Embed Size (px)
Citation preview
1October 07 2013
editorialyashvendra singh | [email protected]
Open or Shut? The success (or failure)
of open source in any enterprise will depend
on the CIO
associated with it. It also focus-es on mitigating loss of IT value as a result of unmanaged open source solutions within the enterprise. Only time will tell if his initiative bears fruit or not.
In this issue’s cover story, we explore the current status and the future of open source in the Indian enterprises. We spoke to top CIOs, open source vendors and industry experts before coming out with the verdict. But whatever may be the future of open source, one thing is very clear. The success (or failure) of open source in any enterprise will depend on the CIO.
As always, we look forward to your feedback.
Open source has been around since a long time.
The editors at the first Oxford English Dictionary requested inputs from amateur readers — a classic example of open collaboration and innovation. Cornish engine, a type of steam engine that was developed in the 18th century in England for pumping water from a mine, was also a result of infor-mation sharing and innovative IP arrangements.
However, when the free soft-ware movement took shape in the 1980s, it all appeared like a dream. The dream, however,
can bear a negative or positive impact depending on the way open source is managed. An enterprise technology decision maker should, therefore, weigh both the advantages and disad-vantages associated with open source software before coming to a conclusion.
Traditionally, the biggest advantage of open source has been its low capex. The biggest downsides include audit com-pliance and lack of service support (as compared to pack-aged software).
I recently met a CIO who has approached open source in a different way. He has set up an ‘open source governance pro-gramme’ within his company. Sponsored by his office and endorsed by a team comprising key business unit heads and IT people, the programme’s man-date is to maximise and unlock the true value of open source solutions and at the same time endeavour to minimise risks
became a reality when iconic technology companies such as Mozilla Firefox browser, the Apache HTTP Server and the Linux operating system came into being.
Open source also draws it power from the concept of col-laboration. It allows people to analyse any product’s source code and gives them the free-dom to alter it and distribute it as they deem fit.
However, as with every tech-nology, there are positives and negatives with open source also. Areas of productivity, security, efficiency and functionality
editors pickOpen Source: Health Check Is open source dying? Is it in the pink of health? We present the current condition and future well-being of open source in Indian enterprises
22
2 October 07 2013
Cover Story 22 | Open Source: Health CheckIs open source dying? Is it in the pink of health? We present the current condition and future well-being of open source
COpyrIgHt, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive pvt Ltd. is prohibited. printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. printed at tara Art printers pvt ltd. A-46-47, Sector-5, NOIDA (U.p.) 201301
Please Recycle This Magazine And Remove Inserts Before Recycling
regulArS01 | Editorial10 | EntErprisE
roundup48 | viEwpoint
22
oCtober 2013
Cover Design by Manav Sachdev
Volume 02 | Issue 13
MA
KIN
G A
SU
CC
ES
SF
UL
CIO
TR
AN
SIT
ION
| CIA
WR
ES
TL
ES
WIT
H A
NA
LYT
ICS
CH
AL
LE
NG
ES
Volume 02
Issue 13
October 07 2013150
NEXT HORIZONS Seizing the
Opportunity Pg 32
BEST OF BREED
Creating Value Via IT Consumerisation Pg 17
VIEWPOINT
Fail Factors: Why Startups Die Pg 48
OPEN SOURCEHEALTH CHECKIS OPEN SOURCE DYING? IS IT IN THE PINK OF HEALTH? We present the current condition and future well-being of open source in Indian enterprisesPAGE 22
TR AC K TE C H N O LO GY B U I LD B U S I N E S S S HAP E S E LF
CIO
& L
EA
DE
R.C
OM
A 9.9 Media Publication
13
3October 07 2013
A QueStion of AnSwerS14 | the protect and Attack Strategy rahul Agarwal, Executive Director, Commercial Business, Lenovo India, talks about Lenovo’s India plans
14
www.cioandleader.com
advertisers’ index
Smartlink IFCDell 4, 5SAS Institute 8, 9Juniper 37Vodafone IBCLenovo BC
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
17 | BEst of BrEEd: creating Business value via it consum-erisation Done right, a top-down IT consum-erisation strategy can maximise business value for a firm
42 | tEch for gov-ErnancE: leaked data and creden-tials With the rise of web-based apps, the threat model has changed
32 | nExt hori-zons: seizing the opportunity Today’s external market condi-tions can help you create internal growth opportunities
Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Anuradha Das Mathur
EditorialExecutive Editor: Yashvendra SinghConsulting Editor: Atanu Kumar Das
Correspondent: Debashis SarkardEsign
Sr. Creative Director: Jayan K NarayananSr. Art Director: Anil VK
Associate Art Director: Anil TSr. Visualisers: Manav Sachdev, Shokeen Saifi & Sristi Maurya
Visualiser: NV BaijuSr. Designers: Shigil Narayanan, Haridas Balan
& Manoj Kumar VPDesigners: Charu Dwivedi, Peterson PJ
Pradeep G Nair, Dinesh Devgan & Vikas Sharma MARCOM
Designer: Rahul BabuSTUDIO
Chief Photographer: Subhojit PaulSr. Photographer: Jiten Gandhi
advisory PanElAnil Garg, CIO, Dabur
David Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank
Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo
Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL
Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on
Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank
Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay
nEXt100 advisory PanElManish Pal, Deputy Vice President, Information Security Group
(ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan
Berjes Eric Shroff, Senior Manager – IT, Tata ServicesSharat M Airani, Chief – IT (Systems & Security), Forbes Marshall
Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group
salEs & markEtingNational Manager – Events and Special Projects:
Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)
Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)
Brand & EvEntsBrand Manager: Jigyasa Kishore (+91 98107 70298)
Product Manager-CSO Forum: Astha Nagrath (+91 99020 93002)Manager: Sharath Kumar (+91 84529 49090)
Assistant Manager: Rajat Ahluwalia (+91 98998 90049)Assistant Brand Managers: Nupur Chauhan (+91 98713 12202)
Vinay Vashistha (+91 99102 34345)Assistant Manager – Corporate Initiatives (Events):
Deepika Sharma Associate – Corporate Initiatives (Events): Naveen Kumar
Production & logisticsSr. GM. Operations: Shivshankar M Hiremath
Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar
Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari
oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt
Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane,
Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd.A-46-47, Sector-5, NOIDA (U.P.) 201301
For any customer queries and assistance please contact [email protected]
Global technology provider achieves three-fold increase in data centre capacity
With volatility, economic uncertainty, fast evolving technologies and ever-changing customer needs eroding business and IT capabilities, the stakes have never been as high as it is today. Enterprise e�ciency, operational results and prompt client responsiveness are no longer good to have but a necessity in today’s cut-throat marketplace.
At UST Global, a next generation IT service and business process outsourcing provider to Global 1000 firms, client responsiveness was a critical business mandate. However, an ageing and overburdened IT infrastructure meant that its system could no longer keep pace with customer service demands. This posed a huge challenge as UST Global was unable to predict storage allocations, resulting in unnecessary purchases of extra capacity and subsequent administrative overheads.
UST Global accordingly turned to Dell to enable them to take advantage of the latest virtualization technologies in its journey to data centre transformation.
Virtualization: Future Proofing the Data CentreDell’s transformative solutions, powered by Intel® technology were critical in accelerating UST Global’s journey to the next-generation data centre.
Intelligent storage managementLeveraging the powerful combination of PowerEdge™ blade servers, Compellent™ storage arrays and VMware® vSphere™ 5 technology, Dell created a custom-built, virtualized data centre for UST Global. The extensive design and engineering of Dell’s virtualization solution enables UST Global to quickly deploy network and storage resources into production environments, thus ensuring prompt responses to client requests.
Assured business continuityDell Compellent’s in-built architect for continuous availability and a 60-minutes system recovery ensures business processes continue uninterrupted at UST Global. What more, Dell Copilot Support, the most proactive, comprehensive 24x7 support in the industry, drives optimal day-to-day operations at UST Global.
Today, UST Global’s future-proof, virtualized data centre has completely transformed its IT operations, resulting in significant benefits to the business. With a three-fold increase in server capacity, lower data centre footprint, and a dramatic reduction in resource provisioning time from six weeks to mere hours, UST Global is able to meet its customers’ requirements and drive business growth with ease. Last, but not least, UST Global has achieved ROI 50% faster than anticipated - an amazing feat, made possible by Dell.
To know more on how Dell Enterprise Solutions & Services, powered by Intel® technology, can help you overcome your business challenges, visit www.dell.co.in/domore
Data centre storage capacity and performance capabilities stretched
The ChallengeHuge administrative overheads for the IT team
Expenses
A future-proof, virtualized data centre to meet growing business demands
The Strategy
Results
Enhanced productivity & performance
ROI achieved 50% faster than planned
ROI Speed
Improved client responsiveness
Important Dell Details: DELL’s TERMS AND CONDITIONS: All sales subject to Dell’s terms and conditions, see http://www.dell.co.in/tnc OR provided on request. MISTAKES: While all e�orts are made to check pricing and other errors, inadvertent errors do occur from time to time and Dell reserves the right to decline orders arising from such errors. MORE INFORMATION: Go to http://dell.co.in/details. TRADEMARKS: Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. | © 2013 Dell Inc. All rights reserved.
Global technology provider achieves three-fold increase in data centre capacity
With volatility, economic uncertainty, fast evolving technologies and ever-changing customer needs eroding business and IT capabilities, the stakes have never been as high as it is today. Enterprise e�ciency, operational results and prompt client responsiveness are no longer good to have but a necessity in today’s cut-throat marketplace.
At UST Global, a next generation IT service and business process outsourcing provider to Global 1000 firms, client responsiveness was a critical business mandate. However, an ageing and overburdened IT infrastructure meant that its system could no longer keep pace with customer service demands. This posed a huge challenge as UST Global was unable to predict storage allocations, resulting in unnecessary purchases of extra capacity and subsequent administrative overheads.
UST Global accordingly turned to Dell to enable them to take advantage of the latest virtualization technologies in its journey to data centre transformation.
Virtualization: Future Proofing the Data CentreDell’s transformative solutions, powered by Intel® technology were critical in accelerating UST Global’s journey to the next-generation data centre.
Intelligent storage managementLeveraging the powerful combination of PowerEdge™ blade servers, Compellent™ storage arrays and VMware® vSphere™ 5 technology, Dell created a custom-built, virtualized data centre for UST Global. The extensive design and engineering of Dell’s virtualization solution enables UST Global to quickly deploy network and storage resources into production environments, thus ensuring prompt responses to client requests.
Assured business continuityDell Compellent’s in-built architect for continuous availability and a 60-minutes system recovery ensures business processes continue uninterrupted at UST Global. What more, Dell Copilot Support, the most proactive, comprehensive 24x7 support in the industry, drives optimal day-to-day operations at UST Global.
Today, UST Global’s future-proof, virtualized data centre has completely transformed its IT operations, resulting in significant benefits to the business. With a three-fold increase in server capacity, lower data centre footprint, and a dramatic reduction in resource provisioning time from six weeks to mere hours, UST Global is able to meet its customers’ requirements and drive business growth with ease. Last, but not least, UST Global has achieved ROI 50% faster than anticipated - an amazing feat, made possible by Dell.
To know more on how Dell Enterprise Solutions & Services, powered by Intel® technology, can help you overcome your business challenges, visit www.dell.co.in/domore
Data centre storage capacity and performance capabilities stretched
The ChallengeHuge administrative overheads for the IT team
Expenses
A future-proof, virtualized data centre to meet growing business demands
The Strategy
Results
Enhanced productivity & performance
ROI achieved 50% faster than planned
ROI Speed
Improved client responsiveness
Important Dell Details: DELL’s TERMS AND CONDITIONS: All sales subject to Dell’s terms and conditions, see http://www.dell.co.in/tnc OR provided on request. MISTAKES: While all e�orts are made to check pricing and other errors, inadvertent errors do occur from time to time and Dell reserves the right to decline orders arising from such errors. MORE INFORMATION: Go to http://dell.co.in/details. TRADEMARKS: Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. | © 2013 Dell Inc. All rights reserved.
6 October 07 2013
Core Banking InnovationESDS’ hosted core banking solution helps banks with low capex budgets
currEntchallEngE
reduce disaster recovery costs for banks
banking software hosted and man-aged by our highly skilled team of technology specialists.
In a bid to provide disaster recov-ery at a very low and affordable cost, ESDS has developed a solution named disaster recovery as a service (DRaS) that can save up to 90 per-cent of banks DR costs. In the event of a disaster, banks would be able to continue running their systems from a remote location, using ESDS' eNlight Cloud Services. Once the bank has re-established its physical location, we will send the mirror image of the bank's system to the reconstructed facility. Moving to the cloud will reduce disaster recovery time for your bank to a matter of hours from two to three days and banks would only pay for the service when disaster actually strikes.
According to a circular by RBI in 2011, banks are required to keep records (hard copy & soft copy) for 10 years of transactions in a man-ner that the retrieval of data is fast and easy. To overcome this problem, we have come up with a robust web based document management sys-tem that we offer as a service to the banks. Documents are converted into electronic format and stored on a central server which can then be accessed for reading or print-ing from any location via secured access. This saves lot of time and money that is spent in maintenance of records. While 100,000 pages require 10 physical cabinets for fil-ing, in electronic format they can be saved on couple of DVD’s. We believe that banks should focus on managing their business rather than papers. ESDS has also built state of the art data centers for banks on BooT model and are being managed and maintained by our technical staff. Besides, we are also providing ATM/card switch solutions.
we a ESDS have innovated core banking to be provided on SaaS model. This model will benefit small and medium sized banks that are not able to afford the Capex associated with setting up their own data center or purchas-ing the software outright. Our hosted core banking solution provides banks, credit societies and microfinance institutions access, via the internet, to core
I BelIevethe author has more than seven years of experience in the IT industry and is responsible for managing the IT department of ESDS
by NitiN Jadhav, CTO, ESDS Software Solutions
LETTERS
WRITE TO US: CIO&Leader values your feedback. We want to know what you think about the magazine and how
to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
Send your comments, compliments, complaints or questions about the magazine to [email protected]
what should a ciso outsource?
Business is increasingly adopting new technologies without considering the security implications. To read the full story go to: http://www.cioandleader.com/cioleaders/features/15071/ciso-outsource
CIO&LEADER. COM Mohit Puri, Country Manager, India and SAARC, Watchguard, feels social media is exposing enterprises to new threatshttp://www.cioandleader.com/cioleaders/opin-ions/9807/social-media-changing-security-landscape
OpiniOn
altaf halde, Md (south asia), kaspersky labs, india
Altaf Halde, MD (South Asia), Kaspersky, India, talks about information security
ARE CTOS MORE InTERESTED In SATISfyIng THE CfO & BOARD RATHER THAn THE COnSUMER?
If CTO is aligned to the CFO and the Board in that order. The CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the consumer? If he is not, then he may be in hot water sooner or later.arun gupta, CIO, Cipla
CIO&Leader LinkedIn groupJoin over 900 CIOs on the CIO&Leader LinkedIn
group for latest news and hot enterprise technology
discussions. Share your thoughts, participate in
discussions and win prizes for the most valuable
contribution. You can join The CIO&Leader group at:
www.linkedin.com/
groups?mostPopular=&gid=2580450
Some of the hot discussions on the group are:Virtual CTO/CIO
A long term IT partner for your business growth
This is a model that SMBs are slowly waking up to.
While their IT head can chip away with his day-to-day
activities, an external help (a part time CIO) can give their
IT a proper direction and can review performance to
ensure the company's objectives are met.
—Balasubramanian S R Business & IT Consultant
7October 07 2013
MEMBERSHIP BENEFITSAnnual membership to Inc. India Leaders Forum will entitle you to the following benefits
PEER NETWORKSProvides an opportunity for chief executive officers and owner managers to engage with a ‘like-minded’ peer group.
LEADERSHIP SUMMITSAnnual meeting to set the agenda for the community’s strategic and most current issues. The Forum’s summits bring together a focused audience and authoritative speakers, in a highly interactive format
BRIEFING SESSIONSA series of quarterly meetings throughout the year. Constructive debate, diverse opinions and in-depth discussions provide a premier networking and instructive forum
COMPLIMENTARY ADVERTISEMENTAccess to the 9.9 Media bouquet of magazines for complimentary advertising (Includes: Inc. India, CTO, CIO&Leader, CFO, IT Next, EDU & I2)
RESEARCH AND ADVISORYAccess to our in-house research reports on issues of relevance to high-growth companies.
Membership to Inc. India Leaders’ Forum is corporate but limited to Entrepreneurs, Directors and Chief Executive Officers
TO KNOW MORE ABOUT THE MEMBERSHIP PROGRAMMEPlease contact Rajat Gupta at [email protected] or call at 0120-4010 914
Inc. India invites all CEOs and
founder managers to an exclusive membership
programme which fosters knowledge
sharing in the community and
strengthens your efforts to build and take
your enterprise to the next
level of growth and business
excellence
CEOs JUST JOINED COCOBERRY | OZONE OVERSEAS | DTDC | DHANUKA AGRITECH | HOLOSTIK | PRECISION INFOMATIC SHRI LAKSHMI COTSYN | O3 CAPITAL | EMI TRANSMISSION | GRAVITA INDIA | AND MANY MORE...
“An ideal platform for business leaders to share leadership strategies and help business flourish”ISHAAN SURIDIRECTOR, INTERARCH BUILDING PRODUCTS
10 October 07 2013
feature InsIde
Big Data Investments to Rise in 2013:
Gartner Pg 12
Growth of public cloud services market in India in 2013
IBM Unveils SmartCloud Business Solution It will allow executives to quickly move their business processes into the cloudIBM has introduced a new cloud and mobile-
enabled social business software and service capabili-ties dubbed as IBM SmartCloud. The new offering from IBM will allow line of business executives to quickly move their business processes into the cloud to drive better decision making and increase productivity. With this solution, line of business lead-ers in sales can update a customer presentation on their iPad in real-time, incorporating feedback from a meeting that just ended. The executive can then synch the newest version into the cloud to ensure the entire team has access to the latest document. At the
same time, customer service leaders can launch audio and video based desktop and mobile conferences to review the latest training materials with their global team in order to improve service to customers. IBM SmartCloud Connections includes new fea-tures, such as mobile file synch and share. Now any employee can access the cloud and share important documents in the way that works best for them, whether online or offline, on their smartphone or tab-let, desktop application or browser. IBM SmartCloud Connections includes new community features such as social bridging.
38%data BrIefIng
EntErprIsEround-up
ill
us
tr
at
ion
by
an
il t
E n t E r p r i s E r o u n d - u p
11October 07 2013
Almost 50 percent of device screen time is spent on entertainment, such as playing games, reading books, watching live tV or listening to music/radio, according to a recent end-user survey by gartner
QuIck Byte on entertaInment
Firms Fear Privacy Activities Are Insufficient they consider privacy aspects in an ad hoc fashionThe perceIved level of maturity attached to organisations' privacy activities has
decreased since 2011, as many organisations deem their existing privacy activi-ties to be inadequate, according to a survey by Gartner. The survey found that 43 percent of organisations have a comprehensive privacy management programme in place, while seven percent admitted to “doing the bare minimum” regarding privacy laws.
“More than a third of organisations still 'consider privacy aspects in an ad hoc fashion' and it is surprising that so many companies are saying that they are not conducting privacy impact assessments before major projects. Sixty-two per cent do not scan websites and applications, or conduct an organisation-wide privacy audit every year. organisations must put these activities on their to-do list for 2014,” said Carsten Casper, research vice president at Gartner.
These results are based on 221 respondent organisations surveyed in April and May 2013 in the US, Canada, the UK and Germany that are responsible for privacy, IT risk management, information security, business continuity or regulatory com-pliance activities.
Zuckerberg feels that when he started Facebook, he could build it because he had access to the Internet and a few basic tools that gave him what he needed to build this for the world.
— Mark Zuckerberg
Founder, Facebook
—Gartner
“And if we can get to a point where everyone around the world has access to those same tools, then everyone is going to be able to benefit from the innovation and ideas and hard work of billions of people around the world.”
They SAId IT
MArk Zuckerberg
ill
us
tr
at
ion
by
sh
igil
na
ra
ya
na
nil
lu
st
ra
tio
n b
y s
hig
il n
ar
ay
an
an
E n t E r p r i s E r o u n d - u p
12 October 07 2013
Big Data Investments to Rise in 2013: Gartner 64 percent of organisations will invest in big data technologies in 2013BIg daTa investments in 2013 continue to
rise, with 64 percent of organisations invest-ing or planning to invest in big data tech-nology compared with 58 percent in 2012, according to a survey by Gartner. However, less than eight per cent of survey respon-dents have actually deployed.
“The hype around big data continues to drive increased investment and attention, but there is real substance behind the hype,”
said Lisa Kart, research director at Gartner. “Our survey underlines the fact that organ-isations across industries and geographies see ‘opportunity’ and real business value rather than the ‘smoke and mirrors’ with which hypes usually come.”
The Gartner survey of 720 Gartner Research Circle members worldwide, which was conducted in June 2013, was designed to examine organisations’ technology invest-
gartner has reduced its forecast of expenditure on public cloud services in India by two percent for 2013 to $434 million from the earlier estimate
ment plans around big data, stages of big data adoption, business problems solved, data, technology and challenges.
The survey found that of the 64 percent of organisations investing or planning to invest in big data technology in 2013, 30 percent have already invested in big data technology, 19 percent plan to invest within the next year, and an additional 15 percent plan to invest within two years.
Industries leading big data investments in 2013 are media and communications, banking, and services. Thirty-nine percent of media and communications organisa-tions said that they have already invested in big data, followed by 34 percent of banking organisations and 32 percent of services fir Planned investments during the next two years are highest for transportation (50 percent), healthcare (41 percent) and insur-ance (40 percent). However, every vertical industry again shows big data investment and planned investment.
From a regional point of view, North America continues to lead investments with 38 percent of organisations surveyed say-ing that they have invested in technology specifically designed to address the big data challenge. Asia/Pacific organisations were notably ambitious with 45 percent indicat-ing that they plan to invest during the next two years. Consistent with Gartner experi-ence, EMEA and Latin America tend to lag in technology adoption, for which big data is no different. Regardless of geography, investment typically has different stages that organisations go through. It starts with knowledge gathering, followed by strategy setting. The investment is small, and mostly consists of time. Then it is typically fol-lowed by an experiment or proof of concept. Still, the investment is small and tentative. Then, after completing a successful pilot, the first deployments take place. Here the investment curve rises. Over time, business operations start to rely on the deployments, and the investments move from implement-ing systems to managing them.
“For big data, 2013 is the year of experi-mentation and early deployment,” said Frank Buytendijk, research vice president at Gartner. “Adoption is still at the early stages with less than eight per cent of all respon-dents indicating their organisation has deployed big data solutions.”
gloBal tracker
so
ur
ce
by
ph
ot
os
.co
m
so
ur
ce
by
ph
ot
os
.co
m
E n t E r p r i s E r o u n d - u p
13October 07 2013
SAP to unveil Student Start-ups It is aimed to foster a culture of innovation
sEcurIty
sas has announced the
launch of a new software
suite which will help modernise
public security organisations
worldwide, in managing both big
data and big budget deficits.
the new platform combines
sas analytics and sas secu-
rity intelligence with memex’s
secure search and intelligence-
management technologies. the
new offerings are the culmina-
tion of sas’ 2010 acquisition
of memex, a worldwide leader
in intelligence management.
part of a broader suite of secu-
rity intelligence solutions that
address fraud, financial crimes
and cybersecurity, the new sas
portfolio covers four critical areas
of public security: law enforce-
ment, national security, fusion
centres and border control.
sas for law enforcement:
helps law enforcement combat
crime and terrorism more effec-
tively, and enhance customer
service, improve officer safety
and ensure compliance while
reducing cost.
sas for intelligence manage-
ment: makes it easier for agen-
cies to direct, track and audit
information as it moves through-
out the system.
sas for Fusion centers:
consolidates information from
diverse sources and formats,
creating a single, consistent view
of intelligence to prevent terrorist
and criminal activity.
sap has announced that it will
host the second edition of its youth
focused event – sap techniversity
at Ktpo in Whitefield, bangalore on
28 september 2013. the day-long
event will see 5624 students from
348 colleges across india learn
about the latest trends in technol-
ogy and unwind though a variety of
cultural performances.
Oracle has announced launched 10 new cloud services in its Oracle Cloud portfolio as it sees organisations of all sizes eager to move more of their information systems to the cloud. The new services expand Oracle’s comprehensive portfolio of Application, Social, Platform and Infrastructure Services and are all available on a subscription basis. “To realise the true benefits that cloud computing offers, organisations need access to flexible, reli-able and secure cloud services that are designed to
Oracle brings 10 Services To Oracle cloud the new services expand oracle’s portfolio
fact tIcker
additionally, sap will unveil the
student start-ups on sap hana
program, aimed to foster a culture
of innovation among engineering
students. through the program,
sap educates students on sap
hana and supporting technolo-
gies, and mentors them through the
prototype and development phase
of their projects. this is in addition to
sap university alliances (ua) which
has already educated over 147,000
students from over 90 schools in
india on sap hana.
“it is important for organisations
today to play an active role in
developing more readily employable
talent. through the engagements
that sap undertakes, students from
across Karnataka are exposed to
and educated on the latest trends
and technologies that shape the
it industry in our state,” said m n
Vidyashankar, principal secretary
commerce and industries Depart-
ment, government of Karnataka.
meet their specific business needs,” said Thomas Kurian, executive vice president of product devel-opment, Oracle. 10 new Oracle Cloud services include: Compute Cloud: Enables customers to leverage elastic compute capabilities to run any workload in the cloud.
Object Storage Cloud: Provides users with a highly-available, redundant, and secure object store for persisting large amounts of data.
Database Cloud: Provides full control of a dedi-cated database instance and supports any Oracle database application
Java Cloud: Provides Oracle WebLogic Server clusters for deployment of Java applications and gives full administrative control over the service with automated backup, recovery, patching and high availability capabilities.
BI Cloud: Enables users to analyse data with visual, interactive dashboards for the Web and mobile devices.
Documents Cloud: Provides a flexible, self-ser-vice file sharing and collaboration solution with mobile and desktop sync.
Mobile Cloud: Simplifies enterprise mobile con-nectivity, enabling enterprises to build any app, for any device connected to any data source.
Database Backup Cloud: Enables businesses to backup Oracle databases to the Oracle cloud. Billing and Revenue Management Cloud: Enables enterprises with robust and highly scalable sub-scription billing to capture recurring revenues from new services.
Cloud Marketplace: Provides a global market-place where partners can publish applications and customers can browse through and discover new solutions to address their business needs.
so
ur
ce
by
ph
ot
os
.co
m
Growth Mantra: Building a new channel ecosystem for the tablets/smartphones
rahul aGarwal | lenovo
The Protect and attack Strategy
In conversation with Yashvendra Singh, Rahul Agarwal, Executive Director, Commercial Business Segment, Lenovo India, talks about Lenovo's plans for the Indian market
What is your strategy to pro-tect PC market share, at the
same time increasing the market share in notebooks, smart phones and tablets segment?We follow a strategy called ‘Protect and Attack’ which refers to protect-ing our strengths where we enjoy strong lead (PCs) and attacking areas of greatest potential (PC+ devices like Tablets, Smartphones, Convertibles, etc.). Lenovo clearly exhibits strong business momentum and proves that Protect and Attack is the right strategy.
Although the global PC market continued to decline, Lenovo still delivered strong results. In FYQ1 2013, Lenovo’s witnessed a record share of 16.7 percent (as per IDC),
making it the clear #1 PC company in the world for the first time. This was a very important milestone for Lenovo, and besides sustaining lead-ership in the PC category, the com-pany consciously focused on leverag-ing new opportunities, by expanding into PC+ category which consists of smartphones, tablets and smart TVs. IDC’s 4Q12 Worldwide Smart Con-nected Device Tracker recognized Lenovo as the world’s third largest maker of “smart connected devices,” trailing only Samsung and Apple. This will be our main area of invest-ment this year. We have a wide array of innovative products, which we will bring to India as per the needs and demands of the market.
However, our investment in the PC market won’t lessen as we believe that there are sufficient opportunities for profitable growth owing to the low PC penetration in the country (nine-10 percent). The PC will always remain at the heart of the products, it will just evolve into different form factors such as the hybrid, convert-ibles etc. Our innovation is clearly reflected in events like, the CES 2013, where we won more than 50 awards across various categories. With our brand repute, strong enter-prise market share, category defin-ing innovative products, and a clear roadmap to lead the PC+ category, we are aiming to be one of the leaders in the PC+ Era.
15October 07 2013
r a h u l a g a r w a l | a Q u e s t i o n o f a n s w e r s
In this era of BYOD, how you are planning to attract enter-
prise customers? Do you have any specific features/ application for business users?The future of products for the enterprise PC market is likely to be impacted greatly by mobility. There will be an increased interest in technologies like cloud comput-ing, enterprise grade tablets and other mobility based devices, as and when more organisations realise the potential of technology as a business enabler. These technologies not only drive process innovation, and reduce operational costs, but also help the organizations to focus on their core skills and increase productivity
For CIOs and CTOs, safeguard-ing data assets of the enterprise while supporting BYOD, will always remain a real challenge. Hence we see greater implementation of enter-prise grade mobile computing devic-es, as they provide added security features to end users while giving the same level of user experience.
We have a dedicated line of prod-ucts to meet the needs of varied enterprise customers. We introduced ThinkPad Twist, especially for the SMB customers, ThinkPad Helix with advanced mobility features, which has a detachable screen that can be used as a tablet, ThinkPad X1 Carbon — a premium business seg-ment ultrabook, ThinkCentre TINY, which is the world’s smallest desktop PC, aimed at saving commercial real estate, and our recent launch, Think-Pad tablet 2, which is a Windows based tablet with enterprise grade security features
How is your partnership with EMC flourishing? How is it
helping you to boost business into networking equipment space?As an outcome of this partnership, we have started selling Iomega prod-ucts globally, and these products are completely retailed through our channel partners. We are pushing the Iomega brand in India in a big
high end offerings which has been well received in the market
There are high end tablets target-ing corporate users. Few of our mar-quee products in this category are the ThinkPad tablet and the ThinkPad tablet 2. These tablets offer a com-fortable screen size which is very convenient for viewing documents on the go. The enterprise tablets also offer a higher grade of security as compared to the consumer tablets. The ThinkPad tablet 2 also comes with a stylus and a port to attach an external keyboard which makes working and editing an easier task. As of now, we don’t have plans to introduce smartphones for the enter-prise space
We are building a new channel eco-system for the tablets/smartphones. The process takes time, but we are confident of setting up an effective system which will help us maximise our reach. We will leverage our cur-rent partners wherever possible.
way and have tied up with new part-ners to sell these products.
Simultaneously, our legacy part-ners will get a novel product to sell which is going to be an extension of their footprint. This will help us gain new customers from newer market segments.
Smart phones/tablets these days offer similar features.
Keeping that is mind what is your strategy to gain market share, especially among the enterprise/business users?Innovation is what sets us apart and we will leverage it to build and grow our existing product portfolio. We have a wide range of products targeting different segments. For the Government and education deals, we have a variety of Android tablets. Similarly, for smartphones, we have a wide range of products covering all the price segments and markets. The recently launched K900 is one of our
“The future of products for the enterprise PC market is likely to be impacted greatly by mobility”
For CIOs
and CTOs,
safeguarding
data assets of
the enterprise
while supporting
BYOD, will
always remain a
real challenge
we have a
dedicated line of
products to meet
the needs of
varied enterprise
customers
we are pushing
the Iomega brand
in India in a big
way and have
tied up with new
partners
thIngS I BeLIeve In
16 October 07 2013
a Q u e s t i o n o f a n s w e r s | r a h u l a g a r w a l
Best ofBreed
Making a Successful CIO Transition Pg 20
FeaTureS InSIde
Creating Business Value Through IT Consumerisationdone right, a top-down IT consumerisation strategy can maximise business value for a firm By Jack Cooper, Evangelos Katsamakas and Aditya Saharia
IT consumerisation refers to the increasingly transformational impact of consumer IT on enterprise IT. Smartphones and tablets, mobile apps and app stores, cloud services such as e-mail, storage and collaboration tools, and social networks and related social technologies are some prominent examples of the consumer IT that is transforming enterprise IT. In many organisations today, IT consumerisation is occurring as an unmanaged afterthought
driven by employees and enabled by functionally powerful, accessible, and pervasive technol-
17October 07 2013
Ill
us
tr
at
Ion
BY
Ph
ot
os
.co
m
ogy that frees employees to work anytime, anywhere. It is an emergent and haphazard bottom-up process, with more and more employees bringing their own devices, apps and cloud services into the workplace.
Attempting to block the growth of IT consumerisation or deciding to ignore it are both fatal strategies. They could expose an organisation to security risks, and reduce the competitive position of the organisation due to its failure to exploit emerging digital innovations that can increase revenues, profits and productivity.
What organisations need is an IT con-sumerisation strategy that maximises busi-ness value. A top-down strategy needs to be developed whereby IT consumerisation is exploited and management gains control of the use of IT consumerisation devices, apps and services in the workplace. Management needs to provide leadership in defining business goals and process changes and to set rules about how devices, apps and ser-vices are selected, validated, introduced and managed. At the same time, organisations need to realize that a comprehensive IT consumerisation strategy goes beyond being your own device (BYOD) management. Based on our discussions at the Fordham CIO Roundtable meetings, we’ve found these six factors to be important in the suc-cessful management of IT consumerisation.
Focus on innovation to create business value. IT consumerisation is changing the way we think about the role of IT in defin-ing and supporting business strategy. Like other disruptive technologies of the past, we
need to make sure that business processes are revised (and even reengineered) to cre-ate additional business value. Organisations need to establish an environment where innovation in the devices and apps are continually evaluated and tested, and when appropriate, employees are given guidelines for their use in work-related activities with-out compromising corporate security and privacy standards. For example, Vanguard continues to drive IT consumerisation with its Enterprise 2.0 (E2.0) agenda. Through its E2.0 pillars of mobility, enriching com-munication, and collaboration, Vanguard continues to mature the ability to allow “the crew” (as Vanguard employees are called internally) to securely access corporate systems remotely, or on campus, using an assortment of handheld technologies, while maintaining strict controls that are mandated by several regulatory agencies in the financial services industry. Vanguard has business and IT-partnered teams that focus on evaluating market trends and developing solutions in mobile applications, collaboration, cloud computing, virtualisa-tion, unified communications and agile development, all in the spirit of producing greater business value and increased speed to market. Additionally, an organisation may undertake its own app development effort, either internally or by investing in early-stage IT ventures. For example, for the past several years PepsiCo has invested 10 per-cent, on average, of the digital-media budget of its US beverage brands in startups. Pepsi-Co management believes that working with
and investing in early-stage companies is a mutually beneficial arrangement; PepsiCo provides mentoring and financial resources and, in return, gets early access to these startups’ new products and ideas.
Leverage the apps ecosystem and re-eval-uate traditional enterprise IT vendors. The very same technologies that drive IT con-sumerisation have opened the floodgates for the development of innovative apps by digital startups that grow on a variable costs basis and require much lower capital than in the past. A digital startups ecosystem is now in place, in which small, agile teams of motivated and skilled individuals can create new apps, outperforming larger soft-ware producers that operate with extensive bureaucratic controls. This app develop-ment trend suggests that vendors that domi-nated the enterprise IT landscape in the past might be less relevant in the future.
Redefine IT management priorities. When Bristol-Myers Squibb decided to adopt a single instance of SAP globally in early 2000, like many large IT projects, there was significant organisation inertia. (Disclosure: One of the authors, Jack Coo-per, was the global CIO of Bristol-Myers Squibb and a member of the executive team overseeing the implementation at the time.) In many cases, Bristol-Myers Squibb man-agers strongly resisted any changes in the structure as well as in business processes. One of the factors leading to the success of the SAP implementation, which produced more than $3 billion in productivity gains, was that the change was lead from the top down. The project was mandated by the Bristol-Myers Squibb executive team and all throughout the project, senior executives from different areas of the company empha-sized the importance of seeing the project to a successful completion.
In the past, almost all large implementa-tions of systems that would have a major effect on work required a careful and struc-tured change management process that had to be coordinated across many different organisational units. In these projects, the IT department played a key role in change management and setting standards. In cases when the adoption of new technology conflicted with corporate standards, the IT department had to take a firm stand and say no to ad-hoc adoptions.
In cases when the adoption of new technology conflicted with corporate standards, the IT department has to take a firm stand and say no to ad-hoc adoptions
18 October 07 2013
B e s t o f B r e e d | m a n a g e m e n t
IT consumerisation has changed this equation. We no longer have an environ-ment where every piece of technology is purchased and deployed by the IT depart-ment. In this new environment, IT man-agement must be an enabler, not a blocker. It has to allow managers of individual departments to set adoption priorities and to leverage end user knowledge and produc-tivity. As access devices move away from the purview of the IT department, there will be a natural shrinkage of corporate IT budgets and, perhaps, a corresponding decline in internal political power. IT managers must learn to deal with this new reality. Adoption of new and innovative IT consumerisation apps will still require funds from corporate budgets, and some of the app funding may mean reduced funding for legacy systems maintenance and support of in-house IT infrastructure and systems development.
Manage the new security risks. Using IT consumerisation apps in an organisation increases security risks since traditional IT security perimeter defenses cannot protect data when BYOD exists in the workplace. Using a data-centric approach and encryp-tion technology can mitigate the risk of data breaches. Other steps that can reduce secu-rity risks include the validation and testing of BYOD apps for possible security risks; a formal company-wide decommissioning procedure for smart devices when their use is discontinued; and training programmes for smartphone users on data security and awareness of privacy issues. As a part of an IT consumerisation strategy, a company-wide procedure that can quickly and easily evaluate the security risk, business value and life-cycle costs of IT consumerisation apps needs to be established. To be effective, the management and control of this proce-dure needs to be established at a high level in an organisation.
Codify a global IT consumerisation policy. Guiding principles for an IT consumerisa-tion policy should include that “ownership” of the device does not matter. Regardless of the location where the work is being conducted, and the devices used to perform such work, all employees must conduct themselves in a manner consistent with all company policies and practices. When a conflict exists between company-mandated policies and any local and national laws, a
company’s definition of "appropriate use" may be more limiting than the legal defini-tion. Also, a company may at any time or place compel an employee to examine the device (and in case of a company-owned device, surrender the device) to determine the appropriateness of the data stored on the device and to determine the usage in work-related activities.
Determine and control BYOD costs and reimbursement. Costs for apps and the usage of smart devices vary from location to location. In many cases, employees may be willing to buy their own devices and pay the monthly costs with little, if any, reimburse-ment. But, in general, we expect employees and organisations to develop a more holistic approach toward sharing the cost associated with use of privately owned devices to run work-related applications. In such cases, the company also has to develop policies about add-on services that it is not responsible to pay for. According to estimates by Forrester Research, by 2016, 350 million workers will use smartphones—and 200 million of them will take their own devices to the workplace. Even at a minimum monthly rate of $30 per month for data access, employees will be incurring a cost of $72 billion a year, not including the cost of purchasing the device. In many cases, these employees would expect their employer to help them defray the cost of acquiring and using the device. There are two basic approaches an organisa-tion can adopt in establishing a reimburse-ment programme: No reimbursement irrespective of the amount the device is used to perform company-related work, or split the costs with an employee or a contrac-tor using a BYOD in performing company work. The split could be determined by how
much an employee uses BYOD in perform-ing company work. Each of these programs has their respective pluses and minuses. In developing a strategy for managing BYOD costs and reimbursement, an organization must bear in mind that the use of BYOD for company work has the potential to expand sharply for an extended period, which may lead to increasing reimbursement costs for the organisation.
BYOD: An Opportunity to Create Busi-ness Value. While managing IT consum-erisation is a challenging task, and one that involves great changes in the workplace, it also provides a strategic opportunity to create business value. In this article, we outlined six critical success factors in developing an IT consumerisation strat-egy. Companies need to implement a data-centric approach to mobile security to mitigate security pitfalls and concerns. They also need to set guidelines for controlling costs, and establish a policy for the equi-table reimbursement of costs incurred by employees. Most importantly, companies need to rethink IT management priorities and establish an environment where inno-vative applications can be quickly and easily evaluated and implemented to maximise business value.
— Jack Cooper is the founder & CEO of JM Cooper Associates and previously a CIO at Bristol-Myers Squibb. Evangelos Katsamakas is an associate professor and area chair of information systems at the Fordham Schools of Business. Aditya Saharia is an associate pro-fessor of information systems at the Fordham Schools of Business.— The opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
Companies need to rethink IT management priorities and establish an environment where innovative applications can be quickly and easily evaluated
19October 07 2013
m a n a g e m e n t | B e s t o f B r e e d
Making a Successful CIO TransitionMark Katz discusses the myriad challenges and opportunities he faced as he changed industries and jobs to become the new CIO of aSCaP By Pat O’Connell
members about what and how they were providing solutions,” says Katz. “IT was acting in some capacities as an order taker for a great number of break/fix projects. There was little transparency across the entire project portfolio. Most salient, however, was that larger
projects were using a traditional waterfall approach methodology. Probably of more concern, though, was that all requested changes were granted for each business request, with less of an eye toward the overall impact to the portfolio, the business and the technology
switching industries for a CIO creates both challenges and oppor-tunities to make a quick impact. Mark Katz, CIO
of the American Society of Com-posers, Authors and Publishers (ASCAP), talks about what it takes to make a transition.
Katz’s career began in finan-cial services and steadily pro-gressed in a number of firms before he become the CIO of a major reinsurer. When moving to ASCAP this time last year, Katz’s goal was to turn IT into a leaner, more agile organisa-tion. With the full support of the executive management team, he undertook some significant challenges to turn around the IT department.
“When I arrived, the teams were in silos, with some operat-ing independently, dedicated to certain users, and not effectively communicating to other team
Open space meetings represent a repeatable technique for getting a rapid and lasting agile adoption
20 October 07 2013
B e s t o f B r e e d | m a n a g e m e n t
so
ur
ce
BY
Ph
ot
os
.co
m
department. In addition, there were some ‘stealth’ projects that had no real business case in a lot of instances.” Katz worked with ASCAP COO Al Wallace, his senior IT team and business line lead-ers to bring about transparent and meaningful governance. Initially, Katz invested a great deal of time with the business users to under-stand their needs and priorities, and a lot of time with his staff, including one-on-one meetings with every IT member, as he worked on changing the culture in IT as part of a planned re-organization of the department. Katz next addressed IT methodologies. “I’m a big fan of the agile methodology and self-organised teams,” he says. After spending some time first understanding ASCAP’s culture, Katz wanted to ensure that agile was properly introduced to the firm. “Indeed, agile represents much more than a methodology change,” he says. “It is about alignment, transparency and commit-ment in partnership with the business: adoption through real ‘opt-ing in.’ With this new approach, IT now has a more informed seat at the table with the business, and we’ve been able to get key busi-ness people to fully participate in agile scrums. However, to really ensure that agile was adopted at ASCAP, open space meetings were held where business users and technology staff participated. Atten-dance was excellent.” Open space meetings represent a repeatable technique for getting a rapid and lasting agile adoption. It’s based on the hypothesis that human engagement is what actually powers genuine and lasting agile adoptions. “In terms of the mechanics of agile, we start by writing the epic story for each product team, then breaking the story down into sprints, all prioritized by the business, working through the product owners,” says Katz. “Then we have the daily 15-minute scrum with a view to releasing useable software every two to three weeks. Our approach is “yes, we can,” not “no, we can’t.” Change is always welcomed, even late in a sprint. The busi-ness users decide the priorities, and the scrums are very candid and very honest. This has led to velocity, but, more importantly, to vastly improved communication with the business lines.”
Another key initiative for Katz was governance, and he developed a project management office (PMO) for the major systems projects. “The PMO is creating integrated process workflows across the com-pany. Its charter is to provide increased transparency that further builds upon business trust. ASCAP leverages a federated gover-nance model with full business and IT participation. Large projects over a certain threshold are approved on an up or down vote via the executive committee. All other projects are assessed for synergies and duplication and then prioritized with the business.” Katz col-laborated with the Wallace, the COO, to ensure a full business case was presented for the significant projects.
ASCAP was in the middle on a major infrastructure project when Katz joined the organisation. The large-scale project required spend-ing a great amount of time with hardware vendors. “As a new CIO, I initially had to spend a lot of time with my managers to understand the applications and the infrastructure. They were extremely knowl-edgeable and critical to my success. The vendors did not provide any off-the-shelf packages, so everything is custom-built for every per-formance-rights organisation in business, of which ASCAP is the largest in the world.” Not unique to the music industry, many ven-dors tried to sell one-stop shopping solutions to Katz without fully understanding ASCAP’s needs. “Vendors wasted a lot of my time,”
Katz says. “I now rely on industry sources, like Gartner, and trusted colleagues in the IT industry. Also, in moving to a new industry, it is critically important to avail one’s self of industry conferences as well.” In terms of managing his time in a new company, Katz concentrated on controlling the number of meetings he attended, as well as effectively managing each meeting. “Too many meetings were break/fix discussions that turned into open-ended design and ‘solutions on the spot’ meetings,” says Katz. “I empower managers to work with their teams on issues like this, and I focus my IT meet-ings as decision-making meetings. You have to pay attention to the meeting agenda, and focus on what you want out of the meeting.” Katz found that these steps have led to having more time to meet with business users and his direct reports. “I have a weekly one-on-one meeting with my directs, as well as a weekly management team meeting. In addition, I have quarterly town hall meetings, with speakers from the business, as well as for providing updates on the IT vision for the company.” In meeting with the business, clear and constant communication is key, Katz notes. “Explaining the justifications and benefits of moving the data center was a major priority. You have to spend time on the strategic level, not down in the weeds. You have to understand their thinking processes and what their issues are. Speaking the same language as the business is important. Explaining infrastructure improvements without provid-ing examples of productivity and dollar savings is meaningless.”
Lastly, Katz suggests that “you have to take time to understand the people and the culture, before making change. Getting buy-in, and alignment, and learning when and how to say no. And get-ting the right people in the right roles.” Katz notes that as a fairly accomplished keyboard player himself, he has a great deal of pas-sion to ensure that the 470,000 songwriter and composer members of ASCAP are treated with the utmost care and respect, and that ASCAP’s technology platform enables it to remain the leading performance-rights organisation in the world. — Pat O'Connell is the founder and president of The Conall Group, a consulting and research firm, and an adjunct professor at Columbia Uni-versity in its Executive Masters of Science In Technology Management Programme. —The opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
Explaining infrastructure improvements without providing examples of productivity and dollar savings is meaningless
21October 07 2013
m a n a g e m e n t | B e s t o f B r e e d
The open source market is growing in
India on the back of the ongoing economic
downturn. The challenge for the open
source community, however, is to make
inroads into the enterprise segment
Open SOurce
HealtHcHeck
By Atanu Kumar Das
Design by Anil VK | Illustration by Manav Sachdev
O p e n S O u r c e | c O V e r S T O r Y
23October 07 2013
He Open SOurce market has always shown a lot of promise. Even today, according to open source vendors, the market is definitely growing both in the SMB as well as the enterprise segments. But users have a different perspective. They feel that open source still has a long way to go before it makes a strong presence felt in in larger enterprises. The prime reason being that large organisations still trust proprietary software when it comes to running mission critical appli-cations. The fear of reliable service support attached to open source makes them think twice before deploying it in their IT environment. As Vijay Sethi, VP and CIO, Hero Motocorp, says, “The market for open source is growing and one of the best things that happened for the open source market is that the support has increased on the ser-vices' front. But still a lot needs to be done."
Sethi also feels that top organisations are still running their mis-sion critical applications on proprietary software primarily because of his very issue.
“I do not see many organisations using open source in mission critical applications and this can only change if the support system of the open source fraternity improves. We have all mission criti-cal applications running on proprietary software. Sethi also has his doubts when it comes to costs. Traditionally, open source has been associated with cost savings, This has been its biggest USP. Debating this, he avers, "I have heard people saying that there are cost advantages when one uses open source. Any project implemena-tion has four components -- acquiring software, buying hardware, paying for consultancy, and finally getting support. In open source, one may not pay for software licenses, but has to invest a lot in service support. So, I have my doubts how much an organisation can ulti-mately save by using open source.” All these challenges, however, haven't stopped Sethi from experi-menting with open source.
24 October 07 2013
He has recently started using an open source applica-tion custom developed by a systems integrator.
"It is a pilot project and we are evaluating it. It has been six months since we have started using it and the software is running fine. I will assess the same for a few months and then see how we can increase the pen-etration of open source in our organisation," he says. The current economic scenario has provided impeus to open source as lots of organisations, mostly in the SMB segment, are looking to reduce their capex.
Growing but slowlyDinesh Kaushik, IT Head, Caparo India says that his organisation is now looking at using open source at the base level in terms of open office, emails etc.
“We are thinking of using open source primarily because it is free when we use it for internal pur-poses. I have also got positive feedback from our peer organisations. Let us start using it and one year down the line, we may start using it more prominently,” says Kaushik.
According to Tiwari, “Open source market is growing and we can see some level of adoption of open sources across enterprises as well. The recent surge in demand of open source vendors and their availability, can be considered as an indicator of this market’s growth.”
Tiwari says that at Policybazaar they have deployed open-source and select open-source stacks are perform-ing quite well. Since, core functions require innovation and vertical thinking those are kept out of the purview of open-source. Supporting functions, on the other hand, are developed using some of the best known open-source stacks. This approach has radically saved
Alhough proprietary vendors have introduced pay-per-use models to help customers reduce capex, the cost differential between open source and pack-aged software comes into play at introductory levels. For instance, open office, which requires no or little support, offers an advantage over its packaged coun-terpart. There could be price parity in bigger open source solutions where one may have to shell out more on service support.
Saurabh Tiwari, CTO of Policybazaar.com has intelligently leveraged open source to save precious resources.
Dinesh Kaushik
IT Head, Caparo India
“We are thinking of using
open source primarily
because it is free
when we use it for internal
purposes”P
HO
TO
IM
AG
ING
BY:
M
AN
Av
SA
CH
de
v, S
rIS
TI
MA
ur
YA
& S
HIG
Il N
Ar
AY
AN
AN
O p e n S O u r c e | c O V e r S T O r Y
25October 07 2013
the company resources and allowed them to focus their energies in areas requiring innovation.
Manoranjan Kumar, CIO of an SME, Kanoria Chemi-cals & Industries, feels that the open source market is growing and their organisation is also running a lot of applications on open source.
“For us open source has proved to be a boon because it has helped us reduce costs. Whether it is VoIP or email or file servers, we have been able to adopt open source to our liking. I vouch for open source a lot and would like
to see it being used in mission critical applications, but people still have less confidence because of the support infrastructure,” says Kumar.
Meanwhile, Open Stack, a foundation build to serve developers, users, and the entire ecosystem, feels that the growth of open source is unquestionable because today many organistaions are looking at open source to address the latest trends like cloud, big data and mobility.
According to Mark Collier, Chief Operating Officer, OpenStack Foundation, “Open source has become a given in the enterprise space. Everyone uses open source solutions now. Linux is the default in the data-centre, and of course the LAMP stack has been power-ing web applications for many years now, and with the rise of big data, apps like Hadoop are very prevalent.”
Collier also feels that enterprises are using open source because the technologies are flexible, meaning that one can often plug in their existing systems more easily, such as billing or charge-back or authentication systems.
“When I talk to enterprises, our community concept is very appealing when considering open source tech-
Manoranjan Kumar
CIO, Kanoria Chemicals & Industries limited
“I vouch for open source a lot and
would like to see it being used in
mission critical applications,
but people still have less confidence
because of the support infrastructure”
PH
OT
O B
Y J
ITe
N G
AN
dH
I
C O V E R S T O R Y | O p E n S O u R C E
26 October 07 2013
nologies. One thing I didn’t mention is cost. Of course open source software is free to acquire, but this really isn’t the top reason for adoption, it’s much more about the flexibility to integrate and to be a part of a thriving community with multiple vendor support options, eliminating lock-in,” adds Collier.
Proprietary supporting open source There are numerous proprietary vendors today who are supporting open source and they have developed appli-cations using open source and proprietary software that are being used by enterprises. For instance, Oracle contributes to many different open source projects and communities. Hundreds of Oracle engineers are part of open source communities and develop code that is freely available in open source. For example, Oracle’s Linux kernel team contributed a cluster file system and dash Oracle Cluster File System 2 (OCFS2) — to the Linux kernel under the terms of the GPL, GNU public license. OCFS2 was the first ever cluster file system in the mainline Linux kernel.
Oracle has been a member of Eclipse since the proj-ect’s inception, and has made many contributions to the Eclipse community. Oracle’s BPEL designer — a design-time tool to orchestrate web services into busi-ness processes — is offered as an Eclipse plug-in, in addition to being a part of Oracle JDeveloper. Oracle has also committed to contributing object/relational mapping functionality to the Eclipse Foundation to help promote Enterprise JavaBeans 3.0.
Challenges The most prominent challenge that confronts the open source community is the lack of proper support for users and also clarity in the licenses which the users are using.
“I think the biggest challenge is the fear that there won’t be some-one there to help if something goes wrong, or even before that in the plan-ning and implementation phase to get good advice from experts. The best way to address that is with a very strong and diverse ecosystem. We made that a priority from the very beginning in Open-Stack, and now have the top three Linux distributions, top three server manufac-tures, network vendors, etc. On top of these traditional IT vendors backing OpenStack, you have a number of firms offering profes-sional services like training, architecture, etc. We recently launched a training marketplace to help enterprises connect with trainers, and those classes are happening all over the world today,” said Collier.
Nishant Singh
CeO, CrMnext
“The main challenge is the
lack of skills available to
implement and support open source.
Also, the revenue model to sustain
development of the open source
solutions is not structured”
27October 07 2013
According to Nishant Singh, CEO, CRMnext, “The main challenge is the lack of skills available to imple-ment and support open source solutions. Also, the revenue model to sustain development and enhance-ments of the open source solutions is not structured and it requires huge upfront investments.”
The decision of adopting open-source software should not be taken just on the basis of the cost involved. It entails a detailed analysis and understand-ing of the requirements before switching to open source and availing its complete benefits. There are multiple challenges that one could face at this junction.
Selection of an open-source: Selection is a major challenge as one needs to account various aspects — licensing, community support, operating systems etc, before deciding upon an open-source stack.
Software adoption requires a learning curve: You may need to hire an expert in your open source prod-uct to get your IT staff up to speed.
Customisation and upgrade could be tough: One may lose the advantage of community driven develop-ment, if open-source is not customised to handle any future upgrades without hassles.
Unanticipated cost: One might feel, it is free soft-ware but it can involve unanticipated implementation, administration and support costs. Hence these costs should be accounted as well.
Be ready for surprises: Work on an open source might stop anytime as no one in the open source com-munity is obligated to help you or answer any of your questions forever.
When it comes to licensing, one needs to be very cautious as it can lead to numerous complications.
“There are variations in licensing models under which open-sources are being released; hence not all open sources are completely free for use. At times
yes, licensing can be an issue if the licensing agreement has not been referred properly. A casual approach towards understanding the licensing agreement could be disastrous later. Some licenses allow you to use the source code freely and a few may restrict the usage under commercial setup. Hence, it is highly recommended, one should read the licensing agreement in detail before taking a call,” says Tiwari.
Sethi feels that some organisations are still not clear about the licensing of open source.
“When one is using open source for internal purpose and not making any money out of it, till then the software is free, but when an organistaion starts using open source commer-cially then they have to share a part
Saurabh Tiwari
CTO, Policybazaar.com
“A casual approach towards
understanding the licensing agreement
could be disastrous. Some licenses
allow you to use the source code freely
and a few may restrict the usage
under commercial setup”
C O V E R S T O R Y | O p E n S O u R C E
28 October 07 2013
of their revenue with the open source community. Many firms are not clear how to weigh the same and so there is confusion. Moreover, some organistaion might not disclose that they are using open source commercially, and if that is found out later then the software becomes a property of the open source community. This is a challenge that needs to be addressed,” adds Sethi.
The Future Road MapOne thing is clear, if open source wants to grow fast, its proponents have to be on their toes.
To ensure that open source keeps on growing, the Open Stack Foundation are bringing people together to share their knowledge.
“As a foundation, we try to bring people together to share knowledge as often as possible. We hold what we call the “OpenStack Summit” twice a year, where thousands of people come together to discuss how they are using OpenStack, and plan the next release
of software. New versions come out every six months, quickly followed by a summit, so that’s the cadence. In between summits, there are user group meet-ups happening weekly. Meeting face-to-face is really important, to augment collaboration,” says Collier.
Sethi feels that in order to keep on growing in the market, the open source community should focus on quality and that can lead them ahead.
“I think larger enterprises look for quality and to make inroads in bigger enterprises, the open source community should kook at improving their quality of software. Also the support mechanism needs to keep on improving in the future,” sums up Sethi.
Mark Collier
Chief Operating Officer, OpenStack Foundation
“I think the biggest challenge is the fear
that there won't be someone to help if
something goes wrong, or even before that in the
planning phase to get good advice from experts”
O p e n S O u r c e | c O V e r S T O r Y
29October 07 2013
In conversation with Atanu Kumar Das,
Asheesh Raina, Principal Research Analyst, Gartner India,
talks about the future of open source market in India
“Dearth of skill-sets
is an issue”
30 October 07 2013
How has been the market for open source in the enterprise space? Do you see the adoption increasing? India is trying to be globally competitive when it
comes to the adoption of open source. The prime advantage of open source is its low pricing and that has helped them grow. The most important thing is, now we are witnessing more systems integrators who are concentrating on open source and that helps is delivering better services to the customers. Services was always a concern area for open source and we at Gartner see that improving but still a lot needs to be done. Moreover, open source has played a key role in the latest trends like mobility, big data and cloud. The popular mobile platform Android is on open source. When it comes to adoption, I see it being more used by the small and medium enterprises, although big organisations are also using it, but that is still at a very small level. Another important user of open source is the government sector and the support of the govern-ment is very important for this community to grow and come with innovative applications.
What are the challenges in convincing enterprises to adopt open source? Some of the challenges for the open source is its
safety and security. Users do not find all the function-alities in open source and they have to build those on their own and that is a deterrent in using open source. Moreover, organisations do not use open source in mission critical applications because of security issues and support problem. There are also licensing issues as people are not well versed with the GPL and LGPL licenses. The usage of open source is tricky in the sense that if one is using open source for internal purposes, then it is free. But when an organ-isation is using it for commercial purpose then they have to pay a amount to the Open Source Commu-nity, which many organisations are not aware of. The Open Source Community should come up with clear directions on the usage of open source and that will be a big help. Another thing that we notice is open source is not that trendy or jazzy where as proprietary offers a lot of features and looks. Proprietary software vendors are now reducing their prices and have come up with models like cloud and software as a service.
are there enough skill-sets available for the support of open source software? There is definitely a dearth of skill-sets and that is
proving very costly for the adoption of open source. But, if we compare the skill-sets available five years ago, the pie has definitely increased. I feel that big organisations are equipped to handle open source internally but for small organisations, they need sup-port on a regular basis. The share of open source is
increasing and I feel that there is scope for growth for both proprietary and open source software.
How important it is to have freedom from vendor lock-in for enterprises? Open stack vendors have always supported the free-
dom from vendor lock-in and we are witnessing that now. Many organisations are now using proprietary and open source to build one application and it is helping them achieve what they seek. Today, most of the applications are interoperable and that will be the trend going forward.
Going forward, how do you view the open source market growing? Governance is a big issue in open source and going
forward I believe that policies needs to be made which are clear to understand. Licensing has always been an issue and as IP laws grow stronger, organisations would like to avail for licenses very carefully. Open source community wants that if they are using open source with proprietary software they have to make the source code public which many enterprises are not doing. These things needs to be addressed if we want open source market to grow.
Asheesh Raina
“The usage of open source is tricky in the sense that if one is using open source for internal purposes, then it is free. But when an organisation is using it for commercial purpose then they have to pay an amount to the Open Source Community”
O p e n S O u r c e | c O V e r S T O r Y
31October 07 2013
In “The IT Market’s Hot: What’s in it for You?”, we examined the overall trends in the economy and their impact on the IT marketplace. Net, net: The IT mar-ket, for both products and workers, is
hot, and there are lots of new opportunities for professional and business growth.
The Mixed Blessings of a Hot MarketThe hot IT market is all well and good if
you are looking for a new job, but what if you like your job and don’t want to leave. What opportunities does the hot IT market hold for you? In fact, the hot IT job market might look like a disaster as you struggle
Seizing the OpportunityToday’s external market conditions can help you create internal growth opportunities, especially ones that provide incentives for employees to stay put By Marc J. Schiller
Ima
gIn
g b
y V
Ika
s s
ha
rm
a
NEXTHORIZONS
How Obamacare Will Impact IT Pg 34
CIA Wrestles With Analytics Challenges Pg 35
FeATures InsIde
32 October 07 2013
Reasons for their investment, such as what they are trying to achieve
Investment amounts, including dollars, hours, people and duration.I know that list sounds like a very dif-
ficult assignment, but that’s where the hot IT market can be very helpful. When IT investments start moving, people start talking. Vendors, in particular, can’t help themselves. They just love to brag about all the new great things they are doing at other companies in an effort to get you to also jump on the bandwagon.
But it’s not just the vendor community. Recruiters call more often and speak more openly about job opportunities and what stands behind them. Industry friends and colleagues that take new positions frequent-ly talk about the new challenges for which they were hired.
With all these different people talking, the trick is to listen—and listen well. And the best way to listen is to not listen alone. Bring your people in on this effort. Explain to them that you want to improve your company’s competitive intelligence as a precursor to proposing new IT investments. Explain to them how they can use their personal networks to ethically collect this type of competitive intelligence. Help them understand how valuable it will be for your company to understand the overall trends in IT investment when it is supported by spe-cific industry examples.
By involving your people in this research, you not only improve your abil-ity to collect the information, but you also bring them into the investment discus-
to hold on to your best employees, many of whom are being enticed by new opportuni-ties and increased salaries. This situation can be especially difficult if your employer is still feeling a bit shaky from the great reces-sion and hasn’t jumped on the IT invest-ment bandwagon yet. Naturally, that makes the grass seem a whole lot greener on the other side.
So, what are you supposed to do? Keep it a secret? Hope your people don’t find out about it? Clearly, that won’t work.
The challenge, and the subject of this arti-cle, is how to use the external market con-ditions to help you create internal growth opportunities—the kind that gives you and your employees incentive to stay put.
Start With the End in MindTo get your company to invest in new IT-enabled initiatives, it will take two basic things: 1) The initiative or project has to be something your company genuinely needs and can benefit from, and 2) your senior management must be convinced that’s the case. So far, all of this is pretty obvious.
What that means practically is that you can’t just march into the CEO’s office and tell her about the overall business and IT investment trends or point out that the resulting hot IT job market is making it dif-ficult for you to retain your best workers and expect it to have much impact. It’s going to take a little more sophistication (and data) than that.
Here’s what you can do.Step 1: Reconnect With What’s NeededYou, and probably everyone in your compa-ny, has been heads down the last few years, tightly managing costs and holding on to customers. Who's had time to think much about IT investments? Probably no one in the executive suite, but, of course, you can’t help yourself. After all, as the individual that is charged with making systems work, you are always keenly aware of the shortcomings in the business processes (and the support-ing systems) and you see lots of opportuni-ties to improve things.
I know that I’m on solid ground here because in more than 25 years in this indus-try I haven’t met a single senior IT manager that didn’t have a long list in their back pocket of different IT initiatives that they
were 100 percent convinced could move the business forward. All they needed was a budget and a willing user community.
Now is the time to dust off that list of IT initiatives and carefully review it. Reconnect with all the things that you were convinced in the recent past could make a big differ-ence to your business. Take your list and sort the items into the following five catego-ries of requirements:To continue day-to-day business operations To lower our daily operating costs To be at parity with our competitors To achieve an edge over our competition To directly increase sales (be careful with
this one).You’re not quite sure where your set of
ideas is in comparison to your competitors? That’s where step 2 comes in.
Step 2: Get Current With Industry DevelopmentsYour back-pocket list is just a starting point. What you really want to find out is where other companies, preferably ones in your industry, are investing.
What you are looking for is a list of IT-related initiatives that your competitors have undertaken. And, if you are really ambitious, an explanation of why they have invested in those initiatives and the benefits they are hoping to achieveWhat you are looking for is a list with the following information: Project or initiative description System or technology involved Names of companies investing
in this area
Your back-pocket list is just a starting point. What you really want to find out is where other companies, preferably ones in your industry, are investing
33October 07 2013
m a N a g E m E N T | N E X T H O R I Z O N S
sion and teach them how to best support an IT investment request.
Step 3: Put It All TogetherBy the time you’re done with this prepara-tory work, you’ll have: General information on IT investment
trends and IT skill shortages across a variety of industries
A well categorized list of your best IT investment ideas for your company
Data on the kinds of projects and IT investments your competitors are making and why they are implementing them.Now, with the obvious caveat that you’re
not going to sell management on a project your company won’t benefit from, it’s time to get into sales mode.
Schedule some time in an upcoming leadership team meeting to present a talk on “the state of the industry from an IT investment perspective.” At that meeting,
share the overall market data and trends that are driving IT investments. Next, drill down to what’s happening in your industry, including how it is investing in IT. Make sure to keep the data aggregated and general at this point in the conversation. And when they ask you what’s driving all that IT investment, you reveal the detailed data they care about most: what your competitors are doing and why. But don’t stop there. Once you have presented your competi-tive data, it’s time for you to present your analysis of what your company should do. You may argue for investments that are required to match your competition. You may opt for an investment that you believe will help transcend your competitors. What-ever it is that you want to sell,
this is your opportunity to shine. Why? Because you aren’t selling IT projects, you are sell-ing competitive positioning
That’s ItThat’s how you leverage exter-nal market conditions and information to create new opportunities for you, your IT workers and, ultimately, your company. It’s a powerful formu-la. Go for it—and let me know
how it works out for you.
— Marc J. Schiller has spent more than two decades teaching IT strategy and leadership to the world’s top companies.
— The opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
How Obamacare Will Impact ITChoosing the right partner will always be key to success for any new initiative By C.J. Ravi Sankar
as the US health-care industry begins implementing the Patient Protection and Affordable Care Act (PPACA), commonly called Obamacare, insurance companies are experiencing a change in their business environment. For example, regulatory changes like medical loss ratio man-
dates require a reduction in administrative spend, while business model changes will force payers to invest in better management systems. What’s more, the influx of new, uninsured customers has made business leaders rethink their member acquisition and reten-tion strategies, due to the following challenges: For a typical payer, about 20 percent of medical spend goes to one
percent of its customer base, while 50 percent of the healthy cus-tomer base incurs only three percent of the medical spend
Temkin Customer Experience ratings place the health insurance industry at the bottom in delivering customer experience.
The Consumer Union 2012 survey reveals that consumers dread shopping for health insurance.Increasingly, customer expectations are shaped by their experi-
ences in using services across other industries, such as retail and financial services. For payers to deliver on these customer expecta-tions, they will need to: Build a flexible business architecture Optimise business processes to cut costs and improve efficiencies Create and manage customised experiences Unify their customers’ experiences across multiple channels.Payer CIOs are at the center of this sea change as their business
partners will seek their leadership in transforming payers into health-information organisations. By leveraging technologies like social media, mobile devices, data analytics and cloud computing, CIOs can improve traditional organisational capabilities to deliver
49%wIll bE THE wORldwIdE gROwTH Of 3d pRINTERS
IN 2013
34 October 07 2013
N E X T H O R I Z O N S | m a N a g E m E N T
CIA Wrestles With Analytics ChallengesThe intelligence community is looking for innovations that would enable it to rapidly analyse data By Michael Vizard
while there is a lot of controversy these days about the amount of data that the National Security Agency and other intelligence groups are collecting, analysing
all that data in ways that make it actionable is still a major challenge, regardless of how omnipotent an organisation is perceived
applications, examining ways to reduce costs through managed services and portfolio optimisation in order to reallocate their budgets for transformational initiatives. Vendors with expertise in helping organisations control expenses and invest the realised savings in the creation of new capabilities will be the partner of choice. As payer CIOs drive their organisational transformation,
Social collaboration is expanding the means by which consumers gather information
choosing the right partner for this journey will be key to the suc-cess of their new initiatives.
— C.J. Ravi Sankar is the vice president and head of payer-provider practice at HCL Technologies. — The opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
these information-based products and services. Social collaboration is expanding the means by which consumers gather information and interact with businesses. Mobile device usage is changing the way organisations attract, acquire and engage with customers. Analytics and big data enable organisations to predict customer behavior using data from multiple sourc-es, including application systems, social media, and more. Finally, cloud comput-ing offers the flexibility to deliver these applications at scale. Partners that deliver superior customer experiences and provide a combination of payer domain expertise and best practices from other industries will have an advantage over traditional partners.
The other key challenge for CIOs is finding financial support for the chang-ing model while maintaining current business delivery. CIOs need to revisit their strategies for “run the business”
to be. Speaking at the recent Security Innovation Network Summit in New York, Dawn Meyerriecks, deputy director for the directorate of science and technology at the Central Intelligence Agency, says that ingesting all of the data the agency requires remains a major challenge. And even once it is collected, analysing it all in
real-time is next to impossible.“To watch all the video that currently
moves across the Internet in one minute would take five years to watch,” says Meyerriecks. “And we can’t ingest all that data at scale.”
As a result, the CIA is concentrating its research and development investments
Ima
gIn
g b
y V
Ika
s s
ha
rm
a
35October 07 2013
a N a l y T I c S | N E X T H O R I Z O N S
on analytics applications and systems that would enable the agency to more easily analyse data where it resides as opposed to trying to store it in one central data ware-house, Meyerriecks says.
Most of that research and development activity is being managed through In-Q-tel, a venture capital firm created by the CIA, and the Intelligence Advanced Research Projects Activity (IARPA) organisation that the Department of Advanced Research Proj-ects Agency has set up.
Meyerriecks says that specific projects, such as IARPA’s Aggregative Contingent Estimation (ACE), is investigating advanced analytics technologies that would make it easier to analyse data in place. And IARPA’s Knowledge Discovery and Dissemination program is looking into adapter and seman-tic technologies that would make it less difficult to discover data and establish some meaningful context around it.
While the CIA is clearly operating at a
level of scale that goes beyond the average enterprise, Howard Dresner, chief research officer for Dresner Advisory Services, says the agency is encountering many of the same advanced analytics challenges facing IT organisations as they move deeper into the realm of big data. Even with the use of Hadoop as a framework for storing data, the cost of collecting and correlating massive amounts of big data is still enormous.
To mitigate those costs, it would be less expensive if the analytics could be applied across federated sources of data. “That’s not something anybody is going to solve any time soon,” says Dresner. “They would first have to come up with a standard way to index all the data first.”
Naturally, systems integrators see big data analytics as a significant opportunity. CSC, for example, just acquired Infochimps, a provider of data analytics as a service that aggregates data using an implementation of Hadoop and a NoSQL database.
According to Travis Koberg, director for data services for CSC, the systems integra-tor expects the world of big data analytics to be federated across applications that will span both on-premise and cloud computing platforms. “We trying to build an industrial strength platform for big data,” says Koberg. “But we still believe that most of these appli-cations are going to wind up being feder-ated.” The degree to which that ultimately happens, however, is anybody’s guess. Right now the pendulum is swinging toward aggregating data in the cloud. But as the cost of aggregating all that data continues to increase, the IT community—and the intel-ligence community—are clearly looking to breakthroughs that would enable them to analyse massive amounts of data regardless of where the data resides.
— The opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
Even with the use of
Hadoop, the cost of collecting
big data is still
enormous
Ima
ge
by
ph
ot
os
.co
m
36 October 07 2013
Every day, new cyber threats and attack techniques emerge to strike your network. With the growth of APTs and hacktivist groups, staying on top of the threat landscape is more challenging than ever. Besides, as mobile de-vices, social media, and the cloud become commonplace both inside the enterprise and outside, technology adoption is moving faster than security, thereby creating problems for security practitioners.
Raising alarm bells, security experts believe that based on the way the enterprise landscape looks now, companies are on their way to a com-plete breakdown if they don’t change their security strategies immediately. To overcome these security concerns, technology leaders need the next generation of security innovations.
To learn more about how Juniper Networks is changing the face of network security and cyber-attack prevention, join us for a day-long session with our security specialists. Bring your network security questions and take advantage of our on-site Technical Security Specialists!
Event Details:
16th October
Grand Hyatt
9:30 am to 4:00 pm
18th October
Taj Palace
9:30 am to 4:00 pm
30th October
ITC Windsor
9:30 am to 4:00 pm
LIGHT EVERY CORNER IDENTIFY EVERY THREAT
Juniper Ad_C&L.indd 1 10/10/2013 12:36:04 PM
38 October 07 2013
C I O & L E A D E R C u s t O m s E R I E s | s A s
Organisations of every size, in every industry, have data that can deliver insights. Advanced analytics and data visualisation are providing organisations with real-time
insights and foresights, empowering them in enhancing performance and multiplying opportunities. Sudipta K. Sen, Regional Director – South East Asia, CEO & Managing Director — SAS Institute (India), shares his thoughts on how analytics can empower
organisations in leveraging the newest and most important asset class — data
Almost 99 percent of the world’s written words, images, music, video and data are transmitted in the two-letter Boolean alphabet of ones and zeroes. Data is
pouring in from every conceivable direc-tion and big data is only getting bigger. However, big data is a relative term. When data grows beyond the ability to manage, it’s called big data. Most organisations have capabilities for storing data, however, pro-cessing times are high. Today, most CIOs are concerned that the amount of amassed data is becoming so large that it is difficult to find the most valuable pieces of informa-tion and insight from it. Creating mean-ingful insights from both structured and
Visualising the Power Of YOuR DATA
sudipta K. senRegional Director – South East Asia, CEO &
Managing Director - SAS Institute (India)
unstructured data has become an industry-wide strategic imperative. Analytics has found its way into boardroom discussions and organisations are keen on driving a culture of data-driven decision making. Technological advancements in analytics is enabling organisations in deriving bet-ter value from their data and empowering non-technical business users in taking decisions faster and more accurately. Let’s explore some key areas that highlight the same:
leveraging forward-looking insights:The rapid increase in data volumes has compelled organisations to manage and store data efficiently. A major chunk of
39October 07 2013
s A s | C I O & L E A D E R C u s t O m s E R I E s
ent users and with appropriate privileges to edit. This ensures that data is secure and at the same time it’s being leveraged to drive business outcomes.
Organisations of all types and sizes gener-ate data each minute, hour and day. There is no going back; the flow of data will not shrink, on the contrary it will only grow expo-nentially. Everyone — including executives, departmental decision makers, call centre workers and employees on production lines — hopes to learn things from collected data that can help them make better decisions, take smarter actions and operate more efficiently. With advanced analytics and data visualisation techniques, organisations can uncover the true potential of their data and unleash valuable insights about consumer preferences, growth drivers, business trends, market forecasts, etc. With the ability of deriving accurate insights faster, explor-ing data visually, sharing report with peers and interacting with dashboards on mobile devices; organisations can enable business users/functions to drive an enterprise-wide culture of data-driven decision making and attain breakthrough business outcomes.
data is created by individuals/customers spread across geographies and in different formats, such as text documents, tweets, videos, updates, blogs, etc. Organisations across industries are embracing analyt-ics to derive meaningful insights from this data. Traditionally, users have been using analytics to describe current scenarios or find answers to past issues. While this is important, it is even more important to leverage analytics for forecasting and solv-ing tomorrow’s problems today. This helps organisations in eliminating gut-feel and guesswork from decision making process and helps take forward-looking decisions based on facts.
human brain needs visualisation:A picture is worth a thousand words — especially when you are trying to under-stand and gain insights from data. It is par-ticularly relevant when you are trying to find relationships among thousands or even millions of variables and determine their relative importance with the help of for-ward-looking data visualisation tools, such as SAS visual analytics, users can simply drag and drop parameters to explore data and derive meaningful insights. Data is represented visually in the form of graphs, charts, diagrams, etc., which makes it easier for the users to explore, correlate and forecast. Data visualisation techniques makes analytics much more approachable and easy to share and collaborate with peers across organisation. This empowers the non-technical business users, reduces burden on IT and helps inculcate an enterprise-wide culture of data-driven decision making.
analytics at the speed of thought:Most analytical solutions are ‘seemingly fast’ — their processing speeds are fast, however, they work only on subsets of data and not on the entire database. True value of big data and accurate decision making can only be unlocked when organisations analyse data in its entirety and not just sub-sets. To do so, it is important that analytics and BI solutions leverage in-memory ana-lytics technique in order to resolve complex problems in near-real time and deliver
highly accurate insights. Modern organisa-tions are looking for optimal ways to gain insights from big data in shorter report-ing windows. It's all about getting to the relevant data quicker. Revealing previously unseen patterns, sentiments and relation-ships, delivering valuable information in real time and speeding the time to insights. With technologies such as in-memory ana-lytics, businesses can find answers to their most pressing questions in seconds or minutes, which earlier took hours and days to process. This helps in reducing reporting times, shrinking costs, enhancing efficien-cies and improving accuracy and agility of decision making.
analyse anywhere, anytime:Data exploration and decisions should not stop just because the users are out of office. Data visualisation and self-service BI tools empowers decision makers at every level to see and interact with critical infor-mation and decision-making data — any-time, anywhere — on their mobile devices such as tablets. Having on-the-go access to current, relevant information means faster decision cycles and uninterrupted workflows. users can also share reports with colleagues and gather their insights. This ensures that decisions are not being made in silos and are rather accurate. Another vital aspect that a mobile BI solu-tion must ensure is the capability to view and explore dashboards securely. Different views should be made available for differ-
brought to you by
The image shows a business dashboard of SAS Visual Analytics. Business users can quickly view and interact with reports via the Web or mobile devices, while IT maintains control of the underlying data and security
40 October 07 2013
Cloud: A Game Changer Microsoft and SoftwareOne organised a CXO round table showcasing how cloud can revolutionise business
productivity, to business solutions. It doesn’t make business sense to make a one-off software decision in today’s world.”
"Whether you're con-sidering cloud solutions
such as the Windows Azure Platform and Office 365, the System Center Suite, upgrading to Windows 8, seeking to enhance Business Intelligence through SQL or upgrading communication and collaboration options with Lync and Share-Point - we deliver strategic recommenda-
The three biggest trends in the enter-prise technology space today are mobility, social, and big data. These trends can have a huge impact on how businesses engage with their
customers, partners, and employees in order to better business agility, economics, and experiences both inside and outside their company. The key to unlocking this impact is cloud.
Against this backdrop, Microsoft and Soft-wareOne, in association with CIO&Leader, organised a round table discussion on ‘Cloud Power’ for CXOs in Gurgaon recently.
Speaking at the event, Mayank Srivas-tava, Managing Director, SoftwareOne said, “No business service you create today lives on an island. You need apps, communica-tion, and collaboration to connect together in an agile way. To achieve this, you need a comprehensive cloud—from platform, to
CIOs participating in the round table discussion
Mayank Srivastava (left), Managing Director, SoftwareOne, welcoming a delegate at the event
Participants networking during free time
EvEnT
41October 07 2013
C l o u d p o w E r | E v E n T r E p o r T
Mayank delivering his address
Mayank thanking a delegate for paricipating in the thought provoking discussion
tions, smart alternatives and practical tools to assist future planning. All firmly based on your needs," he said.
SoftwareOne is a licensing solutions provider with the unique combination of being a truly global LAR. With a presence in 80 countries, it is exclusively focused on software volume licensing and privately-owned since it was set up in 1985. The company optimizes and manages software spend, while facilitating relationships between customers, publishers, and local best-of-breed services partners.
On how his company could help CXOs in moving to the cloud, Srivastava said, “We know software licensing inside and out. Our team has decades of real-life industry experience, giving us the depth and breadth to tackle any licensing chal-lenge head-on. We offer a leading-edge web platform and online tools that provide full transparency into your software licensing anytime and anywhere you require it.”
The event saw some of the top CXOs debating the pros and cons of cloud computing.
Sharing his experience, Kapil Mehrotra, CIO, Apollo Munich said, “Cloud has come to be the biggest business enabler for an enterprise technology decision maker today. It lends a CIO the power to deploy any resource of IT service on the fly. By leveraging cloud, we have accrued tremendous capex savings while at the same time achieved scalability and agility for our business.”
Providing insights into how Micro-soft enables enterprises in harnessing cloud, Ritu Chaturvedi, Director Office 365, Microsoft, said, “The Microsoft Office 365 service offering combines the familiar Office desktop suite with the latest, cloud-based versions of our next-generation com-munications and collaboration services: Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft Lync Online. These services work together seamlessly to provide the best productivity experience on PCs, phones, and browsers.
Office 365 is powered by the same Micro-soft email and collaboration products that businesses have been using for decades.”
According to Microsoft, Office 365 gives ‘anywhere/anytime’ access to email, documents, contact information and cal-endars on almost any device. Moving all or some of the applications to the cloud can save organization time and money as well as free up valuable resources to work on other IT projects that haven't been able to schedule previously.
“Benefits of Office 365 include elimi-nating time and effort spent managing email and collaboration services; Cost
savings associated with hardware over-head, electricity, and software deployment; Enhanced security with 128-bit encryption; and 99.9 percent scheduled uptime with financially backed service-level agreements (SLAs),” Chaturvedi said.
“For today's CIOs and business lead-ers, the cloud presents an opportunity to redefine the role that the IT and non-IT business functions play in implementing a business strategy. Because of its power to fundamentally change how business operate and compete, the cloud has the potential to a game changer for many com-panies,” she added.
42 October 07 2013
TECH FORGOVERNANCE
Leaked Data and Credentials: Cracked Web AppsWith the rise of web-based applications, the threat model has changed By Jonathan Lampe
Fall in PC shipment in the third quarter of 2013
9%Data Briefing
43October 07 2013
s E C u R i T y | T E C H F O R G O V E R N A N C E
iPOintS
5 Most web-based
applications now use
human-readable web
pages
you cannotrely on any anti-virus
package to detect
modified web
applications
your defense against this attack
vector flows directly
from the hackers’ goal
in soMe cases,
hackers will try to
serve downloads to
popular packages on
their own sites
you can detect
and defend against
these types of attacks
by using the right mix
of file integrity check
utilities
However, there are many other exploits that threaten Internet-facing applications. This article covers a common exploit not listed in the OWASP Top 10 Application Secu-rity Risks, but is nonetheless used to steal credentials and data from Internet-facing applications today.
In the “old days,” distributed applications were deployed using a client-server model that used pre-com-piled binary code on desktops and servers. These applica-tions could be cracked by experienced programmers, but the people who cracked these applications were more often looking for ways to circumvent licensing (or insert a self- replicating virus) than steal credentials or data. Furthermore, if a crack was intended to steal credentials or data, the hacker often had to be “within the walls” because the targeted application usually ran over a LAN or WAN than the Internet.
Web Applications are Easy to ModifyWith the rise of web-based applications, the threat model changed. Most web-based applications now use human-readable web pages written in PHP, ASP, C#, Perl, CGI, Ruby or other web scripting languages. Many others depend on human-readable templates or configuration files that control how the application works.
The switch from all-binary applications to mostly-script-ed applications significantly lowered the bar of technologi-cal prowess for would-be hackers. Today, a nefarious indi-vidual with introductory-level web application skills can cut-and-paste code from the Internet into a sign-in page to write out all credentials to a secret log file. In a client-server world, the same trick would have required mastery of assembly code.
Information Stolen by Exploited Web Applica-tions is Easy to RetrieveThe switch from LAN/WAN applications to Internet-facing applications also freed hackers from having to be present in the building to exploit their targets. Now hack-
if you’ve been paying attention to vulnerabilities in web applications, you’ve certainly heard of attacks involving SQL injections, cross-site scripting, and poor session management. Thanks to the efforts of groups like OWASP, many responsible software vendors and open source project leaders now treat these types of vulnerabilities seriously, and issue patches and hot fixes to remove them from production code soon after discovery.
ers can “spear-fish” known users of an application, pose as tech support in social engineering exploits, seed false downloads, or use other backdoors and Trojans to plant their exploits on target computers. Once their exploits are planted, hackers may then use hard-to-detect channels to retrieve their ill-gotten gains, such as a new parameter to an exploited web page that downloads the secret log of credentials and data their exploit created.
Examples of Exploits How a Hacker Might Apply and Use Exploited Code“BankingWebApp” is a web application written as a C#-based application in Microsoft Visual Studio. It generates binary DLLs that contain much of the program logic but exposes individual *.aspx pages for each separate page in the application. User sign in is handled by “signon.aspx.”
Here’s a sample scenario: A hacker with a local copy of BankingWebApp discovers that a target bank runs BankingWebApp by reading an online support forum. They insert code into a hacked version of signon.aspx that writes all incoming usernames and passwords to a secret log file. They also insert code into the same file that displays the contents of the secret log file on the web page when a special parameter is added to the URL (e.g., “&debug=1337").
The hacker then contacts an individual at the target bank through the support forum and convinces them to download and apply the hacker’s exploit. Once the hacker’s exploit is in place, it gathers several hundred sets of customer credentials a day. After a month, the hacker executes a single “debug=1337" transaction against the publically-accessible signon.aspx to download thousands of valid credentials, and proceeds to use or sell the creden-tials to criminal elements.
Real-World Instances of ExploitIt is difficult to locate real-world instances of this type of exploit in major commercial applications through Google
44 October 07 2013
T E C H F O R G O V E R N A N C E | s E C u R i T y
searches, but you can readily find examples of this type of exploit in popular content management systems (CMS) such as Joomla, DotNetNuke and WordPress. However, you may want to perform a visual inspection of your own Internet-facing web applications before ruling them immune to this type of exploit. If your web appli-cation relies on directories full of “*.aspx”, “*.asp”, “*.php”, “*.pl”, “*.cgi” files, and those files are legible in Notepad on Windows (or vi on *nix), your web application may be vulnerable to this kind of attack. (Check with your vendor if unsure.)
Most Vulnerable Applications Web Applications that Rely on General-Purpose Web ServersApplications that depend on a general-purpose web server such as Microsoft IIS, Apache HTTPS, Apache Tomcat or Nginx are most vulnerable to this type of attack. By design, general-purpose web servers allow several different web applications to share the same web server, and it is the responsibility of each individual web appli-cation to be a good citizen of the commons (e.g., not taking too many resources, not destroying another application’s data, etc.).
Web Applications that Run Human-Readable CodeWeb applications that entirely rely on human-readable scripts tend to be more vulnerable than web applications that obfuscate or com-pile their code. However, applications that partially hide code in this way, such as binary DLLs used in many ASP.NET applications, may still be vulnerable to redirection in human-readable intermediate files or web filters, such as IIS’s ISAPI filter mechanism.
The best defense against maliciously modified code is to automati-cally scan your web applications for unauthorised changes. In the case of custom or internally-developed web applications, this may be your only defense. Fortunately, there are several “file integrity moni-toring” tools that perform this exact function.
Your file integrity check application should check all the static con-tent (images, stylesheets, JavaScript files, etc.) and code used by your web application. It should be configured to check a few times a day (at least), keep a trusted signature off the target machine in case the hacker is smart enough to recalibrate the local signature, and can be turned off and recalibrated cleanly during your planned outage.
Note that some commercial web applications include their own built-in file integrity checks. When evaluating new web applications, it may pay to ask about included file integrity features up front.
Use Anti-Virus Software to Watch for Exploit Delivery VehiclesYou cannot rely on any anti-virus package to detect modified web applications. By and large, antivirus packages look for binary signa-tures of known viruses in executables, or look for unusual operating-system behavior in applications, such as injecting code into operat-ing system executables. However, you can use anti-virus software to detect and prevent the installation of the backdoors, Trojan horses, and viruses that allow hackers to modify your web applications. Without those, hackers must rely on vectors such as open RDP sessions (usually protected behind VPNs these days) or the ability of authorised personnel to follow instructions from an untrusted source to corrupt your application.
Train Authorised Personnel to Use Change Control ProceduresIf you deny hackers the ability to install virus and Trojans in your network, the next most likely vector into your systems will be through your people. Social engineering schemes can be devised to gain the trust of employees through shared user forums, or to blus-ter an employee through an urgent inbound phone call “from cor-porate” or a specific Fortune 500 vendor. “Spear phishing” schemes can also be developed to target specific email addresses in your com-pany with official-looking upgrade notices or security alerts.
The hackers’ goal in all of these schemes is to convince someone on your staff to download the hacker’s exploit from an unofficial site and then apply it to a production system. And if a solitary staffer can do all that without telling anyone else, that would be ideal from a hacker’s perspective.
Your defense against this attack vector flows directly from the hackers’ goal. Any change control policy worth its name already con-tains two elements that inhibit these kinds of attacks.
First, good change control policies require at least two different people to approve and apply changes. If you take away the ability for people to act in isolation, you take away the ability for them to inde-pendently make poor decisions. This is the same concept behind separation of duties in accounting; while the temptation to make a bad decision – to steal money – will always be great, the means to actually carry out bad decisions is greatly reduced when two people must make the same bad decision to proceed.
Second, change control often dedicates the use of separate test and production systems, and specific tests that must be performed on the test system before code is promoted into production. While the technical aspects of running exploited code on a test system will probably not uncover the exploit itself, a hacker must usually be willing to invest more time, and thus increase their chances of being detected, if exploited code must be shepherded through a test environment first.
Beware of Third-Party Contributions, Even to Major PackagesHackers who cannot rely on Trojans or poorly trained personnel still have one significant vector to exploit if their targeted web application accepts third-party contributions: targeting the add-ons rather than the core packages. In some cases, hackers will try to serve down-loads to popular packages on their own sites. In other cases, they
The best defense against malicious-ly modified code is to automatically scan your web apps for unauthor-ised changes. In the case of custom or internally-developed web apps, this may be your only defense
45October 07 2013
s E C u R i T y | T E C H F O R G O V E R N A N C E
How Pros Can Migrate and Maintain Securitythe best way to tackle this problem is by coming up with a vendor management methodology By Matt Neely
More and more often, CIO’s and CSO’s are being tasked with moving their company’s core applications to the cloud. A headache for security profession-
als to say the least, and a challenge to quickly generate security requirements and ensure those requirements are followed. Another problem that arises is that most companies already have existing security requirements in place for traditional third-party vendors, but these requirements are not a good fit for the cloud services being adopted.
Unlike traditional third-party solutions where the vendor is responsible for all or
most of the security controls in the cloud, there are often cases where security profes-sionals are responsible for managing and maintaining key security controls.
For example, if a company is host-ing a home grown application at a PaaS (Platform as a Service) provider, then the company’ would generally be responsible for the security of the application itself. The cloud provider of the PaaS would be responsible for the securing the platform and infrastructure supporting the applica-tion. It is critical to clearly outline who is responsible for which component and have requirements which provide the desired
can get the original package authors to serve the exploits as official add-ons or translated editions of the original software. In the most extreme cases, some hackers have actually replaced the official downloads with their own exploited packages, but this type of exploitation rarely lasts for long. The best defense against these types of exploits is to communicate with the provider of your soft-ware application before applying add-ons or translated editions to understand whether or not the code that makes up those elements is supported and blessed by the sponsoring organisation. If it is not, and another reputable organisation does not stand behind the code, it may be best to forgo the add-on or switch to a different application.
Watch your FTP or SFTP AccessIn many of the cases where a popular CMS has been hacked at a par-ticular site, it was because the web site operator left no password or an easily-guessed password on an FTP or SFTP account associated with that site. If you use FTP or SFTP to remotely manage your web site, make sure that all accounts use strong passwords, use FTPS or
SFTP instead of FTP to protect your credentials from snooping, and consider the use of strong authentica-tion through the use of SSH keys (with SFTP) or SSL client certificates (with FTPS). You should also disable unnecessary FTP accounts, use IP lockouts to head off brute force (password guessing) attacks, consider limiting access to a limited number of IP addresses, and check your logs for login attempts that appear to be zeroing in on particular usernames. Changing the code behind existing web applications is a time-intensive but effective way for hackers to harvest authentication cre-dentials and data. However, you can detect and defend against these types of attacks by using the right mix of
file integrity check utilities, antivirus software, and change control policy. You can also limit your exposure by avoiding add-ons and translations from third parties, and being careful with the way you use remote file transfer technology.
— Jonathan Lampe is a Security Researcher for the InfoSec Institute. — The artcile is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
level of security while being flexible enough fit these different service models.
Start by Building a Framework:To build cloud security, you first need to create a programme to review, approve and manage cloud providers. This is something you can try to create on your own, or you can follow an example my company created.
To develop this framework start by meet-ing with stakeholders to gather business, technical and security requirements. Then compare that with the regulatory require-ments related to the data that would be stored and processed by cloud providers.
$4tnwill bE THE sizE OF
wORldwidE iT spENdiNG iN THE yEAR 2014
T E C H F O R G O V E R N A N C E | s E C u R i T y
Once you do that you can leverage existing security policies, procedures and stan-dards while adding additional require-ments specific to cloud computing envi-ronments. To ensure the requirements are flexible enough to apply to the various cloud models and use cases, the require-ments should be broken down by the type of cloud service used and the classification of the data processed and/or stored by the provider.
Once the framework is complete meet with executives at your organisation to review the Cloud Security Framework (CSF). During this meeting convey the importance of the framework to the busi-ness and outline how the company should align to the new framework. Once you receive executive management buy-in, the framework can be adopted for use by all lines of business moving services to the cloud, not just IT. This will provide the company with a unified approach to man-aging the security of cloud services, thus ensuring all corporate data moved to the cloud is appropriately secured.
Security of Cloud Services:In addition to creating a framework and earning corporate buy-in, security profes-sionals also need to develop processes to prioritise, review and track which cloud ser-vices are approved for use.
The best way to tackle this problem is by coming up with a vendor management solu-tion methodology to develop a programme to review, approve and manage the cloud service providers. Having this solution will allow security professionals to enter requests to have potential cloud service pro-viders reviewed. Once a provider is entered for review, a questionnaire can be generated based on the type of cloud service used and the data stored and/or processed by that provider. This questionnaire should then be sent to the point of contact at the cloud service provider to gather information on what security controls are present in their environment. Once the questionnaire is complete, CSO’s and CIO’s staff can work with the cloud service provider and their organisation to snap the cloud service into the CSF. To ensure the lines of responsibil-
ity were clearly defined, each requirement in the CSF should be assigned to either the cloud security provider or the business. During this review process you can enumer-ate risks posed by the proposed solution and outline where the solution did not meet the CSF. By leveraging the knowledge you gather, and using existing technology, as a security professional you are able to quickly respond to the needs of the business while minimising the risks of moving core applications to a cloud environment. This solution not only allows for cloud vendors to be quickly and easily reviewed, but also provides a programme to manage cloud services used by the business to ensure cor-porate information stored in-house or in the cloud is protected equally.
— Matt Neely is Director, Research, Innova-tion and Strategic Initiatives at SecureState.
— The artcile is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
To build cloud security, you first need to create a programme to review, approve and manage cloud providers
46 October 07 2013
ill
us
tr
at
ion
by
sh
igil
na
ra
ya
na
n
Every day, new cyber threats and attack techniques emerge to strike your network. With the growth of APTs and hacktivist groups, staying on top of the threat landscape is more challenging than ever. Besides, as mobile de-vices, social media, and the cloud become commonplace both inside the enterprise and outside, technology adoption is moving faster than security, thereby creating problems for security practitioners.
Raising alarm bells, security experts believe that based on the way the enterprise landscape looks now, companies are on their way to a com-plete breakdown if they don’t change their security strategies immediately. To overcome these security concerns, technology leaders need the next generation of security innovations.
To learn more about how Juniper Networks is changing the face of network security and cyber-attack prevention, join us for a day-long session with our security specialists. Bring your network security questions and take advantage of our on-site Technical Security Specialists!
Event Details:
16th October
Grand Hyatt
9:30 am to 4:00 pm
18th October
Taj Palace
9:30 am to 4:00 pm
30th October
ITC Windsor
9:30 am to 4:00 pm
LIGHT EVERY CORNER IDENTIFY EVERY THREAT
Juniper Ad_C&L.indd 1 10/10/2013 12:36:04 PM
Stay ahead of your peers.Grab this unfair advantage
The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environment ITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and soft-skills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs.
SESSIONS WILL COVER Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise
services/infrastructure Thinking strategically about IT Leadership in the corporate context
Platinum Partner PrinciPal Partners tecHnology PartnersPremierPartner
neXt100 BookPartner
suPPortingPartner
Download the NEXT100 app on your phone or tablet, and register for Pocket CIO program. Access the latest white papers and case studies, and watch videos
REGISTER THROUGH MOBILE APP
City&DateBENGALURU
25th – 26thoctoBer
APPLY NOW !www.itneXt.inneXt100
eVeNt By
* SEATS ARE LIMITED AND WILL BE OFFERED ONLY TO QUALIFIED CANDIDATES
GET IT NOW !
INDIA’s FUTURE CIOs
in association with
p R E S E N T S
48 October 07 2013
VIEWPOINT
About the Author: Steve Duplessie
is the founder of
and Senior Analyst
at the Enterprise
Strategy Group.
Recognised
worldwide as
the leading
independent
authority on
enterprise storage,
Steve has also
consistently been
ranked as one of
the most influential
IT analysts. You
can track Steve’s
blog at http://www.
thebiggertruth.com
It’s been a while since I’ve seen a new way to fail in business, hence the dearth of additions to this series. But now we have a new one — the fantasy business model.
Most failures of startups, through history, can be classified in just a few camps: 1. the product never worked, 2. the market never cared or existed (there was no real problem), or 3. the execution (team/CEO) was awful. Sometimes it’s just bad timing. Luck always plays a role. Tech business models were all the same. Spend money, build product. Sell product to lots of people for more than product costs to build. Buy low, sell high. Sell more, make more. Yadda yadda yadda. Today the business model matters as much, if not more, than the product/technology and often even the market itself.
Somewhere during the insanity of the dot com bubble, it became okay to have a business plan that never, ever showed how you make any money. Fast forward 25 years and we seem to have come full circle. Heck, the Federal Government of the mighty USA is fine with simply
diligence call with Peter Levine of Andreesen Horowitz on this very subject — whereby he came to the same conclusion. How and when do they make money? There was never an answer.
They aren’t the only ones. I can’t for the life of me figure out how Carbonite is going to make money. I see the same exact thing — the more customers they bring on, the more money they will lose. Unless they cheat, in which case they will collapse eventually under their own weight.
Did you ever see the Saturday Night Live skit about the bank who’s motto was “we make change”? “4 quarters for a dollar, or ten dimes, or 20 nickels. Perhaps 2 quarters and five dimes!” When asked how they make money, the answer was “Vol-ume!” It’s kind of like that.
The bet is clearly that if you can get really big and eliminate competition, and WAIT IT OUT (so your costs decrease over time and the elimina-tion of competition enables you to raise revenue for a less expensive service), then eventually you will make money.
printing more cash every day and spending beyond the means of thirty generations! Why not you?
VCs haven’t helped. They have funded these fantasies and never bothered to look (or care) that eventu-ally (unless you are the Fed), a com-pany needs to take in more money than it spits out in order to sustain itself. Call me old school, but it’s that simple. Nirvanix is the most recent (but certainly not the only) victim of fictitious Fed funding fantasy land. For all the joy and love of a cloud storage service, 15 years after, Peter Bell’s Storage Networks collapsed because it couldn’t find a sustainable profitable business model (that one was more technology related — not being able to securely multi-tenant kit back then killed the idea) — with lots of customers and buzz. At the end of the day, I could never figure out how they were going to make money. I’m not that smart, granted, but the math never made sense. The more customers they added, the more they would lose. Surely smart VCs would have picked up on that, no? I vividly remember a due
Fail Factors: Why Startups Die There
Are No Fed Funded Tech Business Models
STEVE DuPlESSIE | [email protected]
Ill
us
tr
at
Ion
by
ph
ot
os
.co
m
www.lenovo.com/in/en | 1800-3000-9990 | [email protected] your business the ThinkPad advantage
20 YEARS OF LEADERSHIPTHROUGH INNOVATION
Lenovo reserves the right to correct any errors, inaccuracies or omissions and to change or update information at any time, without prior notice. Trademarks: The following are trademarks or registered trademarks of Lenovo: Lenovo, the Lenovo logo, For Those Who Do and ThinkPad. Microso� and Windows are registered trademarks of Microso� Corporation. Other company, product and service names may be trademarks or service marks of others. ©2013 Lenovo. All rights reserved. AP _ IND _ PRN _ Q2-14 _ 36700 _ CIO 28x21
THINKPAD OUTTHINKS FALLS AND BUMPS WITH MAGNESIUM-ALLOY ROLL CAGE.The Lenovo ThinkPad® features a unique magnesium-alloy roll cagethat protects the HDD from falls and bumps. This prevents any damageto the critical components and keeps your data safe.
WHEN YOUR THINKPAD TAKES A KNOCK, THE DATA DOESN’T GET KNOCKED OUT.
Lenovo® recommends Windows 8 Pro.
Crash zones
Impactpoints
Tough chassis
