Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

Volume 01 | Issue 10

Do

n’t

Le

t It

HIja

ck

tH

e c

MD

| co

nc

er

ns

fo

r a

GL

ob

aL

su

rv

eIL

La

nc

e P

ro

jec

t | s

er

vIc

e P

ro

vID

er

s a

nD

Pc

I co

MP

LIa

nc

e

Volume 01

Issue 10

October 2012150

a QuestIon of answers

Need for Multi-Layered Protection Pg14

vIewPoInt The Perfect

Storm Pg 72

best of breeD

5 Conditions of the Social Successful Enterprise Pg 18

s p i n e

cio

an

dl

ea

de

r.c

om

10Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

A 9.9 Media Publication

thetrailblazersIT leaders at Essar lend the power of technology to its group companies for evolving into best-in-class businesses that can compete with global champions

C N Ram Group CIO,

Essar Group

Jayantha Prabhu Group CTO,

Essar Group

Page 28

Now with ‘Server Class’

Drives

® - Built on world-class EMC storage technology

- Advanced storage, security, and content sharing that is easy and affordable® ®- PC, Mac and Linux ; 4TB to 36TB in a single array

® ® ®- Certified for Vmware , Windows Server, Citrix XenServer

- Protect and share your data from anywhere with Iomega Personal Cloud

- Server class drives for higher reliabilty and performance

- Video Surveillance ready - connects upto 48 cameras.

` 4,99,000

for 36TB** Taxes extra.

Network Storage for BusinessNVR for IP Surveillance - up to 48 cameras

CTO_Forum_251012 Size:213x283(bleed) 210x280 (Trim) 200x270 (Type)

StorCenter ix2

2TB/4TB/6TB

RAID 1, JBOD

1 x GbE

Starts at ` 18,000/-

StorCenter ix4

4TB/8TB/12TB

RAID 1, JBOD

2 x GbE

Starts at ` 45,000/-

StorCenter Px4-300d

0TB/2TB/4TB

RAID 0, 1, 5, 10

5+1 Hot Spare, 2 x GbE,

USB 3.0, Starts at ` 59,000/-

/8TB/12TB

StorCenter Px6

0TB/ 6TB/12TB

RAID 0, 1, 5, 6, 10

5+1 Hot Spare, 2 x GbE,

USB 3.0 Starts at ` 69,000/-

2TB/ /18TB

StorCenter Px4-300r

0TB/4TB/8TB

RAID 5, 10, JBOD

2 x GbE,

Starts at ` 1,49,000/-

/12TB

1October 2012

editorialyashvendra singh | yashvendra.singh@9dot9.in

Revisiting the US Elections

Some parallels between the US presidential

elections and deploying IT in an enterprise.

of a cutting edge technology. The technology implementation not only needs to connect with the IT infrastructure but also with the end users. The technol-ogy leader, therefore, has to sync his implementation and the message together.

This is exactly what the Essar Group’s technology leader duo of C N Ram and Jayantha Prabhu have displayed in their quest for transforming the multinational conglomerate. Our cover story discusses how the two, leading from the front, have delivered value for their enterprise by leveraging IT while at the same time gained the confidence of their team, rewarded them and stimulated their productivity.

It was the year 2003. Howard Dean was running for the

2004 US Democratic primary candidacy. Open to experimenta-tion, Dean decided to use Inter-net for his campaign. His team maximised the use of blogs and online forums for the electoral drive. In the process, little did Dean realise that he was creat-ing history. Not only was Inter-net being used for the fist time in the presidential campaign, the results were astounding. By raking in over $15 million online, Dean set a new record of raising most funds by a single Democrat by the third quarter of

implausible, we can draw some parallels between the US presi-dential elections and deploying IT in an enterprise.

For one, technology, which is an important tool for the suc-cess of any mission, is always in flux. An enterprise technol-ogy decision-maker should dominate the available technol-ogy and integrate it into his enterprise. The fact that today’s technology can enable what was unthinkable five years ago, lends amazing powers at a technology leader’s disposal – something that Obama’s campaign team realised and utilised.

The second, and more important, point is the fact that technology alone cannot ensure success of an endeavour. An analysis of Obama’s campaign reveals that his success did not rely only on technology. It was backed by a message that reverberated with the audience. Similarly, the job of a tech leader doesn’t end with the deployment

the presidential race.Dean’s campaign proved to

be a PoC for Barack Obama, who during his bid for the US Presidency in 2008, perfected what Dean initiated. By combin-ing SaaS and social networking Obama practically set up a self-funding and self-perpetuating fund-raising machine. In Feb-ruary 2008 alone, Obama had raised $55 million with more than 80 percent coming from online, and without hosting a single fundraiser!

This was arguably one of the crowing moments for technology. While it may seem

editors pick28

The TrailblazersIT leaders at Essar lend the power of technology to its group companies so that they can compete with global champions

2 October 2012

october 2012

cover Story 28 | The TrailblazersIT leaders at Essar lend the power of technology to its group companies so that they can compete with global champions

CopyrIghT, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive pvt Ltd. is prohibited. printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. printed at Tara Art printers pvt ltd. A-46-47, Sector-5, NoIDA (U.p.) 201301

Please Recycle This Magazine And Remove Inserts Before Recycling

regulArS01 | Editorial06 | EntErprisE

roundup72 | viEwpoint

Cover Design by: shokeen saifi imaging by: Peterson PJ photos by: Jiten Gandhi & zafar

Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

Volume 01 | Issue 10

Do

n’t

Le

t It

HIja

ck

tH

e c

MD

| co

nc

er

ns

fo

r a

GL

ob

aL

su

rv

eIL

La

nc

e P

ro

jec

t | s

er

vIc

e P

ro

vID

er

s a

nD

Pc

I co

MP

LIa

nc

e

Volume 01

Issue 10

October 2012150

a QuestIon of answers

Need for Multi-Layered Protection Pg14

vIewPoInt The Perfect

Storm Pg 72

best of breeD

5 Conditions of the Social Successful Enterprise Pg 18

s p i n e

cio

an

dl

ea

de

r.c

om

10Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

A 9.9 Media Publication

thetrailblazersIT leaders at Essar lend the power of technology to its group companies for evolving into best-in-class businesses that can compete with global champions

C N Ram Group CIO,

Essar Group

Jayantha Prabhu Group CTO,

Essar Group

Page 28

28

3October 2012

xx

37 | top Down MAking open Source work Vishwajeet Singh, CIO, Epitome Travel shares his experience of using open source to the core to save costs

48 | the beSt ADvice i ever got“enjoy the journey” It is important to enjoy the journey rather than keep thinking about reaching the destination

49 | opinion think before you SpeAk Here are 11 of the biggest mistakes speakers make — and how to avoid them

41 | leADing eDgeDeveloping globAl leADerS Companies must cultivate leaders for global markets. Dispelling five myths about globalisation is a good place to start

51 | Shelf life Switch: how to chAnge thingS when chAnge iS hArD The book addresses change and the process associated with it

My Story38 | Leadership is About Making an Impact Sandeep phanasgaonkar, CTo, reliance Capital, says leadership has the ability to make a positive impact on customers

SpeciAl leADerShip Section pAge 36A to 51

45 | Me & My Mentee working in tAnDeM Understanding each others' qualities is the way forward for a mentor and his mentee

4 October 2012

A QueStion of AnSwerS14 | NEED for A MULTI-LAyErED proTECTIoN Natalya Kaspersky, CEo, Infowatch, talks about how enterprises need to manage new age threats

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Anuradha Das Mathur

EditorialExecutive Editor: Yashvendra SinghConsulting Editor: Atanu Kumar Das

Assistant Editor: Varun Aggarwal & Akhilesh Shukla

dEsignSr. Creative Director: Jayan K Narayanan

Sr. Art Director: Anil VKAssociate Art Directors: Atul Deshmukh & Anil TSr. Visualisers: Manav Sachdev & Shokeen Saifi

Visualiser: NV BaijuSr. Designers: Raj Kishore Verma, Shigil Narayanan

Suneesh K & Haridas BalanDesigners: Charu Dwivedi, Peterson PJ & Midhun Mohan

MARCOMAssociate Art Director: Prasanth Ramakrishnan

Designer: Rahul BabuSTUDIO

Chief Photographer: Subhojit PaulSr. Photographer: Jiten Gandhi

advisory PanElAnil Garg, CIO, Dabur

David Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on

Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

nEXt100 advisory PanElManish Pal, Deputy Vice President, Information Security Group

(ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan

Berjes Eric Shroff, Senior Manager – IT, Tata ServicesSharat M Airani, Chief – IT (Systems & Security), Forbes Marshall

Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group

salEs & MarkEtingNational Manager – Events and Special Projects:

Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)

Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)

Senior Sales Manager (North): Aveek Bhose (+91 98998 86986)Product Manager - CSO Forum and Strategic Sales:

Seema Menon (+91 97403 94000)Brand Manager: Jigyasa Kishore (+91 98107 70298)

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar

Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane,

Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd.A-46-47, Sector-5, NOIDA (U.P.) 201301

For any customer queries and assistance please contact help@9dot9.in

This issue of CIO&Leader includes 12 pages of CSO Forum free with the magazine

www.cioandleader.com

advertisers’ index

Microsoft FCIomega IFCCheck Point 5HP – PSG 9Symantec 11Schneder 12, 13EMC 17Sanovi 21Riverbed IBCIBM BCThis index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

18 | BEst of BrEEd: 5 conditions of a social successful enterprise The secret to a successful social platform is to establish the conditions for a collaborative culture

60 | tEch for govErnancE: service providers and pci compliance Know about what you need from third parties

53 | nExt horizons: cio solves ceo Queries on cloud Top CIOs discuss about cloud implementations and attempt to solve CEO queries

14

Stoc

k Exchanges Ba

nks

Energy & Utilities

IT / ITeSTe

lecom

Railw

ays

Government

6 October 2012

story InsIde

IT Spending in India to Reach

$71.5 Billion Next Year Pg 08

Jobs will be created in APAC by the growth of data

Mobile Sales in India to Reach 251 Million Units in 2013 samsung nokia top two vendorsMobile device sales in India are forecast to reach 251 million units in 2013, an increase of 13.5 percent over 2012 sales of 221 million units, according to Gartner, Inc. The mobile handset market is expected to show steady growth through 2016 when end user sales will surpass 326 million units.

“The Indian mobile phone market is very competi-tive with more than 150 device manufacturers selling devices to consumers. Most of these manufacturers remain focused on the low-cost feature phone mar-ket which still constitutes over 91 percent of overall mobile phone sales, offering a huge market to com-

pete in,” said Anshul Gupta, principal research ana-lyst at Gartner.“The increase in share of smartphone device sales, declining sales to first time buyers and the continuous focus of global manufacturers on the low cost feature phone market, has put many of the 150 plus local and Chinese device manufactur-ers under survival mode. Many of them are already struggling to maintain share in the growing market,” Gupta said. Some of these local and Chinese manu-facturers are building capabilities, distribution and brand to compete with the big global players as they are preparing to compete at a larger level.

4.5data BrIefIng

EntErPrisEround-uP

ima

ge

by

ph

ot

os

.co

m

mn

E n t E r p r i s E r o u n d - u p

7October 2012

The public cloud services market in India is forecast to grow 32.4 percent in 2012 to total $326.2 million, according to Gartner, Inc. Worldwide public cloud services revenue is on pace to total $111 billion this year

QUICK Byte on CloUd

IT Spending in India to Reach $71.5 Billion Next Year at $47.8 billion, telecom is the largest segmentiT spending in India is projected to total $71.5 billion in 2013, a 7.7 percent increase from the $66.4 billion forecasted for 2012, according to Gartner, Inc..

Speaking at the Gartner Symposium in Goa, Peter Sondergaard, senior vice president and global head of research at Gartner, said, “India, like other emerging markets, continues exercising strong momentum despite inflationary pressures and appreciation of local currencies, which are expected in rising economies.“

The telecommunications market is the largest IT segment in India with IT spending forecast to reach $47.8 billion in 2013 (see Table 1), followed by the IT services market with spending of $10.3 billion.The computing hardware market in India is projected to reach $9.5 billion in 2013, and software spending will total nearly $4.0 billion. Software will record the strongest revenue growth at 15 percent, IT services will grow at 12 percent. The telecom segment, which accounts for 67 percent of the Indian ICT market, is set to grow at 7 percent revenue growth in 2013. “Businesses are increasingly looking to IT to help support the challenges of enhancing customer support, supply chain management, optimizing business pro-cesses or helping drive innovation in the business,” Sondergaard said.

The CEO of Samsung recently announced that a smaller version of the Samsung Galaxy S3 will be in the market soon and the unveiling of a small device “that had never been this big.”

—Source: Gartner

“There’s a lot of demand for a 4-inch screen device in Europe. Some call it an entry-level device, but we call it mini.”

TheY SaId IT

J K ShIN

—J K Shin, CEO,

Samsung

ima

ge

by

ph

ot

os

.co

m

E n t E r p r i s E r o u n d - u p

8 October 2012

3 Growth Opportunities in Servers Through 2015 spending on servers is 60% of overall data center hardwareThree key server segments — hyperscale data centers, hosted virtual desktop (HVD) workloads and extreme low-energy (ELE) servers — will offer opportunities for growth through 2015, according to Gartner, Inc.

Servers represent the control points of hardware infrastructure in data centers, where workloads and applications reside, and Gartner analysts estimate that end-user spending on servers accounts for about 60

percent of overall data center hardware."The server market was worth $52.8 billion

worldwide in 2011, and although it's mature, it will offer considerable growth opportuni-ties in the coming years," said Kiyomi Yama-da, principal research analyst at Gartner. "These opportunities will arise as demand for certain types of workloads increase and use of servers shifts to very large data centers, virtualisation and energy-efficient products."

The Asia pacific business process outsourcing (bpo) market is forecast to reach $9.5 billion in 2016, up from $5.9 billion in 2011.

"Currently, the server market is highly competitive, and despite its size, offers only small profit margins," said Jeffrey Hewitt, research vice president at Gartner. "The prevalence of standardized (x86) platforms also makes it hard for companies to differentiate their products. In response, server providers, aiming for higher profit margins, have been making more effort to create fabric-based infra-structure and converge around integrated systems. To succeed in the server market in the next few years, companies must innovate and respond quickly to shifts in demand.Opportunity 1: Increasing Demand for Hyperscale Data Centers Creates an Opportunity for Providers to Boost Server ShipmentsCompanies such as Google, Amazon and Facebook have huge data centers that serve external customers. These data centers need large numbers of servers and are called hyperscale data centers. The hyperscale/cloud data center segment already accounts for about 11 percent of server shipments and Gartner expects the segment to con-tinue to experience strong growth, making it about 17 percent of the total x86 server market in unit terms by 2015.

"The hyperscale data center market is a big one, but limited, with only a few dozen — albeit, large — potential customers," said Yamada. "This strong, concentrated buying power inevitably means intense competition and lower margins, as well as fluctuating demand. Order schedules are more likely to be unpredictable, aligning with these companies' infrastructure build-out phases, which depend on each company's business plan. In order to be successful in this oppor-tunity, organizations must offer custom design, manufacturing, installation and support capabilities that specifically target the segment."Opportunity 2: Flexibility of HVDs Means More Enterprises Will Move Their Workloads, Gartner estimates that by 2015, virtualised physical servers deployed for HVD work-loads will reach about 368,000 units and will account for 16.7 percent of virtualized physical servers for all workloads. HVD workloads are among the fastest-growing server workloads.

gloBal traCKer

BPO

so

ur

ce

: g

ar

tn

er

ima

ge

by

ph

ot

os

.co

m

E n t E r p r i s E r o u n d - u p

10 October 2012

Google Will Shape Future of Financial Services Industry Security remains paramount

GrEEn it

by 2015, india's spending

on green it and sustain-

ability initiatives will double from

$35 billion in 2010 to $70 billion

in 2015, according to gartner. in

2012, green it and sustainability

spending in india will total $45

billion.

in the gartner report “hype

cycle for green it and sustain-

ability in india, 2012,” analysts

said green it and sustainability

are emerging as key concerns

for businesses, investors and

technologists across indus-

tries and policymakers in india.

though many technologies are

available, government policies

will eventually drive green it and

sustainability solutions adoption

by indian enterprises.

“For the first time, a chapter on

sustainable development and

climate change was introduced

in the government's annual

indian economic survey, 2011-

2012. the survey has suggested

making lower-carbon sustain-

able growth a central element of

india's 12th five year plan, which

commenced in april 2012,” said

ganesh ramamoorthy, research

director at gartner.” this will set

the tone for future policy initia-

tives and regulatory measures

from the indian government that

will drive the implementation

of some technologies — such

as advanced metering infra-

structure, carbon capture and

sequestration.

despiTe the hype about “digi-

tal mega-firms” such as apple,

Facebook and google wiping

out mainstream banks, traditional

banks will have the edge over their

internet-oriented rivals, according to

gartner. however, the new firms will

play a considerable role in shaping

the banking industry of the future.

“the evolution of the internet

A youTh debATe on Internet Governance 2012 (You-DIG 2012) was kicked-off here with great excitement as students from 15 renowned colleges of Delhi debated the issue ‘Online anonymity should be done away with’. The debate was part of the India Internet Governance Conference (IIGC), organized by FICCI in association with the Min-istry of Communications & IT and the Internet Society. The jury members comprised Rajeev Chandrasekhar, Member of Parliament, Rajya Sabha and Past President, FICCI; Richard Allan,

Students Raise Voice against Internet CensorshipfICCI offers unique platform for students

faCt tICKer

continues to raise questions about

the continued viability of brick and

mortar establishments in retailing

and financial services,” said David

Furlonger, vice president and gart-

ner fellow. “increasingly, internet-

oriented mega-firms are seen as

the commercial enterprises of the

future. however, as far as retail

banking is concerned, it would be

like trying to hammer a square peg

into a round hole, this just does not

fit.” Furlonger said that the digital

mega-firms have many things in

their favour. they are masters of

data management and analytics.

to all intents and purposes they

define agility, both from a technol-

ogy and a business model point of

view. they are extremely adept at

extending their value chain analysis

beyond the core offering, with an

eye to identifying new opportuni-

ties for business and highlighting

specific customer needs that they

might address.

Director of Public Policy-EMEA, Facebook and Suhasini Haidar, Senior Editor, CNN-IBN.

This initiative of FICCI saw students getting actively involved on the issue of Internet Gover-nance. When it comes to internet governance, the voice and aspirations of the youth matter the most, as they form the majority who access the internet and are responsible for changing the use of this medium in due course of time. The Youth debate is part of the outreach and inclusivity effort by FICCI to amplify the voice of youth in a mean-ingful way, in the internet governance dialogue – including issues of online safety, security and freedom of speech. The house was divided on the issue of banning online anonymity. Those sup-porting the issue and advocating a ban stated that anonymity and accountability go hand-in-hand. Absolute power corrupts hence the fear of retribu-tion is much-needed. Therefore, a norm needs to be established where all users are identified.

Protagonists of the ban stated that there have been innumerable instances of cyber theft, breach of privacy and threat to security of not only indi-viduals but to the country as well. Therefore, it is necessary that each person using the virtual plat-form must be identified and traced if there is an emergency situation. It is often seen that a society without an identity crashes out soon.

But a large number of students felt that if online anonymity is banned then indirectly freedom of expression will also suffer. The Arab Spring was the result of an anonymous protest, if the initia-tors had been identified at the start of the revolu-tion, then Arab Spring would have never been known to history. Anonymity gives an individual the power to express oneself and seek views and opinions from others.

ill

us

tr

at

ion

by

ph

ot

os

.co

m

12 October 2012

Summary

The physical configu-

ration of the IT equipment

can have a dramatic effect

on energy consumption. a

poor configuration forces

the cooling system to

move much more air than

the IT equipment requires

Most data centers do not fully utilise power, cooling, and rack capacity. The primary symptom of this condition is the low average operating power density of data centers.

In a typical data center, less than half the electric-ity used actually makes it to the computer loads. More than half the electrical bill goes to the purchase of power consumed by the electrical

power system, the cooling system, and lighting. The total electrical consumption therefore has two principal contributors — (1) the power consumed by the IT loads, and (2) the power consumed by the sup-port equipments.

Vendors of computer equipment are providing new solutions such as virtualisation that have the potential to reduce the total amount of IT equip-ment required to perform a specific function, which offers a means to reduce IT load power consumption. Unfortunately, at the same time, the trend of IT sys-tems operating at higher densities with time-varying power draw are driving down the electrical efficiency of the data center power and cooling systems.

While most users understand that inefficiencies of the power, cooling, and lighting equipment are

wasteful, the other items that actually dominate the inefficiencies and are not well understood. Here are some of the primary reasons we should consider when we choose electrically-efficiency data centers.

Inefficiencies of the power equipmentEquipment such as UPS, transformers, transfer switches, and wiring all consume some power (manifested as heat) while performing their function. While such equipment may have name-plate effi-ciency ratings that sound impressive — 90 percent or higher — these efficiency values are misleading and cannot be used to calculate the power wasted in real installations. When equipment is doubled for redun-dancy, or when the equipment is operated well below its rated power, efficiency falls dramatically. Further-more, the heat generated by this “wasted” energy in power equipment must be cooled by the cooling system, which causes the air conditioning system to use even more electrical power.

High-Efficiency, High-DensityData Centers

DATA CENTER CORNERdaTa cEnTEr

13October 2012

Total electrical consumption has two contributors — the power consumed by the IT loads, and the power consumed by the support equipments

%Inefficiencies due to configurationThe physical configuration of the IT equipment can have a dramatic effect on the energy consump-tion of the cooling system. a poor configuration forces the cooling system to move much more air than the IT equipment actually requires. a poor configuration also causes the cooling system to generate cooler air than the IT equipment actu-ally requires.

Furthermore, physical configuration may force various cooling units into a conflict where one is dehumidifying while another is humidifying, a typically undiagnosed condition that dramatically reduces efficiency. The current trend of increas-ing power density in new and existing data centers greatly amplifies these inefficiencies. These con-figuration problems are present in virtually all oper-ating data centers today and cause needless energy waste. Therefore, an architecture that optimises the physical configuration can dramatically reduce energy consumption.

conventional legacy data centers operate well below the efficiency that is possible using proven designs incorporating readily available power and cooling equipment.

One key finding is that purchasing high-efficiency devices is not sufficient to ensure a high-efficiency data center. an architecture and strategy that uses such high-efficiency equipment in an efficient man-ner, and reduces over-sizing, is just as important as the efficient hardware itself. When high-efficiency equipment is combined with an effective architec-ture, savings of 40 percent of the total electrical power of the data center are possible when com-pared with conventional designs.

40Power

saving is possible in data center

by using effective

architecture

Inefficiencies of the cooling equipmentEquipment such as air handlers, chillers, cooling tow-ers, condensers, pumps, and dry coolers consume some power while performing their cooling function (that is, some of their input power is dispersed as heat instead of contributing to the mechanical work of cooling). In fact, the inefficiency (waste heat) of cooling equipment typically greatly exceeds the inefficiency (waste heat) of power equipment.

When cooling equipment is doubled for redundancy or when the equipment is operated well below its rated power, efficiency falls dramatically. Therefore, an increase in the efficiency of the cooling equipment directly benefits overall system efficiency.

Power consumption of lightingLighting consumes power and generates heat. The heat generated by lighting must be cooled by the cool-ing system, which causes the air conditioning system to consume correspondingly more electrical power, even if the outdoor temperature is cold. When lighting remains on when there are no personnel in the data center, or when unutilised areas of the data center are lit, useless electrical consumption results. Therefore, increases in the efficiency of the lighting, or control-ling lighting to be present only when and where need-ed can help improve overall data center efficiency.

Over-sizingOver-sizing is one of the largest drivers of electrical waste, but is the most difficult for users to under-stand or assess. Over-sizing of power and cooling equipment occurs whenever the design value of the power and cooling system exceeds the IT load. This condition can occur from any combination of the fol-lowing factors:•TheITloadwasoverestimatedandthepowerand

cooling systems were sized for too large a load•TheITloadisbeingdeployedovertime,butthe

power and cooling systems are sized for a future larger load

•Thecoolingsystemdesignispoor,requiringover-sizing of the cooling equipment in order to suc-cessfully cool the IT load

daTa cEnTEr cornerC U S T O M P U B L I S H I N G

BROUGHT TO YOU BY

Data Leakages: Natalya Kaspersky, CEO, Infowatch stresses on the need to have a multi-layered protection

Data leakages are becoming increasingly common.

Experts suggest that since most of these cases are highly targeted attacks, there is little firms can do about avoiding them. Your views.That’s a wrong approach. If you do not protect your confidential informa-tion at all you will be the first target of the malefactors and all your sensitive data will leak! That will inevitably bring reputational losses as well as huge damage to your business. Remember the June incident with Samsung and LG when some of their confidential technologies have been stolen and smuggled out of their man-ufacturing plants by employees of a subcontracted firm? It is likely that these pieces of top-secret information have got into the hands of rival TV

makers, wiping out any advantage Samsung and LG had hoped to gain through their R&D investment in OLED television technology!If you stop fighting you will be shot!Butif you care about defense you have a chance to survive.

There are two major approaches to security of confidential data. The first one is drastic and promotes total security that means blocking all the channels of data transfer outside the company. It is highly efficient in terms of security but absolutely unacceptable if we talk about busi-ness processes. Another approach is a multi-layered concept of data protec-tion which includes organisational measures, data classification, access rights management and data leak-age prevention. Many companies do

not understand the key factor of the efficiency of DLP systems and think that DLP is low efficient software. It is only soif the company doesn’t know what information it possesses, what part of it is confidential and should be controlled. The problem is that almost 80 percent of all information in mod-ern companies is unstructured data. That’s why efficient DLP systems should include a “pre-dlp” stage - cat-egorisationof corporate data to define what exact information is sensitive and needs to be protected. It is done auto-manually and includes a big part of consulting. After that the DLP software is installed and starts moni-toring corporate data. All together this gives quite a high result, about 90 percent of efficiency. Though nobody guarantees absolute security.

nataLya KaspersKy | CEO, INfOwatCh

Need for Multi-Layered protection

Natalya Kaspersky, CEO InfoWatch and co-founder of Kaspersky Lab, talks to Varun Aggarwal about how enterprises need to manage new age threats

N a t a l y a K a s p e r s K y | a Q u e s t i o N o f a N s w e r s

15October 2012

The recent case of identity theft of Mat Honanfrom from

Wired.com has brought to fore some of the weaknesses in the cloud security. Since most of the cloud vendors dictate their security terms, what can enterprises do to secure their data in the cloud? Also, what should individuals do to protect their digital identities?As for the companies cloud services are still not widely used though the topic is already 12-years old. The main reason is the problem of IT security in the cloud. The thing is that when you give your data to the cloud services provider the latter operates and stores the data but it doesn’t want to take high respon-sibility for its safety. Provider can only include limited responsibility into the cloud agreement because otherwise it’ll quickly be out of busi-ness. So now when you put your data into the cloud you can mentally say “Goodbye” to it. That’s why few large enterprises use cloud services and SMB companies use them by force to save costs. So my advice to compa-nies is either not to use cloud servic-es at all or to put only non-sensitive data into the cloud which is not very convenient but secure.

As for the home users I would advise people again not to put confidential data into the cloud. And unfortunately, if you still use the cloud than Mat Honan’s case shows us a necessity to make a backup copy of all important information and store it in inacces-sible place which makes the cloud concept senseless.

Companies are choosing to keep mum about their

preparedness for a cyberattacks to avoid undue attention from the hackers. Do you think this is the right strategy to take?If you are talking too much about how you protect your company’s network, what security measures you undertake and what solu-

ture of Indian enterprises is a huge number of employees which means big volumes of personal data and thus higher risk of losses. Nobody knows how efficiently this data is protected. According to The Cost of a Data Breach Study among Indian organisations in 2011 by Ponemon Institute, the average total cost of a breach to an organisation was Rs 53.5 million, with malicious breaches by hackers or criminal insiders being the most expensive type at Rs 4,224 for one compromised record.

What do these numbers say? Let’s take for example two Indian software development enterprises HCL and Infosys which develop custom software. If they face a data leak incident they put at risk not only their own internal information but also the confidential data of their numerous customers. In this case the two companies will suffer grave reputation damage with a high prob-ability of lawsuits.

tions you use than your company becomes vulnerable to attacks. Such transparency may also lead to the reputational damage. On the other hand we see an obvious lack of experience in field of IT security and data protection. Therefore IT secu-rity experts share their experience at specialised IT security events which are many in the world or at numerous web resources where professional matters are discussed anonymously, without the risk of data leakage.

Do you have any India specific details on data

breaches?The topic is evidently kept silent and a rare Indian incident is discussed in the press. Still the problem of data breaches is more than relevant since there are lots of manufacturing com-panies in India and their industrial secrets and intellectual property need protection. Besides the national fea-

there is a lack of

skilled manpower

in the fields of

data security and

data protection

Data breaches

are more

common in

India because

there are many

manufacturing

companies — the

prime targets

the average

cost of breach

in 2011 to a

company was Rs

53.5 million

things i Believe in

“as for the companies, cloud services are still not widely used though the topic is already 12-years old. the main reason is the problem of It security in the cloud”

A Q u e s t i o n o f A n s w e r s | n A t A l y A K A s p e r s K y

16 October 2012

November 8 & 9, 2012 | Grand Hyatt, Mumbai

PA RT N E R S

EMC Forum 2012 is all set to be the biggest IT showcase of the year. It promises to be a storehouse of insightful sessions, cutting-edge technologies and viable inputs from global experts. You can expect to learn why cloud computing and virtualization are key to mastering the new IT realities, and how you can unlock the value in Big Data and

transform your business, your IT and yourself.

ELITE PARTNERS PLATINUM PARTNERS

GOLD PARTNER ASSOCIATE PARTNERSCLOUD SERVICE PROVIDER SPONSORSILVER PARTNER

To Register, Visit www.EMCForum.in

Special Performance by KKMusician & Performance Artist

EMC Transformers Awards Keynote Address By David Lim, Author and Mountaineer

SHOW HIGHLIGHTS

Best ofBreed

Don’t Let IT Hijack the CMS Pg 20

5 Ways to Minimise the Risk of Outsourcing Pg 22

FeaTuReS InSIDe

5 Conditions of the Social Successful Enterprise

The secret to a successful social platform is to establish the conditions for a collaborative culture first By Sonja Shepard 

enterprise social networking (ESN) is the manifest destiny of business communications; connecting a globally dispersed workforce. Yet few organisations make good on the promise of this collaborative technology.

The business case for enterprise social networking is clear: Get the right people and the right information together at the right time, and you have a potent compound for innova-

tion and problem-solving. Add today's globally dispersed workforce to the picture, and collabora-

Ill

us

tr

at

Ion

by

ph

ot

os

..c

om

18 October 2012

tive technologies are all but inevitable.Yet six years after "Enterprise 2.0"was first

coined, few organisations are living the ESN promise. Faced with ESN options like IM, micro blogs, Yammer, and status updates, many workers still favor plain old email and phone. File sharing takes place off the ESN radar, and knowledge remains siloed in dis-crete business applications. What happened to the ideal of frictionless collaboration?

IT analysts think they have an answer: ESN rollouts fixate on networking at the expense of social. In doing so, organisations miss out on the true value of the technology — its power to connect and engage people.

“Most companies approach enterprise social networks as a technology deployment and fail to understand that the new relation-ships created by enterprise social networks are the source for value creation,” said Char-lene Li of Altimeter Group in her February 2012 report, Making the Business Case for Enterprise Social Networks.

It’s all part of the new emphasis in IT on communications media over data-processing tools. Geoffrey Moore’s “systems of engagement” versus the “systems of record,” like CRM and supply chain man-agement software. Engagement, unlike recordkeeping, can’t be implemented by executive fiat. These systems develop organ-ically as the technology integrates into daily work practices. “Social business systems need to be implemented within a context, and that context is the processes that drive the business,” said Moore in his 2011 white paper A Sea Change in Enterprise IT .

The secret to a successful social platform, say IT managers and analysts, is to establish the conditions for a collaborative culture first. Analysts and IT professionals offer a variety of takes on what those conditions are, but the common thread is a flexible and open organisation that allows social-net-worked business processes to emerge from the ground up. Only in this environment can ideas and information flow freely, stok-ing innovation and effective collaboration.

5 conditions for a thriving social enterprise1. Lateral management — Command and control and other regimented, hierarchical approaches to management tend to preempt the productive interactions that collabora-

Respondents linked to the relevant commu-nity of practice saw the request and offered their time, expertise and/or prior work to help move the project forward. IDEO's The Tube functions as a marketplace for form-ing such teams. Team leaders announce and staff an upcoming project using social media tools, referring to designers’ profile pages to browse past work and identify coworkers with skills for a particular job.3. Seamless integration of business technol-ogies — The ideals of open communication and transparency apply to the data systems, too. To be effective, an ESN needs to bridge all of the organisation’s information and communication applications. CRM, CMS, search, file sharing and communications should all happen on an integrated and eas-ily accessible platform.

Symantec’s CRM and social platform operate as one, for example. In addition to integrating account and opportunity management, the company uses the tech-nology for communication-dependent func-tions like pricing, contract approvals, and sharing leads.4. Borderless engagement — “IT systems … have to engage at the edge in a way that they've never had to before,” said Moore. A successful ESN brings together a far-flung network that extends beyond the traditional boundaries of the company, to vendors, partners, outside experts and customers. To enable productive interaction among all these stakeholders, it’s important for business leaders to break down barriers wrought by both security practices and physical distance.

IT executives can influence the success of the borderless enterprise by ensuring that the ESN works on mobile devices, by implementing security measures that bring

“Most firms approach social networks as a technology deployment and fail to understand that the new relationships created by networks are the source for value creation”

tion technologies are designed to promote — dissent, brainstorming, crowdsourcing of ideas, off the cuff remarks, serendipitous encounters, etc. More fundamentally, a top down approach stifles the user's own explo-ration of how the social networking tools can help her do her job better.

A social organisation needs managers who coordinate rather than direct workers, embracing emergent processes. Andreas Scherer, a consultant at Salto Partners and former executive at AOL and Netscape, sees a counterproductive project manage-ment paradigm in place today, in which senior managers conceive the project plan in isolation and impose it on the team. Yet, social networking technology demands and enables the active involvement of the team at all levels, from planning to execution.

“One of the best ways to get a solid project plan is to actually bring people together and talk about the assumptions and the risks,” Scherer said. “The ESN captures all aspects of the project, including some of the con-trarian opinions that otherwise would be swept under the carpet.”2. Dynamic team structure — Enterprise social networking empowers a more dynam-ic, ad hoc formation of teams across the organisation. Workers identify the right tal-ent to help with a project, be it the person in the next cubicle or a teleworker in another time zone. This dynamic, temporary and self-directed team formation helps organisa-tions optimise their resources and respond more quickly to changing market forces.

David Thomas tells the story, in The Exec-utive’s Guide to Enterprise Social Media Strategy, of an Accenture director who was able to quickly marshal a team of experts and existing knowledge assets by putting a call out on the company's social network.

19October 2012

s o c i a l n e t w o r k s | B e s t o f B r e e d

everyone — even those on the periphery — into the fold and by resisting the temptation to censor what can be said and exchanged on the ESN.5. Aligned incentives — Man-agers can shape incentives to promote the desired use of the ESN. Too often, explains Analyst Tamara Erickson, com-panies install social networking technology in such a way that the technology adds work for employees. The implication is that workers should do their jobs and spend time sharing ideas.

Instead, managers can position the sys-tem so that it empowers and rewards users.

Want employees to get involved with the system? Integrate it with business pro-cesses, so it offers direct value in their daily

jobs. Let users determine how the tools help them do their jobs better.

Want users to invest time sharing and recording their knowledge within the system? Create a culture that prizes knowledge sharing and include this virtue in performance assessment. UX expert Greg Nudelman has seen social enterprises use a peer-based

“helpfulness” index to evaluate employees based on their involvement in the network.

Want to make the most useful contribu-tions and experts the most visible? Imple-ment a simple, easy-to-use rating system for content and people. A voting function (thumbs up or down) and a trending fea-ture broadcasting recent threads relevant

to the user's interest group are among IT consultant Joseph Lukan’s recommenda-tions. “The tool needs to have the ability to consolidate opinions or thought.”

BASF incentivised employees to use their social network by letting their daily practices shape the network. For example, senior managers didn’t define interest groups in advance, but let users build communities of interest as the need arose.

ABI Research expects the enterprise social collaboration sector to grow from $1 billion in 2012 to $3.5 billion by 2016. Yet many organisations still need to connect the dots between the technology and the community it serves. — This article has been reprinted with permis-

sion from CIO Update. To see more articles

regarding IT management best practices, please

visit www.cioupdate.com.

4thindia has emerged as the fourth largest

android market gloBally

past, marketing has relied on IT to publish content for them, but tech-nological advances have fostered an online ecosystem where informa-tion is disseminated rapidly and in real-time, putting marketers in the driver’s seat of website management.

Consequently, marketing teams and other non-IT personnel have a vested interest in choosing a CMS that allows them to quickly update or publish content. Marketers need a CMS that makes it easy to respond to industry news, share opportunities and other events in real-time — without having to depend on IT to mediate the content management process.

IT departments, on the other hand, generally prefer a CMS platform that integrates smoothly with the corporate intranet and the rest of the company’s IT environment. As a result, IT departments elect to go with CMS solutions with an existing foothold in the company’s IT ecosphere, even though those CMS solutions significantly ramp up the pain cycle for the marketing team.

Since IT and marketing teams have different goals, IT-driven CMS

Don’t Let IT Hijack the CMSTo deliver value, CMS selection needs to be performed across multiple units and divisions By John Fairley

in today’s digital age, the ability to provide high-quality content immediately on a 24/7 basis can give companies a significant competitive advantage; especially from a marketing perspective. However, it is difficult for marketers with little or no information technology background to publish information quickly, if at all,

when they don’t understand how to use their company’s content man-agement system (CMS).

Although IT clearly has a stake in the CMS platform, it’s a big mis-take to let IT monopolize the selection process. To deliver real value to the organization, CMS selection needs to be performed across multiple units and divisions — and in many cases, marketing (not IT) should have the loudest voice about the CMS platform that is ulti-mately chosen.

Common issues in CMS selectionThe evolution of CMS technology has enabled marketing teams to play a more active role in the content management process. In the

20 October 2012

B e s t o f B r e e d | m a n a g e m e n t

selection processes almost always result in solutions that are familiar to IT, but don’t necessarily align with marketing’s workflows and mes-saging requirements.

Initially, IT departments may chafe at relinquishing control over the company’s CMS platform. But by empowering marketing during the CMS selection process, information executives minimise marketing’s dependence on IT and create an agile information environment capa-ble of delivering lightning fast messaging that characterizes growth-minded companies.

A better CMS selection processA well-executed CMS selec-tion process takes into account the needs and desires of both marketing and IT, creating a content management environment that has been optimised for those who are responsible for publishing content as well as those who are respon-sible for providing technical support.

Achieving a balanced selec-tion process isn’t easy, but it begins with conversations about content management goals. Everyone who has a stake in the CMS (IT, marketing, finance, etc.) should have the oppor-tunity to define usage scenarios and other requirements that need to be addressed by the organisation’s CMS platform.

In an ideal world, the selection process would be highly collabora-tive and would generate consensus around required features and functions. But the competing interests of IT (familiarity, technical support) and marketing (ease of use) aren’t necessarily conducive for consensus building, especially when it comes to the granular features available in various CMS solutions.

Using CMS goals as a baseline, a more practical alternative is to allow stakeholders to have greater influence over the features and functions that are relevant to their workflows and desired outcomes. This is where the divergence between IT and marketing becomes apparent because when it comes to features that allow users to quickly publish or update content, marketing should have the deciding vote, not IT.

If marketing is excluded from the decision process, CMS features that are critical to the successful execution of day-to-day or long-term marketing initiatives may be overlooked. For example, many advanced CMS capabilities can feed information directly to social networks and even manage and measure the effectiveness major ongoing marketing campaigns by tracking email open rates, provid-ing campaign-specific analytics on landing page visits, scoring pros-

pects based on their behaviour on a site, and monitoring website conversions across the organisation’s main and microsites.

A robust CMS tool even offers information about the people who visited a particu-lar site but took no action, thereby creating a list of prospects for the sales force to follow up on. It can also classify leads by geography and feed them directly into sales databases, assigning them to a specific representa-tive in a given territory.

It’s important to note that in some cases, IT doesn’t need to be involved in the CMS selection process at all. Depending on the situation and system requirements, it

can be more affordable and practical for the marketing team to out-source content management to an externally hosted solution provider.

Maximising the value of contentSmart marketing teams know that it’s impossible to separate good content from good content delivery mechanisms. Since many of today’s content management solutions are designed to help market-ing teams and other stakeholders manage content directly, without the assistance or mediation of IT, it’s important for information executives to give marketing a greater role in CMS technology selec-tion. Put simply, a CMS selection process that ignores marketing will handicap the organisation's marketing efforts.

— This article has been reprinted with permission from CIO Update. To see

more articles regarding IT management best practices, please visit www.

cioupdate.com.

Achieving a balanced selection process isn’t easy, but it begins with talks on content

Ima

ge

by

ph

ot

os

.co

m

m a n a g e m e n t | B e s t o f B r e e d

5 Ways to Minimise the Risk of OutsourcingIt is time to rethink the decision-making process related to outsourcing along the following lines By R Dorairaj

in an ideal world, companies that effec-tively leverage the global delivery model stand to gain in several areas, ranging from cost advantages to access to talent to the ability to innovate rapidly.

However, outsourcing to another entity in another country where the culture, legal framework, language and commercial contexts are very different from one’s own, tends to increase the perception of the risks. While distance makes the heart grow fonder, it does make the risks seem larger. Partner selection and how you engage with the partner are the two fundamental aspects of managing outsourcing risks.

Traditionally, assessments of partner capa-bility, size, financial stability, track record, references and perceived ease of working together were the criteria for choosing a partner; while in-house capabilities and con-fidence in the partner were prime factors in determining the model of outsourcing. The assumption was that if the partner was stable, then the risk would be the aggregate of the individual project risks and that these can be tackled in a tactical manner.

While this model has its merits, it tends to distort the decision criteria, leading to an uneasy relationship that could become an

Ill

us

tr

at

Ion

by

ph

ot

os

.co

m

Structure your contracts that improves your costs year- on-year, but think of partner risks in terms of the partner's ability to recover from project crashes and deliver.

22 October 2012

B e s t o f B r e e d | o u t s o u r c i n g

increasing burden for both parties. There-fore, I believe that the time has come to rethink the decision making process:

Strategic position: What is the industry in which you operate? Are you in a crowded market place looking to eke out a few basis points of profit over competition, or are you in the rather nice position of being able to command premium pricing due to your differentiated offerings? The truth, usually, is somewhere in the middle. Based on your competitive position, choose your partner. If most of your business is commoditised and you are looking for some cost leadership, then go with a partner who can bring in efficiencies (over and above cost arbitrage). Structure your contracts in a manner that improves your costs year-on-year, in an aggressive manner, but think of partner risks in terms of the ability of the partner to recover from project or programme crashes and deliver. However, if your competitive position does not demand focus on costs as much as building for the future, then you can choose partner(s) with track records that showcase greater capability, rather than their capability to reduce costs.

Your learning needs: Are you an organisa-

tion that needs to learn to con-tinuously to retain market posi-tion? Are you in a place where you are constantly under threat from competition’s innovation? How much of your IT needs to be in step with the business in learning and innovating? Again, the answer these ques-tions not only determine your partner selection, but also the extent to which you are willing to outsource and the commercial model of engagement.

Recoverability: How quickly can you recover from a bad choice of partner or engagement? While legal protections should exist, they can neither guarantee suc-cessful execution nor can they ensure that things can be recovered without significant impact on business. Evaluate your eventual dependence on the partner — and the costs of having critical internal knowledge outside your organisation. Calibrate your engage-ment model accordingly. Depth of partner management: While it is definitely an ego-boost to have the CEO or senior executives of your partner company promising to be

available to you for any issues, explore if there are people on the ground empowered to take decisions. Try to gain an under-standing of the firm structure and see if the people who are immediately above the partner people in your engagement are capable and empowered.

Your roadmap: Do you have a technology roadmap laid out? Is your enterprise architecture

in place? If so, look for partners who have made a commitment to the technologies that are part of your roadmap and your enterprise architecture choice. If you have, for example, chosen J2EE as your basic tech-nology, then there is little merit in choosing a partner who has a larger number of people and investments on the Microsoft Technol-ogy Stack. —Ramesh Dorairaj is vice president of IT and

product engineering services company at con-

sulting firmMindTree.

— This article has been reprinted with permis-

sion from CIO Update. To see more articles

regarding IT management best practices, please

visit www.cioupdate.com.

$28bnwill Be the amount spent on Big data gloBally in the

year 2012

India Enterprise Mobility SurveyThe concept of enterprise mobility has evolved to become one of the most promising and powerful business technologies of this decade

mobile devices such as smart-phones can no longer be called items of personal luxury. Today, they have emerged as an office necessity on the back

of strong enterprise mobility currents that have created unprecedented ripples in the business world. Over the past couple of

years, the concept of enterprise mobility has evolved to become one of the most promis-ing and powerful business technologies of this decade.

The immense popularity and high demand for wireless mobile devices such as tablets a nd smartphones has redefined enterprise mobility and made it necessary

for the success of any and all businesses. Well-planned and carefully implemented mobility within any organisation enhances enterprise effectiveness, efficiency and responsiveness manifold, as it helps provide the right data, in real time to the right per-son or place.

Today, businesses across industries and

23October 2012

m o B i l i t y | B e s t o f B r e e d

of various sizes have embraced such mobil-ity within their enterprises to reap rich dividends of cost and time savings. The invention of creative, helpful applications and intuitive software has only served to take this mobility renaissance deeper into the very heart of how business is conducted, with most business departments and verti-cals now creating mobile initiatives as part of their own growth and expansion strategy.

It is proven beyond doubt that companies and businesses using such strategy-oriented enterprise mobility solutions, have seen numerous benefits ranging from lower TCO to better customer interaction, opera-tional efficiency and brand image. However, such enterprise mobility models have also brought in their wake a new set of chal-lenges and issues pertaining to IT security, compliance, management, maintenance and deployment. Primary among such con-cerns is the feasibility and safety of allow-ing employees to carry their own mobile devices, to and from office.

Mirroring the growing international concern and debate over the consequences of Bring-Your-Own-Device (BYOD) move-ment, this survey attempts to find a way forward. It tries to answer hard questions such as should employees be allowed to get their own mobile devices to office? Should employee-owned devices be allowed on enterprise networks? And if so, should there be a cap on the office data, applications and services they are permitted to access? How should any company’s IT infrastructure support mobile applications?

The results of the survey show that despite there being tough competition in the market, BlackBerry remains the preferred smartphone of CEOs and CIOs in India, as it scores well on security, application and cost. Another important find of the survey was that there has been a sea change in the way CXOs think about mobility. This para-digm shift is visible in the fact that many of these mid-sized enterprise leaders have already put in place a mobile management strategy and most others are planning to put one in action in the coming 12 months.

Smartphones working to carve a niche within office spaceSmartphones have carved a niche for themselves within office. Carrying your

Does your company plan to deploy Mobile Device Management solution to manage multiple smartphone platforms? If yes, within what time frame?Plan to deploy Mobile Device Management solution (%)

38%

26%

15%

Within 24 months

already has

not sure

Within 12 months

21%

own smartphone to office is fast becom-ing an accepted norm with 32 percent of enterprises already having between a tenth and a quarter of their employees carrying one or the other kind of such smartphone to office.

While in 23 percent of the companies this figure stood at less than a tenth and in anoth-er 23 percent it stood at more than a half, these figures show that smartphones are well on their way to carving a niche within offices, especially in mid-sized companies.

Indian employers sceptical about allowing personal smartphones into officeWhile most mid-sized Indian enterprises are undergoing the mobility revolution, almost 62 percent of such companies are sceptical about the use of personal smart-phones in office, and perceive them to be a potential security risk. This is in line with international concern over bringing your own smartphone to office. The survey found, a small open minded minority, of 27 percent, who were comfortable with the idea of smartphones invading their office space.

Mobile device management solutions catching onKeeping these security issues in mind, almost 51 percent of CIOs and business heads surveyed said they had a mobile device mangement (MDM) solution in place to manage multiple operating systems/ ver-sions of employee owned smartphones.

However, a close number, 47 percent had no such MDM solution or strategy yet. However, this is not to say these organisa-tions are not working on one, or don’t feel the need for such a MDM solution.

Plans to implement Mobile Device Management solutions considered urgentSince Indian enterprises are not com-pletely unaware of the threats and dangers posed by smartphones, 38 percent of the companies surveyed plan to deploy a MDM solution to manage multiple smartphone platforms within the next 12 months, while 21 percent have already put one in play. This means that almost 60 percent of the enterprises surveyed understand the need and urgency of implementing such MDM solutions. However, 31 percent are still undecided on their MDM deploy-ment strategy.

Security, application management and cost top considerations while selecting a smartphone platformChoosing a business smartphone requires a bit of thinking, as not all smartphones can help you with your work related duties. Also, both as an employer and employee you would want to choose a device that helps boost your productivity, while reduc-ing cost and time spent. Smartphones are all about multi-tasking and hence the smartphone you buy would need to double up as a small laptop at best. Not surprisingly

24 October 2012

B e s t o f B r e e d | m o B i l i t y

then, 64 percent of the business leaders surveyed said that their top consideration while selecting a smartphone platform was security, while 53 percent said it was the applications it supported, and a close 51 percent said the deciding factor was cost. For another 51 percent, device manage-ment capabilities were an equally important consideration, while half the enterprises surveyed felt that the operating system of the smartphone mattered a lot too.

BlackBerry the best equipped & preferred Smartphone PlatformBased on the above findings, it was realised that among the various smartphone plat-forms available in the Indian market, Black-Berry was the best equipped to be brought into office. Seventy eight percent of our participants voted in favour of BlackBerry, while Android emerged as the second most preferred smartphone with 55 percent votes and iOS came third with 33 percent finding it the best smartphone option.

Participation specificsThe survey received responses from CIOs from different industries, with most industries being fairly well-represented. The Manufacturing industry was the lead contributor, with 33 percent respondents belonging to the sector followed by other services (21 percent) and the Finance/banking/insurance sector (19 percent). Business heads from companies of differ-ent sizes – from large to medium to small, participated in this survey. However, 66 percent of the responses have come from CIOs of mid-sized companies, with over 1,000 employees. The organisation size has been segmented according to the number of employees per enterprise for the purpose of this survey.

While various senior business and department heads had been contacted and requested to participate in the survey, lead-ers and CIOs in decision making capacity on smartphone purchases for their respec-tive companies were specific targeted for their in-depth and practical knowledge on the same. Thus, 41 percent of the survey respondents fall in that bracket, while a close 39 percent play the role of an ‘influ-encer’ in their company’s smartphone buy-ing strategies.

ConclusionWhile strategically planned and executed mobility within an enterprise can offer numeorus dividends across the board, sim-ply unleashing it on an enterprise can do the exact opposite, compromising your com-pany’s security. To harness the full potentail of such mobility, enterprises need to invest time, money and skills in developing cus-tomized MDM solutions and strategies for their enterprises, so both the employers and their employees can then make the most of the advantages offered by mobile devices such as smartphones.

While developing the mobility adoption strategy for their respective organisations, the key considerations of business and IT Heads are related to data security, man-agement of disparate mobile end points, reliability, flexibility and scalability of these devices and solutions. Even though CIOs and business heads are waking up to the numerous advantages and challenges posed by the onslaught of smartphone technology into office space, more needs to be done in

terms of building support and safe infra-structure.

While a cursory glance at the survey shows that Indian enterprises are as of now ill-equipped and lagging behind their international counterparts on ways and means to handle the resultant threats and risks of smartphones, a closer look reveals that Indian enterprises are slowly but surely catching up and realising the importance and urgency of putting in place customised and innovative MDM solutions.

In the end, the survey proves that there are indications that mobile devices are only going to become indispensable to the way business is conducted and carried out. To manage the risk and dangers accompany-ing this slow but steady movement, Indian companies are taking proactive steps designed to monitor and manage the usage of such smartphones, and opting for the safest and most reliable of smartphones such as the BlackBerry, for use within the realm of office.

“38 per cent of the companies surveyed plan to deploy a MDM solution to manage multiple smartphone platforms within the next 12 months”

— Supported by RIM

Ima

ge

by

ph

ot

os

.co

m

25October 2012

m o B i l i t y | B e s t o f B r e e d

thetrailbIT leaders at Essar lend the power of technology to its group companies for evolving into best-in-class businesses that can compete with global champions by yashvendra singh

design shokeen saifi imaging peterson pj photos jiten gandhi & zafar

lazers

C O V E R S T O R Y | T h E T R a i l b l a z E R S

28 October 2012

by AtAnu KumAr DAsDesign by shoKeen sAifi imAging Peterson PJ

lazers

Few Indian companies have leveraged IT the way Essar Group, a $27 billion multinational conglomerate, has done it. For instance, Essar Steel, a part of the diversified business group, manufactures about 10 million tonnes of steel

per annum with 5000 employees. Tata Steel, on the other hand, employs 25,000-35,000 workers to get a marginally higher output. The difference lies in the levels of auto-mation in the two companies. Essar has maximised the use of IT to bring in high levels of automations, thereby reducing dependency on human capital.

Similarly, another group company, Essar Oil, has harnessed the power of IT to bring in higher levels of efficiencies.

By implementing solutions such as RFID, truck tracking etc, the company has been made a positive difference to an important process called the Truck Turnaround Time — the time taken a by a truck to come inside the refinery, refill, complete all formalities, and leave the premises.

While earlier the trucks used to take a lot of time, they now enter and leave much faster.

Leading from the front, C N Ram and Jayantha Prabhu, the Essar Group CIO and CTO respectively, have transformed the conglomerate into a tech-savvy entity where IT is integral to business

These are just two of the many instances of how IT is transforming business at Essar.

The credit for this transformation of the Group into a technology-hungry corporate goes to the duo of C N Ram, the Group CIO and Jayantha Prabhu, the Group CTO. The two have exhibited true leadership qualities in their respective roles.

IT at the High SeatAs Ram says, “IT is an integral part of Essar’s business. By deploying innovative IT solutions, we have been able to derive several tangible benefits from IT. By proving itself, IT has been able to command a seat at the high table. The CIOs of different verticals are today a part of Esaar’s execution committee board.” Ram himself is a part of the management committee.

A true leader realises the importance of innovation to the growth of any business. In keeping with this line, Ram has established a process for adopting new and inno-vative technology.

Says Prabhu, “There is a dedicated team that takes care of new technology and innovation. This cell is

essar: the

multinationaltechnology-hungry

C O V E R S T O R Y | T h E T R a i l b l a z E R S

30 October 2012

“There is a dedicated team that takes care of new technology. This cell is responsible for exploring several new technologies that can be mapped later with business.”

“There is a dedicated team that takes care of new technology. This cell is responsible for exploring several new technologies that can be mapped later with business.”—C N Ram the Group CIO, Essar Group

responsible to explore several new technologies that can be mapped later with business requirements after their thorough evaluation process.

While this cell also work with several other SME teams within CTO office, collaboratively, as a team works hand-in-hand with top notch leading technology providers such as SAP, Microsoft, HP, Cisco, IBM, Juniper etc. A Technology Committee Meeting is held every fortnight with business CIOs and portrays new technology map-ping with business requirements.”

Detailed POC/DEMO results are also shared during this meeting. Appropriate business buy-in gets approved in this forum. Later, detailed business case, alignment with Essar Group Enterprise Architecture that directs the strategy and technology road map with return on invest-ment (ROI) and total cost of ownership (TCO) is proposed to senior management for final approval, post which the rollout of such technologies takes place.

The other important hallmarks of an enterprise technology leader are an emphasis on transparency and a collaborative approach. Ram and Jayantha have ensured that there is complete transparency while procuring any new technology.

“It is evident that business CIOs/representatives should be involved when the technology is hunted and proposed to business at the primitive stage. This is essential so that the solution mapping gains complete clarity and achieves completeness to a larger extent. We arrange several such structured meetings/conferences/forums within the organisation. Adequate buy-in is required from business and that can be achieved only through due and appro-priate connectivity with business CIOs/leaders time-to-time,” says Prabhu.

Another initiative that Ram has taken aids in providing IT solutions to solve business problems through project design and solutions from the CTO office.

“We have defined business engagement from the CTO’s office with each Essar Group business vertical such as Steel, Oil, Power, Projects etc. During defined meetings, business problems are shared by business CIOs, which in turn are deliberated within CTO leadership team for solution mapping. While criticality is the factor raised by business, Prabhu decides the technology and proposes to business,” avers Ram.

According to Prabhu, through his leadership, Ram has played a key role in shaping Essar’s IT strategy.

“The success of IT in Essar is because of several rea-sons. Firstly, there is a lot of push from the top manage-ment. They are hungry for the latest technology. Secondly, the mentoring and freedom that we get from Ram is very useful. Ram is application-focused, which very few CIOs are. Whenever I get stuck somewhere and approach him, he immediately gets to know what is right and what is wrong,” he says.

“Ram has also been instrumental in starting vendor

engagement. We have strong relationships with Polycom, SAP, IBM and other vendors. We do lot of beta testing for our vendors and are a reference customer to them. This has not only strengthened our rapport with the vendors but has also enabled us to get favourable licensing terms,” says Prabhu. Essar’s IT department is currently testing Avaya India’s ACE platform.

The fact that Ram and Prabhu are team players is reflected in the fact that in the last three years, there has been zero attrition from the company’s IT department.

“We take care of their personal and professional needs. It is not a boss-subordinate relationship. We showcase and give due credit to our team,” says Prabhu.

Technology LeadershipEssar has taken major IT initiatives in the last six months. These initiatives have focused on emerging or new tech-nologies along with a strong business rationale behind each initiative. Some of these initiatives includeVirtualisation: Essar Group has taken a mammoth leap towards desktop virtualisation by adapting Citrix VDI technology.

Currently the group has clocked 3000 desktops/laptops virtualised with an end target of 14,000 within a span of year. While the group is not new to server virtualisation technologies such as VMWare, HyperV etc, IBM AIX based virtualisation has been one of the unique starts up that host SAP production for its group HR module. This initiative is under implementation.

t h e t r a i l b l a z e r s | C O V e r s t O r y

31October 2012

Tech That Complements Business: Jayantha Prabhu, Group CTO, Essar, has deployed cutting edge IT that delivers strong business value

The key drivers behind Virtualisation are to gain maxi-mum efficiency, lesser turn around time to fulfill business requirements and save cost. Through various server virtu-alisation technologies,

Essar has already realised energy saving of almost around 70 percent, reduced around 150+ standalone serv-ers, reduced 25+ racks within its data centers and has also resulted into releasing critical floor space for further scal-ability and expansion.Cloud Technology: A step ahead of others, Essar plunged into public cloud with Microsoft Azure and Sucessfactor. The Group now plans to take the Azure journey through the second phase wherein it will take six to eight more applications to public cloud.

The Group is an early adaptor of public cloud services. Cloud currently has resulted into Essar saving around 60 percent of its operating cost by migrating two of its appli-cations over public cloud as against a dedicated infrastruc-ture based out of its native Data Center. SAP Hana: Essar Group recently decided to implement SAP Hana—the latest in-memory computing technology being offered by SAP. Essar claims this to be the first of its kind deployment in India and very few across the globe.

The Group intends to derive faster SAP responses through this technology thereby driving business operational with relative better speed and cut down earlier operative timeframes resulting into enhance business productivityJuniper Junos: Essar has associated itself with Juni-per whereby it assures secured mobility over Junos client offered by Juniper.

With secured mobility being the key driver behind this initiative, Essar has already started its implementation within the group.

Sybase Afaria: This initiative fuels Essar Group distinct intention towards embracing bring your own device (BYOD) — a service that will allow its end users to carryout business operations over their personal devices. Afaria solution within its initial phase will encompass most of the mobility devices such as tablets,

smart phones and latpops for around 2000 selected end users.

The group has promising plans to expand this spectrum to a major segment of its end-user base in the coming years.

According to Prabhu, the IT department has ensured such seamless communication that “it is possible for the CEO, even when he is traveling in his jet, to get a high quality video and audio communication.”

The Road AheadAccording to Ram, it took him and Prabhu three-four years to standard the technology at Essar.

“There were multiple policies and processes. However, technology is now standardized, which has made the inte-gration of IT easy,” he says.

The last one year has seen a lot of new technologies being deployed by Essar. Over the next one year, the IT department intends to consolidate.

“The next one year will see consolidation and maximisa-tion of our existing assets. We will continue doing a lot of end user training. We are also convincing respective verti-cal CIOs to use business technology available you should use it.

Given the global slowdown, Essar’s IT budgets for the next year would be pruned. However, the duo is happy with it.

As Prabhu says, “We had a budget of Rs 400 crore last year, of which 40 percent was spent in opex and 60 per-cent in capex. Traditioanally, it is the reverse but we had several new implementations last year.”

“The next year’s budget would be around Rs 150 crore. However, we don’t have an issue because we don’t have the typical 80:20 (80 percent budget for maintenance and only 20 percent for new implementations) ratio. This is because we don’t have to push for new deployments. The demand for new deployments comes from the top man-agement. They travel a lot and whenever they face any challenge they come back to me and say that they want something to overcome the challenge. We, therefore, get funds as and when required,” sums up Prabhu.

“It is evident that business CIOs/representatives should be involved when the technology is hunted and proposed to business at the primitive stage”—Jayantha Prabhuthe Group CTO, Essar Group

t h e t r a i l b l a z e r s | C O V e r s t O r y

33October 2012

What does being the Group CIO of a $27 billion conglomerate mean to you?

Being the CIO of the Essar Group means a lot of things to me. I have the ability to condition the response of IT to a variety of businesses – oil, power projects, retail, telecom. Essar is a very diverse group with a variety of interests and expectations. My main role as the Group CIO is to mentor CIOs handling different business verticals and to also to set standards governance models for the company on how to align IT with business. I am involved at the strategic level and not too involved in the operations.

Being the top technology decision maker for the Essar Group, what are the top priorities for you?

The main priority for us is to bring about a standardisa-tion of our IT infrastructure. Essar is a multi-national organization and it is very important to provide a seam-less working experience for people working from any-where. To facilitate such an experience, it is important to enable roaming on office just like you enable roaming on BlackBerry. We have, therefore, put a lot more focus in ensuring this. For instance, our top management, travel-ing on private jet, can reach anybody anywhere on earth. This call is free as you don’t pay anything extra to telcos. The idea is to try and get a predictable and available infra-structure. We are a communication-hungry organisation. We probably have the largest base of video conferencing equipment. We have 40 video conferencing rooms in this (Mumbai) office.

The other priority is monitoring and monetizing of IT assets. Once you have the IT infrastructure deployed,

internal vigilance is what is needed. Every two years, there is a huge refresh in technology and the challenge is to maximise asset life. We evaluate a lot of things before we plug into a technology but it helps that our finance people have their heads on their shoulders. We go in for a new technology only if by an incremental use of technology, there are much better returns and benefits.

After taking over from the previous CIO, what changes have you brought in the IT department

in Essar?During the earlier incumbent’s tenure, the development team was an extension of the CIO team. The problem with this arrangement was that the CIOs of different verticals would get bogged down with day-to-day issues of technology. When I took over, I made a clear differentia-tion between the CIO and the development teams. As a result, CIOs now focus on business and don’t have to bother about the routine drudgery of technology -- secu-rity, monitoring, and architecture.

A Group CIO’s role is much more aligned to gover-nance. If he has a good team, he can focus on the gover-nance framework, while the respective vertical’s CIOs can work to align technology with their respective busi-ness verticals. They will become interpreters of technol-ogy into business. By disassociating CIOs from the devel-opment team, I have managed to create the environment for them.

I also set up the office of CSO. It was time that we decid-ed on the overall security posture that we need to take and what operational support was need to be taken.

In a conversation with CIO&Leader, C N Ram, Group CIO, Essar, talks about his challenges and plans for the multinational conglomerate

“we want to make IT a way of life”

C O V E R S T O R Y | T h E T R a i l b l a z E R S

34 October 2012

Priority for Essar: The main priority for

us is to bring about a standardisation of our IT

infrastructure

I have also set up an in-house studio. We have started to record videos of top management and sending them across internally. It is lot more immediate with a lot more impact.

What major challenges have you encountered so far in your professional journey in Essar?

There were not many challenges. The people are good and I inherited a good set up. I just had to refocus on some aspects. The bottomline is that we want to make IT a way of life in Essar. The one thing I had to focus on was not to deploy technology not for the sake of technol-ogy. It had to align with business to get true benefits. The second issue that I had to focus on was to measure quan-tifiable benefits of technology. For this, we have started to make a lot of videos for our in-house channel. This would help gauge how new technology implementations are benefiting people.

Yet another issue is to ensure the security of our data, which is sacrosanct. With consumerisation of IT happen-ing fast, employees expect access to all applications on their personal devices. If they don’t get it, they feel that the IT is not ready. I feel this is another area where we need to focus.

How is your relationship with your top management?

I am a pat of the monthly management committee meet-ings. Mr Ruia drops in at lunch and discusses freely with

me. As against other CEOs who are not too clued into technology, we have to tell Mr Ruia not to go too fast on technology. He is very technology savvy and a lot of sug-gestions come from his side.

What major technology decisions have you taken in Essar?

Last year, we entered into enterprise agreements with Microsoft and SAP. Going forward, we have decided to partner with vendors a lot more. We hold weekly and monthly meetings with CIOs on what we doing with these vendors.

We have done a lot of work on cloud. Unlike other big corporates, we have a common IT layer for every compa-ny. This is a much more cost effective way of functioning and helps us negotiate with vendors better.

We have derived a lot of value from the technology we have implemented, be it from SAP or cloud whereon we have put our HR Performance Management tool.

What are your future plans?People processes and technology make up IT. IT is

a tool and business has to use it to become better. The real focus from our side would, therefore, be on how to migrate people on new technologies. The real achieve-ment is when technology is internalized.

We want IT to become advisor for business. This will not happen overnight but we are slowly building this confidence.

We want IT to become advisor for business. This will not happen overnight but we are slowly building this confidence.

C O V E R S T O R Y | T h E T R a i l b l a z E R S

C&L S

ECTIO

N

“Leadership is not about titles, positions

or flowcharts. It is about one life

influencing another.”

—John C. Maxwell

36AOctober 2012

SpECIAL

LEAdErShIp SECTION

C&L S

ECTIO

N

36B October 2012

CIO&LEADER This special section on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:

An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm

The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership

This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors

Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each other’s strengths and weaknesses, opine on each other’s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests

Featuring a top CIO/Technology Company Head and the best guidance/recommendation he received with respect to his personal or professional growth. The advice could relate to dealing with people, managing personal finance, and balancing work and life

A one-page review of a book on leadership

TOp dOwN ME & MY MENTEE

MY STOrYLEAdINg EdgE 4138

37 4548

51

ThE BEST AdvICE I EvEr gOT

ShELF LIFE

I N T r O d u C T I O N

Making Open Source WorkVishwajeet Singh, CIO, Epitome Travel Solutions, shares his experience of using open source to save costs for the company

come with a platform that will be not only unique but will have a different customer experience.

In about a month, we were able to come up with an initial setup format and the best part was we were able to save more than 40 percent of what we would have spent if we would have used proprietary software. Since we were a new company, it was extremely important to understand the financial constraint and once I was able to achieve what I had promised to the management, they garnered more con-fidence in me and allowed me to deploy IT solutions according to my ways.

Being the head of the IT department, one of the key things that was always in my mind is to make IT as a profit center for the organisation and come up with innovative ways of how by using IT in the right manner, we can reduce the costs of the company.

Today, I have virtualised 100 percent of the data of the company and we are utilising 90 percent of the resources in the open source platform. I was also more concerned that since open source is a complex platform, I have to deploy solutions in a manner that can be used by IT professionals who are not so much equipped with open source knowledge. — As told to Atanu Kumar Das

EpitomE Travel Solutions is a fairly new company which started in February 2011. We had decided then that we will not go to the market if we do not have a unique product of our own. We knew that there are so many travel companies in India, and if we wanted to succeed we have to do things in a different way.

I was given the free hand in terms of coming up with IT solutions that will enable us go to the market and attract customers. I knew that I had to come up with solutions that will not only be easy to use but also have a large shelf life. After much deliberation, I had a long discussion with my IT team and we decided that we go for open source technology and not proprietary software. We knew that it was not going to be easy and we also didn't know how much time we will need to come up with a platform that will be customer-friendly. But once we started off, we were confident that we will be able to

Top DownVishwajeeT singhCio, epiTome TraVel soluTions

37October 2012

Sandeep Phanasgaonkar, CTO, Reliance Capital, in con-versation with Abhishek Raval, says leadership has the ability to make a positive impact on customers

Sandeep Phanasgaonkar is President & Chief Technology Officer for Reliance Capital. Sandeep has extensive experience in applying IT solutions to finance, banking, BPO and ITES.

How has your thought process changed from the early days of working as a project manager

of the computerisation task force at SBI to now, as President, CTO of a conglomerate of five companies viz. Reliance Capital? After taking leadership positions, one starts realising about the profound impact of the decisions taken on employees, business, society, partner organisations and customers.

The leadership effectiveness is measured on this impact and not just in terms of executing tasks. While not denying the importance of technical exper-tise, which is important but the bigger aspect is about the impact.

From a personal standpoint, this was the bigger evolution that took place and I had to aquire skills in different areas.

I also learnt the importance of convincing stakehold-ers at a very high level; taking my fellow peers in confidence; mentor them to have a larger vision; how to achieve objectives and devise precise plans and also convince them about the prospective benefits of the projects undertaken.

For e.g. At SBI, I was asked to work on different systems like developing MIS; system to handle govern-ment related transactions or helping vendors to roll out a system.

So it was more on the technology side. I had to make sure that the design, testing, deployment was managed

well for an implementation to be successful. However the larger aspects about the cost, ROI were really not my priority at that time. I was working more on understand-ing the banking and finance domain. My focus was more on developing skills.

As I became a leader, whether it was at Genpact or Reliance Capital, business impact replaced all other priorities. Now, I think more in terms of how can tech-nology be used to drive efficiencies, how can people use technology more efficiently etc.

Basically, masking employees from the underlying complexity of technology and allowing them to use it in a more intuitive manner.

Obviously over a period of time people have adapted themselves to technology but at times they have to be trained. The final goal is to ascertain, how these drives business benefits. This is the change I have experienced. Business benefit is always on top of my mind.

Take us through your leadership experience heading the IT transition after the GE Capital

International Services was rechristined to Genpact due to the change in ownership controlWe were moving from a very large enterprise, centrally controlled GE environment to an independent company. The new entity wanted to be consistent with the old set up, to have the same environment, rules, governance, policies etc. The transition project was about creating a separate infrastructure for Genpact. As it would bring so

Leadership Is About Making Impact

my sTory sanDeep phanasgaonkar

38 October 2012

s a n D e e p p h a n a s g a o n k a r | i n T e r V i e w

much change in the organisation, the whole change management chapter was a big aspect of this transition. In addition, com-munication plan and the ability to ensure problem resolution was structured well.

The internal teams are specialised and skilled only in certain areas and activities. We needed a person with a core competence to lead the project of system transition. I got a lot of support from the then CEO, Pramod Bhasin. We hired an independent consul-

tant after doing a proper due diligence about the kind of profile we were looking for.

We worked in close co-ordination to cre-ate a communication plan, doing town halls and ensuring the help desks are quickly closing customer calls.

About the communication plan, it was done at different levels.

The plan was adjusted in terms of objective information about specific systems, tasks, processes, specific can

do's and can't do's. It got executed very well and was crucial to the success of the transition project.

How are you leading the change at Reliance Capital?

We are in the process of rolling out Google apps and public cloud implementation. These initiatives are are under deployment but has already been rolled out to thousands of users.

1 After becomming

a leader one realises

about the impact of

decisions taken

2 It is very important to

convince stakeholders at a

very high level

3 IT should be used in

a manner that it is able to

drive business benefits

4 Cloud, mobility,

social media are evolving

and people are adopting

them fast

5 It is very important to

work in close coordination

to create a communication

plan within the company

5poinTs

39October 2012

This was a larger executive decision because Reliance Capital is a conglomerate of five companies and these technologies were rolled out to the users of these companies.

The scope included moving from a purely email capa-bility to a system that offered messaging and collabora-tion. We wanted to make sweeping use of gmail, google docs, videos, hangouts and so it was a larger set of capa-bilities that we wanted to use rather than just email. I had to present a case before the management for doing such a major transformation.

They have to be apprised about the rationale for adopting public cloud; how to tackle the security issues; handling cost and productivity; the changes that the organisation will undergo.

They ratified the proposal ensued by kickstarting the implementation. The technology was new demanding a dedicated security infrastructure. Employees were trained on these technologies.

In a public cloud set-up, data is accessed on internet and not the company’s WAN was etched in their minds thus they have to be more cautious than before. Google apps exposed the employees to a lot many options to improve productivity and thus collaborate with other employees.

As a leader how do you get buy-in from the top management?

Buy in is important. While the business leaders have an understanding on how technology can benefit business, they are always in the hunt for immediate benefits from investments. However that's not the case every time, the projects have their own gestation periods after which they start bearing fruits.

The CIO should have the ability to convince stakehold-ers that the technology being implemented will ulti-mately benefit the enterprise. They have to be informed about the RoI, how it contributes to the bottom line and top line and employee efficiency.

Technology is changing very fast. The cloud, mobil-ity, social media, internet technologies are evolving and people are adopting them very easily.

The tech savvy customer segment is growing very rapidly. The educated lot, young customers are getting exposed to this technology and they are willing to do business on different technology platforms.

These points do come up in my conversation with the top management.

There is a healthy debate that happens before the strategy is frozen. The acceptance of the business lead-ers is paramount.

We don't go into crude technical details but overall they have to be informed about the technology architec-ture, risks, risk mitigation, requirement for adoption, training and and how will the technology integrate with the systems, processes and people.

How do you constantly keep sharpening your leadership skills.

At Anil Dhirubhai Ambani Group (ADAG), we invite Harvard professors for doing seminars on various topics.

The last seminar was addressed for a selective gather-ing of ADAG executives. I was also a participant. We were taught the art of negotiation. It was an interesting training experience.

I also attended a Gartner CIO academy in London at Oxford. Gartner had a tie up with Oxford university.

At Genpact, we had specially invited Ram Charan, the famous management guru for conducting a work-shop. It was around that time, Genpact was becoming independent of GE. He mentored us on adopting a completely new form of thinking in serving non GE cus-tomers; what would be the change in what we delivered and how we measured ourselves. We were supposed to create a new culture to deal with a much more diverse customer clientele.

40 October 2012

i n T e r V i e w | s a n D e e p p h a n a s g a o n k a r

“In a public cloud set-up, data is accessed on

internet and not the firm’s WAN and thus people

need to be more cautious than before. Google apps

exposed the employees to a lot many options to

improve productivity”

As firms rEAch across borders, global-leadership capacity is surfacing more and more often as a binding constraint. Accord-ing to one survey of senior executives, 76 percent believe their organizations need to develop global-leadership capabilities, but only seven percent think they are cur-rently doing so very effectively. And some 30 percent of US companies admit that they have failed to exploit fully their international business opportunities because of insuffi-cient internationally competent personnel.

Most of the prevailing ideas in business and academia about global leadership reflect efforts by leadership experts to adapt the insights of their field to the global arena. I come at this topic from the opposite

perspective, having focused for nearly two decades on studying globalisation and thinking through its implications for busi-ness and public policy.

At the core of my work lies the reality that, while globalisation is indeed a powerful force, the extent of international integra-tion varies widely across countries and companies and generally remains more limited than is commonly supposed. To be sure, rapid growth in emerging markets, combined with a long-term outlook of lower growth in most developed economies, is pushing companies to globalise faster. But metrics on the globalisation of markets indi-cate that only 10 to 25 percent of trade, capi-tal, information, and people flows actually

cross national borders. And international flows are generally dampened significantly by geographic distance as well as cross-country differences. US trade with Chile, for example, is only 6 percent of its likely extent if Chile were as close to the United States as Canada is. Furthermore, if two countries don’t share a common language, that alone slashes the trade volume between them by 30 percent.

An appreciation of how distances and differences influence international ties helps explain some of the organisational and other stresses that established multina-tionals are encountering as they accelerate their expansion to emerging markets (for more, see “Parsing the growth advantage of

Developing Global LeadersCompanies must cultivate leaders for global markets. Dispelling five common myths about globalisation is a good place to start By pankaj Ghemawat

leaDing eDge pankaj ghemawaT

41October 2012

emerging-market companies,” on mckin-seyquarterly.com). Emerging Asia is farther away—and more different, along multiple dimensions—than more familiar markets in Europe and North America. Japanese multinationals face a distinctive set of cul-tural, political, and economic issues that complicate their efforts to expand abroad.

Exaggerated notions of what globalization means—what I call “globaloney”—are also apparent in prevailing ideas about global leadership. Some training centers aim to develop “transcultural” leaders who can manage effectively anywhere in the world as soon as they step off the plane. Yet scholars of cross-cultural management suggest that objectives like this are unrealistic.

While global leadership is still a nascent

field, common conceptions of it already incorporate myths or half-truths that rest on misconceptions about globalisation. Cor-recting these myths should help the efforts of companies to increase their global-leader-ship capacity.

myth#1my company, at least, is global.When I present data on the limited extent of international interactions to executives in large multinational corporations, a typi-cal reaction is that even if markets are not that integrated, their firm certainly is. Such claims, however, seldom hold up to scrutiny. Less than two percent of firms onFortune’s Global 500 list of the world’s largest com-panies, for example, derive more than 20

percent of their revenues from three dis-tinct regions. Most firms also remain quite domestically rooted in other aspects of their business, such as where they do their pro-duction or R&D or where their shareholders live. BMW, for instance, derived 51 percent of its sales revenue from outside of Europe in 2011, but still maintained roughly 64 per-cent of its production and 73 percent of its workforce in Germany.

An accurate read on the extent of glo-balization in one’s firm and industry is certainly a crucial requirement for global leadership. Also invaluable is an apprecia-tion of the extent to which the people within your company are far from completely globalized. Consider just a few pertinent facts. Trust, which some have called the cur-rency of leadership, declines sharply with distance. Research conducted in Western Europe suggests that people trust citizens of their own country twice as much as they trust people from neighboring coun-tries and that they place even less trust in people farther away. Turning to information flows—also central to leadership—people get as much as 95 percent of their news from domestic sources, which devote most of their coverage to domestic stories. Simi-larly, 98 percent of telephone-calling min-utes and 85 percent of Facebook friends are domestic.

The persistent rootedness of both firms and employees has the surprising implica-tion that global leaders should not seek to sever or hide their own roots to become global citizens. Rather, they should embrace “rooted cosmopolitanism” by nurturing their own roots and branching out beyond them to connect with counterparts else-where who, like themselves, are deeply root-ed in distinct places and cultures. Indeed, studies of expatriate performance confirm that expats who identify strongly with both their home and host cultures perform bet-ter than those who identify only with one or with neither.

This rooted-cosmopolitan approach also accords better with research showing that people can become “biculturals,” with a truly deep understanding of two cul-tures, but probably can’t entirely internalise three, which implies that four is out of the question. Facing such limitations, attempts to become global by breaking free from

42 October 2012

l e a D i n g e D g e | p a n k a j g h e m a w a TIl

lu

st

rA

tIo

N B

Y s

ho

ke

eN

sA

IfI

p a n k a j g h e m a w a T | l e a D i n g e D g e

43October 2012

help executives to visualise and interpret these patterns.

Global leaders also need to understand the factors that shape international interac-tions in their businesses, by undertaking a structured examination of cross-country differences and their effects. That is what a survey of academic thought leaders recently concluded should be the focus of the global-ization of business school curricula.

Conceptual learning of this sort is a com-plement to—one might even say a precondi-tion of, though certainly not a substitute for —experiential learning. When executives can fit their personal experiences into an accurate global perspective defined by con-ceptual frameworks and hard data, they can gain more from their typically limited time abroad and avoid costly mistakes.

myth#3Development is all about building standard global-leadership competencies.Many lists of global-leadership compe-tencies have been developed in business and in academia, but these provide only a starting point for thinking through the right competency model to apply within a particular company. Customisation and focus are essential. In part, that’s because even though literally hundreds of competen-cies have been proposed, a lot of these lists have important gaps or fail to go far enough toward incorporating unique requirements for global leadership. That isn’t surprising, since the lists often grow out of research on domestic leadership.

One large review of the literature sum-marises it in three core competencies (self-awareness, engagement in personal transformation, and inquisitiveness), seven mental characteristics (optimism, self-regulation, social-judgment skills, empathy, motivation to work in an international envi-ronment, cognitive skills, and acceptance of complexity and its contradictions), and three behavioral competencies (social skills, networking skills, and knowledge). To my mind, most of these would also be useful for domestic leadership. Only the motiva-tional point seems distinctively interna-tional, although one or two more (such as acceptance of complexity and its contradic-tions) clearly seem more important in the international domain than domestically.

Typical competency lists also tend to focus on cultural differences, missing other components critical to global leadership. Economic differences (such as the chal-lenges of fast versus slow-growth markets) and administrative and political differences (including the extent of state intervention) are among the other factors that can cause leaders to stumble in unfamiliar contexts.

Perhaps most important, standard lists of global-leadership competencies reinforce a one-size-fits-all view of global leader-ship that is inconsistent with the reality of globalisation and the mix of work global leaders do. A company may find it useful to recruit for and develop a small set of key competencies across all of its global leaders. Yet the diversity of roles that fall under the broad category of global leadership argues

one’s roots seem more likely to lead to sym-metric detachment—a lack of meaningful ties to any place—than to symmetric attach-ment everywhere.

myth#2Global leadership is developed through experience.Leadership scholars have argued that experience contributes some 80 percent to learning about global leadership. My own investigations of senior executives’ percep-tions of globalisation, however, indicate that experience, while required, is not sufficient

“Ceos tend to lead far more global lives than most of the world’s population”—pankaj Ghemawat

lead far more global lives than most of the world’s population, often touching several continents in any given month. Ninety per-cent of the people on this planet will never venture beyond the borders of the countries where they were born.

If experience alone is insufficient to develop accurate perspectives about global-ization, what do executives need to learn off the job? A starting point is an accurate read on the magnitude and patterns of interna-tional interactions within their industries and companies. Rooted maps, described in my 2011 McKinsey Quarterly article, can

for the development of an accurate global mind-set.

To illustrate, in a survey I asked readers of Harvard Business Review to estimate a set of basic values about the internation-alisation of product, capital, information, and people flows. The respondents overes-timated these values, on average, by a factor of three. And, more interesting from the standpoint of leadership development, the magnitude of the readers’ errors increased with their years of experience and the seniority of their titles. The CEOs in the sample overestimated the values by a factor of four!

Why might experience correlate with less rather than more accurate perceptions about globalisation? One possibility is projection bias. Senior executives and CEOs tend to

44 October 2012

for substantial customisation around that common base. At the corporate level, this implies developing a portfolio of competen-cies rather than an interchangeable set of global leaders who have all met a single set of requirements.

Operationally, an ideal training pro-gramme would therefore include a geo-graphic dimension and prepare people for dealing with particular origin–destination pairs. For example, a Japanese executive going to work in the United States would probably benefit from preparing for the higher level of individualism there. One preparing for China would in all likelihood benefit more from understanding that “uncertainty avoidance” is less pronounced there, so executives must be ready for faster-paced change and greater levels of experimentation. Customising training-and-development efforts at the level of individual country pairs is likely to run up quickly against resource constraints. However, the fact that 50 to 60 percent of trade, foreign direct investment, telephone calls, and migration are intraregional suggests that, in many cases, customising at the regional level is sufficient. Firms will need a mix of regional and global leaders. Regional leader-ship is presumably less difficult and costly to develop than global leadership.

Competencies can also be customised to the requirements of specific executives’ roles. The dimensions to consider include depth in particular markets versus breadth across markets, the frequency and duration of physical presence, and a focus on internal versus external interactions.

myth#4Localisation is the key.Some firms, rather than trying to fulfill the requirements of one-size-fits-all lists of global-leadership competencies, have embraced the opposite extreme of local-ization. Significant localisation has taken place in the management teams of foreign subsidiaries. According to one study, the proportion of expatriates in senior-manage-ment roles in multinationals in the BRIC countries (Brazil, Russia, India, and China) and in the Middle East declined from 56 percent to 12 percent from the late 1990s to the late 2000s.

Within this broad trend, some firms still rely too much on expatriates and need to localize more, but localisation can be—and, in some instances, clearly has been—taken too far. Giving up on expatriation implies giving up on building the diverse bench of global leaders that CEOs say they require. Persistent distance effects, particularly those associated with information flows, do confirm the general wisdom: global lead-ers need experience working for extended periods in foreign locations because living abroad creates permanent knowledge and ties that bind. Extreme localisation leaves no room for the development of leaders of this sort.

Executives report that “it takes at least three months to become immersed in a geographical location and appreciate how the culture, politics, and history of a region affect business there.” This judgment accords with the finding that living abroad expands your mental horizons and increas-

es your creativity. However, merely traveling abroad doesn’t produce these benefits.

Long stays abroad are costly: traditional expatriation typically costs three times an employee’s salary at home. Nonetheless, firms that really wish to prioritise global-leadership development will need to allocate the required resources. Better metrics to track the returns on such investments may help. One survey indicates that just 14 per-cent of companies have any mechanisms in place to track returns on international assignments. Most of these companies use metrics tracking only business generated from an assignment.

Better career management could help cap-ture and measure returns on investments in developing global leaders. Evidence indi-cates that in European and US multination-als, expatriates still take longer, on average, to ascend the corporate ladder than manag-ers who continue to work within their home countries. That indicates a deficiency in this area, as well as an incentive problem.

Rather than pure localisation, firms should embrace the practice of rotation, which provides the foreign work experi-ence—not just travel—essential to the development of global leaders. And don’t make the mistake of viewing expatriation as being solely about sending people from headquarters to emerging markets. The same requirement for immersion outside of one’s home market also applies to the culti-vation of global leaders recruited in emerg-ing markets. For these executives, time spent in more established markets can, on the return home, reinforce both local- and global-leadership capacity.

—The article is printed with prior permission

from McKinsey Quarterly.

“operationally, an ideal training programme would therefore include a geographic dimension and prepare people for dealing with particular origin”—pankaj Ghemawat

Pankaj Ghemawat an alumnus

of McKinsey’s London office, is a

professor of strategic management

and the Anselmo Rubiralta Chair of

Global Strategy at the IESE Business School,

in Barcelona. He is also the author of World

3.0: Global Prosperity and How to Achieve

It (Harvard Business Publishing, May 2011), the

source of the approach to global-leadership

development discussed in this article.

l e a D i n g e D g e | p a n k a j g h e m a w a T

45October 2012

menTorshanmugham sureshheaD – iT, mahinDra & mahinDra FinanCial serViCes

menTee

khaliD abDuliT manager, mahinDra & mahinDra FinanCial serViCes

What do you look for in a mentee? shAnmuGhAm The mentee should have respect for

his peers, help others, be direct and clear in communi-cation. He should be have awareness and use wisdom in thought, should have the ability to listen and apply himself. He should question proactively, be efficient and timely. The mentee should know the business properly and get involved with business peers in non-IT projects. He should push business and technology integration in all areas of interest and concentrate on core competen-cies of every individual to capitalise towards demand.

What do you look up to in your mentor?ABDuL The mentor should have the willingness

to share experience, knowledge with subordinates and provide guidance, constructive feed backs so that sub-ordinates will be in continuous process of learning and improving. The mentor should motivate others by set-tings examples and goes that extra mile and takes per-sonal interest to understand subordinate and addresses his queries and needs. The mentor should always demonstrate passion and enthusiasm to achieve goal so that team is charged and motivated and exhibit positive attitudes towards crises-management and act as a role model. He should create an environment of healthy competition and respect everyone’s opinion. The men-tor should give utmost importance to brain storming and debate before arriving to serious conclusion. The should be well communication, provide proper message

of failure and successes with rational reasoning to the team members. The mentor should initiate new ideas, always innovative in terms of challenging conventional methodologies.

How do you identify and priorities areas where you think your mentee needs to focus on for

further professional development?shAnmuGhAm I concentrate on the mentee's personal and professional front. I work on ensuring that the mentee has the right resources to perform to his ability. I focus on strategy, avoid generic, obvious statements and focus on what is unusual, what has changed or will change, and how the services and processes approach links to business success. As a mentor what is important is to think beyond normal traditional solutions and services and would focus on technical aspects of architecture at the expense of every other deliverables.

Do you think your mentor spends enough time with you? How do you think your mentor could

contribute more towards your professional growth?ABDuL Yes, he spends good amount of time with us. There are three key parameters by which mentor can contribute more towards professional growth --- accountability, alignment and demand. The mentor should be responsible for following tasks: setting goals, clarifying expectations, defining roles and responsibili-

Working in Tandem

me & my menTee

46 October 2012

ties, monitoring progress and measuring results, gath-ering feedback alignment. When mentoring is aligned within the organisation culture, it is part of its DNA. A shared understanding of mentoring practice exists that fits naturally with the organisation values and practices. Communication is fundamental to achieving growth in one’s success. Its effects are far-reaching; it increases trust, strengthens relationships, and helps align organ-isations. It creates value, visibility and demand for mentoring. It is also the catalyst for developing mentor-ing readiness, generating learning opportunities, and providing mentoring support within an organisation.

Employees seek mentoring as a way to strengthen and develop themselves and look for success opportunities. Demand spurs reflective conversation and dialogue about mentoring adding to its value and visibility.

How do you think your mentee can take on more responsibilities and take more/bigger

decisions?shAnmuGhAm When I think about Khalid, team moni-toring and inimitable leadership are his best qualities. I allow him to be involved in core projects and he has shown excellent working capabilities. Being a collabora-tive business leader and inspiring IT manager while partnering closely with the business is vital, he has done his job to the core. He inspires all IT staffs to cre-ate a unique work setting that enables the professional growth. Currently, much of his vision, technology development and support is sourced in-house. Going forward it is likely to be changed with some of our util-ity support services for desktop, storage and networks being rigorously bench marked and possibly market-tested to ensure they deliver value for money. As a result it will be vital that the service has robust bench marking and cost control measures in place to deliver value for money.

Does your mentor delegate enough tasks and responsibilities to you? How often do you take

key decisions yourself? How would you like the situation to change (if at all)?ABDuL My mentor delegates task and responsibilities; he develops team by delegation of critical task. He del-egates larger projects to teams of people, giving them appropriate responsibility and clearly defining their authority for decision-making. He uses delegation as a mean of developing employee’s skills. He creates condu-cive environments that subordinates goes to him with solutions to problems they encounter, instead of simply asking for more instructions. Very often we take deci-sions, as we are responsible and linked with individual project, success of project is solely based on the decision we take. Situation can be changed by involving all stakes holder and taking their consent before acting.

Are there any conflicts between you and your mentee? If so, how do you resolve them (you

may also cite one or two instances)? If not, what do you think is the secret of your smooth working relationship?shAnmuGhAm There have been healthy conflicts where we both have learned from each other. I believe that we can constantly keep on learning new things from each other and grow the bond that we have nurtured all these years. Punctuality and time management and two key things that I focus n and thins ensures that we adhere to the deadlines for every project that we work together.

“When I think about khalid, team monitoring and inimitable leadership are his best qualities”

m e & m y m e n T e e | s h a n m u g h a m s u r e s h & k h a l i D a b D u l

47October 2012

s h a n m u g h a m s u r e s h & k h a l i D a b D u l | m e & m y m e n T e e

“the mentor should have the willingness to share

experience and knowledge with subordinates”

Please describe your working relationship with your mentor and how the two of you address key

challenges together or resolve any conflicts of opinion.ABDuL A mentor is a person with superior rank or authority and influence in his or her field who com-mits time, emotional support, and intellectual strength to encourage growth and development. Conflict in the workplace just seems to be a fact of life. The fact that conflict exists, however, is not necessarily a bad thing: As long as it is resolved effectively, it can lead to per-sonal and professional growth. In many cases, effective conflict resolution can make the difference between

positive and negative outcomes. However, if conflict is not handled effectively, the results can be damaging. Conflicting goals can quickly turn into personal dislike. Teamwork breaks down. Talent is wasted as people dis-engage from their work My mentor ensures that people and problems are kept separate while dealing with con-flict. For example: One of critical project was about to roll out in pan India, before implementation, the team got in to argument of big bang approach or phase man-ner approach. This was a conflict example in which proj-ect implementation came to stand still. Then mentor decided to have a joint meeting and ask us to present the interest and he paid attention to the interest are being presented. Ultimately he set out the facts, explored all option together this is the way conflict resolved and we went through big bang approach roll out.

What are the two or three key things you have learned from your mentee?

shAnmuGhAm Perseverance -- Strong will power. Effort-less working. My mentee always believes that virtue lies in struggle not in earning the prize and I have come to learn that great works are performed not by strength but by perseverance. He also has a lot of self confidence which I admire.

What are the two or three key things you have learned from your mentor?

ABDuL I have learned from my mentor to put 100 percent in work and the never give up attitude. Moreover, he has also made me realise the importance of being focused.

What are the challenges and constraints for a mentor/CIO to devote more time and effort for

the development of their immediate juniors?shAnmuGhAm Identifying and creating new philosophy and interaction with vendors locally and develop a long-term strategic relationship to create unique deliverables for rural India operations. Managing the solutions by providing a complete package, which includes hard-ware, software, networking application developments etc. Coordinating design approvals, setup for data centers, development infrastructure and execution and awareness-creation of web-related solutions including portals.

What are your views on the need for a mentor for IT managers in realising their full potential?

ABDuL A mentor can listens to team, and help you to develop greater insight by thinking laterally and consid-ering innovative ideas, IT requirements and yourself in a structured and integrated way. These insights can help one to innovate successfully, solve problems, improve business performance, and develop subordinate skills. —As told to Atanu Kumar Das

i hAvE always been a great fan of Steve Jobs and have followed many of his sayings.His pearls of wisdom have also helped me in achieving new heights in my professional career. But one advice that I always carry with me is “it is the journey and not the destination that matters.” I have worked for numerous multinational corporations that have had to deal with IT projects which were equally complex and challenging. By adher-ing to this advice, I have always enjoyed the period when I was heading any project which we didn't know how much time it will take to complete. I also believe that it is ultimately the people who matter and in one's personal or professional life, we have to deal with dif-ferent types of people. Dealing with people is also a journey which we tend to forget and this doesn't let us enjoy those moments. We should always keep our mind open and learn from each and every indi-vidual that we meet and that is when the journey becomes enjoyable.

In my professional career, I have had numerous projects which were not only big but challenging to the core because we had to integrate processes of a company that was truly global. There were numerous occa-sions where we faced obstacles but the joy was to be involved in a project that was so huge and complex to attain. I believed that this project will not only help me under-stand the complexities involved in integrat-ing global offices, but will also enable me to understand different aspects of doing

where we are not sure what to do, but want for the right moment in terms of choosing the right areas of growth. If a person has the ability to enjoy the journey, he will not only be a wise man when it comes to such situa-tions in the future, but will also understand what the positive and negatives that came out of a particular project.

I am sure that in the future as well, I will abide by the saying of enjoying the journey first because we are not sure of the destination. We may have projects that succeed or fail, but the learning which we get from both the projects is equally important and it helps us a lot in all our future endevours. —As told to Atanu Kumar Das

integration seamlessly. I thoroughly enjoyed being involved in the project and each and every day of the project taught me new aspects of IT dynamics.

I have been in India for the last one and a half years, and the challenge we are facing here is to identify the market where we can have the kind of growth that is going to sus-tain. It is very easy to fall for every market in the education space, because the education market in India is huge. But the real chal-lenge is to identify the right area of growth. Moreover, we are also coming up with a lot of digital content and that needs to be done in a proper manner so that it reaches the right audience. I believe that in our profes-sional lives, there comes lot of instances

max gabrielsenior Vp anD CTo, pearson inDia

“Enjoy the Journey”

The besT aDViCe i eVer goT

48 October 2012

49October 2012

DaViD limopinion

Think before you speak! Here are 11 of the biggest mistakes speakers make—and how to avoid them

abouT The auThorDavid Lim, founder, everest Motivation team, is a leadership and negotiation coach, best-selling author and two-time Mt everest expedition leader. he can be reached at his blog http://theasiannegotiator. wordpress.com, or david@everestmotivation.com

As A movE away from my past topics on leadership and negotiation skills, this feature will focus on an often-feared and poorly managed skill—presentation skills. Do you want to be motivated to give a great presentation when asked to deliver one? Read on, and avoid these common mistakes that even experienced speakers make, and make your presentation dynamite.

1) LAcK of focusIn the rush of things, too many speakers feel they need to cram in as much information as possible in a presentation. The consequences? Lack of focus, or an information over-load. For a typical 30-minute presentation, you should be focussed on making at the most three to four points. The rest of the time is spent reinforcing the points with relevant stories, pictures, videos and examples. Remember, that not everyone absorbs information the same way. Do you prefer your audience to be squinting at a text-dense PowerPoint slide, or listening to your message/point?

2) DistriButinG A hAnDout ALonGwith Your prEsEntAtionShoot yourself the next time you present more than a few lines of text on PowerPoint. If you MUST include bags of information, dense graphs et al—create a totally separate handout that supports your presentation. I see this mistake many times each year as speakers struggle to help an audience make sense of a dense spreadsheet slide when they should be zooming in on only the most relevant information.

3) BEinG A tALKinG hEAD, or A Zoo tiGErSpeakers often feel ‘safe’ anchored to a podium, when in

fact, they could be enhancing their presentation by put-ting their whole body into the presentation, using their body language, gestures, postures and body ‘shapes’ to drive home their messages. Plan to step away from the podium and present on stage in a relaxed collegial man-ner. Depending on the height of the platform and podi-um, some speakers become ‘talking heads’ with only their heads or upper shoulders visible to an audience. The other extreme is that when they move away from the podium, they pace up and down the stage; or move aimlessly on the stage, fretting away nervous energy, very much like a caged tiger in a zoo. Stand still when making a key point, and move only if you need to—pur-posefully. Strong positions of influence are right-front or centre-front of the stage.

4) tELLinG irrELEvAnt JoKEsI once listened to a speaker sprinkle his message liber-ally with jokes and one-liners for 20 minutes. It only served to confuse me about the point of his message, as none of the humour was linked to the message. Learning point: Choose humour wisely, and ensure it enforces or supports a point you are making.

5) wEAK opEnErs AnD cLosErsWhen I was much younger, I loved to learn and demon-strate magic tricks. One of the key things about pulling off a great magic show applies to you as well if you are doing a spot of public speaking, and that is: 1) first, grab the audience’s attention, 2) add super-attention, 3) leave them wanting more. If your opening is weak, you will fail to sustain the audience’s interest. Open with a pow-erful story, quote or define what you hope to achieve in

50 October 2012

the presentation. These are less of a cliche than a tired joke. Finish or close with a story, metaphor that honours the content of your presentation, or call for action. This message will be ‘sticky’ with the audience.

6) too mAnY pointsIt’s tempting to pack the presentation with lots of con-tent to deliver ‘value’. The real test of value is what the audience remembers and wants to copy/do to help their condition in the next month or so. As such, focussing on just three to four points, supported by evidence, sto-ries, case studies—is a much better option than cover-ing too much ground and overwhelming your audience. It also allows you to shorten stories, drop supporting anecdotes if you are running out of time without sacri-ficing your key points ( see point below on RUSHING).

7) rushinGIf you have rehearsed your presentation, you will realise that some parts of your presentation need to be dropped in order to have quality ( vs quantity ). You choose which bits need to be left out. The key is pacing and rehearsing before the big event.

8) fAiLinG to stAY in thE rEAL worLDAcknowledge noises, eg a beeper that goes off, a crash of breaking plates—in your auditorium. To rattle on without doing so makes the audience feel uncomfortable, as well as wondering why the speaker didn’t react to that awful noise from the back. With practice you can also learn how to use such external interference to your advantage and boost your presentation quality.

9) not BEinG A mEmBEr of thE AuDiEncEAt every stage of your presenta-tion, consider what

the audience is going through—are they engaged? Bored? Are they leaning forward slightly to hear your points, nodding every now and then? A great speaker learns how to tune into the audience and adjust his/

her speaking pace, volume, even content, segues and body language.

10) whEn in DouBt, LEss is morEWhen preparing for a speech of 30 minutes, always pre-pare for 25 minutes of content. You will invariably find you may want to repeat a statement or field a question from someone who can’t wait until the Q&A session. You will feel relaxed and professional in your delivery.

11) it’s A pAinRefrain your thoughts from telling you that your presen-tation is a chore or a pain. Take time to enjoy sharing your information and interacting with the audience. If you think of it as a pain, your emotions will show, and the audience won’t like it. Giving yourself permission to have a bit of fun and enjoyment makes you a better presenter. I guarantee it.

DAVID LIM IS A LEADERSHIP AND NEGOTIATION

COACH AND CAN BE FOUND ON HIS BLOG http://

theasiannegotiator.wordpress.com, OR subscribe to his free

e-newsletter at david@everestmotivation.com

“stand still when making a key point, and move only if you need to—purposefully. strong positions of influence are right-front or centre-front of the stage”

IMA

Ge

BY

ph

ot

os

.Co

Mo p i n i o n | D a V i D l i m

51October 2012

Switch: How to Change Things When Change

Is Hard The book addresses change and the process

asssociated with it

As thEY sAY, nothing is permanent except change. The only constant

is change. It is always difficult to manage

themselves, people and organisation when change occurs. If change is required for an individual or set of people, it is always difficult to manage the emotions. Similarly, making change work, can be major work.

Switch: How to Change Things When Change is Hard, is the new book from Chip Heath and Dan Heath, the famous authors of “Made to Stick”.

The book addresses change and process asssociated with it. The brothers have well researched the topic and read loads of books before writing Switch. They have pulled from studies form psychol-ogy, sociology and similar other fields to bring light making a suc-cessful changes.

The book draws inspiration an analogy from “The Happiness Hypothesis” — a book written by Jonathan Haidt, a psychologist at University of Virginia.

Haidt, in his critically acclaimed

book, equates the operation of the human mind to an elephant and rider.

The Rider represents the rational and logical. Provide a rider a good argument and tell the rider what to do and he will do it.

The Elephant represents our emo-tions, our gut response. Emotions can overpower rational thought. While relying entirely on rational behavior can over-analyse and over think things.

As a result, sometimes it is com-mon that hours of brainstorm does not lead to decision.

For example a Rider might avoid a hamburger and chips, but there is very little the Rider can do if the Elephant really wants it. Chip and Dan, to complete their analogy, include the path both the rider and the elephant are traveling.

There is a good chance for change, only if the rider directs the elephant on a well prepared path.

The path could represent access to a new technology or office space design.

Switch is dedicated to the change processes that manage emotional

as well as rational behavior of deci-sion making.

With different examples and sto-ries the book keep on reminding its readers that these two independent system always remain at work.

The best part of Switch is that it translates theories to business set-tings i.e. the book states that: “busi-ness people think in two stages: You plan, and you execute. There is no “learning stage” or “practice stage” in the middle.

From the business perspective practice looks like poor execution, but to create and sustain change, you’ve got to act more like a coach, less of a scorekeeper.”

Switch clarifies the basic psycho-logical struggles leading often to poor choices and makes its points using narrative.

Switch is an first-class opening point to discuss change, be it a profession or an organisation. It stand well on learning to manage and infuse changes, into a particular situation. Change ain’t easy, so to speak, but Switch makes the process of change easy. —By Akhilesh Shukla

abouT The auThorsChip heath is the thrive foundation of Youth professor of organisational Behaviour in the Graduate school of Business at stanford university. Whereas his brother, Dan heath is a senior fellow at Duke university's Case center, which supports social entrepreneurs.

“Elephant represents our emotions, our gut response. Emotions can overpower rational thought.” — Chip heaTh anD Dan heaTh

shelF liFe

NEXTHORIZONS

Features InsIde

What to do With Your Firm’s Old iPhones Pg 56

Unlocking Big Data in Social Technolgies Pg 55

Top CIOs discuss their cloud implementations and in the process attempt to solve the queries that CEOs might have on cloud By Abhishek Rawal

CIO Solves CEO Queries on Cloud C

IOs, CTOs are aware about what cloud is and it’s potential to gener-ate positive results for the company however there is need to delve more on the teething questions, the

business leaders have on what cloud can do to their company. Sunil Chandiramani, Part-ner and National Director-Advisory, Ernst & Young gives an anecdote about his meeting with a CEO accompanied by his team. He explained the CEO’s understanding of cloud computing with a kind of a satirical remark, “the only cloud I know about is what I

Ill

us

tr

at

Ion

by

ph

ot

os

.co

m

53October 2012

find up there in the sky,” Chandiramani was moderating a panel discussion at the Ernst &Young Strategic India Forum. The panelists include Sandeep Phanasgaonkar, CTO- Reliance Capital; Manish Choksi, CIO- Asian Paints; Manoj Chugh, APAC President - Strategic Accounts, EMC; Supra-kash Chaudhuri, Managing Director - Elect, SAP India and Eric Yu Qiang, President - Huawei Enterprise India, Huawei.

Hence CIOs should speak in a crude sense with their C level colleagues on the potential of cloud computing. Chandira-mani, wearing the hat of a CEO asks proba-ble questions he would ask to his respective CIO. What is a cloud and why should I use it? What are the benefits? In what situations should I use the cloud model and which scenarios should not hook to the cloud? Is connectivity and security a valid concern for the CIOs or are they raising these issues fearing for their job being taken away after the IT infrastructure will be controlled by the CSPs? what happens to my data if the vendors go bankrupt or if I want to change my CSP?

Let’s try and find out the answers to some of these questions by examining the cloud implementations of Reliance Capital and Asian Paints.

Sandeep Phanasga-onkar, President & CTO, Reli-ance Capital explains the company’s journey on the cloud model. Phanasgaonkar stressed on the importance of using pub-lic cloud. He also answers the CEO question on the benefits of cloud, “We are an early adopter of public cloud. Reliance Capi-tal has invested on deploying

Google apps, which enables employees to collaborate using Google docs, instant mes-saging, and social media functionalities. These tools can also be accessed on mobile, which makes our implementation a success story,” says Phanasgaonkar.

From a cost angle, the company is still paying the same amount. But it’s in a posi-tion to leverage more features for business benefits. As the messaging & collaboration tool is still being rolled out, there are already 5000 users on the public cloud platform. More users will soon join after passing through the requisite training process.

“Our CRM tool is also on public cloud with about 1000 employees. A mix of full time and other functions including call cen-ter agents making cold calls are using the CRM piece,” informs Phanasgaonkar.

The adoption of Google apps elevates the company’s public cloud acceptance model from just being email based to a whole host of collaboration tools.

CIOs raising security issues is a valid con-cern. At Reliance Capital, The IT team is focusing heavily on training the employ-ees to handle the tools with utmost prudence. The baseline is to make the employees aware about the fact that they

are accessing the company data on the public cloud network. Employees should exercise adequate restraint & cognisance while using the tools. Security has to be on top of their mind. More so, On-the-go availabil-ity of Google apps raises the importance of securitising the content-access-sessions of the employees.

“Public CSP in the SaaS space

do not provide adequate security features thus we have to screen the data moving and being exchanged on public cloud to have a more layered security approach. Reliance Capital has also added a DRM tool as a part of its information security policy,” said Pha-nasgaonkar

Manish Choksi, CIO, Asian Paints throw-ing light on his cloud strategy believed in a more stratified manner of cloud adop-tion and dismisses the ‘Rip And Replace’ strategy where enterprise CIOs give way to cloud models by replacing certain in-house solutions.

He prefers reducing the white spaces in the enterprise architecture where technolo-gy tools have a role but are still absent. This point answers the query on the scenarios in which cloud can be adopted. Implement-ing tools on cloud where they are needed but are currently absent can prove to be the right insertion points. For e.g. Asian Paints is currently undergoing a massive website redesign. Hitherto cloud was not used for managing the website however cloud com-puting has a role after the redesign because the company will be adding a bouquet of interactive and social media tools and func-tionalities, which will also require at the back end a scalable storage capacity. Asian Paints will host the website platform on cloud.

Choksi finds a point of caution, “There is one rider however, the system integrator will have to actively connect with the cloud service provider.”

The paint company is also moving the social media & analytics on cloud. “We would not like to burden our in-house team and there’s no point in boiling the ocean. Development & testing services can also be considered to be hosted on cloud. We are also thinking on deploying HR solns on cloud”, says Choksi. When asked about whether he is considering putting any core business applications on cloud, he replied in negative, “The vendors will have to mature to provide cloud models for core business applications.” he opines.

On the query of what if the CSP goes bankrupt or the customer wants to change his provider? Choksi says transparency is the key. The vendors have to be transparent in their offerings. “Sales pitch is all about transparency.” he concludes.

2.3bnComputers, tablets and smartphones

users will be using android by 2016

CIOs raising security issues is a valid concern. At Reliance Capital, The IT team is focusing heavily on training the employees to handle the tools with utmost prudence

54 October 2012

n e X t h o r i Z o n s | C l o u d

Role of IT in Boosting Oil Production?IT Leaders from Oil & Gas sector discuss how IT can help increase oil production in India By Abhishek Rawal

the crux of IT delivering its capabili-ties to the best of it’s abilities in any organisation lies in how it’s able to engage with business. This business-IT engagement also

ensures that technology is not only playing the conventional role of enabling business but also stepping forward to solve business challenges.

Oil PSUs in India are constantly under pressure to increase oil production. India is running short of increasing the per capita energy consumption and IT can play a major role to achieve the set targets. M. Thyagaraj, CIO, ONGC quoting the plan-ning commission report says, “India plans to increase the per capita energy consump-tion from 756 to 1000 kw/hr,” about 1 lac villages are still not electrified, which is a huge source of untapped demand; O&G contribute 30% to the overall energy con-sumption in the country. The success of the O&G sector to produce more will lead to growth in GDP. IT plays a fundamental role in sustaining the growth and meeting the supply required in the market.

Sanjay Srivastava, Head IT, Exploration and Production Division, Reliance Indus-tries (RIL), commented on the challenges faced and how RIL is striving to improve

productivity using IT solutions. These observations can prove to be critical pointers on ways to improve oil production by lever-aging high end IT solutions.

He gave an account on how technology is used at RIL in acquiring massive amount of data during drilling operations at offshore

oil fields. “The upstream operations are highly data intensive and capturing all the information is key,” says Srivastava. How-ever there are no off the shelf IT solutions available in the market.

Tons of data is generated during exploration and production (E&P), from

Ima

ge

by

ph

ot

os

.co

m

55October 2012

o i l & g a s | n e X t h o r i Z o n s

Unlocking Big Data in Social TechnologiesMost of the news from Oracle's OpenWorld revolved around cloud services and a new social platform, but big data was the real story By Tony Kontzer

reservoirs and further down in the operations life cycle. More so, the data is both in struc-tured and unstructured form. Thus managing the data pool becomes a challenge.

In addition the sensors installed at the Oil rigs also provide valuable data inputs on seismic activity and High Performance Computing (HPC) solutions are used to process this dynamic data. Srivastava opines that times are not too far away from the concept of ‘digital oil fields’ where advanced sensors and meters will be used for deep sea oil drilling, which will also give rise to a more

the display at EMC Corp.'s booth at Oracle OpenWorld show in San Francisco featured a famous quote uttered by a British entrepreneur in 2006: “Data is the new oil.”

EThe quote was being bandied about to promote an ambitious global project called "The Human Face of Big Data," an effort commissioned by EMC, and sponsored by the likes of Cisco Systems and VMware, that aims to use crowdsourcing to get a handle on humanity's increasing need to generate and crunch data. For example, a widely dis-tributed smartphone application collected data, between Sept. 25 and Oct. 2, that indi-cated that the reason people can't find a cab when it rains in Singapore is that drivers looking to avoid having their pay withheld for accidents simply pull over to wait out

rainstorms. They don't pick up new fares.While such findings may not hold much

value for the average IT executive, the implications of big data certainly do. And although the news from OpenWorld cen-tered on Oracle's slew of new cloud services and a new platform that socially enables all of the company's applications, big data was clearly the dominant theme.

Oracle CEO Larry Ellison's anticipated keynote address, which was entitled "The Oracle Cloud: Where Social is Built In," focused instead on how the company's ven-erable database and analytics technologies can crunch the big data inherent in social network streams.

Ellison began his keynote touting Oracle's cloud — which now features new services such as planning and budgeting,

financial reporting, and data and insight -- as having the broadest set of applications in the industry. He then quickly introduced Oracle's new social platform, which he char-acterized as being far preferable to stand-alone social applications.

But what he clearly wanted to demon-strate was the kind of insight that can be gleaned from social data when the right analytical tools are used. Specifically, he showed the packed hall how two products — Oracle's Exadata database and its Exalyt-ics in-memory analytics appliance — were used to analyze nearly 5 billion Twitter posts to determine what celebrity would be the best spokesperson to promote a new Lexus sedan.

Ellison made it clear that Twitter data, in particular, consists of much more than the

collaborative environment. The data, when made available to the relevant personnel will enable them to take informed decisions.

The LCD 3D monitors will further enhance better data model visualisation capabili-ties of the equipments at the oil rigs. The Product Lifecycle Management (PLM) solutions will also improve productivity.

All these developments will improve plant, employee productivity and thus result in oil production boost.

The integration of operations/automation solutions with IT can also play a decisive

role. Anurag Mehrotra, VP and Head- Client Relationship Group, Wipro says,” integration is not only important of point to point IT solutions but also between auto-mation and IT solutions,” this will result in better visibility of relevant data points. The automation and IT platforms capture huge amount of data in upstream opera-tions, refining and retail. The integration will better streamline production planning and scheduling.

He also pointed that oil majors are no longer looking for siloed partners for ERP, storage and other IT solutions but partners with holistic expertise, who can successfully integrate point to point solutions with their process expertise.

8%worldwide deCline in the shipment of

personal Computers in q3 of 2012

56 October 2012

n e X t h o r i Z o n s | b i g d a t a

posts themselves — it includes timestamps, geotags, device types, and more, and the data is of both the structured and unstruc-tured variety. In the end, Oracle ended up analysing 27 billion relationships, nearly a billion retweets and hashtags, 2.8 billion mentions and another 1.3 billion replies.

And as Ellison pointed out, the conclusion itself — that gold-medal Olympic gymnast Gabby Douglas was the best fit to promote the new Lexus — wasn't nearly as signifi-cant as the process by which that conclusion was reached, which included drilling down into the data to find out whose posts most frequently mentioned cars, for instance.

“This was a very simple question that required an enormous amount of data processing to get the data," Ellison said. "This is something we would have had to guess at before.” — This article was first published in CIO Insight.

For more stories please visit www.cioinsight.

com.

What to Do With Your Firm’s Old iPhonesiPhone 4 resales were up nearly 883 percent in the month leading up to the iPhone 5’s introduction

apple is expected to sell quite a few iPhone 5 handsets this year. Invest-ment firm Jefferies has calculated that 170 million global smartphone subscribers will come out of their

contracts in the second half of 2012, and 450 million more will do so in 2013. Contracts aside, Topeka Capital analyst Brian White expects the iPhone 5 to drive the "biggest upgrade in consumer electronics history," while Jefferies analyst Peter Misek has told investors to expect the "biggest handset launch in history.

Add in a Samsung Galaxy S III that made its way into the hands of more than 20 mil-lion users in 100 days, and there are, or will be, considerable numbers of unused phones cluttering office shelves and kitchen junk drawers. Recycling boxes are an option, but a number of sources offer cash, as consum-ers are discovering.

Last year, following Apple's iPhone 4S announcement, iPhone sales surged on SellCell.com, constituting 50 percent of the phones the site helped to sell that day. Compared with last August, sales of smart-

phones, feature phones and tablets this year are up 725 percent, and in the last four months the average price being offered to sellers has increased from $77 to $84.

In the month leading up to the iPhone 5's introduction, a SellCell spokesperson told eWEEK, total iPhone resales and trade-ins were up nearly 434 percent, com-pared with the weeks before the iPhone 4S's intro; iPhone 4 re-sales were up nearly 883 percent and overall trade-ins were up 492 percent.

During Apple's Sept. 12 introduction of

Ill

us

tr

at

Ion

by

ph

ot

os

.co

m

57October 2012

m o b i l i t y | n e X t h o r i Z o n s

the iPhone 5, trade-ins on SellCell.com were up 50 percent from the daily average and visits for the day peaked at 4 p.m. ET, shortly after the event concluded.

While it's tempting to think consumers are trading in devices made by Apple com-petitors, it's just the reverse. The site's latest September figures show Apple devices to account for 29 percent of trade-ins on the site, followed by Samsung (17 percent), HTC (15 percent) and BlackBerry (14 per-cent) devices.

SellCell.com fancies itself the Kayak.com of the smartphone resell market. Users enter the name of the phone they'd like to sell, and the site gives back a comparison tool showing the companies willing to buy it. The morning before Apple's iPhone 5 announcement, offers for a 16GB black Apple iPhone 3GS, in good condition, ranged from $18 from an unrated company called Depstar to $107 from an unrated company called Side Street Technology that ships for free but doesn't offer free pack-aging. A company called BuyBack World, however, has a B+ rating from the Better Business Bureau, offers free packaging and

shipment, and was willing to pay $101.uSell.com runs by a similar model, but

gets more specific about the state of the phone, asking a few quick questions, such

as whether the screen is damaged and what accessories--such as the original box and charger--the seller has. As on SellCell.com, device conditions affect offers.

Ill

us

tr

at

Ion

by

ph

ot

os

.co

m

EMC Forum'12 to Discuss Big Data, cloudThe event will help CIOs learn how new technologies can transform their IT and business

Cloud computing transforms IT, delivering the maximum possible IT efficiency. An automated private cloud is the first step – creating a dynamic pool of compute, network and storage. Private Clouds will become an infrastructure that is fully automated based on policies set in partnership with the

business. Most enterprises will connect their private cloud to public clouds, creating a hybrid cloud, combining what each IT organization does best with what partners can do better – but keeping IT in control.

According to an EMC –Zinnov study, the total cloud market in India, currently at $400 million, will reach a market value of $4.5 bil-lion by 2015.

Cloud makes it possible to store, manage and analyze all of the world’s information even as information continues to grow. New sourc-es of data are creating new opportunities and putting new demands on IT. IT will need to manage Petabyte-scale data sets containing all types of data – structured data, unstructured data, data inside the firewall, data outside the firewall, data that must be retained for years and data that is only valuable if it is acted on in milliseconds. Data Science teams will be formed to collaboratively analyze information, delivering predic-tive analytics embedded in new business applications.

Keeping these important trends in mind, EMC’s upcoming event, EMC Forum 2012 will be a 2-day program where CIOs and IT Deci-

58 October 2012

n e X t h o r i Z o n s | s t o r a g e

sion Makers can create a vision for their future, by learning how cloud can transform their IT, and how Big Data can transform their business in a secure envi-ronment. Attendees can also hear some of India’s most influential IT thought leaders discuss the future as well as understanding what other organizations have achieved so far.

EMC Forum is a unique opportunity for CIOs to connect and network with peers in India. IT decision makers would also get to hear local and international insights from high calibre keynote speakers and pre-senters, and case studies featuring the latest integrated solutions from EMC and its partners. A hand-picked selection of EMC partners will be exhibiting their products, and EMC will be showcasing solutions at its Demo Centre.

Some of the topics that’ll be discussed at EMC Forum would include Applications and Databases; Backup, Recovery and Archiving; Big Data and Analytics; Cloud Computing; IT Transformation; Information Intel-ligence; Technology Directions and Innovation; Virtu-alisation; Storage and IT Management; Security and Compliance and Storage Platforms, FAST and Flash.

Apart from the entire Indian EMC leadership team, the EMC Forum would witness motivational speaker David Lim and Mandar Marulkar, Associate Vice Presi-dent –Head IT Infrastructure and CISO, KPIT Cum-mins Infosystems Ltd.

rajesh JaneyPresident - India and

SAARC at EMC

s t o r a g e | n e X t h o r i Z o n s

60 October 2012

TECH FORGOVERNANCE

Two different documents are circulating on the internet and both refer to CleanIT By Pierluigi Paganini

IT jobs to be created by 2015 globally to support big data

4mnDaTa BrIefIng

Illu

st

ra

tIo

n b

y p

ho

to

s.c

om

Concerns for a Global Surveillance Project

61October 2012

S E C u R i T y | T E C H F O R G O V E R N A N C E

IPOInTS

5 One Of the most

debated arguments

is the need to

protect the digital

identity

ISPS ShOuld be liable for their

operations in terms

of surveillance on

use of internet

CleanIT wanTS binding

engagements from

internet companies

to carry out

surveillance

CuSTOmerS ShOuld also

be held liable

for “knowingly”

sending a report

COmPanIeS ShOuld implement upload

filters to monitor

uploaded content

One of the most debated arguments is the need to pro-tect the digital identity that is daily menaced, highlighting the need to improve cyber counter measures to protect our privacy and at same time grant a sufficient level of security to network resources. Of course one of the most effective measures is the increasing of systems for the network monitoring, despite the resistance of internet users that claim their digital rights, many governments are implementing and deploying, in a more or less trans-parent, technologies for massive surveillances.

Network appliances for massive analysis, systems for automated analysis of social networks and powerful sys-tems for facial recognition are only few of the different solutions that many governments are deploying.

I recently read a news regarding a project promoted by the European Commission to fight terrorism online that describe a wide-ranging surveillance.

Apparently a leaked document, published by European digital rights group EDRi revealed the possible impact on civil liberties of a project named The CleanIT that was set up to improve the exacerbate the fight against cyber terrorism. The impact on internet users and their privacy is dramatic, let’s consider that Internet Service Providers should be held liable for their operate in terms of surveil-lance on possible use of internet made by terrorists.

There are two documents circulating in the internet which refer CleanIT, the official one that reports only recommendations provided by the authors and the leaked one “Detailed Recommendations Document.”

The “public” version of the document appears quite dif-ferent from the document posted by EDRi, but the project leader of the official proposal, But Klassen, declared that the leaked version was created collecting observations expressed during a debate on the project.

“The term ‘recommendations’ on the food for discus-sion document is misleading, we shouldn’t have used that term. These are just ideas that we are collecting. Everything everyone says at the meeting is written down,

i just returned from the Cyber Threat Summit in Dublin, one of the most interesting European events in cyber security that gave me the opportunity to share opinion notes with expert professionals of international security context. The event revealed an alarming scenario on the main cyber threats, no matter if it is cybercrime, hacktivism, cyber terrorism or cyber warfare, all those ambits share a worrying growth of cyber attacks that are influencing our digital lives and not only.

but the public document contains the points that we have reached a consensus on.”

One of the main concern is related to the recommenda-tions to improve the monitoring of social media, plat-forms that are considerable great mines of information that could be aggregate to prepare "any kind" of analysis, just the misuse of the data collected by governments is one of the principal concern for the organisations that defend the rights of internet users.

The proposed measures are very stringent, the docu-ment states that is illegal to divulge and propose “know-ingly” references to terrorist contents.

The proposals have with main objective the avoidance of anonymity access to web services, internet users have to be identified. “CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at “end user” — meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they have ever said, they also want new, stricter legislation from Member States.” The post of EDRi group reminds that the project is financed by DG Communications Networks of the European Commission that operates without coordination limiting in sensible way the users operations on internet. “CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commis-sion. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material.

Both CleanIT and the CEO Coalition are duplicating each other's work on creating “voluntary” rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload

62 October 2012

filtering, to monitor all content being put online by European citizens.”

But Klassen refuted allegations by EDRi that the project has overstepped its mandate sustaining that the team of CleanIT has to complete the final design by next March.

Other Key measures being proposed for the project are: Removal of any legislation preventing filtering/sur-veillance of employees' Internet connections

Law enforcement authorities should be able to have content removed “without following the more labour-intensive and procedures for ‘notice and action’”

“Knowingly” providing links to “terrorist content” (the draft does not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence “just like” the terrorist

ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify “terrorist” use of the Internet

Companies providing end-user filtering systems and their custom-ers should be liable for failing to report “illegal” activity identified by the filter

Customers should also be held liable for “knowingly” sending a report of content which is not illegal

Governments should use the helpfulness of ISPs as a criterion for awarding public contracts

The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such

be based on the “output” of the proposed content regula-tion body, the “European Advisory Foundation” Blocking or “warning” systems should be imple-

mented by social media platforms – somehow it will be both illegal to provide (undefined) “Internet services” to “terrorist persons” and legal to knowingly provide access to illegal content, while “warning” the end-user that they are accessing illegal content The anonymity of individuals reporting (possibly)

illegal content must be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliber-

ately and to permit reliable informants' reports to be processed more quickly

Companies should implement upload filters to monitor uploaded content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded

It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not “blocked” in the access provider sense) and, in other cases, left available online but with the domain name removed.Despite governments today use systems for network monitoring

with the aim of preventing criminal activities, particularly in com-bating terrorism, the project as shown in the leaked document rep-resents a serious threat to freedom of thought and undermines the fundamental principles underlying the genesis of Internet.

—This article is printed with prior permission from infosecisland.com. For more

features and opinions on information security and risk management, please

refer to Infosec Island.

T E C H F O R G O V E R N A N C E | C O m p l i A N C E

Service Providers and PCI ComplianceKnow more about what you need from your third parties when it comes to PCI compliance

There seems to be a lot of confu-sion regarding third parties that provide networking or hosting services and their obligations

regarding PCI compliance.This confusion is not uncommon as mer-

chants and their service providers have not necessarily been provided enough guidance

20%will bE THE GROwTH

OF publiC ClOud mARkET iN 2012

to understand their obligations. I hope this post will clarify those obligations for all involved. If you learn nothing else from this post, if a third party is providing your organ-isation a service that has access to your card-holder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party

must ensure that the service complies with all relevant PCI requirements.

As a result, the third party needs to either allow you or your QSA to assess the services that they are providing or provide you with an Attestation Of Compliance (AOC) that documents that those services have been assessed and they are PCI compliant.

63October 2012

C O m p l i A N C E | T E C H F O R G O V E R N A N C E

In the past, I have stated that third parties could also submit a letter signed by an offi-cer of the third party stating that all of the services provided to their customer are PCI compliant. Now that v2.0 of the PCI DSS has a separate AOC and the PCI SAQs have the AOC built into the SAQ, there should be no reason to need such a letter or to ask for one. If a letter is what your third party is offering, it is better than nothing, but you should be pushing them hard for an AOC. If they are reluctant to get you an AOC, as part of your vendor management process, you should take that into account and prob-ably begin looking for a new vendor that will provide an AOC for their services.

The most common issue we run into with third parties is that their AOC or other rep-resentations of PCI compliance do not cover all of the services provided to the customer. In case after case, we see the AOC cover-ing requirements 9 and 12 and nothing else even though the services provided may require compliance with some or all of PCI requirements 1, 2, 3, 4, 5, 6, 7, 8, 10 and 11.

In a lot of cases, it is not that the third party does not want to comply with PCI; it is they are taking the lowest common denominator approach and only picked those services where all customers requir-ing PCI compliance are asking for an AOC. That way they have reduced their costs of a QSA to assess their environment. These third parties are accepting the fact that any customer that needs more services assessed will have to do it themselves.

Related to this issue is the third party that offers their SSAE 16 Service Organisation Control (SOC) 1 report has proof of PCI compliance. While a SOC 1 report can cover a few PCI requirements, people must remember that the SOC 1 report is struc-tured specifically for financial auditors to ensure that the controls at a third party are properly constructed to support financial reporting at the customers. As a result, a SOC 1 report is not going to be a substitute for an AOC that covers all services.

There is an alternative to this and that is to have the third party go through a SSAE SOC 2 report that focuses on the security controls of the PCI in-scope services pro-vided. We are hearing from third parties inquiring into the SOC 2 report, but cost and a lack of customers requesting such a

report are driving why we do not see more SOC 2 reports available. Another common issue we encounter is the refusal of the third party to cooperate in assessing the services provided to ensure they are PCI compliant. There are still third parties that argue their services are not in-scope for PCI compliance even when it is painfully obvious that the third party’s personnel have access to their customer’s CDE and/or CHD.

The most common third party relation-ship we encounter is the management of routers or other layer 3 devices. Where we encounter the most confusion in this rela-tionship is in regards to the use of encryp-tion to keep the network services organisa-tion out of scope for PCI compliance.

The key here is if the network services organisation manages the encryption of the network, then they are in-scope for PCI compliance. The reason is that the employees of the network services organisa-tion have access to the encryption keys and therefore could decrypt the communications and gain access to CHD transmitted over the network. As a result, at a minimum, the network services organisation is responsible

for complying with some or all of require-ments 1, 2, 4, 6, 7, 8, 9, 10 and 12. If you receive such services and are not getting an AOC that covers these requirements, then you should be doing more work on your own as well as asking the third party why they are not covering more of the necessary PCI requirements.

The next most common service we encounter is the network services firm that is managing or monitoring an organisa-tion’s firewalls, remote access or intrusion detection/prevention. Such services always put the third party in-scope for PCI compli-ance. Some or all of requirements 1, 2, 6, 7, 8, 9 and 12 will need to be assessed for com-pliance with the PCI DSS. The log capture and analysis requirements in requirement 10 may also be complied with if your organ-isation is not capturing and analysing the log data from these devices.

Another group of third parties we encoun-ter a lot are records retention vendors. Organisations like Iron Mountain have con-ducted their own PCI compliance project and readily hand out their AOC to custom-ers. However, where we see issues is with

Illu

st

ra

tIo

n b

y p

ra

me

es

h p

ur

us

ho

th

am

an

The problem with PaaS and SaaS vendors is that they only deal with your organisation through a Web-based interface

64 October 2012

T E C H F O R G O V E R N A N C E | S E C u R i T y

such vendors that provide their own tape library for their customers to use for back-up. We have encountered a number of third party’s doing the encryption at their library which puts them in-scope for PCI compli-ance, at a minimum, for requirements 3, 4, 6, 7, 8, 9, 10, 11 and 12.

We encounter outsourcing the data center a lot with large organisations, but small and mid-sized organisations are also hopping on the data center outsourcing bandwagon. Where this puts the third party in-scope for PCI compliance is when the third party is responsible for maintaining the environ-ment such as applying patches, managing servers or any other activities that would allow the third party’s personnel to poten-tially have access to CHD.

In such situations, at a minimum, the third party is responsible for complying with some or all of requirements 2, 5, 6, 7, 8, 9, 10 and 12. Compliance with some or all of requirement 1 may be applicable if the third party is managing your firewalls or routers. Compliance with some or all of requirements 3 and 4 may also be applicable if the third party is responsible for manag-ing encryption keys for encrypting CHD or encrypting communications.

If your organisation is purchasing Infra-structure as a Service (IaaS), then the third

party providing these services will typically be out of scope for PCI compliance except for requirements 9 and 12. There are some instances where IaaS implementations may require compliance with the PCI DSS if the third party is managing network infrastructure that comes into contact with CHD as is usually the case with pri-vate cloud environments. For Platform as a Service (PaaS) and Software as a Service (SaaS), the third party will have to provide PCI compliance for the services they are providing to your organisation. That is because with either of these service offerings, the third party must have access to the CDE and will have the potential of coming into contact with CHD.

The problem with the majority of PaaS and SaaS vendors is that they only deal with your organisation through a Web-based interface, i.e., everything is automated – contracts, support, etc. As a result, the contract is a “take it or leave it” situation that does not usually cover everything needed for PCI compliance, there is no way to independently verify the representations made by the third party as well as the fact that the AOC provided by the third party

typically only covers only the physical security requirements in requirement 9 and possi-bly some of requirements 11 and 12 and nothing related to the other requirements, even though the third party may have responsibilities for PCI compli-ance outside of what is repre-sented in their AOC. If this is the case, there is little you or any QSA can do to properly

assess the environment to ensure it is truly PCI compliant. As a result, we have a lot of organisations that try to develop compensat-ing controls for these cloud implementa-tions. These organisations very quickly and frustratingly find out that there are very few, if any, controls on their side of the equation that can get them to “above and beyond” the original requirement.

I know there are a lot of other examples of services being provided to merchants. But, hopefully these examples can assist you in clarifying what you need or do not need from your third parties when it comes to PCI compliance. —This article is printed with prior permission from

infosecisland.com. For more features and opinions

on information security and risk management,

please refer to Infosec Island.

$3.7tniT SpENdiNG FORECAST iN 2013, A 3.8 pERCENT iNCREASE FROm 2012

Ten Musts for a Good Security Risk EquationHere are 10 qualities to assess the security risk programme that you are building By Stephen Marchewitz

For those of you that have taken steps to build a security risk management programme, sooner or later you will come to the

point where you have to start quantify-ing risk in some meaningful way. This is important because the board and other

executives of the company have seen the latest security stories in the news and the Fear, Uncertainty and Doubt that goes with them. They are examining and ques-tioning how you are protecting them. So here are ten qualities to assess your choices against.

1 It should start with the simplest of equations and be easy to understand

This is important for a variety of reasons, but people can understand simple. Ein-stein’s ‘E=MC2’is the perfect example of this and it leads to his quote “Make things

65October 2012

S E C u R i T y | T E C H F O R G O V E R N A N C E

as simple as possible, but not simpler.” The complex calculations underneath and the years it took to figure that out, aren’t going to resonate with the population at large. In the same way, too complex of a starting point will be too great of a hill to overcome to get imbedded in the psyche of the organ-isation. Human nature shows that when it’s difficult to understand and explain, the mental challenge to get started is suffi-ciently great to bring any momentum to an unceremonious halt.

2 It should be elegantBuilding off of high-level simplicity as a starting point, the equation also needs

to be effective and constructive, i.e. elegant. An elegant equation would solve multiple

problems at once, especially problems not thought to be interrelated (which we’ll discuss in the items below). It should also produce consistent results, no matter who is using it or which way they confront it. This is especially important since not every risk can be measured properly and some vari-ables, such as probabilities of loss.

3 It should bridge the gap between security risk and enterprise risk

One of the great challenges for security today is aligning with enterprise risk man-agement. Many organisations don’t have risk officers or risk managers with which to work. Worse, risk-based decisions are rarely made, and the emotions of fear or

greed take over depending on the moment, the environment, or the whim of the execu-tives in charge. When there is some form of enterprise risk management, security risk often falls to the bottom of the list (if it makes it there at all). Therefore, the risk equation that you choose must be able to provide wisdom and guidance for the enter-prise/executives to cross that chasm. And yet it must be flexible enough to be altered and incorporated into the most complex of enterprise risk theorems available today. This will allow you to make sure executives buy in to your process so that security risk taking is not dismissed.

4 Expand the discussion beyond auditsAudits are checklist focused. That is,

there is a yes or no, right or wrong, in place or not in place checklist where you have to choose a binary answer. Auditors know controls. And while the ability to include controls from the various regulations is an important factor in a risk equation, executives are not interested in them on the whole unless they have to be (thus the audit). If you’re going to go between execu-tive management, security, risk manage-ment, and audit, you’ll need to appease all, but stand for something. This will improve the ability of the organisation to communi-cate regarding their compliance and secu-rity issues, as ultimately an organisation’s upper management decides—based on the goals as a whole—how much risk to take

When there is some form of enterprise risk management, security risk of-ten falls to the bottom of the list (if it makes it there at all)

Illu

st

ra

tIo

n b

y p

ho

to

s.c

om

66 October 2012

T E C H F O R G O V E R N A N C E | S E C u R i T y

on. This isn’t something for security professionals to hold the risk.

5It should be able to help you politically and personally

This is a tall order for any cal-culation…help you politically and personally? How’s it going to do that? Well, for you to get your point across and improve your standing with other executives, you’re going to have to connect with them in their heads and hearts. Remember, people make decisions intellectually but they buy in to your ideas emotionally. If it is easy to under-stand from a 10,000-foot level, it can be used to lead the discussion with executives in a way that protects their pride when they don’t know something. When reporting on risk, if you start with the simple and move to the complex, they’ll be able to follow and ask good questions. Those questions will help them understand that ultimately risk decisions are up to them and that they need someone like you to give them the straight scoop. In the new era of big data, decision-able data will win the day for you and them, and they’ll be complimenting you for it!

6Ideally, it would be cost effectiveInitially, using or implementing a risk

equation into your framework should not be more expensive than the security budget itself! Typically, fixing everything in security or adding in every control under the sun is not feasible, and this may be the case with many parts of a robust risk framework. As with anything in a company or household, the cheaper it is to get something done, the better chance you have of getting started. With risk equations in general, it ideally could be incorporated into another part of the budget with only an incremental increase. With compliance audits, penetra-tion testing and risk assessment budgets what they are, the entry point for align-ing security to risk would be in the same order of magnitude. Really, starting with a risk equation could be only marginally more expensive, or even free, depend-ing on the time you have to dedicate to another endeavor. Ultimately, in order to

be effective, any security or risk management programme is a process—it doesn’t end. Thus the spending doesn’t end, and when that happens, cost is even a bigger factor than normal.

7 It should be practicalBy practical, we mean a risk equation should be doable

for the majority of companies out there. It would be fantastic

if it takes advantage of what you’re already doing. While most organisations aren’t prac-ticing risk management in their security program, they are practicing security man-agement. Regular assessments of vulner-abilities (through scans and pentests) and controls are commonplace. As an industry, we’ve gotten to know those two areas very well over the last five years. Starting with those two variables of a risk equation gives a security programme a huge jumpstart over tackling much greater challenges of com-plexity and cost, as opposed to starting with something like data classification, threat probabilities, or asset values. The downside is of course that these are important things to know for risk management, and in a perfect world you could have these to start. Since few live in a perfect world, starting from practical and moving to ideal is usually a better way to go.

8 It’s defensibleAt some point you will be called to the stand to defend yourself and your deci-

sions. From our experience with breaches, 7 out of 10 times when there is a breach, someone gets fired. So before that hap-pens, it would be wise to get the story down of why or why not you did or didn’t do something. While there are many ways to talk yourself out of a bad situation, if you have a quantifiable means of backing up your decisions, it’s going to go a long way toward building your stature and standing. A risk equation, at it’s core, seeks to make risk measurable so it can be managed. That measurement aligns the activities of the security programme with the appropriate controls to meet the organization’s strategy and risk limits. In addition, because ISO and NIST and COSO are so well known (and well defended) if the equation or tax-

onomy is able to be built into some of the standards, it makes it that much easier to hold up to scrutiny.

9 It has a path to grow more specific/accurate as the risk management programme

maturesTo use an analogy, if you just have started cooking, you don’t start off trying to make Baked Alaska. You work your way into it, starting off with scrambled eggs or buttered noodles with an eye on being the Iron Chef. Thus you start with defining risk because you can’t optimise what you haven’t defined. From there, we work into the simple equa-tion or part of the equation, which admit-edly is not going to be truly accurate when you start. Then as the risk management pro-gram matures, the equation should allow you to trade some simplicity for increased accuracy and explanatory power. It’s this path that makes an equation so powerful. We always want to know where and why we’re taking educated guesses and how much it will cost (in time and effort) to get there. If we need to ramp up or down the level of effort, we’re able to.

10 It should be usefulLast but not least, it should be use-ful. This is, of course, the most

important component of a risk equation. In some way, the equation or taxonomy or ordered categories should enhance an organisation’s ability to both assess risk and prevent future attacks or critical incidents. This latter one does tend to get diminished, in that they see the forest, but forget the trees. High level decisioning from strategic consultants often underestimates the bur-den on the poor security and IT folks that are left having to implement all of this when they have a hard enough time getting their job done as it is. There are only so many controls in a security programme. Most security professionals are well aware of the majority of them. With budgets as they are, one typically can’t do them all, so the risk equation must ultimately refine the security programme’s controls (i.e. what needs to be done by security professionals based off of risk. Therefore, it should assist in the allo-cation of capital to its highest and best use by measuring and estimating risk of loss.

2mniT jObS TO bE CREATEd iN THE uNiTEd STATES by 2015 TO SuppORT

biG dATA

67October 2012

m A N A G E m E N T | T E C H F O R G O V E R N A N C E

Ideal world and real world are often at a crossroads,thus the equation you choose.

SummaryWe at SecureState used this guideline when determining which equations or taxonomies we wanted to align with. After reviewing each one that we’ve come across, we’ve concluded that two are best suited for commercial organisations (one we created) depending on the internal funding and political circumstance they find themselves in: FAIR and iRisk. FAIR (Factor Analysis of Information Risk) is fort hose that are look-

ing to handle more than just security, and really are looking at risk from a top-down perspective. It’s very robust and compre-hensive, and is best when funding and the temperature for security risk management are high or on the upswing.

From a bottom up perspective, the iRisk equation for the security-risk focused organisations (or the security group) let’s you start from where you are with activities you are already doing. There’s less investment in both time, money and resources. The tradeoff is that many inputs one would typically see are additive, mean-

ing they’re not baked in from the beginning. They can be added in later (asset value and classification as an example).

While there is a path from iRisk to FAIR, in essence each risk management philoso-phy is like it’s own religion. It depends on what your motivations are for buying into one or another, what you’re looking to get out of it, what downsides you’re willing to accept to gain the upside. —This article is printed with prior permission from

infosecisland.com. For more features and opinions

on information security and risk management,

please refer to Infosec Island.

Agreements Kill Privacy, But Can They Create It Too?firms should detail in their service agreements that they will keep user data confidential By Hanni Fakhoury

With more people constantly connected to the Internet, technology companies are becoming massive reposito-

ries of sensitive and personal information.Our communications with family and

friends now sit stored on servers belonging to Google or Facebook. Cell phone compa-nies keep track of our location by record-ing every time we connect to a cell phone tower for up to two years.

Unfortunately, the Fourth Amendment has not kept up with this technological real-ity. And a recent case decided by the Ninth Circuit Court of Appeals, United States v. Golden Valley Electric Association (PDF), highlights the increasing way constitutional rights are adjudicated when it comes to data stored by other companies: through the service agreement a user enters into with a company. First, some background. The Supreme Court long ago ruled that users lose their expectation of privacy when they Il

lus

tr

at

Ion

by

ph

ot

os

.co

m

68 October 2012

T E C H F O R G O V E R N A N C E | m A N A G E m E N T

turn information over to third parties. The "third party doctrine" has been used by the government to justify warrantless acquisi-tion of cell site tracking records, Twitter account information, and email. They've argued these records belong to the compa-nies, so a user can't complain when the data is turned over to the government.

Ultimately, this means that your con-stitutional rights are in the hands of the companies storing your data. Given the ever increasing demands of law enforcement, companies have little time or resources to fight for user privacy. That means compa-nies have an enormous amount of power in determining your privacy rights. As we've documented in our "Who Has Your Back" campaign, many of the biggest and most popular tech companies have work to do in fighting for user privacy.

A 2010 case from the Sixth Circuit Court of Appeals highlights how a subscriber agreement that governs the relationship between a company and user can poten-tially become a black hole where the Fourth Amendment goes to die. In United States v. Warshak, the Sixth Circuit became the first federal appellate court to rule that people had a reasonable expectation of privacy in their emails notwithstanding the fact that email typically passes through a third party, the email service provider.

That meant law enforcement needed a search warrant to obtain the contents of emails. ButWarshak noted it was "unwill-ing to hold that a subscriber agreement will never be broad enough to snuff out a rea-sonable expectation of privacy."

So although the email provider in the Warshak case didn't say anything

about whether it would "audit, inspect, and monitor" emails, messages stored by a service provider that did say it would monitor email in a subscriber agreement wouldn't necessarily be protected by the Fourth Amendment. In short, the court said companies have the ability to strip you of your Fourth Amendment rights. As troubling as that seems, the flip side is that presumably faced with silence -- like theWarshak service provider -- or even an affirmative statement by a service provider that it will protect your privacy, a reason-able expectation of privacy could still exist. Or stated differently, a service provider can also give you Fourth Amendment protec-tion if it promises to safeguard your privacy. The Ninth Circuit addresses this precise issue in Golden Valley. The case revolved around a small cooperative utility provider in Alaska, that received an administrative subpoenaissued by the DEA seeking cus-tomer records it believed were relevant to a criminal investigation.

These records included things like the subscriber's name, telephone number, method of payment (including credit card numbers or checking account information), and service initiation and termination dates.

The most important thing the govern-ment sought, however, was energy consumption records. By determining whether energy levels were elevated in spe-cific houses, the agents believed they could pinpoint locations where marijuana was being grown.

Addressing a very similar situation in 2001, the Supreme Court in Kyllo v. United States ruled that the police needed a search warrant to use a thermal imaging device to measure heat levels in a residence, since the

devices could reveal intimate details about the interior of a home.

To get around Kyllo, the government sought to get the records from Golden Valley directly instead of planting a police officer in front of the houses, ultimately avoiding the need to get a search warrant. That's because the records belonged to Golden Valley, and therefore, the govern-ment argued, customers had no expectation of privacy in them. Golden Valley chal-lenged the administrative subpoena, a rare act for a company to take, and raised the argument suggested by Warshak: that since it had a company policy of protecting user privacy, a search warrant was required to obtain this information. The Ninth Circuit, however, rejected Golden Valley's argument, finding that Golden Valley failed to show any explicit customer agreement promising to keep records confidential.

At first blush it may seem that Golden Val-ley highlights a lose-lose situation for users created by the third party doctrine: provid-ers can take away your Fourth Amendment rights in their service agreements, but in the rare instance when they make an effort to preserve your rights by promising to pro-tect your privacy, it doesn't matter anyway because the "records" (created with your data and activity) aren't yours.

But the Ninth Circuit really left a far more important privacy opening. It noted that in some circumstances, "a company’s guaran-tee to its customers that it will safeguard the privacy of their records might suffice to jus-tify resisting an administrative subpoena." In the specific case before the court, Golden Valley's policy did not rise to a sufficient level of specificity.

But going forward in the future, other companies storing sensitive, personal infor-mation need to take advantage of Golden Valley's suggestion that service agreements can be more than just a black hole. They should explicitly detail in their service agree-ments that they will keep user data confi-dential and that they will stand up for users' privacy by challenging government attempts to obtain data without a search warrant.

—This article is printed with prior permission from

infosecisland.com. For more features and opinions

on information security and risk management,

please refer to Infosec Island.

A 2010 case from the Sixth Circuit Court of Appeals highlights how a subscriber agreement that governs the relationship between a company and user can potentially become a black hole

How can you effectively manage

cybersecurity, mobile security and

cloud security?

How can you make sure the

technology supply chain is

secure?

What are the best approaches to maintaining effective GRC initiatives?

How can you establish

leadership in aligning security to the

business?

How to adapt Enterprise

Security to the new realities ?

Join India's Leading Security practitioners in their quest to understand the security trends and challenges, and indeed,

develop a road-map to secure your organisations

FOR ANY QUERIES, PLEASE CONTACT: Astha Nagrath Khanna , astha.nagrath@9dot9.in, Ph: 9902093002

Event by Associate SponsorsPresenting Sponsor

Date: December 6 - 7, 2012

Venue: Jaypee Greens Golf and Spa Resort, Greater Noida

FIND ALL YOUR ANSWERS AT THE

Register Now ! http://tinyurl.com/csosummit

ThoughT Leaders

“The demand on ease and availability of data opens up a lot of questions — how do you regain control, secure data and protect yourself better”

Monish DarDa, Co-Founder &

CTO, ICERTIS

Monish DarDa |

computing makes possible more frequent planning runs that use all available data, delivering efficiencies previously just not possible. At Icertis for example, our transportation man-agement system has delivered up to 35 percent cost savings, running the planning engine on the cloud, again with economic rationale.

Evolution of information sharingWhy is it that many enterprises struggle when setting up and imple-menting a successful cloud strategy? And what are the drivers that can make cloud computing effective and rational? To understand this better, let us look at how information shar-ing has evolved, keeping in context the fact that the pace of evolution in recent years has been extremely fast. Business demands, including much closer relationships with partners, vendors and customers, as well as increased compliance and corporate responsibility are driving the need for exposing more information out-side the enterprise than ever before.

Business users, riding the storm

One Of my favorite descriptions of cloud computing comes from Dr. Ramnath Chellappa of Emory Uni-versity, who is widely attributed to have made the first known academic usage of cloud computing: “A com-puting paradigm where the boundar-ies of computing will be determined by economic rationale rather than technical limits alone”, he described. Simply put, if you have the use case and the money, computing (and stor-age, and bandwidth) will cease to be a bottleneck; and that is what enter-prises around the world are discover-ing. Problems that they knew could not be solved, because the capital investment required in computing power did not justify the returns; and problems that they looked to formu-late and solve in fundamentally new ways, can now be solved, and with economic rationale!

Cloud in the Enterprise:Here is a great and a simple example of how cloud computing is being utilised: For long, enterprises have collected “click-streams”; data logged about visitors to their business web

sites. This data, stored unused so far, has the potential to unlock user behavior patterns, allowing busi-nesses to bring more efficiency and increase profits by recognizing and using these patterns to market and sell better.

Due to the data sizes of these click-streams sometimes running into terabytes, analysis of this long term data till very recent time did not justify the investment required in computing resources. Cloud com-puting allows for such analysis to be economically feasible and viable - you can now potentially hire hundred 8-way servers for an hour, to run an analysis on this stowed away data and unlock its potential.

Another great example of the cloud’s very real application to an enterprise problem: transportation systems in the enterprise have to plan their cargo, fleet or people for optimal utilisation and costs – this planning is compute intensive, and has traditionally been done infre-quently, on restricted data sets to keep infrastructure investments within economic limits. Now, cloud

On the Razor’s Edge: Applying the Cloud to the Enterprise Our transportation management system has delivered up to 35 percent cost savings, running the planning engine on the cloud

70 October 2012

Enterprise Information in the extended enterprise

of smart hand-held devices, find that it is so easy to share their personal world with their friends, family and the entire world, and are demanding to know why this still cannot be done with their business information and with vendors, customers, prospects and potential prospects. Rather than the CIO driving technology strategy, the business is now trying to catalyze this change by learning from con-sumer experience and trying to bring it to the enterprise.

That is why SalesForce is such a no-brainer for most organizations – a pay-as-you-go model with sales data easily accessible anywhere in the world on almost any device on the Internet; where all that is needed to subscribe is a credit card. This becomes a very compelling example of business driven computing at its best. No requisitions, no long approv-als, no IT dependencies, no long procurement cycles – it is just there for you, and your customers!

The Cio dilemmaThe demand on ease and availability of data opens up a lot of questions – how do you regain control, secure data and protect yourself better against malicious users and inadver-tent user errors? How does the IT organization come to terms with not maintaining their own servers, and not owning the networks that their data resides on? In many cases, they start by feeling threatened! Cloud is forcing companies to reassess the way they have approached the IT structure; an expected reaction that is inappropriate in today’s business condition. That is where most enter-prises struggle today when it comes to adopting cloud computing appro-priately, efficiently and safely.

Having been witness to successful cloud implementations, I have a phi-losophy to suggest – Occam’s razor! And it fits right in.

Wikipedia: Occam's razor (also written as Ockham's razor, Latin lex parsimoniae) is the law of parsimony, economy or succinctness

Occam’s razor or the law of parsi-mony, economy or succinctness- is a philosophical principle that seems built for the cloud! When it comes to enterprise cloud strategy, keep-ing things simple is the key. Let us explore some of the key ingredients of a successful cloud strategy based on the principles of parsimony, econ-omy and succinctness.

Cloud adoption – keeping it simple and doing it right Assess Cloud Security and Applica-

tion Security separately: an applica-tion on the cloud has a much bigger attack surface because it is potentially accessible to a lot more people. Cloud data centers like Microsoft, Google and Amazon are some of the best protected data centers in the world – at a volume that even some of the largest enterprises in the world can-not match. So, simply put, getting your application’s security right is critical rather than convoluted dis-cussions on what the cloud does to security. If the application is secured, chances are that overall security will be better than an on-premise applica-tion. Be aware that for certain appli-cations and countries, compliance issues are still open. Keep things simple when it comes to security and focus on the basics. Start with Return on Investment

(RoI): Any cloud investment discus-sion should start based on RoI. This discussion can be enlightening – up-front costs that might kill some projects in infancy can take flight in the cloud. Uncertainty about use and scale of an application is another great candidate to consider for the cloud – applications can start small, and stop at any time; there is no hardware baggage to carry. Work on the business use case, and reduce clutter – focus on what the business needs are, details are handled much more easily in the cloud. And return on investment is the simplest way to guarantee support for your projects. Be careful of migrations: Many

organizations initiate their cloud

strategy with migrating existing applications to the cloud. This is fraught with pitfalls – be careful. Migrating legacy apps running on old hardware seldom provides the right RoI, unless software licenses are up for renewal. Also, many a time, the benefits of the cloud cannot be realized fully without carefully thinking through application archi-tecture and deployment.

The right mix of new applications combined with migrated applications can deliver good RoI. Select applica-tions that are simple to move, and are minimally interdependent on on-premise resources. Think differently: Agile organiza-

tions are amenable to change, and the cloud is the catalyst for change. Use the catalyst to your advantage – select business processes and identify products that can help you leverage the cloud to your advantage. That is one reason we at Icertis chose ERP surround as the space to build our cloud suite of products – contract lifecycle management, partner rela-tionship management and transpor-tation are some areas that can simpli-fy business processes and bring the extended enterprise together.

Public Data

Prospects

Customers

Partners

Private Data

71October 2012

M o n I s h D a r D a | T h o u g h T L E a D E r s

72 October 2012

VIEWPOINT

recently due to a busy fall sched-ule, I was giving up and bringing the boat to the yard to be dealt with for the winter and readied for spring. I’m always bummed out when it’s time to end the season. Boating, like IT, is not a game of absolutes. Stuff happens. Sometimes both will beat you in the head with a baseball bat.

I should have known that things weren’t going to go as smoothly as I’d like when I woke up and saw that the perfectly sunny day in front of me was going to have 20MPH+ winds and 3-4 foot seas. That’s boat-ing talk for “get ready to get kicked in the head for two hours.” Alas, it was my window. First I had to clean out the boat and take valuable stuff off of it, like booze. I enlisted the help of a friend — a well qualified accomplice, Neil. Neil is a professional bartend-er. From Miami. Thus, comfortable with both booze and water.

Neil and I went down to the dinghy dock, where I obnoxiously keep my “dinghy” (which is really a 17’ skiff that I use as my own water taxi) only to find said skiff was not there. Oh oh. I grabbed a passing harbormas-

For reference purposes, the trip was approximately 20 miles. The boat I have has a “flybridge” mean-ing I sit way up top, high up, out of the way of everything with great vis-ibility to drive. I specifically bought this type of boat because it has a ton of outdoor sunning area, but inside is like a condominium. It has a second “helm” inside (redun-dant system to drive) — which I specifically bought in case weather became an issue some day. Guess what? Weather became an issue. The winds were so strong and I was heading perpendicular to the waves so that for the length of the journey, I was pelted with eye burning wind whipped ocean. Now the funny part — I couldn’t figure out how to switch helm control to the nice, warm, dry interior control station. I had to sit and try not to die. It was touch and go for a bit. My 28,000 pound boat was being tossed around like it was a toy. I couldn’t see because I was con-stantly pelted with waves crashing on my head. The wind and current were pushing me way off course. In short, it sucked.

ter guy (87 years old at least) and asked if someone from their office may have moved my skiff. He said no, but that he thinks it might have floated across the harbor and landed on the beach of Chappaquidick (yes, that Chappaquidick, of Ted Ken-nedy fame). He took me to look. 50 yards away I saw my skiff neatly tied to a mooring. When I told the capt. that was my skiff, he said “Oh yeah, I found that floating and tied it there.” Why he didn’t recall that ear-lier is another matter. He is 87 after all. I untied said skiff and headed back to the dock to pick up Neil. Neil tied the skiff on to the big boat and we began removing all the evidence of a summer well spent and a liver poisoned. Minutes later, we were ready to head back and haul out the skiff for the season, only to exit the big boat and see the skiff floating 100 yards away - and moving at a good clip. Neil can fix a mean cocktail, but his knot tying is somewhat sus-pect. We then looked like morons chasing a little boat around the har-bor in a big giant boat. That added 30 minutes of folly to the day.

The Perfect Storm Boating and IT

STEVE DuPlESSIE | steve.duplessie@esg-global.com

About the Author: Steve Duplessie

is the founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

illu

st

ra

tio

n b

y p

ho

to

s.c

om

With Riverbed, you’ll get breakthrough performance

–whether yours is a private, public or a hybrid cloud

environment. You’ll have greater �exibility to implement

your cloud strategy and business goals. And you’ll have

resilience when you need it the most.

You’ll have your cloud on your terms.

Go to:riverbed.com/hybridcloud

For any queries, please contactmarketingindia@riverbed.com

YOUR CLOUDPRIVATE, PUBLIC OR HYBRID. OPTIMIZED FOR PERFORMANCE.