—nearly 38,000 restaurants around the world in more than 110 countries and territories. Yum! Stock had witnessed a rise of 16 percent a year on average. Novak, keeping the facts in mind, had earned the right to express his thoughts over leadership.
In his book, Novak reveals that the fundamentals of communication, encouragement, and recognition have helped him lead Yum to big success.
The book is not just Novak's thought on leadership, but a well developed organised plan. This is more of a workbook, then a book. It provides exercises, worksheets and other tools to help executives from any size company bring people with them. Novak has himself recom-mended reading a chapter a day.
His approach is less about literally taking people with you, as in promo-tions and carrying them into your inner circle, than it is about inspiring
them to sign on to your vision of the future – a vision that includes them.
The book highlights that leadership is not all about techniques, but about deep nature, traits as a human being, and most importantly how you con-nect with people around you. Novak tries to make readers do psychoanaly-sis, mostly of the time by, themselves. It is a hard task to do as being honest with oneself can leave one exhausted.
Besides, introspection, the book also talks about strategy, structure, action plans and execution. The core of the book was on human experi-ence of leading. Novak's most strong subject was the value of recognition. The writer was particular about pub-licly recognizing good performance. Though recognition costs nothing and has staggering value, still most of the managers are clueless about this basic fact of human nature.
Of all the business leaders, who consistently perform and gain atten-tion, hardly anyone wrote good books. Novak is an exception. Taking People With You: The Only Way to Make Big Things Happen is a must in the book shelf of aspiring business leaders. —By Akhilesh Shukla
ABouT The AuThorDavid c. novak became ceo of Yum! in the year 2000. he has also held senior management positions at pepsi-cola company, including chief operating officer, and executive Vp of marketing and sales
“We’ve said that our formula for success is build people capability first, then we will satisfy more customers and make more money” — DAViD noVAK
shelf life
NEXTHORIZONS
Do You Have What It Takes To Lead IT Pg 58
Data is The Perimeter For Cloud Security Pg 59 More
FeaTureS InSIDe
Last Fall must have been a time for wound licking in the West Wing of the White House, particularly as it considered the fallout from the WikiLeaks Affair and the vast
number of US diplomats who were being embarrassed on a weekly basis by the publi-cation of embarrassing or just plain stupid “private” communications.
It was time for an executive order which directed all US government agency heads who have to deal with classified information to designate an ex-pat senior official
Feds Finally Embracing Security The uS government will coordinate information sharing and ensure that agencies that use classified computer networks protect info By Paul Kenyon Bonfante
im
ag
e b
y p
ho
to
s.c
om
56 September 2012
to oversee their organisations activities around the sharing and protecting of their sensitive information.
These guardians of security have also been tasked with implementing a program to detect insider threats once the task force as finally ground to a conclusion.
President Obama’s executive order was the result of a seven-month review by his administration in which the White House sought to find a proper balance between security and the need for agencies to share classified information. Under the executive order, the government will coordinate infor-mation sharing and to ensure that agencies that use classified computer networks pro-tect information.
Each agency will have a senior official oversee classified information and be responsible for safety measures.
Several departments and agencies, includ-ing the Pentagon and the CIA, have already taken steps to control people's ability to place classified data on disks or removable memory devices, as well as limiting the number of users with permission to use such devices. Specifically, the order man-dates Attorney General Eric Holder and the US director of national intelligence, James Clapper, to establish an Insider Threat Task Force to find ways to deter and detect security breach. Against the backdrop of existing government agencies, some critics have questioned the need for yet another agency to deal with security matters, but it is worth noting that it has been almost six years since the inception of WikiLeaks, yet the government has only just begun to iden-tify methodologies to combat insider threats within the military.
The bottom line here is that the govern-ment needs to move swiftly if it is maintain credibility — especially in an election year.
Earlier in 2011, the White House revealed language on new legislation directing private industries to improve computer security voluntarily and have those standards reviewed by the Department of Homeland Secu-rity (DHS).
The government, all the way from federal to state, and down to city levels, clearly has plenty of work to do on preventing
insider attacks. Our view is that it is about time the White House has caught up on ideas and technology that many corporate clients have known about for several years.
What enterprises already knowEstablishing a least privilege environment is the first step to achieving an IT environ-ment whereby everyone can still be pro-ductive, while at the same time remaining secure. The White House, of course, may not be taking this route to better security for all the right reasons, as there is an argu-ment to show that it is simply looking to avoid another WikiLeaks Cablegate by creat-ing more agency oversight and security for data stored on classified networks.
It is worth noting that the executive order signed by President Obama creates a num-ber of new inter-agency governing bodies that will work together to oversee the protec-tion of classified information across federal agencies and departments, while at the same time balancing the needs of federal
users that have permission to access it. The order also makes federal organisations respon-sible for the sharing and protec-tion of their classified informa-tion, as well as mandating that they designate a senior official to oversee these tasks.
In addition, agencies and departments must willingly pro-vide information for indepen-dent assessments of their com-
pliance with security policy and standards, as well as implement an insider threat detection and prevention programme, which is where the Insider Threat Task Force enters the frame.
In addition to the task force, the executive order also sets up a series of committees to ensure agency compliance with the security measures and to facilitate interagency coor-dination. The Senior Information Sharing and Safeguarding Steering Committee will have overall responsibility for the new poli-cies and be held accountable for department and agency compliance. Senior officials from the DOD and NSA will jointly act as a new Executive Agent for Safeguarding Clas-sified Information on Computer Networks to develop technical policies and standards to protect classified information. The plan is for this executive agency to also be respon-sible for third-party assessments of agency compliance. It’s also worth noting that, as officials were laying the groundwork for the new policies, the Insider Threat Task Force has been working informally since June of last year to clarify policies in several prior-ity security areas. For example, a number of departments and agencies already have standardised policies for removable media, limiting the number of users who are per-mitted to use such devices.
To beef up their online identity manage-ment, administrators of classified systems have also enacted measures to strengthen online identity management policies and their ability to track information being accessed by these users.
Will this work?So will the executive order stop sophisti-cated attacks, as exemplified by complex and targeted malware such as Stuxnet and Duqu? This is debatable, but the use of augmented security layers enterprises have been using for years such as privilege man-agement can greatly assist in this regard.
Effective privilege management allows IT professionals to control who has access to specific applications running on the corpo-rate IT platform, as well as the underlying data. This means, for example, that if the admin team only run their control and security software from within the network perimeter on known PCs, then access to those applications can be locked down to
Our view is that it is about time the White House has caught up on ideas and technology that many corporate clients have known about for several years
15%Of aLL SOcIaL
mEdIa REvIEwS aNd OTHER fORmS Of
ENgagEmENTS wILL bE fakE by 2014
57September 2012
S E c u R I T y | N E X T H O R I Z O N S
Do You Have What It Takes to Lead IT?The skills required to be a true agent of transformation are not technical By Larry Bonfante
I’m so often asked about the competen-cies required to be a successful CIO in the 21st century that I chose to make this a main topic of my book “Lessons in IT Transformation.”
It seems that many CIOs are more focused on acquiring the latest and greatest technology services and solutions than they are on building their personal skillsets.
However, the skills required to be a true agent of transformation are not technical (or
specific on-network and even on-workgroup computers. Then, even if a set of admin account credentials are compromised by hackers or other external (and unwanted) agencies, they cannot use those credentials from the Internet. They would still have to gain physical access to the terminals used by the admin staff.
This security methodology revolves around the principle of least privilege, which, in turn, translates into a least risk scenario since the attack surface of the net-work is significantly reduced.
In view of the looming elections, there is an argument that the DHS should take a leaf out of the security industry’s best practices by adopting this least privilege approach.
But how should the White House go down this path?Our observations are that the President needs to designate a senior official to be charged with overseeing the project, as well as implementing an insider threat detection and prevention programme on a
multi-agency basis. In parallel with this, the government and its agencies also need to ensure that their information is prop-erly classified, as well as start researching into the many types of data leak prevention (DLP) technology that are available to today’s businesses. Coupled with regular self-assessments of current security arrangements — as well as not being afraid to bring in external advisers — this cannot help but engender a positive approach to data security in all its various shapes and forms.
The final step that needs to be taken is to implement a policy of least privilege a pro-cess that is easier to implement than many professionals think. Researchers found that, when analysing published Windows 7 vul-nerabilities through March 2010, 57 percent were no longer applicable after removing administrator rights.
In comparison, Windows XP was at 62 percent, Windows Server 2003 was at 55
percent, Windows Vista was at 54 percent, and Windows Server 2008 was at 53 percent.
Whether or not all of this activity is going to result in the death of the insider threat is a moot question. The eradication of the insider threat depends upon two things: The first is the education of people working in government and the realisation of people working in govern-
ment that all of the information they deal with is sensitive and has to be protected.
The second is the determination of IT security departments to implement regimes of least privilege to avoid the influx of super-users who have been able to easily bypass some of those internal security controls, it all looks very easy. Unfortunately, it is not, hence the President’s intervention. —Paul Kenyon is a security specialist at Avecto.
— This article has been reprinted with prior per-
mission from CIO Update. To see more articles
regarding IT management best practices, please
visit www.cioupdate.com.
even business-related); rather, you need to develop skills in human dynamics.
Let’s review a few of these key CIO competencies.
First of all an effective CIO has to be able to get a diverse group of stakeholders to embrace and align around a common vision and purpose. With so many people in every enterprise having their own personal agen-da, this is no small task. Getting alignment requires the key competency of managing
through influence. We have to get people to want to do what we are asking of them, because oftentimes we aren’t in a position to demand their compliance.
We also need to be able to develop key partnerships — both within our own organ-isations as well as with outside third par-ties — with those who can bring the skills and resources we need to complement our existing talent base. More than at any time in our history, great accomplishments are
$86bnwILL bE THE SIZE Of
wORLdwIdE SEcuRITy SpENdINg by THE yEaR
2014
58 September 2012
N E X T H O R I Z O N S | S E c u R I T y
im
ag
e b
y p
ho
to
s.c
om
the result of great alliances, getting various groups to come together to work on a com-mon goal. Perhaps the most important role of the CIO is that of relationship manager. We must be able to become trusted advisors for our internal clients and our external con-sumers. We need to be the “go to” people they seek out whenever they are starting a new business initiative and need our exper-tise to help drive their success.
CIOs need to be incredibly effective com-municators. We need to be able to motivate and inspire people to take action. We need to communicate in terms they understand and in ways that motivate them to take action and support our directions.
Finally we need to be able to drive com-plex and challenging change efforts, and convince people to step out of their comfort zones, take risks, and do things that require courage. Are you up for the challenge?”
—Larry Bonfante is CIO of the United States
Tennis Association and founder of CIO Bench
Coach, LLC, an executive coaching practice for
IT executives.
— This article was first published in CIO Insight.
For more stories please visit www.cioinsight.com.
We must be able to become trusted advisors for our internal clients and our external consumers
Data is the Perimeter for Cloud Security What is needed is an infrastructure that’s designed to deliver digital signatures By Mike Gault
The cyber security market in 2012 is estimated at $60 billion, yet adding more and more layers of perimeter security may lead to a false sense of security and be completely useless
against a determined system administrator working on the inside.
The end result is that your data might be secure or it might not — you simply have no way to prove it. Shawn Henry, FBI
veteran of 24 years and now president of CrowdStrike Services had this to say about integrity at the Black Hat conference this year: “These days, you can’t just protect the information from being viewed. You also need to protect it from being changed or modified.” This leads to the question: Would you know if an attacker or your own system administrator got to your data?
Traditionally, the ‘integrity’ component of
the CIA triad of data security [confidential-ity, integrity, availability] has focused on pro-tecting the integrity of data. But proving the integrity of data — knowing you have not been compromised — is equally if not more important. We have been nibbling around the edges of this with checksums and other one-way hash algorithms but have yet to cre-ate truly scalable, rock-solid mechanisms to prove integrity. It’s as though we have taken
59September 2012
c L O u d | N E X T H O R I Z O N S
a car that holds our most precious cargo and wrapped it with increasing layers of protec-tion but we fail to create a way to monitor the brakes or onboard computers for tam-pering or other untoward acts.
Data is the new perimeterMany experts have come to the conclu-sion that all networks will eventually be compromised, so security should be focused on protecting data and less about the perimeter — i.e., what is required is a data-centric focus on security. What is needed is an infrastructure that’s designed to deliver digital signatures for data at scale, ensuring that verification of the signatures does not require trusting any single party. Donald Rumsfeld famously compared the difference between known unknowns and unknown unknowns. Digital signatures that are essentially ‘keyless’ have the power to convert one unknown — “Is my security working?” — to a known: “I have proof that my applications and data have not been compromised and that proof is independent from the people operating those systems.”
So what is a keyless signature? In a nut-shell, a keyless signature is a software-gen-erated tag for electronic data that provides
proof of signing time, entity, and data integ-rity. Once the electronic data is tagged, it means that wherever that data goes, anyone can validate when and where that data was tagged and that not a single bit has changed since that point in time. The tag, or signa-ture, never expires and verification relies
only on mathematics – no keys, secrets, cer-tificates, or trusted third parties – just math.
And we can all trust math. — This article is printed with prior permission from
www.infosecisland.com. For more features and
opinions on information security and risk manage-
ment, please visit Infosec Island.
Rapid 7 Analysis of Data Breach Incidents2010 witnessed three times higher number of incidents as against the first half of 2012 By Pierluigi Paganini
Security Firm Rapid 7 has published an interesting analysis on govern-ment data breach reported from January 1, 2009 to May 31, 2012.
The document present a worry-ing scenario in which 268 incidents exposed more than 94 million records containing sensible information. This type of incident is really dangerous due the nature of information exposed that could represents
the starting point for further attacks. Marcus Carey, security researcher at Rapid7, declared:
“Our analysis puts a spotlight on the need for improved security operations and testing. It also analyses specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk.”
In US all states have adopted laws requir-
ing that companies victims of incident to notify information to their customers in order to proper response to the event. Recently, Senate Republicans have intro-duced draft legislation known as the “Data Security and Breach Notification Act of 2012 (S.3333)” to propose a national recognised procedure to respond to data breaches.
Governments networks are privileged targets for several type of attackers, for-
im
ag
e b
y p
ho
to
s.c
om
60 September 2012
N E X T H O R I Z O N S | S E c u R I T y
eign state-sponsored hackers, hacktivists and cyber criminals, and in every cases the principal objective is cyber espionage, are increasing in fact the attacks to expose government information or to steal intel-lectual properties in critic sectors such as the defense. The Report of Rapid 7 has been published few days after the publication by Symantec of the document on the "Elder-wood project" that describe the ongoing impact of cyber espionage operations and attacks part of the famous Op. Aurora.
2010 was the year with the high number of incidents publicly reported, a number three times higher of the number of inci-dents reported in the first half of 2012.
Despite 2010 was the year with highest number of incidents, the major number of records exposed is related to 2009, in particular in the month of October 2009 76 million US veterans’ personally identifiable information (PII) was exposed after a defec-tive hard drive was sent to a government vendor for repair and recycle before the data was erased. The Report proposes the division of data breaches in the following categories: Unintended disclosure – Sensitive infor-mation posted on a website, mishandled, or sent to the wrong party.
Hacking or malware – Electronic entry by an outside party, malware, and spyware.
Insider – Someone with legitimate access intentionally breaches information – such as an employee or contractor.
Physical loss – Lost, discarded, or stolen non-electronic records, such as paper documents.
Portable device – Lost, discarded, or stolen laptop, PDA, smartphone, portable mem-ory device, CD, hard drive, data tape, etc.
Stationary device – Lost, discarded, or sto-len stationary electronic device such as a PC or server not designed for mobility.
Unknown or other.Going in the details of the data proposed
by Rapid 7, the number of incidents and reported PII records exposed during the period of observation are: Unintended disclosure – 78 incidents exposing 11,783,776 records
Portable device – 51 incidents exposing 80,706,983 records
Physical loss – 46 incidents exposing 296,710 records
Hacking or malware – 40 incidents expos-ing 1,082,749 records
Insider – 39 incidents exposing 177,399 records
Stationary device– 6 incidents exposing 250,650 records
Unknown or other – 8 incidents exposing 5,906 recordsThe data proposed in my opinion dem-
onstrate that this type of incidents could be sensibly reduced with an opportune aware-ness campaign, as seen a great number of incidents is related to misconduct of users, that not intentionally, apply an adequate protection to their data. Excluding hacking
attacks made by foreign governments and cyber criminals that exploit 0-days vulner-abilities, with the definition of best practices and the adoption of a behavior compliance to the current standard in matter of security it is possible to avoid data breach incidents, or at least reduce the number of exposed information. That consideration is an imperative in government environments to avoid dramatic incidents that could expose homeland security. — This article is printed with prior permission from
www.infosecisland.com. For more features and
opinions on information security and risk manage-
ment, please visit Infosec Island.
Government’s networks are privileged targets for several types of attackers
im
ag
e b
y p
ho
to
s.c
om
61September 2012
S E c u R I T y | N E X T H O R I Z O N S
T E C H F O R G O V E R N A N C E | S T O R Y N A M E
62 September 2012
TECH FORGOVERNANCE
Seven Tips to Improve Patch ManagementFind patching to be an easy, straightforward, and enjoyable part of systems management By Casper Manes
Number of PCs sold in India in Q2 of 2012
2.9mn Data BrieFing
im
ag
e b
y p
ho
to
s.c
om
63September 2012
s E C u R i T y | T E C H F O R G O V E R N A N C E
APOintS5
Never assume a patch is deployed
seccessfully to
every system
Choose a patch
that can roll back or
uninstall patches
It Is better to
deploy an untested
patch than to not
patch at all
set a regular
patching window
that takes priority
supportINg the patching window is a
very important step
As a security consultant, one complaint I hear frequently from my customers is that patching is a pain. The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue.
patch at all, but you roll the dice every time you do. Designate a sampling of key users and servers, and deploy patches to them early so that you can be sure that the patches play nice-ly in your environment before you patch all the systems.
5 Create a patching window that is inviolateSet a regular patching window that takes priority.
Publish it so that other business units can plan around your patching activities, and make sure that the senior manage-ment support includes supporting the patching window so that you can get workstations and servers updated quickly.
6 Ensure 100% complianceNever assume a patch is deployed successfully to every system. Your patch management solution
should be able to report on the status of all systems, that patches are deployed successfully, and you should spot audit systems to be absolutely certain you’ve covered everything.
7 Ensure you can roll backEven with testing, there’s a chance you will deploy a patch only to later find out that it causes a prob-
lem. Choose a patch management application that can roll back or uninstall patches that it pushes out, just in case a problem is discovered late in the game.
If you take these seven tips to heart and implement them in your environment, you will find patching to be an easy, straightforward, and enjoyable part of systems management.
—This guest post was provided by Casper Manes on behalf of
GFI Software Ltd.
— The article is printed with prior permission from www.infose-
cisland.com. For more features and opinions on information
security and risk management, please visit Infosec Island.
This generally means patching is not carried out for months and security is put at risk. However with proper planning and a patch management strategy, patch manage-ment is not such an issue after all.
I have helped numerous customers implement patch management and there are seven tips that I adopt:
1 Have senior management make patching a priorityIf admins are allowed to patch (or not) as they
see fit, and if you are expected to “do the best you can” with patching, you’re doomed to fail. Senior management must set the expectation that patching is critically important, man-datory, and they will need to support that.
2 Implement a patch management solutionPart of that support from senior management
will include implementing a patch management solution. The free ones are worth every penny you pay for them, which is not to say that they are not useful, but they typically focus on the operating system, and leave the applications out in the cold. A patch management solution is the best way to automate the testing, patching, auditing, and reporting steps that manual patching makes so painful.
Include third party applicationsYour patch management system must be able to
deploy patches for your third party applications. Media play-ers and readers, line of business applications, and the vari-ous utilities that are found on practically every workstation, and many servers, must also be patched.
4 Testing is not optionalIt’s better to deploy an untested patch than to not
3
64 September 2012
T E C H F O R G O V E R N A N C E | s E C u R i T y
Cybersecurity Executive Order: Do We Need it?
The last thing we need is another hastily-designed and open-to-interpretation framework
threat-based cyber security is the fastest growing sector in the it security industry By Richard Stiennon
since the collapse of the Congressio-nal attempt to pass the Cybersecu-rity Act of 2012 there has been mounting pressure for the Obama Administration to “do
something”, that something being the imposition of a regulatory regime to protect critical infrastructure.
But the Cybersecurity Act of 2012 failed because it was fatally flawed.
Federal News Radio reported that they had obtained a copy of a proposed Executive Order that would attempt, through execu-tive fiat — as Steve Bucci at the Heritage Foundation terms it — to impose most of the measures called for by Senators Lieber-man and Collins. Bucci raises an important point: “[Regulation] is exactly the wrong approach for dealing with a fast-moving and incredibly dynamic field like cybersecurity. Give hackers — whether working for them-selves or for another nation-state — a static standard, and they will waltz around it and have their way with the target entity.”
Congress has gone through several dozen cybersecurity bills in the last three years, not to mention the failed attempt to pass a data breach law which dates back to 2005. Even as they revise and re-write, there have been dramatic changes in the defensive posture of our critical infrastructure providers. Let’s look at the proposed Executive Order as
ima
ge
by
ph
ot
os
.co
m
65September 2012
C l O u d | T E C H F O R G O V E R N A N C E
Keeping Safe In The CloudWith all the hacking stories, will the world return to naS or burning DVDs for data backup? By Ben Kepes
This year has seen a seeming storm of examples of security breaches of cloud services.
As is often the case when people have vested interests in a particular
technology, many naysayers have pro-nounced that these security breaches spell the end of the cloud.
Heck, even Apple co-founder Steve Woz-niak went on record saying:
“With the cloud, you don’t own anything.
revealed by Federal news Radio. There are ten sections of the draft. Most of them call for nebulous voluntary information sharing or requirements that DHS create frame-works within three months. I can just see the scramble that will occur, after multiple extensions to the due date are granted.
Because telecom carriers are identified as critical infrastructure you can see where resistance to information sharing comes from. Binding the Department of Home-land Security to ISPs and phone companies is a slippery slope and they have resisted sharing information because of the legal liabilities due to privacy violations.
You can predict where the anti-SOPA movement will come down on this issue. So, the draft Executive Order attempts to remove those liabilities. But those “liabilities” are privacy protections, and any attempt to bypass them will be perceived as an egregious extension of the Patriot Act.
The last thing we need is another hast-ily designed and open-to-interpretation framework. Look at the regulatory burden that Sarbanes-Oxley created for publicly traded companies. The only section of SOX
that touches on cybersecurity mandates the use of a cyberse-curity framework such as ITIL or COBIT, yet public companies are still suffering constant suc-cessful breaches.
The good news is that while Congress dithered, the IT security industry developed. As Bucci points out, cybersecurity is dynamic. As new threats have developed– from cyber crime, to nation state espionage, to weaponized malware targeting uranium gas centri-fuges– the industry has reacted. There are now tools that collect intelligence, identify previously unknown attack attempts, and alert network operators to successful intru-sions, giving them the ability to track down and eradicate them. Major security vendors already gather threat intelligence from hun-dreds of thousands of deployed devices.
New firms are even actively infiltrating and gathering information from hacker and cyber criminal forums. Cutting edge busi-nesses that I have visited in the financial and technology sectors and the Defense
Industrial Base (DIB) have developed their own methodolo-gies that turn traditional IT risk management frameworks on their head. Instead of an asset and vulnerability approach — as proposed in all cyber legisla-tion to date — these new meth-odologies focus on the threats.
Threat based cyber security is the fastest growing sector in the IT security industry.
The rapid uptake represented by 100 percent annual growth rates indicated that without a single regulation or Executive Order the problem is being addressed.
Forcing utility operators, banks, and earth resources companies to comply with frame-works based on outmoded asset and vulner-ability methodologies will distract them from implementing threat based defenses. The draft Executive Order, if issued, will do much more harm than good. — The article is printed with prior permission
from www.infosecisland.com. For more features
and opinions on information security and risk
management, please visit Infosec Island.
61%OF GARTNER’s REVENuE CAmE FROm REsEARCH wiNG iN THE sECONd quARTER OF 2012, up
FROm 50 pERCENT iN 2011
You already signed it away through the legalistic terms of service with a cloud pro-vider that computer users must agree to. I want to feel that I own things… A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.”
Some might suggest a degree of self-inter-est in that case, Wozniak is actually chief scientist for a storage company, but beyond
that, there seems to be a lot of hand wring-ing and naysaying about the cloud.
First up was Dropbox, which reported a breach of its systems that could have com-promised users passwords. As I said in a post reflecting on the Dropbox issue:
“…amazing functionality doesn’t mean that the product is robust or secure, and the issues that Dropbox seems to be facing over time indicate a corporate culture that has, at least in part, stemmed from an imma-
66 September 2012
T E C H F O R G O V E R N A N C E | s E C u R i T y
ture approach towards building a product and building a company. It’s a subject I’ve opined on previously when it comes to Dropbox and one which would appear is shared by others.”
The key differentiator here is consumer as opposed to business-ready tools. Now, I’ve stood up and complained about ven-dors who simply stick a “trusted provider” label on their products in a bid to heap fear, uncertainty and doubt upon competitor services, but there is clearly a difference between a tool designed for consumers to share music and photos, and a true enter-prise-level service.
Honan had linked his Google and Twitter accounts with iCloud, along with enabling the remote wipe feature that Apple prod-ucts come with. The hackers managed to infiltrate his twitter, change his Google pass-words and remotely wipe all of his Apple devices – a nightmare indeed.
So with all these horror stories about services ostensibly run on the cloud, will the world return to having a NAS under the desk or burning DVDs to back up their data? Clearly not, but it is worth reiterat-ing the hard truths of cloud computing as Derrick Harris over on GigaOm wrote about — the fact that, at least to an extent,
cloud users may have to accept some loss of control over their data when they sign up to a cloud service.
That’s not necessarily a bad thing – but it is something they need to be mindful of. The other thing that Harris points out is that people are generally the problem. In the Honan example, hackers simply called Apple support and, using some social engineering, managed to have Honan’s password reset. Having said that, there are some key things that cloud users need to think about to ensure security of their data. We went into these in detail in the security chapter of the CloudU certificate, but Harris has written a post detailing the six ways to ensure your data has the best chance of stay-ing safe in the cloud. Harris’ top six tips are: Be smart about passwords and security questions.
When possible, encrypt. If at all possible, make your data unreadable by others
Use two-factor authentication, because two passwords are better than one
If you need it, back it up — duplicate your data wherever possible
Delete it when it’s done – don’t have sen-sitive information sitting around in the Cloud when you’re done with it
— The article is printed with prior permission
from www.infosecisland.com. For more features
and opinions on information security and risk
management, please visit Infosec Island.
White Hat Hackers, Black Hat Hackers What would be gained by changing the language used to describe cyber security? By Jim Palazzolo
what color hat are you wearing today? Are you happy with your life and the way things are around you?
Deciding, for research sake, do you wear a grey colored hat today or are
you angry and vengeful, deciding to go with a darker colored black hat? Does anyone care about the hats anymore?
It may seem like a trivial question, but I do remember some time back reading or hearing a reference that basically stated: If
you give public attention to your adversary, the stronger they get by giving them recog-nition. We keep using terms like “Hacker” and “Black Hat”; and, I understand the need to continue to classify the behaviour. How-ever, are we inadvertently giving individuals
When possible, encrypt. If possible, make your data unreadable by othersil
lu
st
ra
tio
n b
y p
ho
to
s.c
om
s E C u R i T y | T E C H F O R G O V E R N A N C E
too much inherited power by recognizing them in context and connotation?
I’ll admit I’ve been having a very tough time finding my own words to express this thought.
In my head it’s very black and white. You’ve either committed a crime, or you have not; meaning: Just because you’ve thought about getting back at your old boss does not make you a bad person, nor does successfully completing a pen test make you a wanted criminal; but, the raw act itself, what did you, or a group of individuals do? Did you break the law, or did you not?
It seems is so much simpler to look at it in those terms: black and white. I think the ecosystem of cyber security is simply mov-ing in that direction naturally; so, I’d like to give it another nudge. I can’t remember the last time that I read an article that specifi-cally stated a group of “Black Hat Hackers” broke into a bank’s infrastructure and stole a large sum of money. Rather, most articles seem to simply state: “a group of individu-als broke into a bank’s infrastructure and stole a large sum of money.”
But what would be gained by changing
the language, and what would simply change by changing the language used to describe cyber security? Would you no longer like your job because you’ve lost the romantic espionage side?
Would you come to work if you couldn’t claim that you were a hacker? Would chang-ing the language change the overall surface of behavior in the ecosystem itself? Would hacktivists continue to hack into systems if they were no longer given a name like “hacktivists”?
From my understanding, if you go back to the manifesto and other literature, the term “Hacker” simply meant someone who liked to tinker with things and make them do things that they were not designed to do; and, they enjoyed the journey of discovery.
I can hear it now, large cyber security ven-dors shouting, “They are Hackers! Evil, malicious, and devious people who wish to overthrow your empire!” All of that just to protect their profits. I mean, if you took out all the fearful language, what
would you have left? Would you buy something where the adver-tisement sounded like this: “Are you experiencing broken headers that are affecting your overall network performance? Do you have emails that are sending users to destinations they do not want to go to? Then get our new shiny network traf-fic manager”
So what can we deduce from this random thought? For starters, lan-guage truly drives the industry. Whether out of fear, profit, or protection, it is clear that the language used has a way of drawing in customers to spend their money on your products and services.
So it is very clear that the language we use has a very direct affect to the ecosystem we work within. The real quest will be in choosing what to say.
— The article is printed with prior permission
from www.infosecisland.com. For more features
and opinions on information security and risk
management, please visit Infosec Island.
$60bnwill bE THE GlObAl
spENd ON sECuRiTy iN THE yEAR 2012, up FROm
$55 billiON iN 2011
68 September 2012
VIEWPOINT
I was very lucky in that I spent a good month on the beach forgetting everything I’ve ever known about IT. I was not so lucky in that my brain can’t stop observing and questioning human behaviour, in IT or anywhere else. I can spot someone from NJ in seconds now. I can tell a driver is from Connecticut within one stupid maneuver.
Useful? Not really. But interesting nonethe less, at least to me.
I currently do not look like I’m an IT geek. I’m far too tan for that. Thus I will be incognito for at least another few weeks. Here are some of my current thoughts, in no specific order, and absolutely no coherent pat-tern – other than that in one way or another they all relate to the odd ways in which humans – and companies (collections of humans) do things:
It’s funny to watch people who recently arrive on vacation, and how long it takes them to slow down. They are in a rush to get nowhere. They freak out when it takes 45 minutes for a hippy chick to bring them a check after their lunch and lose it over bad service – but they have nowhere to go.
have “offerings” but they aren’t seri-ous, or mainstreamed. I get how it’s hard to give up the tradition – but if you don’t, aren’t you afraid someone will? Amazon and Nirvanix won’t be the only ones who give the people what they want. Speaking of those unwilling to give up the ghost, we are due for an upheaval. We haven’t had a class extinction in the infrastructure business for a few decades – since the minicomputer era.
I love entrepreneurs. I love anyone who will take on the establishment and try to upset the money train. Most are clueless. Like the moron who decided to go swimming 500 yards off shore this summer, in known Great White shark infested waters off Cape Cod, in known seal inhabited areas. Balls, yes, but the brain of a newt. Of course he was attacked. He was playing the big fish-es game, and in that case, I root for the fish. Darwinism works — in life and in business. Occasionally, how-ever, someone spots a new opening or opportunity where you can play the big fishes’ instincts and habits against themselves.
People hold grudges. A lot of the big OEMs are not at all happy with the way Seagate gouged them after the Thailand floods, and are quietly plotting retribution. Karma is a bitch. If Amazon ever gets its pricing model coherent and rational, it truly could be the biggest infrastructure cloud busi-ness ever – for a long time. However, they still don’t have it nailed. Lot of bad press on them screwing people to “recover” data lately. Businesses won’t tolerate that for long—the ease of setting up will be outweighed by the outrageous bills eventually. Funny thing is, they could own the world if they figure it out. Speaking of Amazon, is there any reason to shop anywhere else? My UPS guy is probably going to be invited to family functions I see him so often. Just a few years ago that type of consump-tion model didn’t exist—and now I don’t buy any other way. That gets me to think that it’s insane that core infrastructure companies still don’t offer customers a legitimate cloud consumption model. Why can’t I buy EMC or NTAP or HP/Dell/IBM etc. as a pay as you go service? Sure they
Back to Work Here are some of my thoughts
on human behaviour
STEVE DuPlESSIE | [email protected]
about the author: Steve Duplessie
is the founder of
and Senior Analyst
at the Enterprise
Strategy Group.
Recognised
worldwide as
the leading
independent
authority on
enterprise storage,
Steve has also
consistently been
ranked as one of
the most influential
IT analysts. You
can track Steve’s
blog at http://www.
thebiggertruth.com
illu
st
ra
tio
n b
y r
aj
ve
rm
a
