Volume 02 Issue 11 executive peers Pg 18 Pg 42 September ......Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers

Volume 02 | Issue 11

Gr

ow

inG

So

cia

l T

hr

ea

TS

in e

nT

er

pr

iSe

S | c

or

po

ra

Te

So

cio

pa

Th

S a

nd

iT p

ro

du

cT

iviT

y

Volume 02

Issue 11

September 07 2013150

hIgher educatIonal programmeS are playInga VItal role In brIngIng out leaderShIp, managerIal and buSIneSS SkIllS In cIos

Page 26

PowerKnowledge

a QueSTion of anSwerS “byod brings added

security risks” Pg 14

BeST of Breed

Wanted: executive peers Pg 18

Tech for Governance

code compliance in an agile environment Pg 42

Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

cio

& l

ea

de

r.c

om

a 9.9 media publication

11

C

M

Y

CM

MY

CY

CMY

K

generic_cio_leader.pdf 1 03-09-2013 PM 06:29:38

1September 07 2013

editorialyashvendra singh | [email protected]

Quest for Knowledge

To lead from the front, a CIO needs to constantly

add to his skill set

Finally, at the crux of leadership lies the capability to see the unseen.

Attending only lectures on motivation or reading academic books would not suffice to give rise to a new crop of leaders.

The need of the hour is to nurture habits to keep up the inspiration that has been built.

In this issue’s cover story, we discuss the importance of higher education for enterprise technology leaders.

We also throw light on some top technology leaders who have never stopped treading on the path of knowledge and how they have enhanced their learning to bring out their lead-ership, managerial, and busi-ness skills.

Does reaching the top mean the end of learning? Can

a technology leader give up his thirst for knowledge once he has become the CIO? The truth couldn’t be far from this. In fact, by taking over the role of a CIO, it becomes even more important for an individual to continue gaining knowledge. It is truly said that best leaders are those who lead by example. The actions of a CIO are bound to set the tone for the entire IT department of an enterprise. He should, therefore, continue add-

center stage, while those lacking them will fall by the wayside.

Pursuing advanced courses to beef up their soft skills could be a step in the right direction. For a CIO, the main focus is techni-cal skills. However, developing soft skills is equally important. Developing and honing skills such as integrity, optimism, a sense of humour and responsi-bility go a long way as they help improve performance, interac-tions and career prospects.

Attending workshops, read-ing relevant books could also help a CIO further improve his skill set.

A recent research report of business and IT profession-als from 500 companies in the United States showed that 93 percent of the respondents felt a clear skills gap between what exists and what they wanted from their IT department. The scenario in India would not be much different.

ing to his knowledge and skills to lead from the front.

It should not just be a per-sonal goal and ambition to continue adding to one’s knowl-edge base.

The world of IT is undergoing a radical transformation impact-ing all facets of business.

Enterprise technology deci-sion makers need to come up with strategies that would help their enterprises keep pace with this rapidly changing land-scape. Those CIOs who have the required skills will occupy

editors pick

26Knowledge PowerHigher educational programmes are playing a vital role in bringing out leadership, managerial and business skills in CIOs

2 September 07 2013

Cover Story 26 | Knowledge PowerHigher educational programmes are playing a vital role in bringing out leadership, managerial and business skills in CIOs

COPyrIgHt, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

Please Recycle This Magazine And Remove Inserts Before Recycling

regulArS01 | Editorial08 | EntErprisE

roundup48 | viEwpoint

26

September 2013

Cover Design by anil t


Gr

ow

inG

So

cia

l T

hr

ea

TS

in e

nT

er

pr

iSe

S | c

or

po

ra

Te

So

cio

pa

Th

S a

nd

iT p

ro

du

cT

iviT

y

Volume 02

Issue 11

September 07 2013150

hIgher educatIonal programmeS are playInga VItal role In brIngIng out leaderShIp, managerIal and buSIneSS SkIllS In cIos

Page 26

PowerKnowledge

a QueSTion of anSwerS “byod brings added

security risks” Pg 14

BeST of Breed

Wanted: executive peers Pg 18

Tech for Governance

code compliance in an agile environment Pg 42

Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

s p i n e

cio

& l

ea

de

r.c

om

a 9.9 media publication

11

3September 07 2013

A QueStion of AnSwerS14 | “ByOD brings added security risks” Santhosh D’Souza, Director, Systems Engineer, NetApp India, discusses the core issues about ByOD

14

www.cioandleader.com

advertisers’ index

IBM FCHP IFC, IBCSchneider 5Smartlink 7SAS Institute 11Cyber Security 13Vodafone 21Juniper 25HCL 36Lenovo BC

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

18 | BEst of BrEEd: CIOs Can DrIve BusIness Trans-fOrmaTIOn CIOs are positioned to drive transformation due to their knowledge of technology

42 | tEch for govErnancE: CODe COmplIanCe In an agIle envIrOnmenT Take the time to do it right and you’ll reap the benefits

34 | nExt hori-zons: managIng The rIsks Of CyBer-spaCe Enterprise risk management needs to be extended to create cyber-resilience

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Anuradha Das Mathur

EditorialExecutive Editor: Yashvendra SinghConsulting Editor: Atanu Kumar Das

Assistant Editor: Akhilesh ShuklaCorrespondent: Debashis Sarkar

dEsignSr. Creative Director: Jayan K Narayanan

Sr. Art Director: Anil VKAssociate Art Director: Anil T

Sr. Visualisers: Manav Sachdev & Shokeen SaifiVisualiser: NV Baiju

Sr. Designers: Shigil Narayanan, Haridas Balan& Manoj Kumar VP

Designers: Charu Dwivedi Peterson PJ, Pradeep G Nair

Dinesh Devgan & Vikas SharmaConsulting Sr. Art Director: Binesh Sreedharan

MARCOMDesigner: Rahul Babu

STUDIOChief Photographer: Subhojit Paul

Sr. Photographer: Jiten Gandhiadvisory PanEl

Anil Garg, CIO, DaburDavid Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on

Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

nEXt100 advisory PanElManish Pal, Deputy Vice President, Information Security Group

(ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan

Berjes Eric Shroff, Senior Manager – IT, Tata ServicesSharat M Airani, Chief – IT (Systems & Security), Forbes Marshall

Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group

salEs & markEtingNational Manager – Events and Special Projects:

Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)

Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)

Brand & EvEntsBrand Manager: Jigyasa Kishore (+91 98107 70298)

Product Manager-CSO Forum: Astha Nagrath (+91 99020 93002)Manager: Sharath Kumar (+91 84529 49090)

Assistant Manager: Rajat Ahluwalia (+91 98998 90049)Assistant Brand Managers: Nupur Chauhan (+91 98713 12202)

Vinay Vashistha (+91 99102 34345)Assistant Manager – Corporate Initiatives (Events):

Deepika Sharma Associate – Corporate Initiatives (Events): Naveen Kumar

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar

Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane,

Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd.A-46-47, Sector-5, NOIDA (U.P.) 201301

For any customer queries and assistance please contact [email protected]

4 September 07 2013

Using Analytics for Business Success Analytics always provides a third dimension which helps a lot

currentchAllenge

To be ahead of The Technology curve

survive in the real estate business we have to know every information about a prospective customer.

I was always amazed at how analytics always provides a third dimension which we could never see otherwise.

Today, we have a 17-member team across India, and we have developed our own customised application wherein we focus on collecting information about customers.

I also believe that analytics plays a major role within the company and this year our concentration will be totally on upgrading the analytics within the organisation.

Moreover, we are also concentrating a lot on mobility because that is the best way to equip the sales force.

We are building our own customised mobile application that will ensure that when a sales person is meeting any customer, he will have prior information about that person. This, in turn, will help him in selling the right product. This is the way in which IT creates value in an organisation.

Today, a CIO is faced with many challenges and he has to be always ahead of the technology curve. There is no point in deploying technology that is not going to help the organisation in the long-run. I have always believed that we should only deploy technology that has a long shelf-life.

There are many vendors who would want to sell their technology, but as a CIO I have to understand that if a technology works amazingly in a FMCG company it might not work the same in a real estate envi-ronment. Making the right choice is the key to success for the organisa-tion. Customised solutions is the best way forward for a real estate organisation.

the real estate sector works is far different than any other vertical, which poses a real challenge for a CIO. I have been associated with Emaar MGF for a considerable amount of time to understand that the best way to help our business is to develop applications which can provide crucial information about the customer. I have always been telling my IT team that if we have to

I BelIevethe author is responsible for transforming IT into a profit-making centre. He is also tasked with developing customised solutions for the company

By AnindyA GArAi, Head-IT, Emaar MGF

LETTERS

WRITE TO US: CIO&Leader values your feedback. We want to know what you think about the magazine and how

to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

EmployEEs ArE rEsponsiblE for 95% of intrusions

According to a Gartner, most security breaches do not originate from external hackers. To read the full story go to: http://www.cioandleader.com/cioleaders/features/10316/employees-responsible-intrusions

CIO&LEADER. COM SC Mittal, Group CTO, IFFCO, feels that leaders should always take additional respnsibilitieshttp://www.cioandleader.com/cioleaders/opinions/10430/expose-employees-extreme-conditions

OpiniOn

zafar saeed, cto, albion information security

Zafar Saeed, CTO, Albion Information Security talks about security breaches

by akhilesh shuklaDesign by: SAMEER KISHORE Illustration: ANIL T

CIOs are increasingly cutting costs and ramping up efficiencies with existing resources. By doing so, they are not only adding to the top and bottom lines but also aligning their strategies with those of their CFOs.

a l i g n i n g C i O - C F O p r i O r i t i e s | C O V e r s t O r yC O V e r s t O r y | a l i g n i n g C i O - C F O p r i O r i t i e s

22 August 21 2013

C O V e r s t O r y | a l i g n i n g C i O - C F O p r i O r i t i e s

Aligning

Priorities

TR AC K TE C H N O LO GY B U I LD B U S I N E S S S HAP E S E LF


CY

BE

RS

EC

UR

ITY

OR

CY

BE

R S

EC

UR

ITY

| HA

CK

.... AN

OT

HE

R F

OU

R-L

ET

TE

R W

OR

D

Volume 02Issue 10

August 21 2013150

BEST OF BREEDOptimising the Old to

Enable the New Pg 32NEXT HORIZONS Tech Autonomy Boosts Profits Pg 38 VIEWPOINT

Your Next Computer...In the Cloud? Pg 56

CIO

& L

EA

DE

R.C

OM

10

CIOs ARE INCREASINGLY CUTTING COSTS AND

RAMPING UP EFFICIENCIES WITH EXISTING RESOURCES.

BY DOING SO, THEY ARE NOT ONLY ADDING TO THE

TOP AND BOTTOM LINES BUT ALSO ALIGNING THEIR

STRATEGIES WITH THOSE OF THEIR CFOS. Page 22

A 9.9 Media Publication

ARE CTOS MORE InTERESTED In SATISfyIng ThE CfO & BOARD RAThER ThAn ThE COnSUMER?

CTO is aligned to the CFO and the Board in that order. The CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the consumer? If he is not, then he may be in hot water sooner or later.arun gupta, CIO, Cipla

CIO&Leader LinkedIn groupJoin over 900 CIOs on the CIO&Leader LinkedIn group

for latest news and hot enterprise technology discussions.

Share your thoughts, participate in discussions and win

prizes for the most valuable contribution. You can join The

CIO&Leader group at:

www.linkedin.com/

groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are:Virtual CTO/CIO

A long term IT partner for your business growth

This is a model that SMBs are slowly waking up to. While

their IT head can chip away with his day-to-day activities,

an external help (a part time CIO) can give their IT a

proper direction and can review performance to ensure

the company's objectives are met.

—Balasubramanian S R Business & IT Consultant

6 September 07 2013

8 September 07 2013

IntervIew InsIde

3 Factors Will Impact Enterprise

Cloud Adoption: Gartner Pg 10

BillionWill be the IT spending in China in 2013

Microsoft To Acquire Nokia’s Handset Business the deal is worth $7.2 billion and is expected to close in the first quarter of 2014Microsoft has said that it will buy Nokia's Devices & Services businesses for 5.44 billion euros ($7.2 bil-lion). While the announcement has been made, the deal is expected to be finally closed in the first quarter of 2014, after shareholder and regulatory approvals. Microsoft will acquire all of Nokia’s Devices & Servic-es business, license Nokia’s patents, and license and use Nokia’s mapping services.

“It’s a bold step into the future - a win-win for employees, shareholders and consumers of both companies. Bringing these great teams together will accelerate Microsoft’s share and profits in phones, and strengthen the overall opportunities for both

Microsoft and our partners across our entire family of devices and services,” said Steve Ballmer, Microsoft chief executive officer. “In addition to their innova-tion and strength in phones at all price points, Nokia brings proven capability and talent in critical areas such as hardware design and engineering, supply chain and manufacturing management, and hard-ware sales, marketing and distribution.”

“For Nokia, this is an important moment of rein-vention and from a position of financial strength, we can build our next chapter,” said Risto Siilasmaa, Chairman of the Nokia Board of Directors and Nokia Interim CEO.

$323data BrIefIng

EnTErprIsEround-up

Ill

us

tr

at

Ion

by

sh

IgIl

na

ra

ya

na

n

9September 07 2013

E n T E r p r I s E r o u n d - u p

Indian banking and securities companies are expected to spend about Rs 41,700 crore on IT products and services in 2013, an increase of more than 13 percent over 2012, research firm gartner said.

QuIck Byte on BankIng

50% Android Users Don’t Use Security Software android has long been the most popular platform

over 50 percent of Android-based smartphone and tablet owners do not use any security software to protect their devices against cyber-threats, according to to a survey conducted by B2B International and Kaspersky Lab in summer 2013. Meanwhile, Android has long been the most popular platform for ordinary users and the cyber-criminals who would use malware to steal from them.

Only 40 percent of smartphone and 42 percent of tablet owners participating in the survey stated that they have installed a security solution on their devices and are now using it. Other respondents are content to rely on the limited security features inte-grated in the OS, or trust their own instincts to keep them safe. Meanwhile, for cyber-criminals Android is well-established as the top target among all mobile platforms. According to the Kaspersky Lab cloud service Kaspersky Security Network, which accumulates data about urgent cyber-threats, 99 percent of current malware samples targeting mobile devices have been developed for the Android platform. And this threat is growing: in 2012 Kaspersky Lab specialists detected 35,000 malicious samples while in the first half of 2013 – over 47,000. There are two main reasons why cybercriminals are interested in the Android platform: popularity and functionality.

With the economy in distress, Ratan Tata has said India has lost the confidence of the world and the government has been slow to recognise it.

—Ratan Tata,

Leading Industrialist

—Gartner

“The government has issued policy which vested interests, quite often in private sector have changed, delayed or manipulated that policy. So, for one reason or the other, the government has swayed with those forces.”

They SAiD iT

RATAn TATA

Ill

us

tr

at

Ion

by

Pe

te

rs

on

PJ

Ill

us

tr

at

Ion

by

Pe

te

rs

on

PJ

10 September 07 2013

E n T E r p r I s E r o u n d - u p

3 Factors Will Impact Enterprise Cloud Adoption: Gartner the road to increased cloud usage will be through tactical business solutionsAlthough the use of cloud services is growing faster than the overall enterprise IT market, it is still a small part of overall IT spending, according Gartner. A recent Gartner survey on the future of IT services found that only 38 percent of all organisa-tions surveyed indicate cloud services use today. However, 80 percent of firms said that they intend to use cloud services in some form within 12 months, including 55 per-

cent of the firms not doing so today.Gartner conducted a survey of 651 organ-

isations across nine countries to understand end-user organisations' use of external ser-vice providers for IT services. The objective was to better understand how organisations are shifting from the use of traditional tech-nology products to new technology deliv-ered as cloud services. “Given that the use of cloud services currently constitutes only

the global server market remains weak with revenues declining 3.8 percent in the April-June quarter this year

a very small part of the vast enterprise IT market, strategic planners should not make the mistake of taking current cloud use cases to be predictors of future cloud use,” said Gregor Petri, research director at Gartner. “Cloud computing is set to have a consider-able impact on business in the future which is reflected in the survey finding that around 60 percent of organisations plan increased investment over the next two years to five years, while only six per cent plan to decrease investments in cloud services.”

Petri highlighted three key factors that will significantly impact enterprise cloud use in the near to midterm future:

The first of these is the fact that the road to increased cloud usage will be through tactical business solutions addressing specific problems, not through broad, stra-tegic infrastructure replacements. “Today’s cloud market is still very much formed by early adopters and innovators address-ing specific use cases. Market adoption of high-tech services and solutions typically does not develop from early adopters to the majority market in a straight line, and also for cloud computing we will see distinct differences in how the next wave of buyers will adopt new solutions,”said Petri. A sec-ond factor that Gartner said will influence cloud uptake is the reality that the business impact of cloud services increases as they continue to move up the cloud services value chain, from infrastructure services to business process services. “While rehosting, recoding or recompiling existing applica-tions to run on infrastructure as a service (IaaS) or platform as a service (PaaS) cloud services may have limited impact on the rest of the organisation, replacing existing applications with higher level cloud services will have a much bigger impact on the way enterprises organise their business pro-cesses to serve their customers,” said Petri. “The impact becomes even larger once companies start to explore the new pos-sibilities cloud services offer to reimagine the way they service their customers. This reimagining can entail replacing traditional offerings with completely digital services and products.” The final factor impacting enterprise cloud use is that the introduction of cloud solutions will lead to a more diverse solution portfolio with widely varying imple-mentation and migration

gloBal tracker

on Servers

ga

rt

ne

r

Ill

us

tr

at

Ion

by

sh

IgIl

na

ra

ya

na

n

E n t E r p r i s E r o u n d - u p


new Linux Trojan Targeting Bank Accounts Found it enters a victim’s PC and targets bank accounts

MalWarE

there has been a 30 per cent

increase in mobile malware

over the last six months, accord-

ing to Fortinet's Fortiguard threat

landscape research for the period

of January 1 to July 31, 2013.

the team is now seeing more

than 1,300 new samples per day

and is currently tracking over 300

unique android malware families

and over 250,000 unique mali-

cious android samples.

the bring your own Device

(byoD) phenomenon has many

benefits for a business, chief

among them are increased

employee efficiency and pro-

ductivity gains. however, the

disadvantage of a lenient byoD

policy is the threat of mobile

malware infecting the user’s

device and, subsequently, the

business network.

“three years ago, mobile mal-

ware wasn’t much of a concern

for users or businesses. Most

malware at the time targeting

smartphones and tablets were

nothing more than annoyware

such as the Cabir virus or scam

software used to commit sMs

fraud or replace icons,” said

axelle apvrille, senior mobile

anti-virus researcher for Fortinet’s

Fortiguard labs. “however, as

devices have proliferated, so, too,

have cybercriminals eager to cap-

italize on the growing user base,

and our research shows the pro-

liferation of mobile malware will

not abate anytime soon.”

linux operating system, in

general, is considered to be highly

secured, but a new malware has

been found which might prove

otherwise. Dubbed as ‘hand of a

thief,’ the malware targets user’s

bank accounts and can be very

destructive.

according to a posting by aVast,

the malware was first discovered by

McAfee has announced a new version of its data center security solution. The McAfee Data Center Server Security Suite provides complete visibility to all workloads in hybrid data centers so organ-isations can secure and expand that environment confidently into the cloud. This flexibility gives organisations elastic security that is auto-deployed when new virtual devices are provisioned either on-premise or in the public cloud.

The new McAfee Data Center Server Security suite allows organisations to discover all work-

McAfee Announces new Data Centre Security Solution It optimises security, flexibility of virtual environments

fact tIcker

rsa researchers on 7 august 2013.

It targets only linux distributions and

it is a major concern.

“the two main capabilities of this

trojan are form-grabbing of linux-

specific browsers and entering a

victim’s computer by a back-door,”

according to the report which was

released recently.

the malware comes wtih sophis-

ticated features like anti-virtualisation

and anti-monitoring.

“With the level of overall sophis-

tication ‘hand of thief’ displays,

it can be compared to infamous

non-Windows threats such as

the Flashback trojan for MacosX

platform discovered last year or

trojan obad for android from recent

times,” the report added.

the creatot of this trojan is yet to

traced but its seems to be produced

by russian Cyber Crime group

which is selling copies of this trojan

for $2000.

loads including those from VMware’s vCenter and Amazon Web Services to provide the security administrator with complete visibility of the secu-rity status.

It protects every physical and virtual machine in the hybrid data center with fine-grained policy management and data center trust attestation with ease-of-use manageability with McAfee ePolicy Orchestrator.

It expands compute capacity securely into the private and public cloud and ensure identical security posture between on-premise and cloud-based machines.

McAfee Data Center security optimises security, flexibility, and manageability of virtual environ-ments with its MOVE AV functionality, finally providing a simplified security solution for com-panies investing in virtualisation for data centers, applications, and desktops.

“The McAfee MOVE AntiVirus solution has provided us with an excellent resolution for our complex IT infrastructure which contains dozens of assorted operating systems in use,” presents difficult challenges of both functionality and per-formance,” said Rick Snyder, Endpoint Security Manager at Boston Scientific.

Customers now have complete visibility to all workloads on-premise and in the cloud, which then enables them to secure all important work-loads. With the ability to expand their compute resources into the public cloud while also secur-ing these workloads, customers can now maintain their security posture even in the public cloud, McAfee said.

“With McAfee’s latest Data Center Server Secu-rity Suite and its elastic security, enterprises are now empowered to do just that.”

Ill

us

tr

at

Ion

by

Pe

te

rs

on

PJ

Cyber Era - securing the Futureth th14 – 15 October, 2013 Hotel Shangri-La, New Delhi

th11 INDIA KNOWLEDGE SUMMIT 2013

THE ASSOCIATED CHAMBERS OF COMMERCE AND INDUSTRY OF INDIA5, Sardar Patel Marg, ChankyaPuri, New Delhi-110021 • Tel: +91-11-46550555 (Hunting Line) • Fax: +91-11-23017008/9

For further information please contact:

Executive M: 9654251077

E: [email protected]

Himanshu RewariaAjay SharmaSenior Director

M: 9899188488E: [email protected]

Varun AggarwalJoint Director


Sahil GoswamiExecutive


For details log on: www.assocham.org www.facebook.com/aiks2013

Department of Electronics & ITMinistry of Communications & IT

Government of India

Department of Science & TechnologyMinistry of Science and Technology

Government of India

Department of Higher EducationMinistry of Human Resource Development

Government of India

� Developing Cyber Security Standards � Ensuring Privacy & Civil Liberty Protection

� Collaborative and Cross-Cutting Approaches to Cyber � Improving the Security of the Nation's Critical Infrastructure Security

� Improving Public- Private Information Sharing and Information � Staying Safe Online & Mobile SecuritySecurity

• • Compliance driven focus.• Incident response mechanism. • Adaptation of Cyber Security Policy.• Proactive threat & vulnerability management.

• Information sharing between Government and Private Bodies. • Capacity building in the area of expertise and Judiciary.• Development of Cyber Security Framework. • More power to sectoral CERTs.• Provision of necessary budgetary support by the Government. • Establishment of cyber range to test cyber readiness.

• Beware of unknown communication.• Capacity Building in the Area of Cyber Crime and Cyber Forensics. • Installation of regular updates.• Bringing innovation through R & D. • Sharing/storing of less personal information.• Strengthening Telecom Security. • Strong password protection.

Sharing of best practices and guidelines.

thsummit Issues: 15 October 2013

Mr. M. F. Farooqui, Secretary, Department of Telecommunications,Ministry of Communications & IT and Chairman, Telecom Commission,

Government of India releasing the 11th INDIA KNOWLEDGE SUMMIT 2013 Brochure at ASSOCHAM Office.

“Cyber Crime Detection and Prevention”

“IT Amendment Act 2008”

TECHNICAL SESSION-I:

TECHNICAL SESSION-II:

WORKSHOPth

14 October 2013 from 10.00 a.m.

Research & Content Partner

Technology Partner

Gold Partners

Knowledge Partner

Lanyard Partner

Banking Partner

B-School Partner Print Partners

Supported By

SanthoSh D’Souza | NetApp INdIA

“BYoD brings added security risks”Santhosh D’Souza- Director- Systems Engineer, NetApp India, in an interaction with Debashis Sarkar, discusses the core issues surrounding BYOD

CIOs are finding it difficult to strike a balance between

security of company’s data and privacy of employee’s personal data in BYOD. In what ways can the problem be answered?The way an enterprise manages its day-to-day work is changing: an enterprise employee expects to be productive anywhere, anytime and with any device. The emergence of high-performance and large display mobile devices has raised these expectations even higher. One aspect that requires attention in this context is access to enterprise con-

tent, be it text, video or image data, from employee devices. Enterprise mobility and bring your own device (BYOD) frameworks are battling to fulfill such needs.

Challenges like security, manage-ability, ubiquity, infrastructure perfor-mance and application development/performance have become areas of concern. Several vendors are offering advanced MDM solutions, but the technology is not yet sufficient, given the diversity of workloads enterprises often deploy and the lack of boundar-ies between company data and per-sonal data on employees’ devices.

With current challenges and opportunities, NetApp has intro-duced advanced technology solu-tions to solve these enterprise challenges by partnering with lead-ers in the space. NetApp has also recently introduced a new product — NetApp Connect that allows secure, instant, and easy mobile access to data stored on NetApp stor-age systems. The product, based on technology NetApp acquired from ionGrid, can integrate seamlessly into a NetApp environment without requiring complex VPN setup or separate authentication tools. Im

Ag

INg

by

pe

te

rs

oN

pJ


A Q u e s t i o n o f A n s w e r s | s A n t h o s h D ’ s o u z A

Key Challenges: security, manageability,

ubiquity, infrastructure performance and

application development

With mobility, companies cannot stop employees from

using their personal devices on the office network. What are the tradi-tional methods in which a CIO can secure both data and network?We were able to deliver a mobile solution to benefit business pro-ductivity and growth by giving employees the ability to work flex-ibly, promoting a healthy work-life balance. Incorporating NetApp Connect into a corporate infrastruc-ture has numerous benefits for both the employees and the busi-ness. NetApp Connect uses NetApp Data Ontap as the foundation for non-disruptive access to data. This allows easy mobile access combined with a high-level of enterprise con-trol, ensuring the level of security required for storing data is met. The result — the company no longer has to weigh up the benefits of BYOD against the risks of data leakage and compliance violations. The solu-tion is efficient and easy to man-age, meaning corporate IT stays in control of enterprise data at all time. The “containerised” approach elimi-nates many of the common device-management concerns associated with BYOD and corporate data compliance rules, and with a setup that is easily integrated into existing NetApp storage there is no need for costly infrastructure changes. For employees, NetApp Connect offers more efficient, on-the-go access to the data they need. This helps employees maximise their produc-tivity and promotes flexible working.

NetApp Connect is based on tech-nology that the company gained through its acquisition of ionGrid. The product provides secure, instant and easy mobile access to corporate data stored on NetApp storage. It integrates easily into an existing NetApp environment, and doesn’t require any complex VPN setup or authentication. All the data stays behind the company firewall, so there is no uploading sensitive company information to the cloud.

businesses, while controlling data leakage and meeting compliance and data protection legislation is a constant problem for corporate IT teams. On top of this, the cost asso-ciated with mobile device usage is not seen as a good use of resources. Ultimately the security risks and cost of adapting and separating cor-porate storage infrastructure were outweighing the potential benefits of mobile working.

BYOD brings added security risks, potential loss of IT control, and additional management complexity in supporting and securing all types of devices in the hands of myriad users engaged in increasingly mobile activities all over the world. The challenge is to successfully manage and implement solutions that aim at reducing risks. The cur-rent generation of security capabili-ties implemented by organisations in India can protect enterprises from traditional threats, but might

Mobile users can stream, view, down-load, edit, and pass on corporate information securely from their iOS devices, whether it’s on file shares, Microsoft SharePoint, or an Intranet web application. Additionally, with NetApp Connect, the file integrity is preserved, so all documents appear with pixel-perfect rendering.

What are the key issues regarding BYOD solutions?

One of the first things CIOs need to understand about the consum-erisation of IT and the emergence of the BYOD paradigm is that it’s a powerful, immutable trend that must be embraced rather than resisted. While mobile working benefitted the individual employees and enhanced productivity, the solu-tions that were available required a trade-off between ease of use and data security. We understand that ensuring data security on mobile devices is of great importance for

“It’s extremely critical for organisations to re-assess their security ecosystem if they want to implement BYoD and mobility”

BYoD and cloud

computing go

hand-in-hand.

Incorporating

NetApp Connect

into a corporate

infrastructure has

numerous benefits

for employees.

With NetApp

Connect the

file integrity is

preserved so

all documents

appear with pixel-

perfect rendering.

things i Believe in


A Q u e s t i o n o f A n s w e r s | s A n t h o s h D ’ s o u z A

not be enough to address the ever-evolving threat landscape. It’s extremely critical for organisations to re-assess their security ecosystem and evaluate capabilities of next-generation security if they want to imple-ment BYOD and mobility.

How can cloud computing help in smooth functioning of BYOD?

Cloud computing means that networks have to be reliable for employees of an enterprise to be able to access core business applica-tions, while BYOD support allows the employees to use their own devices on the corporate network, which creates additional demand — for example by increasing the amount of video traffic. BYOD and cloud computing go hand-in-hand.

How is NetApp looking forward to tap the BYOD market?

Looking at the pace at which enterprises are embracing the BYOD policy in their existing IT infrastructure, NetApp is already offer-ing advanced and intelligent solutions to reduce the challenges faced by CIOs while implementing the policy. To implement an effective BYOD policy, NetApp is currently

offering unified, secured, and multi-tenant storage solutions. Also the recently launched NetApp Connect allows efficient data shar-ing, and mobile device access solutions. NetApp Connect offers mobile access to cor-porate data while maintaining the tight secu-rity and control that enterprise IT requires for keeping its data and business protected. It also allows mobile workers a compelling user experience and effortless access to the corpo-rate information they need to be productive in the field, whether online or offline.

While these solutions ensure that data is protected and its integrity guaranteed, an organisation also needs to demonstrably prove its compliance with regulations and policies. Technology helps here as well. For example, an enterprise has to ensure that once e-mails or documents have been archived, the data has not been modified since. Immutable (or Write Once Read Many – WORM) storage technology like NetApp SnapLock or LockVault play vital roles in these regulatory scenarios.

Can you provide some insights on Cisco-NetApp-Citrix partnership on

desktop virtualisation

The trend towards adoption of virtualisa-tion and cloud computing continues to build. Desktop virtualisation is playing a more prominent role in an IT strategy to effectively support critical business goals. In order to support such a dynamic busi-ness environment, NetApp and Cisco have collaborated to create the FlexPod data cen-ter solution. FlexPod is a proven, long-term data center solution built on a flexible, shared infrastructure that can scale easily and be optimised for a variety of mixed application workloads.

Together, NetApp, Cisco, and Citrix provide a unified flexible architecture that is ready for virtualised environments today, yet is agile enough to let the enter-prise grow at their own pace to a fully private cloud. FlexPod components are integrated and standardised to help achieve timely, repeatable, consistent deployments and eliminate guesswork from the sizing process. FlexPod can support hundreds to thousands of virtual desktops, depending on workload profile, and can also be configured to support a number of additional workload environments.

S a n t h o S h D ’ S o u z a | a Q u e S t i o n o f a n S w e r S

Best ofBreed

Corporate Sociopaths and IT Productivity Pg 20

FeaTureS InSIde

executive Peers Wanted Pg 22

CIOs Can Drive Business Transformation

CIOs are positioned to drive transformation due to their knowledge of technology and business processes By William Atkinson

CIOs are in a unique position to exploit their knowledge of business and technology to influence or drive the direction of an organisation’s transformation, according to the findings of a new Forrester report titled “The CIO’s Role in Business Transformation.”

The report noted that almost all of today’s business transformations are dependent on technology and focus on breaking traditional business silos. These high-risk, high-

ill

us

tr

at

ion

by

Ma

na

v s

ac

hd

ev


complexity projects require a commanding knowledge of technology, business process-es and culture change. The Forrester report suggests that CIOs might be best-suited for a transformational business role. In fact, a Forrester survey released last September found that 53 percent of respondents stated that the CIO (29 percent) was the most senior leader in driving or supporting a business transformation. The CEO was tied for second place (24 percent) with the CTO.

The report identified four different types of CIOs, based on their roles in business transformation. These are soldiers, leaders of IT, change consultants, and transforma-tion leaders. These four types vary in their degree of transformation leadership and business involvement. The report suggests that each CIO must understand his or her base of influence and the tactics that will be effective for their particular role.

CIOs who are “soldiers” focus on imple-mentation. They provide little business leadership and largely follow orders with regard to IT activities other than infrastruc-ture. They lack the business information and direct political clout of other types of CIOs. “Leaders of IT” are CIOs who balance IT and enterprise needs. This is a traditional CIO role in which the CIO ensures that all appropriate IT functions are involved in the transformation. Past this largely IT role, these CIOs, similar to business leaders in the organisation, represent their companies in defining the business strategy, developing the road map, and implementing the plan.

CIOs who are “change consultants” advise on the business transformation process. These CIOs know the mechanics of a business transformation and guide others throughout the process. Typically, they have been previously involved in transformations and know the steps, roles, deliverables and risks of the projects, and also have the skills to show others how such transformations are successfully carried out.

“Transformation leader” CIOs are those who lead and run the business transformation. These CIOs ensure the effective application of business and technical components, including resource allocation, funding, system selection, and

their limitations became obvious, and nei-ther lasted as a CIO.”

Given that some of the types are better than the others as it relates to business transformation, is it possible for a CIO to change from one type to a more desirable type? “Certainly, anything is possible in theory,” Cecere says. “However, the ability to successfully change depends largely on whether they were forced into the position they were in or found themselves there by their own skills.”

An experienced and talented CIO at a travel company, for example, was forced into a soldier role because this was the company's culture: IT was an order taker. When that changed because of technology-enabled technology threats, this CIO rapidly advanced into a leadership role. “This was tangible as she even became a member of the executive committee,” says Cecere. In contrast, a CIO at a health-care services company was a talented technologist with great hands-on IT skills, but the individual’s leadership and communication skills were weak. “When the company started a trans-formation project, this person had little chance to take on a leadership position, and the CEO quickly decided to hire a consultant to represent IT,” says Cecere. The CEO’s decision was a wise one as it provided myriad benefits for everyone involved—and heightened the project’s odds of success.

— The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

CIOs who are “soldiers” focus on implementation. They provide little business leadership and largely follow orders with regard to IT activities other than infrastructure

progress tracking. However, it is rare for a CIO fit neatly into just one of the four different types, according to the Forrester report. For example, a CIO might be a traditional leader of IT for most phases of a transformation, but become a change consultant to several departments for their business process redesign.

Is one type of CIO generally better than another? “If better is primarily the ability to have an impact on business transformation, then the transformation leader and change consultant are at the top,” says Marc Cecere, vice president and principal analyst at For-rester, and author of the report. “The reason for the transformation leader being there is obvious. The CIO as change consultant will have an impact on every step of the transfor-mation, but that person is more of a process expert and would have the same advantages and many of the disadvantages of a senior consultant brought in from the outside.”

According to Cecere, a leader of IT also has a significant impact, but not to the degree that a transformation leader and a

change consultant has. “I have seen CIOs who were more the soldier type who were thrust into a leadership position or put themselves in this spot,” Cecere says. “They lacked the negotiation skills and, in two cases, credibility with several of the business leaders. They were safe when they toiled in obscurity deep in the bowels of IT. However, as they moved up,

7%will Be the

growth of gloBal

semiConduCtor revenue in 2013

19September 07 2013

t r a n s f o r m a t i o n | B e s t o f B r e e d

Corporate Sociopaths and IT ProductivityManagement often ignores the impact of antisocial behaviour on IT productivity By Frank Wander

sociopaths exist in all walks of life. At the most basic level, they are individuals devoid of empathy and compas-

sion, prone to antisocial behav-iors and desperately in need of control. Yet, many people work with them, or under them, in corporations.

Since sociopaths are seldom aware of other people’s needs, they tend to manipulate col-leagues, especially those above them, to achieve selfish goals. They are capable of both kissing up, and kicking down. They can lie without wincing. They are capable of turning their charm on and off to get what they want. They can be confrontational, and use bullying tactics to control those around them, since collaboration and sharing are foreign to them. They are socially corrosive—and cruelly destructive.

Their colleagues often understand exactly who the sociopaths are, because their self-serving behaviour generates a constant stream of human interest stories carried in whispers across the organisation. Their bullying tactics are most forcefully directed at their subor-dinates, with dire consequences to the productivity of knowledge workers, who must be mentally and emotionally engaged in their work. Because sociopaths’ behaviour may produce short-term per-sonal gains, they may initially be held in high regard by manage-ment, but ultimately move from job to job.

If a sociopathic executive entered the data center and turned off

the main power switch, he or she would be immediately fired for cause. People would be shocked and angry at such damaging behav-ior, which causes online systems to go dark, data processing to stop and business to grind to an abrupt halt.

Yet, sociopathic leaders do something similar every day: They shut down the “human infrastructure.” Not unlike a data center, the human infrastructure is prewired with sensors. From neuroscience we’ve learned that every individual has a threat sensor, a feature of the limbic system (the emotional brain) called the amygdala. This is a product of our evolution, during which humans became experts at detecting physical threats to stay alive.

Today, in a business setting, the dangers aren’t physical, but are those that threaten your job: hidden agendas, ostracism, blame, public embarrassment, bullying, humiliation and betrayal. These

ill

us

tr

at

ion

by

Ma

na

v s

ac

hd

ev


B e s t o f B r e e d | m a n a g e m e n t

Do you have future CIOs in your team?

HOW TO PARTICIPATE ? Register for POCKET CIO by going to www.next100.in

Attend session conducted by experts from Vodafone

If you are an

ace when it comes to

implementing and planning enterprise

voice & data projects, prove it now.

WHY PARTICIPATE ?

REGISTER TODAY

PRESENTS

WORKSHOP DATES AND TIMINGSDELHI NCR 20 & 21 SEPTEMBER, 2013MUMBAI 4 & 5 OCTOBER, 2013BENGALURU 25 & 26 OCTOBER, 2013

Apportunity to win Enteprise Voice & Data Technology AwardSecure an interview with the jury of NEXT100 and potentially win NEXT100 awardsGet “Pocket CIO” certification

in association with

P R E S E N T S

( 9:00 am till 5:00 pm across all cities )

ENTERPRISE VOICE & DATA TECHNOLOGY AWARD

can be especially menacing when initiated by a superior who has direct control over your survival at work. As you focus on the threat, your mind prepares your body for flight, so your pulse increases, muscles tighten, per-spiration starts to form, your heart rate increases, and the mental focus shifts to the person who is threatening you. Protective behaviors take over, reallocating energy from productive activities to defensive ones. You are now in a totally unproductive state of mind, focused on your survival rather than on your work. These effects can be long lasting, as neurotransmitters in the blood-stream take time to dissipate. And, the mere presence of the threat (the manager) may be all that’s needed to reactivate this sequence, which is called fear conditioning. Simply passing the corporate sociopath in the hall will reignite it. Such conditioning is highly damaging in a corporate setting, because the sociopathic leader comes into contact with subordinates every day. The daily, ongoing destruction of productive capacity is real and does not end until the threat is removed.

Unfortunately, the effects of antisocial behaviour manifest them-selves internally and are therefore invisible to corporate executives who build cultures in which workers are interchangeable parts, mere “human resources.” Managers are neither trained to create an emotionally productive social climate nor socially tuned to the work-place. We have tools to manage and monitor everything—except the people. Consequently, corporate sociopaths can disengage large portions of the human infrastructure and remain undetected. If one

of the “machines” is not working, just get another one; the current one is obviously defective. Paradoxically, although these sociopaths can be highly damaging to the workforce, they are often highly valued by execu-tive management for being “tough but effective.” The antisocial behaviour used by corporate sociopaths is particularly destructive to large IT initiatives that are a product of many minds and emotions. These Initiatives sometimes require hundreds of hyperspecialised work-ers, across business and IT, to co-create a solution. To be successful, these coworkers must form a collaborative social system powered by emotional energy, deep insti-tutional knowledge, meaningful relationships, creativity

and trust-based collaboration. Large social structures like these are highly fragile and tend to break when helping behaviors are replaced by protective responses. This is analogous to shutting down the net-work; it just happens to be a social one.

Unfortunately, I’ve encountered many corporate sociopaths over the years, and found that unproductive antisocial behaviours are widespread and tolerated. Traditional corporations tend to cling to the industrial model of management, which focuses on process and technology rather than people.

— Frank Wander, a former CIO, is founder and CEO of the IT Excel-lence Institute, and author of Transforming IT Culture.— The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

$180bwill Be the size of

gloBal puBliC Cloud market By 2015

Executive Peers Wantedas a CIO, the sense of security and confidence that comes with feeling that you’re part of a team is an important element of success By Frank Petersmark

desperately Seeking: Executive peer who understands what I do, why I do it and how I do it. Must be a good listener with the ability to provide critical yet constructive

feedback and perspectives. If this sounds like you, and you work at my company, please contact me at: [email protected].

est complexity, it’s not the end of the pro-cess. It’s actually the beginning, given the production problems, customisations and upgrades that will inevitably arise. On the other hand, when the CFO and his or her team implement a new profitability, reserve or expense report, it’s done when the report is distributed. There are many reasons for misunderstanding the CIO’s job, including

The life of a CIO can be a lonely one. In many companies the job is less understood than any other executive position, the results are scrutinised more than for any other executive position, and to top it all off, nothing is ever really “completed” in the same sense as things are for other executive positions. When a CIO and his or her team implement a new system of even the mild-



MEMBERSHIP BENEFITSAnnual membership to Inc. India Leaders Forum will entitle you to the following benefits

PEER NETWORKSProvides an opportunity for chief executive officers and owner managers to engage with a ‘like-minded’ peer group.

LEADERSHIP SUMMITSAnnual meeting to set the agenda for the community’s strategic and most current issues. The Forum’s summits bring together a focused audience and authoritative speakers, in a highly interactive format

BRIEFING SESSIONSA series of quarterly meetings throughout the year. Constructive debate, diverse opinions and in-depth discussions provide a premier networking and instructive forum

COMPLIMENTARY ADVERTISEMENTAccess to the 9.9 Media bouquet of magazines for complimentary advertising (Includes: Inc. India, CTO, CIO&Leader, CFO, IT Next, EDU & I2)

RESEARCH AND ADVISORYAccess to our in-house research reports on issues of relevance to high-growth companies.

Membership to Inc. India Leaders’ Forum is corporate but limited to Entrepreneurs, Directors and Chief Executive Officers

TO KNOW MORE ABOUT THE MEMBERSHIP PROGRAMMEPlease contact Rajat Gupta at [email protected] or call at 0120-4010 914

Inc. India invites all CEOs and

founder managers to an exclusive membership

programme which fosters knowledge

sharing in the community and

strengthens your efforts to build and take

your enterprise to the next

level of growth and business

excellence

CEOs JUST JOINED COCOBERRY | OZONE OVERSEAS | DTDC | DHANUKA AGRITECH | HOLOSTIK | PRECISION INFOMATIC SHRI LAKSHMI COTSYN | O3 CAPITAL | EMI TRANSMISSION | GRAVITA INDIA | AND MANY MORE...

“An ideal platform for business leaders to share leadership strategies and help business flourish”ISHAAN SURIDIRECTOR, INTERARCH BUILDING PRODUCTS

the relative immaturity of the CIO position in the executive ranks and the general lack of understanding of what the CIO does in many companies. But I wonder if there is some other, deeper-seated reason why the CIO is the outlier on most executive staffs. By the way, this is not to imply that CIOs are not effective leaders and executives in their companies, or that they lack the executive vision and gravitas to get strategic things done; many CIOs clearly can do all of that and more. It does imply, however, that most CIOs lack the one thing in their company that everybody else on the executive staff has: an executive peer. Now, before you say that CIOs have been at the adult table for many years now and many are fully inte-grated into the executive team and strategy, I’ll tell you that’s not what I’m suggesting.

I’m driving toward a more fundamen-tal notion of a peer, as Webster’s defines it: “One that is of equal standing with another: equal; especially: one belonging to the same societal group especially based on age, grade, or status.”

The first part of the definition—one that is of equal standing with another—is true for many CIOs, at least as they appear on the corporate organisational chart. However, the second part of the definition is a bit more problematic. Executive staffs are noth-ing if not their own special types of societal groups and, in that society, age, grade and status matter. All of those elements result from a sense of shared experiences and shared understanding of what each member does. That’s where trust, credibility and even empathy come from in the executive ranks. And that gets to the heart of the problem: In this modern corporate scenario, there is no executive peer for the CIO.

But what’s the big deal? So what if CIOs don’t have executive peers in their organisa-tions? How could that possibly affect their ability to succeed in their role as the busi-ness technology leader of their organisa-tion? Let us count the ways: 1. Being an executive is a team sport. To be an effective part of an executive team, or any team, it’s important that all the team mem-bers understand each other’s strengths, weaknesses and overall capabilities. That way, team members can be put in positions that leverage their strengths, and where possible, avoid scenarios that expose their

weaknesses. This kind of team dynamic can occur only if team members have the context and shared experiences that enable them to understand the decision-making perspectives of their peers. In the case of the CIO, that shared perspective doesn’t exist. 2. Understanding leads to trust. The more you understand what another team mem-ber has to grapple with to do his or her job effectively, the more you begin to trust that what the person is doing serves the com-mon corporate good. Conversely, the less you understand about what an executive team member is grappling with, the less confident—and trusting—you are that the member is pulling in the same direction as the rest of the team. This is a long-time quandary for CIOs, since what CIOs do, and what they are required to understand from a technology perspective to do their jobs, is often well beyond the realm of understand-ing of the rest of the executive team.

While the CIO likely knows the difference between generally accepted accounting prin-ciples and statutory accounting principles and how this affects the company’s finan-cials, it is a pretty safe bet the CFO does not understand the difference between hard-ware and software virtualisation, or agile and waterfall development methodologies.3. Transparency leads to empathy. IT gets a bad rap in many companies as being the

dark hole where investment dollars go to die. When CIOs ask their peers to pony up several million dollars for some needed business technology, they’ve created an expectation that a full and continuous accounting of how that money is being used will be available. Similarly, when CIOs bring the annual budget to the table, it helps if their executive peers actually understand what’s in that budget. Neither of these areas are traditional strengths of CIOs. Fair or not, it is often incumbent on CIOs to make the effort required to ensure that their executive peers fully understand how every dollar invested in IT is used and also comprehend the returns generated by those invested dollars over time. That’s the level of transparency necessary to create and main-tain executive empathy, so the next time the CIO needs some leeway on investments or expenses, it doesn’t become a knock-down, drag-out confrontation.

— Formerly CIO at Amerisure, Frank Peters-mark is CIO Advocate at X by 2, a Farming-ton Hills, Mich.-based technology company specialising in software and data architecture and transformation projects for the insurance industry. — The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

IT gets a bad rap in many companies as being the dark hole where investment dollars go to die

ill

us

tr

at

ion

by

Ma

na

v s

ac

hd

ev



MEMBERSHIP BENEFITSAnnual membership to Inc. India Leaders Forum will entitle you to the following benefits

PEER NETWORKSProvides an opportunity for chief executive officers and owner managers to engage with a ‘like-minded’ peer group.

LEADERSHIP SUMMITSAnnual meeting to set the agenda for the community’s strategic and most current issues. The Forum’s summits bring together a focused audience and authoritative speakers, in a highly interactive format

BRIEFING SESSIONSA series of quarterly meetings throughout the year. Constructive debate, diverse opinions and in-depth discussions provide a premier networking and instructive forum

COMPLIMENTARY ADVERTISEMENTAccess to the 9.9 Media bouquet of magazines for complimentary advertising (Includes: Inc. India, CTO, CIO&Leader, CFO, IT Next, EDU & I2)

RESEARCH AND ADVISORYAccess to our in-house research reports on issues of relevance to high-growth companies.

Membership to Inc. India Leaders’ Forum is corporate but limited to Entrepreneurs, Directors and Chief Executive Officers

TO KNOW MORE ABOUT THE MEMBERSHIP PROGRAMMEPlease contact Rajat Gupta at [email protected] or call at 0120-4010 914

Inc. India invites all CEOs and

founder managers to an exclusive membership

programme which fosters knowledge

sharing in the community and

strengthens your efforts to build and take

your enterprise to the next

level of growth and business

excellence

CEOs JUST JOINED COCOBERRY | OZONE OVERSEAS | DTDC | DHANUKA AGRITECH | HOLOSTIK | PRECISION INFOMATIC SHRI LAKSHMI COTSYN | O3 CAPITAL | EMI TRANSMISSION | GRAVITA INDIA | AND MANY MORE...

“An ideal platform for business leaders to share leadership strategies and help business flourish”ISHAAN SURIDIRECTOR, INTERARCH BUILDING PRODUCTS


RegisteR today

Presents netwoRk

innovation awaRd

Workshop DATEs AND TIMINGsDElhI Ncr 20 & 21 September, 2013MUMBAI 4 & 5 OctOber, 2013BENGAlUrU 25 & 26 OctOber, 2013

( 9:00 am till 5:00 pm across all cities )

INDIA’s FUTURE CIOs

in association with

p r E s E N T s

Demonstrate your excellence

in network innovation and prove why you are the best

among your peers.Attend Pocket CIO workshops in the city

closest to your location.

HOW TO PARTICIPATE? register for POCKet CIO by going to www.next100.in

Attend session conducted by experts from Juniper and take a test

WHY PARTICIPATE? An Opportunity to win network Innovation Award secure an interview with the jury of neXt100 and potentially win

neXt100 awards Get “Pocket CIO” certification

By Atanu Kumar Das

Design by Vikas Sharma | Imaging By Anil T

To be an inspirational leader, a CIO constantly needs to enhance his

knowledge. Enrolling himself in higher educational modules/programmes can be really beneficial as it not only helps

him in enhancing his soft skills but also enables him to lead a team in an

innovative manner.

POWERKNOWLEDGE

27September 07 2013

K n o w l e d g e P o w e r | C o V e r S T o r y

CIOT

he challenges of being a CIO have been increas-ing with the changing dynamics of information technology. Today, a CIO has to ensure that he is not only the master in the technical domain, but is also is equally talented in the business domain

besides being an inspirational leader. To gather all these expertise, a CIO has to constantly look for options where he can gather more knowledge. One way of acquiring them is to enroll in various educational programmes/modules/courses that enhances his behavioral, interpersonal, leader-ship as well as technical skills.

According to Anindya Garai, Head IT, Emaar MGF, “I have been taking numerous educational modules in the last five years focussing on behavioral, skill enhancement and com-munications. They have been really helpful. I remember tak-ing a course on behavioral and communications from Vital Stats that enabled me to understand how to break the ice with the other person and it also helps you to be more produc-tive.” Garai also said that once he went for a workshop which taught him how to evaluate an interviewee for 15-30 minutes.

“When we are looking for fresh talent within the com-pany, we conduct a lot of interviews and the maximum we can invest in one person is about 30 minutes. It becomes very difficult to take a decision within that time frame if we should recruit that person. The educational programme taught me what to look for in a person when we want to recruit him in the company. It helped me immensely,” said Garai. Another educational programme that made a mark in Garai’s career was when he did a course on ‘Introduction of Cyber Laws’ around 14 years ago. “Today knowing cyber law is not a big thing. But back then, it was eye opener for us and we got to learn a lot. We didn’t know a lot of stuff about cyber laws and how it will impact an organisatioon. I remember after doing that course, it changed the way we used to function. The whole IT team sat together and we created some practices that had to be followed. Earlier, everybody used to do stuff randomly, but after that course lot of things changed.”

Agrees Atul Nigan, Head-IT, Samsung Data Systems India, “Three years ago I did a project management course

ThE LEArNING

By focusing on different innovative educational programmes, a CIO is constantly enhancing his existing skills, be it technical, business, or on the leadership front.


C o V e r S T o r y | K n o w l e d g e P o w e r

course on Database Management Systems at IIM. That helped me immensely with design and optimisation of databases and in developing systems using SQL. I was way ahead of many other CIOs at that time. The second instance was a management development programme (2-weeks) that covered all areas that organisations deal

and that helped me immensely. Although I had the experience of proj-ect management learning on the job, but I wanted to challenge myself and get a formal certification done in proj-ect management. It is considered as one of the toughest exams and I was quite scared to appear for an exam after more than two decades. Thank-fully, I cleared the exams,” smiles Nigam. According to Nigam, when one is working for a multinational company, there are numerous things a CIO should learn. “A CIO’s role is very complex, he has to manage the team as well as the business. Some of the important things for him to acquire is the art of communication, negotiation skills and he should have the power of resilience. A CIOs sur-vival depends on business he needs to ensure that business listens to him. So I believe that a CIO should con-stantly keep on updating himself by joining different leadership and other courses that enhances his skill-sets, says Nigam.

Short-term or long-term courses?According to S R Balasubramanian, Former CIO with more than 30 years of expereince, “Educational pro-grammes do make a difference to the “It is the process

and the quality of education that makes a difference in the leadership role”—Dr Pritam Singh, Director-General, International Management Institute

functioning of the CIO. Educational programmes could be short-term courses or of longer durations leading to a degree or diploma but all of them certainly equip the CIO with requisite knowledge to be more effective.”

Garai also feels that short-term educational modules act as enhancing the skill-sets which already exist within an individual. He feels that there is no point going for long-term courses as with the experience a CIO gets to know the business acumen and he doesn't need to acquire a MBA degree to have business acumen. “I know today a lot of CIOs are doing long-distance MBAs but I don’t advo-cate it too much. I believe that a CIO learns a lot on job and business knowledge is also one of the most important things that he learns being on the job. I have acquired business knowledge during my course of job and I don’t need to have a recognised degree for that,” feels Garai.

Balasubramanian says that during his tenure as a CIO he has attended numerous courses and he remembers one such course which he did about 30 years ago. “I did attend such courses which helped me in my career. One was way back in 1985 when I was sponsored for a 10-day

29September 07 2013


with, covering production, materials, finance, accounts, supply chain etc. Such a holistic knowledge proved useful in all my subsequent assignments.”

Nigam recalls a short-term course he did 16 years back on achievement and motivation training and the course was imparted by one IIM-A professor. Nigam feels the course was one of the most inspirational training he did in his career. “There are certain individuals who can inspire you to the zenith, and we look forward to them. In fact

when I started my career at Samtel, there used to be a course for senior management, which focussed on are you doing the job that you are supposed to do and I can tell you 90 percent of people are not doing what they are supposed to do. Almost everybody who attended that course had tears in their eyes.” Nigam says that he was an introvert initially and being a CIO one has to gain the trust of numerous department heads to know about their business require-ments. “I have always been an introvert, but today's busi-ness demands to have a CIO who can gain the trust of all the stakeholders. I believe that by attending different lead-ership courses I have acquired mentoring, leadership and other skills which ultimately helped being to shred being a complete introvert,” avers Nigam.

Challenging job for a CIOAnother important thing that Nigam points out that a CIO has to work according to the culture of the company and if the company is multinational, he has to work with different cultures. A CIO has to understand what the parent com-pany's culture wants and what we want. It is very important to balance and act accordingly.

“When one works for a multinational company, a CIO has to work according to the culture of the company and

“One educational programme taught me what to look for in an individual when we want to recruit him”—Anindya Garai, head IT, Emaar MGF also has to keep the parent CIO happy.

We at India have a different culture but we also have to understand how the Korean's work when we are work-ing at Samsung. When we attend different leadership courses, we get to know how one can work with separate cultures and what are the key things we have to take care of,” says Nigam.

Balasubramanian feels that during these challenging times, it is abso-lutely integral for a CIO to do some kind of educational programmes. “It is more essential today than any time before. With IT becoming mis-sion critical and of immense value to business, expectations on the CIO is far higher. He cannot hobnob with the business heads unless he is more aware and has his hand on the pulse of the business.”

Does India match with the West?When we are talking about imparting world-class educational programmes to the CIOs, one of the questions that keeps on coming is are we at par with the courses that are provided in the western countries. According to Dr Pritam Singh, Director-General,

C o V e r S T o r y | K n o w l e d g e P o w e r

to the world. The glaring difference can be seen in the thinking perspective and actions of those who went to the schools of academic excellence and who were not fortunate to get the opportunity to be with the maestros in the aca-demic citadels. It is the process and the quality of education that not only makes a difference in the leadership role, but also makes a remarkable difference in the way we think, feel and act. That is what leadership symbolises. These are the basic pillars of leadership,” he adds.

International Management Institute, “Virtually I don’t see any difference. The programmes in India are more rigorous, much more pragmatic and relevant to the Indian context. Pro-grammes organised by the schools in developed world tend to share more experiences which are not so relevant to the Indian participants. However such programmes provide global exposure.”

He adds, “Therefore it would be ideal to develop programmes partly delivered in India and abroad. IMI currently organises such programmes with some of the best business schools like ESSEC Business School, Paris, ESCP-Europe at Paris, Berlin, Madrid and Prague, Frankfurt School of Finance and Management, Frank-furt, Rotman School of Management, Toronto Canada and University of Maryland, US, etc. We also organise programmes for senior executives from these schools in India to help them understand the challenges of doing business in India.” Balasubra-manian feels that all the leading man-agement schools are the right places both for full time/ part time MBA

“A CIO cannot hobnob with the business heads unless he is more aware and has his hand on the pulse of the business”—S R Balasubramanian, Former CIO

courses and for short-term management development programmes. There are also short-term course organised specifically by IT vendors partnering with professors or advisory organisations like the Gartner, For-rester etc. “I feel that there are numerous places in India where a CIO can get the right course that can help him in his career,” he adds.

Education Powers AllDr Singh feels that it is not only the CIO, but also the CEO who gains a lot from educational courses. “Many CEOs in this country do not demonstrate a great learning orienta-tion. They suffer from the complex of having achieved everything in life and therefore lack the capability of look-ing beyond gauging the future and preparing for tomorrow; looking around to build competitive marked intelligence and looking within and reflecting on one’s own strengths and weaknesses and continuously reinventing themselves. In my judgment, I find the top level to be the real bottle neck, and that is why not many organisations move from the existing orbit to the next orbit. It may not be true only in Indian realities, but also there is some global truth,” says Dr Singh. Dr Singh feels that education plays the most vital role in what we are today. “Whatever we are today in our life is because of our educational experiences and exposure

31September 07 2013

“Some CIOs tend to box themselves too much in the back office and are not able to contribute directly in the strategic goals of the company”—Rajul Garg, Director, Sunstone Business School

Do you think educational pro-grammes make a difference in the

work function of a CIO?With the ever changing business land-scape, I feel it’s the responsibility of every executive to constantly upgrade themselves. While a lot of learning happens on the job, it is important to sit back and analyse to introspect as well as learn from others. I feel that with today’s challenging business environment, one should try and hone their skills in different ways and joining different educational modules in one of them. We have witnessed a lot of senior management people gaining a lot for educational pro-grammes/modules which changes the way one thinks.

What kind of leadership programmes do you offer for CIOs and how can

they benefit from the same?CIOs need to understand better the custom-er side of an organisation. Some CIOs tend to box themselves too much in the back office and are not able to contribute directly in the strategic goals of the company. This

should be a major area of focus for them. At the moment, we are not offering CIO- specific programmes but they can benefit from our courses on big picture in terms of improving their thinking and strategy.

Can you share with us couple of examples how have the CIOs bene-

fited by taking leadership programmes from your institute?There are several folks in the CIOs teams who have taken courses with us. They come out with better understanding of busi-ness and hence better alignment of goals. They are also able to hone their leadership skills by taking the courses that we offer and many of them have got back to us and appreciated our modules and how it has helped them.

What are the differences you see in leadership training programmes that

are happening in India and other devel-oped nations?A majority of leadership programme in India tend to be either procedural or around

“CIOS ArE uNDEr CONSTANT prESSurEFrOM BuSINESS”In an interaction with Atanu Kumar Das, rajul Garg, Director, Sunstone Business School, speaks about how educational programmes help CIOs in becomming better leaders

behavioral traits. They tend to be complex. In the more developed nations there is greater focus on problem solving, working with people at a ground level, concentrating on effective communication etc.

What challenges do you face in bringing CIOs to the training table?

The main issue is prioritisation. CIOs are under constant pressure from business. It's hard for them to prioritise self-develop-ment. And I believe that CIOs should con-sider getting themselves trained as one of their priorities and be more proactive while adventuring into any skill enhance-ment programmes.

Do you think that it is important for the management also to push

a CIO to enroll for a educational pro-gramme that would in hindsight benefit the company?Absolutely. A great CIO can be a major advantage to a company. Management should continuously push to upgrade per-spectives and skills.

33September 07 2013


NEXTHORIZONS

Features InsIde

Ill

us

tr

at

Ion

b

y p

et

er

so

n p

j

What CIOs should Be thinking about But aren’t Pg 37

Hardly a day goes by without news of a new cyber-security threat or a major data breach arising from “malspace”—that online environ-ment inhabited by hacker groups,

criminal organizations and espionage units. As hacktivists, cyber-criminals and nation-states excessively increase traditional information security risk, it’s becoming clear that the business risks of operating in cyberspace is quickly moving to the top of most chief executives’ agendas.

enterprise risk management needs to be extended to create cyber-resilience, which is built on a solid foundation of preparation and teamwork By Steve Durbin

Managing the Risks of Cyberspace


Today, CIOs, CISOs and other information practitioners are accountable to report on and explain the corporate risks associated with an organisation’s activities in cyberspace. Highly publicised breaches, financial losses and more stringent government regulations have put the spotlight on information security in most organisations around the world. And, as a result, stakeholders need to be reassured that an organisation’s sensitive information is secure.

Malspace vs. the Real WorldMalspace is a thriving marketplace for those motivated to make money, get noticed, cause societal disruption and take down corporations and governments through cyber-attacks. Part of the attraction of doing business in malspace is its anonymity because the risk of getting caught is much less than the risk of committing a crime in the “real world.” Cyberspace is a far better hiding place and the turf is much more dynamic in terms of thwarting IT software, staff and systems. Furthermore, there is the challenge of differing laws and regulations across different jurisdictions, which can make prosecuting cyber-crime extremely difficult. In addition, cycle times for the people committing cyber-crimes are shortening while the potential rewards are growing. Global cyber-criminals are increasingly organised and professional in their approach. They are as innovative and strategic as many legitimate businesses, and their financial capabilities are ever evolving, keeping pace with the online economy.

With unprecedented opportunities for collaboration, a malspace ecosystem has developed, complete with marketplaces for buying and selling the expertise and tools needed to target and execute cyberattacks. Every hacker group, criminal organisation and espionage unit in the world now has access to powerful tools and expertise for identifying, targeting and attacking their victims. All of this makes it absolutely imperative for enterprises and governments to build up cyber-resilience. But how can this best be achieved?

Extending Risk ManagementWhile cyber-security and risk management practices largely focus on achieving security through the management and control of known risks, cyber-resilience requires that businesses of all sizes prepare now. To cope with and mitigate the negative impacts of cyberspace activity, organisations must extend risk management to include cyber-resilience. As everything from supply chain management to customer engagement shifts to the cloud, operating in cyberspace now has bottom-line implications if systems are disrupted. Fortifying governments and enterprises to build up resilience is impera-tive. Cyber-resilience requires a balanced approach that protects both organisations and individuals while also enabling open, safe commerce and communications.

Unfortunately, the risks that accompany doing business in cyberspace don’t always allow for that. In order to achieve cyber-resil-ience, risk management should encompass the confidentiality, integrity and availability of information. At the same time, resilient

organisations must recognise the unintended business conse-quences from activity in cyber-space, such as commercial, reputational and financial risks, are real and growing.

Cyber-Security: All Hands on DeckCyber-threats are no longer the domain of information security. All units within the organisa-

29%INcREaSE IN ONlINE

malwaRE IN THE apRIl-JuNE pERIOd

Of 2013

tion are affected, as are external customers, suppliers, investors and other stakeholders. Senior business leaders, preferably the chief executive or chief operating officer, should lead the charge with a coordinated and col-laborative approach that allows the organ-isation to prepare for unpredictable events. Organisations must be agile in order to prevent, detect and respond effectively, not just to incidents, but to the consequences of cyber-attacks. An incidence response team comprised of departments from across the organization should be created to develop and test plans for pre- and post-incident. This team should be equipped and trained to respond quickly to an incident by com-municating with all parts of the organisa-tion, including potentially comprised indi-viduals, shareholders and regulators.

Dealing With Complex ThreatsThe array and complexity of cyber-security threats will continue to rise significantly in the next decade, and for businesses, the preparation time is now or the conse-quences will be felt later. As I mentioned earlier, managing risk from cyberspace must extend beyond information security to include risk on reputation, employee devices and third-party suppliers.

As they prepare to deal with these increas-ingly complex threats, businesses must con-sider three main drivers:

Internal Threats. As technologies bring new benefits to the enterprise, they also increase the potential for risk, particularly when businesses do not fully assess the

Today, CIOs, CISOs and other information practitioners are accountable to report on and explain the corporate risks associated with an organisation’s activities in cyberspace

35September 07 2013

c y b E R S p a c E | N E X T H O R I Z O N S


Consider yourself the best

at leading IT Infrastructure

projects? Prove your worth among your

peers by attending the Pocket CIO workshops in the city closest to your location

REGISTER TODAY

IT INFRASTRUCTURE MANAGEMENT

AWARD

HOW TO PARTICIPATE? Register for POCKET CIO by going to www.next100.in Attend session conducted by experts from HCL and take the test

WHY PARTICIPATE? An Opportunity to win the IT Infrastructure Management Award Secure an interview with the jury of NEXT100 and potentially win

NEXT100 awards Get “Pocket CIO” certification


in association with

P R E S E N T S

WORKSHOP DATES &TIMINGSDELHI NCR 20 & 21 SEPTEMBER, 2013MUMBAI 4 & 5 OCTOBER, 2013BENGALURU 25 & 26 OCTOBER, 2013( 9:00 am till 5:00 pm across all cities )

Are you at that stage in your career... when you start looking for something more. It could be a new direction, fresh focus or the next mountain to climb.

You’ve already come a long way, but it’s time to aim for the top - the pinnacle.

But scaling the next mountain is a big stretch. You need new skills. You require new perspectives. You want to be a stronger leader.

The Pinnacle Programme will help you do all this - and more.

Stop being consumed by

where you are...

...focus instead on where you want to be.

9.9 Mediaworx, B-118, Sector 2, Noida – 201 301, India Tel: +91 120 4010999

www.theleadershipinstitute.in

security implications prior to purchase or implementation. Add rogue insiders to this mix and you have a lot more risk under your roof. Periodic reviews of the business impacts and risks stemming from the sup-ply chain should be conducted. Employee policies and procedures for BYOD pro-grams, as well as password logins, should be stepped up. Your security team should be involved at the outset to review security of any new suppliers.

External Threats. Cyber-crime, state-spon-sored espionage, hacktivism and persistent attacks on critical infrastructure systems in the real world—the list is growing faster than your IT resources can keep up with. Enterprises would do well to follow the governmental approach of a unified situational-awareness approach with controls in place to monitor, detect and remediate problem areas in real-time. Collaboration and sharing of attack infor-

mation with trusted law-enforcement agencies, as well as business partners, will help to reduce the risk from external threats.

Regulatory Threats. Compliance require-ments, regulatory mandates, data privacy, the push toward greater private- and public-sector collaboration, and disclosure about security preparedness are all better man-aged with information security governance and better reporting. Incident response procedures should be in place and tested. In addition, improve your security assurance requirements for business partners.

Cyber-Resilience ProgrammeOrganisations function in a cyber-enabled world today and traditional risk manage-ment isn’t nimble enough to deal with the risks from cyberspace. Enterprise risk management needs to be extended to create cyber-resilience, built on a foundation of

preparedness. From cyber-threats to insider threats, organizations have varying degrees of control over evolving security risks.

A comprehensive cyber-security program leverages industry standards and best prac-tices to protect systems and detect poten-tial problems, along with processes to be informed of current threats and enable a timely response and recovery. Using a resil-ience-based approach to apply cyber-security standards and practices allows for more comprehensive and cost-effective manage-ment of cyber-risks than merely compliance activities alone.

— Steve Durbin is global vice president of the Information Security Forum (ISF), an inde-pendent, nonprofit association. — This article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

What CIOs Should Be Thinking About But Aren’tthe future CIO will employ portfolio managers who think like a financial analyst By Jack Rosenberger

a vice president of datacenter initiatives and digital infrastruc-ture with the analyst firm 451 Research, Michelle Bailey recently spoke with CIO Insight about IT investments, the current lack of innovation, business metrics and what many CIOs should be thinking about but

aren’t. Here is a condensed version of Bailey’s remarks.

Its time for companies to invest in IT “The economy is improving, and we’re seeing jobs growth and improvement in the housing market, espe-cially in the US, but what we aren’t seeing a return to IT spending. We haven’t seen the return to IT spending that we would have expected to see by now. Instead, we are seeing companies hoarding cash and a lot of bloated balance sheets. We’ve seen a lot of IT consolidation proj-

ects, with CIOs going after the low-hanging fruit, which is fine dur-ing the downturn of the economy. But what we’re not seeing—and what we should be seeing—is long-term investments in IT.”

We need to see a return to “innovation first” “Right now we’re short on innovation in IT. During the last several years most of the ‘successful’ projects in IT have been cost cutting and consolidation and, frankly, there has been little incentive for CIOs to drive innova-tion given the emphasis on cost cutting, but the econo-my is turning around. Cash is cheap right now, which means that organissations that aren’t afraid to spend can be fierce competition to established companies. What we need to see is a return of IT leaders who will swing the balance of the IT project portfolio from main-

$7.2bnwIll bE THE amOuNT THaT mIcROSOfT wIll

pay TO acquIRE NOkIa'S HaNdSET buSINESS

37September 07 2013

m a N a g E m E N T | N E X T H O R I Z O N S

tenance and trimming to innovation and growth. Time and again we see the CIO that is terrified with being labeled the ‘CI-No,’ yet their maintenance activities are at an all-time high. We need real leaders who will go to their boss and say, ‘Here are five projects that will not save money, but they will drive business value.’ We see pockets of innovation happening, especially in the banking industry, where it’s all going to be about mobile apps, and in health-care, where the industry is being transformed by IT. In general, a closer touch to the consumer and business-to-consumer applications is universally appealing, but many businesses fail to reward transformative IT projects. Also, they involve the IT organisation way too late in the product development process. The CEO and other business leaders fail when they minimise the value of technology.”

Use metrics to measure business value, not just costs “IT probably does the worst job of any business unit in terms of measuring itself. IT usually measures infrastructure and IT costs, and because it focuses on costs, it is viewed as a cost center. The metrics you should be thinking about are business availability, time to market, application deployment and security. We rarely see IT organisations that can measure their contribution to revenue or shareholder value. The future CIO will employ portfolio managers who think like a financial analyst and not just about costs but about business risk and reward. They’ll think in terms of projects that

increase competitiveness, as well as drive business value, such as improving customer satisfaction.”

New companies are spending money—and innovating “The new businesses are not frightened to spend money. In fact, many of them are raising money. Large, traditional companies are either reluctant to spend or are paralysed by their escalating mainte-nance costs or pent-up demand for new projects. They are facing a real threat from new companies that aren’t afraid to spend and inno-vate. These new companies have no legacy IT and they’re spending money as an investment in their future. They will be incredibly dis-ruptive to many existing businesses.”

What’s your five-year plan? “Time is something you can never regain. You will be playing catch-up if you haven’t thought of where your business is going to be in five years. If I was a CIO I’d worry about things like ‘Do I have a credible strategy that is aligned with business investments? Is it real-istic for the next three to five years? Who are my competitors?’ I’d be worried about new competitors blowing right by me and I don’t even know it. That’s what would keep me up at night.”

—Jack Rosenberger is the managing editor of CIO Insight. — This article was first published in CIO Insight. For more stories, please

Large companies are either reluctant to spend or are paralysed by their escalating maintenance costs or pent-up demand for new projects

Ill

us

tr

at

Ion

ph

ot

os

.co

m


N E X T H O R I Z O N S | m a N a g E m E N T

Are you at that stage in your career... when you start looking for something more. It could be a new direction, fresh focus or the next mountain to climb.

You’ve already come a long way, but it’s time to aim for the top - the pinnacle.

But scaling the next mountain is a big stretch. You need new skills. You require new perspectives. You want to be a stronger leader.

The Pinnacle Programme will help you do all this - and more.

Stop being consumed by

where you are...

...focus instead on where you want to be.

9.9 Mediaworx, B-118, Sector 2, Noida – 201 301, India Tel: +91 120 4010999

www.theleadershipinstitute.in


TECH FORGOVERNANCE

Take the time to do it right and you’ll reap the benefits of both compliance and agile development By Phil Cox

Dip in global PC sales during April-June 2013

11%DaTa Briefing

Code Compliance in an Agile Environment

ima

ge

BY

ph

ot

os

.co

m

43September 07 2013

C O m p l i A N C E | T E C H F O R G O V E R N A N C E

iPOinTS

5 all compliance regimens require

documentation and

tracking

it would be

a business and

policy decision

to allow any or

all developers

to promote to

production

all code must

be both reviewed

and tested

independently

a single person

can be both the

reviewer and tester

implementing the code review

and testing process

is the most difficult

part of development

Being agile to meet business needs is the right idea, but when you try to take that agile environment and put it in front of auditors who are used to concepts like waterfall, security architecture reviews, and change management boards, you get confusion and misunderstanding which complicate the audit process.

How can you maintain the benefits of agile software development yet implement controls around the process to meet audit requirements?

To meet compliance requirements for code develop-ment, you generally need the following foundational components:

Software development lifecycle (SDLC): A documented version of how you will develop software in a manner that ensures a certain level of quality in that code.

Ticketing system for evidence collection: All compli-ance regimens require documentation and tracking, and a ticketing system provides a way to meet this requirement while automating the process.

Source code control system: A system to provide appro-priate tracking of changes as well as rollback functions.

Mechanism to perform independent code review and testing: Automated or manual tools and processes that can be used to ensure a level of code quality that is consis-tent with the service you are delivering.

Process for changes before deploying code to produc-tion: Formal approval process for all changes that will end up being deployed to the production product.

An Agile Process Under DevOps In a DevOps-oriented environment — one with no separate operations team — you still need to code review and test and get approval before pushing code to production. This is where it gets tricky. In such a shop, you could specify that all develop-ers have authority to promote to production after an inde-pendent code review and test (you can’t get away without this). It would be a business and policy decision to allow any or all developers to promote to production, and one that you would need to justify to your auditors. To meet almost any widely applicable compliance requirement (such as PCI, SSAE16, and so on), all code must be both reviewed and tested independently — that is, not by the developer who wrote the code. A single person can be

both the reviewer and tester. So in a DevOps environment that uses Scrum, the process to meet this requirement would look like this:1. The sprint team creates a story about what to do in

the agile tool (a ticketing system, for instance).2. A story/task is allocated to a team member.3. The developer tags code changes with the ticket num-

ber related to the story.4. Once the changes are done, the developer puts the

story/task into review/test state, and another devel-oper picks it up, or, ideally, the ticketing system uses a workflow associated with it to route the task to the appropriate developer.

5. Once the testing succeeds, the it is marked complete.6. The developer then promotes the story/task to pro-

duction.If you have implemented adequate automation and

tracking tools, and all of your developers have the requi-site skills to deploy production code, then you should be able to make a business case that they be able to do so.

Don't overlook the requisite skills part of that last state-ment. In a true DevOps environment, you will need to ensure that the developers deploying to production are indeed qualified and authorised to approve the changes they are deploying. You may be able to justify having a junior developer promote to production if you have an adequate level of expertise in the review and test stage. How We Do It at RightScale It’s not trivial to create a bul-letproof, robust, and consistent process that will pass an audit. Saying that you do it is easy, but evidencing it is the hard part. In particular, implementing the code review and testing process is the most difficult part of develop-ment and compliance in agile environments.

At RightScale, we embrace the agile methodology through Scrum, but we have not taken agility all the way to a DevOps delivery model. Thus we have a bit more “tradition” in our development practices. Software Devel-opment Lifecycle Our SLDC is defined in our RightScale Agile Manifesto (RAM) — think Agile Manifesto++. The RAM covers the following:

Anatomy of a release Backlogs

iT shops today implement speedy and dynamic application development techniques to meet business demands. You can’t visit an IT-related website these days without being peppered with such terms as cloud, agile, DevOps, and continuous deployment


T E C H F O R G O V E R N A N C E | s O C i A l m E d i A

Today’s “Social Age” has brought with it an increased amount of social risks threatening the enterprise on an ongoing basis. From boycotts and “brandjacking” to lawsuits and

liabilities to extortion and executive threats, the variety, volume and complexitty of these would-be crises can wreak havoc on the

reputation of a corporation and its brands if the enterprise is not protecting itself.

As social media continues to exponentially grow, millions of individuals now have pow-erful broadcasting channels to potentially reach millions more across the open social universe to share their experiences with and opinions on your business. No longer

Planning Commit and branching standards Sprint development capacity Sprint QA engineer concerns Scrum lifecycle Sprint metrics Retrospective Regression Integration, release candidate, and release branches

Release sequencing Documenting story requirements Sprint end cleanup Feature freeze/branching date Engineering escalation process Demos Development standardsStories and Ticketing For each story that is

to result in a code change, a developer cre-ates code review (CR) and QA subtasks in the agile tracking tool. The code cannot be merged into the master source code branch and ultimately deployed to production unless the CR and QA subtasks have been completed. Development The development flow is as follows:

1. When code is submitted to our version control system, the event is analysed in real time. We use an automated task to ensure that each commit is associated with a legitimate story/task, and generate an alert if it is not.2. The commit message is veri-fied to ensure that it contains the prerequisite ticket reference in the desired state. Our agile tracking tool creates a unique ID for each story.3. When a story is complete, we perform a merge into the master source tree.4. The merge is verified that it is complete and done by an individual who is authorised to perform the merge. In the event of an unauthorised merge, the engineering direc-tor or team lead determines the cause of the error and makes appropriate corrections.5. During a release, developers cut a release branch and perform final testing, and our operations team deploys the release into production.

6. We have a scheduled audit that covers any abnormalities in the real-time process.

Note that the checks are not all devoted to compliance, but also to improving engineer-ing visibility and ultimately efficiency.

We can use them to see if someone had no time allocated to work they did, or worked on a deleted task. We also do more

traditional sweeping validation because real time is subject to blips beyond our control.

Further, we have evidence of each of the steps for proof audits. In some agile envi-ronments, managers may get pushback from developers who feel they are being constrained by the rigorous compliance processes, but these controls help improve the quality of code, and that is hard to argue against.

— The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk

$1tnwill bE THE sizE OF iNdiAN mObilE sERViCEs mARkET

iN 2013

Growing Social Threats in EnterprisesThe continuous, multidimensional threats facing an organisation are not always isolated incidents By Vince Schiavone

are poor customer experiences limited to a mere handful of friends and neighbours. Rather simple missteps can turn into major crises resulting in reputational damage totaling tens or even hundreds of millions of dollars. What’s worse is that, well beyond corporate missteps lie massive threats from activists, ax-grinders or competitors proac-

45September 07 2013

s O C i A l m E d i A | T E C H F O R G O V E R N A N C E

facing an organisation are not always isolated incidents. An increasing amount of serious corporate risk is being gener-ated from activists, ax-grinders and even authorities that are targeting businesses and industries with organised campaigns across sophisticated, yet unapparent, social networks. These social networks provide a catalyst to expand the reach, enhance the efficacy and increase the influence of these campaigns, ultimately increasing pressure on the corporation.

Leading corporations looking to proac-tively protect the enterprise are engaging advanced, strategic solutions to unveil and track a wide array of social risks. This delivers strategic intelligence for proac-tive response to effectively mitigate these threats, often before they explode into all out crises. Among the technology advance-ments being used include:

Streaming Big Data Processing: With bil-lions upon billions of daily social comments finding the proverbial needle in the haystack – that major emerging enterprise threat – in mere moments is critical. Traditional nar-row social post samples used by basic social monitoring tools are simple inadequate to identify threats from all corners of the open social universe. Most monitoring tools focus on the big social networks (e.g. Twit-ter and Facebook). However, most threats can emerge from sources unknown to the general public. To track all of these source

the fast and furious nature of today’s “social age.” These threats can range from physical to reputational in nature and often emerge via social media channels.

Facility Threats: From protests to ‘occupa-tions,’ an increasing number of corpora-tions are facing activists attempting to organise these statement events to damage the corporation on various levels, which can include property, reputation, financial and even personnel threats.

Competitive Threats: In many industries, emerging competitors are leveraging uncon-ventional tactics across social media to not only disrupt the industry, but often destroy the traditional market leaders. In a growing number of situations, these competitors are even engaging activists to attack their targets.

Boycotts: A growing number of consumer boycotts against brands are emerging, pri-marily online, from the activist community. These attempt to influence purchase behav-iour to promote the activist cause while damaging the targeted corporation.

“Brandjacking”: An increasing number of incidents against businesses are appearing where perpetrators are either impersonating corporations online and via social channels or “hacking” their social brand accounts. In both cases the objective is to extract damage on the brand.

Protecting the EnterpriseThe continuous, multidimensional threats

tively targeting the organisation with a wide array of threats to further damage the enter-prise’s reputation and destroy market share.

Widespread RisksCorporations across nearly every industry are under constant fire from multi-front social assaults, from isolated incidents to well-organised initiatives. These threats arise via the open social universe regularly from consumers, prospects, influencers, activists and even competitors and can include:

Misconduct: Whether illegal activities, vio-lations of corporate policy or significant lia-bilities, employee misconduct has become increasingly damaging given the immediate reach social media provides to these issues. This in turn can have instant, massive repu-tational impact on the organisation.

Sabotage: From intentional misconduct to technology breaches to activist initiatives, sabotage incidents can widely vary in type and complexity. These incidents cannot only create significant reputational damage, but also major physical damage to an organisa-tion’s facility or technology assets.

Liabilities: From product defects to employee accidents, these situations can result in significant injuries and/or claims resulting in financial and legal liabilities for a corporation resulting massive, multidi-mensional exposure for the enterprise.

Lawsuits: Liabilities can quickly blossom into lawsuits, whether civil or class action in nature. Many legal departments are fac-ing ongoing potential lawsuits against the organisation, many of which emerge from social media channels.

Extortion: Corporations are seeing a increasing number of extortion attempts from individuals threating to broadcast their claims across the open social universe if their demands are not met. Regardless of the truth, many of these incidents can cause reputational exposure for the corporation.

Hacktivism: To make statements in support of their causes, “hacktivists” are regularly targeting corporations with denial of service attacks, security breaches and personal and account information intercep-tions, many of which are orchestrated and promoted across social media channels.

Executive Threats: Maintaining the secu-rity of high-profile corporate executives is becoming increasingly challenging given

Corporations across nearly every industry are under constant fire from multi-front social assaults

ima

ge

by

pe

te

rs

on

pJ


T E C H F O R G O V E R N A N C E | s O C i A l m E d i A

and process the entire relevant open social universe, enterprises are turning to power-ful streaming “big data” processing at over one billion operations per second to collect, filter, classify and identify relevant threats in real time.

Complex Concept Modeling: Traditional Boolean keyword lists used by social moni-toring tools will find isolated threats. The challenge is identifying the unspecified, unknown and veiled threats. With enter-prise risks coming from all directions in all shapes and sizes concept models are required to identify the thousands of ways these threats are presented.

Discovery Engine: Beyond concept modeling, corporations realise they require a systematic intelligence to “learn” the new and emerging ways threats are presented. Advanced discovery technology delivers this, unveiling masked threats, the nature of which may be completely unknown to the enterprise.

Deep Intelligence Expertise: Many leading companies are also now relying on dedicat-ed Social Intelligence Centers from expert analysts who strategically serve as a ‘round-the-clock’ extension of the corporation’s internal team for advanced threat detection, analysis and notification. These expert teams “watch the back” of the corporation, using the advanced technology systems to identify and alert the enterprise of emerging threats in real-time.

Central Command: Successful social intel-ligence operations are engaging advanced centrail command centers like the one pic-tured below. This serves as a convergence point for all of the above components to detect, analyse, identify and deliver the intel-ligence in real-time.

Unveiling the ThreatsLet’s look at an example, below is an influ-encer map of activists currently targeting the beverage industry with a variety of campaigns focusing on issues ranging from soda tax to decreased portion size to sweeteners. Many in the beverage industry believe that these activists and influencers are independent and isolated in their ini-tiatives, working on their own to promote their individual causes. However, using advanced social intelligence technology these influencers can not only be identified,

but also connected, revealing a complex, veiled network of relationships between these influencers and activists displaying a sophisticated initiative strategically target-ing the beverage industry.

What’s even more concerning to the established beverage industry leaders is that an emerging disruptive competitor, SodaS-tream, which is targeting the carbonated bev-erage industry with their home carbonated beverage machines has partnered with Alex Bogusky, former co-chairman of ad agency Crispin, Porter + Bogusky, which ironically developed advertising for Coke Zero under his tenure. Now an activist against the bev-erage industry, Bogusky develops activist campaigns against the industry like his viral video chastising his former client, Coca-Cola, using their ad campaign polar bears to make a statement on the health effects of soda consumption. Previously, SodaStream relied on Bogusky to create their Super Bowl ad targeting soda manufacturers for the amount of plastic bottles they produce. The ad directly attacks the industry’s market leaders with exploding bottles as consumers use SodaStream’s product.

Bogusky’s activism approach delivers SodaStream a direct, aggressive channel that many large, traditional competitors would not employ. Bogusky also delivers SodaStream the advantage of his exten-sive, sympathetic social network (pictured) which includes a variety of activists target-ing an array of causes against the beverage industry’s leading providers, ranging from portion size, bottle elimination and sugars

to soda taxes and an array of health issues. This network spans activists and advocates across the media, academic, entertainment, health, government and corporate sectors, which Bogusky leverages to bring further pressure against the beverage market’s leaders, providing a greater advantage for SodaStream. Mapping these activist relationships unveils a massive “stealth” network that reaches tens of millions of consumers via the open social universe, and is often working in concert against the corporation sometimes in partnership with an emerging disruptive competitor, like SodaStream. Despite their differing causes against the beverage industry, most of these individual activists share a common objec-tive to damage or even destroy the major providers of carbonated beverages, a shared objective with their disruptive competitor SodaStream.

Empowering the EnterpriseThe complexity of these competitive forces is nearly impossible to identify, map and understand using traditional methods. However, as companies are now faced with the critical need to gain insight into these new types of veiled, aggressive competitive threats, more enterprises are relying on advanced social intelligence to identify, map and track them individually and collectively to help guide their strategic plans and deci-sions. This type of insight empowers cor-porations to immediately understand both established and emerging threats, allowing the organisation to strategically plan, coor-dinate and engage appropriately to mitigate risks across the enterprise. This approach provides the corporation with clear visibility of the complex risks facing their business, but also enables it to protect and grow the business. Never before have corporations seen the volume or complexity of threats facilitated by social. Gaining immediate insight and visibility into these risks on a complete and real-time basis is now criti-cal to allow organisations to strategically respond to mitigate risks, diffuse threats and protect the overall enterprise.

— The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.

The challenge is identifying the unspecified, unknown and veiled threats. With enterprise risks coming from all directions in all shapes and sizes concept models are required to identify the thousands of ways these threats are presented

Stay ahead of your peers.Grab this unfair advantage

GET IT NOW!

SESSIONS WILL COVER Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise

services/infrastructure Thinking strategically about IT Leadership in the corporate context

Platinum Partner

technologyPartner

PrinciPalPartner

PremierPartner

neXt100 BookPartner

Download the NEXT100 app on your phone or tablet, and register for Pocket CIO program. Access the latest white papers and case studies, and watch videos

REGISTER THROUGH MOBILE APP

City&Date

delhi ncr 20th–21st

sePtemBer

MUMBAi 4th – 5th

octoBer

BenGAlUrU25th – 26thoctoBer

APPLY NOW !www.itneXt.in/neXt100

The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environment ITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and soft-skills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs.

eVeNt By


in association with

p r e s e n t s


VIEWPOINT

Managed service providers know they want to offer exemplary custom-er-focused hosted services including apps and hosted desktops. But these firms (players ranging from niche players to global Telcos) also all strug-gle with the same questions: What are the right services to lead with? What customer sizes should I pursue in what markets? Does market geogra-phy matter? How and when should I expand my services offers?

Arriving at the proper initial Service Definition is critical to answering most of these questions so as to enter the market most intelligently. That is, what initial service portfolio is best to select? During the service definition, service providers almost always boil-down the options to three potential categories to offer:n A generic “horizontal” hosted

desktopn A market-specific “vertical” hosted

desktopn Custom services to design bespoke

desktops to meet customer needsIn this Blog I’ll try to address the

service definition decision points (and pitfalls) we at Citrix recommend, as

defined vertical or industry, (b) exist-ing experience in a specialized area such as security, compliance, regula-tion, etc., (c) a sales force that knows how to sell into that vertical/industry/specialization, and /or (d) a marketing and demand generation focus in that vertical/industry/specialisation. If you can say you have strength in one or more of these domains, then offering a “vertical” hosted app or desktop ser-vice into that market might be a logi-cal line extension for the firm.

The next-level decisionsThat leaves the decision to initially enter the market with a more generic/horizontal offer. (Not to say that you can’t offer small/medium/large vari-ants for example, or generic offers that cater to special needs such as security, compliance and regulatory needs, per above). In this manner you position the hosted service as an up-sell opportunity to your existing cus-tomers and sales force. And as you do so, you’ll also gain important experi-ence and learnings about creating, offering and supporting a high-value hosted service.

well as those with which we see most frequent successes.

The first top-level decision The first recommendation I always make, is to avoid starting with option #3 – leading with a custom hosted desktop offer. Although custom technology design is at the heart of many MSPs’ differentiation, the abil-ity to scale is absolutely critical to a profitable initial desktop offer… and a “custom” strategy doesn’t scale. Implementing hosted desktops is not trivial – and customisation is not, either. Leading with a labor-intensive custom offer will likely strip profitabil-ity from initial projects and jeopardise any follow-on business.

That leaves the question: Offer a vertical (market-specific) offer vs. offer a horizontal (generic) desktop?

My recommendation is this: No matter what your size, unless your firm already has strength and experi-ence in a vertical market, lead with a horizontal solution.

By “strength” in a vertical market, I mean you have at least (a) existing offers and customers in a clearly

Where to Begin Most hosted desktop

providers should enter the market with a “generic” or

general-purpose offer illu

st

ra

tio

n B

Y m

an

av

sa

ch

de

v

kEN OEsTrEIch

about the author: Ken Oestreich

is a marketing

and product

management

veteran in the

enterprise IT and

data centre space,

with a career

spanning start-ups

to established

vendors.

C

M

Y

CM

MY

CY

CMY

K

manufacturing_cio_leader.pdf 3 03-09-2013 PM 06:30:43

www.lenovo.com/in/en | 1800-3000-9990 | [email protected] your business the ThinkPad advantage

20 YEARS OF LEADERSHIPTHROUGH INNOVATION

Lenovo reserves the right to correct any errors, inaccuracies or omissions and to change or update information at any time, without prior notice. Trademarks: The following are trademarks or registered trademarks of Lenovo: Lenovo, the Lenovo logo, For Those Who Do and ThinkPad. Microso� and Windows are registered trademarks of Microso� Corporation. Other company, product and service names may be trademarks or service marks of others. ©2013 Lenovo. All rights reserved. AP _ IND _ PRN _ Q2-14 _ 36700 _ CIO 28x21

THINKPAD OUTTHINKS FALLS AND BUMPS WITH MAGNESIUM-ALLOY ROLL CAGE.The Lenovo ThinkPad® features a unique magnesium-alloy roll cagethat protects the HDD from falls and bumps. This prevents any damageto the critical components and keeps your data safe.

WHEN YOUR THINKPAD TAKES A KNOCK, THE DATA DOESN’T GET KNOCKED OUT.

Lenovo® recommends Windows 8 Pro.

Crash zones

Impactpoints

Tough chassis

Documents

Volume 02 Issue 11 executive peers Pg 18 Pg 42 September ......Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers