cto forum may 7th, 2011

Technology for Growth and Governance

cT

o

fo

ru

mVolum

e 06 | Issue 18

May | 07 | 2011 | 50Volume 06 | Issue 18

Cl

ou

d S

tr

at

eg

y: Wh

at

a C

Io N

ee

dS

to

KN

oW

| th

e h

oly

gr

aIl

of

INf

or

ma

tIo

N S

eC

ur

Ity

| he

dg

INg

fu

tu

re

eN

er

gy

Co

St

S

A 9.9 Media Publication

No Holds Barred

APTs Need a Comprehensive Architecture Page 42

I BelIeVe

Dare to be DisruptivePage 04

Best of Breed

IG is Everyone’s Problem Now7

Servers and switches are on the backburner. Indian CIOs are now talking about RoI and TCO.

But is it all that they need to break into the C-suite? | Page 26

1 07 MAY 2011 cto forumThe Chief

TeChnologyoffiCer forum

editorialRahul Neel MaNi | [email protected]

From Today to Now – How technology

will shape our lives!The time is not far when these screens will merge into one (one screen for all) and become a lot more participative, interac-tive and responsive.

Similarly, there is a visible shift from simple web pages to live streaming. it is not untrue that a static web page will van-ish soon. Twitter, facebook and rrS feeds have already done half the work. This whole revolution is pointing towards a new future…A future that will move away from ‘PC to cloud’, from ‘me to we’ and from ‘today to now’.

During my recent visit to the united States, i got

an opportunity to hear and personally meet Kevin Kelly - Senior maverick and founding executive editor of the famous ‘Wired’ magazine. other things aside, Kevin is most known for his ongoing campaign to create a full inventory of all living spe-cies on earth. The goal of this campaign is to make an attempt at an "all species" web-based catalog in just one generation. in very simple language, Kevin explained ‘six’ major trends that

6. generating information instead of copyingit was mesmerising to hear

Kevin during that one hour. And in the end he made a motherhood statement: “Wherever the attention flows, money follows.”

The statement has deep-rooted connotations. given the speed with which technology is changing and advancing, it's arguably true that change too will come about faster. And most of the above mentioned six trends are certainly the areas where human attention is flow-ing. Talk about any one or each one of them. Screens are the most apt example of where the attention is flowing today. Be it screens of the PC, TV, Tablet or mobile, humans seem to be caressing them more often than anything else. So much so that the whole focus of advertising has shifted to those screens.

will shape up the technology universe in the future.

The trends he mentioned are: 1. growing number of screens

around us and how we deal with them

2. growing importance of inter-activity – a two way street

3 .Sharing of information through cloud and wide-spread networks

4. Death of web pages and advent of live streams like twitter, facebook and rSS

5. Access replacing the owner-ship of digital stuff

editor's pick04

Dare to be DisruptiveIt is more satisfying to join a team in trouble and lead it to success. As a leader, a CIO should be challenging his peers and team to achieve more.

2 07 may 2011 cto forum The Chief


may 11

Cover Story

26 |Back to the Future Indian CIOs have started talking about RoI and TCO. But is it all that they need to break into the C-suite?

COpyRIghT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive pvt Ltd. is prohibited. printed and published by Kanak ghosh for Nine Dot Nine Interactive pvt Ltd, C/o Kakson house, plot printed at Silverpoint press pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706

ColumnS04 | I belIeve: Dare To be DIsrupTIve As a leader, a Cio should be challenging his peers and team to achieve more.

By AniruddhA PAul

56 | vIew poInT: The haTreD of sofTware lIcensInglicensing policies are one of the most hated in any organisation.

By steve duPlessie

FeatureS46 | Tech for governanceInformaTIon securITy polIcIes anD proceDures Policies are integral to any security programme.By AlexAnder hAmerstone

Please Recycle This Magazine And Remove Inserts Before

Recycling

Co

ve

r D

eSi

gn

by

Pc

aN

oo

P

co Nte Nt s theCtoForum.Com

26

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das Mathur

EditorialEditor-in-chief: Rahul Neel Mani

Executive Editor: Yashvendra SinghSenior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal

dEsignSr. Creative Director: Jayan K Narayanan

Art Director: Binesh Sreedharan Associate Art Director: Anil VK

Sr. Visualiser: PC Anoop Sr. Designers: Prasanth TR, Anil T, Joffy Jose

Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange Designers: Sristi Maurya, Suneesh K, Shigil N & Charu Dwivedi

Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

advisory PanElAnil Garg, CIO, Dabur

David Briskman, CIO, RanbaxyMani Mulki, CIO, Pidilite

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Country Head, Emerging Technology-Business

Innovation Group, Tata TeleServicesVijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

Vijay Mehra, CIO, Cairns Energy

salEs & MarkEtingNational Manager-Events and Special Projects:

Mahantesh Godi (09880436623)Product Manager: Rachit Kinger (9818860797)

GM South: Vinodh K (09740714817)Senior Manager Sales (South):

Ashish Kumar SinghGM North: Lalit Arun (09582262959)

GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284)

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Production Executive: Vilas MhatreLogistics: MP Singh, Mohd. Ansari,

Shashi Shekhar Singh

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul

Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd., A-403, TTC Ind. Area, Near Anthony Motors, Mahape,

Navi Mumbai-400701, District Thane.Editor: Anuradha Das Mathur

For any customer queries and assistance please contact [email protected]

www.thectoforum.com

37 | nexT horIzons: green IT, beyonD The DaTacenTreThe less obvious ways Cios can contribute to corporate sustainability. By Chris BoormAn

regularS

01 | eDITorIal08 | enTerprIse

rounD-up

advertisers’ index

IBM IFC SCHNEIDER 05SCHNEIDER 07SAS 11JUNIPER 13EMC 25DELL IBCMICROSOFT BC

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

42 | no holDs barreD: sTeve robInson, gm, worlDwIDe, Ibm securITy soluTIons, on the reasons for the company's continued growth.

42

a queStion oF anSwerS

14 | “We are the catalysts for cloud deployments” Josh Tseng - Technical Director, Riverbed, talks about the growing market of WAN optimisation and the company's focus areas.

37

14

I BelIeve



The auThor BrIngs 19 years of experience to his job, as Head, IT Change Delivery, at ING

Vysya Bank Ltd. Paul is currently in charge of IT enabled business transformation at the bank.

By anIruddha Paul IT-Head, ING Vysya Bank Ltd

currentchallenge

planning for the next set of it change initiatives to help take ing vysya bank to the next level.

lesson that i learnt early on in my career, when i was with a premier organisation in the iT solutions space. i was a solutions expert, based in Pune, as part of a team ser-vicing the enterprises in the indus-trial belt in the region. An important reason i was there was that the com-pany was trying to turn around the business in the region.

one day, around the time we were working on presenting the next year's plan, including revenue targets and so on, a senior execu-tive walked in and wanted to know what we would achieve the following year. When this executive, whose role included the responsibility for the company’s performance in the region, heard we were expecting to grow a certain rate, he challenged us: “how can you say this, when the least i expect is that you grow at a rate that will put you on par with the kind of market share the company enjoys elsewhere?”

There was a lot of consternation in the team, with people grumbling “how can he ask this of us, when he knows of all the constraints faced by us in this region?” and so on. What the executive wanted was for us to grow not the 10-odd percent we thought was realistic, but the 400 percent needed to bring the company’s share in this weak region on par with the zones where it enjoyed as much as 30 percent market share.

The moral of the story is that in this case, the supervisor was con-vinced it was do-able and wouldn’t take no for an answer: sure enough, while it took us the next two to three years, we did bring the company’s market share in the region up to the level he’d envisaged.

if, when required, a leader is not disruptive enough in challenging his peers and his team, the organisation he works for will suffer.

a quesTIon that i always ask myself and my team is, 'Do you think you can be considered a success just by being a part of a successful organization or would you rather be remembered by joining a team in trouble and helping them achieve success?’

The latter is significantly tougher but infinitely more satisfying.The key to being a turnaround artist is being disruptive, and this is a

Dare To Be Disruptiveas a leader, a cIO should be challenging his peers and team to achieve more.

Ph

ot

o b

y R

ad

ha

kR

ish

na

LETTERS

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how

to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

WhaT aRE ThE aTTRIbUTES Of a gOOd CTO? WhaT aRE ThE pREREqUISITES fOR a CTO ROLE ?

I see the CTO's role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT strategy of the business.RIChaRd WaRd, Head of Technical, WIN Plc

view it as a profit centre

“The role of CIOs is to become a bridge between a company's business strategy and the enabling technology architecture.”

To read the full story go to: http://www.thectoforum.com/content/view-it-a-profit-centre

CTOf Connect Harvinder S Rajwant, Vice President, Borderless Networks – Security, Cisco Systems talks to Varun Aggarwal about the increasing threats on the mobile platform, fired up by 3G.http://www.thectoforum.com/content/3g-devices-will-attract-more-cyber-scamsters

OpiniOn

ajay satyarthisenior GM-it, videocon telecoMMunications ltd.

CTOforum LinkedIn groupJoin close to 700 CIOs on the CTO Forum LinkedIn group

for latest news and hot enterprise technology discussions.

Share your thoughts, participate in discussions and win

prizes for the most valuable contribution. You can join The

CTOForum group at:

www.linkedin.com/

groups?mostpopular=&gid=2580450

Some of the hot discussions on the group are:The Cloud is all air and no substance

Do you think cloud is going to die a quick death of SOA

or is it going to make big headway into the enterprise? Is

it old wine in a new bottle? What does it lack in making a

convincing case?

Its real and all about today and tomorrow.

However, you have to bring it back to a realistic service

that gives tangible benefits.

There are a great deal of 'cowboy' stories and not many

who really understand it.

—Ronald Kunneman, Director at Digitra

a CIO should connect business strategy with tech architecture.

26 21 APRIL 2011 CTO FORUM THE CHIEF

TECHNOLOGYOFFICER FORUM

L E A D E RS H I P COVE R S TORY

WOMEN LEADERS

Making the Cut

To boost team productivity, a large number of organisations today want to bridge gender diversity at all levels. They have realised women have those extra qualities that men lack.

Women by nature are team players and possess the strength of getting into details to solve problems. They have more patience, and can take higher levels of stress, irrespec-

tive of whether it is home or workplace. Women bring in that required focus and commitment to finish the job on time. The reason for this could be that they have another job to be done at home.

Attributes such as self belief and a fighter attitude are common for both males and females to succeed in any sphere of life. However, for women, unflinching support from the family is of utmost importance to make it big in life. There is a saying that behind every successful man there is a woman. Likewise, behind every successful woman, there is a complete family.

Professions with odd working hours have always deterred women from taking them up. In the field of IT, there are a sizeable number of women in the applications development and support space but few in the area of network infrastructure. The running around and late nights associated with network management comes across as a big deterrent for women.

For a woman CIO to be competent, she needs to have a complete knowl-edge of application, infrastructure and security. Till now, infrastructure had been a grey area for women. Going ahead, this scenario could change with improvements in areas of social networking, video conferencing and remote management. There are tools that enable one to remotely manage the network without being present in office.

While the next generation of women CIO aspirants could find the going easy with these new developments, there has been a generation of women CIOs that has done the tough act of balancing home and office, broken the glass ceiling, overcome all odds, and emerged triumphant

In the following pages, you will come across women CIOs who took the path less traveled and excelled in their endeavours.

AMRITA GANGOTRADirector – IT, India & South Asia, Bharti Airtel

ANNIE MATHEWCIO, Mother Dairy

REENA MALHOTRADeputy General Manager (IT), MTNL.

VANDANA AVANTSACIO, Motherson Sumi Systems

PUNEET KAUR KOHLICIO, Marvel Group

NEENA PAHUJACIO, Max Healthcare

ASMITA JUNNARKARCIO, Voltas

L E A D E RS H I P COVE R S TORY

A few women have broken into the male bastion called CIO. They are role models for a whole new generation of aspiring women IT leaders.By Yashvendra Singh

26 21 APRIL 2011 CTO FORUM THE CHIEF

TECHNOLOGYOFFICER FORUM 27 21 APRIL 2011

CTO FORUMTHE CHIEF TECHNOLOGY

OFFICER FORUMIM

AG

ING

BY

PC

AN

OO

P

COVE R S TORY L E A D E RS H I P

Technology for Growth and Governance

CT

O

FO

RU

M

Volume 06 | Issue 17

April | 21 | 2011 | 50Volume 06 | Issue 17

TH

E IM

PO

RTA

NT

3Cs F

OR

A C

IO | T

HE

DIF

FE

RE

NC

E B

ET

WE

EN

DO

ING

IT A

ND

INF

OS

EC

| VAL

UE

OF

INN

OVA

TIO

N

A 9.9 Media Publication

Women LeadersMaking the Cut

THOUGHT LEADERLegal ChallengesWith Cloud Computing PAGE 50

I BELIEVE

View IT as a Profit CentrePAGE 04

NEXT HORIZON

ParallelisedData Mining SecurityPAGE 44

A few women have broken into the male bastion called

CIO. They are role models for a whole new generation

of aspiring women IT leaders. | PAGE 26Amrita GangotraDirector – IT, India & South Asia, Bharti Airtel Annie MathewCIO, Mother Dairy

Asmita JunnarkarCIO, Voltas





Enterprise

Round-up

news InsIde

Brocade Unveils Vision for the Virtual

enterprise Pg 10

Users’ data stolen in an attack on sony Playstation network

Cloud Service Sourcing Immature and Risky Gartner's special report examines key issues facing the future of cloud sourcing.ThE $820 billion iT services market is changing quickly and dramatically, as cloud computing and offshoring become mainstream, and senior iT man-agers should take steps to manage inherent risks and unexpected costs during the cloud services revolution, according to gartner.

During the next few years, market dynamics will determine whether cloud-enabled outsourcing will be the demise of traditional outsourcing, if it will lead to the convergence of services and products currently marketed "as a service," or if it will result in next-generation outsourcing.

Cloud-driven business and iT services include all types of solution that are developed, bundled and packaged as outsourcing service offerings for which the business or iT service provider uses one or more cloud computing technologies within the solution's overall architecture. gartner refers to these services as "cloud-enabled outsourcing service offerings." These services can be deliv-ered directly by a cloud provider or via a service aggregator for the delivery of pre-engineered and configurable business solutions in a timely and cost-effective manner.

77data BrIefInG

Million

Illu

st

ra

tIo

n B

Y s

hIg

Il n

E nt E r pr i s E ro u n d - u p

9 07 may 2011 cto forumThe Chief


North Korea was responsible for paralysing the national agricultural Cooperative federation’s computer network in april in a second online attack in two months linked to the Kim Jong II regime, the seoul Central district Prosecutors’ Office has said.

QUICK Byte On seCUrIty

aPeJ it services Market to reach $52.9 Billion by 2011 year on year growth of 8.7 percent.ThE ToTal Asia Pacific excluding Japan (APeJ) iT Services spending in 2011 is expected to grow by 8.7 percent over 2010 riding on dual waves of outsourcing ser-vices (especially on the application side) and new iT projects specifically on “Cloud” and “Smart infrastructure”, finds Springboard research, a leading innovator in the iT market research industry. The Springboard research report “APeJ iT Services report - 2010” further found that the market is estimated to reach 52.9 billion by 2011, with China, Australia and india contributing 72 percent to the total spending.

The research shows that 64 percent of the iT services spending come from dis-crete services, majorly infrastructure support and integration related services and the remaining 36 percent from outsourcing services.

Developing countries like india and China are also leapfrogging and adopting these new technologies and business models while driving the markets’ volume, thanks to a fast adoption of more traditional services such as managed services (india) and iT out-sourcing (China). These cumulatively drive the growth of iT Services in the region.

As cloud computing continue to gain market prominence, everything is increas-ingly being packaged / productised as a service to replace CAPeX outlays in favor of more variable oPeX spending.

Sony Corp.'s recent inability to protect the personal information of over 77 million of its PlayStation Net-work users highlights the risk of data leaks via hugely popular online gaming systems."I deeply apologise to our very important customers for causing trouble," Sony Executive Vice President Kazuo Hirai said with a deep bow at a press conference.

—Kazuo Hirai, Group

CEO, Sony Computer

Entertainment Inc.

“We apologise for the inconvenience that this matter has caused consumers and for the potential unsolicited emails that may occur as a result of this incident. We are taking immediate action to develop corrective measures intended

to restore client confidence in our business and in turn regain their customers’

confidence.”

they said it

kaZUo hirai

ph

ot

o B

Y p

ho

to

s.c

om

ph

ot

o B

Y p

ho

to

s.c

om




Brocade Unveils Vision for the Virtual Enterprise Introduces Brocade CloudPlex, an open architecture for Cloud-Optimised networks.BRocadE has introduced a new technol-ogy architecture that outlines the com-pany’s vision and the technology invest-ments it will make to help its customers evolve their data centers and iT resources and migrate them to the “Virtual enter-prise”. Brocade intends to deliver on this vision through the Brocade CloudPlex architecture, an open, extensible frame-work intended to enable customers to build the next generation of distributed and virtualised data centers in a simple, evolutionary way that preserves their abil-ity to dictate all aspects of the migration.

What is unique about the Brocade Cloud-plex architecture is that it is both the foundation for integrated compute blocks, but it also embraces a customer’s existing multi-vendor infrastructure to unify all of their assets into a single compute and storage domain.

Brocade CloudPlex meets the goal of the Brocade one strategy, designed to help companies transition smoothly to a world where information and applications can reside anywhere by delivering solutions that deliver unmatched simplicity, non-stop performance, application optimisa-

Estonia has the freest Inter-net, with a restriction of just 10 points, followed by the US with a restriction score of 13. The most restricted Internet is for users in Iran, Cuba and China.

tion and investment protection. Virtuali-sation has fundamentally changed the nature of applications by detaching them from their underlying iT infrastructure and introducing a high degree of applica-tion mobility across the entire enterprise,” said Dave Stevens, chief technology offi-cer at Brocade. “This is the concept of the ‘Virtual enterprise’ that we feel unleashes the true potential of cloud computing in all its forms – private, hybrid and public.” Through the CloudPlex architecture, Bro-cade will help its customers scale their iT environments from managing hundreds of virtual machines (Vms) in certain class-es of servers to tens of thousands of Vms that are distributed and mobilised across their entire enterprise and throughout the cloud. According to gartner, the expan-sion of Vms not only improves automa-tion and reduces operational expenses, it is the primary requirement for iT organi-sations to migrate to cloud architectures.

gartner advises that “iT organisations pursuing virtualisation should have an over-all strategic plan for cloud computing and a roadmap for the future, and should plan proactively. further, these organisations must focus on management and process change to manage virtual resources, and to manage the speed that virtualisation enables, to avoid virtualisation sprawl.”

The Brocade Cloudplex architecture will define the stages and the components from Brocade and its partners that are required to get to the Virtual enterprise. The stages comprise three main catego-ries – fabrics, globalisation and open technologies – with some of these compo-nents being available today while others are in development or on the roadmap of Brocade’s engineering priorities.

The currently available components are: networks comprised of ethernet fabrics and fibre Channel fabrics as the flat, fast and simple foundation designed to scale to highly virtualised iT environments

multiprotocol fabric adapters for simpli-fied server i/o consolidation

high-performance application delivery products necessary for load balancing net-work traffic across distributed data centers.

GlOBal traCKer

Freedom of Internet Use

so

ur

cE

: ‘F

rE

Ed

om

on

th

E n

Et

’ (F

ot

n)

rE

po

rt

BY

th

E F

rE

Ed

om

In

st

Itu

tE

Fo

r 2

011

Illu

st

ra

tIo

n B

Y s

hIg

Il n

1013




Google chrome eyes 12 Percent share chrome os to be launched soon.

container dc

cisco systems is moving its

unified computing sys-

tem, or ucs, into the portable

container data center market,

similar to what IBm, the former

sun microsystems (now part of

oracle), hewlett-packard, dell-

microsoft and sgI (formerly

rackable) have been doing for

the last seven or eight years.

on may 2, the company said

it has now made available the

cisco containerised data cen-

ter as an alternative to address

the computing and networking

needs of both public and pri-

vate sector organisations. this

intended development was first

announced in march 2010.

this gives cisco another way

to sell its ucs—a pre-config-

ured It hardware and software

package upon which the com-

pany has been banking heav-

ily to expand its market reach.

the ucs' network-centric data

center infrastructure authorises

partners such as Emc, Bmc,

netapp, Vmware and Intel to

provide components that cisco

does not make.

these portable data centers

come in standard 40 by 8 feet

and smaller-size 20 by 8 feet

shipping containers for transport

on ships and trucks. all the nec-

essary servers, storage and net-

working equipment are crammed

into these containers; all that's

needed on location are electrical

power and cooling-fluid sources.

GooGlE's chrome Web browser

notched 11.9 percent market share

through april, a modest gain from 11.5

percent through march, according to

net applications.

apple's safari share grew to 7.1 per-

cent from 6.6 percent through april.

there were no big market share los-

ers for the month, though chrome

appeared to continue to nip at its rivals.

WoRldWidE end-user spending on iT ser-vices totaled $793 million in 2010, a 3.1 percent increase from 2009 revenue of $769 billion, according to gartner."There is little doubt that the effects of the global recession of 2008 and 2009 are still very much being felt, but the market for iT ser-vices bounced back in 2010 after a 5.1 percent revenue decline in 2009," said Kathryn hale, research vice president at gartner.

iBm retained its no. 1 market share position

worldwide it services revenues returned to Growth in 2010Increased 3.1 percent to $793 Billion in 2010.

faCt tICKer

microsoft Internet Explorer contin-

ued to lose share, dipping from 55.9

percent to 55.1 percent for the month.

IE 9 has doubled its usage share on

the new Windows 7 platform from 3.6

percent last month to 7.5 percent in

april. mozilla Firefox dropped a bit to

21.8 percent from 21.6 percent.

google's chrome team is launch-

ing a new stable release every few

weeks, though it is unclear if this is

helping market share. google march

22 launched chrome 11 to its chrome

beta channel with support for the

html5 speech input apI.

the stable version of the browser

just revved with 27 new bug fixes,

with bug hunters earning $16,500

for their finds as part of the chrome

rewards program.

chrome has been growing steadily

for the last year. the browser will be

interesting to track once computers

based on the chrome operating sys-

tem roll out in June or July as promised.

in iT services in 2010, with a revenue increase of 2.6 percent returning $56.4 billion in rev-enue and accounting for 7.1 percent of the market (see Table 1). With arguably the weakest revenue performance in the top five, hP grew its iT services revenue less than $100 million, or 0.3 percent, in 2010.

fujitsu, at 3.5 percent annual growth in iT ser-vices and revenue of $24.1 billion had a solid year in 2010 in u.S. dollar terms. Accenture returned perhaps the strongest numbers within the top 10 in 2010, growing revenue $1.3 billion to $22.2 bil-lion, a growth rate of 6.1 percent.

"Among the more than 300 vendors tracked, acquisitions affected more than 10 percent of total revenue, in a market where no provider has more than 7 percent market share," said Dean Black-more, senior research analyst at gartner.

"Although global sourcing makes the location of a provider's headquarters increasingly less rele-vant, we found that india-based vendors continue to grow above the market average and, therefore, continue to gain market share," Blackmore said. "in a market that grew 3.1 percent in 2010, india-based vendors collectively grew 18.9 percent, increasing their market share from 4.8 percent in 2009 to 5.5 percent in 2010."

Software support showed the highest growth in 2010 at 6.6 percent. Weaker performances came from process management and hardware support, both of which grew approximately 1 percent less than expected growth.

Consulting and development/integration servic-es came in slightly above expectations as organi-sations that had put investments on hold began investing again in 2010, particularly in the second half of the year.

Illu

st

ra

tIo

n B

Y p

ho

to

s.c

om

A Q u e s t i o n o f An swe rs PE RSO N ' S N A M E



Eyeing Growth: With WAN optimisation gaining popularity, Riverbed will be expanding its layer 7 capabilities.



J O S h T S E N g A Q u e s t i o n o f An swe rs

Josh TsEnG | RiveRbed

catalysts for cloud deployments”

With the advent of cloud, organisations are increasingly looking at how they can optimise their WAN infrastructure. Varun Aggarwal spoke to Josh Tseng - Technical Director, Riverbed, about the growing market of WAN optimisation and the company's focus areas.

What are the key trends that you see in WAN optimisation?

WAn optimisation is one of the fastest growing markets in iT and riverbed is a leader in the market. now it’s a major market projected by iDC and many other analysts, and is growing at a significant rate. The total market today is estimated at more than a billion dollars and going to grow even more. The rea-son for this growth is additional product and technology. This is a technology adopted by many com-panies, 80 out of 100 top companies are our customers. But there is lot of innovation that can take place.

What kind of innovation can we expect to see in

this space?The enterprise environment is a very diverse environment. every application works in a different way and thus WAn optimisation is incomplete without a tighter integration with these applications. What is key for WAn optimisation is to become more aware at layer 7 of the TCP/iP protocol. The app level intelligence is the area where there is lot of scope in terms of innovation. however, you need to invest into developers, engineers, test facilities etc to do this and riv-

erbed is in the right position to do that. Tighter application integration would be our key focus area.

What are the new developments in the cloud

computing space?We have a number of products for the cloud. Currently we are working with Amazon for our riverbed Cloud Steelhead. The product is purpose-built for public cloud computing environments. We released the prod-uct for Amazon and going forward we will target other cloud providers.

one of the major challenges with cloud computing is sending and

“We are the



A Q u e s t i o n o f An swe rs J O S h T S E N g

receiving large volumes of data, putting tremendous pressures on the bandwidth requirements. for this, we’ve come out with riverbed Whitewater, which is a deduplica-tion solution for cloud storage. it helps in providing optimisation and deduplication to minimise data transfer bandwidth and stor-age capacity needed. This solu-tion is the most granular solution available in the industry with data chunks as small as 100 bytes. Because we can recognise byte level repetitive patterns, our solu-tions require you to transfer the least amount of data to the cloud, saving both bandwidths as well as cloud storage costs.

How much do you think has cloud computing affected

WAN optimisation market?While cloud computing has fueled the growth of WAn optimisation, the reverse holds true as well. for example, our products are consid-ered by many of our customers as a pre-requisite for moving to the cloud. We have customers telling microsoft, Amazon and google that they will not move to the cloud unless these companies have riv-erbed in their data centre. And this includes several fortune 500 com-panies. our leading customers are already adopting cloud computing and as more and more enterprises move into cloud, they will realise that moving without WAn optimisa-tion is difficult.

Amazon’s N. Virginia data centre suffered a cyber

attack recently, which actually led to many customers losing their data. What kind of impact would this event have on cloud computing?Amazon has to learn a lot internal-ly. i think clouds are still evolving and trying to build the right pro-cesses. however, what happened to Amazon could have happened to any private data centre. That was

Are SMBs and enterprises both looking at cloud?

Adoption is growing leaps and bounds in the uS. The uS is leading in tech innova-tion and many fortune 500 companies are moving into cloud and testing riverbed with it. many of them are also doing pilots. Showing the increase growth of clouds, analysts say that Amazon’s rev-enues from cloud would exceed its retail revenues in just a couple of years.

What are Riverbed’s focus areas?We would be looking at expanding

our layer 7 capabilities, ie. tighter integra-tion with enterprise applications. We are also positioning ourselves as catalysts for those who want to move into cloud.

WAn optimisation is going to be highly popular. WAn optimisation solutions enable organisations to run business faster and more efficiently, saving time and cutting the cost of iT infrastructure. There is a continued need for WAn optimisation in india and riverbed is best suited to meet the needs of the enterprises. We are also making sure that we offer most advanced capabilities to our customers. for this, we release the largest number of software updates compared to our competition at any given time.

unfortunate event. Amazon needs to spend time with iT professionals and put in place the right processes, hence, minimising the risks. They also have to put in place new data centres and improve redundancy for risk management.

risks have to be covered. The attack was is a lesson to be learnt. Some enterprises will never go for external data centre because of sensi-tive data. for eg. banks are least likely to move into (public) cloud.

What measures can enterprises take to prevent

data loss over cloud?Primary data will be the responsi-bility of the cloud provider. But as far as secondary data or the backup and archival data is concerned, enterprises need to deploy solutions like riverbed Whitewater for cloud storage. With least amount of data redundancy, organisations would have higher budgets to have mirror images of their data with different cloud providers. Therefore, even in case all the data centres of one cloud provider go down, you’ll still have your data intact with another cloud provider.

“WAn optimisation solutions help companies run faster and more efficiently, thereby saving time.”

WAn

optimisation is

one of the fastest

growing markets

in IT.

The key to WAN

optimisation is

to become more

aware at layer

7 of the TCP/IP

protocol.

While cloud

computing

has fueled the

growth of WAN

optimisation, the

reverse holds

true as well.

thiNgs i Believe iN



Best of

Breed

in my earlier column, Making the Case for Information Governance (in the 7 march, 2011 issue) we looked at three reasons that informa-tion governance (ig) make sense:

1.We can't keep everything forever;2.We can't throw everything away; and3.e-Discovery.in this column, i want to build on this list by

IG is everyone's Problem NowMore reasons why CIO should be investing in IG. By Barclay Blair

adding three more reasons why Cios should be investing in ig:

reason 4: Your employees are asking for it if you just listen“When you start to actively address your organisa-tion's information overload challenges and give peo-ple the guidance and tools they need to work more

medium businesses in india are currently using smart phones.

54%Data BrIefInG

Cloud's transformation: the Softer Side Pg 24

amazon, the Media and the future of Cloud Pg 20

featureS InSIDe

Illu

st

ra

tIo

n B

Y a

nIl

t

Cloud Strategy: What a CIO needs to Know Pg 22



B E S t o f Br E E D i n f o r m at i o n g ove rn a n ce

effectively, amazing things happen. They start to make better decisions. They finish projects faster. They generate new ideas. And they drive business growth.”

- Basex information overload exposure Assessment

ig makes sense because it helps knowl-edge workers separate “signal” from “noise” in their information flows. By helping organisations focus on the most valuable information, ig improves information delivery and improves productivity.

Study after study shows that most knowl-edge workers feel overwhelmed by the amount of information they have to deal with. one Aiim international study found that “sheer overload” is the biggest problem with email as a business tool. [i] Another study says that most professionals spent way too much time looking for informa-tion and feel they could not handle any “increases in information flow.”[ii] yet another study claims that companies in the u.S. lose $900 billion worth of employee productivity each year due to information overload. [iii] my experience with imple-menting ig programs has taught me that, after a period of initial resistance, most knowledge workers appreciate the clarity that ig policies and technology provide. rather than struggling to invent their own “filing system” and worrying about the trouble that they may face if they get it wrong, the majority of employees quickly understand the value of ig and make it part of their daily routine.

The deluge of poorly managed, redun-dant, irrelevant, and unclassified infor-mation that most knowledge workers face today is huge and growing. ig can improve productivity and reduce the impact of information overload by helping organisations:

Classify information better so it can more easily be found.

get rid of unnecessary information so employees don't have to weed through it.

Better target and personalise informa-tion for individuals and communities.

Provide better access to information while still meeting confidentiality and information protection requirements.

Assign resources and technology to infor-mation commensurate with its value.

reason 5: It ain’t getting any easier“By far the biggest mistake people make when trying to change organisations is to plunge ahead without establishing a high enough sense of urgency in fellow managers and employees. This error is fatal because transformations always fail to achieve their objectives when complacency levels are high.”

- John P. Kotter, “leading Change,” har-vard Business School Press, 1996.

ig makes sense because it is a proven way for organisations to respond to new laws and technologies that create new require-ments and challenges. The problem of ig will not get easier over time, so organisa-tions should get started now.

every day the pile of unmanaged infor-mation in your organisation grows. every day the habits of your knowledge workers get more ingrained. every day new tech-nologies enter your enterprise and create new sources of unmanaged risk. every day technology gets more complex. every day courts and regulators grow more sophis-ticated and demanding when it comes to information management.

Time will not make the information man-agement problem any easier.

more regulation of informa-tion management is expected.

Beginning as early as the 1970s (with privacy law directed at the federal government) and intensifying in the early years of the new millennium (with Sarbanes-oxley and the revised federal rules of Civil Proce-dure), governments, regulators, and standards bodies have

demonstrated an increasing appetite for the regulation of iT and information. increas-ing federal and state regulation has driven demand for ig products and services.

The current administration, as well as regulators in nations across the globe, have demonstrated an increasing appetite for regulation; an appetite that seems only to be increasing in the wake of the recent global economic crisis that is widely seen as having a root cause in inadequate gov-ernment oversight and regulation. This is likely to drive legal and regulatory chang-es that will create new ig requirements for organisations.

And information is getting more complex.The growing business use of Web 2.0

technologies such as blogs, wikis, and social networking tools, along with other developments such as cloud-based applica-tions, are making information manage-ment more challenging. The emergence of such technologies is a challenge to trational command and control methodolo-gies and thinking.

The reality today is that each knowledge worker is his or her own records manager. responsibility for the creation and man-

agement of information is highly distributed and a new generation of internet-based tools and applications only encourage this trend.

in addition, technologies like google Wave create new difficulties. Products that blend together formerly discrete com-munication, collaboration and content creation tools challenge the long-standing focus on “the

ig makes sense because it is a proven way for organisations to respond to new laws and technologies that create new requirements and challenges.

98%of information

today is

electronic

and under the

stewardship of it



i n f o r m at i o n g ove rn a n ce B E S t o f Br E E D

document” and usher in a world where we no longer manage discrete piece of informa-tion. The “wave” of information created by these tools is an ever-changing hydra that pulls information from a variety of sources and blends them together into an environ-ment that cannot be “retained” or managed using traditional approaches.

As technology and the new forms of infor-mation created by that technology grows more complex, ig provides the foundation from which we can build processes and techniques to properly manage that infor-mation.

ig isn’t getting any easier so the time to act is now.

reason 6: IG is the future of organisational culture“While detailed knowledge of a single area once guaranteed success, today the top rewards go to those who can operate with equal aplomb in starkly different realms.”

- Daniel Pink, “A Whole new mind”ig makes sense because it reflects the

future of organisational culture – diverse groups working together to solve complex problems. ig can help to foster this culture and lead organisational change.

in the bestselling book, A Whole new mind, Daniel h. Pink argues that the future belongs to those who can see across bound-aries to envision the “connections between diverse, and seemingly separate, disci-plines.” he posits that this ability is becom-ing essential to the success of individuals and organisations.

This theory is directly applicable to ig. ig, with its legal, technology, records management, and business elements, is by nature multi-disciplinary. Success in ig is synonymous with the ability to peer beyond the confines of one discipline to understand how each discipline connects with the others to solve the problem.

in managing the Crowd: rethinking records management for the Web 2.0 World, Steve Bailey suggests that “[r]ecords management has ... long been defined by the narrowness of its focus” But, records management shouldn’t be singled out. Just as records management has clung to the idea that it should only worry about one narrow class of information (i.e., records -- often in paper form), iT has largely refused

to take management responsibility for the information flowing through its systems. Business leaders and attorneys have their own form of blinders that are a barrier to the connected thinking and problem solving that ig requires.

As a consultant, i have many times sat in windowless rooms drinking terrible cof-fee and mediating between these groups. Although this is rewarding work, the pat-tern is always the same: nobody under-stands that they are all trying to solve the same problem. each group is more than willing to share their discipline’s view of the problem (often using their “outside voices”), but nobody believes that they “own” the ig problem as a whole.

And, in most cases they are right.Corporate governance structures mostly

have not evolved to address the complex issues of ig. The result? When the com-mittees and task forces and working groups have all come and gone, nobody is on the line -- in their career and their paycheck -- for the success of the ig effort.

The flipside of this is equally true. When everyone owns a task, nobody in particular owns the task. Thus, nobody can be held accountable. Corporate structures aren’t very good at holding groups responsible, at least at the task level.

in mediating such sessions, i am most

successful when each group learns -- often through a traumatic experience -- to empathise with the others (incidentally, another “right brain” quality that Pink points out as essential). Any guesses as to what the catalyst for this empathy is the majority of the time? yep, lawsuits and investigations. major business events that require legal, iT, records management, and business to work together -- often under enormous pressure -- to solve a common problem.

—Barclay T. Blair is a consultant to Fortune 500

companies, software and hardware vendors, and

government institutions, author, speaker, and

internationally recognised authority on a broad

range information governance issues. He is the

founder and principal of ViaLumina Group, Ltd.

His blog,Essays in Information Governance , is

highly regarded in the information governance

community. Barclay is the award-winning author

of several books, including Information Nation,

and is currently writing Information Governance for

Dummies. Barclay is a faculty member of CGOC

(www.cgoc.com).

—This article appears courtsey www.cioupdate.

com. To see more artciles regarding IT manage-

ment best practices, please visit CIO Update.com.

“corporate governance structures mostly have not evolved to address the complex

issues of ig.”

Illu

st

ra

tIo

n B

Y P

Ho

to

s.C

oM



B E S t o f Br E E D clo u d

Amazon, the Media, and the future of Cloudthe future of cloud remains no fundamentally different post-amazon-outage than it did before. By Dennis Drogseth

At the end of last year and into this year i did a five-part series on strategies for adopting and assimilat-ing cloud. my overall message was, and remains, that good service management disciplines and technologies still apply -- though the need for some

unique planning and more dynamic approaches to traditional ser-vice management technologies are well advised.

Since cloud is a hodgepodge of technologies and internal and external services, trying to build a cohesive strategy, to optimise cloud can lead to a lot of circular motion. But one way to avoid this is noT to put cloud first as that mysterious (and actually fic-titious) "endgame;" as in the “journey to the cloud,” but to focus on key business objectives for iT and then see how and where cloud fits best. As i’ve said more than once, the “journey to the cloud” from a purely logical perspective makes no more sense than the “journey to VlAns.”

But “cloud” has many parents beyond technology itself and these include aggressive marketing campaigns by the likes of Amazon eC2 and other service providers and vendors selling infrastructure and related products and services. it should be pointed out that many of those service providers are simply repackaging hosted ser-vices provided under other names, but who have adopted “cloud” for obvious marketing reasons. After all, if a service is delivered over a network, and can be flexibly provisioned (which can mean many things) and extended to “on-demand” needs (which can mean many things) and accounted for based on usage (which can also mean many things) you get to call it “cloud” (and be fairly faithful to the national institute for Standards and Technology (niST) definition).

CulpabilityBut even more than marketing, the media has itself largely been the “creator” of “cloud.” Cloud’s prevalence in our minds would be nowhere near what it is without inflated media attention (a.k.a, “hype”), which, yes, i realise that i’m contributing to right here. you can view it as an expression of age and its accompanying moral fatigue that i feel absolutely no shame in doing this.

however, as everyone knows or should know by now, the media thrives on creating trends and then destroying them, much in the way that demented children in horror flicks like to tear up their dolls and other intimates. media does this, ostensibly, because it

Illu

st

ra

tIo

n B

Y s

HIg

Il n



clo u d B E S t o f Br E E D

sells, which logically means that we, the reading public, are the true demented children here.

And so “cloud” (internal/external, SaaS, PaaS, iaaS, etc.) is finally getting to the point where the media should be hungry for pins, if not actual machetes, to stick in “Cloud Barbie" and, if not render her headless, at least remove a finger or two. given that, the media i’ve read to date regarding recent Amazon's eC2 outage seems pretty responsible. But not so much that the over-arching specter of a demise in cloud preeminence isn’t looming, or at least present enough to sustain the impression of drama.

first of all, for a few of the more salient "facts" up to the date of writing this column as of April 26th: on Thursday, the 21st of April, at 5:16 a.m., Amazon's Service health dashboard reported connectivity problems impacting its relational Database Service affecting a broad area especially along the u.S. east Coast. This disabled some fairly popular websites such as foursquare, hootSuite, Quora and reddit, all of which are back up at the time of writing this column. At 10:35 a.m. on Sunday, April 24, Amazon reported that "We're in the process of contacting a limited number of customers who have eBS" (elastic Block Storage) "volumes that have not yet recovered and will continue to work hard on restoring these remaining volumes." on monday, April 25, Amazon reported that engineers were still working on issues surrounding its eBS. Amazon is planning to provide a detailed "post-mortem" of the root cause surrounding its outage and that its workers are "dig-ging deeply" into the event.These specifics, obtained through fairly consistent technical media

coverage at least, are in large part characteristic of the coverage itself. however tones have ranged beyond this to headlines signal-ing that Amazon got a “black eye” from the outage (reasonable enough) to “Amazon’s cloud nightmare” to “who gets the blame?” mass media, or at least the new york Times , have been reasonably responsible; as Steve lohr's headline read, Amazon’s Trouble raises Cloud Computing Doubts. it should be noted that in most cases, real opinions came from analysts like myself (though not from me personally – until now, of course).

The articles i looked at also contained some good advice, such as: Any system that concentrates too much critical data in one place becomes vulnerable. if using cloud, design around it, just as you would back up any external critical service such as failover to internal resources leverage a variety of cloud service options from different providers both to assess relative quality and cost, and to minimise impact of outages and degraded performance (my words summarising several sources).emA and other research also indicates that skepti-

cism towards cloud wasn’t just waiting for Amazon’s conspicuous outage to happen. it was there before hand; due to both native iT skepticism and lessons learned from early cloud adoptions.

for instance, 70 percent of cloud deployments have required “redoing” or “rethinking” (emA data) and Compuware data indi-cates that north American companies estimate organisational/business losses of about $1 million a year from degraded perfor-mance from cloud-based applications. The estimate is somewhat lower in europe at $775,000. Dialogs with deployments have underscored a number of obvious risks, including security risks, e.g. “Who knows what google thinks is a violation of privacy?” when it comes to managing data.

it should be stressed that “performance” issues are far more per-vasive and harder to gauge than absolute outages. Amazon’s misfor-tune has, as is typical, been dramatised in the media by the obvious. But the future of cloud remains no fundamentally different post-Amazon-outage than it did before. it is neither salvation nor end-game but an array of new technologies and services that, ironically, as they mature and become more effectively assimilated, will lose

in media visibility as the media moves on to something newer and more controversial.

—Dennis Drogseth is VP of Boulder, Colo.-based Enterprise

Management Associates, an industry research firm focused on

IT management. Dennis can be reached atddrogseth@enter-

prisemanagement.com.

—This article appears courtsey www.cioupdate.com. To see

more articles regarding IT management best practices, please

visit CIO Update.com.

39%of smbs to pay

for cloud

services within

next three years

Cloud has many parents beyond technology itself and these include aggressive marketing campaigns by the likes of Amazon, eC2 and other service providers and vendors selling infrastructure and related products and services.




Cloud strategy: What A CIo Needs to KnowCIOs who build the right ecosystem will successfully ride this transformative technology. By roger camrass anD suhel BiDan

Perhaps more than any other executive in the C-suite, as Cio you understand transfor-mative technology – from the birth of the microprocessor in

1974 (and the associated birth of the digital world) to the current e-commerce revolu-tion. iT has always been in the forefront of significant change, and cloud is no excep-tion. it bears many of the hallmarks of a new iT mega-trend – lots of hype, plenty of misunderstanding and a time span of 10 years before its full effects are felt.

unlike previous mega-trends, cloud looks like it will be more than just another stra-

tegic advance -- it could well be as pro-foundly game changing as the printing press was to Western Civilisation. Cloud is the key that will unlock corporate change at a level that greatly exceeds all earlier strategies, including outsourcing (1980s), off-shoring (1990s) and web-based market channels (2000s). Cloud presents a unique opportunity to virtu-alise almost every aspect of corporate activity – starting with iT. That presents you with the rare opportunity to reinvent your role as Cio and have a dramatic impact on your organisation’s value-creating abilities.

using cloud, you now have the potential to expand your responsibilities into broad shared services and, ultimately, into archi-tecting the entire business structure. To make that happen, you must be proactive in adopting cloud, although timing remains the biggest challenge. To navigate these uncertainties, you will need to adopt a sense-and-respond approach by establishing an incubator model within your iT organisa-tion that senses demand and links to emerg-ing capabilities on the supply side.

A number of forces are now converging to accelerate the adoption of external services based in the cloud. for example, there’s the web and the growing adoption of open stan-dards and utility platforms for more practi-cal sharing of resources and facilities.

Against this backdrop, as Cio you can take one of two approaches in re-inventing your iT environment. you can manage the whole of shared services (including iT, finance, procurement and hr). or, you can focus on transforming the business as a whole as a 'business architect' or 'chief optimisation officer' -- helping the Ceo fashion streamlined organisations that exploit the tools of digital business and consider their impact on strategy, structure and process. it’s a huge opportunity for the Cio who can grasp it.

Cios are at the heart of the business because you are the gateway for innovation. initially, cloud will primarily affect your iT organisation; but cloud’s impact will race P

Ho

to

BY

PH

ot

os

.Co

M



clo u d B E S t o f Br E E D

from infrastructure to software, then enve-lope an organisation’s business process and its key value-creating elements.

Agility and flexibility are two of the key values of Wipro Consulting’s vision for the 21st Century Virtual Corporation. The adoption of these attributes assumes the externalisation of all non-core related activ-ities to utility operators. Cloud provides the perfect platform for such development. using private/public cloud-based models to provide the majority of business process-es, we can imagine a virtual corporation that does little more than develop brand, define product and orchestrate external alliances. Sound familiar? That’s exactly what Coca-Cola, Dell and Cisco have been doing for years.

Cloud providers fall into roughly four groupings:1.Consumer-based utilities such as google and Amazon, who, with surplus compute power, are looking for new sources of share-holder value;2.Traditional iT vendors such as iBm, hP, microsoft and AT&T;3.Service integrators, who are going to orchestrate this new environment; and4.niche players, who see many new opportunities in areas such as security and service brokerage.

in our experience, few companies dem-onstrate a comprehensive cloud response to internal iT needs even at basic compute, storage and desktop levels. Cios are con-cerned about security, technical integration, acceptable service levels and data protec-tion regulation. With the exception of a few well-published success stories, most Cios merely see cloud as a means of converting CAPeX (associated with fixed iT assets) into oPeX (pay as you go). Current cloud expen-diture remains minimal.

We recently surveyed Cios about their iT expenses on cloud-related services. only 20 percent reported that they allocated more than 10 percent of their budget to cloud. Almost half have designated less than 2 per-cent.* What will change your mind about adopting cloud? ramped-up deployment of business initiatives topped the list of drivers in our informal survey. Cios we sur-veyed are also intrigued by the conversion of iT capital expenditures to operational

expenses. They embrace infinite scalability for storage and computing as well as iT agil-ity. Collaboration ability is seen as an asset, as are the large-scale benefits achieved by combining cloud with mobility. most Cios expect cloud penetration to rise to 40 to 50 percent within the next five years.**

The challenge confronting iT suppliers and corporate iT customers alike is how to make a smooth transition into the new ‘virtu-al’ environment and prove tangible benefits.

We recommend an adaptive approach based on a sense-and-respond philosophy that originated with Stephen Parry in his book Sense and respond. it includes the creation of business analyst teams who stimulate and capture demand as it arises. We define this approach as a ‘cloud incuba-tor’ that can sense and respond to interest both at the demand (business customer) and supply (cloud vendor) extremes.

We also see a proactive but carefully measured cloud strategy that includes: virtualising servers and data centers in antici-

pation of computing and storage “on demand” through new vendor arrangements; and testing public cloud services in non-core

iT areas, such as general office and sup-port processes.

This cloud strategy requires a tactical approach in which you apply three distinct layers that test and refine a broad range of new cloud tactics in a rapidly developing environment and establish a stable future operating pattern. These layers are:1.Business engagement — providing skills, methods and tools to enable busi-ness customers to assess, quantify and pri-oritise cloud-based service opportunities.2.Solutions Architecting — offering multi-disciplinary teams who can trans-pose business requirements into cloud services by testing and validating new operating models.3.industrialisation — scaling up the new Cloud-based operating models into full-fledged service platforms.

Smart Cios will meet this historic chal-lenge head on, building now. Those who will succeed are those who effectively apply the sense-and-respond approach and construct the right ecosystem for their cloud transformation.

—* Between October and December last

year (2010) we surveyed more than 50 CIOs

and IT Directors, almost 90% of them from

global organisations about their IT expenses

on cloud-related services. Only 20 percent

reported that they allocated more than 10

percent of their budget to cloud. Almost half

have designated less than 2 percent.

** In our 2010 survey of IT executives, most

CIOs said they expect cloud penetration to

rise to 40 to 50 percent within the next five

years. The challenge confronting IT suppliers

and corporate IT customers alike is how to

make a smooth transition into the new ‘virtual’

environment and prove tangible benefits.

—About the Authors

Roger Camrass is Senior Practice Partner for

Business Transformation at Wipro Consulting

Services, Europe, and the author of "Atomic:

Reforming the Business Landscape Into the

New Structures of Tomorrow." Suhel Bidan, is

Senior Manager, Wipro Consulting's Business

Transformation Practice, Europe.

—This opinion was first published in CIO

Insight. For more such stories please visit

www.cioinsight.com.

The challenge confronting IT suppliers and corporate IT customers

alike is how to make a smooth transition into the new virtual

environment and prove tangible

benefits.




Cloud’s transformation: the softer sideCloud will see significant transformations of people, roles, and skill-sets. By Ken oestreich

After having spoken to numerous customers and ven-dors, it's clear to me that cloud computing's opera-tional transformation necessarily triggers structural changes in the iT organization - as well as in the rest of the enterprise.

overheard at a conference late last year, an analyst i was briefing illustrated it this way:A Converged infrastructure requires a con-verged organization to operate it. i'm convinced we'll see significant internal transformation in the future - not of technology, but of people, roles, skill-sets, and organizations. As evidence, just take a look at the organizational transformation emC's iT department has gone through in the past 3 years (hT to Chuck's Blog) Consider this:

The Role of the CIO: Today the Cio is orchestrator of technolo-gies, if not a technologist him/herself. governance of the technolo-gies/vendors is perhaps secondary because "keeping the lights on" is such a dominating task. in the future, the role will shift from technologist to where the Cio (and iT overall) will become a service portfolio and governance manager... regardless of whether the ser-vices are generated internally or externally. implication: Cio's will need new skills, policies, processes.

IT Organizations: referring again to Chuck's blog (and excellent illustrations therein) the iT organization will shift from siloed / dis-tinct organizations to a set of unified service organizations leverag-ing a common services infrastructure. implication: change manage-ment, goal changes, departmental funding changes.

Individual Skill-sets: Today's iT skills (esp. in larger organizations) are specialized around applications, servers, networking, backup, etc. each which aligns with the organizational structures, above. however, in the future many of these functions will either become more automated and/or combine with (be embedded within) other service management functions. implication: new skills training, cer-tifications, processes.

Supporting Services: As iT transforms, so will adjacent organiza-tions and services - like finance, lines-of-business, legal/compliance, vendor/partner management. how iT is measured and accounted-for, related-to as a business partner, and how it dovetails with exter-nal partners/providers will necessarily shift. implication: need for change management and new organizational design.

looking forward, if these transformations occur even at a modest level, i would expect too see other broader-scale industry-wide changes in these and related areas.

1.Cio roles will shift to governance & vendor management (perhaps even modeling supply-chain management)

2.organizational & change-management resources (firms facilitating change specific to iT transformation) will be in higher demand

3.iT skills development will re-invent itself; new training and certifica-tions (e.g. cloud architect) will become the norm. fewer special-purpose technologists will be needed, in favor of a new breed of "converged" technologists

4.entirely new categories for job recruitment will emerge to find and place this new talent

5.iT financial management skills development, training etc. will be in further demand as iT shifts from being a high-dollar capital expense to becoming an on-demand business resource/enabler.

in the future i'll continue to reflect and blog about what i'm hearing in the market. But we should all be keenly aware of the non-technical impacts of the iT technology shift. And, if you know of examples today, do share

—Ken Oestreich is a marketing and product management veteran in the enterprise

IT and data centre space with a career spanning start-ups to established vendors.

PH

ot

o B

Y P

Ho

to

s.C

oM

COVE R S TORY l e a d e rs h i p

Call it business compulsion. Servers and switches are on the backburner.

Indian CIOs are now talking about RoI and TCO. But is it all that they need

to break into the C-suite?

26 07 may 2011 CTO fORum The Chief


l e a d e rs h i p COVE R S TORY

27 07 may 2011 CTO fORumThe Chief


he CIO’s role is defunct! Well, in the current scheme of things, and its future outlook, it certainly seems so. over the last decade

and a half, Cios have managed to make a huge transition. from having a back-office position and managing the server room, they have come to the fore and are today adding value to the business.But, as they say, change is the only

constant. Technology is increasingly becoming standardised, and new models such as cloud computing and SaaS are emerging. With technology taking care of itself, the Cio in the next couple of years would be as good as dead.The time is again here when the Cio will

have to make another quantum leap. for the Cio who has weathered the last 15 years to reach the level where he is today, it will take that extra effort to break into that elusive group – the C-suite. What does the future hold for a Cio?

Can he leverage his cross division knowledge to break into the C-suite? is there life beyond the boardroom? more Power to the Cio!IM

AG

ING

BY

pc

AN

oo

p

INSIde24 | Changing Times

26 | The Whipping Boy

36 | Contemporary CIO Roles and Challenges

35 | What Lies Ahead

36 | What Type of Leader Are You?

T




Change is the only constant. True to this saying, india has undergone a drastic change over the past decade and a half, moving from an agri-

based economy to a knowledge economy. The shift in economy has seen an evolution in the way business is done. from almost a free-run to cut-throat competition, and from witnessing steady CAgr to the financial downturn, the scenario has changed a lot for corporates. Today, their mandate is to do more with less. This transition has had serious implications for the role of a Cio.We connected top Cios in new Delhi and Bangalore over Polycom's hi-definition video conferencing solution to discuss their journey over the years.

The CIO ThenAbout 15 years back, there were few com-panies that offered the designation of a Cio. even if there was the designation, the person did not play the role of a Cio in the

true sense. The main responsibility of the person in-charge of iT was to take care of the server room.

As Vijay Sethi, Cio, hero honda avers, “There may have been designations of Cios in the past but in effect, they were only miS and eDP managers. nobody was seen as having the influence or capability enough for the Cio role.”

iT deployments of today’s size and nature were unheard of in organisations in those days.

“Those were the times when an organisa-tion felt the job was done when erP was implemented. Today, erP is plumbing,” says a Cio, on conditions of anonymity.

While in today’s erP, processes for more than 30 industries are embedded, there was not a single business process on iT a decade back. This was also the rea-son why the iT head in a company could afford to know everything on technology and nothing on business.

"for the past 10-15 years, the Cio was

The last 15 years have seen

a perceptible change in the role of a CIO.

He has evolved from an EDP

manager to one who adds value to the business.

ChangingTimes

“Today IT is the need of a company and so are IT chiefs. For an organisation, a CIO is important for decision support.”—Rajeev Batra, CTO, MTS India




price, people and quality. The scenario is no longer the same today.”

So how different is the role of today’s Cio? What additional responsibilies is he shouldering, and what have been the drivers for this change in his role?

The CIO NowA noticeable change that has happened over the years has been the recognition of the the Cio role itself.

According to ratnakar nemani, Cio, himatsingka Seide, "i got this opportunity becasue my company has realised the need to have a Cio. Before my becoming the Cio, the company never had even an iT head let alone a Cio.”

nemani was the company’s Cfo before the job demanded him to become the Cio. Today, nemani is the Cio of the company with four group companies under him, and finds that “Cio is an exciting role to play.”

in line with this, an increasing number of Cios are becoming business savvy. They are giving up their refuge in technol-ogy, and are communicating with peers in business language.

however, Batra thinks otherwise. Accord-ing to him, a Cio can’t be too much away from technology.

“While he can pass the nitty-gritty on to the team below, a Cio even today needs to be in touch with technology. he has to know the architecture of the technology, the investment going into it, and then align it with business,” he says.

Today, a Cio has to act as an innovator. With competition increasing, companies have to stay ahead of the competition all the time. A Cio, therefore, has to create value for the business. he has to come up with innnovative solutions in quick succession as the competition will be copying them in six months time.

“The Cio and his team have to look at

provide support in any medium,” he says.The profile of a Cio has changed dramati-

cally over the years, and continues to do so. According to experts, the Cio’s role is important during the implementation of a project. After that, 90 percent of his time is spent towards maintenance.

going forward, with new technologies emerging, a Cio would have to look at better utilising his time and resources.

As an industry expert avers, “A large part of a Cio’s time today is spent in ‘as is’ (maintenance) activity."

"Two-three years from now cloud comput-ing would catch up. The Cio would then have to become more of a technology pro-vider. moving from the current role of main-taining the iT infrastructure, the Cio would have to look at how he is spending his time. he would have to look at alternative models of provisioning, governance and security, the expert adds.”

“In the early 2000s, majority of a CIO's time was spent discussing pricing, people and quality. Today it's all about innovation.”—Subramanya C, CTO, Hinduja

ensconsed in the security of technology. he did not speak the business language,” says the Cio.

it is not just the traditional sectors such as manufacturing that have seen the Cio’s role transforming. even new and emerg-ing sectors have witnessed the Cio’s role changing in the relatively short time span.

As Subramanya C, Senior VP and CTo, hinduja global Solutions, says, “even though the Cio always had a front-end role in a BPo company, there has been a marked change in the way he functions. in the early 2000s, a Cio had to sit in front of the cli-ent and 95-98 percent of the time talk about

“Today, iT is the need of a company and so are iT chiefs. for an organisation, a Cio is important for decision support,” echoes rajeev Batra, Cio, mTS india.

With the demands from iT changing exponentially, the role of the Cio (and the iT team) have undergone a significant change.

“As companies are short on resources, they can’t have so many people just doing iT. The Cio should, therefore, lead his team in ading value to the business. There should be a conscious shift away from the erP and Crm deployments towards looking at getting more business for the company,” believes Sandeep Parikh, Cio, microsoft.

getting more business. They have to today look at the business capability map,” says Parikh. for some verticals, however, the Cio has always been a crucial and impo-ratant role. The iTeS is one such vertical.

As Subramanya, says, “A Cio in a BPo has to be constantly focused on the busi-ness, keep adding value and bring out inno-vative solutions. As services sector does not bring out any tangible product, technology has to add value to the services.”

“As compared to a decade back, today, i talk about giving the clinet innovative solutions – chat services, feedback on social media etc. in other words, we convince him that we will




The Cio is the quintessential whipping boy in any corpoar-ate. he has to shoulder the blame if anything goes wrong in the organisation. Although

his role has transformed from being a cost centre to a profit center, the Cio still has not been able to become a part of the C-suite in an organisation.

A Cio is also a functional head just like other functional heads such as Cmo, Coo and the Cfo. unlike for a Cio, however, the career path of other functional heads mostly leads them to the boardroom or to the seat of the Ceo. Why then is it so tough for a Cio to get into the shoes of a Ceo or get inside the boardroom?

“The Cio is still not the center of execu-tive within the company. The Cio has to build credibility and show the value that he is adding. This credibility journey for a Cio is still on,” answers rajesh uppal, Cio, maruti Suzuki india.

it has been tough for a Cio to move up the ladder and enter the core also because he does not have a direct role in an organisation as compared to the sales or pre-sales team.

As Subramanya C, from hinduja says, “it depends on the organisation’s dynamics. in most organisations, a Cio does not have an exposure to the customer in contrast to the pre-sales and the sales team, which are accorded more importance. That the Cio has been a laggard when it comes to getting into the core of a company is also a factor of the size of the company.”

“however, a Cio should not just look at the position of a Ceo. A more sales savvy Cio can get into the role of a Coo or the head of the Sales vertical,” he says.

Sanjay Jain, group Cio, WnS global Ser-vices, says, “The challenge arises from the lack of P&l (profit and loss) management expertise. it is necessary that a Cio exposes himself to major business functions like sales, operations, marketing, consulting etc. This rounded exposure to business will go a long way for a Cio.”

There are certain verticals that offer bet-ter and faster growth opportunities for the role of a Cio. Therefore, an eDP manager, looking for a fasttrack move into the core, should look at such verticals.

“An eDP manager in any manufactur-ing company will take a lot more time to become a Coo as compared to an eDP manager in an iTeS company. in the latter, iT is the core for delivery, which puts the spotlight on the Cio,” says Subramanya.

meanwhile, former Cio, S r Balasub-ramanian, who has worked in several top corporates avers, “A Cio should feel proud of being the technology head and simply do away with the complex he has. he can’t be a Ceo unless he proves to be a good Cio.”

“he must ensure to give precedence to business, and make technology subservi-ent to business. he would then be the executive most sought after and would be an appropriate choice to lead the busi-ness,” he adds.

The CIO is the quintessential whipping boy

in a corporate. What prevents

him from moving into

the core of a company?

The

BoyWhipping

“The CIO has to build credibility and show the value he is adding. This credibility journey for a CIO is still on.”—Rajesh Uppal , CIO, Maruti




According to a recent WSJ article entitled "The View from the Cio's office" the role of today's Cio has not just changed but rather

their roles have gone through an expan-sion of responsibilities.

Below are some of the more important key points from the interviews:

1. it's the need to be business people with a background in technology rather than the other way around.

2. The ability to properly leverage the cloud.

3. Cios must provide business automation and continually increase and automate more and automate things deeper into the business.

4. iT is embedded in the business. The challenge is that there is now a convergence of consumer technology in the enterprise. it is creating completely different dynamics.

5. Cios have to provide solutions and information and enable the business across lots of different platforms that are chang-ing at a very rapid pace. you've got security implications because of this. user expecta-tions are higher than they were previously.

6. As a Cio we have adopted a practice of self-service, enabling folks to get at the information, get at the tools they need to use and do it themselves. People can write their own reports. They can pull their information down on whatever device they want. if they want to have an iPad, and pull information down, we've enabled that. We just need to make sure we can wipe the data clean in case of an emergency.

7. We have a strategy we describe as application-centric, device-agnostic. We believe devices will continue to evolve, and the competitive advantage will not be there. The competitive advantage will be in the application, which is what will differentiate us from our competitors. The applications will transcend the devices they run on.

8. one thing we're struggling with is a really good way to manage and search all the information. We're growing so much infor-

mation, and the majority of it is unstruc-tured. The ability to find all that information for the average employee is getting more and more difficult. We're investing in enter-prise search capability.

9. Cios must provide the ability to operate in real time, rather than analysing what hap-pened yesterday, last week, last month, last quarter—trying to see what is happening now as we speak, and the ability to intervene immediately if we need to make an adjust-ment. The ability to control, to track, to monitor what is happening in-store, wheth-er displays [or] promotions in store, and the ability to then adjust on the fly.

10.Cios must provide for the ability for people to video-connect anytime, anywhere, any place, because our companies are a truly global operation.

11.Cios must provide the ability to predict, do modeling and "what if" analysis. We're creating some automation to [analyse] what is happening, why it is happening, so that we can focus all of our energies on how to improve what we have to improve. Cross-posted from CIO Zone

This article is printed with prior permission from

www.infosecisland.com. For more features and

opinions on information security and risk man-

agement, please refer to Infosec Island.

Three CIOs were interviewed about the challenges they face in their roles as corporate CIOs.By Jim Finnan

ContemporaryCIO Roles& Challenges




All your life, you’ve been work-ing hard to reach to the top in your domain. And today, when you’ve achieved the position of a Cio in your

organisation, what lies ahead? for some, this may be their ultimate goal and they would like to retire from their work life as a Cio. After all these years of hard work, you certainly deserve a time out.

however, not all are satisfied with the top most position as an iT leader in their organisation. So, what can they possibly achieve in their career. options are aplenty but in order to pursue the options, Cios need to move out of their comfort zones. “The choice is whether the Cio consid-ers himself or herself a technologist who ensures iT works at all times or a business leader who has a good understanding of technology and one who had to work with other business leaders in the organisation on how iT can be used to help business achieve its objectives,” opines Vijay Sethi, Vice President iS and Cio, hero honda motors ltd.

Ask any Cio about their aspirations and a majority would respond that they aspire to become the Ceo of a company. There is a logical reasoning behind this aspiration.

“The choice is whether the CIO considers himself

a technologist who ensures IT works at all times or a

business leader who is a perfect fit for business.”

—Vijay Sethi, CIO, Hero Honda

There are several options for a

CIO as he looks to elevate his

career. It is up to him what he

wants to do and how much risk

appetite he has.By Varun Aggarwal

Lies AheadWhat




Cio is perhaps the only person in an organisation who knows the strengths and weaknesses of every department of the organisation, right from finance to market-ing to hr to operations. for years, the Cio has been working closely with each of these departments, trying to understand and alleviate their pain points, while at same time build innovative solutions to help each department grow in different ways. There-fore a Cio is well positioned to take up the role of a Ceo in any organisation as he would better insights into the organisation and would know what would or would not work in the organisation’s favour.

CeO of an IT companyThe role of the iT department has already evolved from just a support function to a strategic function. instead of trying to sup-port individual applications for each depart-ment, Cios have started delivering iT services to each department based on their needs. The internal customers for a Cio has already been acting like an external cus-tomer. Centralising and consolidating the organisation’s iT infrastructure has played a big role in driving this change. Thus, making the Cio work like a Ceo of an iT arm of the organisation.

many organisations including the national Stock exchange have demerged their iT department into an independent iT organisation (nSe.iT) wherein the Cio takes up the role of a Ceo of the new firm. While, the newly-turned Ceo would continue to work like a Cio, he needs to look at driving value out of iT. he can possibly be handling not just internal but p

ho

to

s B

Y s

uB

ho

jIt

pA

ul

& j

Ite

N G

AN

dh

I

“I now want to become an entrepreneur and do something beyond IT. IT is no more a challenge for me.”—Asmita Junnarkar, CIO, Voltas

also certain external customers. Therefore, from loosely built plans that were focused around supporting the organisation’s iT needs, the Cio now would require to bill the organisation for each and every services offered. Therefore, a strong business prop-osition should be built around each and every solution and service. The new Ceo would have to move above technologies like cloud or SaaS etc and build compelling business solutions for its clients (who were previously the internal employees).

Chief Innovation OfficerThough a very loosely used term, the Chief innovation officer needs to work exactly like the Ceo of the iT arm which we just talked about. however, in this case what is expected out of him would not be much. Therefore, going beyond the call of duty is something that the Cio needs to look at. An innovation officer has higher chances to sit in the boardroom than a Chief information officer. The former talks business and offers solutions to help drive business growth whereas the latter talks technology which helps in smooth operations of the company. Both skill sets are highly important and therefore, while ensuring that the lights are on, the Cio needs to see how he can enable new rev-enue streams for the organisation.

entrepreneurfor the real risk takers, the best career option is to become an entrepreneur. And, as you’d realise there is no dearth of options for starting a new venture. Starting an iT consultancy is as good as becoming a Ceo

of an iT company with some additional risk factors attached. All it takes to start an iT firm is to get the right people on board and some funding. The rest you already know what to do. you just need to pump in a super dose of adrenaline into the organisation and work a lot more on people management to get going with such a venture.

As long as a Cio has the passion and determination, he can convert any busi-ness idea into a profitable venture. in fact, there are many Cios who want to become an entrepreneur but want to make sure that its beyond iT. Take for example, Asmita Junnarkar, Cio, Voltas. Junnarkar feels as far as iT is concerned, she’s already achieved what was there to achieve. “i now want to become an entrepreneur and do something beyond iT. iT is no more a chal-lenge for me and i want to venture into something that is challenging as well as exciting,” she opined.

ConclusionWhile we’ve tried to cover most of the options that the Cio has as the next step in his career, this is by no means the only options. The career options for a Cio are beyond what the Cio can do, and is rather what he aspires to become. if he is ready to move out of his comfort zone and pas-sionate enough to follow his dreams, then only sky is the limit.




The role of the CXo, particu-larly the Cio is primarily one of leadership, but it’s the one thing we generally never get trained for. ironically, it has

become the “definition” of the Cio in recent time as the job becomes increasingly com-plex and specialised.

The “true” Cio is focused on leading his organisation but, more importantly, leading the entire organisation in the acceptance and management of change. moving the organisation to accept the stra-tegic nature of iT requires two ephemeral qualities not taught in most academic programs: Salesmanship and leadership. Certainly salesmanship can be taught, in fact, it’s a growth industry. look around and you’ll find every conceivable type of sales training program available.

most, of course, have little to do with the type of sales we’ll be doing, which is both consultative and based on influence with-out authority. We’re trying to convince the management and then the organisation as a whole as to the value of our vision for using technology to create a true competitive advantage for the organisation.

Then we need to convince them of the architecture and implementation details necessary to execute that vision. i always advise people to start with the old gem, how to Win friends and influence Peopleby Dale Carnegie. need more help? Take the Dale Carnegie course. of course, if you really want to hone your skills, ask to go out with the sales force (if you have one in your organisation) and try selling your com-pany's service or product.

When i was a Cio, i required all of my

The CIO’s role has become synonymous

with leadership. Let us look

at the various archetypes of a CIO as a leader.

By Daniel Gingras

Are You?What

Type of Leader




managers to spend at least three days on the road with the sales force. nothing changes your perspective more than having to try to sell what your company makes or does. it’s the hardest job in any organisa-tion, which is usually why it’s the most highly compensated.

leadership is another issue. By and large great leaders are a product of their early development. if you were a Boy Scout or participated in other leadership oriented organisations in your developing years, or if you were in the military, you were taught how to lead.

These experiences can’t be duplicated and their value is incalculable. That doesn’t mean if you didn’t participate in these experiences you’re lost. if you focus on leadership and make it a priority, you can develop yourself as a truly great leader. Want an example of truly great leadership, read enDurAnCe : Shackleton’s incred-ible Voyage by Alfred lansing.

Shackleton lead an expedition aboard the sailing vessel hmS endurance to the South Pole in 1912. unfortunately, the voyage went horribly wrong and the expedi-tion became stranded in one of the most inhospitable places on the planet. Sir ernest Shackleton led the expedition and although the ship was crushed by the ice, he took one of the smaller boat and sailed thousands of miles, climbed over an frozen mountain range to find help and then lead them back to save every one of his men.

Buy the book and read it. Would you take your role as leader so seriously that you would risk your life on what was considered a certain-death mission to save your team? it’s a great question.

Orchestra ModelThe Cio has a unique challenge as a leader. Although he or she might have once been pretty technical, as he’s moved more into management, his skills generally fall behind his staff. So he must lead and motivate a group of extremely talented individuals; keeping them focused on a single vision. i liken this to the role of a conductor. you should be hiring the best cello player avail-able in the marketplace.

They’ll be able to play much better than you ever could hope to, but you’ve got to keep them playing the right music, at the

right pace, and in cooperation with the rest of the orchestra. you need to insure all of the members practice and are great at what they do. you need to keep them motivated, and you need to insure that there are enough “ticket sales” to keep the whole organisation moving forward.

Leadership TypesThere are dozens of archetypes of leader-ship and hundreds (if not thousands) of books written about the types of leadership and what they mean so this may not be a comprehensive list. more just a starting point to think about how you lead.

The Tyrant - This is the most toxic type of leader. This leader believes “fear and intimi-dation” is the right motivational structure. i’ve worked for such leaders, which suck the lifeblood from you as you struggle to meet their expectations.

Sometimes they’re reasonable, but often you get a tyrant who has unreasonable expectations. if you’re working for such a leader, you know it. update your resume and get out of there. you will never thrive in this environment and it will atrophy your career and personal growth.

you need to remember that it's work not your life and if work makes your life miser-able then do something about it.

The ostrich - This type of leader locks himself in his or her office and doesn’t want to hear the details of any problems in the organisation. “Take care of it,” is usually the answer: no direction, no coaching, no participation.

This is not a leader, it’s someone hold-ing the job who doesn’t understand their responsibility to the organisation. every leader should recognise that they have a responsibility both to the organisation at large, but more specifically to the people under their leadership.

if you’re not focused on growing your organisation’s capabilities, satisfaction, and value to your company, you should be doing something else.

The Seagull - Typical of a leadership structure where the organisation is remotely located from the leadership, this leaders flies in, dumps on the staff, then flies away. They may have additional attributes of some of the other leaders, but the primary characteristics of some of the other caustic types.

The Politician - in general the “politician” has become a pejorative term, and rightfully so. Politicians are generally self-centered, looking to boost their positions on the backs of their followers. They’re more than happy to take credit for the work of others, com-pletely focused on self aggrandisement—generally at the expense of their followers or their organisation as a whole.

you can prosper somewhat with a politi-cian as a boss if you focus on making them look good, but recognise that you’ll never get credit outside of your organisation from the politician. Don’t worry though, word will get out and people will recognise your value. Don’t emulate the politician, rather try to develop a more inclusive lead-ership style.

The inspirational leader - This person is a joy to work for, he’s an evangelist who makes you want to come into work every day. he leads from the front, and you’d be willing to follow him into hell. he or she can have a number of sub attributes, but in general think of them as the tough old sergeant in the WWii movies who leads men in a charge against the enemy machine gun.

They might also be more like a “preacher” who gets you all fired up to do the right

The CIO has a unique

challenge as a leader. Although he might have

once been pretty technical, as he's moved

more into management,

his skills fall behind his staff .




thing but at the end of the day you feel great about working for this person. They’ll make sure you grow and that the technology adds real value to the organisation.

make sure things are getting done, how-ever, because there is a small subset of this type which is ineffective in execution. They’ll motivate everyone, but nothing will get done. luckily though, this mutation is generally rare.

The Coach - in the end, developing the people who follow you in your mis-sion has to be a primary duty of the great leader, and this involves no small part of coaching. Sometimes it means delivering the difficult message “your performance needs to improve,” but it’s always done in such a way that you feel better for receiv-ing the message.

you know the person truly cares about your development and growth, and that delivering constructive criticism is a part of growing. in fact, you should be wary of a leader who always praises. either their expectations are too low, and you’re not

being stretched and thus not growing, or they’re not really concerned about you and are just backslapping you at every occasion.

A really great leader knows he or she has to develop his followers and that that means challenging them and giving them opportu-nities to fail, but supporting them in their failures so that they learn.

So, what’s the best style? maybe no single style, but a combination of a number of styles. i try myself to be a combination of inspirational leader and coach. But, occa-sionally, i find that neither of these styles works with someone who has spent most of their time under a toxic boss like the tyrant.

i have to modify my style to fit the indi-vidual, to insure that i understand exactly what they want. This is the essence of true leadership: reconciling the needs of the individuals in the team with the organisa-tional mission.

make no mistake, it’s tough to do, but it’s the essence of the Cio's role. And if you’re a Cio, or aspiring to be one, then this is where you should concentrate your efforts.

how do you find out if you’re a great leader ? Ask. Survey your staff, your peers and your superiors. get them to give you 360-degree feedback and support this con-cept within your organisation. get details of where you need improvement not only from your boss but from your staff. make it a for-mal process, and more than once a year … once a quarter if possible. if you don’t ask, you’ll never grow as a leader.

—Daniel Gingras has been CIO of five major com-

panies and is a partner at Tatum, LLC. , a nation-

wide professional services organisation of senior-

level technology and financial executives who take

on leadership roles for client companies. He has

more than 30 years of IT experience and teaches

computer science at Boston University. He can be

reached at [email protected].

This article appears courtsey www.cioupdate.

com. To see more articles regarding IT manage-

ment best practices, please visit CIOUpdate.com.

NEXTHORIZONS Features InsIde



Hedging Future energy Costs CIOs have several opportunities to cut their carbon footprints. Pg 39

With increasing fre-quency, Cios are being asked to play a major role in meeting the challenges of sus-

tainability, reducing energy consumption and Co2 emissions and other ecological issues that have become the focus of corpo-rate and public attention. This is appropri-ate, because iT organisations are clearly part of the problem. But they are also uniquely equipped to be part of the solu-tion, not only in their own domain of data-centers, desktops and mobile deployments, but throughout the entire organisation. in this post i’ll touch on some of the less obvi-ous ways Cios can contribute to corporate sustainability, as well as those that reside in their own domain.

Green Opportunities Beyond the DatacentreCios who want to make a green contribu-tion beyond the management of iT assets

the less obvious ways CIOs can contribute to corporate sustainability. By Chris Boorman

Green IT: Beyond the Datacentre

PH

OT

Os

BY

PH

OT

Os

.CO

M



N E X t H or I Zo N s g re e n t e ch

can begin by reaching out to fellow execu-tives and determining where there are energy-related issues that technology can address. most Cios have relationships with major vendors with applications that can directly or indirectly help reduce energy consumption in multiple areas of operation, but their peers are often totally unaware that these solutions exist. The trick is connecting the problem with the solution. here are a few specific areas of operation that may be promising.

Facilities Management - many Cios have already cooperated with facilities manage-ment on the issue of data center energy consumption, but there are a host of other problems where information technology can increase the efficiency of the facilities management function and thereby reduce energy consumption. for example, pre-dictive analytics based on historical data (assuming the data is clean and accurate) can determine what system modifications and behaviours will have the maximum impact on energy efficiency, so organisa-tions can be assured that the dollars dedicat-ed to green initiatives are being well spent.

Logistics - The transportation of any item from point A to point B requires energy, and making transportation more efficient has a direct impact on energy consumption. in many companies, substantial improve-ments are possible through technology. There are a variety of enterprise applications to help companies develop more efficient transportation of goods across entire supply chains, improving everything from delivery routes to the time trucks spend idling their engines. now that gPS monitoring is ubiq-uitous, systems can also be developed to monitor events in real time and make more efficient use of vehicles.

Telecommuting - encouraging employees to work from home, whether full-time or part time, can have a substantial positive effect on a company’s environmen-tal impact – and bottom line. for example, as organisations encourage employees to work remotely there are significant benefits including reduced leasing costs, furniture, cubical rental costs, power, water and so on. The absence of vehicles on

the road every morning and evening makes a major contribution to energy savings and greenhouse gas reduction.

Paperless Transactions - Anytime the use of paper can be eliminated from a transac-tion, the environment and the company doing the elimination both win. The funda-mental question to ask is “Do we really need to mail our customer/vendor/channel part-ner this invoice/statement/notification?” in many cases, the answer is no. financial services companies have taken a leader-ship role in this area, working to eliminate paper wherever possible (and touting the environmental benefits of this strategy to their advantage). in many other companies, however, paper transactions continue to be the norm – usually due to habit, rather than any real business benefit.

The Ongoing Greening of ITAs i previously mentioned, these examples of areas where proactive Cios can look outside of their domain for opportunities to launch green initiatives. But no review of the green opportunities for Cios would be complete without at least touching on the opportunities within the iT organisa-

tion, even though many are well known to Cios.

According to the Depart-ment of energy, datacenters are responsible for three percent of total u.S. energy consump-tion, and that figure is expected to double by 2015 -– which amounts to $7.4 billion worth of energy. right now, the aver-age 125,000 square foot data center has an annual energy

bill of roughly $3 million. These economic measures translate into millions upon mil-lions of kilowatt hours of electricity, the production of which releases huge amounts of Co2, the primary "greenhouse gas." in other words, iT really is a substantial part of the problem. But the good news is CioS can be and are part of the solution.

Virtualisation - most iT organisations have vigorous virtualisation initiatives in full swing already.

Server Refresh - Although it sounds like a sales pitch, the math for replacing older servers with new, energy-efficient models is genuinely compelling. each generation has new features that support energy efficiency, and these extend down to the chip level.

Attention to Detail - There are numerous best practices that have a small impact in themselves, but deliver significant power savings in the aggregate. They range from the arcane (power distribution unit sizing) to the obvious (hot and cold aisles in data-centres) to the adventurous (using ambi-ent air to supplement data center cooling systems in the winter). These best practices are for the most part well known, and when staff are incented to save energy, as opposed to merely “keeping the lights on,” they will be implemented.

Desktop Management - many organisa-tions operate literally thousands of desk-top computers with little or no attention to energy management. Simply making sure that standard, built-in power-saving options are properly set can by itself result in significant energy savings. in addition, there are applications available that enable even greater control - and greater savings.

Data Management - This is the least

3%of energy

consumption

in u.s. by data

centers. to grow

to 6% by 2015.

Although it sounds like a sales pitch, the math for replacing older servers with new, energy-efficient models is genuinely compelling.



g re e n t e ch N E X t H or I Zo N s

Despite the brouhaha over climate change in cer-tain u.S. political circles, the science, proven to be real by armies of scientists in multiple coun-tries, is being taken seriously by several industry giants. google, for example,

announced just last week that it purchased 100mW of wind power via google energy. google isn't just investing in clean energy it is committing to buy that wind energy for a fixed price per kilowatt over the next 20 years, in part to power its massive data centers.

google's blog explains the move: "the long term purchase agreement of renewable energy at a predetermined price partially protects us against future increases in power prices."

Certainly hedging future energy costs is a savvy move considering that the cloud will bring extreme data center growth to many of the largest internet companies. But make no mistake, google is specifically aiming to reduce its environmental footprint despite the anticipated mega-growth in its near future.

of course, not all internet companies are as committed to going green.

CIOs have several actionable opportunities when it comes to reducing the carbon footprint. By Pam Baker's

Hedging Future Energy Costs

obvious strategy, but for some companies it could pay dividends. numerous solu-tions are available (including solutions from my company) that can significantly reduce the volume of data that needs to be stored, through techniques such as retirement, compression, de-duping and the like. less data means fewer storage devices, less electricity consumed, and fewer non-renewable resources lost.

The Cost Factorone of the most attractive aspects of projects that improve energy efficiency is that they often have an attractive roi. in contrast to many environmental initiatives related to pollution, reducing energy con-sumption almost always has a quantifiable financial benefit. This is important. Proj-ects that help improve the environment and the bottom line are rare. earth Day

should be seen as a reminder that looking for these opportunities can pay off in more ways than one.

—Chris Boorman is the Chief Marketing Officer

at leading data integration vendor Informatica.

Follow him on Twitter @chboorman.

This article appears courtsey www.cioupdate.

com. To see more articles regarding IT manage-

ment best practices, please visit CIOUpdate.com.

"Despite some leadership by yahoo!, Akamai, and google, lack of transparency masks continued reliance on coal by facebook and others to power the growth of cloud computing," said Casey harrell, spokes-person for greenpeace international.

Illu

sT

ra

TIO

n B

Y s

HIg

Il n



N E X t H or I Zo N s g re e n t e ch

indeed, greenpeace just released a study, how dirty is your data?, that highlights the rapidly growing envi-ronmental footprint of the online world and offers an evaluation of both good and bad energy choices made by leading information Technology (iT) companies such as facebook, google, Apple, yahoo and others.

how dirty is your data? showcases the enormous amount of electricity required to power "the cloud" and finds that the iT industry, despite significant advances in energy efficient data center design, is both largely ignoring the importance of using renewable power as a top criterion for locating new infrastructure and is not transparent in disclosing its energy use.

"We expect these companies to play a pivotal role in ensuring we move to clean, safe renewable energy system and avoid future disasters like fukishima (Japan's nuclear reactors that blew up during the recent earthquake and tsunami)," gary Cook, green-peace iT policy analyst said. "We think consumers want to know that when they upload a video or change their facebook status that they are not contributing to toxic coal ash, global warming or future fukishima's."

Among the key findings in the Greenpeace report are:1) Some companies have a coal intensity greater than the u.S. grid

average. one of the most popular social media companies, facebook, is among the most dependent on coal-powered electricity at 53.2%.

2) yahoo and google seem to understand the importance of a renewable energy supply. yahoo has sited near sources of renewable energy, and google is directly purchasing clean power.

3) of the 10 brands graded, Akamai, a global content distribu-tion network, earned top of the class recognition for transpar-ency; yahoo had the strongest infrastructure siting policy; iBm and google demonstrated the best overall approach to reduce their current footprints.

What You Can Doin terms of actionable items for Cio's, some of this depends on the size of a company, and Cio's of iT companies specifically will have more opportunities for action. "Since we are trying to make our own iT footprint 100% renewable powered, i can give you the suggestions we've given our own Cio/head of iT," said green-peace's Casey harrell.

1. Contact your various IT vendors and tell them to be transparent with energy usage data. This will help Cios understand the scope of their energy footprint -- the first place to start when trying to solve a problem is to know what it is! greenpeace's report shows that this is a place where many cloud vendors can and should improve. hearing from their clients will help drive this change.

many companies are investing in accounting for their carbon emissions (filing with Carbon Disclosure Project, etc.) and as they shift more and more of their iT power to the cloud, their cloud providers need to help companies account for their power

online. The report shows that companies like Akamai are doing some best-in-class disclosure (actually pub-lishing monthly bills to their clients on their footprint and assessing their kilowatt hours of electricity per megabyte of data delivered) but most cloud companies are nowhere near as transparent as they should be (especially compared to their rhetoric around trans-parency in other spheres).

2. In terms of buying clean energy to power their services, this will really differ depending on the size of the company and the location. There are green energy purchasing programs (directly from utilities)

in most states. This would account for electricity that companies use directly, i.e., server racks inside a company hQ and other in-house iT. however, the bulk of a company's iT electricity use is likely in their servers, which are most likely either located in co-location facilities or captive owned and operated data centers.

in the case of co-location facilities, Cio's need to make it known that they prefer to do business with companies that power their services with low carbon/clean energy.

Where companies own and operate their own facilities, com-panies should mimic google and yahoo, who are profiled in the report as companies that both site their facilities near clean power sources and, in google's case, get creative in their renew-able energy mitigation strategies.

"in a twist of a well-known quote from one of my favorite mov-ies field of Dreams , "if you ask for clean power, companies will come." So ask.

"google has made it clear they prefer renewable energy and they have had no shortage of providers (large and small) approaching them for their business," said harrell. "if Cios make the same ask, it will help drive change within the iT sector, and allow them more choice."

—A prolific and versatile writer, Pam Baker's published credits include

numerous articles in leading publications including, but not limited to: Insti-

tutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT

World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO

Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma

magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy

newspapers. She has also authored several analytical studies on technol-

ogy and eight books. Baker also wrote and produced an award-winning

documentary on paper-making. She is a member of the National Press

Club (NPC), Society of Professional Journalists (SPJ), and the Internet

Press Guild (IPG).

— This article appears courtsey www.cioupdate.com. To see more articles

regarding IT management best practices, please visit CIO Update.com.

53%of energy

consumed by

facebook is

sourced from

coal.

N O H O LDS BARR E D PE RSO N ' S N A M E

42 07 may 2011 ctO fORum The Chief


43 07 may 2011 ctO fORumThe Chief


S t E vE RO b i N SO N N O H O LDS BARR E D

There have been allegations that smart grids can lead to

a complex security problem for a country making them more vulnera-ble for a cyber war. You comments. Smart grids have opened up an issue that you’re dealing with systems that are highly connected and may not have the same protection like the traditional iT systems may have. Various sensors in such grids can be lying in the open and it is often a lot easier to break into these sensors than to break into a data center. So, there are a lot of discussions starting to take place on how do we improve the security in embedded systems and how do we trust those sensors for sending us the right information.

iBm has got involved in the embedded security domain. We bought a company called Telelogic about three years ago, which is popu-lar for doing embedded designs and embedded programming. many vendors including lg you our tech-nology to make their devices smarter like smart refrigerators etc.

We also have some work at iBm

research called Trust us, wherein we can put a key check on the sensors to test the data that is being sent and wipe the data, if required, infiltration can be detected. So instead of a pas-sive communication, we can have an active communication with a remote server. We are making these sensors tamper proof.

There are also other issues with embedded systems. Stuxnet, for exam-ple was focused on Siemens Controller systems and Windows as the operating system. We’re also in discussion with many medical device manufacturers that are running Windows operat-ing systems. A typical smart medical device has a life of 15 years and often the Windows is not patched in the device’s entire life cycle.

i question if Windows is the right operating system for these control-ler systems and medical devices or there are more hardened operat-ing systems for them. our Bigfix solutions are now moving to these non-traditional systems to search for unpatched devices across the net-work. We’re not there yet, but gradu-

ally extending to more and more such devices.

There’s so much of programming that’s started to get into embedded devices including the smart phones that there aren’t enough skilled pro-grammers who can write secure code for embedded systems. There’s a huge skillset gap in this industry and a lot of education needs to provided there. The good thing is that security solutions for PCs and smart phones are also moving to other devices like Tablets etc.

Advanced Persistent Threats are becoming a

common threat vector and stud-ies suggest that employee edu-cation is good but not enough to mitigate these risks. What do organisations need to do to safe-guard against these threats?We just released our X-force report and tried to define what an APT really is. i agree with you that they are becoming more and more com-plicated. however, there are certain security measures that organisa-tion still need to take. Take the case

Steve Robinson, General Manager, Worldwide IBM Security Solutions talked to Varun Aggarwal during his visit to India about various new threat vectors, including smart grid security, Advanced Persistent Threats and mobile.

DoSSier

Company: IBM

EstablishEd:

Endicott, New York

hEadquartErs

Armonk, New York

sErviCEs:

Hardware, Software,

Consulting, IT service

management

kEy subsidiariEs:

Tivoli Software

Lotus

Rational

Informix

APTs need acomprehensive architecture

44 07 may 2011 ctO fORum The Chief


N O H O LDS BARR E D S t E vE RO b i N SO N

of epsilon data breach, or rSA breach. hacked used simple social engineering tools like spear phishing and phishing e-mail to succeed.

There is no one solution to solve the APT threat and i think organisations need to pick up the game. you need to build a robust security framework. follow good network security, follow good data protection, follow good encryption.

research around X-force report is wrapped around certain iPs where the attacks were coming from. you you can get into the game by adding iP reputation technologies into your iPS and managed services so that these attacks can be blocked. At the end of the day it comes down to the domains of security the areas you focus on that APTs uncover by doing the right things to block them.

But do you think typical enterprises would have the expertise to build

such level of security for themselves?Well, i think most of them wouldn’t. And therefore, we see organisations increasingly seeking expert support through managed security services to do some very advanced security work for them. We manage security environments for 4000 customers. Small organisations find it really hard to cover their risks by completely securing their environments against the advanced threats.

many enterprises are looking for managed security to outsource common perimeter security while they focus on unique ele-ments of their security. Some of the managed security players are also putting into place a super cyber team with highly skilled security professionals. Some our customers giving us their log information, all their data, and asking us to analyse their security loopholes so that we can plug all the holes. So, man-aged security is being seen for both common functionalities like firewall and perimeter security as well as very high end security.

What would be the biggest threat vectors going forward?

We’re focused on a hand full on areas. Some are external threat vectors and some are inter-nal. There is still a lot of issue with internal threats. it is quite common for some employ-ees to send out sensitive spreadsheets through their personal mail accounts from office.

mobile security seems to be on every one’s mind. most firms are either moving or being forced to move towards device of choice to let employees manage their mobile device. in some cases, employees are even responsible for buying their laptops. This is a great cost saving but also has a lot of security challenges. Some of the issues are what poli-cies do you establish for these devices, what enterprise applications can be put on these, do we partition the device or not and treat it as private as well as a work device. Then how do you manage it, wipe it and control it in case it is lost. There are solutions coming up to address these issues but there aren’t any complete solutions yet.

Cloud and virtualisation would be the next big threat vectors. organisations are leveraging virtualisation and cloud to optimise their resources and reduce costs. There are a lot variants of cloud and we do a lot of work with customers to see if the model of the cloud should be private, public or hybrid. managing risks in these environ-ments would be critical going forward as organisations start to put their critical data over the cloud.

There’s a general trend in the security domain that every system, every device, every user needs to be protected equally. i think this would go through some changes. We’re seeing people focusing on user roles, reclassification of roles data, understanding,

understanding data policy, data risks, data motion etc. And then start to put smaller parameters around key users and key assets within the organisation.

finally, we’re getting some core tech-nologies that allow us to handle some large data issues around security so that we can integrate data from various security tools and analyse them in real time. Banks have used for many years to protect against credit card frauds, looking for patterns of fraud and based on the behaviour of usage they are alerted for frauds. We are starting to see similar technologies in security. We’ve seen cases where the same iD has logged into the network from two different geographical locations simultaneously. That should set off a security alarm.

however, there are tons of data com-ing in from various devices like firewalls, iPS, log information etc and you need the capability to suck all this data together and analyse it in real time.

How do you see the CISO role changing and evolving?

CiSos previously used to do security for compliance. now, they are turning it upside down. CiSos now need to build to secure, and if you can prove security, you can always get compliance. So, you need to put risk assessment in place, meet with the board, do an annual risk assessment.

We’re seeing a lot of CiSos have started reporting to the board as instead of chasing compliance, CiSos are driving security and letting security drive compliance for them. CiSo is now becoming a risk advisor for the organisation. i think CiSos are gradu-ally becoming business leaders and they are headed in this direction over time.

What would be your focus areas in terms of acquisitions?

We’d be looking at fairly mature companies with proven technologies which also work with our existing technologies. our Bigfix acquisition was tightly integrated with our systems management capabilities and went well with some of the security things that we were doing. So, we’re not looking for companies with technologies that work in a standalone environment. What we’re looking for is something that can complement and accelerate our existing core offerings.

“Lots of CIOs have started reporting to the board instead of chasing compliance. They are letting security drive compliance for them.”

46 07 MAY 2011 cto forum The Chief


Although it is a disheartening job, the importance of policies and procedures can’t be undermined. By AlexAnder HAmerstone

POINTS5

POLICY SETS are

different in each

environment

POLICIES DELINEATE

the laws for an

organisation

CErTaIn POLICIES maY be confidential

EnSurE POLICIES wOrk in concert

COnSIdEr buSInESS nEEd before distributing

policies

t E cH f or G oVE r NAN cE po l i cy

Policies and Procedures

information security

PH

OT

Os

BY

PH

OT

Os

.CO

M



not only do they provide direction and accountability, many specific policy ele-ments are a requirement of specific laws, regulations, and/or standards. in this mul-tipart series, i will work to help you become comfortable writing policies and their asso-ciated procedures.

Before we get started, there are a few things that are important to know.

Policy sets are different in each envi-ronment. With information security, the number of policies as well as the breadth of each policy will vary depending on the complexity of the environment as well as the sensitivity and criticality of the information.

There are other factors that will affect information security policy development as well. for example, it is common that some of the elements of an Acceptable use Policy will already be covered in basic hr policies and employee handbooks.

it is essential that different departments work together to ensure that policies work in concert and do not contradict each other. it is also essential to determine the audi-ence for any given policy. for most users, the Acceptable use Policy will determine the rules for their access.

network Security Policies, Access Control Policies, and System Access logging and maintenance Policies will have iT depart-ments as their audience.

it is also important to note that certain policies may be confidential according to an asset classification program. A network Security Policy delineating requirements for protections such as connection restric-tions or intrusion protection and detection may be valuable for an attacker.

it is vital to consider business need to know when distributing policies.

The Differences Between Policies, Pro-cedures, and Standardsit is important to understand the differ-ences between a policy, procedure, and stan-dard, and the functions of each.

Policies delineate the laws for an organi-sation. Procedures and standards describe how to implement policies. A simple anal-ogy is that of a red light. The policy, or law, requires that drivers come to a complete stop at any and all red lights.

The procedure, however, will describe how to operate the brake, operate the clutch, etc. The standard would describe what types of brakes and tires are appropriate.

An exception process would describe the circumstances under which the policy may be violated -- here, an emergency vehicle.

Knowing which policies are necessary in your environment can be a challenge. most organisations will have at least some for-malised policies.

many of these are in response to legal requirements (hr policies) or specific inci-dents. After someone leaves their laptop in the car trunk for 6 hours on a 100 degree day, a policy on the care of equipment is generally issued. With policies and procedures, it is essential to be proactive rather than reactive. in the case of the melted laptop, it would be far better to have insti-tuted a policy regarding equip-ment care prior to the incident.

That may be a simplistic sce-nario where the company is out a thousand dollars for a laptop, but it illustrates a point. This proactive posture becomes far more important when applied to more complex situations.

What if, instead of being out

a thousand dollars for a laptop, you were instead out tens or hundreds of thousands of dollars in fines after a cardholder data breach? or worse, in the case of hiPAA, you find yourself with tremendous legal bills or in jail. (i am aware that is an extreme case, but it is illustrative.)

As far as information security, every organisation will have a unique set of foun-dational policies. While there will be many that are common to all organisations, the unique qualities of each organisation call for custom policies.

how then, do we determine what basic policies we need? i have found that one of the simplest ways to determine which poli-cies are essential is to look at all applicable regulations, laws, standards, and contracts and perform a gap assessment.

for example, if you are subject to the PCi DSS, a good way to start is to take a copy of the standard and identify every place where a policy/procedure is required. PCi requires a policy on visitors to your facilities.

As such, part of being compliant with PCi will be developing a visitor policy per the specific requirements of the standard. An important caveat: having a policy in place does not equal compliance. An auditor will not only look for the policy, they will also look for evidence that the policy is enforced. So, for our example of a visitor policy, the auditor will want to see associated visitor logs and will check to see if they are issued a visitor badge per the policy.

Careful readers will note i slipped in men-tion of another document, the visitor log. in many cases, documentation leads to more documents. in this case, you will also likely need to develop training programs.

Procedures for the receptionist to follow will ensure that they are correctly logging visitors. An awareness program allows

employees to understand the policy exists.

Keep in mind it is important to review contractual obligations. involving your legal department is always recommended. —Cross-posted from SecureState

This article is printed with prior permission

from www.infosecisland.com. For more

features and opinions on informa-

tion security and risk management,

please refer to Infosec Island.

Policy writing can be a daunting task, and one for which many are not overly enthused. however, Policies and Procedures are an integral part of any information security programme.

po l i cy t E cH f or G oVE r NAN cE

8.5%growth of

enterprise

software market

in 2010.



t E cH f or G oVE r NAN cE s e cu r i t y

These are the sorts of inventions that, if realised, would overcome technological hurdles that are preventing mankind from reaching our most cherished dreams.

room temperature super conductors, advanced nanotechnology and practical fusion power are just a few.

There are a number of inventions like this that are needed to make information security a reliable, effi-cient and low cost process. And chief among them is the holy grail of information security: an un-spoofa-ble identity authentication mechanism.

Just think of it! A way for people and machines to know with a certainty that it is you andonly you that they are communicating with. no more worries that someone will steal your identity and empty your bank accounts.

no problems with cyber criminals impersonating iT personnel and stealing information or crashing systems. Think of the money and time you could save on complex intrusion detection and prevention systems and complicated processes. it is fun to contemplate.

But, unfortunately, it is all just wishful thinking. Despite years of concentrated thought and effort, nobody has a clue how to make it work!

There are just three ways known to authenticate identity:n using something you known using something you have orn using something you areWhen talking about authenticating yourself to a computer sys-

tem, something you know is typically a user name, a password or an encryption key. i think all of us know that despite all efforts to keep these mechanisms secret and secure, it doesn’t prevent intruders from getting them.

The problem is that people have to know them, they need to store them and they need to use them, and that makes them vulnerable. So something you know isn’t the answer.

let’s go to the second mechanism: something you have. in the computer world this is usually a smart card, token or the like. Com-bined with a user name and password, this mechanism provides another layer of security that can be very effective. But it is far from perfect. Smart cards and tokens can be stolen or misplaced.

Perhaps a certificate authority or token provider’s servers are compromised. Some mechanisms can be reverse engineered. So, the upshot is, you can add something you have, to something you know and get better, albeit far from perfect, identity authentica-tion. But the cost you pay in dollars and personnel hours has just gone way up.

The Holy Grail of Information SecurityHeard of the list of most needed inventions? Authentication ranks as the Holy Grail of security. By Brent Huston



s e cu r i t y t E cH f or G oVE r NAN cE

So let’s go to the final possible authentication mecha-nism: something you are. for computer systems this is presently typically finger prints or retinal scans, although other possible mechanisms include facial rec-ognition, voice recognition, heuristics (behavior match-ing) and DnA matching.

This mechanism, once again, provides added security to the identity authentication process, but still is not per-fect. for one thing, this kind of authentication mecha-nism works best in person. if a fingerprint, for example, is transmitted it really travels as a series of electromag-netic signals and these can be spoofed. But even in per-son, this type of mechanism can possibly be spoofed.

So adding something you are to something you have and some-thing you know once again makes it much more difficult to spoof

identity, but still doesn’t render it impossible. And imagine the added burden in money and inconvenience using all three mechanisms would mean to your organi-sation! Seems like way too much just to protect some financial data or health information, huh?

So, please, let’s all of us spend some thought trying to find the perfect identity authentication mecha-nism. it may be like trying to come up with perpetual motion, but if you do manage it, i guarantee you the rewards will keep you and yours in clover for the rest of your lives! —Cross-posted from State of Security

—This article is printed with prior permission from www.infosecisland.com.

For more features and opinions on information security and risk manage-

ment, please refer to Infosec Island.

7.8%growth of

worldwide

operating

system market in

2010 over 2009

Importance of SoA for ISO 27001SoA should not be considered as just one of those “overhead documents” that have no use in real life. By dejAn kosutic

The importance of Statement of Applicability (sometimes referred to as SoA) is usu-ally underrated - like the

Quality manual in iSo 9001, it is the central document that defines how you will implement a large part of your information security.

Actually, the Statement of Appli-cability is the main link between the risk assessment & treatment and the implementation of your information security - its purpose is to define which of the suggested 133 controls (security measures) from iSo 27001 Annex A you will apply, and for those that are applicable the way they will be implemented.

Why it is needednow why is such a document nec-essary when you already produced

the risk Assessment report (which is also mandatory), and which also defines the necessary controls? here are the reasons:

first of all, during risk treatment you identify the controls that are nec-essary because you identified risks that need to be decreased; however, in SoA you also identify the controls that are required because of other reasons - i.e. because of the law, contractual requirements, because of other processes, etc.

Second, the risk Assessment report could be quite lengthy - some organisations might identify a few thousand risks (sometimes even more), so such a document is not really useful for everyday operational use; on the other hand, the Statement of Applicability is rather short - it has 133 rows (each representing one con-

t E cH f or G oVE r NAN cE ce r t i f i cat i o n

trol), which makes it possible to present it to management and to keep it up-to-date.

Third, and most important, SoA must document whether each applicable control is already implemented or not. good prac-tice (and most auditors will be looking for this) is also to describe how each applicable control is implemented - e.g. either by making a reference to a document (policy/procedure/working instruction etc.), or by shortly describing the procedure in use, or equipment that is used.

Actually, if you go for the iSo 27001 certification, the certification auditor will take your Statement of Applicability and walk around your company checking out whether you have implemented your con-trols in the way you described them in your SoA. it is the central document for doing their on-site audit.

A very small number of companies realise that by writing a good Statement of Appli-cability you could decrease the number of other documents - for instance, if you want to document a certain control, but if the description of the procedure for that control

would be rather short, you can describe it in the SoA. Therefore, you would avoid writing another document.

Why it is usefulin my experience, most companies imple-menting the information security man-agement system according to iSo 27001 spend much more time writing this docu-ment than they anticipated. The reason for this is they have to think about how they will implement their controls: Are they going to buy new equipment? or change the procedure? or hire a new employee?

These are quite important (and some-times expensive) decisions, so it is not

surprising that it takes quite a lot of time to reach them. The good thing about SoA is that it forces organisations to do this job in a systematic way.

Therefore, you shouldn't consider this docu-ment as just one of those "overhead documents" that have no use in real life - think of it as the main statement where you define what you want to do with your information security. Written properly, SoA is a perfect overview of what needs to be done in information security, why it has to be done, and how it is done. —Cross-posted from ISO 27001 & BS 25999 blog

This article is printed with prior permission from www.

infosecisland.com. For more features and opinions on

information security and risk management, please

refer to Infosec Island.

advts.indd 56 12/22/2009 3:02:47 PM

A very small number of companies realise that by writing a good SoA,

you could decrease the number of other documents needed.



Hide time | BOOK REVIEW

ABOUT THE REVIEWER

Jatinder Singh

is a Senior Cor-

respondent with

IT Next magazine.

You can reach

him at jatinder.

[email protected]

Auth

or: K

en B

lanc

hard

an

d Sh

eldo

n Bo

wle

s

if somebody would tell you the secret formula of becoming rich in a short span, in all probability you'll take it for a small consulting fee. Big Bucks claims to be that formula, though without the right ingredients. Written by Ken Blanchard and Shel-don Bowles, the book puts up simple business rules in a 200 pages advi-sory for those who want to become overnight millionaires.

Big Bucks a story of len, a young man searching for the secret to moneymaking and his adventurous journey with rabbi Silver, father murphey, Pastor edwards and the moneymakers from their congrega-tions. it uses a business parable to demonstrate how to overcome three challenges -- the test of joy, the test of purpose and the test of creativity to achieve financial success

The book reinstates the fact it's possible to become rich, even in adverse circumstances, if you try to do so in an intelligent manner. it says that one can't stay profit-

is on cards. "it takes a 13 year old kid about two minutes to figure out that if he wants to earn big money at a sport he'd better sharpen his basket-shooting skills or turn out for batting practice rather than for volleyball," is an insightful take at all those who crib at what they are doing. it underlines the same old rules that by focusing on concepts like commitment, intensity, purpose and even fun, anyone can build per-sonal wealth and financial security.

nevertheless, i would have rated this book far better had the author projected this as a road map to become an efficient entrepreneur. however, the author seems to be in a hurry to cash in on some emotion-al values of people. As the author says, the world is full of people look-ing for ways and schemes to make money, Big Bucks certainly falls under that attempt. my take: A ref-erence manual for first generation entrepreneurs, not impressive for serious readers.

able if he chases away customers or mistreats his employees. however, despite having a packaging that is bound to attract eyeballs, the book comes as nothing but a jerry-built attempt of explaining things which have been taught by various manage-ment gurus of the previous era.

have fun what you are doing, make sure your customer is happy, be creative and help others to suc-ceed and so on. Didn't we all know that? yes, but still a majority of us are not even near to that "million-aire" tag. And here i was expecting some real game changing steps or examples, at least to affirm author's claim to help people becoming super rich by reading this epitome of good breeding.

however, the book reminds us of several substantial manage-ment rules that are vital to the resolution of a crisis. The author is at his best at explaining that it's extremely important to set right priorities at right time else, failure

old wine in a new bottle the book reinstates the fact it's possible to become rich, even in adverse circumstances, if you try to do so in an intelligent manner.

“Kids know they have to take up basket ball

if they want to earn big money”



E VE N t r E Por t Clo u d Com pu t i n g

for most enterprise iT organisations, years of innovation, expan-sion, and acquisition have resulted in sprawling infrastructure that stretches the limits of manageability. While the individual iT systems and applications in service are often well considered and expertly implemented, the sheer scale of the ongoing iT

investment itself has emerged as the dominant concern. Also, most enter-prises now find themselves with too many platforms, too many technologies,

Cloudscape Mumbai session was attending by over 17 CIOs large enterprises discussing on wide-ranging issues facing the technology.

Cloudscape Delhi session in progress. The participants were quite enthusiastic to know how cloud will change the way enterprise consume technology in the future.

There is apoint.A participant at the Kolkata roundtable making

his point to his peers.

Private Cloud: The Future of Enterprise Computing Be it elasticity, ease of use or up-scaling or down-scaling IT infra-structure, cloud gives the flexibility of IT deployment.

Event



Clo u d Com pu t i n g E VE N t r E Por t

Cloudscape Kolkata session in progress. The participating CIOs, drawn from a variety of businesses and verticals engaged in a 2-hour long discussion on the pros and cons of private cloud. Majority of the participants agreed that it makes sense to have a cloud strategy for long term benefits.

Dhruv Singhal, Senior Director, Sales Consulting, Oracle India

making a point during the roundtable session.

too many domains of expertise, and too many vendors to coordinate and manage.

in response, a number of technologies and practices have become staples for large enterprises. however, what has clearly emerged as the next generation strategy, is the adoption of a more centralized, auto-mated, and elastic infrastructure – a Cloud Computing infrastructure.

To take this discussion to a logical conclu-sion and further dispel the hype around cloud computing, CTo forum in associa-tion with oracle organised five-city Cio roundtable Discussion series named ‘Cloudscape’. The roundtable discussions were held in the cities of new Delhi, Kolka-

two most visible benefits of cloud comput-ing are speed and cost. Through self-ser-vice access to an available pool of comput-ing resources, users can be up and running in lesser time. making adjustments to computing capacity also becomes faster, due to the elastic and scalable grid architec-ture. Since cloud computing is a pay-per-use model, operates at a high scale and is highly automated, the cost and efficiency of cloud computing is very compelling.”

The event was attended by senior Cios and iT decision makers in all five cities.

Lighter moments. CIOs engaging with Roland Slee,

VP, Database Product Management, Oracle Corp

for expert views.

ta, Chennai, Bangaluru and mumbai during march-April 2011.

The key areas discussed during vari-ous roundtables focused around: how to building a practical Cloud roadmap how to transforming on-premises iT assets into a Private Cloud Can Private Cloud be a custom solution to suit the needs of large corporates? Can there be predictable performance and meaningful service levels in the Cloud environments?Speaking during roundtables at various

places, Dhruv Singhal, Senior Director Sales Consulting, oracle india said, “The



E VE N t r E Por t so lu t i o n ce n t re

Conquering Data Centre ChallengesWith new technologies come new challenges for CIOs to manage the data center. Dell, meanwhile, is helping CIOs to create an efficient data centre.

in an attempt to underline the chal-lenges faced by indian organisa-tions with regard to their datacentre management and find some intrin-sic solutions, CTo forum hosted a

focused event, Conquer Datacentre manage-ment Challenges Workshop, in Bangalore on march 25, 2011.

in partnership with Dell india, the forum initiated a full day Virtual integrated System (ViS) workshop, which revealed key strate-gies that can help in overcoming the chal-lenges. Surprisingly, the datacentre manage-ment challenges were more attributed to virtualisation and cloud computing, which is becoming pervasive across datacentres.

The topic drew attention from Cios and Senior iT managers who sought answers to

The IT Head from the audience trying to find answers to datacentre related challenges from Dell executives during the Q&A.

Event

The group sessions with IT heads as part of Dell’s product demonstrations during ‘Conquer Datacentre Management Challenges’ workshop, in progress.

IT Heads join to watch the product demonstration in separate groups during Dell’s workshop on ‘Conquer Datacentre Management Challenges’.

address the inherent challenges that they face. There were 42 participants who raised key concerns around how virtualisation and cloud computing brought in a new set of challenges.

Dell india’s head –r&D, (pls mention the name) welcomed the gathering by emphasis-ing upon the transformation that the com-pany has undergone in its r&D focus over the years. “Dell, which has been traditionally known as the hardware company, has made

a conscious effort to be known as a solutions company that can provide complete packaged solutions to its customers,” he said.

The key point of discussion was to under-stand how Dell enabled its customers in addressing data centre challenges while making provision for next generation het-erogeneous platforms with Dell solutions. Some of the key solutions revolved around new consoles, embedded management,



so lu t i o n ce n t re E VE N t r E Por t

Sitaram VV, National Manager, Enterprise Solution Marketing, Dell India, Viswanathan Balakrishnan, Product Manager-PG Enterprise Marketing, Dell India R&D Centre and Ramesh

Rajgopalan, Director, Solutions Engineering, Dell India respond to audience queries as part of Q&A.

Suhas Mhaskar, GM-Corporate IT, Mahindra & Mahindra Limited making his comment at the session in Mumbai.

Sundar Ram, VP, Technology Sales, Oracle APAC, presenting Oracle's Architectural Framework during the roundtable in New Delhi.

toolkits and utilities as part of Dell’s open manage Systems management portfolio.

Starting his key note by listing out the chal-lenges concerning data centre infrastructure including, backup, hardware, software, Dr, and entire infrastructure lifecycle, Sitaram VV, national manager enterprise Solution marketing, Dell india, threw up certain key solutions that could respond to the concerns.

While unified storage, storage virtualisa-tion, open tools and utilities formed the core, the most recommended solution that Sita-ram stressed upon was the Dell Virtualised integrated System (ViS) architecture that cre-ated a path to data centre transformation.

According to him, the efficient data centre could be driven by the ViS, which is based

on open architecture and standardised platforms, pro-viding modular approach to the process of streamlining virtual environments.

Another way of driv-ing efficiency, as Sitaram emphasised, would be around simplifying the technology infrastructure using virtualisation and consolidation to eliminate redundancies and pool resources to improve opera-tional efficiency.

group session for demonstration of Dell solutions. The audience was spread across five groups, g1 - g5, with live product demos around ViS (Aim/Creator live prod-uct), embedded management, industry lead-ing consoles integration and open manage tools & utilities.

The ViS architecture was showcased in ViS Delivery Centre with ViS infrastructure performing around intelligent hardware and driving the data centre transformation.

Participants were introduced to embedded management solutions and their perfor-mance, including iDrAC6, lifecycle Control-ler, unified Server Configurator and other solutions that controlled the server operations.

Dell executives demonstrated the firm’s comprehensive consoles such as iT Assistant, Dell management Console, Chassis manage-ment Controller and partner consoles and show-cased its features in driving efficiency.

open manage tools and utilities formed the highlight of the event, as it centred around the legacy oS and efficient manage-ment of Dell servers from within the oS in an open environment. The tools included openmanage Server Administrator, System Build & update utility, System update util-ity, Deployment Tool Kit, repository man-ager and Dell firmware update Packages.

Dell acknowledged the partners by pre-senting souvenirs.

Viswanathan Balakrishnan, Product manager - Pg enterprise marketing, Dell india r&D centre, another key speaker at the workshop, guided the audience through various solutions that Dell carries as part of its offerings.

As per Balakrishnan, the key benefit that Dell brought to the customer table is its strategic partnership with varied technology vendors like Symantec, Vmware, microsoft, emC etc., which helped in addressing mod-ularity and open management aspects.

The floor was then open for a Q & A ses-sion with the customers, who discussed their specific challenges under varied tech-nology environments.

The forum also initiated an exclusive

VIEWPOINT



AbOuT ThE AuThOr: Steve Duplessie

is the founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

I’m NO ExPErT in this area so this is just what i took out of a few heated conversations. The hatred seems to come in two categories.

first, people hate ConfuSing licensing. This appears to mainly be the fault of the behemoths who buy up tons of little guys and then have a hodgepodge of software, each with a myriad of licensing options and/or requirements. This, i understand.

People hated Symantec/Veritas for this reason, but i don’t hear much about that anymore, so i’m guessing they simplified things. i do remem-ber back in the day when it was just Veritas, users hated the complicated licensing mess Veritas handed them. And back then, Veritas only had a handful of different products. i can only imagine the nightmare that happens when you are as large and diversified as Symantec (or CA, or microsoft, or any other mega-huge software company). i also remember taking the better part of a day trying to figure out exactly what we needed to buy when little 10 person eSg dropped notes for exchange. i’m still not sure we did it right.

The ConfuSion hatred is obvi-

running virtualisation so you can use all that extra horsepower that you gained by consolidating your servers into a far more efficient package? good for you, except now you have to go explain to the Cfo that while you saved a ton of dough via consolidation and virtualisation, it’s going to larry the Benevolent, not to your business.

revolutions occur for much less. if this isn’t the modern day tech equiva-lent of “let them eat cake,” i don’t know what is.

it’s rude and insensitive, and it pro-vides Zero value back to the buyer. i mean no one likes to pay a billion bucks for licensing, but at leAST you get to run the app. This is paying a billion extra bucks, for noThing.

every empire gets toppled eventual-ly. Those who are hated by their peo-ple topple faster. Then people smash your picture with their shoes. There are companies designing (redesign-ing) servers just because of this problem. Why do i have to have folks spend time and money redesigning perfectly good servers just because one company won’t play nice with the rest of us? Because they can. And that sucks.

ous–as is the solution: stop thinking that just because you (people who work for the vendor and deal with it all day every day) understand your ridiculous licensing requirements, those of us who don’t spend every waking moment of our lives thinking about that do. We don’t.

no one in the outside world wants to be a licensing expert on your software. Cut it out. We have real jobs. Dealing with licensing b.s. dis-tracts us from those jobs.

The second camp invokes even more hatred and vitriol: the f* you licensing Policy. let’s use a totally random example, say, oracle.

oracle licenses by the amount of cores in your cluster. more cores, more dough. This AlmoST was reasonable when all machines were effectively single stacks, but today it’s a downright crime.

have a 64 core machine? using 32 cores to run oracle and the other cores to run web servers? Tough crap. Pay for 64. either turn them off, or pay for them, whether you use them or not. you end up with the most expensive 32 core machine on the planet.

The Hatred of Software Licensing Rarely can you find a topic that invokes more hatred in IT than

licensing policies.

steve Duplessie | [email protected]

Illu

st

ra

tIo

n B

Y s

hIg

Il n

cto forum may 7th, 2011

Documents

simple web pages

static web page

future indian cios

growing number of screens

technology universe

death of web pages

sharing of information

new futurea future