august issue

GrowthInnovative IT architecture, agility and

a spirit of risk-taking are fuellingthe growth engine

| PAGE 22

Resetting for

Quality in SoftwarePAGE 18

A QUESTION OF ANSWERS

Mobile SecurityPAGE 13

BEST OF BREED

Summer ThoughtsPAGE 56

VIEW POINT

S P I N E

Technology for Growth and Governance

CT

O

FO

RU

M

A 9.9 Media Publication

Volume 05 | Issue 24

FE

EL

ING

TH

E P

UL

SE

| MA

NA

GE

CH

AN

GE

| TH

E H

IDD

EN

LIN

K

August | 07 | 2010 | Rs.50Volume 05 | Issue 24

EDITORIALRAHUL NEEL MANI | [email protected]

1thectoforum.com 07 AUGUST 2010CTO FORUM

The Growth Agenda Stories

that inspire.

A few weeks ago amid tor-rential rains in Mumbai, I

met a few very senior CIOs and IT strategists. The CIOs were from across the industry spec-trum, providing me a peep into the growth plans of major busi-nesses in different verticals.

Economic recession has indeed impacted the industry. These business strategists have however bounced back and are busy preparing for a big leap –

Choksi is laying out a roadmap for the future which includes a business continuity plan that will safeguard the company from not only IT related disasters but also other disruptions caused by natural calamities, labour strikes, logistical failures, etc.

Subhakanta Satpathy who is the Vice President, IT at Axis Bank had a different story to tell. Despite the banking indus-try bearing the brunt of the economic recession, Axis Bank decided to take a very bold step to prepare itself for the next level of growth. The bank decided to move on to the next-generation core-banking platform from Finacle (Infosys). In the course of migration, the bank had to navigate through unchartered waters. Elaborate planning paid off and in May this year the bank

responding to the next growth opportunity. The industry is determined to put the bad times behind it.

Manish Choksi, Chief of Corporate Strategy and CIO of Asian Paints, India’s largest paint manufacturer is a case in point: the negative sentiment didn’t deter the company from taking bold steps towards re-examining its strategy as well as its IT architecture.

went live on the new platform, defying skeptics who thought the move was doomed to fail.

Alpana Doshi, the CIO of Reli-ance Communications, one of India’s largest telecom service providers, is determined to live up to the growth plans of her company in letter and spirit. Doshi is ramping up the whole customer service infrastructure while the company prepares for the 3G launch, and at the same time has made a robust plan to launch new value added services.

These stories are featured in this issue, reasserting the fact that corporate India is ‘resetting for growth’.

EDITOR’S PICK18 Quality in Software

Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ), talks about the need for standards in software development.

2 07 AUGUST 2010 thectoforum.comCTOFORUM

CO NTE NT S THECTOFORUM.COMAUGUST10VO

LUM

E 05 |

ISSU

E 24

COVER STORY

22 | Resetting for GrowthInnovative IT architecture, agility and a spirit of risk-taking are fuelling the growth engine. We look at how savvy CIOs looked beyond the troughs of the recession, even making infrastructure investments.

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o K.P.T House, Plot Printed at Silverpoint Press Pvt. Ltd. TTC Ind. Area, Plot No. A-403, MIDC Mahape, Navi Mumbai 400709

COLUMNS04 | I BELIEVE:FEELING THE PULSE

Dr. Neena Pahuja CIO, Max Health-care on how technology is ready to change the quality, reach and cost of healthcare.

56 | VIEW POINT: SUMMER THOUGHTS

Focus on small things to make a big difference. BY STEVE DUPLESSIE

FEATURES40 | NEXT HORIZONS: THE SAAS ROMANCE When it makes sense to woo the cloud for security, and when it doesn’t.BY MATT SARREL

Please Recycle This Magazine And Remove Inserts Before

Recycling

22

CO

VE

R D

ESI

GN

BY

: PC

AN

OO

P

CO NTE NT S THECTOFORUM.COMAUGUSTAUGUST10VO

LUM

E 05

3thectoforum.com 07 JULY 2010CTO FORUM

AUGUST10 VOLUME 05 | ISSUE 24 | 07 AUGUST 2010

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das Mathur

EDITORIALEditor-in-chief: Rahul Neel Mani

Executive Editor: Geetaj ChannanaResident Editor (West & South): Ashwani Mishra

Associate Editor: Dominic KAssistant Editor: Aditya Kelekar

Principal Correspondent: Vinita GuptaCorrespondent: Sana Khan

DESIGNSr. Creative Director: Jayan K Narayanan

Art Director: Binesh Sreedharan Associate Art Director: Anil VK

Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha

Sr. Designers: Prasanth TR, Anil T & Suresh Kumar Designer: Sristi Maurya

Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

ADVISORY PANELAjay Kumar Dhir, CIO, JSL Limited

Anil Garg, CIO, DaburDavid Briskman, CIO, Ranbaxy

Mani Mulki, VP-IS, Godrej IndustriesManish Gupta, Director, Enterprise Solutions AMEA, PepsiCo

India Foods & Beverages, PepsiCoRaghu Raman, CEO, National Intelligence Grid, Govt. of India

S R Mallela, Former CTO, AFLSantrupt Misra, Director, Aditya Birla Group

Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices

Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

Vijay Mehra, Former Global CIO, Essar Group

SALES & MARKETINGVP Sales & Marketing: Naveen Chand Singh

National Manager-Events and Special Projects: Mahantesh Godi (09880436623)Product Manager: Rachit Kinger

Asst. Brand Manager: Arpita GanguliGM South: Vinodh K (09740714817)

Senior Manager Sales (South): Ashish Kumar SinghGM North: Lalit Arun (09582262959)

GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284)

PRODUCTION & LOGISTICSSr. GM. Operations: Shivshankar M Hiremath

Production Executive: Vilas MhatreLogistics: MP Singh, Mohd. Ansari,

Shashi Shekhar Singh

OFFICE ADDRESSNine Dot Nine Interactive Pvt Ltd

C/o K.P.T House,Plot 41/13, Sector-30,Vashi, Navi Mumbai-400703 India

Printed and published by Kanak Ghosh forNine Dot Nine Interactive Pvt Ltd

C/o K.P.T House, Plot 41/13, Sector-30,Vashi, Navi Mumbai-400703 India

Editor: Anuradha Das MathurC/o K.P.T House, Plot 41/13, Sector-30,

Vashi, Navi Mumbai-400703 India

Printed at Silverpoint Press Pvt. Ltd.D 107,TTC Industrial Area,

Nerul.Navi Mumbai 400 706

www.thectoforum.com

13 | BEST OF BREED:SECURING YOUR MOBILE WORK-FORCE Mobility is bringing benefits but are you taking the necessary precautions?

REGULARS

01 | EDITORIAL08 | ENTERPRISE

ROUND-UP49 | HIDDEN

TANGENT

advertisers’ index

VERIZON IFC

LG 05

DELL 07

SAS 11

IBM 17 & IBC

CANON BC

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

53 | HIDE TIME: DIPESH THAKAR, CTO, DESTIMONEYFor a CIO who plans the road map for an organisa-tion, it’s getting to the finish point that really matters.

13 53


18 | Quality in Software. Dr. Bill Curtis, Director, Consortium for IT Software Quality talks about the need for standards in software development.

18

I BELIEVE


CURRENTCHALLENGE

BY DR. NEENA PAHUJA CIO, Max HealthcareTHE AUTHOR has more than 24 years of software development, consulting and

internal IT support experience.

HEALTHCARE IS AN INDUSTRY THAT WORKS 24X7X365. THIS NOT ONLY PUTS A LOT OF PRESSURE ON THE SYSTEMS BUT THE QUALITY OF LIFE OF CARE PROVIDERS.

AFTER changing the transactional efficiencies in financial and manufac-turing industry, I strongly believe that technology is ready for healthcare.

With advancement of technology in medical devices and availability of strong analytical engines, the focus will move to early diagnosis.

Also, the whole world is focusing on innovative ways to reduce healthcare costs. Coupled with that are steps for standardisation of

information to enable portability of data. Healthcare providers are now creating strategies to convert their ‘Hospitals’ to ‘Care Providers’.

The clinicians are relying more on IT systems as they now provide better performance, scalability, and reliability with techniques like auto load balancing, clustering and virtualisation.

Healthcare is an industry that works 24x7x365, with virtually no ‘holiday’ across the year. This not only puts a lot of pressure on the systems but the quality of life of care providers. Some of the new col-laboration techniques not only help in saving lives but help improve the work life balance for these clinicians.

We at Max Healthcare have also started on a journey of implemen-tation of a system to capture elec-tronic health records of patients. The thought is also to integrate the fragmented data about patients in different forms to one window to bring-in focused care. The product will maintain complete patient his-tory, information on all drug allergies and past medical records of patients. I strongly believe that over a period, we will be able to clinically aggregate this data and provide better care to our customers.

Analytics on this data can help us move from curative to preventive healthcare. Also built-in support tools like the drug database can ensure that there are no drug-to-drug interactions on the patients.

I also see an emergence of lot of low cost innovative tools to support data flow, handwriting and voice recognition. We will additionally see some new and small medical devices to reach the remote patient. I already see a large number of initiatives in healthcare industry across on dynam-ic queue and resource management to improve patient satisfaction.

Feeling the PulseTechnology is ready to change the quality, reach and cost of healthcare

PH

OT

O B

Y S

UB

HO

JIT

PA

UL

6 21 JULY 2010 thectoforum.comCTOFORUM

LETTERS

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how

to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

18 21 JULY 2010 thectoforum.comCTO FORUM 19thectoforum.com 21 JULY 2010

CTOFORUMIL

LUS

TR

AT

ION

BY

SA

NT

OS

H K

US

HW

AH

A

Cloud is a fitting term for something so shrouded in mystery and hard to grasp. It is being pushed hard by the vendors - and it is getting more and more difficult for CIOs to stay anchored and not be

swept away by the buzz.

COVE R S TORY CLO U D COM PU T I N G

19thectoforum.com 21 JULY 2010CTOFORUM

ILLU

ST

RA

TIO

N B

Y S

AN

TO

SH

KU

SH

WA

HA

GETYOURHEADIN THECLOUD

AllTanked UpPAGE 30

LITTLE GIANTS

Cloud is not a ProductPAGE 10


Infosec Game Plan

CSO FORUM

The cloud is getting more mysterious, look before youstep on this shaky ground | PAGE 18

S P I N E

Technology for Growth and Governance

CT

O

FO

RU

M

A 9.9 Media Publication

Volume 05 | Issue 23

LIN

KE

D T

O T

RO

UB

LE

| FAS

T T

RA

CK

| 10 ST

EP

CIO

HA

ND

BO

OK

July | 21 | 2010 | Rs.50Volume 05 | Issue 23

HP VS. CISCO – BY STEVE DUPLESSIEI think you’re on to something here, Steve. I’ve been doing some

work for HP lately and am impressed with the depth of network-

ing equipment they can now offer. Essentially, 3Com gives them

the core networking equipment to add to their existing edge

switches. I've been covering enterprise networking for more than

20 years, and have followed Cisco since its inception. I’ve seen

lots of would-be competitors (Bay, Cabletron/Enterasys and, yes,

3Com) fail to make a dent in Cisco’s market lead, but this time's

story seems to be different...

PAUL DESMOND, President of IT content firm Paul

Desmond Editorial Services (PDEdit)

“From a risk management stand-point, any risk management ac-tivities should not exist in isolation, but should exist in a corporate context, as a part of an enterprise wide approach to risk manage-ment. The days of one department or function managing risks in its own little bubble are gone. Risks can impact an organisation at multiple touch points.”DARREN HARROP, Director,

Epiphany Organisational Resilience.

CTOForum LinkedIn GroupJoin close to 500 CIOs on the CTO Forum LinkedIn group

for latest news and hot enterprise technology discussions.

Share your thoughts, participate in discussions and win

prizes for the most valuable contribution. You can join The

CTOForum group at:

www.linkedin.com/groups?gid=2580450

One of the hot discussions on the group is:

Do non technology professionals make better

CIO/ CTOs?

Do you think CIOs need non-IT business

experience? How does it help shape their

careers? Does it have a big impact?

Technology per se may be academically challenging to a

CIO, but it should be adaptive enough to solve a business

problem. The information push by the vendor is a part of

the whole process in achieving information liquidity and

much required agility in the value chain.

—Subrato DasVP-GSM-IT, Reliance Communications. Yes and No! CIOs or CTOs with business knowledge are

not born. Thus, the question does not hold water. What

makes sense would be to ponder whether the education

and role play for each technology employee should be

groomed around a business function thus creating true

Chief "Information" Officers.

—Titus SequeiraExperienced Technical and Business Program Management Professional, Toronto, Canada.

WISE BY FAILURESLearn from your failures. Don't just preach, practice it!

“By appraising failed projects, we learn what not to do the next time around. But by appraising successful projects, we learn what to do, and what to do better next time.”To read the full story go to:

http://www.thectoforum.com/content/wise-failures

CTOF Connect In a one-of-its-kind feature, the CIO of Hero Honda Motors India, Vijay Sethi, interviews Ravi Sud, the company's CFO, on what role IT should play in an organisation and how he uses IT to solve other problems. To read the full story go to:

thectoforum.com/content/my-trump-card

OPINION

SHARAT MATHUR GM-IT, Centre for Railway Information Systems (CRIS)



Enterprise

ROUND-UP

INTERVIEW INISDE

Commonwealth Games to go green in

New Delhi Pg 10

EXPECTED GROWTH OF INDIAN IT SECTOR IN 2010.

Worldwide SaaS revenue to exceed USD 8.5 b in 2010. Rapid adoption contributes to growth across markets.THE SAAS market is tipped to grow by almost 14.1% in 2010 surpassing the 2009 revenue of USD7.5 billion according to Gartner Inc. The rapid adoption of SaaS has contributed to growth in varying degrees across the enterprise soft-ware markets. There will be a shift in total SaaS revenue from just over 10 percent of the combined markets in 2009, to more than 16 percent of these combined markets in 2014. Gartner defines SaaS as software that is owned, delivered and managed remotely by one or more

providers. The provider delivers an application based on a single set of common code and data definitions, which is consumed in a one-to-many model by all contracted customers anytime on a pay-for-use basis or as a subscription based on use metrics. "After a decade of use, adoption of SaaS continues to grow and evolve within the enterprise application markets. As tighter capital budgets demand leaner alternatives, familiarity with the model increases, and interest in platform as a service and cloud computing grows," said Sharon Mertz, research director at Gartner.

10%DATA BRIEFING

SOURCE : NASSCOM

PH

OT

OS

BY

PH

OT

OS

.CO

M

E N T E R PR I S E RO U N D - U P


According to a recent In-stat research, it has been estimated that the number of Wi-Fi devices will increase from 500 million in 2009 to over 2 billion in 2014. Devices include set top boxes, Blu-ray players, game consoles and others.

QUICK BYTE ON WLAN & DEVICES

Sify to partner with VMware on the cloud. To offer customised cloud-based solutions.SIFY has announced an alliance with VMware to allow the expansion of Vmware's Service Provider Program (VSPP) in India. It has also enabled Sify to provide on-demand cloud hosting services utilising the VMware vSphere 4 platform.

This will allow Sify to offer greater degree of virtualised infrastructure to its clients, which can be customised as per customer requirements in a streamlined and simplified manner. In joining the global VSPP, Sify will allow Indian firms, of all sizes, to utilise the offered computing capacity in a secure way. Customers can use the service in the way of renting VMware licenses on a monthly “pay-as-you-go” basis.

The model will mean that firms can operate within the confines of their firewalls and beyond, how they want, when they want and control the extent helping ensure a strict quality of service for all applications that are deemed to run, whether inter-nally or in form of services.

This agreement will help Sify leverage the fledgling cloud market in India by offering cloud-based and cost-efficient solutions , all tailor made as per require-ments and more so , be available by means of a simple delivery model.

THEY SAID IT

MICHAEL DELL

Dell CEO, Michael Dell spoke to attendees of the Citrix Synergy user conference in San Francisco contending that the PC can never be killed off by mobile devices. Instead, he foresaw an interactive future where users own an increasing number and variety of devices, each capable of looking like the other via desktop virtualisation, served by virtual networks and the cloud.

"What’s converging is the data, not the device, It’s not clear that one device replaces another. Some are better for carrying with you. Others are for consuming content, others are better for creating content”

—Michael Dell,

CEO , Dell

others are better for creating content”

—Michael Dell,

CEO , Dell

E NT E R PR I S E RO U N D - U P


Application Retirement. Raghu Kodali, VP, Product Marketing, Solix Technologies in an interaction with Rahul Neel Mani.FROM a CIO's perspective, how important

is it to streamline the IT infrastructure while focusing on upgradation of key enterprise apps? How can CIOs do it without much dis-ruption in their business processes?Application vendors provide periodic upgrades to their solutions which either provide better technology or better function-alities or both and occasionally also remove certain known issues with prior versions. While it is important that customers keep up-to-date with latest versions, the upgrade process by itself can become quite ponder-ous and seriously impact internal business processes if not well planned. The three

most important issues, from a CIO’s per-spective, that must be incorporated in an upgrade plan are:

Is the upgrade going to have an impact on any business process?

Is the upgrade going to have an impact on current IT resources?

Is the upgrade going to have an impact on application performance with current infrastructure?

How important is it for a CIO today to look at consolidation of both application and IT infrastructure?Until recently, Application Management

Social Networking sites reach a higher percentage of women than men, with 75.8 percent of all women online visiting a social networking site in May 2010 versus 69.7 percent men

and Data Centre Operations were two sepa-rate worlds. However, with increased focus on improved operational efficiencies with reduced IT budgets, the CIO has to optimise his IT infrastructure that hinge on three principles: Virtualisation, Consolidation and Rationalisation. There’s a Virtualisation of Servers, Storage and Desktops. There’s a Consolidation of Data Centres and Applica-tions. And last, there’s a Rationalisation of Application Portfolio and Skills. What is so unique about Solix Application Retirement Appliance which makes it a com-pelling business buy?Solix heritage comes from Database Archiving and that continues to be the cash-cow in our product portfolio. We added Test Data Management, Data Masking and Application Retirement within the Solix EDMS Suite, which provides customers a single metadata-based solution to cover Information Lifecycle Management as well as Application Testing. For Application Retirement, in particular, we have added functionalities that are specific towards migrating, retaining, compressing and que-rying and reporting on legacy data while at the same time decommissioning the source applications and the associated hardware and storage they came from. In addition to Solix EDMS for Application Retirement which is a software-only solution, we have introduced Solix ExAPPS, Industry’s first Application Retirement Appliance.

How does it work? Please explain...There are six simple steps:

Plug in the device and do the set-ups – takes no more than 30 minutes.

Point the browser to the first candidate identified for application retirement

Migrate data from this application to Solix Secure Archive (there’s an automatic 90% compression) and add application context to the legacy data

Ensure that the legacy data can be accessed without the legacy application. Decommission the legacy application and the associated hardware.

Build reporting tools that are required for this legacy data

Point the browser to the second candidate and repeat the process.

GLOBAL TRACKER Usage results of social networking sites

SOURCE: COMSCORE'S 2010 GLOBAL REPORT ON WOMEN'S ONLINE USAGE

75.8%69.7%

E NT E R PR I S E RO U N D - U P


IDC predicts rise in server spend due to cloud. Complexity reducing clouds to aid growth.

GREEN TALK

THE ORGANISING Committee

of Commonwealth Games, Delhi

is striving towards staging the

first ever "Green Commonwealth

Games". The Beijing Olympics,

2008 and the recently concluded

FIFA World Cup 2010 in South

Africa undertook green principles

and green technologies as a joint

venture with United Nations Envi-

ronment Programme (UNEP).

As part of the first 'green' Games,

the organising committee has

decided to set up carbon neutrality

kiosks at the Games Village and six

venues where people can buy car-

bon credits to neutralise the harm-

ful environmental effect of their

activities. An estimated 100,000

to 150,000 tonnes of greenhouse

gases will be emitted during the

Oct 3-14 Games. The organising

committee hopes to motivate ath-

letes, delegates, spectators and

others to offset their carbon foot-

print by investing in clean energy

projects.

Ranging from the 30% green

cover which has been demarcated

at all the sporting venues to rain-

water harvesting systems and

energy efficient lighting systems,

the authorities have shown the

willingness to be eco-conscious.

Energy efficient lighting solu-

tions such as CFLs, LEDs and TL5

are being incorporated in build-

ings which have been designed

specifically to have daytime natu-

ral lighting to reduce the usage of

electiricity.

IDC forecasts that server hardware

revenue for public cloud computing

will grow from $582 million in 2009 to

$718 million in 2014. Server revenue

for the larger private cloud market will

grow from $2.6 billion to $5.7 billion in

the same time period.

"Many IT decision makers are seri-

ously considering cloud computing

as a way to dramatically simplify their

RIM has unleashed BlackBerry 6, a new operating system for BlackBerry smartphones. BlackBerry 6 features a redesigned interface that works with a touch screen and trackpad, expanded messaging capabilities that simplify managing social media and RSS feeds, a new universal search tool, and a new WebKit-based browser.

“BlackBerry 6 is the outcome of RIM’s ongo-ing passion to deliver a powerful, simplified and

BlackBerry unleashes new OS and smartphone. The Torch introduces touchscreen in version 6.

grow from $2.6 billion to $5.7 billion in

will grow from $582 million in 2009 to

$718 million in 2014. Server revenue

FACT TICKER

sprawling virtual and physical infra-

structure," said Katherine Broderick,

research analyst, Enterprise Platforms

and Datacenter Trends. "However,

there is still some lingering appre-

hension over issues like integration,

availability, security, and costs. These

concerns, and how they are addressed

by IT vendors, will continue to guide

the adoption of cloud computing over

the next several years."

IDC defines cloud services to be

business and consumer products,

services, and solutions delivered and

consumed in real-time over the Inter-

net. Additional findings from IDC's

research include the following:

According to recent IDC survey

results, almost half of respondents,

44%, are considering private clouds

Public cloud computing has lower

ASVs than an average x86-based server

Public cloud seems less likely to be

broadly adopted than private

Public clouds will be less enter-

prise focused than private clouds

optimised user experience for both touch screen and keyboard fans,” said Mike Lazaridis, president and co-CEO, Research In Motion. “Following extensive research and development to address consumer needs and wants, we are delivering a communications, browsing and multimedia expe-rience that we think users will love, and we are thrilled to debut BlackBerry 6 on the amazing new BlackBerry Torch smartphone.”

“With a new user interface, new browser and new handset design, the highly anticipated Black-Berry Torch and BlackBerry 6 deliver integrated and uncompromising capabilities for consum-ers and business professionals that preserve the industry-leading strengths of the BlackBerry platform while adding exciting new dimensions,” he added.

The first smartphone to feature the highly antic-ipated BlackBerry 6 is the new BlackBerry Torch 9800 smartphone.

Adept for socially connected consumers and packed with the tools business customers love, the new handset is the world's first smartphone to combine a BlackBerry keyboard with a full touch screen experience.

The Torch Smartphone will be first to feature the new BlackBerry 6 OS combining new touch screen experience with easy-to-use keyboard and rich webkit browser, and will be first to offer Loca-tions feature.

Whether users choose to type out messages on the capacitive touch screen or easy-to-use Black-Berry keyboard, browse the Internet using pinch to zoom or fluidly navigate with the optical track-pad, the BlackBerry Torch allows them to commu-nicate any way they want.

results, almost half of respondents,

44%, are considering private clouds

13thectoforum.com 07 AUGUST 2010CTOFORUM

BEST OF

BREED Safety Gear: Taking the IT Disaster Recovery Test Pg 16A

FEATURE INSIDE

Securing Your Mobile WorkforceMobility is bringing a multitude of benefits but is your organisation taking the necessary precautions? BY AMRIT WILLIAMS

THE NUMBER OF MOBILE WORKERS WHO WILL ACCESS EN-TERPRISE SYSTEMS WORLDWIDE BY 2010

1 billion

DATA BRIEFING

ILLU

ST

RA

TIO

N B

Y A

NIL

T

SOURCE: IDCThe rising tide of mobile computing,

driven by the introduction of consumer devices such as the iPhone and iPad, is crashing against the shores of many an IT shop. Most IT organisations have

lived on a diet of corporate policy restrictions and liberal use of the word “No!”. However, that attitude

won’t solve the problems posed by an increasingly mobile workforce.

IT can no longer simply ignore the tsunami of remote intermittently connected computing devices that are used by the masses to access corporate resources, especially those that reside within and provided through a shared service or infrastructure


B E S T O F BR E E D MO B I L E S E CU R I T Y

(think SaaS or cloud-computing).No doubt these devices offer tremendous benefits

to productivity, real-time information exchange and increased efficiencies throughout the value chain, but IT has been quite leery of their use as officially supported computing platforms and they have every right to be con-cerned as these devices are not built for the enterprise, they do not have an eco-system of technologies that sup-port them, and most organisations are still challenged to manage traditional computing devices, such as desktops and servers, that reside within their infrastructure.

The risk is clear though as organisations must man-age and secure a large, complex, and globally distrib-uted, remote, and mobile computing environment all accessing corporate assets in and outside the corporate network; the loss of vis-ibility and control again forces them to look at how they can better maintain the health and security of their mobile computing environ-ment – the endpoints that require access to corporate resources that are housed inside of the corporate network and in the “cloud”

A day in the (risky) life of an executive with mobile computing devices:THREAT #18am – Checks email from home before flight to partner meeting. Prints out boarding pass on airline website then clicks on ad with drive-by-download

THREATS #2 and #3 10am – Views latest football scores on mobile phone. Tries to disable security setting that prevents a Flash plug-in from running – since the website uses Flash.

THREAT #4 11:30am – Connects to partner network to provide pre-sentation and product demo. Unfortunately, one of the gaming applications that his kids installed last weekend launched an IRC bot that tries to send IRC packets onto partner network.

THREAT #5 2pm – Leaves mobile phone at restaurant. Contains email addresses for all contacts as well as architectural design plans for the next release of their product.

THREAT #6 6pm – After checking into his hotel room, tries to download an ani-mated screensaver that he thinks kids will like. It contains a number of dangerous spyware programs including one of which opens up a backdoor on his laptop.

Managing security for the mobile workforce: “Macro” and “micro” visibility: What’s on my (extended) network? –

How are my (managed, yet roaming) computers configured? – What services are they accessing in the cloud? Should they be?

Location-aware, OS-aware policies: Precise, targeted control (take bandwidth into consider-ation) – Get updates now

Sync assessment and remediation regardless of location: Reduce gaps in coverage – Immedi-ate remediation becomes critical

Bottom Line: Managing mobile computing devices is no longer a discussion or a nice-to-have. It MUST be done.

IT organisations need to know what they own and what their users (who have been granted authenticated rights to access corporate resources) own. Visibility is your most effective security tool.

You have a distributed workforce; whether you like it or not, make sure your IT organisa-tion can manage these resources.

Simplify and consolidate your management infrastructure.

You cannot control your users, but your systems management tools should be able to control their computing devices – anywhere they roam.

This article is published with prior permission from

Infosec Island www.infosecisland.com

RESEARCH In Motion

executives are fond of

saying that their platform

is more secure than other

mobile providers.

Impressed by its

security characteristics and

convenience of mobile

working, I have considered

it for a long time to get a

BlackBerry. Finally, it is offi-

cially supported by China’s

communication networks,

however, I have to cancel

this plan.

According to a recent

report, if you’re using your

BlackBerry to send its

highly touted encrypted

emails to or from the

Russian Federation, the

Peoples Republic of China;

or, shortly, India, Saudi

Arabia and the UAE, all of

these security questions

are moot.

In order to promote

its sales in China and

satisfy Chinese govern-

ment regarding “security

threats”, I guess RIM has

provided its encryption

keys to China telecom, like

it did in India.

I am anxious about

leakages when I make

a plan to change my

mobile. Of course, I know

we sometimes need to

sacrifice our privacy for

national security. How-

ever, I should be notified

and confident that my

privacy is protected

properly. The best way is

to reduce the chance that

my private information is

exposed to others.

No matter how secure

your platform is, when

the encryption keys are

exposed, no privacy can be

guaranteed.

I am also interested to

see how RIM can protect

the privacy of its BlackBerry

device users when they

give its encryption keys

to the country's security

agency.

— By Ray Tan

Reprinted with permission from

Infosec Island

Privacy or National Security?

18.5%INCREASE IN

MOBILE HANDSET

SALES IN INDIA

(BETWEEN 2009

AND 2010)

SOURCE: GARTNER

A Q U E S T I O N O F AN SWE RS D R . B I L L CU R T I S


Why CISQ: IT executives need objective benchmarks of IT application quality.

D R. B I L L CU R T I S A Q U E S T I O N O F AN SWE RS


DR. BILL CURTIS | CISQ

QualitySoftwarein

Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ) and the co-author of Capability Maturity Model (CMM), in an email interview with Geetaj Channana, talks about the need for standards in software development

What was the thought process behind creating the

CMM for software enterprises?By the mid-1980s most large projects that involved software were late, over-budget and defective. Although most organisations were focusing on bet-ter tools and methods or hiring bet-ter programmers, Watts Humphrey, who joined the Software Engineering Institute (SEI) after retiring from IBM, focused instead on improving software development processes. His critical insight in developing the Pro-cess Maturity Framework, the foun-dation for CMM, CMMI and the Peo-ple CMM, was that no improvement program could succeed if developers were given unachievable commit-ments or baselines were not con-

trolled. Thus, rather than focusing on organisation-wide processes, he first focused on stabilising projects by developing the skills of project managers to plan and manage their projects. Only after projects were stable did he address standardised organisational processes and quan-titative project management. This critical insight was a departure from existing models of improvement and led to the impressive success of the various staged maturity models built on his foundation.

Watts asked me to replace him as Director of the Software Process Program at SEI in 1991. We took his framework, and all the best software practices the SEI had been collecting, and integrated them into

the original CMM. Unfortunately the Systems Engineering world built their own maturity model using different architecture and it was difficult to integrate improvement programs in large systems organi-sations when they were driven by different approaches. Around the turn of the century, CMMi was developed to integrate these differ-ent approaches into one model that could apply to any domain of engi-neering integrated into a large sys-tems development project. I proved the applicability of Humphrey’s Process Maturity Framework to domains other than engineering projects by developing the People CMM for improving the capability of an organisation’s workforce.

A Q U E S T I O N O F AN SWE RS D R . B I L L CU R T I S


Almost 20 years after CMM’s inception, how relevant do

you think is it for enterprises? Where does it fall short?CMM and its successor CMMi have been adopted globally. CMMi is especially relevant to enterprises building large software-intensive systems. It remains the only com-prehensive model available for guid-ing the improvement of software and system development organisa-tions. It is often used in conjunction with other models such as ITIL or COBIT at the enterprise level to supplement their lack of depth in software development.

Perhaps the biggest shortcomings of CMMi are its limitations in IT. CMMi was developed primarily by software and systems engineers from large aerospace projects with little experience in IT. It does not present practices such as portfolio manage-ment, shared resources and applica-tion deployment that are critical to executives managing IT applications. Many organisations, especially small-er ones, find the number of practices challenging, especially the large number of repetitious institution-alisation practices. Hopefully some of these issues will be addressed in upcoming revisions. Though, CMMi has a published record of successful implementations.

How is CMMi different from Six Sigma? Is one

better than the other or do they complement each other?There are three key differences between the CMMi and Six Sigma:

CMMi is a staged process improvement model and Six Sigma is a process improvement tool bag

CMMi applies to a specific domain (software and system engi-neering), Six Sigma tools can be applied to any domain, and

CMMi specifies process areas that must be addressed within its domain while Six Sigma focuses on the performance of processes as

Customers and providers of IT application software do not have a common basis for measuring, man-aging and evaluating the quality of the application software they deliver or maintain.

IT executives need objective benchmarks of IT application qual-ity based on industry standards and professionally-credentialed assess-ment services.

Businesses, government agencies and their software providers need a forceful, open and objective voice to establish industry-standard metrics for measuring IT software quality and drive an industry-wide agenda for improving IT application quality.

Major industry players such as

implemented without recommend-ing specific best practices.

Nevertheless, both Six Sigma and CMMi share the same heritage, they emerged from the quality practices pioneered by Walter Shewhart and his protégé W. Edwards Deming. Watts Humphrey once told me he was trying to figure out how to get software organisations to adopt the same statistical quality management and continuous improvement prac-tices that he had seen work so effec-tively in other parts of industry. As I mentioned earlier, his critical insight was that he had to eliminate the prob-lems that hindered their adoption, the first of which was poor project management. His Process Maturity Framework emerged as a staged improvement strategy that eliminates the barriers to continuous improve-ment through a staged transforma-tion of the organisation’s processes. While some Six Sigma practices can be implemented at each maturity level, CMMi Level 4 is the full imple-mentation of statistical process man-agement, while CMMi Level 5 is a full implementation of plan-do-check-act based improvement and innovation.

Why was CISQ formed? There is a growing sense of

unease about the cost and about the risk of the software being developed and acquired by IT organisations. CISQ was formed to create industry standard measures of software size and quality for use in benchmarking, guiding internal development and evaluating the software delivered by outsourcers and package vendors. These measures must be defined to a level that can be automated in order to reduce the cost and subjectivity experi-enced with current measures such as Function Points. The following factors explain the rationale behind CISQ:

IT applications are deeply embedded in most critical operations.

The current quality of IT applica-tion software exposes businesses and government agencies to unacceptable levels of risk and loss.

Organisations

find the number

of practices

in CMMI

challenging.

IT executives

need objective

benchmarks of

IT application

quality.

People are

fighting too many

chaotic fires in

organisations,

thereby, reducing

innovation.

THINGS I BELIEVE IN

D R. B I L L CU R T I S A Q U E S T I O N O F AN SWE RS


“Customers and providers of IT application software do not have a common basis for evaluating the quality of the application software.”

GM, AXA, US Department of Homeland Security, IBM, Capgemini and Tata Consul-tancy Services (TCS) are driving this for-ward to ensure the standard can and will be applied in practice. In fact, TCS became the first member. CISQ supplements CMMi by providing the automated quality measures needed in a mature development process.

How will CISQ help the software industry achieve quality excellence?

CISQ provides a neutral forum for all stakeholders in the IT industry to develop standard, automated measures of software

competing technologies that provide automat-ed source code measurement and analysis.

How will CISQ benefit the Indian IT industry?

CISQ is an industry-led forum sponsored by SEI, the Object Management Group (OMG) and supported by NASSCOM in India. Indian outsourcers are beginning to see software quality measures written into outsourcing contracts as the equivalent of Service Level Agreements. If each customer uses a different definition for a quality measure, an outsourcer may be faced with 50 different definitions of

delivered, thus reducing the overhead while improving the quality of acquired software.

Of even greater importance than reduc-ing IT costs are the business benefits of improved application quality. The cost of a retail website outage during peak busi-ness hours, of a security breach that com-promises the confidential information of thousands of customers, or of the degraded productivity from slow application perfor-mance across 1000 white collar workers has harmful financial impacts on the business. Just as important, but harder to cost, is the competitive benefit from earlier releases of application enhancements because the application is easier to modify and test.

Some say that standards reduce the level of creativity and innovation

in an organisation – true/false? Why?There are two ways to hinder creativity and innovation in an organisation when imple-menting a standard. The first is to do a slop-py job of implementing practices so that no benefit is achieved and the problems hinder-ing creativity and innovation do not change. The second way is to implement a thought-less, bureaucratic mountain of practices that get in the way of everything.

If an organisation uses the principles of lean thinking while implementing their improve-ments and understands the intent of the model, they should see impressive growth in opportunities for creativity and innovation.

For instance, what really reduces the level of innovation in an organisation is that peo-ple are fighting too many chaotic fires and do not have the time to pursue creative solu-tions. This is the case in most immature soft-ware organisations at CMMi Level 1. Once they begin to mature and get control of how they spend their time, they can build the time into a project required for exploring alterna-tive solutions and building experimental pro-totypes. We have seen this transformation in many organisations. CMMi Level 5 is a state of continuous search for innovative solutions that close the gap between an organisation’s current capability, and the capability they require to achieve the strategic business objectives. When the standard software measures that CISQ will develop are used to guide learning and product improvement, they will have this same impact on creativity and innovation.

quality. Measures will not be adopted into standard practice until they are automated, because of the prohibitive cost of collect-ing and reporting measures manually. If we can get product measurement to be a standard application development practice, weaknesses in software will be detected long before they become expensive defects that cause outages, security breaches, corrupted data and degraded performance. To support this objective, CISQ will:

1.Advise, educate and advocate to business and government leaders on the mission criti-cal importance of IT application quality.

2.Develop a consistent quality measure-ment system that can be used by IT and business leaders to measure and report the software quality of multi-tier business apps.

3.Define methods and processes for using this quality measurement system in negotiating and managing the acquisition, development, or maintenance of IT applica-tion software.

4.Develop and promote professional licensing for those providing services to assess the quality of IT application software.

5.Promote the development of a market of

the same quality characteristic. If there is a standard measure used across customers, it is much easier for an outsourcer to train their people, develop appropriate methods and tools and manage their relationships. The alternative is a nightmare of expensive special adjustments for each different customer with no economy of scale in using measures to manage the delivery of software.

How are standards like CISQ helpful in reducing the costs of the

IT organisation in an enterprise?Automating standard measures of applica-tion size and quality dramatically reduce the cost and increase the adoption of software measures. Automated quality measures allow weaknesses in the software to be detected much earlier when they are 10 times cheaper to fix. When presented with objective measures on the quality of their work, application development teams learn much quicker and eliminate various types of defects in their work. Standard measures have also proven to reduce the time spent arguing in customer supplier relationships over what was expected versus what was


COVE R S TORY RE S E T T I N G F O R G ROW T HIL

LUS

TR

AT

ION

S B

Y P

C A

NO

OP


Innovative IT architecture, agility and a spirit of risk-taking are fuelling the growth engine. We look at how savvy CIOs looked beyond the troughs of the recession, even making sensible infrastructure investments.

24 | The Colour of Change

27 | Defying Defeat

31 | Simple Rules, No Magic

35 | Tracking by Open Source

38 | Getting the Edge

i n s i d e

COVE R S TORY RE S E T T I N G F O R G ROW T H


Asian Paints, India's largest paints company with a turnover of Rs 6,680 crore, managed to raise its profitability and clocked posi-tive revenue growth in FY2009-

10. Profitability was up by 100 percent with a growth rate of 20 percent plus. The company did not reel under the recession blues as around 80 percent of its business focused on India alone.

“We had one of the best years for our busi-ness last year and this was after a long time,” says Manish Choksi, Chief – Corporate Strat-egy and CIO, Asian Paints.

To keep this momentum of growth, the paints-maker is looking at change in every sphere within the company.

Take the instance of starting a commercial production at its new paint manufacturing facility in Rohtak, Haryana in April this year. The plant has an initial capacity of 1.5 lakh KL per annum and can be scaled to 4 lakh KL in future expansions.

This plant is fully automated. So the time raw materials enter the plant to the time when finished goods leave the factory, there is no manual intervention. “We need such scale

and automation in every part of the organisa-tion,” says Choksi.

The challenge for the company is to meet the expectations of service and delivery of customers on various fronts like capacity, raw material procurement and even distribution. Choksi admits that if they miss a day of dis-patch or unloading, they really do not have an inbuilt capacity to play catch up.

Looking withinTo iron out these issues, Choksi says that the IT within the company is undergoing a P

HO

TO

S B

Y J

ITE

N G

AN

DH

I

MANISH CHOKSIChief – Corporate Strategy & CIO,

Asian Paints

Asian Paints stays ahead in the game by managing change efficiently By Ashwani Mishra & Rahul Neel Mani

Asian Paints stays ahead in the game by managing

ChangeChangeChangeThe

ChangeChangeThe

ChangeChangeChangeChangeColour

ChangeChangeColour

ChangeColour

ChangeofThe Colourof

ChangeCASE STUDY | ASIAN PAINTS

RE S E T T I N G F O R G ROW T H COVE R S TORY


process of re-examination. This will look at whether the systems are built in the right manner, and if they have the right business processes and how can they be used in a bet-ter and efficient way.

For example, last year the company took a different approach to better its sales order pro-cess. Previously, the process was on a central SAP platform. That would mean dealers would call their local sales offices to place orders or the branch sales representatives would take the orders and call the local sales office.

Today, the company has two call centres that do inbound and outbound calling to pick up sales orders. This call centre also handles customer support and service calls including complaints of consumers and dealers.

“So these call centres are doing a large range of activities on a centralised basis. This allows us to have huge scalability,” says Choksi.

The call centre also plays a significant role in project sales. Earlier when the company carried out project sales that involved sales to large building sites, they would typically deliver the material to the dealer who in turn would tell the transporter to deliver the same to various sites. Today the call centre is able to deliver this as a standardised process by prop-er authentication and verification. “This would not have been possible to manage effectively from a branch location,” says Choksi.

The company has also made changes in its distribution model. They have gone for auto-matic tracking and retrieval system and have chosen distribution centres that are located near the manufacturing plant. Earlier, these centres were situated far away from the plants.

Continuous flowAsian Paints is in the process of developing a Business Continuity Planning (BCP) exer-cise end-to-end. According to Choksi, this is not merely IT disaster recovery (DR) but an exercise that will look and examine all the processes within the company and figure out the possible vulnerabilities that could cause disruptions. The next step is to plan the com-pany and individual response considering various scenarios. This exercise would cover IT, assets (plants and offices) and people.

The first part of this process would be to lay down a strategy and then make the neces-sary investments to implement the strategy. Choksi says that though technology will play a small part in this process, it will act as a key

In the last couple of decades, leveraging information technology has proven to be a winning strategy to support the growth and sustainability of manufacturing organisations. Use of IT in manufacturing operations

to improve the efficiency and effectiveness of key performance enablers such as accounting and finance, sales, procurement of raw materials and spares, and planning, among others, has been validated across industries. In most organisations, maintenance of plant, equipment and facilities is also considered as an important enabler of performance and is sought to be enhanced through the implementation of a Computerised Maintenance Management System (CMMS)/Enterprise Asset Management (EAM) system. In many cases, implementation of a CMMS/EAM is labelled a disaster and ends up with low levels of usage. In others, companies invest further resources to re-implement and set right the CMMS/EAM to make it effective. In extreme cases, the CMMS/EAM is scrapped and the organisation reverts to its old ways of working. What can organisations do to prevent such failures?

Lessons from experienceOur work with clients on repairing and enhancing usage and effectiveness of CMMS/EAM across industries and platforms has given us many valuable lessons which can help organisations make its implementation successful.

LESSON 1 Whose CMMS/EAM is it anyway?In many organisations, CMMS/EAM is implemented as one of the modules of an ERP system. Organisations prioritise the implementation schedule due to various factors such as business need, availability of resources, etc. Sales, Finance and Commercial (FiCo), Material Management (MM) are implemented on priority and the CMMS/EAMS module is implemented as an afterthought. The key driver for the implementation of the maintenance system is timely and accurate report-ing of maintenance, repair, and operations transaction that impacts the book of accounts. The result is an implementation which focuses heavily on the commer-cial aspects of maintenance and emphasises the collection of relevant commercial data thereby burdening the maintenance engineer with increased data entry with-out improving work methods.

The best bet to avoid a fiasco is to involve the users, the maintenance team in this case, right from the system selection process. The maintenance team has the best understanding of how to effectively keep equipment operational. They also have unique knowledge of the processes and data required to perform their job.

Companies are enabling plant maintenance with effective CMMS/EAM implementation. By Shridhar L Kamath

Lessons from Failures



enabler. So the business units will define the recovery times of various functions, and tech-nology will define how data can be recovered.

“The other key challenge in this kind of exercise is to sustain it. It is easy to do strat-egy once, implementation once but business changes. So we are not only looking at being more efficient and scaling up but also being more resilient,” says Choksi.

Bringing intelligenceWhen Asian Paints carried out its ERP imple-mentation, they also looked at a data ware-housing strategy for business intelligence (BI). However, Choksi says that with the amount of information that the company has today, they have not delivered intelligence to its employees in a manner that it can be used for business deci-sion making. “We are doing more on transaction reporting but we need to do more in delivering information for decision making,” he says.

The company is now looking at doing financial consolidation and also looking at business planning in an integrated manner so that it can help its employees deliver financial reporting in a better way. Simultaneously, the company is working out a strategy for busi-ness KPI monitoring and reporting.

“We just do not want to provide dashboards but we want this intelligence to be translated into action,” says Choksi.

Choksi is also keen to leverage social net-working. He cites examples of companies that use Twitter equivalent micro-blogging technology to find out their daily activities on the field. He says that he would want to set a companywide system to know the activities of his sales force on a regular basis, and get continuous feeds.

These feeds in turn would help in conduct-ing social analytics. The analytics would be able to predict from a conversation that a dissatisfied customer would not buy from the company the next time.

This kind of analytics will certainly help the company where the product purchase cycle is three to five years. Creating touch points with the customers to ensure that they can come back is a challenge that the company wants to overcome.

“So behaviour sentiment analysis is where this world will go. The services industry will be the ones who will be far ahead of this curve,” says Choksi.

The maintenance team can thus balance the commercial aspects and work meth-ods and create the right specifications which will contribute greatly to a successful implementation.

LESSON 2Think ImprovementOften, CMMS/EAM implementation is considered as an added burden to current work by the user team and minimal support is provided to the implementation team. This leads to improper planning, under-estimation of effort required, sloppy design, hasty collation and uploading of data – a sure shot recipe for disaster.

A CMMS/EAM implementation can be taken up as an excellent opportunity to overhaul and improve the maintenance system. The right set of senior experi-enced people should be provided to the implementation team with a clear set of goals which encompass the overall maintenance function. The team works to map and improve processes, bring in the user’s viewpoint into implementation and makes maximum use of the functionalities of the CMMS while ensuring that the value added to the maintenance function far exceeds the effort put in.

Improvements can also be done to the CMMS/EAM functionalities to provide better flexibility to enter data, customised reports to understand and analyse per-formance and deliver value to the maintenance team.

A risk assessment of the designed sys-tem and extensive testing can further bring out improvement actions which reduce risks of failure of the implementation

Another strategy that can be used is to not disband the implementation team after go-live. The team discusses lessons learned from implementation and usage, and works for system optimisation and continuous improvement.

LESSON 3Manage ChangePeople make CMMS/EAM implementa-

tions successful. Creating a shared vision which has the buy-in of the team and is widely communicated goes a long way in creating a sense of purpose and enthu-siasm in the team easing the pain of change. Simple initiatives such as town-hall meetings and celebration of milestones reached during implementation can fur-ther add to the level of involvement and ownership.

Making people comfortable with the terminology and the use of computers to manage data is as essential as the training on the CMMS/EAM itself. Enhanced used of computers in maintenance management well in advance of the imple-mentation can support the implementation later on. Maintaining data in the form which can be directly uploaded into the CMMS/EAM database further enhances the chances of success.

Concluding remarksAs the world around us becomes more competitive, organisations become big-ger and equipment and processes become more technologically advanced and complex, information technology will be the only way to sustain and continu-ously improve. A CMMS/EAM can go a long way in easing the effort required in maintenance. The only challenge is to get it right the first time.

About the author: Shridhar L Kamath is managing consultant, PricewaterhouseCoopers

"A CMMS/EAM implementation is an opportunity to overhaul the maintenance system”



When you have eliminated the impossible, what-ever remains, however improbable, must be the truth...Sherlock Holmes.

Axis Bank, one of India’s premier private sector banks replaced the first generation Finacle Core Banking System with the latest version, bidding farewell to the legacy-proprie-tary systems and embracing open standards-

based architecture. The bank has lived to talk about its daring act. Today it stands ahead of the curve and claims that any bank which will migrate to the new version of Finacle CBS is at least 18 months away.

While narrating this suspense thriller, Subhakanta Satpathy, Senior Vice President and Head of IT of Axis Bank, accepted that their decision to migrate was a very bold one and one that is not easy to justify. As

this was the first time that such a migra-tion was being carried out, the possibility of a failure loomed large. In response, the bank took many precautions -— building adequate safeguards in the form of develop-ing a robust business continuity plan and discussing the failover options many times. Still, it seemed like a gamble.

“The moment of migration to the new system was like the one at a PSLV launch. We

The stakes were raised for Axis Bank's planned CBS migration. By Rahul Neel Mani

SUBHAKANTA SATPATHYSenior VP and Head of IT, Axis Bank



“In the last two years we have built competencies, capabilities and skill sets and have invested in tools too”

INTERVIEW | BFSI

PRAVIR VOHRAChief Information Officer, ICICI Bank

Q: What according to you is the role of the technology leaders’ office in an organisation's growth plans?A: The technology leader wears two hats, one is an equal mem-ber of the senior management team that gives you the ability to drive thought leadership, internal public opinion and create stakeholder lobbies. In India we do not have a sharp difference between the two roles; abroad there is a very sharp difference. In India we use these interchangeably.

The other hat is constantly at the back of your mind, which is the awareness that the technology leader should have on what technology can do for his business. I always say that I am 90 percent a banker and 10 percent technology. I have been lucky in my life in the sense that somebody pays me to do something that I enjoy doing.

When you say “Resetting for Growth” it is more of a busi-ness phenomenon. As a business we know that the world went through a slowdown. There were loans made in certain coun-tries that affected financial markets, mortgages and consumer behaviour and so businesses got affected. But, did the people

withdraw money less often? Salary credits would not stop and bill payments weren't affected. So, I think a big advantage that an IT leader has when he wears the second hat is that he is not in the stomach of the problem. He is affected by budgets but only in a limited way.

And so, he can look at the world, as if it has not changed as dramatically as businesses feel. For eg. In ICICI, I have used these two years to build competencies, capabilities and skill sets; I have invested in tools too. We never got to do this when the business was running fast. Because, at that time our chal-lenge was to quickly roll out solutions. We were doing quick and dirty kind of solutions.

So, it was a great time for us. But, this whole concept is high-ly debatable as it depends on the capability of your company to increase spend. For instance, it cannot happen in an export oriented industry in the downturn. It also depends on your equation with your company board.

We at ICICI bank were able to convince our board that it was a good time to make infrastructure investments. We have

all had goose bumps," says Satpathy. If the attempt to migrate failed, then all efforts at migration would have to pause for another six months as the next chance to migrate would come only then. "If things went wrong, we would have to wait for six months and put in the same amount of preparations again - that was an agonising thought!" he says.

But the team wasn't ready to give up yet. They put various safeguards in place. The thought of rolling back to the old version of Finacle wasn’t really exciting. At the end, the migration was successful, though there

were a few initial glitches. “Three months on, we have not only produced an accept-able and convincing P&L statement and quarter ending [June 2010] report but also have trained approximately 7000 users using our captive training centre located in Hyderabad,” tells Satpathy.

The story scores 10/10 in taking the plunge, 9/10 in mitigating the risk and 10/10 again in being the first bank to implement the new ver-sion. A clear case of an organisation behind ahead of its times. It deserves a mention in bold letters that the bank has become the

Beta Site for Infosys Finacle. Here’s the story with the rest of the details...

The Core Banking Story Axis Bank implemented the Finacle CBS near-ly a decade or so ago. Perhaps, it was the first customer of Finacle CBS (as a bunch of solu-tions bundled in a brand) from Infosys. Unlike other banks, Axis Bank ran it in an absolute ‘captive’ model, without a single event of out-sourcing to third party. Having exploited the earlier version to its maximum capabilities, the senior management was convinced that



built two new data centres that will go live in August 2010. If you have been in the world as long as I have, you know these are typical business cycles that come and go, you need to find a way to even out the bumps and be ready for the phase of growth that is now coming.

I do not know how much you can do for Resetting. If you have allowed the engine to run cold, people to quit and you have plugged the investments – then you would always be a year behind everybody else. But I think all people at senior lev-els have great ability.

The amount of thinking that we’ve been able to do on how we will address inclusive banking may not be rocket science, but would not have been possible if everybody was running around helter-skelter.

Sometime back, I got an invitation to speak to American CIOs and advice them on ICICI’s technology model. I was asked how the audience could do similar things. That is the time when I said that the basic thing that the CIOs need to do is invest in their company. A CIO who is there for three years is never going to be able to make a difference. It takes about a year or two to understand the psyche and DNA of the organisa-tion and to be accepted in its fold. If you then decide to move on, nobody will trust you.

Q: How does one influence the stakeholder’s lobby? How should it be generally executed?A: This question is similar to the classic one: how do you bring up a kid? At the end of the day, there is no secret sauce or sci-ence. It is primarily trust and value addition. Why will anybody in the company listen to me if they don't have trust in me.

A lot of our colleagues quip that “business wants it like this”. We are happy as a team to play second fiddle because we do not want to take the sales, marketing and P&L pressure. A big thing about technology in a commercial organisation is that we don’t usually have any direct P&L responsibility so we are insulated from the other guy’s problem. We can always say that

he is unreasonable. I would like to quote one of the things that we have done

here, with the benefit of hindsight. This was not really planned by us. Today I can look back and say that it worked.

I learnt to speak two languages in ICICI bank. Some of my colleagues used to say that business is unreasonable and they do not know what they want, they keep giving change requests – all of which is true. And, I used to reply, if you think that the other person’s job is much better, I would move you there. They have their own challenges that you do not understand.

As for the business colleagues, I remember a conversation with a person who is now a very senior officer. He complained that it took too much time (three months) to get a list of credit exposures of the bank. So I asked him to define exposures? He replied back saying that he meant the balances in these high value accounts.

I enquired again, asking him, do you want to include guaran-tees that are issued, contingents liabilities, limits that are sanc-tioned but not drawn, shadow balances – cheques in clearing, etc. The idea is not to say that I cannot do it – it is just about explaining in simple English some flavour of the complexity of my other life.

Even now, I give examples of their own world to non technol-ogy people, to make them understand the challenges faced by technology. For instance, how would you make senior people understand an outage? If internet banking is down – how can you make them understand that it will take 8-9 hours to bring it back up? That is the amount of time it takes to re-install soft-ware, re-boot systems. This is because the uneducated view of technology is – just press a button and it's started.

If you can talk to the people in a language they understand, it creates a fair amount of trust. Of course with this, you would need to be successful, you will need to deliver projects on time, etc. But then all this is just the basic hygiene for any technology head.

up the gauntlet. Sensing the mood at the bank, Infosys

approached the bank and kept a very challenging proposal on the table. The company wanted the bank to be the Beta Site to migrate to this new version. In return, they [Infosys] promised to complete the migration in the stipulated period of time with almost no assurance that it will go right in the first instance. “No company can give such an assur-

it was time to migrate. “It wasn't mandated that we should be the first one to go for the new version, but there was an eagerness to implement it before it became the buzzword. Another big reason was that unlike other Finacle users, we are one of those users which use all possible modules of Finacle,” says Satpathy.

The Countdown BeganMigrating to the new system was no easy task. In the life cycle of the first version of Finacle, the bank had already done a lot of customisa-

tion. On top of it, the technology and platform on which the system resided was purely legacy-proprietary technology. To migrate from proprietary to open standards-based technology meant that a mammoth task of rewriting of codes lay ahead. “We believed this transition would take years of efforts and there were no guarantees of success,” says Satpathy.

Nonetheless, the bank had decided that it was time to pick

6months:

The period that the IT team at Axis Bank would have to wait to get their next chance to

migrate.



ance. The primary responsibility was ours. So we had to buffer for a failed attempt. The bank was prepared with plans A, B and C. Agreeing to be a beta site meant a lot. The entire busi-ness was dependent on CBS and anything could have gone wrong. The decision was bold and risky,” says Satpathy.

The entire machinery working behind the transition was ready with a robust business continuity plan. Worst, what if, after the migration, users weren’t able to log into the system? Anything was possible. As part of the plan, the core implementation team decided to stop the non financial transactions for the initial 3-4 days of migration.

On the day of migration, everyone was on

Axis Bank didn’t have to pay for the CBS

licenses from Infosys. That arrangment was part of the deal. But there was an infrastructure upgrade involved. The bank had to invest in an expensive IBM Websphere Middleware.

Another major chunk of investment was hardware and storage. To make the migration a success, at least 3-4 additional instanc-es were required to run parallel in different stages. This meant an incremental investment in the hardware. The current production environment required one set. But now, another set

was required for develop-ment. Yet another set was required for user interface and testing. The last set was required to phase from the old version to the final Beta site. During some of the time, instead of just one CBS, the Bank was run-ning four. The organisation might not have had a multi user environment for all the four sites but storage requirements were actually four times.

Training: So far the bank has trained nearly 7000 users using its own captive training facility. The Bank’s training

centre located in Hyder-abad accommodates close to 800 trainees. "We conducted eight batches of 800 people each," says Satpathy.

Risk Committee: A Risk Committee of four people including the CIO was constituted. "The Committee members knew each other very well. Each of us knew the other’s risk appetite; there was a lot of trust between us. The top management was aware about the happenings but gave freedom to the Risk Committee to do what it wanted," Satpathy said.

tenterhooks. Then the first flaw surfaced. “Till late in the evening, we were not able to provide log in to the users," says Satpathy. A technical glitch had brought operations to a standstill. "It was frustrating."

At 7 pm, the problem had still not been resolved, and the company was now in a crisis. One option was to roll-back. The other was to listen to the bank's partners, which came up with some solutions but were waiting for the bank's consent. If the back rolled back, 15 months of hard labour of the entire team would have gone down the drain,” says Satpathy.

The Risk Committee constituted to moni-tor the migration was also puzzled. After a lot of deliberations, it was decided to try the

Beta Site Didn’t Mean no Capex

solution suggested by the partner. The ruse worked. Ultimately the users were able to access Finacle. “Because we weren’t able to do any transactions on the first day, we had to clear a lot of those in a short window during the night." The inability to process transac-tions during the day had a cascading effect; it took the bank the next three-four days to clear the backlog. "Frankly, the first week was slight-ly unstable, not because of the technology but because of the volume of transactions." Users didn't have the same same comfort levels as they had with the earlier version of CBS, as a result of which there was a dip in their efficiency. "If a banker was able to do 100 transactions an hour, in the changed environ-ment, he could do slightly more than half," says Satpathy. "After a week's time, the situ-ation came under control and by the end of May 2010, we were able to produce an accept-able level of trial-balance and profit and loss account statement to the management. We did a smooth quarter ending in June 2010.”

In hindsightAlthough the team succeeded in this tough task of migration, Satpathy wants to share his experience with his peers. “It is always advisable to migrate to a newer version of any software. But never be the first one and never be the last one. Our decision was bold but it was still a mistake to go live first and become a Beta Site. We survived because of our exten-sive business continuity planning and the tenacity displayed by our employees to endure the pressure.

“The next bank which will migrate to this platform of Finacle cannot do it before 18 months from now. Now look at the opportunity knocking our doors. If we can convert this period into a business opportunity, we will simply be ahead of the curve,” concludes Satpathy.

“No company can give such an assurance. The primary responsibility

was ours.”



The pace of growth at Reliance Communications (RCOM) is faster than that of other leading telcos in India, says Alpna Doshi, CIO, Reliance Communications.

In a chat with Rahul Neel Mani, she outlines the company’s IT plans and growth initiatives in the immediate future. Excerpts:

Q: What are the new technology devel-opments in the telecom industry? Is RCOM positioning itself to be a leader in this space?A: When we are looking at technology deploy-ments to prepare our technology base, we look at creating and using a shared archi-tecture for both our wireless and enterprise

market segments. This shared architecture will effectively allow us to have subscribers from our consumer database and also help us to leverage these users for the enterprise seg-ment, as some chunk of these consumers are a subset of the enterprise market.

The other focus area for us is on the CRM space. We look at the basic criteria for CRM

ALPNA DOSHIChief Information Officer, Reliance Communications

INTERVIEW | R COM

Reliance Communication’s growth initiatives in the immediate future By Rahul Neel Mani

Simple Rules,

Reliance Communication’s growth initiatives in the

Simple Rules,Simple Rules,Simple Rules,No Magic



usage and how the customer's needs can be addressed through this application. For example, if a call agent can reduce the time to respond to any query even by a few seconds, it is a relief for the customer. This holds good for our enterprise business as well.

Within the IT sphere, I am monitoring more than 100 Key Performance Indicators (KPIs) regularly. This keeps my team excited and they want to improve their numbers. I in turn, con-duct a customer satisfaction survey of these numbers and see their responses. So we try to connect everything from a customers’ standpoint and convert it to various KPIs and measure it. These would include things like provisioning time, number of trouble tickets generated, fault resolution time, etc.

Day-to-day IT problem solving is a given and it should not take more than 30 percent of our time. The remaining 70 percent is the time that needs to be devoted to provide value adds to the business. At the end of the day, it is the IT team that is managing and understanding the various applications and solutions. So I look at various IT reports for all our businesses and see if I can help them analyse these reports. Business has no time to look at the technical aspects. So my focus here is to identify innovative architectures that can speed up things.

Architecture convergence is one aspect that can bring in efficiency. So if I look at Global-com, a division of Reliance Communications, we are merging the architectures from our acquisitions of Flag, Vanco and Yipes. This converged architecture will provide a great value add to the business in terms of getting rid of redundancy, faster resolution time as well as introduction of new technologies.

Differentiating yourself from the competi-tion is a key factor. We want to give a good deal of thought to the various functionalities of each of the systems that we have. We want to derive intelligence out of them and analyt-ics is certainly a huge part of our differentiat-ing game.

Technology for me has always been the easy part as it can be made to work the way you want. To make people work is a challenge. So if we want to do anything at high speed for the business we need to introduce agile processes in the company. For this it is important to have knowledge of the existing business processes and how you can reduce them. So we started something called as “Coffee with the CIO,” to

spend that extra time to meet with people and understand their pain areas, ideas, etc.

Q: What has been the impact of such meetings over a cup of coffee?A: Well, I speak of many things that are professional as well as personal. I share my vision with them and also listen to their expec-tations from IT. On the personal front, I ask some of them where they stay, what are their hobbies, etc. This helps a lot. For example, if

IT has come of age if gauged in terms of its contribution and position in the telecom sector. When telecom was still in its infancy, IT was merely a support function and contributed to the revenue in a

limited way. The scope of work was limited to enablement of smooth operations and management of the major business driving functions. IT was viewed simply as the provider of tools facilitating the other mainstream functions of revenue generations. The initial focus was to provide basic provisioning of LAN, workstations, mail servers for employee connectivity and rudimentary ERP, billing and care functionality which had little direct impact on the revenues generated by the firm.

Traditionally, the IT average spend by the telecom companies worldwide as a percentage of overall revenues ranged from 2.8% to 5.2% with average percentile hovering around 4.26%. Considering the role of IT as a support function, it was treated as an expense item necessary for business support. (IT spending as a % of revenues; Source: Metagroup)

IT in the mainstreamIn recent years, IT has become a key function with evolution of newer and disrup-tive technologies in the telecom space. The advent of new platforms coupled with changing lifestyles of the increasingly demanding users gave rise to a plethora of opportunities for IT. The constantly changing technical landscape forced the telecom firms to look for higher contribution from the respective IT departments. The firms now consider internal IT as a business driver capable of enhancing rev-enues rather than just a support function.

In telecom, IT has evolved from being just a support function to a strategic growth partner. By Kasturi Bhattacharjee

Commanding Heights

an operations guy has to work past midnight in the office and does not get a transportation to go back home, then this is of great concern to me. If I can get these guys a transport ser-vice when they sit back late, they feel a sense of ownership and do not mind putting that extra effort.

I give a lot of importance to people. Employees can do things beyond our wild-est imagination. So it is not technology but people who change business.



The role of IT is now not only limited to technological advance-ments but also extends to improving the bottom line of the operator. Challenges for today’s CEO include building fresh revenue streams while also maintaining the existing market share. Challenges include:

Increasingly competitive landscape Integration and scalability of operations with new business ideas Constantly declining ARPU Multi-partner ecosystems Low revenue leakage percentage which is high on absolute

amount Regulatory constraints

The success and survival of the telecom enterprise in the future will be governed by their ability to face these challenges and turn their weaknesses into areas of opportunities by leveraging the strength of IT. Today IT can overcome these barri-ers and drive growth of the telecom opera-tors’ business by providing:

Seamless billing schemes: Billing engines are at the centre of activity for any telecom operator. A good billing engine can quickly launch various complex schemes in minimal possible time, there-by resulting in reduced time-to-market. Concepts like differential billing based on customer’s age, gender, time of usage, location, mode of payment are a reality today because of superior IT functions.

Revenue assured: The revenue assurance (RA) engines are not only limited to plugging simple leaks of call drops but drill further into the network layer and give a comprehensive report aligning the IT performance indicators with business drivers. Today RA recon-ciles various technology elements to enable assurance of margins and profitability of investments. Even a small percentage leak is very high in terms of absolute amount for a billion dollar operator.

Customer Relationship Management (CRM): CRM is the touch-

point for end-customers whether it used by agents or whether it is in the form of self-care. In the form of CRM support for agents, CRM engines assist call centre personnel to accurately provide required customer information and also help in problem manage-ment. CRM in this way is not only a technological tool for enhanc-ing customer satisfaction but also a business tool for cross-selling services. In its other form as self-care portal, an efficient engine will enable customer info on the click, faster and automatic turnaround and service provisioning rather than adding costs to agent seats.

Business intelligence: The launch of any new product or service is governed by two factors viz. require-ments of the customer and the potential revenue generation capability. It is imper-ative for the operator to anticipate and identify where they are heading and pre-empt the needs and wants of consumers. The robust business intelligence systems of today are enabled to identify the exact customer requirements and reasons for churn for necessary proactive business actions. The other benefit of business intelligence systems is identifying signifi-cant patterns regarding the potential pros-pects, spending behaviours, specific big-ticket schemes and low hanging fruits.

Service Delivery Platform: SDP is the new stage device of IT which enables telcos to venture into data services and provide user-friendly features like mobile TV, games, video-on-demand, location based services, advertisements, social

networking, m-blogging which will be the new area of competi-tion. Telecom operators have made a conscious choice to have SDP engines enabled by IT so that customisations as required by market dynamics and business needs are made on the fly.

Interconnect: The partner settlement engines are the major areas of focus for the service providers as ensuring accurate, regular reconciliations and settlements enable cash flows and are important for revenue generation. If settlement engines are not robust enough,

Concepts like differential billing based on customer’s age, gender and time of usage are a reality today

Q: Can you highlight an innovation that has been done by your team? What was the customer's reaction to the same?A: A good example would be our customer self service portal. We developed a portal that has enabled customers to easily buy services online, make payments, and troubleshoot as well. I would like to finish working with this portal by introducing unified billing. Work is already underway for this process.

There are no telcos who offer unified bill-

ing to customers in India. Having separate bills for various services like mobile, landline, broadband etc. from a single provider for one customer is not required. One customer ID with all services hanging to it is the best answer. This is not innovation, but simple basics. If there are barriers, they are political in nature and exist within the organisation.

In a transformation journey, there are two key areas that need to be kept in mind. One is technological transformation and the other

is cultural transformation. These two have to go hand in hand. So unified billing would be more of a cultural transformation aspect that needs to be in sync with the technology transformation.

Q: How much of technology tweaking would something like unified billing require?A: You look at it at from a point of having five different systems, for example, that process



they will lead to a loss of revenue for the operators. They play a major role in case of content partners as they develop content and, in the event of errors in settle-ments, they can stop providing content, thereby disrupting services.

Supporting call centres: Companies have to monitor their expenses on cus-tomer care centres as they involve huge investments in IT and personnel. The focus on resolving the calls via the IVR and reducing the calls transferred to agents will immensely reduce the costs involved. IT enables configuring of IVR on the fly so as to maximally utilise an agents’ bandwidth and customer connec-tions are made quickly. Various call-centre specific systems like agent scheduling, tracking, comprehensive reporting are also enabled by IT.

Management level reporting: Performance monitoring and tracking is very important for judging the health of the business. Reporting engines ensure there is synchronisation between circle level operations and corporate think tanks. State-of-art IT engines enable standardisation and drilling-down of reporting to the bottom most level with just a few clicks.

Disaster Recovery: IT engines ensure business continuity by enabling parallell running data centres which can take over in case of disaster at the primary area. Every second of outage leads to huge revenue losses and customer dissatisfaction, so disaster recovery is essential for business growth.

IT has not only acted as a business driver for external environments, it is a key function for internal employees of the telecom sector for information dissemina-tion and productivity enhancements.

Intranet: Intranet is a key tool for sharing company’s information, collect-ing valuable feedback from employees, establishing formal/informal discussion forums and a collaboration platform for all the departments.

Providing facilities like leave management, payroll status-check, file timesheets and knowledge management automates employee admin processes and enable employees to focus on business tasks.

Connectivity outside office: Today employees are available 24*7 through black-berry, VPN, conferencing and this is all enabled and supported by the IT depart-ment.

It can be said that the IT function in the telecom sector is no longer just a sup-port function and has become part of board level thinking as it enables not only the basic infrastructure required for business, but also provides directions for the next level of growth.

About the author: Kasturi Bhattacharjee is Associate Director, Infocomm Practice , Price-

waterhouseCoopers

the billing requirements for five different services. It certainly requires certain amount of work to make sure that everything is associ-ated with a single customer ID.

Now the aspect of which particular service organisation is going to address the subscrib-

ers becomes a question. So it does require quite a few changes. Let’s look at this from a CRM standpoint. Can the call agents offer a unified service to customers for all their queries of multiple services? So this would require a focused approach and clear capex

and opex investments to take this through. Or you need to have a strong executive sponsor to make it happen.

Q: So who will be the executive sponsor in this case?A: I would like to see this from the customer side. So our customer service departments should really be the ones. As a CIO, I will put the plan into motion..

Q: It has become a norm to outsource entire IT operations and we have seen telecom companies like Airtel, Idea, etc. outsourcing their IT needs to service providers. RCOM on the other hand manages its IT by itself. So what according to you are the pros and cons of both these models in the tele-com space?A: When outsourcing contracts are signed, there is a joint risk sharing. From this perspec-tive, the contract management becomes a key part in the deal as the provider needs to man-age the SLAs, finance, etc.

I have been a consultant for most part of my career. The negative part of outsourcing is get-ting locked in with a provider as you are not aware of the nitty-gritty of the services being offered. The SLAs are adhered to but what if one wants to look at changing something — that's not possible.

In my previous role as a consultant I was auditing a contract in Australia for a major telecom service provider who had outsourced IT operations to another partner. We diag-nosed the network management system to the core. We deciphered that the code was written in such a manner to lock the telco and there was no way that the company could get out. This exposed the partner.

At RCOM, we have a long term outlook. As IT is captive, we can maneuver our business as required without our intellectual property going out. Having internal IT saves a lot of bandwidth in terms of management of a contractor. We fol-low simple rules, and there is no magic needed. Our IT is always ready for the business.

“The negative part of outsourcing is getting locked in with a provider as one is unaware of the

nitty-gritty of the services”



The technology services industry is still one of the fastest grow-ing sectors in the world. And as a company grows in size and acquires more projects, it become

more and more expensive and difficult to man-age multiple project across the enterprise. LG Soft was also presented with a similar problem.

The ChallengeThe company was growing and needed an integrated project management system to

ensure smooth delivery of projects. “It was get-ting more and more complex to plan engineer-ing projects, track defects and issues and fill the engineers’ timesheet,” says Prakasha K N, Head IT & Information Security, LG Soft India Pvt. Ltd. “Many project management tools are available in the market but they are expensive and time consuming to implement.”

This extremely complex environment and tight budget constraints prompted LG to look for options that were extremely effective but did not cost the world.

The SolutionThe company looked at implementing the Redmine Project Management tool. Redmine is a flexible project management web applica-tion written using Ruby on Rails framework. “It is a time, defect and issue tracker web application with mail and LDAP integration. It also has multiple projects and database sup-port,” says Prakasha.

This is also beneficial for the ITeS company as it is open sourced under the GPL license. Being open source has the benefit of eas-

LG Soft India looked at Ruby on Rails for efficient project management By Geetaj Channana

LG Soft India looked at Ruby on Rails for

Open SourceOpen SourceOpen SourceOpen SourceTracking byCASE STUDY | LG SOFT

PRAKASHA K NHead IT & Information Security, LG Soft India Pvt. Ltd.



ily available plug-ins. The organisation has also included plug-ins for effort tracking/project planning, timesheet, risk and graphical reports in the implementation. They have also developed a treasure hunt module on it to gather new Ideas from employees across the organisation.

Other plug-ins in the implementation include - Dashboard for tracking milestone; Risk man-agement plug-in; Estimation and Requirement management plug-in; Bulk upload, time entries and other entries for bulk tasks.

The BenefitsTo start with, the organisation has already saved more than $100,000 on an implemen-tation of about Rs. 100,000.

Apart from the monetary benefits, there have been many tangible project and personnel management benefits achieved by the project. To start with, now the company can easily track each task assigned and provide its status with respect to milestones and engineers.

For any project-based ITeS firm, it is extremely important to be able to correctly estimate the time and capture the require-ments of the project. This tool has been immensely helpful on both counts for LG Soft. We have been able to improve drastically on both counts.

Needless to say, it has helped in better proj-ect management also. Project managers now have a lot more control over the projects with easy to monitor dashboards and metrics. The need for project meetings has been reduced as a lot of communication about the project happens through the management tool.

All the data for metrics analysis is captured automatically without manual intervention. The engineer's timesheets are directly linked to the projects to ensure seamless integration and control.

Finally, the project also has Risk Manage-ment embedded.

FinallyBy thinking outside the box and taking a brave step by adopting an open source tool, LG Soft has been able to save thousands of dollars while improving efficiency in the organisation. A win-win on all counts.

The Indian IT-ITeS industry has emerged as a key growth engine for the economy, accounting to about 5.9% of the GDP and also contributing to increase in urban employment and exports. As per recent estimates

by National Association of Software and Service Companies (Nasscom), the IT industry is expected to grow by 13-15% in the fiscal year 2010-11 compared to a low growth of 4-7% in the last fiscal year 2009-10.

The IT/ITeS industry in India has evolved from a “Lift and Shift” model of mov-ing headcount in and out of India for projects at the lowest end of the value chain, to one where Indian players are aggressively bidding for and winning large scale turnaround projects hitherto the domain of global behemoths.

The upward movement in the value chain for the industry is expected to come through incremental and/or quantum growth. Incremental growth would be seen through innovation and expansion in the form of:

Emerging consumer sectors like healthcare, government, engineering ser-vices, etc.

Value innovation in service delivery like platform BPO.However, in order to move beyond incremental growth and ride the quantum

growth wave, service providers need to focus on game changing and commercially viable Intellectual Property (IP) development. The Indian IT industry has an opportunity to innovate and reinvent itself using cloud computing in a manner similar to the two previous disruptions – the Global Delivery Model (GDM) and the Y2K –which it turned to significant advantage.

GovernmentThe potential for increasing GDP growth rates by increasing telecom and internet penetration is now well understood by governments worldwide. In countries like India it also holds tremendous potential to make growth socially inclusive espe-cially in areas where mobile telephony, data services and rural banking converge.

The increased IT spending by governments in developed and emerging econo-mies has led to the government sector becoming a primary consumer of IT/ITeS services. As per IDC estimates, worldwide IT spending is expected to increase to US$ 1.48 trillion in 2010, which would be largely driven by the government sector. For example, total government spending for hardware, software, and IT services in Western Europe alone will increase from $56.6 billion in 2008 to $68.5 billion in 2013.

The Indian IT-ITeS industry is gearing up for disruptive growth strategies By Hari Rajagopalachari

Full Blast



The IT spending by India's public sector is expected to grow to US$5.1 billion by 2011, indicating a compounded annual growth rate (CAGR) of nearly 19% from 2007 to 2011. More than two-thirds of the total IT spending will be undertaken by the central government, with state and local governments contributing to the rest of the spending. For example, increased spending by the Indian government on large turn-key IT projects like the Unique Identification (UID), Passport Seva etc. are attracting major global service providers.

In view of the governments’ deep pockets and given the immense scope and scale of various national projects coming up around the globe, this sector would be a key area of growth for IT.

Platform-BPOReady-to-market platform based offerings would serve as the back-bone for growth and help showcase expertise. Platform BPO, a bundling of technology, consulting and BPO, helps in creating and delivering transformational value using strategies such as global sourcing, technology innovation and process optimisation; thus enhancing operational efficiency and also helping the customers to move from a capex to opex model.

The real advantage of platform-based BPO is that it can and does appeal to mid-sized and small companies. With demand from cli-ents on more value addition from outsourcing contracts, platform-based model would be of great help as they offer economies of scale and process standardisation.

Platform BPOs are also becoming important in the context of inte-gration. The BPO subsidiaries of most large IT companies that were separate entities until a few years ago are now being integrated with the parent company to leverage the opportunity presented in the integrated IT and BPO space. Clients are moving from the standard deals towards transferring ownership of processes and are increas-ingly showing preference to purchase services from one established end-to-end solutions provider instead of going to different vendors for different services.

Cloud ComputingCloud computing in one of the key technology/focus areas in the IT/ITeS sector and many enterprises are keen to use it as a platform. Implementing cloud computing as a platform will help enterprises save capital cost by directing them towards operational costs. The innovation that cloud computing offers is expected to raise IT’s

value proposition from being merely an enabler of competitive strat-egy to becoming a source of competitive advantage.

Gartner estimates the market for cloud services will grow from US$70.8 billion in 2010 to $150.1 billion by 2013. The compound annual growth rate (CAGR) varies widely between different types of services, but overall CAGR has been calculated at 26.5%. Other studies suggest that the market is entering a period of acceleration in terms of cloud adoption - from 15-25% of organisations making the move today to 25-45% in three years' time. According to a recent study by Zinnov, the current US$ 110 million-cloud computing mar-ket in India is forecasted to reach about US$ 1,084 million by 2015. There are several multinational and Indian companies entering the cloud space and trying to drive business relevance of its solutions for both Indian and global customers.

According to a recent CII-PwC survey, about 60% of the service providers are open to using cloud computing and nearly 56% of cli-ents surveyed were open to the concept of cloud computing primar-ily for its advantages like lower implementation time, easier product maintenance and faster delivery.

Cloud computing has allowed the smaller Independent Software Vendors (ISVs) access to customers that they could have never had otherwise. This has allowed smaller ISVs to be based on cloud plat-forms (such as Azure, App Engine etc) and make themselves avail-able to global customers, thereby, significantly reducing their cost of sales. This has also increased the flexibility for end customers and increased the choice of products and services.

The benefits of the cloud are not just being tapped by smaller companies. Bigger companies are vying for large cloud computing deals, creating private clouds and are looking at creating separate service lines for cloud computing.

However, in order to generate sustainable strategic advantage, it makes sense for service providers to look beyond linear growth and focus on game changers in the form of commercially viable IP (intellectual property) creation.

About the author: Hari Rajagopalachari is India Leader for Technology

Practice PricewaterhouseCoopers

“With demand from clients on more value addition from outsourcing contracts, platform-based model would be of great help as they offer

economies of scale and process standardisation.”



The utilities business value chain has several unique business func-tions that are not typically seen in other industries. Even within enterprise-wide functions that are

common across other industries, the critical processes and Key Performance Indicators (KPI) differ for utilities. Each of the business functions within the utility has multiple busi-ness processes and sub-processes.

For example, the asset management func-tion has sub-processes like plant engineer-ing and asset maintenance, that is, plant maintenance and operations. Operations in a utility are usually very complex, requiring huge amount of data to be managed under strin-gent regulatory conditions with a very wide and demanding customer base.

For Delhi-based BSES Power Limited, a company with an annual turnover of around 8169 crore, the situation was no different.

“To ease out the work of the operations team within the company, we initiated automation of

business processes enabling better customer care, and covering automation through imple-mentation of ERP, SAP IS-U/CCS,” says Karan Singh, VP-IT, BSES Power Limited.

IS-U/CCS is an industry solution from SAP which addresses the needs of a customer oriented utility company. The solution encom-passes Customer Relationship Management (CRM) and Business Warehouse (BW).

The project was called as Enhanced Data Generation for Enterprise or EDGE that was conceived and implemented targeting one lakh consumers in Phase-I towards migration from legacy application to ERP. The modules successfully implemented included Billing, Device Management, Financial and Contract Accounting and Customer Service.

“As ISU has hardly been implemented in India by any enterprise because of its com-plexity, cost and availability of skill sets, it became a challenge for us to migrate our existing billing data and make it live for one lakh customers,” says Singh.

The implementation was achieved by first mapping the business process, preparing a Business process document(BPD), taking a signoff from business, mapping as-is process to required process and then automating the same in SAP ISU/CCS.

The EDGE framework was developed by keeping in mind a customer centric view that allowed the team easier tracking of customer behaviour and usage pattern. The integrated system is flexible and future proof and can be configured to handle changing business needs and demands. It can handle concurrent users and millions of customer accounts.

“Some of the most innovative aspects of this project were seamless migration of live billing data from legacy to ISU/CCS with zero glitch and the handling of change manage-ment issues without any operational pause,” says Singh.

The total cost of the project was around 21 crore and the company expects to recover the RoI within a year or two.

CASE STUDY | BSES

BSES Power ensures smooth migration of live billing data for one lakh customers By Ashwani Mishra

BSES Power ensures smooth migration of live



Electricity distribution utilities are finding new areas for IT deployment By Sambitosh Mohapatra, and Debasis Mohapatra

Action in theCorridors of Power

Due to the inherent nature of its business, the electricity utility industry, especially organisations providing services of distribution and retail supply, face some unique challenges

in implementing IT solutions.The unique differentiating factor is that unlike other products and commodities, electricity cannot be stored. Also in this sector, customer categories are varied and complex – across voltages, rate slabs and type of connections. Electricity pricing and services are subject to oversights from central and state regulators unlike other products or commodities. Controls in organisations and their outcomes also vary depending on whether the organisation is held by the Government or public or private. Unlike other products, it is difficult to attach a differentiator to the electricity being supplied; differentiation, though, can only be made in customer services – faster connections, speedier complaint resolution, etc.

IT implementation experienceDespite operational and implementation related complexities, utili-ties in India are gradually agreeing to commit upfront investments in IT and operational systems given the level of increasing customer expectations and regulatory standards. These systems aim to reduce human interface in operations and increase manpower productivity.

Some of the major technologies and systems being deployed in Indian utilities are as follows:

Prepaid meters: Prepaid metering is slowly and gradually gaining a foothold in the Indian Power Sector. A number of government / public and private owned electricity distribution utilities in India have embarked upon such initiatives. This initiative across India is in the nascent stage and the scale of prepaid metering in most of these utilities is restricted either to a few pilot implementations or a select category of consumers. Studies worldwide has shown signifi-cant benefits of prepaid metering both from the consumer and utili-ties point of view; however, it will be sometime till such results are experienced in India where there is a need to change the mindset of customers who are still used to the post-paid metering systems.

Customer indexing and GIS database: In 2006, a state-owned utility in Western India implemented a Geograph-ical Information System (GIS) for better management of electrical network and customer services. In phase one of the project, eight major towns under the geographical coverage area of the distribution utility, comprising 55 electricity distribution feeders were included for updat-ing and verifying consumer data. In phase two, another

1104 feeders were covered by the project. This initiative provided the utility a complete visibility of its customers across various categories in its electrical network. It further helped the utility to establish a base for future deployment of solutions to manage its network assets as well as for advanced metering initiatives. Under the Restructured APDRP1 of the Government of India, more and more utilities are undertaking these initiatives.

Enterprise Resources Planning (ERP): In 2006, a private sector utility in Northern India felt the need for a standardised solution with faster response time, automation and integration; application for managing planned / unplanned maintenance and breakdowns; improved application / control for asset management; better project capitalisation; integrated mechanism for reporting; mechanism for traceability and tracking of transactions, and employee self-service facilities, among others. The ERP initiative of the utility was also driven by the emerging concept of Smart Grid. The second phase of ERP initiative focused on implementation of SAP IS-U in the areas of customer care management, connection management, meter management, meter reading, revenue billing, revenue recovery, revenue collection and energy auditing is under way. Through these initiatives, the utility intends to achieve standardised business pro-cesses in billing and customer services and enhanced decision sup-port for regulatory and statutory compliances.

Advanced metering: An electricity distribution utility in Northern India initiated a pilot project in 2009 on advanced technology meter-ing by installing ‘smart meters’ in 500 households. The objective of this experiment was to study the feasibility of installing smart meters in India. From this study it was inferred that this technology can help the utilities drastically cut losses due to power theft and improve interaction with the consumer. Through the use of smart meters the pattern of consumption can be known which can help regulatory bodies introduce “time of the day” pricing — higher rates

during peak hours and lower during non-peak hours. The utility has received feedback from 500 consumers with most of them being happy with this initiative. The cost of a smart meter is considerably higher than regular meter but the benefits from this are more than the cost involved considering the power shortage scenario in the utility’s coverage area.

About the author: Sambitosh Mohapatra is Associate Director

and Debasis Mohapatra is Senior Manager, Energy Utilities

and Mining Practice, PricewaterhouseCoopers

5ooNumber of smart meters installed

during a pilot project in 2009 by a utilitiy in

Northern India

NEXTHORIZONS


Security as a Service – It makes sense to have email and Web threat protection in the cloud

AUTHOR SAYS

Over the past few years, more and more businesses have turned to software as a service (SaaS) to bring down costs. One category

of offerings, which we'll call "security as a service" deserves special consideration. More and more traditional software secu-rity vendors are developing and enhancing their service based offerings. These offer-ings typically include protection against Web and email threats, monitoring of inbound and outbound network traffic and assessing an externally facing website for potential vulnerabilities.

While all vendors argue the appeal of reduced costs, only a few vendors argue that their solutions are better offered as a ser-vice. This is a market in transition. I've been testing security solutions for years so I've been lucky enough to have a good vantage point for this transition. Most of these solu-tions were software only. Then many added centralised management and some shipped on appliances.

The earliest security as a service offering merely moved this centralised manage-ment console into the cloud. This was a good start, but fell short of leveraging all of the advantages of the cloud. Offer-ings have gradually matured to utilise the strengths of the cloud. For example, Panda

When it makes sense to woo the cloud for security, and when it doesn’t. BY MATT SARREL

The SaaS Romance


ligence network analyses hun-dreds of millions of suspected malware files every day.

Symantec Hosted ServicesSymantec offers Hosted Endpoint Protection (anti-malware, software firewall, HIPS for Windows desktops laptops and servers) as well as email, Web, and instant messaging

security via MessageLabs. It gets interesting when a company subscribes to multiple services and can then begin to assess threats across multiple vectors in order to mount a unified defense.

Zscaler Cloud ServicesUnlike the others mentioned above, Zscal-er was built from the ground up as a cloud security service. The solution requires nei-ther hardware nor software to be installed at a client site and provides integrated Web and email security. Keeping an eye on performance, the company has over 40 data centres around the world and its offering is built around a multi-tenant architecture. The Web based management GUI has a very Web 2.0 look and feel with flexible dashboards.

— About the author: Matt Sarrel is executive

director of Sarrel Group, a technology product

test lab, editorial services and consulting

practice specialising in competitive intel-

ligence. He has over 20 years of experience

in IT and focuses on high-speed large scale

networking, network security, information

security, and enterprise storage. He can be

reached at [email protected], Twitter: @

msarrel. This article has been published with

prior permission from www.cioupdate.com.

Security saves local processing power by analysing malware in the cloud, not on the desktop. Many other vendors also make use of a cloud based infrastructure to con-duct deeper and faster malware analysis. They can have more horsepower than what a single client site can provide plus integrate threat information from many clients to create an accurate understanding of the threat landscape.

Pros & cons Although more and more security func-tionality is being built into these offerings, security as a service still has its pros and cons. Firstly, many solutions still require a software agent to be loaded onto each end point. This is almost a necessary evil so look for solutions which automate deployment and updates of software agents.

Remote workers are a natural choice for security as a service but they aren't on your network so why do they need to use your internal security services? They can access the solution provider's data centre just as well (or better than) yours so let them. Look for SaaS solutions that try to improve the security process, not those that merely claim lowered TCO and fast ROI.

It makes sense to have email and Web threat protection in the cloud primarily because that traffic flows across the Internet and can be cleaned before even entering a corporate network. It also makes sense to apply some basic traffic rules, such as those that drop denial-of-service (DOS) attacks for the same reason.

Carrying it a step further, however, it does not make much sense to deploy a firewall in the cloud. Such devices require immediate access to all network traffic and relaying such traffic back and forth between a SaaS provider would make net-work services mind-numbingly slow for users. Likewise, solutions that are heavily tied to internal resources, such as authen-tication and access-control software, also work better on-site.

Always negotiate an SLA when contract-ing for security services. What happens

if you are routing all Internet traffic through a security service provider and somehow service is compromised? It's unlikely that a SaaS provider will fail completely. What's more likely is that there might be a per-formance glitch so an SLA is imperative if you are going to get your money's worth.

Here's the rundown on a few recently updated security as a service offerings:

McAfee Security SaaS McAfee offers a number of outsourced services such as endpoint, email, web, and network protection in an outsourced model. McAfee SaaS Total Protection offers much more than a snappy name. This basically replaces McAfee's traditional suite of onsite security software to protect endpoints from email and web threats.

Panda Security Cloud ProtectionThis service protects endpoints against email and Web-based threats. This is the third major enhancement to Panda's plat-form which means that it's mature. Early on, Panda realised that the way to go is to have an extremely lightweight client agent that merely communicates with a big time cloud infrastructure that does all the heavy lifting. This minimizes the burden placed on user systems. Panda's collective intel-

95%ORGANISATIONS

EXPECT TO

MAINTAIN OR

GROW THE USE OF

SAAS

N E G OT I AT I O N S N E X T H OR I ZO N S

While all vendors argue the appeal of reduced costs, only a few vendors argue that their solutions are better offered as a service.


N O H O LDS BARR E D M A H E N D R A N E G I

Mahendra Negi, COO & CFO, Trend Micro has been acknowledged as one of the top Internet analysts in Japan. In a freewheeling discussion, he touches upon various issues that concern the information security industry.

Do you think that information security should be

centralised or that parts of it should be managed centrally?This is a topic where we struggle to reach a consensus. The discussion is especially important to us as we are more sensitive to this issue, because as a security vendor, we cannot afford to have a security breach.

As we transition towards the knowledge industry, I think decen-tralisation is almost inevitable. The line between employee and contrac-tors, outsourcing and vendors will eventually blur and there will be more of telecommuting global organ-isations. This trend is being driven by business requirements, and you can't say no to that.

That's when we need to figure out what are the security risks involved and how are we going to address them.

There is a lot of buzz around deploying DLP. What is your

experience on this?I think there are two kinds of users. One user thinks of compliance. They feel if they do not have a DLP solution then the compliance audi-tors will point it out. The other user thinks about his enterprise risk and data loss; for example, a small out-sourcing company like a chip design company which gets the require-ments from a major customer. If it’s only a 50 employee company, it will be disastrous if an employee leaks critical information to a competi-tor. The company may even have to shut down. However, since it is a 50 employee firm, the management doesn't bother despite the issue being very critical to them.

At the other extreme, from my perspective, 75 percent compliance

is good. I tell our auditors: it’s not a painting competition where I have to stand first; I'm fine if I pass, for that I'm willing to cut some cor-ners. So in my mind I do this cal-culation: frequency of occurrence of an event and the impact of that event. Look, if that event occurs every 50 years but has large impact as compared to an event that hap-pens every day but has no impact, are you going to do something about that?

However, for certain events, I will have to self-insure. For example, if I have to store data for 10 years and I store it only for eight since nobody asked for it. And then one day some-body asks for it, I am done! I may even lose hundreds or thousands of dollars in compliance in addition to other hassles. And such events hap-pen once in five years.

NAME:Mahendra Negi

DESIGNATION:COO & CFO, Trend

Micro

DOSSIER

DLP should be adecision based on

Requirements


M A H E N D R A N E G I N O H O LDS BARR E D


N O H O LDS BARR E D M A H E N D R A N E G I

It should be a decision based on requirements.

You're based out of Japan, but travel to India quite often. So what

are the trends that you see in India vis-a-vis Japan, in terms of security, awareness and types of threats. Japan is a small country but with a higher level of security awareness. We wouldn't have the same frequency of security events as India, but use of IT in India is more innovative because there are many con-straints in India. Indian businesses have to work around such constraints and so in some ways that is a challenge they face but that is also what the hackers will exploit. I think the big difference is that evolution in India is much faster.

Security is a process: absolute security is a myth and will always

be. We now see more sophisticated SQL and blended attacks. The cycle of hackers exploiting loopholes and solution providers creating solutions to counter then - will this keep going on or is there any other solution?We have to follow the hackers, because for us to cover all possibilities is too expensive. Assume you have to break into a house with 20 windows: if we make it completely bulletproof and you walk in through the door, isn't all that protection a waste? We would have to figure out that you have entered and react fast upon it.

One interesting development is the new detection rate coming from third party ven-dors. We considered detection as the only metric, but the other metric is time to retali-ate. 99 percent detection is nothing if you take 6 months to protect. So time-to-protect, from the first time the threat was analysed, is criti-cal to ensure a comprehensive solution.

What are the different kinds of attacks we may observe three years

down the line?Three years down the line when we recruit employees mid career, especially if they are from big organisations, would we ask about the strategy document? One of the major reali-ties of this business is you can't have strategy documents of all kinds; hence, an investment that make an organisation agile is a good

investment. Vectors might change, technology might change, so we have to evolve, otherwise we might be out of business.

Hackers are always one step ahead because they are the ones who will exploit usability. In my view, an unconnected computer is saf-est. Dial up is better than broadband, which is better than wireless but people are driven by usability. That's why there's the need for cloud. The CFO wouldn't care what name we give it; he is driven by the cost whereas some people are driven by its usability. So if usability is driving cloud adoption, then security needs to catch up because hackers will exploit usability.

So what we need are "invisible body-guards". If you wanted to go to Chandni Chowk (in Delhi) for a stroll but due to the high crime rate in Delhi, the invisible bodyguard warns you not to and you heed his warning, then you are safe. However, if you're flanked by bodyguards, it'll take the fun away. Hence, if we made security very hard to use, then people won't use the Inter-net. We want to make it as unobtrusive as possible, giving freedom to users.

Where do you see the shift from the host-based platforms heading to?

If you shift from the host, you have to go to the cloud, there's nothing in between, and from our experience we have been arguing for a number of years on this. Our concept was that enterprises need to block the threat from coming in rather than detect it. Ten years ago we identified that most threats came from email, and today 90 per-cent malware comes from the Web. Ulti-mately, it may be that the host may become irrelevant, because if everything moves to the cloud at some point of time, the device is just an access tool.

What is your opinion on white listing?White listing and black listing are

solutions but neither of them is a silver bullet. White listing is a major task, even vendors such as Microsoft don't digitally sign. You can't rely on this completely. What if the white list got compromised? What if someone did not digitally sign their file; there are so many updates being delivered everyday. So white listing is a

“One of the major

realities of this business

is you can't have

strategy documents of all kinds;

hence agility of the organisation

is the biggest investment.”

M A H E N D R A N E G I N O H O LDS BARR E D

good option but not a silver bullet. Same is the case with black listing.

Our objective is to provide security that fits. If you are a much disciplined organisa-tion then this can work, but for a decen-tralised organisation it’s tough. If your white listing and black listing did not work, you need to have a hybrid model. As the volume of files to be scanned is large, you also can't depend on some regular blocking update.

Enterprises are focusing on virtuali-sation. One of the things enterprises

do is that they create images to replicate things fast. Could this practice compro-mise the security of the organisation?We have specific solutions to address this. The other issue is that the Virtual Machine is on the move, because we're not just talking about anti malware. The customer wants to protect his content, but he doesn't care about what name you give it, because it's all the same from his point of view.

In a virtual machine, when the servers move, the policy addressing the physical

server isn't relevant because what you want to address has already moved, and you can't keep changing firewall policies. The beauty of vir-tualisation is that it is based on the peaks and troughs of resource allocation. So we need to address such issues and how security moves with the virtual machine.

The other issue is that if there are 200 machines in the server, are you going to scan 200 times? This will put such a strain on the resource of the enterprise that the whole purpose of virtualisation will go for a toss. So we have to address all these issues, which is how we are doing with VMware.

As a CFO, I had the same challenges: some virtualisation is slam dunk for me, and some worries me, as there is sensitive customer data. I worry about security; if your sales pre-sentation gets corrupt then you are in a prob-lem. So I worry about security.

The vendor must explain how these con-cerns are being addressed; this is what we are doing with VMware. When VMware goes to customers, we have all the solutions to the problems mentioned.

As virtualisation gets prevalent, new

issues will come up. But these would be a combination of the ones we are already addressing: the resource utilisation issue, the management of virtual images as they move around, the updating, and so on. In our current product line, we have special security tools for virtual environments.

In the enterprise desktop scanner, the new version is virtualisation aware.

The problem today is that if your end point environment is partially virtualised, what do you do with your security solution? No one wants to deal with it. The IT manager wants to manage everything with one tool. If you use the existing tool, you'll immediately run into resource problems in the virtual environment because each virtual machine will be treated as an end point. Even though it will theoretically work, in practice it'll destroy the virtualisation effort. So our new products are virtualisation aware. As soon as they detect that your machine is partially virtual, the virtual machine will be covered by the other tool that removes the resource problem.


Even if change is important, establishing the right culture can take time. It may be worth the wait. BY MIKE SCHEUERMAN

POINTS5

DO YOU EXPLORE NEW IDEAS AND PROCESSES?

WHAT IS YOUR LEVEL OF RISK TOLERANCE?

HOW CRITICAL IS THE CHANGE?

CAN THE RISK BE MITIGATED?

HOW DO YOU PLAN FOR AND IMPLEMENT CHANGE?

MASTER CHANGE

ILLU

ST

RA

TIO

NS

BY

PH

OT

OS

.CO

M


CH A N G E M A N AG E M E N T T E CH F OR G OVE R NAN CE

3.How critical is the change to the company strategy? If the change is incidental to the operation of the company, easing the change in a bit more slowly may be more acceptable. However, if it’s mission critical, the company may support a more rapid change because everyone will understand that the change is important to growth or even survival.

4.Can the risk be mitigated, if not eliminated? Lowering the risk by putting together detailed plans for change and phasing the change in will help by giving the company a chance to absorb the changes more gradually.

5.How does your organisation plan for and implement change? Does it have a formal change process or is it ad hoc? More companies are finding that a formal change process is desirable particularly in light of the regulatory requirements of Sarbanes Oxley.

Preparing the company for continuous change is one of the things can be done to reduce the risk of change. Putting mechanisms in place to respond positively to change and take advantage of it will give the business a better chance of survival in a world that is constantly changing. Knowing the organisation and using your best judgment on what rate of change can be absorbed is the best way to keep the company moving forward. About the author: Mike Scheuerman is an

independent consultant with more than 30

years experience in strategic business planning

and implementation. His experience from the

computer room to the boardroom provides a

broad spectrum view of how technology can

be integrated with and contributes significantly

to business strategy. Mike can be reached at

[email protected]. This article has been

published with prior permission from www.

cioupdate.com.

I’ve had the opportunity to see the inside of many companies and one thing I’ve noticed is that every one of them has an optimal rate of change. For example, I recently had the pleasure of working with a great company where there were many long term employees. The executive man-agement team had been with the company nearly twenty years.

I was asked by the CEO to assess their technical capabilities and readiness for a growth spurt that he expected because the economic conditions were right for a series of acquisitions. As I went about interviewing the staff, I found that many of them had no idea why I was there and were nervous about what my report might mean for them. I found that the line managers where doing their job as they had always done it without taking a critical look at why they did it a particular way.

The problem wasn’t that they were unintelligent people, but rather that they had no experience with doing their job in a different way. Additionally, when a major change was suggested, it was endlessly discussed in committees until the suggestion died of boredom.

This is an example of a culture that was ossified and change was an anathema. There are many companies out there with that same kind of mindset. The attitude is that change upsets people and therefore it’s a bad thing. In these kinds of cultures the only way to inject change is to show that change can be a positive thing by initiating changes that bring a large benefit to a small

cross-functional group. Those changes can be easily absorbed and the small group becomes the seed for spreading the word that change doesn’t hurt.

One of the risk factors in initiating change is understanding the rate of change the organisations can absorb. It’s a bit like planting ground cover, a few little plants here and there, wait awhile and pretty soon they’re everywhere. The same thing happens when you introduce change in an organisation. If you gradually introduce the change and let everyone get used to it in small increments, the change will be more likely to be accepted. But if you try a big bang and change everything at once, people get uncomfortable and odds of making a successful change go down.

There’s no easy answer to changing an organisation’s attitude toward change. You have to understand the organisation, its goals, and its culture to assess what rate and volume of change it can absorb. While eval-uating your own organisation's tolerance for change you will want to think about:

1.Does your company routinely explore new ideas and processes? There is always some risk in doing new things, but if they openly accept change, the organisation is probably more attuned to risk evaluation and does things that generally mitigate risk.

2.What is your organisation’s level of risk tolerance? Some organisations are much more risk averse than others.

When a company hires a consultant to assess their systems, they are really asking if everything is being done well. They’re also asking is there is anything that should change – and therein lays the rub. Change is difficult for many people and particularly hard if you don’t know why things should change.


TE CH F OR G OVE R NAN CE C I O - CF O RE L AT I O N S

Business income gets generated in two basic flavours: high-er sales or lower costs. This year, sales growth is clearly the focus as customer wallets start to open a bit wider. And to support growth across the business, most IT leaders now

face a conundrum: how to meet higher user demands with budgets still very tightly held.

In conversations with other CFOs, I have found that financial fund-ing correlates not only to strategic initiatives, but also to teams and people being associated with making money for the business.

Open communicationI realise that P&L forecasts are not things IT professionals think about first thing in the morning. And it’s true IT investments rarely take a straight shot into future revenues and income. But to facilitate this association, IT leaders need to know where their business is making money and growing. They can most effectively do this with open com-munication with sales leaders and their CFO.

By engaging in ongoing conversations about business goals and objectives, you can start to target where to align your time, people and capital. And that’s precisely where the IT alignment path begins.

To accomplish this task, I recommend three basic steps: Ensure projects are aligned. Today its table stakes to align your proj-

ects with a core business strategy. But that alone doesn’t guarantee funding. You need to show that money spent on IT today helps your organisation earn more money tomorrow.

Review your results. An important next step is making time for post-launch analysis. This is perhaps the most common oversight I’ve seen. I just can’t understand why some IT teams consistently stop short of reviewing their projects and publicising how they con-tributed to increased revenue. An IT team I heard about recently provides a great example of how it should be done: They imple-mented an ERP system and followed-up with metrics from finance that showed a dramatic improvement in receivable collections and cash flow after the new system went live. Because they took time to review their results, this diligent IT team associated its efforts with positive financial metrics all year long.

Share successes. Successful IT leaders must be good story tellers and be able to back up their stories with facts that resonate with busi-ness leaders -- like how sales rose 30 percent after a new distribution centre came online. The best IT story tellers are able to pinpoint an exciting business event, and show -- in non-technical terms -- how IT helped make it happen. Examples of this kind of team spirit also make a CFO much more comfortable approving future funding requests.

The Hidden LinkShowing the link between technology and revenues will help you get more money out of your CFO BY GREG BAKER

Charge forward not backSome time ago it was popular to allocate IT overhead costs and charge them back to specific business units. Often, the result of these efforts were complaints that the charges were unfair. The net result was IT was viewed as a tax collector. Instead of doing charge-backs, more leaders today are working to associate their support with high poten-tial profit areas. While it may take more thought, you can creatively do this by showing things like:

How many sales leads marketing gets from the IT-enabled website? How many new customers were acquired since a product launched? How much airfare costs fell with a new videoconferencing system?Branding IT as an enabler of revenue growth creates more interest-

ing conversations around the office and (take it from me) helps loosen a CFO’s grip on the cheque book. Aligning IT with revenue fuels faster innovation by focusing IT resources where the business action is. Sharing business objectives also boosts team morale because IT is more tightly associated with business wins.

Be patient, but persistent; it takes time to transform your image from a cost centre to a profit centre. Doing so demands quality time spent with sales, operations and finance leaders. It’s all about asking ques-tions that demonstrate IT wants to learn about sales and income trends, and how their efforts later reflect on the income statement. It’s about making everyone believe your core competency is supporting customer needs and business growth, not just blinking lights in the data centre.

When you can draw clear lines between your IT costs and business income, you make IT far more relevant in the process. And I’m will-ing to bet next year’s budget gets bigger as well.

About the author: Greg Baker is the chief financial officer for Logicalis.


HIDDENTANGENT

Customer is Always RightThe role of IT in enhancing customer delight

erators in the locality). He was also ill informed and not prepared to handle the problem. He left with the prom-ise of sending an expert – who never came. We promptly received a SMS stating “You complaint no. 12345 has been closed successfully, thanks for contacting customer support.”

There are a couple of problems here – one in the form of an ill informed customer executive with a system not equipped to capture all the details and second in the form of processes that are not tight enough. They are probably designed to help the customer – but clearly they are not working.

Can technology not help us here? We all talk of Business Intelligence and better dashboards on ERP, why are we not talking enough about customer help systems? The cus-tomers generally contact one of the least paid and trained employees in the organisation – the customer support executive. I know it is the most mundane job in the enter-prise, but can we not empower the employee to be extremely well informed of the customer?

Some telecom companies and

THIS TIME my column is more about questions than answers and I would like to get as many opinions from CIOs who are reading it, as possible.

We have this enormous refrigerator that looks like a cupboard – with the freezer on the left and the refrigera-tor compartment on the right. The refrigerator is as good as it is unique. There are only about six of the same kind in our locality (as told to me by the technician who came to repair it). The boon of uniqueness is also the biggest curse for such devices.

The problem started when we wanted to get the refrigerator ser-viced. The experience was nothing less than horrifying. How difficult should the process be? You call the customer service helpline – they take down the complaint – give you a complaint number and send the technician home. Not so.

It took six disconnections and 45 minutes to lodge that complaint. And, when the engineer actually landed up, he had no clue of what part to check and the source of the problem. He was not an expert on these kind of refrigerators (though he knew the number of such refrig-

banks probably do a better job of this than most FMCG or consumer dura-ble companies. A good system could help the organisation in not only sav-ing money, but increasing customer delight, making the customer come back for more.

Also, I feel that the processes are not strong enough to ensure that the complaint loop is closed properly. There are easy workarounds for employees to bypass the complaint process and there are no proper checkpoints and alerts. Even if these things are built in the system, prob-ably the system is not reviewed on a periodic basis to ensure that they are working optimally.

I would be delighted to know if any such processes and reviews exist in the customer relations software that are used. If yes, what are they and how are they managed? If not, are there any other solutions that you use to ensure that your customers are always delighted when they con-tact your company?

Do share your experience! I am sure many of us here can benefit from the knowledge.

THE AUTHOR IS Executive Editor, CTO Forum

“We all talk of BI and better dash-boards on ERP, why are we not talk-ing enough about cus-tomer help systems.”

GEETAJ CHANNANA [email protected]


Thoughts on IT Cost CuttingAvoid wax build-up in your IT organisation

DURING a recent business re-org, one of our long-time insurance cli-ents took the opportunity to strength-en their enterprise IT function by centralising it. One of their first orders of business is to review the IT estate for opportunities to simplify.

Review all maintenance contracts, cut wasted spend We are looking at less space &

more virtual teaming Would get virtual machines, and a

tool to manage VM’sTo summarise these proposals,

they centre on spending less on physical assets, making better use of staff and more fully leveraging tools to work smarter.

Diamond’s IT Cost Optimisation FrameworkMost CIOs I talk with think they can improve process consistency, reduce or eliminate lower priority initiatives and get higher levels of productivity while reducing costs through simpli-fication. This is a big goal, but one I have seen some do successfully as long as they do the right things in setting up, building accountability for a staffing the resulting roadmaps.

We think that there are four basic techniques leaders have to lower overall IT cost – we have seen some real improvements as some of our clients have applied them.

1.Environment Simplification - A

Before I get into Diamond’s answer to this, I thought it would be interest-ing to see what others would do. So, I asked the Twitter #CIO crowd for their top 3 ideas for IT cost cutting. In addition to the tongue-in-cheek “Fire the CIO and CTO” answer, there were several good ideas offered. Thanks to @mcgoverntheory, @dougnewdick, @sethgrimes, @jtbau-er, @elliotross, @vpsingh, @smith_marty and @chrisonea for their thoughts.How To Cut IT Costs – CIO Twitter Community Perspective: Eliminate buildings and promote

telecommuting HW/SW maintenance and 3rd

party licenses, telecom, virtualisation and open source Not use process as substitute for

competence Spend less on consulting Rigorously scrutinise business

cases before and check the actual benefits after IT projects

I had an IT boss who said he’d fire half his staff if he could. IT advisor replied (privately), Yes, the wrong half.

THINKINGBEYONDCHRIS CURRAN | [email protected] CHRIS CURRAN is Diamond Management

& Technology Consultants’ chief technology

officer and managing partner of the firm’s

technology practice. He writes the CIO

Dashboard blog at www.ciodashboard.com

Organisa-tions wait to Simplify the IT estate, resulting in something my partner Paul Blase calls “waxy buildup.”

Current State

IMPROVING THE VALUE OF IT

future State

Cos

tVa

lue

D: Discretionary, ND: Non-Discretionary

ND

(70

%)

ND

(50

%)

valu

eD

(50

%)

D (

30%

)

43

21


CO S T CU T T I N G T H I N K I N G B E YO N D

Effective mobilisa-tion - with a clear road-map and assigned leadership - was the strongest indicator of high perfor-mance.

Inside the HuddleConnecting Strategy with Execution

WE'VE hit the point in the summer in the US when football training camps are almost upon us—one of our favourite times of the year. Football, in our opinion, more than other American sports, exemplifies the three dynamics we at Diamond use in assessing a company’s “Digital IQ”—Strategy, Mobilisation, and Execution.

Well in advance of a football team’s next game, the coaching staff must put together an overall strategy. In the days leading up to the game, the coaches and players then walk through every detail and scenario they might face—preparing for battle by mobilising all available resources and assigning appropriate account-ability. On game day, if the initial strategy proves to be sound and each player effectively fulfils his role, the team will walk off the field with a win, having executed the game plan.

Among the 724 respondents in our third annual Diamond Digital IQ study, we found that effective mobilisation—with a single, clear organisational roadmap and assigned leadership and accountability—was the strongest indicator of high performance. All

banking client reduced the complex-ity of its deposit process by 75% to reduce the number of systems to two.

2.IT Organisation Design & Sourcing - A major school district established a competitive bid process which resulted in negotiated savings of over 15%.

3.IT Spend Analysis & Portfolio Management - A major North Ameri-

football teams have separate coaches for the offense, defence, special teams, and various positions, but success comes down to the level of detail in the preparation. On any given Sunday in the NFL, a game-changing play could depend on a single block by an offensive lineman. Consequently, the lineman must remain accountable to the team as the game’s outcome hangs in the balance.

In the corporate world, too many companies struggle with the mobili-sation phase, leaving them with no way to connect strategy and execu-tion. For example, detailed planning and budgeting of finances, time, and resources often take place too late in the game and an organisation winds up backtracking—and backtracking is expensive.

In Diamond’s Digital IQ study, more than two out of three of the highest-performing respondents indicated they have a single roadmap for their overall corporate strategy. This compares with less than half of the lowest-performing quartile. Moreover, 54% of top performers indicated they could mobilise the proper resources to execute the

roadmap, compared with 25% of the bottom-quartile respondents.

The majority of business and IT leaders believe there are only two parts: strategy and execution. As a result, they are not able to get the maximum value from their initiatives. Where does the responsibility for this reside? Is it the CIO’s fault for focus-ing too heavily on internal-facing proj-ects? Does blame reside with the CEO for failing to champion technology?

We’re seeing more innovation today than at any other point in the history of information technology, but “putting pen to paper” is a long stretch from going to market.

At the beginning of football season, every team is tied in the standings and hope abounds among each team’s fans. A team will stay com-petitive throughout the season if it gets all three facets—strategy, mobili-sation, and execution—right. But the team that executes best will always be in position to win, and execution depends on meticulous mobilization.

So where does your organisation’s “Digital IQ” sit in the standings? —Coauthored by John Sviokla, vice

chairman of Diamond Management &

Technology Consultants.

can insurer analysed its IT spend and was able to reallocate $300M in “non-discretionary” spend to strate-gic projects.

4.Delivery Throughput - A finan-cial services company implemented an SDLC framework to move to a more mature level of process disci-pline using CMMI, and standardise the competency requirements of

solution delivery staff and expect a 10-20% improvement in project delivery efficiency.

Simplifying the IT estate is some-thing that many organisations wait to do, resulting in something my part-ner Paul Blase calls “waxy buildup.” Whether you wait 3-5 years or or try to keep the house tidy every year is your choice.


HIDE TIME | BOOK REVIEW Auth

or:

Alan

Axe

llrod

“His life is a true example

to the business environment”

Lead like Mahatma Do no evil, and many more lessons

environment of the twenty-first century.

In order to tackle the growing uncertainties and complexities of today's business, Axellrod takes a deep look into Gandhi's philosophies by breaking down his leadership strategies into 14 key facets and 100 lessons, each illustrated with quotes from Gandhi and representative situ-ations from his life.

It analyses the importance of a stress-free ‘human value oriented’ work culture rather than a nerve-wracking and unorganised target-specific enterprise civilisation. It says that a leader, like Gandhi, must act with the well-being of every stake holder in his mind. Seeking to effect change, Gandhi stressed on ways to change outcomes rather than ways to change people. The author identifies this approach as an example for any-body whose job is to lead an organi-sation through change.

One of the most interesting topics the author discusses in this book is the essence of truth in today’s

GANDHI, a CEO? Can this saint-like figure from the pre-independence era with his message of nonviolence and loving the enemy inspire new age business leaders?! Well, this is how I reacted when I first saw the book at a bookstore. The answer, sur-prisingly, is yes. Authored by Alan Axellrod, this inspirational book looks at Gandhi, born in 1869, in a modern light, focusing on his leadership style that can serve as a guide to aspiring as well as existing CEOs. It tries to core-late Gandhi's thoughts and actions to a modern day complex business environment and identifies truth, non-violence, the philosophy of do or die and sacrifice as critical traits that a CEO should focus upon.

But aren't the complexities of today's businesses vastly different from those of the times that Gandhi lived in? Not so. According to the author, the variety of circumstances in which Gandhi fought make his canvas of struggles bear much simi-larity to the multinational business

value-driven economy. Going by Gandhian values, he suggests that a great CEO needs to be transparent in his approach in order to guide and inspire people in an effective way. He has justified its relevance by citing examples from the sudden collapse in 2008 of many major banks and venerable security firms, which, for decades, were evading the truth.

The author, however, fails to expound on the complications that a transparent business model may lead to during recessionary times.

With all due credit to Gandhi, however, one must not forget that aspiring for a full-fledged, utopian model within the present day busi-ness model may result in some very unintended consequences.

The book is recommended for second generation entrepreneurs and business leaders who are trying to make their presence felt in any industry. Written in a simple and lucid style, it aims to be of value to young CEOs who are aspiring to become people leaders.

ABOUT THE REVIEWER

Jatinder Singh is

working as senior

correspondent

with IT Next, a

magazine for

aspiring CIOs.


HIDE TIME | CIO PROFILE

DIPESH THAKAR CTO, Destimoney

HOME IS WHERE THE HEART ISThakar come from a traditional Gujrathi family where the religion and respect for elders are very important values. A family person Thakar likes to spend time with his extended family. Playing on his X Box or cards with his wife, Bhumil, and parents is his recipe to unwind. As also going on long drives and meeting friends and peer group.

PRACTICE TILL YOU ARE….His favourite book is Outliar! by Malcom Gladwell. “I liked it because of the 10,000 hour rule that it talks about. You can be perfect in anything if you practice it for 10k hours.”

A TRIP IN THE DARKThakar’s most memorable trip to date remains his trip to Phuket. “We ventured into the sea in kayaks visiting the caves in total darkness,” he recalls.

PH

OT

OS

BY

JIT

EN

GA

ND

HI

remember his emphasis on ‘discipline and high morale’ which always brings success,” Thakar says.

Over the years, Thakar’s roles have seen him build skills in areas ranging from IT infrastructure to application management to IT strategy and governance. How does

WELL begun is half done? Maybe, but for one CIO who plans the road map for an organisation looking many years in future, it’s getting to the finish point that really matters.

Meet Dipesh Thakar, CTO, Destimoney (earlier known as Dawnay Day AV), a financial services provider. Building the basic infrastructure and get-ting the processes right is important for him, but that’s just the first of the three phases of his planned tenure in an organisation. The second phase is all about optimisation of costs and time. However, the one that gives him a high is the third one, when it’s time to enable the organisation in a way that gives it an edge over others and fetch “disproportionate returns” in the process!

Thakar got his hands into all-things-IT at an early age. While still in col-lege, he assembled computers for businessmen in his locality. His curiosity about technical devices had been stirred much earlier — during his school days — when he recalls he was interested in how things work, though he never topped in class. One of his favourite periods was NCC; particularly those when his NCC instructor would teach survival tactics. “Even today, I

Going For Perfection



Saluting the cops: Thakar credits the Mumbai police for actively campaigning on the need to be alert about not just security issues, but information security issues too. “Some of the government officials are very knowledgable and dedicated,” he says. Thakar feels that after the 26/11 terrorist attack, the Mumbai police have really got their act together.

Technology to the rescue: Putting his tech

skills to good use, Thakar’s worked actively with the

Bombay Technology Club to share best practices

when it comes to information security.

The right path and the comic stuff: “Argument is bad but discussion is good,” Thakar

quips. Ask him why. “Because argument is to find out

who is right and discussion is to find what is right!!”

For all his serious talk, Thakar loves Hindi movies that

make you double up with laughter. Jo Jeeta Wohi

Sikander and 3 Idiots are among his all-time favourites.

Snap Shotone manage to work on keeping the lights on in the organisation while keep-ing abreast of the latest in technology? “The trick lies in aligning personal goals with those of the organisation,” says Thakar. “With every project I under-take, I put my soul into its execution to make it successful.”

Thakar was instrumental in setting up the entire IT platform for Brics & Destimoney from scratch and he considers that as among his most important achievements. Thakar finds much personal satisfaction in trying to increase the financial literacy in masses so that quality of life improves for the society, a goal wherein he shares passion with his employer. “I believe, what we do at Destimoney is to take financial products to the masses and I believe IT plat-forms can play a huge role in this,” he says.

A CIO’s life may be hectic but Thakar still makes the time to participate in activities where his technical background comes of use. At Mumbai Police’s Cyberweek, he was involved in programs to spread awareness. Along his col-leagues, he worked to sensitise not only his company’s employees but also his neighbourhood about the importance of securing information assets. “I have conducted many quizzes in office and outside,” he says.

Thakar’s bagged the best employee award twice: in 2003 from Birla Sunlife Securities and in 2006 from Dawnay Day AV. But you won’t find him broad-casting that on his Linkedin profile. “My larger goal in life is to remain humble as I grow,” he says. When he talks to you with that beaming smile on his face, you know he means it. —By Aditya Kelekar



VIEWPOINT


rakers. Senior executives like to focus on altering tides.

In IT, we spend way too much time on both ends of the spectrum. We either spend all our time on myopic efforts that have little bearing on the overall mission at hand or too much time trying to change the way our entire business operates in order to fit some neat IT process. Neither works.

Instead, it seems to me that it would be better for all concerned if we occasionally re-evaluated our situ-ation and adjusted to current reali-ties. It sure would be better for your mental health, if nothing else.

The easiest way to evaluate your situation, regardless of what that sit-uation is, is to ask yourself “WHY?” Ask it over and over, like a two-year-old. Why are you doing what you are doing? Is what you are doing relevant to the overall mission? Is the overall mission reasonable and attainable? If, at any time, your answers are at odds with your intent, it’s time to stop. The key, of course, is honesty.

SUMMER is a good time to re-evaluate things. I’m spending a lot of time on the beach this summer. Waves crash-ing in all around you have a way of clearing the mind, I find.

Mother Nature is simply awesome. When you watch the relentless force of the ocean, it makes you realise that you are absolutely powerless to change things that big. All you can do is watch and try to survive. Makes me realise that what we are really meant to do is focus on the small things that we can affect — because aiming too high is a fool’s errand.

In our business, it’s the same thing: if we focus on issues too large to effect real change, we’re wasting time. If we focus too myopically with-out understanding how our actions fit (or don’t) into the bigger picture, we’re wasting time. If your job is to rake the beach, but you do it as the tide is coming in, you wasted time. If your job is to keep the tide from rising, you are really wasting time. IT administrators can be beach-

You can convince yourself that you simply must find a solution for inter-planetary replication, but you aren’t being honest. If you are, you’ll dis-cover that you are wasting time.

There are 1,000 problems to be solved in your data centre. Half of them don’t matter, but which half? Try to focus on ones that matter — that lead to a positive outcome. Stop keeping yourself away from the beach with the family because you can’t figure out lunar snapshotting. Ask yourself this: “What problem am I trying to solve? Why? If I don’t solve it, what is the real implication? If I do solve it, what are the real benefits?” If the answers are shaky, move on to another problem to be solved. There will always be another problem, as sure as there will always be another tide.

Work to live, my friends, don’t live to work. It’s easy to find yourself on the wrong side of that equation. Summer is a good time to re-evalu-ate. Surf’s up.

Summer Thoughts

Focus on small things to make a big difference

STEVE DUPLESSIE | [email protected]

ABOUT THE AUTHOR: Steve Duplessie

is the founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

ILLU

ST

RA

TIO

N B

Y S

UR

ES

H K

UM

AR

august issue

Documents