Are You a Social-Business CIO?

Technology for Growth and Governance

cT

o

fo

ru

mVolum

e 08 | Issue 12

February | 07 | 2013 | 50Volume 08 | Issue 12

“IT In

fr

as

Tr

uc

Tu

re

Is b

ec

om

Ing

un

wIe

ld

y” | a

go

vT

sT

ra

Te

gy

fo

r d

aTa

dIs

po

sa

l

A 9.9 Media Publication

I BelIeVe

The Collision of social, mobile, cloud and analytics Page 06

BesT oF Breed

A Govt strategy for data disposal Page 20

TeCh For GoVernAnCe

privacy scares from theghosts Page 44

our survey yields interesting insights into what CIos think about social-business-

enabling technologies page 29

Are You a Social-Business CIO?

2 07 february 2013 cto forum The Chief

TeChnologyoffiCer forum

editorialyashvendra singh | [email protected]

editor’s pick

Reinvent Business Social

media campaigns are giving a whole new meaning to

doing business

in 2011, the Danish brewing company, Carlsberg, turned

to youTube to generate a buzz around its marketing campaign. The beer manufacturer packed a 150-seat movie hall with 148 menacing and scary-looking men. right in the middle of the hall, two seats were left vacant. Those who dared to take the empty seats were rewarded by Carlsberg with a round of applause and chilled beer.

The video jelled perfectly with Carlsberg’s image of

Such cases where social media was cleverly employed by corporates are not isolated. Social media is no longer a pilot project in progressive corpo-rates. it doesn’t, therefore, come as a surprise that 80 percent of the fortune 100 companies are leveraging at least one social media tool (facebook, Twitter, Blogs, youtube) to connect to their customers. marketing campaigns powered by it are increasingly occupying a stra-tegic position in an enterprise’s overall strategy.

however, there are still scores of enterprises that are yet to realise its potential. There are others who, though understand its importance, fail to exploit it fully and properly. This is where your role, as that of a technology leader, comes into prominence.

enterprise technology deci-sion makers convince employ-

a brand that admired bravery and rewarded men who dis-played courage. Till february of 2013, the youTube video has received 12.2 million views, and still counting.

Closer home, royal enfield preceded the launch of its motorcycle, Thunderbird 500, with a social media marketing blitz across youTube, facebook and Twitter. The Chennai-based two wheeler manufacturer was successful in building up a big hype before the actual launch.

ees in their corporates to develop a social enterprise mindset. During my interac-tions with Cios, i have come across several of them who are creating appealing user experi-ences by amalgamating today’s social media tools with yester-day’s applications. Their efforts have resulted in improving their company’s sales.

According to them, the key to this lies in knowing your audi-ence and making content share-able and accessible.

Do write to us about your experience with social media in your enterprise. As always, we will await for feedback.

29 are you a social-business cio?Our survey yields interesting insights into what CIOs think about social-business-enabling technologies



48 | viewpoint: wine, religion, dinosaurs, and itBy steve duplessie

06 | i believe: the collision of social, mobile, cloud and analyticsBy dave evans

Cover Story

29 | Are you a social-business CIO? Our survey yields interesting insights into what CIOs think about social-business-enabling technologies

COpyrIght, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive pvt Ltd. is prohibited. printed and published by Kanak ghosh for Nine Dot Nine Interactive pvt Ltd, C/o Kakson house, plot printed at tara Art printers pvt Ltd. A-46-47, Sector-5, NOIDA (U.p.) 201301

Please Recycle This Magazine And Remove Inserts Before

Recycling

co nte nt s theCtoforum.Comfebruary13

Cover design by: Shigil NarayaNaNillustration: rethiSh kr

S p i n e

Technology for Growth and Governance

cT

o

fo

ru

mVolum

e 08 | Issue 12

February | 07 | 2013 | 50Volume 08 | Issue 12

“IT In

fr

as

Tr

uc

Tu

re

Is b

ec

om

Ing

un

wIe

ld

y” | a

go

vT

sT

ra

Te

gy

fo

r d

aTa

dIs

po

sa

l

A 9.9 Media Publication

I BelIeVe

The Collision of social, mobile, cloud and analytics Page 06

BesT oF Breed

A Govt strategy for data disposal Page 20

TeCh For GoVernAnCe

privacy scares from theghosts Page 44

our survey yields interesting insights into what CIos think about social-business-

enabling technologies page 29


ColumnS

featureS20 | best of breed:a government strategy for data disposal Today’s Cios can collaborate with legal and records management team to cut costs

29

5 07 february 2013 cto forumThe Chief


Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

Publishing Director: Anuradha Das Mathur

EditorialExecutive Editor: Yashvendra SinghConsulting Editor: Atanu Kumar Das

Assistant Editor: Varun Aggarwal & Akhilesh Shukla

dEsignSr. Creative Director: Jayan K Narayanan

Sr. Art Director: Anil VKAssociate Art Directors: Atul Deshmukh & Anil TSr. Visualisers: Manav Sachdev & Shokeen Saifi

Visualiser: NV BaijuSr. Designers: Raj Kishore Verma, Shigil Narayanan

& Haridas BalanDesigners: Charu Dwivedi, Peterson PJ

Midhun Mohan & Pradeep G Nain marcom

Designer: Rahul Babustudio

Chief Photographer: Subhojit PaulSr. Photographer: Jiten Gandhi

advisory PanElAnil Garg, CIO, Dabur

David Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on

Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

salEs & MarkEtingNational Manager – Events and Special Projects:

Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)

Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)

Senior Sales Manager (North): Aveek Bhose (+91 98998 86986)Product Manager - CSO Forum and Strategic Sales:

Seema Menon (+91 97403 94000)Brand Manager: Jigyasa Kishore (+91 98107 70298)

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar

Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Office No. B201-B202, Arjun Centre B Wing,

Station Road, Govandi (East), Mumbai-400088. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301

Editor: Anuradha Das MathurFor any customer queries and assistance please contact

[email protected]

www.thectoforum.com

regularS02 | editorial08 | letters10 | enterprise

round-up

This index is provided as an additional service.The publisher does not assume

any liabilities for errors or omissions.

44 | tech for governance: privacy scares from the ghosts All personal information needs to be identified and appropriately safeguarded

44

a QueStion of anSwerS

16 |Kevin Eggleston, Senior Vp and gM, ApAC, hitachi Data Systems, talks about the company’s future plans

25 | next horizons: the five traits of the quantum it organisation These traits are not about technology

25

16

advertisers’ indexDatacard IFCIBM 1Schneider 3CTRLs 7ESDS 9Cisco 13, 37Zenith 15Patel India 19Wipro Infotech 20-ASAS Institute 23Falcon (Expo 2020 Dubai) IBCMicrosoft BC



I BelIeve

currentchallenge

how to extend the enterprise’s own business processes

the author Is responsible for the development of the ground breaking m-Suite

enterprise mobility solution combining sophisticated mobile enterprise application platform

The collision of Social, Mobile, Cloud and Analytics Social platforms provide a missing dimension to enterprise solutions

four key technology trends are driv-ing this evolution faster and further ahead: Social, Cloud, mobile (“SoCo-mo”) and Analytics.Social Platforms: Social platforms provide a missing dimension to enterprise solutions. Previously, enterprise solutions knew only about ‘widgets’ and processes such as manufacturing and shipping. now, with the addition of a social dimension, enterprises can tightly link their business processes with their customer behaviours. Cloud Computing :The commod-itization of the computing stack by the cloud-computing paradigm has driven rapid innovation; from appli-cation development to service host-ing. World-class, highly scalable and robust computing is now available to a much broader range of enterprises and applications: with Software as a Service (“SaaS”) applications grow-ing to fill every niche. The prevailing architectural approach used is a plat-form approach, enabling functional-ity to be rapidly ‘plugged’ together to create new and innovative solutions. Mobile: mobile data has exploded. The rapid adoption in the consumer space has changed the expectations of the business user and created challenges such as ByoD. But per-haps the greatest challenge, and opportunity lies in how to extend the enterprise’s own business pro-cesses so that they can benefit from their customers.Analytics: The use of SoComo tech-nologies has resulted in an expo-nential increase in the complexity and cost of data analysis. Today’s enterprises demand insight and information. Big data technologies like hadoop and hana have increased enterprises’ ability to crunch large amounts of data in order to dynamically provide answers to the most difficult busi-ness questions.

CIos are today grappling with the next great evolution in computing, which is defined by the transformation of monolithic isolated silos of data and functionality into new enterprise platforms, that are built using a connected mesh of services, functionality and information.

By dave evans, CTO, Operators Division, Symphony Teleca Corp

Our Zero Data Loss solution ensures that your business doesn’t lose even a single byte of data or precious minutes getting your service back on track in the event of a downtime.

10101010101000101011001011001

10100001010111101000101011001

10101010101000101011001011001

10111000101010101000101011001

10101010101000101011001011001

10101001011110001010110010110

00111100100010101000101011001

10001010010011110101010001010

10101010101000101011001011001

10100001010111101000101011001

10101010101000101011001011001

10111000101010101000101011001

10101010101000101011001011001

10101001011110001010110010110

00111100100010101000101011001

10001010010011110101010001010

10101010101000101011001011001

10100001010111101000101011001

10101010101000101011001011001

10111000101010101000101011001

10101010101000101011001011001

10101001011110001010110010110

00111100100010101000101011001

10001010010011110101010001010

Put the spring back in your business within minutes

To know more about Zero Data Loss, Write to us: [email protected] | Call us on: 040-42030583

Data lost in transit during a downtime is irretrievable. Traditional Disaster Recovery services take at least 4 to 5 hours to initiate the recovery process, putting a great deal of data at risk.

Which is why Zero Data Loss solution makes perfect business sense.

Zero Data Loss DR Solution

DR On Demand | Cloud Services | Managed Services | Messaging SolutionsCtrlS Business Solutions

Visit www.ctrls.in/mumbai-data-center

LETTERS

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how

to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions about the magazine to [email protected]

The Build vs. Buy ProBlem

While the question of when you should outsource depends heavily on talent, time, and priority, the question of what to outsource depends on 3 lightly overlapping questions. To read the full story go to: http://www.thectoforum.com/content/build-vs-buy-problem

CTOF Connect Paul Coby, Execu-tive IT Director at John Lewis spoke about creating the shopping experience of the future for his customershttp://www.thecto-forum.com/content/understanding-cus-tomers-understand-technology

OpiniOn

Rafal lossR. secuRity stRategist at HP softwaRe

The big question is what to outsource and what to keep in-house on your

aRE CTOS mORE InTERESTEd In SaTISFyIng ThE CFO & BOaRd RaThER Than ThE COnSUmER?

CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.arun gupta, CIO, Cipla

CTOForum LinkedIn groupJoin over 900 CIOs on the CTO Forum LinkedIn group

for latest news and hot enterprise technology discussions.

Share your thoughts, participate in discussions and win

prizes for the most valuable contribution. You can join The

CTOForum group at:

www.linkedin.com/

groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are:Virtual CTO/CIO

A long term IT partner for your business growth

This is a model that SMBs are slowly waking up to. While

their IT head can chip away with his day-to-day activities,

an external help (a part time CIO) can give their IT a

proper direction and can review performance to ensure

the company's objectives are met.

—Balasubramanian S R, Business & IT Consultant





Enterprise

Round-up

FEATURE InsIdE

How to Pitch for a data Governance

Project Pg 12

the size of indian electr-onics

industry by 2015

Indian Insurers to Spend Rs 101 bn on IT in 2013 IT services to overtake telecom as the largest spending areaIndIan insurers are about to go on a spending spree! market research and advisory firm gartner predicts that insurance firms in india will spend rs 101 billion on iT products and services in 2013, an increase of more than nine percent over 2012 when they spent an approximate rs 92.5 billion.

The forecast includes spending by insurers on internal iT (including personnel), hardware, software, external iT services and telecommunications.

gartner’s findings auger well, particularly for iT services firms since insurers will spend an estimated rs 30.6 billion on consuming their services in 2013. iT

services is achieving the highest growth rate amongst the top level iT spending segments — forecast to exceed 13 percent in 2013, with growth of 23.4 per cent forecast for business process outsourcing services. Consulting is also a high growth segment at over 18.2 per cent in 2013.

Says Derry finkeldey, principal analyst at gartner, “We are continuing to see indian insurers lead the charge to outsourcing and business process outsourc-ing. The indian insurance industry is experiencing huge growth in transaction volumes, and indian consumers are quite progressive in terms of seeking online and mobile services.”

$94dATA BRIEFInG

illu

st

ra

tio

n B

Y s

hig

il n

ar

aYa

na

n

billion

E n t E r pr i s E ro u n d - u p



The mobile advertising revenue worldwide is expected to jump 19 percent year-over-year to $11.4 billion in 2013. The revenue is projected to reach $24.5 billion in 2016, with mobile advertising revenue creating new opportunities for app developers, ad networks, mobile platform providers, etc.

QUIck ByTE on MoBIlE AdvERTIsInG

security is no Place for traditionalists IT security professionals need to evolveIn IT, as In lIfE, those who don’t evolve, simply perish. it is therefore crucial for iT professionals to constantly evolve themselves and attune their mindsets with the changing times. gartner VP and distinguished analyst, Paul Proctor, who works with enterprises to help them build mature risk and security programs believes that iT security professionals need to evolve into risk management professionals not only to better align security programs with business needs but also to survive in the ‘game’. “The way i see it—all security officers fall into one of two camps: 70 percent are traditionalists and only 30 percent are true, risk management profes-sionals. We can do better,” Proctor wrote in a recent blog post. According to him, traditional security professionals adhere to a certain philosophy which can be det-rimental to their cause. Traditionalists believe that iT risk is a technical problem, handled by technical people, buried in iT and every problem is solved with a new technology. Also, they view themselves as heroes hired to protect the company at all cost. Proctor said that there are fundamental differences between how tradition-alists view their roles and how true risk management professionals—currently in the minority—view their roles in the organisational scheme of things.

Tharoor feels that Indian politicians have to embrace social media to reach out to their constituents

“Today, people get real-time info. This has both positive and negative impact. No leader of a democracy can either offend or discount social media.”

they said it

shashi tharoor

ph

ot

o B

Y p

ho

to

s.C

oM

ph

ot

o B

Y p

ho

to

s.C

oM

—Shashi Tharoor, Minister of State, Human Resource Development

E nt E r pr i s E ro u n d - u p



How to Pitch for a Data Governance Project don’t build a business case which makes it look like an IT-led data management planaRE you an iT manager? Did the manage-ment just shoot down your data manage-ment project? Are you still scratching your head as to why it suffered such a fate?

Well, according to michele goetz of forrester research, most iT managers in their attempt to build a business case for a data governance project tend to overlook one key aspect viz. the incentive for the business organisation.

goetz who serves enterprise architecture professionals at the global research firm says that the number one question she gets from her clients regarding their data strate-

gy and data governance is, “how do i create a business case?”

goetz says that the very question is the ‘kiss of death’ for any such project.

in one of her recent blog postings she stresses that iT managers often make the mistake of projecting a data governance plan as an iT initiative.

When in fact, a sound data strategy is one which not only puts the needs of the busi-ness first; it communicates business value in terms the executives understand.

“you created an iT strategy that has placed emphasis on helping to optimise

While the total semiconductor market decreased, together apple and samsung consumed $45.3 billion of semiconductors in 2012

iT data management efforts, lower total cost of ownership and reduce cost, and focused on technical requirements to devel-op the platform.

There may be a nod toward helping the business by highlighting the improvement in data quality, consistency, and manage-ment of access and security in broad vague terms.

The data strategy ended up looking more like an iT plan to execute data manage-ment,” she writes.

This leaves the business folks wondering what’s in it for them?

goetz urges iT managers need to rethink their approach and start thinking like the business when pitching a data governance project. According to her, iT managers need to do the following: Change your data strategy to a business strategy. recognise the strategy, objectives, and capabilities the business is looking for related to key initiatives. your strategy should create a vision for how data will make these business needs a reality.

Stop searching for the business case. The business case should already exist based on project requests at a line of business and executive level. use the input to iden-tify a strategy and solution that supports these requests.

Avoid “shiny object syndrome”. As you keep up with emerging technology and trends, keep these new solutions and tools in context. There are more data integra-tion, database, data governance, and stor-age options than ever before and one size does not fit all. leverage your research to identify the right technology for business capabilities.meanwhile another interesting aspect is

that social media also presents a new means of accessing talent for application develop-ment projects, as well as the potential for areas of product support. Some iT organ-isations are adopting crowdsourcing as an alternative to global sourcing and other labour arbitrage strategies.

if iT organisations can determine what work is appropriate in which environment, and allow for the freedom inherent in this delivery option, the speed and cost of crowd-sourcing will start to become a driving force for increased adoption in many iT services sourcing portfolios.

GloBAl TRAckER

Growth of Semiconductors

so

ur

Ce

: g

ar

tn

er

ph

ot

o B

Y p

ho

to

s. C

oM

E nt E r pr i s E ro u n d - u p



Set a holistic cyber-security strat-

egy–Organisations should align

their security capabilities behind a

holistic cyber security strategy and

program that is customised for

the organisation’s specific risks,

threats and requirements.

Establish shared data architecture

for security information – Because

Big Data analytics require informa-

tion to be collected from various

sources in many different formats,

a single architecture that allows

all information to be captured,

indexed, normalised, analysed and

shared is a logical goal.

what impact it might have on

enterprise security.

In a brief, security firm RSA has

outlined guidelines which can help

organisations begin planning for

Big Data-driven transformation of

their security toolsets and opera-

tions as part of an intelligence-

driven security programme. Secu-

rity professionals are urged to:

is your security Geared up for big data? a sneak peak into how big data will transform security

business intelliGence

They say that the insights from

a BI engine will be only as

good as the quality of data that

is fed in it. While there's no deny-

ing the validity of this argument,

given the tremendous growth in

the number of data sources in

the recent years, it can be now

be said that the insights from a BI

engine will be only as good as the

variety of data sources it refers to.

Gartner has urged BI and ana-

lytics professionals to consider the

robust growth in the number of

data sources when embarking on

any initiative. It feels that business

intelligence leaders must embrace

a broadening range of information

assets to help their organisations.

By 2015, 65 percent of pack-

aged analytic applications with

advanced analytics will come

embedded with Hadoop. Organ-

isations realise the strength that

Hadoop-powered analysis brings

to big data programmes, particu-

larly for analysing poorly structured

data, text, behaviour analysis

and time-based queries. While IT

organisations conduct trials over

the next few years, especially with

Hadoop-enabled DBMS products

and appliances, application pro-

viders will go one step further and

embed purpose-built, Hadoop-

based analysis functions within

packaged applications. The trend

is most noticeable so far with

cloud-based packaged application

offerings, and this will continue.

ThERE was only so much time

before Big Data conversations

veered into the realms of secu-

rity! Seeing as how Big Data is

expected to dramatically alter

almost every discipline within

enterprise computing, it was only

a matter of time before informa-

tion security professionals began

discussing the possibilities of

Too much of hype around a particular technology can sometime trivialize it, even hurt its adoption. from the amount of press Big Data generated in the last year or so, one could argue that it some-times ran the risk of becoming one such piece of enterprise technology. however, despite skeptics’ suggestions that the subject had been ‘over-hyped’, sentiments surrounding Big Data and its vendors have remained positive.

According to researchers at ovum, in 2012, even as Big Data buzz word transcended from

hype didn’t Kill big data in 2012 Perceptions around the technology continue to gain strength

FAcT TIckER

the enterprise iT world to become a hot topic for business publications and journals, perceptions around the technology continued to gain strength throughout the year.

“given the level of build-up and suggested hype, it surprised us that sentiment expressed about Big Data vendors still remained so positive in 2012,” said Tony Baer, principal analyst for ovum. “What’s also interesting is the degree to which Big Data became a business, not just a technology story in 2012.”

ovum analysts sifted through data gathered by DataSift, which ranked Twitter mentions and sentiment of vendors associated with the Big Data market in 2012. The study revealed that while positive mentions of Big Data vendors outnumbered negative mentions by 3:1, negative sentiment spiked in november with headlines over hP’s troubled acquisition of Autonomy. not surprisingly, given that vendors accelerated the pace of product announcements during 2012, 60 percent of Twitter activity occurred in the second half of the year.

The Twitter data analysed by ovum researchers provided a good glimpse into vendor brand rec-ognition with Big Data. 10gen, which developers the popular mongoDB document-oriented noSQl database, scored high in mentions, trailing only the Apache foundation.

others such as iBm and Teradata were also well represented in the Twitter stream, trailing only behind Apache and 10gen in positive mentions. Splunk, which is associated with machine data and, like 10gen, is also popular among develop-ers, also scored high, showing that there is grow-ing awareness about harnessing “the internet of things” to generate business insights.

ph

ot

o B

Y p

ho

to

s.C

oM

Helping CIOs A vendor should possess technology & service capabilities

By 2015, you want Hitachi Data Systems (HDS) to touch

revenues of a billion dollars. How will you achieve this target?The momentum and organic growth of HDS in the market alone will help it touch $850 million. Our success records of the past prove this. We intend to take more market share by continuing to make big investments. We could also look at acquisitions in some of the markets to expand our capabilities as we have done in the past. There are lots of plans under-way but at this stage we won’t be able to divulge them.

It is increasingly becoming unwieldy for CIOs to continue

to buy more and manage more. What is the way out for them?

The IT infrastructure is definitely becoming unwieldy. That is why CIOs are increasingly coming to us and saying that they just want service without the hassle of buying and managing IT. So, we see a trend towards a combination of private cloud model and consuming that as a service. India is at the forefront of this evolution. This is the biggest trend in the industry but because it is capital intensive, you have to be large enough to manage it. To help CIOs achieve this, a vendor should possess technological and service capabilities. We are well-positioned in the space to do so.

What are your predictions for 2013 from a CIO’s and

industry’s perspective?

The service-level-based delivery model is the biggest trend that we are seeing and will get bigger and bigger in future. It blurs the line between cloud because at the essence these are really cloud models. What will be interesting to see is whether there will be consolidation in the supplier base. Some of the companies are struggling in these tough economic times, acquisitions are being made, and top management is changing. I think there is a potential for another wave of consolidation in the IT industry. According to experts, 80 percent of the companies typically stick with their supplier choice. But only 80 percent of this deliver the same services. So if you do the math, over a third of that market space is available for competition. I would

KevIn egglestOn | HitAcHi DAtA SyStemS

“it infrastructure is becoming unwieldy”In a discussion with Yashvendra Singh, Kevin Eggleston, Senior VP & GM, APAc, Hitachi Data Systems, talks about the company’s future plans

K e v i n e g g l e s to n A Q u e s t i o n o f An swe rs



today, CIOs

care less and

less about

technology

Over time you

will see HDS

doing broader

industry-specific

solutions that go

beyond IT

the technology

direction,

therefore, is

towards delivering

converged stacks

of technology

thIngs I BelIeve In

personally say that India-based service providers are going to grow like crazy as compared to the classic service providers like IBM, HP and CSC. We are finding that CIOs care less and less about technology. They just want technology at the lowest possible cost. India is an interesting conundrum for IT companies. Nine-ty percent of the people we deal with in IT are engineers and therefore they are smart when it comes to tech-nology. They have strong opinions on what technology is right for them. But this is the exception. Across the world, IT people are saying that we don’t need to know about technology. We don’t need to glue it together, we don’t want to do our own integration. We just want the solution to plug and work. The technology direction, therefore, is towards delivering con-verged stacks of technology.

Would HDS allow its customers to go to a

public cloud?We may go so far as to allow custom-ers to utilise public cloud models out-side of Hitachi as a tier in their strat-egy that can be managed by us. They can look at it as a federated model. With all due respect to what Google and Amazon have done in this space, it is not up to the security and avail-ability levels that a bank in India or a government agency has to have.

Lots of CIOs have turned their IT departments into

profit centres. Will cloud enable them to change to revenue centers as well?Yes, in the near future IT will be looked at as a profit and revenue center. First indications of this trend were a few years ago in the telecom-munications’ companies. These companies earlier thought of IT as the back office thing that allowed them to keep track of service orders and that sort of stuff. However, they realized that their land line business was fast disappearing in the face of mobile telecom companies because

the latter had far superior IT infra-structure and more importantly they had a lot of bandwidth and network available. So, we saw them looking to their IT department as an engine for new revenues and profits for the companies. This was the first instance when companies looked at their IT departments for revenues and profits. Now we are seeing this across other industries also.

HDS has transformed from a hardware to a software and

services company. Where do you see the companies evolving in the next phase?We are at present 50:50 (hardware:software). Going forward, in light of the new business models, this is bound to change. In addi-tion to this, you will see some more use-case specific solutions from us that take advantage of not just the IT IP. A good example would be our solutions in the healthcare industry.

We have a strong technology prac-tice for healthcare in our company. Over time, you will see us doing broader industry specific solutions that go beyond IT. We see this as an opportunity because we are uniquely positioned for this. Today, we can provide you an in-the-box Oracle solution. Tomorrow it could be in-the-box medial imaging solution. It is an expansion beyond IT.

What are your plans on the smart city project? Are you

bringing them to India?Typically the smart cities’ projects are driven by a country’s government. They identify cities and drive the projects with an eye on the interests that we need to change the way we consume energy, move people around or educate them. Smart cities to me look like pilot projects within a country. The concept aligns nicely with many things that we do – what we call the social infrastructure.

“CIOs want services without the hassle of buying and managing It”

A Q u e s t i o n o f An swe rs K e v i n e g g l e s to n

18 07 february 2013 cto forum THe CHIeF

TeCHNOlOGYOFFICer FOruM



Best of

Breed

Today’s Cios face a host of complex challenges. Their departments must continually find more efficient ways to store, process and analyse massive (and growing) volumes of incoming

data. They need to support globally distributed enterprises, including internal staff, external part-ners, customers, facilities and other assets around the world. more data in more places also means more risk, as legal, regulatory and privacy obliga-tions increasingly apply to all types of electronic information, including email messages, texts, tweets, phone call records, customer data, blog posts . . . the list goes on.

Today’s Cios face a host of complex challenges. Their departments must continually find more effi-cient ways to store, pro-cess and analyse massive (and growing) volumes of incoming data. They need to support globally distributed enterprises, including internal staff,

external partners, customers, facilities and other assets around the world. more data in more places also means more risk, as legal, regulatory and pri-vacy obligations increasingly apply to all types of electronic information, including email messages, texts, tweets, phone call records, customer data, blog posts . . . the list goes on.

What used to be solely the domain of records management and legal departments is now yet another responsibility for iT, as information experts are asked to identify and protect data that has business, legal or regulatory value, while facilitating the defensible disposal (i.e., deletion) of

A Govt strategy for data disposalToday’s CIOs can collaborate with legal and records management team to cut IT cost By Lorrie LueLLig

Illu

st

ra

tIo

n b

y

ra

j v

er

ma

How to Develop Business Continuity Pg 22

FeaTures InsIDe

A retention schedule provides a framework for RIM and legal departments



m a n ag e m e n t B E S t o f Br E E D

everything else. This is a critical task—the elimination of “data debris” can have a dra-matic impact on compliance.

Corporate data At the 2012 Compliance, governance and oversight Counsel (CgoC) Summit, a sur-vey of corporate Cios and general counsels found that, typically, one percent of corpo-rate information is on litigation hold, five percent is in a records-retention category and 25 percent has current business value. This means that approximately 69 percent of the data most organisations keep can—and should—be deleted. less iT budget spent on unnecessary storage, servers and backup means that more resources can go to strategic investments. less information to manage means that legal and regulatory responses can be handled more efficiently and with fewer errors. unfortunately, confu-sion often exists about what data needs to be kept. more than 100,000 international laws and regulations are potentially relevant to forbes global 1000 companies—ranging from financial disclosure requirements to standards for data retention and privacy. Additionally, many of these regulations are evolving and often vary or even contradict one another across borders and jurisdic-tions. To achieve defensible disposal, stake-holders from iT—who are stewards of the data—must collaborate more closely and transparently with records and information management (rim), legal and business units to build an information retention and disposition strategy that makes sense in today’s global, complex and digitally driven enterprise.

the role of a retention schedule in enabling defensible disposalA retention schedule provides a framework for rim and legal departments to organise corporate records and information, and detail the length of time that such records must be retained for compliance and busi-ness needs. it’s an important tool, but a dated one. it was devised in an era where paper records were the norm and iT depart-ments didn’t need to concern themselves with legal holds or retention policies, for example. The legal and regulatory landscape has since changed dramatically. Today, the vast majority of information that needs to

be either preserved, retained or deleted is under the direct responsibility of iT.

here’s the problem: iT often lacks the legal and regulatory insight to link compli-ance obligations to the thousands of appli-cations, databases and other repositories it manages. legal and rim professionals possess the knowledge to set retention and disposal policies, but don’t have a holistic view of the iT infrastructure needed to iden-tify where relevant data is, nor the ability to dispose of electronic information that’s no longer of value. Clearly, a more modern, broadly useful and executable retention schedule approach is necessary—one that recognises the shared responsibility for information management and defensible disposal among legal, rim and iT depart-ments. in such an environment, all stake-holders would have insight into the flow of information throughout the enterprise and be armed with the right policies, processes and tools to protect what’s important for business, legal and regulatory purposes.

Making It Work in the real WorldA modern and executable retention sched-ule supports the goal of defensible disposal and guides the roles of business, legal, rim and iT stakeholders in the process. The key elements that must be incorporated for a retention schedule in a enterprise are:1 manage all information, not just

“records.” The retention schedule must apply to all the data in an organisation’s possession, not just information officially classified as “records.” Consider anything and everything—including both struc-tured and unstructured data sources—as either having legal, regulatory or business value or as debris, whether it’s a human

resource record, patent filing, financial statement, email message or tweet.

2 Connect legal, privacy and regulatory retention obligations directly to relevant information. The retention schedule must clearly define how legal, privacy and regulatory obligations apply to all types of information and business users, including what is covered, who is obliged to comply, and how retention obligations, privacy directives and disposal mandates are triggered. Technology solutions may be deployed to help organisations auto-mate the connection of information to retention and disposal requirements.

3 retention periods must take into account the business value of information in addition to legal and compliance value. This value should be explicitly defined by business stakeholders and made transparent to legal, rim and iT. Again, technology solutions can help by allowing users to associate information types, such as purchase orders or employee agree-ments, with specific data sources, such as enterprise cost management and human resources systems, or applications such as microsoft SharePoint, and to include details on why and for how long the infor-mation is and will be of business value.

4 identify where information is locat-ed. information inventories are a must, describing where data is stored, what record classes apply, who was or is respon-sible for the content and who manages it. With the help of a reliable “data map,” data stewards can more easily identify information and understand the value and obligations related to that information according to lines of business, depart-ments, and so on.

Today’s CIOs face a host of complex challenges. Their departments must continually find more efficient ways to store, process and analyse massive (and growing) volumes of incoming data. They need to support distributed enterprises, including internal staff & external partners



B E S t o f Br E E D m a n ag e m e n t

5 ensure that retention and disposal obliga-tions are communicated and publicised. This involves two key elements: defin-ing what is required of data users when creating and identifying information, and defining the responsibilities of data stewards related to the disposition of information. for example, iT won’t be able to make sense of a disposition direc-tive that states, “Comply with record class hum100.” Translated more clearly, this directive might state, “Job applications created by hr users and stored in the hr shared drive must be permanently deleted 10 years after the termination of the employee.” Clarity invites compliance.

6 Allow for flexibility to adapt to local laws, obligations and limitations. The retention schedule must be flexible enough to incor-porate “local” insight into the policies and procedures driving retention and disposal. To assist with this, technology solutions can be used to catalog all the specific laws and regulations in applicable regions so that various jurisdictional exceptions and

changes can be communi-cated to relevant stakeholders.

7 include a mechanism that allows legal and iT to collabo-rate. no retention schedule can achieve the goal of defen-sible disposal without clear communication between legal and iT stakeholders regarding what specific information is on legal hold, and when holds can be released.

8 identify and eliminate duplicate infor-mation. Confusion about what exactly needs to be retained and for how long can encourage a tendency to “save every-thing,” which is a bad information man-agement habit, especially as some privacy laws—the health insurance Portability and Accountability Act in the united States and the Data Protection Directive in the european union, for example—actu-ally require the deletion of certain types of information after a period of time.

9 update in real time to account for changes

in laws, to the business and in technology. With global regula-tory, legal and privacy require-ments constantly evolving, it’s important to stay ahead of changes and incorporate new requirements into the retention schedule. Technology can assist with alerts that communicates to systems and data stewards when adjustments are needed.

shepherding Information through Its Useful Life Cycle Cios have an important role to play in efficiently and cost-effectively shepherding the flow of corporate information through its useful life cycle while finding a way to “release the pressure valve” when the legal, regulatory or business value of information has come to an end. — Lorrie Luellig is of counsel, Ryley Carlock

& Applewhite.

—The article was first published in CIO Insight.

For more stories please visit www.cioinsight.com.

3%was the dip in

semiconductor

revenue in the

year 2012

When hurricane Sandy took a $65 billion toll on new york and new Jersey last october, flooding streets, knocking out power, and demolishing infrastructure, it’s impossible to know how many businesses were prepared for

the devastation.But disasters like Sandy are exactly what comprehensive business

continuity (BC) plans are designed to protect against. And it is very likely there are an awful lot of companies out there that are now con-sidering how they might deal with the very next disaster– natural or human-made.

The number one reason to develop a BC plan, if your company doesn’t already have one, is to keep the critical services up and run-

ning in the event of an outage or interruption, say experts, making sure the plan is in place, that it’s regularly tested, and that it’s up-to-date. it’s like having a spare tire in your car, they say, or a Plan B.

The goal is to protect seven resources that are the key to your busi-ness: facilities, staff, technology, machinery, transportation, critical records and supply chain.

Before any planning is started, the leadership team, which should include the Cio, must determine what are the critical pro-cesses that need to be protected, says michael emerson, senior director of infrastructure at Citrix in fort lauderdale. The plan can’t be all encompassing.

The next step, emerson says, is to make sure you have buy-in from the executive leadership team and that the plan, which takes

How to develop Business ContinuityToday’s world is plagued with natural disasters, power outages & civil unrest. are you prepared? By PauL Hyman



B E S t o f Br E E D m a n ag e m e n t

considerable time and effort, is a priority for the company. And then start building your team. make sure they understand that their level of commitment to the program needs to be strong to make it successful. having people plan for something that might never happen is extremely difficult when people have deliverables due daily, he says. getting the commitment from the executive leader-ship team sends the right message, sets the tone and helps prioritize BC efforts.

John linse, an advisory solutions princi-pal for emC’s Assured Availability Services group within emC global Services,who blogs about business continuity, recalls work-ing with a midwest company that didn’t have a BC plan. The company had two offices, which housed about 2,600 employees, located on both sides of an expressway with a walk bridge connecting the two buildings. one morning, a power outage knocked out electricity in one of the buildings. Because no BC plan was in place, a security guard made the decision that, due to the lack of power and air conditioning, he would send home the building’s 1,300 employees.

operational within a reasonable period of time. electric power and communication access is available, but the computer hardware isn’t in place. PRO: Doesn’t require duplicate staff or hardware. least expensive choice. CON: requires duplicate space. Provides partial recovery in five or more days but full recovery takes longer.regardless which BC plan you choose, your priority should be

resiliency--assuring reliability within the data center so that, per-haps, Plan B may never be necessary. experts point out that backing up electronic data to an off-site location as frequently as possible is the very best, simplest way to prevent catastrophes. With the popu-larity of cloud computing, electronic vaulting is a no-brainer.

What you don’t want to do is backup data daily but only move it off-site, say, once a month. This means that if a disaster occurs 28 days from the most recent transfer, you’re at risk of losing almost a month’s worth of data. A weekly transfer is recommended.

And be sure your staff knows how to access the data that’s offsite. A planning session is critical to determine that everyone knows where the data is and how to get to it.

Also, are you sure you are backing up everything, even the data that employees are working on at home on their laptops? or from the macs in your art department, which may not be part of your main data center? Smaller companies may try to cut corners and save money by storing data onsite in a so-called fireproof enclosure, like a safe. Be aware that safes may be fire-resistant but they aren’t fire-proof. And if the data is on the premises, what happens if a fire or other disaster prevents you from accessing the building? or per-haps the building is destroyed?—The article was first published in CIO Insight. For more stories please visit

www.cioinsight.com.

the goal is to protect seven resources that are the key to your business

Illu

st

ra

tIo

n b

y x

xx

co

m

“That decision — made by an $8.75-an-hour security guard--cost the company about $1.2 million in expenses,” says linse. “if there had been a plan in place, employees might have been prioritized by who needs to be at work and who doesn’t, work space could have been set up on a temporary basis in the second building’s confer-ence rooms, and a back-to-work plan could have kept the business going that day. When we talked to the Cio and Coo afterwards, you can be sure they were ready to begin creating a plan, knowing what can happen in the absence of one.” But which type of plan protects a data center best that, after all, is usually the Cio’s main concern? here are three examples to choose from depending on the company’s budget and how long it can afford to be without its technology services, says Douglas henderson, president of Disaster management, inc. Redundant site. A completely functional separate operation that continually duplicates every activity of the primary data center. under this environment, the primary data center can be com-pletely shut down without any interruption of service as the redun-dant site is fully staffed, equipped and continually operational. PRO: Technology services can be accessed instantaneously. CON: requires duplicate staff, hardware and space, which may make it a very expensive choice.

Hot Site. A separate operation that’s ready on a standby basis with compatible hardware, power, communications and other neces-sary assets. must be regularly tested to assure readiness. PRO: Doesn’t require a duplicate staff. Can generally be made fully operational in 24-36 hours. CON: requires duplicate hardware and space.

Cold site. A separate facility that isn’t operational but can be made

NEXTHORIZONS Features InsIde



illu

st

ra

tio

n b

y a

nil

t

The iT we have known it for the past 45 years is dead and we are entering what is being called The Quantum Age of iT. it is an era in which the cus-

tomer is in charge and in which iT organ-isations will become highly specialized to deliver value as either strategic sourcers or strategic innovators. it is a time of great disruption, but for those iT leaders who understand what is coming, it is also a time of great opportunity.

But merely being aware of what is com-ing is not enough. To survive and thrive in this new era, iT leaders at all levels of the organisation must actively develop five new organissational traits that will define the Quantum iT organisation. each iT organ-isation must become: A learning organisation A Disciplined organisation A Transparent organisation An intimate organisation A Dynamic organisationThese are not new ideas. in fact, many

of them have been discussed for decades. And like County of orange, Calif., CTo Joel manfredo, many progressive iT leaders have begun embracing these concepts and

These traits are not about technology. They are about people By Charles Araujo

The Five Traits of the Quantum IT Organisation

The Dawn of E-Politics Pg 27



applying them in their organisations. But what will set iT leaders apart in the com-ing era is the recognition that an explicit and holistic approach to developing all five of these organisational traits is required to transform into a Quantum iT organisation.

Understanding the Five TraitsThese five traits have little to do with technology. They are about creating an organisation that thinks and operates dif-ferently from the way iT organisations have always operated. They are fundamentally about interactions and relationships. These five traits do not represent a new maturity model. you cannot pick and choose--you will need to develop all five traits to thrive in the Quantum Age.

While these are a bit of a hierarchy, you need to begin by understanding the mean-ing of these five traits.

The Learning OrganisationThe learning organisation is one in which change is a constant, and delivery is always evolving to anticipate needs and proactively improve services. it is one in which every member of the organisation takes personal accountability for improving service–every day. it is about being psychologically close enough to your customer that you have the opportunity to learn. As Bill Wray, Cio of Blue Cross Blue Shield of rhode island, puts it, “you must be forward deployed. This job isn’t 90 percent people, it’s 98 percent peo-ple. iT people have not been able to or want-ed to understand that.” Becoming a learning organization is about changing that.

The Disciplined OrganisationThe disciplined organisation is one that employs rigorous processes and management practices to ensure the consistent and efficient delivery of services. This is table stakes. This is simply doing what your customer expects–every day. Doing that, however, requires that a sense of rigor and dis-cipline get ingrained into the culture. Being a disciplined organisation is about doing your job, but it is also the foundation of trust on which everything else will get built.

The Transparent Organisationmost iT professionals are good with the first two traits. The traits make sense and there is little risk. Becoming a transparent organisation is another matter. A transpar-ent organisation is one that unabashedly exposes its financial and operational perfor-mance to enable better business decisions. it is not about simply showing how the sausage is made. it is about giving the cus-tomer enough information and communi-cating in a way that together you can make a better decision. “The onus is on iT to stop speaking iT speak and to begin speak-ing business speak,” says Ashwin rangan, Cio of edwards life Sciences. “my direct reports--none of them are technologists. They are relationship managers.” Being a transparent organisation is fundamentally about openness and trust — and it is the starting point for establishing true intimacy with your customer.

The Intimate Organisationintimacy is not a word that is often used in the world of iT, but it needs to be. Align-ment is not enough. it implies two bodies moving independently, but trying to stay in sync. it just doesn’t work. The intimate organisation is one that moves the relation-

ship beyond requirements and SlAs — beyond the roles of the order giver and the order taker--to create a deep, business-centered relationship. it is about meeting the customer where they live and not expecting them to come to you. “you need to get to where the people are doing the work,” says Wray. “We need to go 80 percent their way and let them come 20 percent our

way.” Call it the intimacy line — iT needs to forget 50/50, it is all about going 80 per-cent. But intimacy, according to rangan, is also a two-way street. it requires a mutual trust and vulnerability. “When you're in an intimate relationship at the personal level, you agree to be in a mutually vulnerable relationship. That's a mind-bender for a lot of people. The mutual vulnerability defies definition. you have to be willing to let it all hang out.” it is only through intimacy, however, that iT can finally transcend the barriers that have held it back in the past and move into a full relationship with the customer.

The Dynamic OrganisationBecoming a dynamic organisation brings it all home for iT. it is the only trait that brings technology back into the mix. A dynamic organisation is one with a highly scalable and adaptable architecture that enables the rapid provisioning of services to meet changing needs. it is about sustain-ability and adaptability. it offers freedom to your customers to react rapidly and seize opportunities as they present themselves. But it is more than mere technology — it is an attitude. it requires that you change the way iT looks at itself and the services it provides. “We are in an age where the tangible value of an iT asset is measured in months,” says rangan. “if you take years to construct the asset when it has a useful life of months, it defeats the purpose. The whole point now is agility and nimbleness.” That is what it means to become a dynamic organisation.

Start at the BeginningThe five traits represent five pieces of one whole. But there is a form of hierarchy in

“A transparent organisation is one that unabashedly exposes its financial and operational performance to enable better business decisions. It is not about showing how the sausage is made”

50%of mobile market

will be of hybrid

apps by 2016

N E X t H or I Zo N s g ove rn a n ce



g ove rn a n ce N E X t H or I Zo N s

how they are developed. They evolve dynam-ically and in parallel, but also based on the success of the more foundational traits. Creating a learning organisation is the core foundation because it sets the organ-isational mindset to one that will be open to change. Creating discipline and rigor is the ticket to the dance. Transparency cre-ates a new and deeper level of trust, which in turn opens the door to a truly intimate relationship. And it is only through a deeply intimate relationship that an organisation can understand their customer well enough to create the type of dynamic environment that is needed to drive game-changing busi-ness value.

many organisations are embracing the building blocks of the dynamic organisa-tion: virtualisation, private clouds and other similar technologies. But those iT leaders

who believe they can realise this vision through technology alone will find them-selves in a very uncomfortable position. They will have the technology, but lack an organisation that has the traits and skills necessary to operate it. it will be like building a sports car, but not knowing how to drive. it will only be those iT leaders who lead their organisations through the process of developing and evolving all five traits that will find their way into the Quan-tum Age.

It’s About Your PeopleWhile his journey in orange County is far from over, manfredo has showed his people that change could happen. And the results speak for themselves. in less than two years he was able to create order out of the chaos he first found. There was the 77

percent reduction in SlA exceptions. There was the 75 percent reduction in service restoration time. But the biggest impact was on the attitude of his team. one of his managers said it best when he told him, “i have been here for 18 years and there have been numerous changes in management, but nothing changed in how we worked until you got here.” That is the secret of the Quantum Age of iT and these five organ-isational traits. it is not about technology or even organisations. it is about people, atti-tudes and relationships. The future belongs to the iT leaders who understand this and invest accordingly.

—Charles Araujo is the founder and CEO of The IT

Transformation Institute.

— The article was first published in CIO Insight.


The Dawn of E-PoliticsThe Obama campaign’s IT team built applications, using iterative approaches that enabled the campaign to respond to events or issues By Michael Vizard

When the campaign to re-elect u.S. President Barack obama got under way, campaign chairman David Axelrod was certain that social media would play a much bigger

role in the 2012 election than it did in 2008. Axelrod didn’t know a lot about social media, but he recognised that near-ubiquitous access to facebook, Twitter and smartphones were changing the way people became informed about events and issues. his insight led to the realization that the campaign needed a CTo who was well versed in the ways of the Web, which led to appoint-ment of harper reed, formerly CTo of Threadless.com, an online community for artists based in Chicago, as CTo of the obama for America presidential campaign.

The first thing reed says he recognised the campaign needed

was a team of engineers who were not only Web savvy, but who would be highly committed to quickly building applications, using iterative methodologies that would give the campaign the agility to respond instantly to almost any event or issue. That decision meant one of the first people reed hired was Jason Kunesh to be the campaign’s dedicated lead for managing user experience.

What set the obama campaign apart from that of republican challenger mitt romney was a commit-ment to building social media applications that helped the campaign quickly target campaign messages to specific constituencies, but just as importantly helped

staffers get out the vote on election Day. given the margin of victory for President obama in many key battleground states, it is clear the campaign’s social media applications were a key compo-nent of that success.

10%will be the rise in it

spending by india

govt in 2013



“We pretty much used the ladders of engagement approach as our organis- ing principle for building software,” says Kunesh.

in fact, reed says the one thing that really set the obama campaign apart from the romney campaign is that on election Day, campaign staffers were working with applications that had iteratively evolved with a lot of feedback from the campaign staff. in contrast, the romney campaign used a more traditional approach to developing applications that relied heavily on outside iT consultants and resulted in a set of applica-tions, known as orca, which the romney campaign staff didn’t see until election day. With little to no familiarity with the applica-tions or much guidance in the way of user feedback, the romney social media effort met with predictable results, says reed.

in contrast, the agile development approach taken by obama for America put the iT focus of the campaign on the user experience from the very beginning. “When you work from a specification, the application is never going to be right,” says reed. “To succeed with people with little in the way of technology skills, like campaign staffers, you need to be very iterative.” That approach, says reed, allows iT organisa-tions to collect a lot of feedback and quickly produce new versions of the software.

What made all that agile development possible was the use of a consistent set of application programming interfaces (APis) known as narwhal across all the applica-tions the team built, which the iT opera-tions team quickly deployed on an Amazon Web Services (AWS) cloud computing platform. According to ryan Kolak, narwhal tech integration lead, those APis essentially created a framework that made rolling out each new social media application not only a lot faster, but also easier for the iT opera-tions team to manage. “We had integrated data sets in a central database that could all be accessed via a single APi,” says Kolak.

Scott VanDenPlas, the campaign’s Devo-ps tech lead, says the campaign’s success shows the critical need to make sure that the application developers and iT opera-tions team are able to work hand in glove. That doesn’t necessarily mean putting in place a lot of Devops structure as much as it does making sure that each team member

“What you’re really trying to do is flatten the iT organisation to achieve frictionless ops in a way that enables continuous deliv-ery of applications,” says Kelly. “monitoring is essential to making that happen.”

reed says he’s not sure how social media strategies in the next campaign may play out or what he and his team might do next, beyond leaving politics to focus on commer-cial business opportunities. But it is clear to him the uS has entered a new era of e-poli-tics in which getting people to vote for a par-ticular candidate will be similar to the social media marketing efforts that are already being widely deployed across the Web.

“Campaigns in the future are going to involve a lot more math and targeted analyt-ics,” says reed. “it hard to see how anybody is going to get elected in the future without relying a lot more on engineers.” — The article was first published in CIO Insight.


understands the how dependent they are on each other to succeed. “nothing we did was revolutionary. it’s not really about Devops, it’s about integrated ops,” says VanDenPlas. “having one level of hierarchy just provides a better way to work.”

reed says much of the methodologies used by his team have already been pio-neered at companies such as facebook and google. What the iT team did was leverage an application performance monitoring service from new relic to quickly identify performance issues and, just as importantly, application features that nobody was using. By aggressively eliminating those unwanted features, the iT organisation could ensure that application performance remained con-sistently high, says VanDenPlas.

in fact, Chris Kelly, new relic’s developer evangelist, says study after study shows that better application performance leads always contributes to more usage.

“It hard to see how anybody is going to get elected in the future without relying a lot more on engineers”

N E X t H or I Zo N s g ove rn a n ce

illu

st

ra

tio

n b

y p

ho

to

s.c

om

By team CTOFDesign By Shokeen Saifi Illustrations By Rethish KR

Imaging By Shigil Naryanan & Peterson PJ

Our survey yields interesting insights into what CIOs think about social-business-

enabling technologies


07 february 2013 cto forum

A re yo u A so ci A l- b u s i n e s s c i o? COVE R S TORY

The Chief TeChnology

offiCer forum 29

Do employees using social-business-enabling technologies increase productive during the workday?

"Yes. Social media is a platform, which provides instant connectivity and access to

real-t ime information. Employees can use it for communication, seeking suggestions/

feedback and enhancing knowledge" Shankar Gurkha

CIO, Gujarat Industries Power Company Ltd.

SELF ASSESSMENT

YES NO

30 07 february 2013 CTO fORum The Chief


COVE R S TORY A re yo u A so ci A l- b u s i n e s s c i o?

"One can become a social-business CIO by connecting social apps to goals such as accurate forecasts,

quick decisions and other employee-workflow areas of concern"

Manoranjan KumarCIO, Kanoria Chemicals &

Industries Limited

SELF ASSESSMENT

YES NO

How can one become a social-business CIO?




What is the best way to make business unit heads understand the importance of social media?

"The best way is to speak the business language. Cit ing success

stories and highlighting how social business can help increase

productivity, also helps."Vijay Bhat

CIO, Met Trade India Ltd

SELF ASSESSMENT

YES NO




Should collaboration tools be flexible?

SELF ASSESSMENT

YES NO

"Yes, flexibility can help anywhere, anytime access"

Tanmoy MukhopadhyayCTO, A2Z News Channels




Should authentication models expand internally, externally, and link information between systems?

SELF ASSESSMENT

YES NO

"Yes. It is important to have authentication models that expand internally and externally, and link

information between systems"Sanjay Malhotra

CIO, Amway




CTO Forum conducted a survey to find out if enterprise technology decision makers were tranforming into social-business CIOs. A total of 123 CIOs participated in the survey, which threw up some interesting results. An overwhelming majority of CIOs (74 percent) believes that social business enabling technologies can help in increasing productivity. Surprisingly, none of the respondents feel that social media negatively affects productivity. A majority of the responding CIOs (51 percent) believes that to become a social-business CIO, one needs to define new job positions and showcase examples how social media can help in prevention of productivity breakdown scenarios. When it comes to making business heads understand social media, 34 percent CIOs feel that the best way is to speak the business heads' own language and an equal number of CIOs feels that it is important to share social business success stories of other enterprises. Seventy eight percent of those who participated in the survey affirmed that collaboration tools must be flexible. 74 percent CIOs advocated an authentication model that expands internally and externally, and links information between systems.

Survey Findings

Yes - 73.9%

No - 0%

Can’t Say - 26.1%

By defining new job positions, such as social-business analyst and community manager - 3.4%

By connecting social apps to goals such as accurate forecasts, quick decisions and other employee-workflow areas of concern - 31.5%

By demonstrate how improved use of social tools would have prevented a productivity-breakdown situation - 13.8%

All of the above - 51.3%

By speaking the language that business heads understands - 34.0%

By citing examples of how other enterprises are leveraging social media - 34.0%

Highlighting how social business can help increase productivity - 29.8%

None of the above ( business heads already understand the importance of social media) - 2.2%

26.1%

73.9%

Do you feel employees using social-business-enabling technologies can increase productive during the workday?

How can one become a social-business CIO?

What is the best way to make business unit heads understand the importance of social media?

Yes, flexibility can help anywhere, anytime access - 78.3%

No, it may create technical issues or security challenges - 8.7%

Both a & b - 13.0%

Should collaboration tools be flexible?

78.3%

13.0%

8.7%

Should authentication models expand internally, externally, and link information between systems?

Very Important - 73.9%

Somewhat Important - 26.1%

No - 0%

26.1%

73.9%




The Force Mult iplierSocial Media tools, if deployed strategically, have the potential to improve employee productivity and enhance enterprise revenues

As social media continues to grow, customers' expectations (both internally and externally) rises. By 2014, refusing to communicate with customers

by social media will be at par with ignoring today's basic expectation like responding to emails and phone calls, says research firm gartner. organisations' use of social media to promote their products, responding to inquiries via social media channels will be the new minimum level of response expected.

enterprises in india are taking social media seriously. most of them have accept-ed social media in one form or the other. however, Cios are a little uncertain about how to get involved themselves in social networks, and use it as a tool for busi-ness enablement. The security concern, however, related with social media often troubles them.

Some of the Cios have already develo-ped ways to reach consumers through social technologies and gather insights for product development, marketing, and cus-tomer service.

mahindra & mahindra financial services is successfully using social media to interact with its audiences. “We are addressing complaints by leveraging social media” says Suresh A Shan, head - Busi-ness information Technology Solutions (BiTS), mahindra & mahindra financial Services limited.

Similarly, BiAl is working with oem partners to develop mobile apps for trav-elers. “This will be the first phase of the project and in the second phase, we will provide seamless updates via social media” reveals S francis rajan, VP iCT, BiAl.

“The trends suggest that by fully imple-menting social technologies, enterprises have an opportunity to raise the produ-ctivity of interaction workers—high-skill knowledge workers, including managers and professionals—by 20 to 25 percent,” opines Arvind Joshi, CiSo, honda motor-cycle & Scooter india.

“in my opinion, social media/ techolo-gies are not a product. it is a way of think-ing and behaving. Social technologies enable social behaviours to take place with-in the workplace, if the underlying culture supports it” he adds.

Cio and his business-technology team has tremendous insights into company’s operations, its priorities, its vulnerabilities, and its opportunities. organisation looking forward to align social media with business goals has to ensure active participation of a Cio. To make it a success, Cios have to be actively involved in the integration process.

“So today, as our systems of record become systems of engagement, and as the social revolution opens up all facets of our enterprise to customer interactions as well as customer scrutiny, isn’t it time to bulldoze the internally constructed silos separating the folks that have traditionally

touched the customer,” exclaims Tanmoy mukhopadhyay, Chief Technical officer, A2Z news Channel.

one of the biggest challenges that Cio faces(internal or external), is that engage-ment via social media is generally per-ceived as a voluntary activity. “Social busi-ness is part of a single continuum across workers, business partners, customers, and the marketplace, that internal use of social business and external uses involve participants that have a very different relationships with the organisation” feels mukhopadhyay.

however, there is a school of thought, which is not sure about social media's implication on the workforce. “Workforce may be more productive in some situ-ations. however, it would be better off without social media” says K r Bhat, gm iT, nABArD. nABArD has decided not to use social media for business.

ironically, some organisations treat social media engagements on an ad hoc basis.gartner says that over 50 percent of organ-isations monitor social media, but only 23 percent collect and analyse data. The facts simply highlight that organisations are not keeping records of interactions occurring on social media and do not keep social profiles for people they have engaged with. Cios have to keep these facts in mind to effectively use social media for business enablement, otherwise it will be just anoth-er lost opportunity.




ci sco c to f cu s tom s e r i e s



ci sco c to f cu s tom s e r i e s

Next Gen UCS servers for Next Gen ComputingIn a series of interactive articles, Cisco will shed more light on its Unified Computing System (UCS), thereby enabling CIOs to better manage their IT infrastructure

How has Cisco made server I/O more powerful and

much simpler?Answer: One of the key differentia-tors of Cisco UCS (Unified Comput-ing System) with Intel® Xeon® processor is the way in which high-capacity server network access has been aggregated through Cisco Virtual Interface Cards and infused with built-in high performance virtual networking capabilities. In “pre-UCS” server system architectures, one of the main design considerations was the type and quantity of physi-cal network adapters required.

Networking, combined with comput-ing sockets/cores/frequency/cache, system memory, and local disk are historically the primary resources considered in the balancing act of cost, physical space and power consump-tion, all of which are manifested in the

various permutations of server designs required to cover the myriad of workloads most efficiently. Think of these as your four server subsystem food groups. Architec-ture purists will remind us that everything outside the processors and their cache falls into the category of “I/O” but let’s not get pedantic because that will mess up my food group analogy.

In Cisco UCS, I/O is effectively taken off the table as a design worry because every server gets its full USRDA of net-working through the VIC: helping por-tions of bandwidth, rich with Fabric Extender technology vitamins that yield hundreds of Ethernet and FC adapt-ers through one physical device.

Gone are the days of hemming and haw-ing over how many mezz card slots your blade has or how many cards you’re going to need to feed that hungry stack of VM’s on your rack server.

This simplification changes things for the

better because it takes a lot of complication out of the equation.

There is also a need for higher processing power for bringing

new choices for design optimization. What is happening on this front?Answer: Cisco has been working hard making server networking better with improved and optimized efficiency. With the advent and advance of multi-core pro-cessing, the workhorse two socket server has become a real performance monster. In fact, for some applications the amount processing power required, relative to the other food groups I mentioned in my previ-ous answer, is outstripped by the capabili-ties of the mainstream processor family, which in today’s incarnation is Intel’s Xeon E5 2600 series.

In response to this phenomenon, Intel subdivided the Xeon lineup to include a new “EN” class of processors, the E5-2400 series, which ease back on the gas pedal of Moore’s law for designs that don’t require as much processing power in relation to local storage and memory. This creates a new class of cost & performance optimized systems for lighter workloads or for stor-age heavy systems (think big data) at the entry end of the portfolio.

Three of our new UCS M3 series systems fall in this category: the B22, C22 and C24. At the same time, Intel has brought four socket server options, formerly the prov-ince of the mission critical, “EX” end of the spectrum, down into the mainstream. An example of this is our new UCS B420 blade. So if you want four socket core count and performance but don’t necessarily need the comprehensive RAS features of an EX class system, you now have a price/performance optimized solution for that need.

BROUGHT TO YOU BY

Intel, the Intel logo, Xeon, and Xeon inside are trademarks of Intel Corporation in the U.S. and/or other countries

For any queries regarding UCS, please send them to [email protected]

N O H O LDS BARR E D Su n i l S h a r m a

40 07 february 2013 ctO fORum The Chief


Sunil Sharma, VP, Cyberoam, in an interview with Akhilesh Shukla talks about how an India-based security company is making its presence felt globally

DoSSier

Company:Cyberroam

EstablishEd:

1999

hEadquartErs:

New Jersey, US

produCts:

UTM, firewall, VPN,

antivirus, antispyware

EmployEEs:

450+

UTM Devices for Cost Reduction, Consolidation

Su n i l S h a r m a N O H O LDS BARR E D



These days CIOs are under pressure to consolidate, reduce

the operation cost of the IT investment and infrastructure. How are Unified Threat Management (UTM) devices helping them to reduce cost without compromising the security of the network?The pressure of consolidation and reduc-tion of cost on Cios are helping the uTm industry including Cyberoam. earlier the enterprises were buying different point products and solutions to protect their net-works. however, an uTm can give the same results in as much as 20 percent of the cost of all point products generally a enterprises needs to buy. it is a consolidated play and plug device, easy to control and manage. These point product companies have been confusing the Cios and CiSos for the last one decade. ironically, as many as 85 to 90 percent of the enterprises need a generic-level of security and doesn’t need to invest in point products and solutions. As the budgets are shrinking these Cios/ CiSos have started exploring option and are excit-ed by the offering of uTms. At Cyberoam we have witnessed a huge acceptance of uTm devices during the last financial year. We have registered a year-on-year growth of 30 percent. further, to the tap the growing demand we are lunching new products and will announce new uTm devices focusing on large enterprises. government, defence, BfSi and education are the key verticals that we are targeting in the new year.

How excited are CIOs/CISOs are when it comes to adopt an IT

product developed in India by an Indian company, that too security? Do you face any resistance from them?When we had started Cyberoam people had apprehension about our product. They could not digest the fact that an indian company is well equipped to launch an iT product, which is completely reseached and developed in the country. Today most of the iT products available in the market are developed and are sold worldwide by norther American companies. But slowly and gradually we started getting recogni-tion in the market and people started respecting us. Two years ago we won the nASSCom innovation award. But i must

say still some of the Cios are skeptical while buying our products. it will take a little more time to change the mindset of all, but it will happen for sure. one of the important thing for us today is we have to make a lot of ground to catch up with north-American companies. india itself is a huge market and we have a product range for an individual level to a enterprise level. At present, in india, we have a market share of around 23 percent. By the end of 2015 we are looking to capture 50 percent of the uTm market share.

global Cios to be fair with us. Despite the fact, we are doing a considerable business in the global market. We have presence in more than 125 countries. As many as 65 percent of the revenue is generated from outside, rest of the 35 percent is contrib-uted from the country. it is a remarkable feat against our global peers. gartner which does not consider covering the uTm indus-try have been putting us in visionary quad-rant for the last few years.

How competitive are your products keeping in view of emerging threats

and changing technology?We have a strong research and development (r&D) centre at Ahmedbad which keeps on coming with new products are technologies to suit the requirement of individual, Sme and enterprises. All our enterprise-level product are ready for social media integra-tion or adoption of bring your own device (ByoD) policy. Besides, Cyberoam products have user-identity-based recognition, con-tent filtering and user policy iPS. By using our product a Cio/CiSo can restrict users, application of any thing on the network. our products are very much aligned with cloud and virtulisation technologies. We already have virtual CCC product and soon would be launching virtual uTms. We continue to evolve ourselves to cater to the changing demand of industry. even all our products are already iPV6 ready.

Please share your plans and strategies for upcoming FY?

The next level of growth from india will come from Tier ii cities. enterprises have already started having a direct presence in these location. We at Cyberoam have realised the fact that the trend will boost the demand of security product and services in these location. We have hired people on our rolls in madhya Pradesh, uttar Pradesh and Kerala so that they can support our busi-ness partners in these location. This will help us in catering to these market better and score over competition. Besides, our presence will help us to understand these markets better and develop product accord-ingly. for the next year we will continue to focus on enterprises and will continue to expand our presence in the these location and add more portfolio.

“All our enterprise-level

products are ready for social media

integration or adoption of BYOD

policy”

How about global markets? Do you face similar challenges in the

global market as well?Cios/CiSos are excited to see a india-based company coming out with an innova-tive uTm product. But it is for sure that when an indian Cio have apprehension about our product, how we can expect a

ThoughTLeaders



Jaspreet singh

“It is important for companies to continue to invest in safeguarding their business interests and minimise the impact of shock events”

Jaspreet is a Associate Director with

Ernst & Young in the IT Risk & Assurance

practice, focusing on the Technology,

Communications & Entertainment sector.

The quanTum of investment that needs to be made in business conti-nuity planning can rarely be justified considering the uncertainty of a crisis event, against which an organisation must plan and prepare. however, this does not eliminate the need to adopt to a widely accepted and global Busi-ness Continuity management (BCm) standard, as it has numerous benefits associated which can be realised to its maximum (both in qualitative and quantitative terms) if effectively employed. A well known fact is that global standards and certifications do not provide absolute assurance to organisations and its stakeholders in terms of being immune to any form of crisis such as the ones we’ve recently witnessed - the disruption of supply chain in the consumer and electron-ics industry caused due to floods in Thailand, changes in the regulatory landscape sector and therefore demon-strating non-compliance, weak global and local economic activity that influ-ences the valuation of the currency and so forth. Therefore, the success of a business continuity strategy solely depends upon the extent and quality of the execution phase of the strategy.

ly accepted across organizations on a global basis. furthermore, the stan-dard has also formed the basis for the development of many other Business Continuity management (BCm) stan-dards which includes the uS ASiS/BSi BCm.01 standard adopted by AnSi and now more recently creation of two new international standards: iSo 22301 (requirements) and iSo 22313 (guidance).

The new international standard for BCm i.e. iSo 22301:2012 which has just been released this month (may 2012), specifies the requirements for setting up and man-aging an effective business continuity management system. iSo 22301 is titled as ‘Societal Security – Business Continuity management System – requirements’ standard. The timelines and criteria for organ-isations that intend to pursue the certification path is guided by the following: organisations may certify against BS 25999-2 or iSo 22301 during the period may 2012- november 2012;

The upgrade period for organisa-tions certified against BS 25999-2 is

mobile devices such as smart phones, tablets and e-readers have become so portable, powerful, con-nected and user-friendly that they have penetrated every facet of our per-sonal and professional lives.

According to a survey conducted by ernst and young in 2011, which cov-ered almost 1700 participants (mainly C-level executives) from 52 countries across all industry sectors, 36 percent of the respondents indicated that busi-ness continuity is their top funding priority which is three times as many respondents as those who indicated that the second-ranked area (data leak-age and data loss prevention efforts) was their top priority. At the same time some firms are still not prepared for BCm: 18 percent indicated that they have no BCm in place and only 56 percent indicated that manage-ment had approved BCm activities.

The British Standard (BS) 25999 standard was developed for organisa-tions irrespective of size, complex-ity and the industry it represents to address various business continuity requirements. Since its release by the British Standard institute in 2006-07, the BS 25999 standard has been wide-

Planning for Business Continuity The new international standard i.e. ISO 22301:2012 specifies the requirements for setting up an effective BCM system



Ja s pre e t s i n g h t h o u gh t Le ad e rs

from may 2012- 01 June 2014. Post november 2012, organisation can only pursue the iSo 22301 cer-tification.in terms of similarities across

both the standards, the methodology continues to be largely the same i.e. the adoption of the P-D-C-A (Plan-Do-Check-Act) cycle and all core elements of BS 25999 have also been incorpo-rated in iSo 22301 for e.g. setting the scope, policy and objectives for BCm, establishing management commit-ment, risk assessments, conducting a business impact analysis, establishing resource requirements and the need to exercise, etc..

While on the other hand, the differ-ences observed cut across the follow-ing BCm areas (but not limited to): management commitment to pro-vide evidence of its commitment to all phases of the Business Continu-ity management System (BCmS);

Planning and setting up measurable objectives with defined timeframes;

Documentation and records (neces-sity to define the format of docu-

ments as well as media to store the documents);

Business impact Analysis (which introduces the new term ‘prioritised timeframes’ which relates to the more familiar term ‘recovery Time objective (rTo);

no requirements for conducting a self-assessment to assess BCm arrangement,

Alignment of risk assessment approach to iSo 31000; more importantly, iSo 22301 fur-

ther lays emphasis on quantifiable metrics to be defined for monitoring BCmS performance and effectiveness along with making testing for evalua-tion of continuity procedures a man-datory exercise.

given the fact that the current global economic outlook can have various implications on the function-ing of an enterprise and industry sec-tors, it is even more important at this stage for organisations to continue to invest in safeguarding their busi-ness interests, minimise the impact of shock events resulting from an

uncontrolled crisis and to maintain stakeholder confidence.

illu

st

ra

tio

n b

y p

ho

to

s.c

om

advts.indd 56 12/22/2009 3:02:47 PM

A well known fact is that global standards and certifications do not provide absolute assurance to organisations



All personal information needs to be identified and appropriately safeguarded and then destroyed By ReBecca HeRold

POINTS5

most industry-specific regulations, such

as HIPAA and GLBA,

focus on patents or

customer data

another growing problem is identity

theft and identity

fraud executed by

trusted workers

the more personal

information workers

have access to, the

more fraud that can

be committed, and

more damage that

can occur

the privacy area

typically focusses on

only employee and

customer information

a large travel

industry organisation

indicated they check

new applicants

against the previous

applicants to

determine if it is

even necessary

to go further with

an employment

consideration

Privacy ScareS from the GhoStS

t E cH f or G oVE r NAN cE m a n ag e m e n til

lus

ra

tio

n B

Y p

ho

to

s.c

om



A moment of privacy revelation (and perspiration)i was working with a large multi-national technology company in 2003 helping them to establish their privacy programme. To effectively protect privacy you need to know where the personal information is located. i have a comprehensive set of questions i ask to help determine this (along with auto-mated tools). While at a meeting with their Cxo levels, along with some key informa-tion management staff, when i got to the topic of job applications i asked, “how do you collect job applications?” CiSo: “in person on paper applications, and online on our website.”

me: “What do you collect?” CiSo: “The usual. name, address, phone number, job history, references, Social Security number, and any other informa-tion they want to provide.”

me: “Why do you ask applicants for their Social Security number?”

hr: “So we can do the full set of back-ground checks. you know; criminal check, credit check, and all the others.”

me: “Around how many applications do you get each month?”

hr: “Probably around 7,000 to 10,000.” me: “how many do you hire out of all those?”

hr: “oh, just a small fraction. maybe one to three percent. We are always accepting appli-cations even when we don’t have openings.”

me: “So you could be collecting informa-tion on close to 10,000 people each month that you don’t actually hire. What do you do with the information about those appli-cants you don’t hire?”The 15 people at the large table looked

and stared around the room.

me: “how long do you retain it? or, do you delete it as soon as you determine you are not going to hire the applicant?”

iT manager: “We keep everything until the media stops being usable or falls apart.”

CiSo: “We’ve never thought about that. We need to do some checking.

legal: “let’s take a 15 minute break and we’ll find out.” fifteen minutes later…

legal: “it seems we do not do anything with those applications.”

me: “Where do you keep them, then?” hr: “We have many boxes of the print applications in our warehouse storage.”

CiSo: “And the digital applications are stored in the webserver behind a firewall.”

legal: “Chris, delete all the applications from the webserver that are older than 6 months as soon as possible.”

CiSo: “i would like to determine what if any ramifications there may be first.”

me: “how about the backups from that server? how far back to they go? Where are they stored? And, do any of your staff download those applications to their own desktops, other devices, or into other systems?”The room got quiet while everyone looked

around during a very pregnant pause. legal: “Well, that will take some more looking into. Do you have any more questions relating to applicant informa-tion? let’s hear them, then you can come back and we’ll try to have the answers for you tomorrow.”After another 20 minutes or so of ques-

tions, i left for the day. most in the room were looking nervous and a bit stressed. The next day they had identified treasure troves

of job applicant personal information in locations they’d never thought about before.

Likely a widespread but generally unidentified problemin most organisations i’ve found this type of job applicant information, digital and hard-copy, is largely overlooked and not secured. The information security area typically does not have this type of information in their radar when they are creating their informa-tion inventories. The privacy area typically focuses on only employee and customer information. The previously described situ-ation was the first of multiple interesting engagements i’ve had on this topic in the years since. here are some of the more egregious, and legally risky, activities that i’ve had firms tell me they’d done with the data they’ve collected from job applicants: A large retailer told me they incorporate all their applicants’ information into their marketing databases.

A healthcare insurer indicated they had stored all this type of data in an out-sourced data warehouse, and then the data warehouse went out of business. They could not receive confirmation that the data was destroyed, or where all the backups were located.

A large travel industry organisation indi-cated they check new applicants against the previous applicants to determine if it is even necessary to go further with an employment consideration.

A large managed services provider used the data for one of their subsidiaries that did background checks. Do you know; what is your organisation

doing with all the job applicant information they collect? Who is responsible for secur-ing that data? Where is it located?

Some laws kick in when job applicant data is breachedmost industry-specific regulations, such as hiPAA and glBA, focus on patient or customer data. others are specific to employees. in most organisations the information management efforts are focused on patient, customer, consumer and employee information. There is a gen-eral, mistaken, assumption that those are the only types of personal information that need to be safeguarded.

There is a topic that has been coming up, over and over and over again over the past 12 years, that i’ve never seen addressed in other publications. What does your organisation do with all the personal information you collect from job applicants? Consider a real situation i encountered around ten years ago.

m a n ag e m e n t tE cH f or G oVE r NAN cE

however, don’t forget that there are at least 50 uS state and territory breach notice laws in effect that generally apply to all personal information, regardless of the intended use or population from where it was collected. And data protection laws outside the uS require that that all personal information, regardless of the industry or purpose for which the information was collected, must be safeguarded. What if a breach of job applicant information occurs? how would your firm react? you need to make sure your breach identification and response plans include this type of info.

And then there’s the insider threat…Another growing problem is identity theft and identity fraud executed by trusted workers; otherwise known as the insider threat. A study funded by the Department of homeland Security Science and Technol-ogy Directorate examined 80 insider fraud cases that occurred between 2005 and 2012. They found the individuals cost each organ-

isation an average of $382,000 or more depending on how long they were able to operate with-out detection.

The more personal informa-tion workers have access to, the more fraud that can be com-mitted, and the more damage that can occur not only to the associated victims, but also to the organisations that are responsible for safeguarding that information. So, how many people have access to the job applicant information in your organisation? if you haven’t thought about the security of this information, chances are there are many more individu-als, both inside your organisation and also from outside contracted entities, that can access the job application information than you would ever have guessed. This creates significant risks for identity fraud to occur right under your nose by those workers you trust, but who see opportunity to financially profit without being caught.

Bottom line for all organisa-tions, from the largest to the smallest: All personal info, for all types of individuals, need to be identified and appropriately safeguarded and then destroyed when no longer necessary for the purposes for which they were collected. you haven’t done this yet? To get you start-ed, break this process down into four questions to answer:

1. Where is all the job applicant information, in all forms, located?

2. how long do you keep that information?3. What do you need with that information

beyond the hiring decision?4. What if that information is breached?

Put a target date on your calendar for finding out the answers to these important questions. —The article is printed with prior permission

from www.infosecisland.com. For more features

and opinions on information security and risk

management, please refer to Infosec Island.

7%growth in govt

telecom spending

in 2013 in india

t E cH f or G oVE r NAN cE m a n ag e m e n t

FOGGED OUT BY THE CLOUD?

Inflexion Convex 2013: Cloud… the easy next stepThe Inflexion Conference/Expo will help you:• Determine the next steps needed to leverage the capabilities of cloud computing• Choose and implement the most effective cloud solutions• Mitigate the risks associated with the implementation of ‘Cloud’

Who will be there: Over 700 of India’s enterprise CIO/IT community, CXOs, LoB Heads, Government officials, over two days.Peter Cochrane

One of the world's most respected and sought-after experts on technology, change and the future effects of change on corporations and individuals

PETER COCHRANE WILL GIVE YOU A CLEARER VIEW

Inflexion will include buyers' meets, workshops and an innovative immersive cloud café

REGISTERwww.inflexionconvex.in

Date: February 18 - 19, 2013 Venue: India Habitat Centre, Lodhi Rd, New Delhi

Organised byKnowledge PartnerPartners

Inflexion Ad_final.indd 40 2/6/2013 11:32:40 AM

VIEWPOINT



Before you start lobbing holy hand grenades at me, open your mind and read!

i was just in napa, which for a guy like me is effectively the same as sending my 9-year old lily to Disney land. overwhelmingly wondrous. i went to speak at Barracuda’s 2013 kickoff meeting. more on that in a few. my trip was short, or at least was intended to be short. Playing with weather in Boston in January is playing russian roulette, except at least half the chambers are loaded with bullets. i got there in time to watch the niners pull out a victory and the Pats choke down a loss. (Self-rationalization: new orleans is worse for me than napa, therefore it is good that the Pats lost. Plus, i missed the game, which is even better since i was in napa drinking wine instead of sitting in traffic massively irritated.) As i was waiting for a ride to my hotel like room/condo (Silverado - a zillion condo/room things, none of which anyone can walk too - and weirder, they didn’t sell their own wine at their own bar. fortunately, the Barracuda execs like Silver oak

the PrACTiCe of worship—i.e., religion. As soon as one started quot-ing the Bible, it was no longer about “god” but what that religion believed one should do about god.

for the record, i find most all organized religions absurd, however i’m a big fan of god. i’m living proof that a higher power exists and pulls strings. i’ve had WAy too many crazy things happen (for the good) in my life to argue this point—not the least of which was discovering a lump the night before the Sox lost game 7 to the yankee’s in 2003 (grady little), and remembering to ask my Vasec-tomy doctor the next day, after the lump had totally disappeared, which turned out to be cancer—caught on DAy one and thus treatable (i still cannot scientifically dismiss the cause as either Diet Pepsi nor my ex). Plus, have you seen my wife? i rest my case. i’m also completely fine with those who don’t believe in such concepts. And i’m just fine with people choosing hoW they wish to interact with their gods—as long as they don’t attempt to inflict or force their methods upon me.

and mt. Veeder. i felt a kinship grow-ing from the start), there were a few folks waiting for the shuttle, talking about “god.” i’m not sure the point they were getting at (seemed like they were trying to argue over who was a bigger god fan), but what was apparent was that they, like most i think, were interchanging god with religion. i found that interesting. People interchange the concepts of a higher power with the way they chose to worship that higher power. People don’t really argue much about “god.” They argue about how they “practice” their belief in god.

if you argue about there being a higher power or not, you are at least arguing about the same thing. it’s very binary—you either believe in it or you don’t. Since there is no absolute proof either way, it’s an individual belief. not a lot to argue about. however, when listening to this animated “discussion,” it quickly devolved into justification (of what i still am unclear since the two participants clearly both believed in “god”) of some point based on their individual belief systems around

Wine, Religion, Dinosaurs, and IT The Blog That Should

Never Be Written illu

sr

at

uib

by

Pe

te

rs

on

PJ

ABout the Author: Steve Duplessie

is the Founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

Steve DupleSSie | [email protected]

GALLERIES – PART OF DUBAI’S VIBRANT ART SCENE

PEOPLE VISITED ART DUBAI IN 2012

PER CENT OF MIDDLE EASTERN ART IS TRADED HERE. WELCOME TO THE REGION’S ARTISTIC HUB

5422,00070

WHEN YOU RUN THE NUMBERS, DUBAI MEANS BUSINESS.

[email protected]

SEE THE FILM AT VISION.AE/VIDEOS/NUMBERS

EXPO2020DUBAI.AE

FalconDubaiAC_CTOForum_290x220_AW.indd 1 28/12/2012 19:57

Date post:	25-Mar-2016
Category:	Documents
Upload:	ctof-magazine
View:	217 times
Download:	0 times

Are You a Social-Business CIO?

Documents