| Date post: | 09-Mar-2016 |
| Category: |
Documents |
| Upload: | manan-mushtaq |
| View: | 220 times |
| Download: | 7 times |
IT MANAGER’S GUIDE TO
FORMULATING EFFECTIVEVENDOR MANAGEMENT
STRATEGIESPg 12
IT N
EX
T
MA
KIN
G IT
A W
IN-W
IN
FEBRUARY 2013 / ` 100VOLUME 04 / ISSUE 1
VO
LUM
E 0
4 | IS
SU
E 1 A 9.9 Media Publication
22 06 26INTERVIEW:Emerson’s Khuti on the need for an aerial view of a DC
BOSS TALK:How to be a business Advisor
BIG Q Auditing is critical in Cloud Pg 35
FEATURE: Game Changers for a Cool Data Centre
Editorial
1f e b r u a r y 2 0 1 3 | itnext
G e e t h a N a N d i k o t k u r
“The ability to effectively manage vendors enhances the business perception of IT effectiveness”
Blogs To Watch!Driving Performance and value through strategic vendor management http://www.pwc.com/ca/en/banking-capital-markets/publications/vendor-management-2009-05-05-en.pdf
Vendor Management Success Tips http://operationstech.about.com/od/vendormanagement/tp/VendMgtTips.htm
How IT Improved Strategic Vendor Management http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_Case_Study_Vendor_Management.pdf
Generating Vendor Value through Collaboration http://h71028.www7.hp.com/enterprise/cache/583640-0-0-225-121.html
Striking the Right ChordIn any business or industry, the performance of IT is gauged based on the value it brings through an effective
vendor management strategy. IT decision makers are always on tenterhooks to prove their best vendor management skills that would help them strike the right deal. The bottom-line is that IT managers need to a strike the right chord with their vendors be it regarding writing a good RFP document, creating vendor policy, procurement framework, writing clear SLAs or any other challenge.
Having a best vendor management practice and institutionalising it has been one of the tools for growth in any company. However, IT managers are confronted with a wide variance of methodologies with varying degrees of success or failure in underpinning the best which can be adapted.
Most IT managers have not been formally trained in vendor relationship management. In fact, the ability to effectively manage vendors enhances the business perception of IT effectiveness.
The cover story in the current edition of IT Next, ‘Making it a win win’ delves into the fact of how vendor management policies need to be institutionalised to drive maximum value out of this. It is a compelling need to get some insights into the areas which would help IT managers steer clear of vendor management pitfalls and how a good IT manager should be able to foresee requirements and risks which may arise in the future and plan accordingly. Besides, the story throws light on the nuances of the good negotiation skills that IT managers need to imbibe, which will enable them to nurture win-win relationships. The key to all these is to inculcate the ability to take risks, analyse them in a logical manner and build the skills necessary to bridge the gap between external vendors and teams and become orchestrators of services.
2 itnext | f e b r u a r y 2 0 1 3
Contentfebruary 2013 V o l u m e 0 4 | I s s u e 0 1
12Page
for the l atest technology uPDates go to itnext.in
cover story
13 Collaborate to WinInceased collaboration across functions, repeatable processes will help in bringing out a formal vendor management practice.
15 Best Vendor Management PracticesFormal programs, documentation and careful review of licensing terms are some of the good practices
17 Interview with Forrester ResearchOn how RFPs are prepared with unclear end -goal in mind and why IT teams are shortsighted in their approach when dealing with vendors
06 Be Advisors to Business | Cisco’s Harpreet Singh on the importance of IT profressional services for IT teams
Boss tAlk
26 Get an Aerial view of the Dc | Emerson’s Global CTO Baz Khuti on the need for having a greater visibility of the DC
interview
Facebook:http ://www.facebook.com/home.php#/group.php?gid=195675030582
Twitter :http : //twitter.com/itnext
LinkedInhttp://www.l inkedin .com/groups?gid=2261770&trk=myg_ugrp_ovr
coverDesign: Shigil Narayanan
negotiate to
Win
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
3f e b r u a r y 2 0 1 3 | itnext
opinion08 Money wise: expectations from crM rise | Talisma’s Mruthyunjayappa on how CRM is getting to become CEM
the BiG Q35 cloud security | Expert panel says cloud audit is critical while choosing a cloud partner
cuBe chAt42 playing with it | Oberoi Group’s Agrawalla on his passion for technology which drove him to gain knowledge of computers
15-Minute MAnAGer30 Data held to ransom | Idea Cellular’s security team on how technology is posing new threats
32 vitamin D | How can it reduce the risk of various diseases
tech inDulGe42 GiFts Geek? | No way — these gifts are totally chic, and will impress even the most savvy of digital divas. A great gift for your loved ones in the new year
oFF the shelF44 Acer tablets | ICONIA B1 Tablets from Acer in India which is priced at Rs 7,999. The 7 inch Tablet is designed to suit the varying needs of today’s consumers and targeted at the youth
22Page
33Page
All GAme for A Cool dC| Adopting new game changers with a holistic approach to challenge the conventional wisdom and enhance DC efficiency
reGulArsEditorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01
Letters _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04
Industry Update _ _ _ _ _ _ _ _ _ _ 10
Open Debate _ _ _ _ _ _ _ _ _ _ _ _ 45
My Log _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 48
PLease recycLe
ThIs magazIne
anD remove InserTs beFore
recycLIng
advertiser index
iZenith iFC
Panasonic 5
iBM 7
Cisco 9
isaCa 16-a
tata Communications 21
Patel inida 25, 37
Bry air asia 31, 33
avaya 39
airtel iBC
Microsoft BC
itnext.in
© aLL rIghTs reserveD: reProDucTIon In whoLe or In ParT wIThouT wrITTen PermIssIon From nIne DoT nIne meDIaworx Pv T LTD Is ProhIbITeD.
MAnAGeMentManaging Director: Dr Pramath raj sinhaprinter & publisher: vikas gupta
eDitoriAlGroup editor: r giridharexecutive editor: geetha nandikotkursr Assistant editor: rajendra chaudhary
DesiGnsr. creative Director: Jayan K narayanansr. Art Director: anil vKAssociate Art Directors: atul Deshmukh & anil Tsr. visualisers: manav sachdev & shokeen saifivisualiser: nv baijusr. Designers: raj Kishore verma shigil narayanan, suneesh K & haridas balanDesigners: charu Dwivedi, Peterson PJ midhun mohan & Pradeep g nair
MArcoMAssociate Art Director: Prasanth ramakrishnanDesigner: rahul babu
stuDiochief photographer: subhojit Paulsr. photographer: Jiten gandhi
sAles & MArketinGBrand Manager: siddhant raizada (09873555231)senior vice president: Krishna Kumar (09810206034)national Manager -print , online & events: sachin mhashilkar (09920348755)south: satish K Kutty (09845207810)north: Deepak sharma (09811791110)west: saurabh anand +91 9833608089Assistant Brand Manager: varun Kumra Ad co-ordination/scheduling: Kishan singh
proDuction & loGisticssr. GM. operations: shivshankar m hiremathManager operations: rakesh upadhyay Asst. Manager - logistics: vijay menon executive logistics: nilesh shiravadekar production executive: vilas mhatre logistics: mP singh & mohd. ansari
oFFice ADDressnine Dot nine Mediaworx pvt ltdA-262 Defence Colony, New Delhi-110024, India
Certain content in this publication is copyright Ziff Davis Enterprise Inc, and has been reprinted under license. eWEEK, Baseline and CIO Insight are registered trademarks of Ziff Davis Enterprise Holdings, Inc.
Published, Printed and Owned by Nine Dot Nine Mediaworx Private Ltd. Published and printed on their behalf by Vikas Gupta. Published at A-262 Defence Colony, New Delhi-110024, India. Printed at Tara Art Printers Pvt ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301.Editor: Vikas Gupta
INBoX
4 itnext | f e b r u a r y 2 0 1 3
Here’s a suggestionI find the NEXT100 selection process excellent, but if I had the opportunity to include a criterion for selecting winners, I would intro-duce a group discussion. In the last leg, there should have been an event to judge the communication skills, leadership and technical knowledge of the participant, which could help in getting an active and dynamic NEXT100 CIO.While factors such as career advancement and promotions, education and learning opportunities, greater responsibilities, compensation pack-ages, opportunities to work with business leaders/business units, profes-sional accomplishments (which are part of NEXT100 selection process
focus) are motivating, my biggest apprehension is coping with rapid technological changes and increas-ing expectation from seniors.
ajay Kumar jha,Next100 Winner
Kudos, NEXT1OO!The NEXT100 selection pro-cess was good; and my primary reasons for applying for the award were self-evaluation, and my pro-fessional growth. It was also some-thing my boss recommended.
The various stages of the awards process were good, with the application form being very simple; and the personality inventory test, management style inventory test and jury interviews being a straight and simple process.
The jury interview process was excellent, it helped me personally because it was a reflection of what was expected of a CIO. Receiving the Next100 award was a most cherished moment, as it proved that I was one of the best in IT leadership in the country. The award has made a difference to my professional life as I feel my responsibilities have increased at work, my organisation has publicly recognised my achievements and I have started looking for opportunities to play a bigger role within my organisation. However, if I had to include criteria, I would have suggested highlighting achievements which make a difference to business.
It is important that the future CIO understands business and brings effectiveness and efficiency to it. Hence, it makes sense to evaluate candidates on personal achievements. These achievements could be verified through reference checks with seniors or bosses.
mahesh sarfareNeXT100 winner
(Note: Letters have been edited minimally, for brevity and clarity)
jaNuary 2012
www.linkedin.com/groups?gid=
2261770&trk=myg_ugrp_ovr
300 members
Next100 boosted my confidence The Next100 award boosted my confidence and propelled me to aim at the ultimate destination, that of becoming a CIO. But even to reach the current position of Head-IT, I had a tough time in the last two years. I would like to suggest to the core committee of ITNext to have discussions or technology workshops or webinars by CIOs / IT Heads / IT Managers and not only by technology partners. These help a lot in understanding technology and their pain points. The specific initiative that I implemented and which helped me in my career growth was that of streamlining Business Process Management. Other areas which gave me sufficient opportunities were setting up a Data Centre with DR&BCP, development of an in-house ERP system, opensource CRM etc.Nagesh asWarTha
sPmL Infra Ltd
IT NeXT vaLues your feedbacK
We want to know what you think about the magazine, and how we can make it a
better read. your comments will go a long way in making IT NEXT the preferred
publication for the community. send your comments, compliments, complaints
or questions about the magazine to [email protected].
COVER STORY NEXT100 SPECIAL
CS-GATEFOLD.indd 14 12/31/2012 7:14:41 PM
IT NEXT THaNKs ITs REadERsfor the warm
respoNse
http://www.itnext.in/resources/
magazine
REad this issue ONlINE
itnext<space> <your feedback>
and send it to
567678*special rates apply
THE NEW
STARSTHE 2012 NEXT100 AWARD WINNERS ARE
SMART, FOCUSSED AND TURBO-CHARGED
TO MAKE IT BIG Pg 10
IT N
EX
T
TH
E N
EW
IT S
TAR
S
JANUARY 2013 / ` 100VOLUME 03 / ISSUE 12
VO
LUM
E 0
3 | ISS
UE
12 A 9.9 Media Publication
NEXT100 SPECIAL: MEET THE IT LEADERS OF TOMORROW
INDIA’s FUTURE CIOs
COVER STORYNEXT100 SPECIAL
BY TEAM ITNEXT
ILLUSTRATION BY ANIL T
PHOTOGRAPHS BY SRIVATSA
They are smart, strongly opinionated, passionately driven to win in professional life. The NEXT100 2012 award winners are pragmatic in approach, more solution-driven and seem to be real leaders in the making
FUTURE CIOS, WINNERS ALL!
CS-GATEFOLD.indd 15 12/31/2012 7:15:29 PM
Boss talk | Harpreet BHatia
6 itnext | f e b r u a r y 2 0 1 3
“The IT team has to internally evolve a business model along the services line and clearly articulate that no service is free”
Adopting a services mindset is critical as technology becomes all pervasive within an enterprise. Services are no longer considered a support system; in fact, most
enterprises have re-christened the core philoso-phy of services. They are now called ‘Professional Services’ and given exclusive status.
Continuous technology advancements, constant innovation, increased customer expectations and newer levels of competition are repainting the competitive landscape that companies operate in. Overwhelmingly, the challenges are not about technology per se; there are a plethora of technology choices available. The main challenge is how to apply technology to maximise business benefits. Businesses need to identify problems and apply the right technologies to serve customers, while at the same time become more productive and cost efficient. However, without the right resources and expertise, simply implementing the latest and greatest technology is a risky and costly proposition.
The basic requirement to enable a business gain optimum benefits from technology is a robust suite of ‘services’ that help various business units to be connected on a single network platform. Such services must transparently integrate several solutions together and enable their delivery to customers. Along with the right technology and architecture, these services must enable businesses to reduce costs, improve operational efficiencies, increase customer stickiness and expand their capabilities. This means that a combination of a good architecture, relevant applications and efficient services is required to provide a dynamic business environment that facilitates productivity at all levels. It means that IT managers have an opportunity to take their engagement with business users to a higher level--that of advisors who will help businesses navigate
Be Advisors to Business
s e r v i c e s m A n A g e m e n t
the technology landscape, rethink newer ways to solve business problems.
Best Foot ForwardIT managers need to understand the network’s lifecycle as the network platform is essential to the delivery of a number of applications and services.Many organisations lack the resources to maintain important information about their networks, support decentralised IT resources or operate in multiple remote locations, where network changes occur but are not tracked. They may have security concerns, want to add advanced technologies, or seek to improve the performance of their networks. A network assessment analysis, for example, can show customers which areas of their networks need replacement or are at end-of-sale in their lifecycle--be it platforms, components, or software. Network assessments also allow partners to set them selves apart from competition because they act as trusted advisors who can recommend more efficient solutions with confidence and speak with more authority about advanced technologies that could extend and enhance each customer’s unique network deployment.
Harpreet bhatia, VP Services, Cisco India and SaarC
i liked this book because it really gives wings to dis-ruptive ideas and ignites thoughts from a high tech development per-spective and from customers.
SuggeStIon boX
Writer:Geoffrey A. MoorePublisher: hArPer business essentiAlsPrice:$12.23
8 itnext | f e b r u a r y 2 0 1 3
OpiniOnmoney wiseRaj mRuthyunjayappamanaging DiRectoR-apac & emea, talisma
Most IT executives are aware that businesses are increasingly migrating towards a customer experience
zone and regime, in which the role of CRM cannot be undermined.
While most businesses are carving out a niche to enhance customer experience and satisfaction and devising appropriate strategies, the immediate focus turns to CRM and its deliverables. The reason? Enterprises are unable to constantly innovate and measure up to customer expectations; this makes the going tough.
What can CRM do?The concept of CRM is perceived differently as the demand for newer ingredients grows.
Businesses leverage the concept to give incentives to customers, not just in terms of customer service but also as gifts, discount and loyalty programmes.
Newer perils of CRM opened up; while CRM did help improve customer loyalty in this decade, companies found it difficult to manage the large volumes of data generated by CRM applications and use them in appropriate scenarios.
Most CRM users think that it is no longer about managing relationships. Instead, now it is about understanding customers, their preferences and proactively providing an enriching experience which results in improved loyalty, brand equity and consumer trust.
A CRM solution needs to cover all bases, from intervening in social media conversations of businesses interest to managing loyalty programmes and upgrading customer relationships
be able to manage feedback, and together with analytical software, provide rich insights into customer behaviour and process deficiencies.
Speed of response is an important factor that has a direct bearing on customer loyalty.
To respond rapidly and accurately, agents must have access to relevant information within a few clicks. This requires complete integration of the CRM with data management systems that allows a seamless flow of information from and to the CRM application.
CEM on the AnvilMeanwhile, the new buzzword, CEM (customer experience management), is invading the industry. Through this, the data generated by CRM is put to use to create the required experience.
Businesses are analysing transactions, customer behaviour threadbare to provide unique shopping, and interaction experiences and obtain feedback, even from customers who refuse to participate in surveys and customer satisfaction programmes.
Not only is such information used to generate customised offerings, but also roll out targeted campaigns that carry messages that the target audience can relate to at a personal level.
Efficient Method of CRM Imple-mentationEffective CRM implementation calls for a few key compelling strategies:
Management buy-in Time-bound implementation with clear
and feasible deadlines Vendor selection and software licensing Project management and best processes
approach Data migration Training and support
This would help enterprises in gaining agility to roll out new and unique customer experience initiatives and stay ahead of competition.
author is the Managing Director-aPaC & eMea
at Talisma
“The new buzz word CEM is invading the industry by which the data generated by CRM is put to use to create the required customer experience”
Expectations from CRM rise
when needed. It needs to be scalable enough to manage the ever expanding scope of relationships across channels, loyalty programmes, transactions and geographies.
A good CRM solution also provides ample scope for listening to customers. Customers are increasingly vocal about their experiences with a brand or product. The number of customers who give good reviews is significantly lower than those who share a bad or unsatisfactory interaction they have had. CRM needs to
1 0 itnext | f e b r u a r y 2 0 1 3
trendsdealsproductsservicespeopleUpdate
I n d u s t r y
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
Tech TreNDS | Enterprises realize on average only 43 per cent of technology’s business potential and if IT has to remain relevant in an increasingly digital world that number has to grow, according to research and advisory firm Gartner. As per the findings of a worldwide survey conducted by Gartner in the fourth quarter of 2012, in the last 18 months, digital technologies—including mobile, analytics, big data, social and cloud—have reached a tipping point with business execu-tives. Gartner analysts believe that there is no choice but to increase
Digital Technologies Are Top CIO Priorities
technology’s potential in the enterprise, and this means evolv-ing IT’s strategies, priorities and plans beyond tending to the usual concerns as CIOs expect their 2013 IT budgets to be essentially flat for the fifth straight year.
“Digital technologies provide a platform to achieve results, but only if CIOs adopt new roles and behaviors to find digital value,” said Mark McDonald, group vice president and Gartner Fellow.
“CIOs require a new agenda that incorporates hunting for new digital innovations and opportunities, and harvesting value from products, services and operations. “In a world of change, it is concerning that around half of CIOs surveyed do not see IT’s enterprise role changing over the next three years,” McDonald said.
“IT needs new tools if it hopes to hunt for technology-intensive innovation and harvest raised business performance from transformed IT infrastructure, operations and applications.
The survey showed that CIO IT budgets have been flat to negative ever since the dot-com bust of 2002. The survey also revealed top 10 global technology priorities for 2013.
The list reflects a greater emphasis on externally oriented digital technologies, as opposed to traditional IT/operationally oriented systems. It includes, in the order of priority: Analytics and business intelligence; Mobile technologies; Cloud computing (SaaS, IaaS, PaaS); Collaboration technologies; Legacy modernization; IT management; CRM; Virtualization; Security; ERP Application.
Gartner sur-vey highlights
the need for CIOs to set
aside old rules and adopt new
tools
SOURCE: KzERO
This has been calculated by assessing the active user data, combined with research relating to users having accounts across multiple worlds
Virtual World Active UsersThe chart shows the active VW user forecast: 2009 – 2013.Virtual
1 1f e b r u a r y 2 0 1 3 | itnext
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
Mobile projectors froM Acer acer has introduced
the two projector
lineup, the c110 and the K330. both projectors
are built for portable and multi-purpose use.
Price: rs. 15,000-rs. 54,000.
AAkAsh 2 tAblet to cost $35
The price of the aakash
2 tablet will be brought
down to $35, about rs.
1,900, according to government source. The
aakash costs $49, rs. 2,660 approximately.
aakash will come with Skype. Price: $35.
aPPlicaTioN TreNDS | Enterprise software major SAP recently announced the availability of SAP Business Suite powered by SAP HANA. The vendor claimed that the new solution suite empowers customers to run their business in real time within the window of opportunity to transact, analyze and predict instantly and proac-tively in an unpredictable world.
According to SAP, the offering gives companies the unprecedented ability to translate real-time insights to action immediately while removing the complexity of redundant data and systems. A broad variety of business scenarios—including
SAP’s Business Suite Powered by HANA
analytics have been specifically optimized to deliver the highest value to customers. Using SAP Business Suite powered by SAP HANA customers can now can manage all mission-critical business processes in real time such as planning, execution, reporting and analysis by using the same relevant live data.
The new real-time SAP Business Suite provides an open environment allowing operational analytics and reporting on live data. A special rapid-deployment solution, planned to be released in the first quarter of 2013, will be designed for customers to go live in less than six months and will offer a complete package of preconfigured software, implementation services, content and end user enablement for a fixed price and scope.
Business Application Suite to run business in real time
Indian IT services major TCS has entered into a long-term agreement with Nokia under which it will help transform the handset manufacturer’s IT landscape. TCS will work with Nokia in realising its future IT roadmap, driving consolidation, rationalisation and simplification of applications and enabling business transformation across the core portfolios. Specifically, TCS will support and develop Nokia’s core applications for ERP, CRM, PLM, SCM, EIM and COF across the world.
AROUND THE WORLD
Nokia hires TCS to transform IT landscape
kApil sibAl, Union Minister of Communications & IT
“Internet is becoming an engine of economic growth and is expected to contribute over $100 billion (Rs 5 lakh crore) by 2015 to India’s GDP”
marketing analysis, financial close, receivables management, material resource planning, as well as consumer and social sentiment analysis—and the most used operational reporting and
qUICK byTE
cAnon lAUnches Dslr - eos 6D canon has released the canon eoS 6D,
its lightest full-frame camera.
This is canon’s third
full-frame variant,
designed to appease
a larger audience.
Price: rs. 1,66,995.
Negotiate to
WinE
nterprise technology vendors when pitching a piece of software or hardware technology often talk about how their offering is going to simplify the life of an IT man-ager inside the datacenter. Interestingly, they never talk
about IT manager’s life outside the ‘dreaded’ facility. Why would they? But if they did, especially in the context of their offering, most would never be able to make such a claim.
The way IT is consumed by enterprises has changed drastically in the recent years. Outsourcing, third-party hosting, and managed services have changed the very way IT is sourced. On-premise installations have given way to deployments in the cloud. Service provisioning is no longer the sole preserve of the IT and the number of vendors inside one’s datacenter (whether captive or hosted) has grown manifold. As a result of all this, licensing terms have become lengthier with additional fine print, SLAs tougher to negotiate and service fulfillment and vendor performance trickier to evaluate. For the IT manager, life has become anything but simple!
Case for Vendor Management It is in this context that vendor management skills have become increasingly important for today’s IT leaders. As they make fresh purchases and upgrade in the hopes of shaping the future course of their IT to better align it with business requirements, IT managers also have to ensure that IT is delivered in a manner which is cost-effective and truly beneficial to the business at large.
cover story | vendor management strategy
1 2 itnext | f e b r u a r y 2 0 1 3
IT managers need to learn the science of traversing through the complex vendor landscapes and striking the right chord to nurture win-win relationships by rajendra chaudhary
ImagIng : ShIgIl narayanan & PeterSon
deSIgn : SuneeSh K
“Vendor management has become a strategic function because of the focus on outcomes,” says Ray Wang, Principal Analyst and CEO at Constellation Research. “Organizations need to optimise on cost savings so they can free up funds for innovation. Vendor management is the process used to ensure that procured services are cost effective and deliver business value.”
Perception and Skills Gap Vendor management, in the context of IT is often viewed in a limited sense. CIOs and IT managers in general seem fixated with driving out highest quality at the lowest cost in a relationship. Noble as their intentions may be, negotiating a lower cost forms only a part of a larger mandate. Effective vendor management involves the ability to draft a solid RFP, benchmarking vendors/service providers, negotiating contract, determining water-tight SLAs, identifying useful metrics which can be used to asses performance and business value the relationship brings in and a whole lot more.
So do they have all the necessary skills?“Some do, while most others don’t,” quips Sanchit Vir Gogia, Principal Analyst, IDC India. “Given the changes that have come about in the
Negotiate to
Win
vendor management strategy | cover story
1 3f e b r u a r y 2 0 1 3 | itnext
In Gogia’s view, for the majority, vendor management in a true sense is still a work-in-progress. “There is a definite case for IT managers to acquire the necessary skills. They have to re-skill themselves in the science of vendor management. Right now, most IT teams do not have members who specialize in complex service agreements, contract negotiations or vendor benchmarking.” affirms Gogia.
Collaborate Implementing IT vendor management as a formal practice requires increased collaboration across functions, a set of repeatable processes, governance etc
The quest for effective vendor management is fraught with challenges, some obvious, others not quite so. One such challenge is institutionalising vendor management as a
standard practice in the organisation. On the surface, it may not seem like much, in reality however, it is much more difficult to accomplish. It would be criti-cal to establish the importance of adopting a holistic approach to vendor management.
take a holistic ApproachThe single biggest reason why IT managers must try to establish vendor management as a standard practice is because only then can it be sustained over longer periods with tangible business benefits.
Doing vendor management on an ad-hoc basis can result in inconsistencies in terms of the overall existing ecosystem of vendors and service providers that an organisation might have in place. Such
“there is a definite case for it managers to
acquire the necessary skills. they have to
re-skill themselves in the science of vendor
management”
Sanchit Vir gogia, Principal Analyst, IDC India
overall enterprise IT ecosystem in the recent years, CIOs and those leading the charge for IT functions have had to develop additional skills for managing vendor relationships in a hurry. They have had to become orchestrators of services to internal users and their jobs have become much more about managing vendors and external service providers than before.”
to Win
1 4 itnext | f e b r u a r y 2 0 1 3
Cover story | venDor mAnAgement strAtegy
Formal programs, documenta-tion, careful review of licensing terms and the intent to look be-yond buyer-seller arrangement are some of the ways in which It managers can practice to win
ForMAl ProGrAMS
Have a formal standardized vendor
management practice, for the majority,
vendor management is largely informal
and is treated simply as a subset of the
sourcing and procurement regime. Set up
a program, an office if possible, consisting
of individuals whose job it will be to deal
with vendors throughout the relationship
life-cycle.
DrAFtinG CleAr rFPS
Put in place a intelligent team of individu-
als well versed with things like drafting
rfPs, benchmarking product/service,
licensing and contract negotiations and so
on. a model which can be refined over time
and customized to best suit the organiza-
tional needs and deliver optimum results.
CleAr DoCuMentAtion
a crucial one at that is documentation of
all the discussions that take place. In the
course of business, it sometimes happens
that in order to get the deal through, there
are last moment discussion points which
vendors marketing/sales team agree. but
when it goes to the delivery team, they
refuse such things. Hence to protect the
interests of the company, all such things
which are discussed and agreed upon
should be documented along with the
scope of the activity. details of the goods
or services to be delivered, timelines,
resource deployment etc.
SolVinG the liCenSinG Puzzle
Licensing is another important piece of
the puzzle. It is one thing to drive a hard
bargain with potential vendors at the ne-
gotiation table, quite another to determine
complexities involved in the licensing
process, particularly in case of software
purchases. IT managers need to get
absolute clarity when talking to vendors to
avoid instances of under-licensing, over-
licensing or compliance which may arise in
the future. user organizations don’t always
care to read the fine print. This at times
works to vendor’s advantage as they come
raising issues of non-compliance to their
licensing policies.
ChooSinG the riGht VenDor
To make a vendor relationship work, timely
periodic reviews are a must. Typically IT
managers have been known to do due
diligence while selecting vendors at the
beginning and then at the time of renewing
the arrangement. However, reviewing con-
tracts in between at regular intervals and
monitoring the performance is essential.
StrinGent SlAS
Put penalty clauses wherever possible in
the SLas in writing and get them to agree
to incur fines if the vendors aren’t able to
meet a service request within a stipulated
time frame, up to your satisfaction. The
focus should be to make it more of a part-
nership, an alliance of sorts. IT managers
can also explore possibilities of developing
products and innovations around intellec-
tual property with the vendors.
Fill the Gaps with Best Vendor Management Practices
A Good RFP DocumentContains well-defined scope of work in clear terms
aligns well with defined use cases
focuses on exception based requirements
Considers the technology ownership lifecycle
asks for vendor credentials and the roadmap of its
product/service
Contains details related to service levels and uptime
requirements, and related penalties/bonuses
Insists on delivery/implementation timeline with de-
tailed breakups
articulates financial and technical parameters which
will be used while evaluating bids
features general terms and condition of the buyer
inconsistencies can not only result in strained relations with certain vendors over time, but can also lead to relationships which may not necessarily be in the best interest of the IT organisation.
Manish Bahl, Vice President & Country Manager (India) at Forrester Research therefore recommends a more iterative approach that “begins and ends with business”. More specifically, he advocates a continuous vendor framework approach which can help organisations ensure that they extract maximum business value from their strategic partners.
So how does one actually accomplish this? Well, the ideal solution can be setting up a formal IT vendor management office (VMO) which can be tasked with the responsibility of ensuring a standardised approach to interacting with vendors. However, seeing as how not all organisations would
1 5f e b r u a r y 2 0 1 3 | itnext
have the necessary resources to set up a VMO, those entrusted with leading IT ops can put in place certain processes to be followed in every interaction with a vendor, service provider or a third party. Perhaps, the single most important piece in this puzzle is ensuring a standardised RFP process and putting together a template which ensures a ‘good’ RFP document. Nilesh Sangoi, Senior Vice President & Chief Technology Officer, Meru Cabs says that as unappealing a process as it might be because of the complexities involved, a good RFP can often be the difference between a long-tern, mutually beneficial relationship and a short term, unyielding contract between IT and a service provider”
A good RFP doesn’t necessarily have to be extremely long and exhaustive. Basically it should lay down, in clear terms, IT’s expectations from the vendor. Also, IT managers need to ensure that the man-hours spent in the RFP process do not go to waste once a contract is signed and sealed. The next key element for institutionalising vendor management is in having a transparent comparison metrics for choosing a product or a service from a certain vendor. Says Ranjeev Tiwari, Senior Manager-IT, at Max Hypermarket India, “It is important that transparency is maintained when qualifying vendors and selecting a product or service offering. This can be done by involving business stakeholders and taking their inputs during evaluation stage. One should also do the required amount of industry research so as to identify competitive candidates to zero-in on the best options.”
Involving non-IT stakeholders and business functions such as finance and legal also helps the cause in that it structures the conversations better. Collaborating with people from across such business functions will not only help IT garner the support it needs to formalise the process but also put together a more balanced set of deliverables, metrics and SLAs for the vendors in question, adds Tiwari. A holistic approach to vendor management also mandates a good governance process in place. The scope of this governance shouldn’t be restricted to a specific aspect of vendor management rather it should encompass everything starting from assessing internal requirements, drafting RFPs, evaluating and negotiating with vendors, contract signing, to service fulfillment and even performance reviews. In the absence of a formal VMO, individuals can be identified and tasked with the responsibility of reviewing different aspects at different stages of vendor interactions. In essence, institutionalising vendor management requires increased collaboration and a set of repeatable processes among various stakeholders.
“it managers need to ensure that the man-hours spent in the rFP process do not go to waste
once a contract is sealed”nilesh Sangoi, senior vice President &
Chief technology officer, meru Cabs
“involving business stakeholders such as finance and legal helps in structuring
the conversations better”ranjeev tiwari, senior manager-It, at
max Hypermarket India
cover story | vendor management strategy
1 6 itnext | f e b r u a r y 2 0 1 3
“Generally, rFPs are prepared with unclear end-goal in mind”While IT vendor management has graduated to become an important concern, IT departments are often short-sighted in their approach when dealing with vendors, says Manish bahl, Vice President & Country Manager (India) at forrester research
is vendor management an important concern for those heading it functions?
The CIO’s role is clearly evolving to become less technical and more business-oriented. Indian CIOs have started looking beyond IT when engaging systems integrators with the objective of driving business results through innovative business solutions. Forrester recently published a report on system integrators readiness to support the changing CIO role in India. Our survey identified a large gap between what CIOs expect from their SI partners and their actual experiences. It also found a pervasive CIO perception that SIs in India focus too much on technology.
vendor management strategy | cover story
1 7f e b r u a r y 2 0 1 3 | itnext
Where do most organisations tend to get it wrong when dealing with it vendor
management? I believe most CIOs try to address today’s problem than ensuring that their current set of investments are future ready. For instance, with the rapid rise of social media, cloud computing, and mobility, CIOs are finding increasingly difficult to ensure maximum utilisation of current IT investments and thus justify total cost of ownership (TCO) of IT infrastructure. CIOs need to adopt a dynamic TCO model which is iterative to address changing business requirements.
What do you think constitutes a good rFP document?
Generally, RFPs are prepared with unclear end-goal in mind and because of that there are unrealistic expectations from vendors at times. I believe brainstorming with LOB teams to define the project scope and end-goals clearly is the key. Also, at times RFPs are created with ‘copy and paste’ formula with freely available content on the Internet—without doing any real value addition. RFP is such a critical document for CIO teams to ensure vendors understand company’s objective well and come up with innovative solutions to meet business objectives.
What according to you are the basic tenets of a good vendor management
strategy? Instead of waiting for partners to change their technology-driven strategy, CIOs should develop their own methods to extract greater business value from their partners. I would like to highlight some key takeaways from our latest India CIO-SI report here:
Identify strategic vs. non-strategic partners. The first step is to shortlist vendors that demonstrate strong knowledge of the organization, business, and industry issues and interest in securing the business with a CIO.
Spend more time and budget with strategic partners. CIOs should spend more time and budget with a strategic partner and actively explore vendors that are willing and able to align their objectives with the CIO’s success in substantial, not superficial, ways.
Push vendors to think and act like a partner. Adopt innovative approaches such as aligning partner’s financial compensation with organisational goals among others..
A Good RFP DocumentContains well-defined scope of work in clear terms
aligns well with defined use cases
focuses on exception based requirements
Considers the technology ownership lifecycle
asks for vendor credentials and the roadmap of its
product/service
Contains details related to service levels and uptime
requirements, and related penalties/bonuses
Insists on delivery/implementation timeline with de-
tailed breakups
articulates financial and technical parameters which
will be used while evaluating bids
“rFP is such a critical document for Cio teams to ensure vendors understand company’s objective well and come up with innovative solutions to meet business objectives”manish Bahl, vice President & Country manager (India), Forrester research
cover story | vendor management strategy
1 8 itnext | f e b r u a r y 2 0 1 3
steer Clear of the PitfallsPitfalls such as getting swayed by vendor promises or going with the lowest bidder must be avoided at all costs
Let’s face it. No CIO or IT manager would like to spend his entire day doing only IT vendor management. There is other perhaps more important matters that he must attend to
in a typical day. However, lack of adequate attention to vendor evaluation, contracting and performance monitoring at appropriate times can make the daily grind all the more unbearable for the IT leader and therefore it is critical that IT managers make time for this not so flashy part of their job.
As there are a number of best practices for dealing with the issue, there exist a number of pitfalls that if not avoided can lead to unpleasant consequences for the user organisation.
One of the more common pitfalls that IT managers must look to avoid when dealing with vendors is
choosing a vendor largely on the basis of all that it promises to do. According to Rajat Sharma, President-IT, Atul Limited, vendors in their bid to ‘get in’ tend to promise the world and whatever capability that an organization might ask for and many a times IT managers get swayed by such grand promises without even a through examination of vendor’s actual capabilities and whether it can deliver on those promises.
A vendor tactic that particularly irks Sharma is how certain vendors tend to—at the time of signing up—demonstrate a keen interest into the project but lose interest after a project gets underway or orders start coming through. “Also one must be wary of vendors who judge a customer relationship purely on the basis of its transactional value,” he adds.
“one must be wary of vendors who judge a customer relationship purely on the basis of its transactional value”rajat Sharma, President – It, Atul Limited
vendor management strategy | cover story
1 9f e b r u a r y 2 0 1 3 | itnext
Going with vendors who offer the lowest bids is another trap that IT leaders should be wary of. According to Ray Wang, Principal Analyst and CEO at Constellation Research, given the cost pressures, it can be awfully tempting to sign up with the lowest bidder. However, as important as it is to be conscious of cost equations, one must be equally concerned, if not more, about the business outcomes of a relationship.
Also, buyers need to fight off the natural urge to beat down vendors on the price issue. Wang cautions that in their effort to get the biggest bang for the buck, buyers can often lose sight of the fact that in the longer run only the relationships which offer incentives to both the parties last and deliver results. “Instead of creating win-lose relationships, the focus should be to nurture relationships that are win-win for everyone involved,” opines Wang. Having said this, buyers alone can’t be expected to create a win-win relationship. It’s a two-way streak and vendors need to play their part too. Often times, large vendors can have an edge over buyers, particularly smaller ones, in terms of designing contracts simply because they have more experience. Also, in an increasingly consolidated market which is being dominated by a handful of large enterprise IT vendors, relatively smaller firms can sometimes find it difficult to have a contract which serves them the best.
To make sure that they aren’t arm twisted into signing up with a vendor, CIOs and IT managers need to think through the complete implications of a contractual agreement. They can either re-skill people in-house to go over the terms of engagement or bring in external experts who specialise in vendor management.
Says Kamlesh Jain, Dy. GM -IT, K Raheja Corp, “The terms of engagement should be communicated clearly to the vendor in the beginning itself. A good IT manager should be able to foresee requirements and risks which may arise in the future and plan accordingly. His risk mitigation strategy could either be based on cost optimisation or transferring the risks altogether onto the vendor side. Also, he can even consider outsourcing vendor management activity to a third party.”
Another way to counter this challenge is to select open standards based offerings. Atul’s Rajat Sharma believes that avoiding proprietary products or offerings that have an element of ‘vendor lock-in’ can be a safe bet in such scenarios. “Open, standards-based offerings makes more options available for selection and especially in case of software, open source products provides a good way to mitigate vendor monopolization.”
Lastly, IT leaders must also bear in mind that the scope of vendor management extends beyond just RFPs, contract negotiations or performance evaluation. They must realize that it is as much about building relationships as any of the activities mentioned above and therefore, they need to take due care to manage the relationship following a contract signing. The only caveat here is that the business metrics they use have to look beyond the SLAs and contract fulfillment.
“it manager’s risk mitigation strategy could be either
based on cost optimisation or transferring the risks altogether
onto the vendor side”Kamlesh jain, Dy. gm -It, K raheja Corp
Observe Caution Don’t be swayed by promises made by overzealous
vendors
Don’t give in to temptation and sign up with the lowest
bidder
Instead of creating a win-lose equation, focus on a
win-win relationship
Think through the complete implications of a contrac-
tual agreement
bring in external IT vendor management experts if
required
Don’t get stuck on negotiations and SLas
cover story | vendor management strategy
2 0 itnext | f e b r u a r y 2 0 1 3
Onl
y on
e ci
rcui
t la
ps
the
wor
ld.
Ta
ta C
om
mu
nic
ati
on
s h
as
bu
ilt
the
wo
rld
’s ?
rst,
w
ho
lly
-ow
ne
d, s
ub
-se
a ?
bre
op
tic
cab
le r
ing
a
rou
nd
th
e w
orl
d. I
t d
riv
es
an
extr
ao
rdin
ary
3,2
00
p
eta
bit
s o
f v
ide
o, v
oic
e a
nd
da
ta t
o e
nte
rpri
ses
aro
un
d t
he
pla
ne
t e
ve
ry m
on
th, a
t cl
ose
to
th
e
spe
ed
of
lig
ht.
An
d w
he
rev
er
ou
r n
etw
ork
go
es,
it c
rea
tes
in?
nit
e p
ote
nti
al fo
r g
row
th. T
ha
t’s
wh
y
we
’re
?rs
t ch
oic
e f
or
Fo
rmu
la 1
™. A
nd
If
we
ca
n d
o
it f
or
Fo
rmu
la 1
™, w
hy
no
t e
xp
lore
wh
at
ou
r tr
uly
g
lob
al co
nn
ect
ivit
y c
an
do
fo
r y
ou
r b
usi
ne
ss a
t tataco
mmunications.co
m/globalring
© 2
012
Tat
a C
omm
unic
atio
ns L
imite
d. A
ll R
ight
s R
eser
ved.
TAT
A C
OM
MU
NIC
ATIO
NS
and
TATA
are
tra
dem
arks
of T
ata
Sons
Lim
ited
in c
erta
in c
ount
ries.
The
F1 F
OR
MU
LA 1
logo
, F1
, FO
RM
ULA
1, F
IA F
OR
MU
LA O
NE
WO
RLD
C
HA
MPI
ON
SHIP
, GR
AN
D P
RIX
and
rela
ted
mar
ks
are
trad
emar
ks o
f For
mul
a O
ne L
icen
sing
BV,
a
Form
ula
One
gro
up c
ompa
ny. A
ll rig
hts
rese
rved
.
To
kn
ow
mo
re, y
ou
ca
n w
rite
to
us
at busines
s@tataco
mmunications.co
m
IL
LU
ST
RA
TI
ON
: A
NI
L T
While challenging conventional wisdom, IT teams need to adopt new game changers with a holistic approach to enhance data center efficiency
by N Geetha
All Game for a Cool DC
Data center best practices have always been top priority for most IT teams across industries. In fact, data centers strive to provide custom-ers the most modern and efficient tools, both hardware and software,
ensuring that the best practices are deployed within data centers to make them more green and efficient.
A testimonial to this effect is APC Schneider
Electric, the data center energy efficient solutions provider, which has associated itself with Lawrence Berkeley National Laboratory to leverage certain best practices in bringing about energy efficiency at data centers and helping customers to deploy the best tools and approach to enhance efficiency.
As part of his visit to Schneider’s data center, Dale Sartor, PE, Applications Team, Building Technologies, at Lawrence Berkeley National
2 2 itnext | f e b r u a r y 2 0 1 3
SOURce: LBNL
“there have been new game changers to enhance the efficiency of data centres, and the traditional philosophy of having high tech buildings no longer serves any purpose as they are energy hogs”
Dale Sartor, Pe Applications Team, Lawrence Berkeley National Laboratory
Laboratory (LBNL), Berkeley, caught up with ITNext along with APC Schneider’s senior executives in a freewheeling chat. The discussion focused on the best practices that IT teams could follow to enhance data center efficiency, cut down power cost, lower TCO and optimise design elements.
Data Centre Criticalities and Chal-lengesSartor recommends that the first charter for any IT manager or data center operator is to challenge the conventional wisdom or approach to the data center. According to him, the conventional approach says: Data centers need to be cool and controlled to tight humidity ranges; they need raised floors for cold air distribution; they require highly redundant building infrastructure; and IT and facilities partnership are key. “But there have been new game changers to enhance the efficiency of data centers, and the traditional philosophy of having high tech buildings no longer serves any purpose as they are energy hogs,” says Sartor.
Dr Satish Kumar, Energy Efficiency Ambassador, Vice President, Schneider Electric India, affirms that the increased redundancy built in data centers seem to have increased the cost of maintenance as the loads of economies are different.
Aniket Patange, Director, Datacenter Lifecycle Services, Schneider Electric, finds the most challenging aspect to be delivering value while taking account of the people, process and technological framework of the data center lifecycle, even as there is no standard operating procedure to reduce cost.
The common challenge that these executives experience is that data centers are energy intensive facilities as the demand for storage surges; server
rack designs require more power, and there are power and cooling constraints in existing facilities.
Dr Satish says, “As the cost of power and power required for infrastructure increases, even surpassing the capital cost of IT equipment, the rise in total cost of ownership is alarming.”
Create DifferentiatorsThe key to addressing these challenges is creating
differentiators which can help organisations see the power cost lowered, energy saved and efficiency enhanced.
A logical calculation to data center energy efficiency according to Sartor is: Data center energy efficiency =15% (or less). (In other terms, Energy Efficiency = Useful Computation/Total Source Energy).
The task of defining the energy efficiency mechanism throws up an immense opportunity
Data Center Energy Efficiency = 15% (or less)
100 Units SourceEnergy
Typical Data Center Energy End Use
Power Conversions& Distribution
33 Units Delivered
35 UnitsPower Generation
(Energy Efficiency = Useful computation / Total Source Energy)
Server Load /ComputingOperations
CoolingEquipment
2 3f e b r u a r y 2 0 1 3 | itnext
data center | insight
which cannot be measured; and hence every initiative needs to be measured.
The key energy metrics, according to Patange, is calculating PUE and partial PUEs, utilisation and energy reuse, while the future revolves around computational metrics, such as peak flops per watt, and transactions per watt.
The ideal way is to go by Moore’s Law of providing miniaturisation: smaller, more energy-efficient transistors resulting in 1 million times reduction in energy/transistor size over 30+ years.
* It is important to go for a refresh of IT equipment for performance, as old servers consume 60 per cent of energy, but deliver only 4 per cent of performance capability
* Performing IT system energy assessments is compelling to evolve IT energy usage patterns
* Decommissioning of unused servers is mandatory
* Virtualising and consolidating server and storage* Cloud computing most ideal, as it can help in
dynamically scaling resources over the Internet, balance different application peak loads and typically achieve high utilisation rates.
Besides, using the IT team effectively to manage IT energy saves energy and sets the goals to provide the same level of monitoring and visualisation of the physical space that exists for monitoring the IT environment.
“it teams can create value by engaging with multiple levels of
teams and bring about certain policy regulations & standards”
“the most challenging aspect is to deliver value while taking
account of the people, process & technological framework”
Dr Satish Kumar, energy efficiency Ambassador, VP, Schneider electric India
aniket Patange, Director-Datacenter Lifecycle Services, APc by Schneider electric
for IT teams and data center solutions providers. Patange says the solution lies in evolving strategy around power conversion and distribution, server load/computing operations using server innovation, virtualisation, high efficiency, power supplies and load management strategy, and deploying cooling equipment among various other things.
Dr Satish recommends that IT teams can create value by engaging with multiple levels of teams and also bringing about certain policy regulations and standards to enhance energy efficiency.
“It is critical to associate with industry associations, be part of the consortium of thought leaders and bring in ISO 50001 standards to create required differentiators,” avers Dr Satish.
Best Practices for BenchmarkingThe most important feature in the data center efficiency mechanism is to spot the data center maturity model based on industry standards. According to Sartor, it is critical to benchmark for energy performance improvement and pick up a few learnings from peer comparison to identify best practices.
Sartor advocates that it is difficult to manage that
2 4 itnext | f e b r u a r y 2 0 1 3
insight | data center
2 5F E B R U A R Y 2 0 1 3 | ITNEXT
FUJIFILM | ADVERTORIAL
StorageSimplifiedThere is a great need to understand the practical requirements / demands of storage, considering the data accessing frequencyQ: How can technology leaders manage exponential data growth in a reliable, cost effective and environmentally safe manner?A: Combination of storage solution by shift-ing / designing the maximum storage load on tape storage will be the best way to handle the exponential data growth. As tape storage is and will be alive with a strong road map forecasted by the tape drive manufactures and also as study show that the total cost of ownership of LTO-5 tape systems is 15 times lesser than disk for long term storage, where the disk consumes 238 times more power
to store same amount of data (TSR report), which makes tape storage be the economical and environmentally safe due to less power consumption and lesser emission of CO2.
Q: What are the advantages of using tape as compared to disk when it comes to storage?A: There is a great need to understand the practical requirements / demands of storage, considering the data accessing frequency. As studies show that the frequency of data access decreases with passage of time as 70 to 80 percent of data is seldom accessed
again, so one has to give its attention on the importance of data storage and risks applied on a disk keeping up with practicalities in mind. Also tape storage is cost effective, scal-able and environmentally safe solution as against the major challenges that IT manag-ers encounter in light of dwindling IT budgets. Talking about advantages of tape storage, it has better scalability, portability and archiv-abilty. It supports encryptions and WORM fea-tures with a benefit of cost per TB and power consumption/Space (area) being far lesser than on disk.
Q: Why should a technology decision maker choose FujiFilm’s LTO Ultrium 6? A: Fujifilm being known has technology leader in media manufacturing has proved itself with several path breaking media manufacturing technologies like ATOMM, Nanocubic & with the latest being Barium Ferrite(Bafe) which is incorporated in Fujifilm LTO-6. So, by launch-ing LTO-6 Fujifilm becomes the first and only manufacturer to incorporate Bafe technol-ogy in a LTO generation and the milestone achieved in 2010 jointly by Fujifilm & IBM upon successfully recording 35TB (native) on one single tape itself stands as a witness of this technology strength. Hence Fujifilm LTO-6 have better edge over others.
Q: Please throw more light on some of the features of LTO Ultrium 6 Data Cartridge.A: Highest capacity among the entire LTO generation launched - Native capacity of 2.5 TB / 6.25 TB Compressed
Highest Transfer speed - Native 160mb/sec & Compressed 400mb/sec Longest estimated Archival Life - 30 years Encryption feature retained(LTO-4 was first
the generation to have this feature).
Fujifilm LTO-6 incorporates Bafe technology in a LTO generation
J Solomon Sukumar, National
Sales Manager, DSM — Products,
Patel India
2 6 itnext | F E B R U A R Y 2 0 1 3
Baz Khuti | interview
2 7F E B R U A R Y 2 0 1 3 | itnext
AeriAl Glimpse of the DC
As a Cto, what kind of business challenges do
you frequently hear about from enterprises?The key challenges that CTOs or senior IT executives managing huge data centres face are the fundamental pressure of continuing operational efficiency, with increased emphasis on both labour cost and power reduction. Enterprises require high-performance data centres to ensure that critical business applications are available round the clock and with the right levels of cooling. Even as data centres have increased in their complexity and density so as to absorb all business requirements, the visibility into the data centre workloads is lacking. Also, the existing tools
Baz Khuti, CTO, VP-Engineering, Avocent Products and Services, Emerson Network Power, finds customers demanding higher availability, greater performance and cost efficiency. In conversation with N Geetha, Khuti emphasises the need to offer a unified, scalable solution to address complex, heterogeneous and geographically dispersed data centres
do not provide real-time data, nor make clear the relationships and dependencies between devices. IT and facilities team are forced to rely on time-consuming manual calculations or cumbersome integrations between monitoring systems to determine the health of the data centre. This results in higher costs, wasted capacity and inefficient operations. To address these challenges, I would think Data Centr Infrastructure Management solutions (DCIM), a comprehensive approach to managing the physical aspects of the data centre can be recommended. Forrester Research Group endorses the fact that DCIM has been the foundation for successful operations of data centres.
What kind of innovations in the DCim space can address these challenges?At the first outset, it is critical to examine what DCIM is and we, along with the research group, reit-erate that DCIM is a convergence of previous generations of purely facilities—oriented power manage-ment, physical asset management, network management, and finan-cial management and planning solutions for data centres. If used appropriately, DCIM solutions can help I&O professionals address steadily soaring pressures to meet business SLAs, lower costs, and improve resource and energy efficiency and long-term facilities planning. The new vocabulary DCIM has several innovations to its credit. IT acts as a multi-
interview | Baz Khuti
2 8 itnext | F E B R U A R Y 2 0 1 3
“IT and facilities team are forced to rely on time-consuming manual calculations or cumbersome integrations between monitoring systems to determine the health of the data centre”
functional single integration tool which incorporates entire enter-prise management frameworks and takes a 360 degree approach. The essentials of DCIM are to give an integrated view of facilities and operations and its ability to allow views and control of multiple lev-els of the data centre. The function-ality of DCIM solutions is rapidly changing as offerings mature and user requirements drive vendors to fine-tune their offerings. What differentiates DCIM from other legacy tools are its eight core func-tions. They include:n Inventory and discovery: It is an asset management function, which helps in capturing the inventory and import from existing configu-ration management databases and, in some cases, from spreadsheets. Once the inventory is detected, the DCIM solution must be able to con-struct the necessary relationships and dependencies between them, such as the relationship between circuits and power distribution units (PDUs) and the relationship between PDUs and racks and con-nected equipment.n Maintenance and change control: DCIM enables them to perform change control, but at a minimum, they need to be able to a) update their own configurations based on operator actions, b) create a list of change actions as a result of any what-if scenarios they gener-ate, and c) allow the generation of work orders in existing ticketing systems. n Data collection: Once the DCIM software is installed, it needs to collect data from the environment. It collects real-time physical infra-structure data, including physi-cal rack and equipment location, circuit capacities, CRAC and cool-ing data, and thermal data from the equipment of multiple, and, in many cases, competing vendors, along with data from other sources.n Consolidated monitoring and display dashboard: This function
bridges the worlds of facilities and IT operations, which is a USP for most players.n Alerts: It helps in the process-ing and interpretation of data to be presented in an easily consumable format.n Control: DCIM has the ability to reach out directly and control infrastructure elements.n Trend Analysis: The ability to display trends for power and cool-ing as well as predict and diagnose conditions that have exceeded pre-set limits.
The ability to model future solu-tions for implementation: While still nascent, the ability to model potential solutions for power and workload problems is one of the
areas where systems vendors and infrastructure equipment suppli-ers intersect.
What is the value proposition that DCim has brought to your customers?The DCIM solution has helped IT heads in orchestrating the entire data centre model in bringing visibility to the operations. It has helped senior IT teams in build-
Baz Khuti | interview
2 9F E B R U A R Y 2 0 1 3 | itnext
ing a modular design where they can integrate all applications, databases to a single framework to drive better visibility of its main-tenance and power consumption ratio. It is critical to build a struc-tured and sustenance data centre model for better consolidation.
Our customers have witnessed real-time data collection using our key DCIM functionalities such as unified infrastructure monitoring, access and control systems and real-time infrastructure optimisa-tion platform.
One of our customers, Infosys, has witnessed significant benefits and has successfully integrated Oracle data bases, its Fusion Mid-dleware, security solutions, along
with legacy applications using the DCIM platform; it has been able to drive complete visibility into the entire operations. Our Universal Management Gateway appliance has helped customers in con-solidating management of IT and facilities equipment, making it possible—and easy—to securely execute a unified approach.
Infrastructure management technologies can be classified into two different categories: 1) access and control and 2) monitoring. Today, IT infrastructure is managed with access and control technologies such as KVM, serial console and embedded server technology. Facilities infrastructure is managed through real-time data collection and monitoring of those physical assets. Because the Universal Management Gateway appliance integrates access, control and monitoring in a single chassis, data centres no longer need multiple infrastructure management tools. However, the tools can reduce and recover capital expenses, so that data centres need not purchase and maintain multiple tools for monitoring the infrastructure. Data centres can save as much as 75 per cent of rack space.
It can support green initia-tives and dramatically cut power consumption; with fewer devices, power usage can decrease as much as 30 per cent.
It would reduce operating expenses including time and costs for managing, maintaining, secur-ing and training users. Another advantage is enhanced deploy-ment flexibility and efficiency, auto sensing enabling rack re-configu-ration with virtually no manual intervention, allowing devices to be monitored dynamically as they are connected.
Another strong advantage is to improve disaster recovery at lower cost to secure, while enabling remote access for easy
maintenance and lowered travel expenses.
It is also future proof infrastruc-ture investments, the built-in flex-ibility and heterogeneous vendor support for efficiently managing current and future assets, such as enabling convenient transition from legacy KVM into embed-ded access technologies. Another function is that the real-time infra-structure optimisation platform as a DCIM solution mirrors how data centres actually work, rather than merely forcing change to compen-sate for the gaps created by manag-ing with multiple point products. The platform provides a single solution for unified management of IT and facilities infrastructure, combines both hardware and soft-ware in order to gather data from every infrastructure device includ-ing Windows, Linux and UNIX server, storage and serial devices, service processors, rack/environ-mental sensors, data centre power units, cooling units and power dis-tribution units (PDUs).
What is the most preferred\ideal data centre design which is transforming the it manager’s environment?Most IT teams are trying to revamp the existing data centre and going in for the colo model. IT teams need to look at aesthetically designed centres and also take into account their workloads that are running, using innovative tools. The design should have allocation for the circulation of hot and cold air and have platforms that can integrate with other facilities. It is always recommended to have util-ity based planning with effective monitoring tools. It’s most impor-tant, for IT managers to align ini-tiatives with business goals, exert greater control over operations and maintain uptime. IT teams need greater ability to understand the impact of change and how to optimise space usage.
Find other inter-views online on
the website www.itnext.
in/resources/interviews
3 0 itnext | f e b r u a r y 2 0 1 3
The cyber world is envel-oped by ransomware, giving sleepless nights to security heads and literally holding enter-
prises and users to ransom, in addition to threatening the basic security frame-work. Security heads are compelled to deploy stringent security tools, create a hygiene factor and prevent fraud.
Ransomware on a RollRansom, as defined by the Webster’s dictionary, is the practice of holding a prisoner or item to extort money or property to secure their release. This has been a menace in the physical world for many centuries. In the virtual world, it
securitythreats
data held to ransom
Technological advancements have provoked fraudsters to find new ways of
holding critical data to ransom
15minutem a n a g e R
Strategy: Data held to Ransom this page
Health Tips: Causes for Vitamin- D Deficiency page 32
trainingeducationworkplace
compensationworkforce trends
skills developmentpersonal development
uses of Vitamin D
page 32
By Uday Mittal &
SUnil Varkey
15-mInUte manaGer
was a stray occurrence till very recently. As enterprises get more exposed to the digital world and
with valuable critical information being stored in the digital form, fraudsters are finding innovative ways to exploit the situation using malware.
Ransomware malware limits and blocks access to the computer system, holds valuable or critical data by compromising it, and demands a ransom to be paid to the malware planter for the release of the hostage data. The mode of infection and propagation can be similar to any malware; but following infection, it could use various methods to trap the data owner to hostile situations.
How can it affect users?Some of the worst scenarios which customers can encounter could be that those who use pirated software become the first victims. In such a case, the malware initiates the infection path
14.09.12 IT Next
www.bryair.com
Backed byService
These could be due to microscopic corrosion
caused by excess moisture
Remove moisture most effi ciently
Phone: +91 11 23906777 • E-Mail: [email protected] 9001:2008 & 14001:2004 CERTIFIED
DEHUMIDIFIERS®
Write to us today for cost effective solutions
RB/B
A/12
20HV
CA5R
1
FrequentBREAKDOWNS
in Instrumentation Labs?
Write to us today for cost effective solutions
RB/B
A/12
20HV
CA5R
1
ACREX India 2013
Bombay Exhibition Centre, Mumbai
7 – 9 March2013
Meet us atBooth No. C 20
and claims that the user has violated the software licensing policy and locks the system. For releasing it, the user must call an overseas number to get the activation code, a call charged at premium rates. Or when accessing objectionable content, malware may claim to be an enforcement authority and force the user to pay a penalty to release the system lock.
Ransomware Payment modeThe payment mode varies from malware to malware, but those most commonly used are prepaid electronic money schemes like Ukash, MoneyPak etc. Most ransomware may avoid any mode of payment that may be tracked, such as credit cards, debit cards, net banking or PayPal.
The challenge is that if the ransom is not paid, it would be tough to get the system reformatted. And even when paid, it could only be a temporary solution since the malware is still active in the system and could come back to life at any instant.
Ransomware’s originAs per Michael Kassner, the first ransomware, PC Cyborg, appeared in 1989. It was a Trojan developed by Joseph Popp and carried a payload which claimed that a licence of certain software on a user’s PC had expired and that the user must pay a sum of USD 189 to PC Cyborg Corporation to unlock his PC. By 2006, the attacks got more sophisticated as writers ofransomware started using 660-bit (Gpcode.
Malware claims to be an enforcement authority and force the user to pay a penalty to realease lock
3 1f e b r u a r y 2 0 1 3 | itnext
15-MINUTE MANAGER
AG) and 1024-bit (Gpcode.AK) RSA Key. In the last few years, there are reports of the presence of ransomware in enterprises where hackers obtained access to critical databases, encrypted them and negotiated a ransom for the decryption key. But most of the time, this is not an easy task. This is because of the enterprise security controls being in place, effective negotiation and the entire process being carried on without the attacker’s identity being disclosed. But it still remains a big threat if the hacker manages to plant ransomware in an enterprise server where critical applications or the database are hosted.
Now with SMBs and individual home users on the rise, it is easier to target and trap the user’s data because of less security controls and user level awareness.
According to a report from the Symantec Security Response team, early this year, ransomware worms were found prominent in Germany, France and the UK; and by the end of the year, the US also showed a significant rise in the number of infections. In the last two months, we have seen the presence of multiple dormant ransomware in India waiting to get initiated. Currently, there exist at least sixteen different types of ransomware families. These are sixteen different malware families and not mere versions.
According to reports, although a very small percentage of people actually pay for system release, it is currently a USD 5 million industry.
the next Best steps for Cisos With technology available to build exploits and hackers finding this an easy way of extracting money, the chances of multi-variants of ransomware in the wild getting initiated any time (rather than waiting to initiate when users access objectionable content or use pirated software) would change the threat perspective in a big way.
While Antivirus companies consider this a serious security concern and release multiple security control signatures for combating ransomware, p
ho
to
gr
ap
hy
: ph
ot
os
.co
m
Vitamin D ‘may ReDuCe tHe Risk of alzHeimeR’s Disease’ as per a new research, to reduce the risk
of alzheimer’s disease, women should take
Vitamin D supplements. Two new studies
show that women who don’t have enough
Vitamin D as they hit middle age are at
greater risk of going into mental decline
and developing alzheimer’s.
The first study found that women who
developed alzheimer’s disease had lower
Vitamin D intake than those who did not
develop the illness. Dr Cedric annweiler,
of angers university Hospital in france,
looked at data from nearly 500 women
who participated in the Toulouse cohort of
the epidemiology of Osteoporosis study. It
was observed that women who developed
alzheimer’s had an average vitamin D in-
take of 50.3 micrograms a week, whereas
those who developed other forms of de-
mentia had an average of 63.6 micrograms
per week, and those who didn’t develop de-
mentia at all averaged 59 micrograms.The
study highlighted the role vitamin D plays
in alzheimer’s, a severe form of dementia
which causes the patient to become disori-
entated, aggressive, forgetful and find even
quite basic tasks difficult to carry out. So
far, there is no cure for the illness, which
affects around 400,000 people in england
- a figure which is steadily rising as people
live for longer. source: cfo india
Vitamin D deficiency could lead to quick degeneration of bones, resulting in chronic joint pain.
Causes for Vitamin - D DefiCienCy
health tips
• There are several reasons which could result in Vitamin D deficiency in a human body, which could be fatal if ignored. Some of causes could be: * If one’s intake of milk is insufficient* In case of one being a strict vegetarian* Insufficient exposure to sunlight* In case of excessive dieting* If one has a dark skinIf the digestive tract cannot adequately absorb vitamin D* Obesity
“With advancement in technology, these
attacks will only get more and more sophisticated
and perilous”— sunil Varkey, Head-IS, Idea Cellular Ltd
28 cm x 10.3 cm
RB
/BA
/122
7HV
CA
4
Data Processing Centres
Cleanneed
®
Gas Phase Filtration
Write to us today for cost effective solutions
Phone: +91 11 23906777 • E-Mail: [email protected] 9001:2008 & 14001:2004 CERTIFIED
®
Backed byService
• Impregnated with choice of chemicals• Very compact size• Face velocity 400 to 600 FPM with
low pressure drop• Longer mean time between
replacement (MTBR)
www.bryairfi ltration.com
High CapacityHoneycombCHEMICAL FILTERS
New
Removes corrosive gaseseffi ciently
Processed Airto prevent breakdowns due to
corrosion
what is needed is a strong URL content filtering, periodic security patching, the use of trusted applications and end user awareness to prevent the threat.
Cyber criminals are bridging the gap between the physical world and cyber world rapidly. With advancement in technology, these attacks will only get more and more sophisticated and perilous. The only way to safeguard against them is to increase awareness about cybercrime among users. The dangers are real, the threats are real, the repercussions are unimaginable and the rise of ransomware confirms the
validity of this statement.Most vendors are coming up with recommendations on how
to deal with advanced encryption algorithms in addressing the ransomware menace.
The idea is to be alert about fake messages and websites and educate business users and end users periodically about new security threats and recommend ways to prevent them.
Sunil Varkey, Head-Information Security, Idea Cellular Ltd, and uday Mittal, Management Trainee, Security Team, Idea Cellular Ltd.
15-mInUte manaGer
3 3f e b r u a r y 2 0 1 3 | itnext
3 5 f e b r u a r y 2 0 1 3 | itnext
thebig
Your responses count. Log on to www.itnext.in/bigQ to submit your replies. The best entry will be published in the next print edition.
The SiTuaTion...“How will Manoj Sahani ensure data secu-rity on the Cloud in his organisation?,”Every CIO or IT head is in a dilemma, thanks to the all pervasive Cloud. Manoj Sahani, Senior IT Manager of a large manufacturing firm, is no exception. However, Sahani’s company’s top man-agement has already given him the green signal to go ahead with the Cloud model, and migration of applications related to CRM, ERP, Mailing Solu-tions, communication server, document collabo-ration, designing applications, besides the data to the Cloud. Against this backdrop, Sahani’s biggest challenge is to choose the right service provider, evaluate the provider’s expertise in cloud deploy-ment, analyse the redundancy plan, besides working out a cost benefit analysis as part of the uninterrupted service agreement.Everything finally boils down to security with re-gard to the Cloud. Sahani’s task is to comprehend to size the exact Cloud configuration required for his applications and how he can make sure the
PARAg DEOD-HAR, CHIEf RISk OffICER, CISO & VP-PRO-CESS ExCEL-LEnCE, BHARTI AxA gEnERAL InSuRAnCE CO. LTD
DR HARSHA, HEAD IT-COnSuLTAnT, Hk IT gROuP
YAgnESH PARIkH, SEnIOR VP-HEAD IT (TRADIng), ICICI SECuRI-TIES LTD
eXPerT PaNeL
NeXt
CLOuD SECuRITY
Cloud Audit CritiCAl
Cu
T I
T
fR
OM
HE
RE
performance and end user experience is not compro-mised. Above all, the grave concern is to safeguard the organisation’s data, in terms of devising the best guidelines and security certificates. Besides finding ways of converting local IT infrastructure based appli-cations into Cloud based as also the bandwidth sizing for each application, he must justify the ROI for Cloud based service compared with local IT Infrastructure. Also, he may be expected to manage with servers already invested in with the co-locating concept. Will all the service providers enable the co-locating server concept? Will his super administrators get data centre access round the clock if there are emergency reviews required? He must also devise strategies to understand the defaults and more secured IT security policies. The concern is to ensure that the cloud service provider provides clients a periodic upgrade and update on secu-rity and performance upgrade and update. Amid such ambiguities, Sahani’s primary focus is security and to evolve an effective security framework in a Cloud model. He seeks suggestions from the expert panel to address his concerns.
the big q
3 6 itnext | f e b r u a r y 2 0 1 3
FiRSt AnSWeRSahani’s primary task is to evaluate the private Cloud, public Cloud and co-location scenarios and check for security certifications (ISO27000, 22301, etc). He should also do a due diligence / audit on the service pro-vider to ensure the level of security provided. He must ensure he has a NDA and legal agreement in place with the provider including the right to audit. SLAs should also be put in place as required. The service pro-vider must implement the following frameworks/tools: n Data Privacy Frameworks--ISO27001, PCI-DSS, HIPAA etcn Availability-ISO22301, high availability & DRn Confidentiality--IDAM, Strong Authentication, DLP suiten Event and Log monitoring--SIEMn Malware controls--AV, IDS/IPS, and WAF etc.
SeCOnD AnSWeRAs part of the Cloud initiative, and even before leaping on to the Cloud,
Sahani needs to know a few security best practices in the Cloud framework and those that his service provider needs to work on.
Sahani can strictly follow an “information risk management” framework and must
undertake these tasks: a)Do a data classification and analyse what data will be stored in the Cloud. Depending on
the sensitivity of data, the service provider should to provide adequate security levels and certifications (for example, if credit card data is to be stored, PCI-DSS certification would be required).
b)It is important to understand whether the regulations allow data storage on the Cloud especially when the service provider may be hosting the infrastructure outside the country
c)Strong authentication tools need to be implemented--ideally, dual factord) How access controls will be managed--will users be able to access data from outside the
office network? If yes, what are the Data Leakage Prevention measures?e)Data Storage--segregated from other tenants, encryptedf)Data Availability--what are the requirements and how will it be managed, SLAs for
incident resolution, etc; Disaster Recovery capabilitiesg)Ensure that user ids and access rights granting / revocation and reconciliation process
is followed diligentlyh)Conduct regular audits on the service provider.
The big queSTionS...? WhaT kiNd of securiTy TooLs or frameWorks musT sahaNi evaLuaTe
or dePLoy To make his daTa secure oN The cLoud?
? WhaT are The securiTy besT PracTices iN a cLoud frameWork for his eNTerPrise ThaT his service Provider Needs To Work oN?
here are The anSwerS...
Parag DeoDhar
chief risk officer, ciso & vP-Process
excellence, bharti axa General insurance
co. Ltd
About me: a ca, certified information
systems auditor from isaca, us and
certified fraud examiner from acfe, us and
board member on the bangalore chapter of
acfe, with over 15 years of experience .
have The righT To audiT
the big q
3 7 f e b r u a r y 2 0 1 3 | itnext
FiRSt AnSWeR With regard to data security, it is a must for Sahani, particularly if it is a large enterprise, to understand if the data is residing in India or outside. In most cases, the Cloud service provider has a wide spread and the data centre is located in a different geography. Gauge the performance of the service provider in safeguarding the data on the Cloud, irrespective of whether private or public. Sahani should make sure that the partner has structured the data based on SAN boxes to protect them. The key criterion is to see if the service provider enables the team to conduct audits, understand his access control mechanism and if he has appropriate security tools in place..
SeCOnD AnSWeRAs a best practice, Sahani needs to factor in the service provider’s com-munication policy to ensure if he keeps the IT team informed about the
tasks periodically. It is important to get insights into his readiness to address any untoward incidents; it’s critical to see his proven track record. The best security practices would be to ensure that the partner has good governance in place, the contracts are well defined and legal and compliance needs are addressed appropriately. The service provider’s inter-operability efficiencies need to be understood where a data migration process is involved.
daTa locaTion iS criTical
Yagnesh Parikh
senior vP-head iT (Trading), icici
securities Ltd
About me: Possess a keen understanding of
technology, an expert in addressing the iT needs of the banking and financial
services sector. NeXt
the big q
3 8 itnext | f e b r u a r y 2 0 1 3
FiRSt AnSWeRThe pre-requisite is to have security encryptions in place to safeguard data. Most often, enterprises outsource cloud computing activities, so Sahani needs to have a service provider. Before that, he should check their security application and its features. He must do a complete analysis on the service provider’s access and privileges to the company’s data and application; this should be made transparent to the management. A peri-odic external audit must check what security tools are being provided. It is important to check the port opened and its availability for web access, and to ensure that other ports opened need to blocked.
To ensure greater security, end user access should be provided with SSL VPN and print screen and copy files to the local system should be avoided; login fails should be restricted to 3 attempts; beyond this, the account should get locked. As in a data centre, on a cloud too, strict group policies should be implemented for accessing resources like changing time, changing IPs , accessing system files, etc. Notification to super administration should be enabled if there are suspicious activities or access, while DLP policies can be implemented to monitor logs and restrict content on the Cloud.
SeCOnD AnSWeRAs a best practice, Sahani should choose for only 5-star rating applications if there are requirements on web server, they should be completely blocked. RUN, SHUTDOWN, EXPLORER, FILES ACCESS should be blocked to end users to understand how periodically the web server is scheduled for security and application patches. Other mandatory parameters from a security standpoint are:
* The redundancy plans scheduled and how much time it will take for restoration in case of a crash or when the server is down
* Analyse the exact bandwidth required for application; it should be availed with a 30 to 40 per cent buffer
* Need to check physical access and web access periodically and review (Biometric access, video surveillance, etc) them. The service provider must have power, cooling, site redundancy etc.
Dr harsha
head iT-consultant, hk iT Group
About me: a Ph.d in information security, i spearhead the entire
iT operations of the group across the globe and address end-to-end
solutions.
underSTand acceSS conTrol
State of Cloud SecurityClOuD
SO
uR
CE
: gA
RT
nE
R
Web Appl icat ion Attack
Brute force
Reconnaissance
Vulnerabi l i ty Scan
Appl icat ion Attack
Malware/Botnet
Misconf igurat ion
6571
4483
4251
3754
39
243
112
0% 20 40 60 80 100%
Service Provider
On Premise
a survey by alert Logic states that the percentage of customers experiencing security incidents was lower across the board in all categories for service providers than it was for their on premises enterprise customers.
It may be time to take your head out of the ground.
Donate now to help change the picture. For any further
information on how you can help, please visit 30.pradan.net
or send an email to [email protected]. You could choose
to either make a personal donation or join hands with
PRADAN as part of your CSR initiatives.
PROFESSIONAL ASSISTANCEFOR DEVELOPMENT ACTION
picture the change change the picture|
9.9 Media supports PRADAN.
IT MAY BE TIME
TO TAKE YOUR HEAD OUT
OF THE GROUND.
For India to truly change, we need to address this issue.
PRADAN is powered by the belief that the best minds
in the country need to work at the grassroots to change
the face of poverty in India. Their teams have been
working with endemically poor communities for 30
years with some amazing results.
Their focus is to work with women and tribal
communities across the poorest districts of India. They
have introduced models, which have helped entire
communities find livelihoods and emerge from poverty.
They have touched over 1 million people, changing
their lives in a range of ways – from ensuring food and
livelihood, to creating choice and dignity.
They pictured the change. And changed the picture.
2012 - INDIA IS STILL HOME TO 41% OF THE WORLD'S POOREST.
photo credit: getty images
inbox
5f e b r u a r y 2 0 1 3 | itnext
It may be time to take your head out of the ground.
Donate now to help change the picture. For any further
information on how you can help, please visit 30.pradan.net
or send an email to [email protected]. You could choose
to either make a personal donation or join hands with
PRADAN as part of your CSR initiatives.
PROFESSIONAL ASSISTANCEFOR DEVELOPMENT ACTION
picture the change change the picture|
9.9 Media supports PRADAN.
IT MAY BE TIME
TO TAKE YOUR HEAD OUT
OF THE GROUND.
For India to truly change, we need to address this issue.
PRADAN is powered by the belief that the best minds
in the country need to work at the grassroots to change
the face of poverty in India. Their teams have been
working with endemically poor communities for 30
years with some amazing results.
Their focus is to work with women and tribal
communities across the poorest districts of India. They
have introduced models, which have helped entire
communities find livelihoods and emerge from poverty.
They have touched over 1 million people, changing
their lives in a range of ways – from ensuring food and
livelihood, to creating choice and dignity.
They pictured the change. And changed the picture.
2012 - INDIA IS STILL HOME TO 41% OF THE WORLD'S POOREST.
photo credit: getty images
cube chat | Manuhaar agrawalla
4 2 itnext | J a n u a r y 2 0 1 3
“thanks to my passion for technology, i started reading the definitions every week and that’s how i developed a basic knowledge of computers,” says Manuhaar Agrawalla, Senior Manager IT, The Oberoi Group
Playing With IT
Unlike other kids, he was always fascinated by electronic devices and was keen to know how they worked. So, from early childhood, he loved to take electronic toys and
devices apart and put them back together. “And I developed a knack for technology; this has continued ever since,” says Agrawalla.
He belongs to a business family and grew up in Calcutta (since renamed Kolkata). He pursued a B.Com to step into the shoes of his father. However, fate had other plans. “When I was in primary school, IT was just arriving in India, and a local newspaper started a weekly half-page section on IT definitions. Thanks to my passion for technology, I started reading the definitions every week and developed a basic knowledge of computers,” he brags.
Shortly after a B Com from the University of
Calcutta, he did a Diploma in Communication & Networking Technology from Asset International, followed by a Diploma in Hardware Technology from Aptech Ltd. “It gave me the much required knowledge in networking as well as hardware,” he adds. However, he felt that a Novell certified course was required for a job in those days, so he became a Certified Novell Engineer (CNE) in 1998. “The diplomas and the CNE programme gave me the solid foundation needed for a job in IT,” he feels.
Soon after, Agrawalla was absorbed by CMC Limited, an end-to-end IT solutions provider with capabilities straddling the entire information technology spectrum: IT architecture; hardware; software, etc.
He was deputed at Philips India Limited as Network Administrator. Some of his major projects implemented included:
“aim to Excel for
Success
My sucessMantra
By MAnu ShArMA
4 3J a n u a r y 2 0 1 3 | itnext
cube chaT
SMTP, DHCP, FTP, DNS & File/Print services on many WinNT/2000, Linux & Netware servers. Besides, he also set up Lotus Notes Email on all the clients’ desktop.
After a two-year stint at CMC, Agrawalla joined Apeejay-Surrendra Park Hotels Ltd as Director – Corporate IT. Here, he was responsible for the IT infrastructure and application revamp, Accounting & Materials System Installation and also the Centralised Email system.
In 2004, Agrawalla, with an eye on future growth, decided to leave ‘The City of Joy’ and move to greener pastures. He joined as Systems Manager at The Oberoi, Bangalore. Some of his major achievements here were setting up the AD 2003 & Exchange 2003. In fact, it was a pilot site implementation of
centralised AD & Exchange. And what does he attribute his success
to? “I owe my success to hard work, and less to luck,” believes Agrawalla.
He then moved to Corporate IT at The Oberoi Group as Senior Manager-IT in Delhi and successfully implemented the Business Process Optimisation project (Finance, Procurement, HR & IT functions); BaaN ERP re-deployment and rolled out IT policy across the organisation.
Having put in about 13 years in this line, he plans to become a CIO in the near term and hopefully, CEO in the long term.
Agarwalla admires people like A P J Abdul Kalam and Amitabh Bachchan for their humility despite their achievements. He also likes Narendra Modi, CM of Gujarat, for the state’s development.
FacT FIle
Name maNuhaar agrawalla
CurreNt desigNatioN
seNior maNager it
CurreNt role iNfrastruCture, appliCatioNs, it poliCy
expertise Net works, iNterNet, fiNaNCe, proCuremeNt
work experieNCe 13+ years
eduCatioN seNior maNagemeNt programme (iim, CalCutta) – loNg duratioN programme (1 year) - 2011
strategy, Corporate fiNaNCe, marketiNg, m&a, operatioNs & risk maNagemeNt
graduate B. Com. aCCouNtaNCy, (uNiversit y of CalCutta) 1997
professioNal traiNiNg & CertifiCatioNs * gartNer ald for aspiriNg Cios traiNiNg 2012
* CisCo Certified Net work assoCiate (CCNa) CertifiCatioN 2002
* Certified Novell eNgiNeer (CNe) Net ware 4.11 CertifiCatioN 1998
* diploma iN CommuNiCatioN & Net workiNg teChNology (asset iNterNatioNal) 1998
favourite Quote kNowledge iNCreases with shariNg
favourite destiNatioN egypt
favourite Book aNgels & demoNs
“I owe my success to hard work and my
interest to learn new things and less to luck”
update
4 4 itnext | f e b r u a r y 2 0 1 3
Acer Launches ICONIA B1 Tablets in IndiaUnveiled at the CeS 2013 earlier this month, the 7-inch tablet at INr 7,999/-
off the Shelf A sneak preview of enterprise products, solutions and services
tablet pC | Acer recently launched its 7” bud-get tablet ICONIA B1, in the Indian market. Launched internationally at CES earlier in January, the tablet has been made available to consumers in the Indian market almost simul-taneously. Designed to suit the varying needs of today’s consumers, the tablet is targeted towards the youth, new users and families looking for a user-friendly, portable, perfor-mance packed tablet.
The Google Android 4.1 OS (Jelly Bean), based ICONIA B1 is powered by 1.2GHz dual-core processor ensuring enhanced performance and a superior gaming experience. The 7” capacitive multi-touch screen with an exceptional industry leading resolution of 1024 x 600, provides for an enriching visual experience. The resolution is at least 60% better than the peer offerings, hence, enhancing user experience while watching videos, e-reading, web browsing and playing games on the move.
At 7”, the tablet weighs as less as 320 gms making it ultra-portable for consumers to stay connected on the move.
California, uSa headquartered tech-
nology firm Swipe telecom announced
its foray into the fablet segment of the
smartphone market in India with the
launch of its f1 fablet.
the f1 fablet works on the android
4.0 (ICS) operating system and has
a 5 inch capacitive touch screen with
5-point HD WVGa Multi- touch display.
the tab also has dual shooters with
5.0Mp Camera with flash complimented
by a 0.3Mp front camera for support
good quality video calls. there is ample
space for all requirements for applica-
tions movies etc. with a 4 Gb in-built
memory, which is expandable through
a 32 Gb t-flash card. It supports dual
SIM and boasts of a powerful 1 GHz,
MtK 6575 processor and 512 Mb raM
which enhances & smoothens multi-
tasking, supports heavy applications
and provides the user with HD gaming
capability. priced at INr 9490/- the f1
fablet is set to add a new dimension.
Swipe Intros f1 fablet in India
Key featUreS
Dual SIM fablet
android 4.0 (ICS)
GHz MtK 6575 processor
5.0” WVGa Capacitive Multi-touch display
4 Gb – expandable up to 32 Gb
Wi-fi 802.11 b/g/n
Dual Camera- 5.0Mp rear/ 0.3Mp front Camera
2500mah battery
Weight-120gms
GpS- Voice based Navigation
Key SpeCifiCationS* Google android 4.1 OS (Jelly
bean)
* Dual-core Mediatek processor
(MtK 8317t)
* 7-inch display with a 1024x600
pixel resolution
* 512Mb of raM
* Wi-fi 802.11 b/g/n
* bluetooth 4.0
update
4 5f e b r u a r y 2 0 1 3 | itnext
A platform to air your views on the latest developments and issues that impact you
JiJy OOmmen Group HeAd-IT, BAjAj CApITAl lTd Women in IT definitely add
value given the fact that
new trends like outsourcing
cloud computing etc., have
opened up opportunities
for women. However, at the
top, women score higher
in terms of knowledge,
leadership and manage-
ment skills. Having the
right organisational culture
is most important, and the
female work-force needs
more flexibility in terms of
working from home on a
needs basis. Women can
add value by demonstrat-
ing right attitude, flexibility
and creating a support
system both at home and
at work place even at the
cost of small sacrifices.
ShaileSh JOShi Vp& HeAd-IT, Godrej IndusTrIes lTd IT is all about the perception
held by male counterparts
who think women are less
knowledgeable, which
may not be the case.
Women are very good at
handling applications,
both deployment and
implementation and
consulting related job
and outsmart their male
counterparts, while it
is a challenge handling
infrastructure related
activities. It is important
to consciously evolve a
different policy for the
women IT-force, with their
career growth in mind and
these policies should enable
them to build a good team
around themselves.
Daya PrakaSh HeAd-IT, lG eleCTronICs Women can add great
value if the enterprises
consciously encourage
them to play a strategic
role and equip them with
necessary skills. Devising
specific strategies to involve
them in critical roles such as
supply chain management
would definitely help.
Women have expertise in
handling collaboration and
the application side of the
technology. Thinking and
meaning business to address
business problems will
help women in contributing
significantly to the company’s
growth as they are good at
communication skills. They
could the catalyst between
vendors and CIO or CfO
which is the need of the hour.
Do you think women in IT add more value?
OPen Debate
your views and opinion matter to us. Send us your feedback on stories and the magazine to the editor at [email protected]
bOOk FOr yOu
Decoding India
Star Value:
IT NEXT VerDictIt is important to understand the authors’
mind as they question if India’s IT the pana-
cea for its economic ills or is it a mere bubble?
MOST WITH an interest in economics
are rather put off by the thought of
reading economic history. Given the
15-page bibliography, a casual reader
intrigued by the title may well feel
tempted to put India Means business
How the elephant earned its Stripes
back on the bookshelf. Chartered ac-
countant-researchers-authors Kshama
V Kaushik and Kaushik Dutta have
done an exemplary job as economic
historians setting the context of Indian
business. It takes on a cultural-com-
mercial journey of discovery of India
down the ages and in the process
unravels the way Indian business
ethos was formed. What we learn in
the process is that India has always
meant business and no pun intended.
The story starts at the beginning of
the 18th century when the Indian sub-
continent had a flourishing overseas
trade. The painstaking research of the
authors is obvious but nowhere does it
interfere in the narrative to make it a
dull and drab piece of history. India’s
business has its roots in its histroy.
TITLe:InDIa MeanS buSIneSS-HOW THe eLepHanT earneD ITS STrIpeS auTHOr: KSHaMa V KauSHIK & KauSHIK DuTTapubLISHer: Oup InDIareVIeWeD by: SanGITa THaKur
Acoustic WAve music
system ii The advanced Bose speaker and
audio technologies deliver sound
with clarity and consistency,
even at loud volume levels.
Price: $949.95.
striiv smArt Pedometer
Between work and family,
it’s hard to fit exercise into a
busy schedule. Striiv is a Smart
Pedometer that helps to walk
more on the busiest days.
Price: $199.95.
Bluetooth enABled WAtchCasio has started shipping a
wristwatch with built-in Bluetooth
connectivity. G-Shock GB6900,
is capable of connecting to
Bluetooth 4.0 smartphones.
neW
Price: $180.
WeArABle video cAm
Heading out on a road trip?
Going to the game, out for a run,
a round of golf, ? It sees what
you see, and effortlessly
records your life.
hot
Price: $149.
hiGh-tech GiFts Geek? No way — these gifts are totally chic, and will impress even the most savvy of digital divas. A great gift for your loved ones in the new year 2013.
Like something? Want to share your objects of desire? Send us your wish-list or feedback to [email protected]
indulGe The hottest, the coolest and the funkiest next generation gadgets and devices for you
update
4 6 itnext | f e B r u A r y 2 0 1 3
GET THE RECOGNITION YOUR TEAM DESERVES
Who will be there: Over 700 of India’s enterprise CIO/IT community, CXOs, LoB Heads, Government officials, over two days.
Inflexion will include buyers' meets, workshops and an innovative immersive cloud café
APPLY NOWwww.inflexionconvex.in
The CLOUD LEADERSHIP AWARDS are dedicated to promote and recognize the efforts by IT teams in enabling cloud based enterprise projects. If you are part of a team that has successfully implemented a cloud based project. APPLY TODAY at www.inflexionconvex.in
WIN 1,00,000 RUPEES
Inflexion Convex 2013: Cloud… the easy next stepThe Inflexion Conference/Expo will help you:• Determine the next steps needed to leverage the capabilities of cloud computing• Choose and implement the most effective cloud solutions• Mitigate the risks associated with the implementation of ‘Cloud’
Organised byKnowledge PartnerPartners
Benefits of Participation
Date: February 18 - 19, 2013 Venue: India Habitat Centre, Lodhi Rd, New Delhi
• Prize of 1,00,000 rupees in cash for the winning team, 75,000 for first runner up and 25,000 for second runner-up
• Cloud Leadership Award Trophy
• Special mention of top 10 winning teams in ITNEXT magazine & websites
• Participation certificates to all participating teams
Inflexion Ad_final.indd 40 1/24/2013 5:31:04 PM
my log
4 8 itnext | F e b r u a r y 2 0 1 3
I had the fortune to start my career under one of the most visionary corporate lead-ers. A man of vast experience, the first task he assigned me was to read the Com-pany Manual. Now mind you, this was no ordinary novella. A thick, fat document, dry and uninteresting, there was nothing in there to hold the interest of a bubbly youngster with big dreams of a glamor-ous corporate communication career. After the first few pages and few loud yawns, I was ready to retire. But my boss persisted. He was after all the manag-ing director. You could not refuse him. It sunk in much later that even being allowed to read the sacred book was a huge honour for a rookie. But the bigger prize was the assignment that followed. I was asked to redraft a few sections. While on the sections dealing with administra-tion, personnel, human resources and communications, I came across a piece that has stuck indelibly. It concerned new joinees and the section ran something like this: New managers will generally be of two kinds—the first will either try to change the system, failing which, will become a part of it. The second type will, on failing to change the system, prefer to quit rather than become a part of it.
My first boss who was also my first bona fide mentor, cautioned me then. He said, it is the second type that you need
Be the Change-makerInstead of being sucked in the system or cribbing against it, let’s be bold and make that little positive difference
CUBE CHAT | MANUHAAR AGRAWALLA
4 2 ITNEXT | J A N U A R Y 2 0 1 3
“Thanks to my passion for technology, I started reading the definitions every week and that’s how I developed a basic knowledge of computers,” says Manuhaar Agrawalla, Senior Manager IT, The Oberoi Group
Playing With IT
Unlike other kids, he was always fascinated by electronic devices and was keen to know how they worked. So, from early childhood, he loved to take electronic toys and
devices apart and put them back together. “And I developed a knack for technology; this has continued ever since,” says Agrawalla.
He belongs to a business family and grew up in Calcutta (since renamed Kolkata). He pursued a B.Com to step into the shoes of his father. However, fate had other plans. “When I was in primary school, IT was just arriving in India, and a local newspaper started a weekly half-page section on IT definitions. Thanks to my passion for technology, I started reading the definitions every week and developed a basic knowledge of computers,” he brags.
Shortly after a B Com from the University of
Calcutta, he did a Diploma in Communication & Networking Technology from Asset International, followed by a Diploma in Hardware Technology from Aptech Ltd. “It gave me the much required knowledge in networking as well as hardware,” he adds. However, he felt that a Novell certified course was required for a job in those days, so he became a Certified Novell Engineer (CNE) in 1998. “The diplomas and the CNE programme gave me the solid foundation needed for a job in IT,” he feels.
Soon after, Agrawalla was absorbed by CMC Limited, an end-to-end IT solutions provider with capabilities straddling the entire information technology spectrum: IT architecture; hardware; software, etc.
He was deputed at Philips India Limited as Network Administrator. Some of his major projects implemented included:
“Aim to Excel for
Success
MY SUCESSMANTRA
BY MANU SHARMA
CUBE CHAT.indd 42 1/31/2013 6:27:16 PM
3 5 F E B R U A R Y 2 0 1 3 | ITNEXT
THEBIG
Your responses count. Log on to www.itnext.in/bigQ to submit your replies. The best entry will be published in the next print edition.
THE SITUATION...“How will Manoj Sahani ensure data secu-rity on the Cloud in his organisation?,”Every CIO or IT head is in a dilemma, thanks to the all pervasive Cloud. Manoj Sahani, Senior IT Manager of a large manufacturing firm, is no exception. However, Sahani’s company’s top man-agement has already given him the green signal to go ahead with the Cloud model, and migration of applications related to CRM, ERP, Mailing Solu-tions, communication server, document collabo-ration, designing applications, besides the data to the Cloud. Against this backdrop, Sahani’s biggest challenge is to choose the right service provider, evaluate the provider’s expertise in cloud deploy-ment, analyse the redundancy plan, besides working out a cost benefit analysis as part of the uninterrupted service agreement.Everything finally boils down to security with re-gard to the Cloud. Sahani’s task is to comprehend to size the exact Cloud configuration required for his applications and how he can make sure the
PARAG DEOD-HAR, CHIEF RISK OFFICER, CISO & VP-PRO-CESS EXCEL-LENCE, BHARTI AXA GENERAL INSURANCE CO. LTD
DR HARSHA, HEAD IT-CONSULTANT, HK IT GROUP
YAGNESH PARIKH, SENIOR VP-HEAD IT (TRADING), ICICI SECURI-TIES LTD
EXPERT PANEL
NEXT
CLOUD SECURITY
CLOUD AUDIT CRITICAL
CU
T I
T
FR
OM
HE
RE
performance and end user experience is not compro-mised. Above all, the grave concern is to safeguard the organisation’s data, in terms of devising the best guidelines and security certificates. Besides finding ways of converting local IT infrastructure based appli-cations into Cloud based as also the bandwidth sizing for each application, he must justify the ROI for Cloud based service compared with local IT Infrastructure. Also, he may be expected to manage with servers already invested in with the co-locating concept. Will all the service providers enable the co-locating server concept? Will his super administrators get data centre access round the clock if there are emergency reviews required? He must also devise strategies to understand the defaults and more secured IT security policies. The concern is to ensure that the cloud service provider provides clients a periodic upgrade and update on secu-rity and performance upgrade and update. Amid such ambiguities, Sahani’s primary focus is security and to evolve an effective security framework in a Cloud model. He seeks suggestions from the expert panel to address his concerns.
THE BIG Q.indd 35 1/31/2013 7:59:43 PM
sourCe: lBnl
“there have been new game changers to enhance the effi ciency of data centres, and the traditional philosophy of having high tech buildings no longer serves any purpose as they are energy hogs”
Dale sartor, Pe applications team, lawrence Berkeley national laboratory
Laboratory (LBNL), Berkeley, caught up with ITNext along with APC Schneider’s senior executives in a freewheeling chat. The discussion focused on the best practices that IT teams could follow to enhance data center efficiency, cut down power cost, lower TCO and optimise design elements.
Data Centre Criticalities and Chal-lengesSartor recommends that the first charter for any IT manager or data center operator is to challenge the conventional wisdom or approach to the data center. According to him, the conventional approach says: Data centers need to be cool and controlled to tight humidity ranges; they need raised floors for cold air distribution; they require highly redundant building infrastructure; and IT and facilities partnership are key. “But there have been new game changers to enhance the efficiency of data centers, and the traditional philosophy of having high tech buildings no longer serves any purpose as they are energy hogs,” says Sartor.
Dr Satish Kumar, Energy Efficiency Ambassador, Vice President, Schneider Electric India, affirms that the increased redundancy built in data centers seem to have increased the cost of maintenance as the loads of economies are different.
Aniket Patange, Director, Datacenter Lifecycle Services, Schneider Electric, finds the most challenging aspect to be delivering value while taking account of the people, process and technological framework of the data center lifecycle, even as there is no standard operating procedure to reduce cost.
The common challenge that these executives experience is that data centers are energy intensive facilities as the demand for storage surges; server
rack designs require more power, and there are power and cooling constraints in existing facilities.
Dr Satish says, “As the cost of power and power required for infrastructure increases, even surpassing the capital cost of IT equipment, the rise in total cost of ownership is alarming.”
Create DifferentiatorsThe key to addressing these challenges is creating
differentiators which can help organisations see the power cost lowered, energy saved and efficiency enhanced.
A logical calculation to data center energy efficiency according to Sartor is: Data center energy efficiency =15% (or less). (In other terms, Energy Efficiency = Useful Computation/Total Source Energy).
The task of defining the energy efficiency mechanism throws up an immense opportunity
Data Center Energy Efficiency = 15% (or less)
100 Units SourceEnergy
Typical Data Center Energy End Use
Power Conversions& Distribution
33 Units Delivered
35 UnitsPower Generation
(Energy Efficiency = Useful computation / Total Source Energy)
Server Load /ComputingOperations
CoolingEquipment
2 3F e b r u a r y 2 0 1 3 | itnext
Data Center | INSIGHT
Il
lu
st
ra
tI
on
: a
nI
l t
While challenging conventional wisdom, IT teams need to adopt new game changers with a holistic approach to enhance data center efficiency
BY N GEETHA
All Game for a Cool DC
Data center best practices have always been top priority for most IT teams across industries. In fact, data centers strive to provide custom-ers the most modern and efficient tools, both hardware and software,
ensuring that the best practices are deployed within data centers to make them more green and efficient.
A testimonial to this effect is APC Schneider
Electric, the data center energy efficient solutions provider, which has associated itself with Lawrence Berkeley National Laboratory to leverage certain best practices in bringing about energy efficiency at data centers and helping customers to deploy the best tools and approach to enhance efficiency.
As part of his visit to Schneider’s data center, Dale Sartor, PE, Applications Team, Building Technologies, at Lawrence Berkeley National
2 2 itnext | F e b r u a r y 2 0 1 3
3 EssEntial REads
Game changers for a cool data centre Pg 22
BigQ: Cloud audits are critical to any enterprise that plans to migrate to cloud Pg 35
Aiming to excel is Manuhaar's success mantra Pg 42
to hold on to, for they are the change that an organisation needs, the dose of fresh blood to rejuvenate stagnating systems and break the code to raise the bar. I was a bit aghast as to why you would want these potential revolutionaries to foment trouble in your peaceful systems. It was only much later that I realised the truth, after having to struggle against systems that stifled innovative thinking and breakthrough ideas; labeled potential change-makers as rebels and ganged up against them to stifle that lone voice of creative dissent. The herd mentality ruled—always.
Recently, while working on an article I again came across the terminology of change-makers. There is still a raging debate regarding the semantics, but slowly the world is agreeing on one thing—that within each one of us resides a change-maker. As managers with the responsibility of a team, and tomorrow perhaps a company, our role as change-makers is all the more important. It is our duty to bring in all those changes that would make our workplace better. It may be something as mundane as raising concerns regarding water conservation in washrooms to something more sublime like ethical corporate governance, gender sensitivity and client management.
The time to Change is Now!
IllustratIon: raj Verma
4 3J A N U A R Y 2 0 1 3 | ITNEXT
CUBE CHAT
SMTP, DHCP, FTP, DNS & File/Print services on many WinNT/2000, Linux & Netware servers. Besides, he also set up Lotus Notes Email on all the clients’ desktop.
After a two-year stint at CMC, Agrawalla joined Apeejay-Surrendra Park Hotels Ltd as Director – Corporate IT. Here, he was responsible for the IT infrastructure and application revamp, Accounting & Materials System Installation and also the Centralised Email system.
In 2004, Agrawalla, with an eye on future growth, decided to leave ‘The City of Joy’ and move to greener pastures. He joined as Systems Manager at The Oberoi, Bangalore. Some of his major achievements here were setting up the AD 2003 & Exchange 2003. In fact, it was a pilot site implementation of
centralised AD & Exchange. And what does he attribute his success
to? “I owe my success to hard work, and less to luck,” believes Agrawalla.
He then moved to Corporate IT at The Oberoi Group as Senior Manager-IT in Delhi and successfully implemented the Business Process Optimisation project (Finance, Procurement, HR & IT functions); BaaN ERP re-deployment and rolled out IT policy across the organisation.
Having put in about 13 years in this line, he plans to become a CIO in the near term and hopefully, CEO in the long term.
Agarwalla admires people like A P J Abdul Kalam and Amitabh Bachchan for their humility despite their achievements. He also likes Narendra Modi, CM of Gujarat, for the state’s development.
FACT FILE
NAME MANUHAAR AGRAWALLA
CURRENT DESIGNATION
SENIOR MANAGER IT
CURRENT ROLE INFRASTRUCTURE, APPLICATIONS, IT POLICY
EXPERTISE NET WORKS, INTERNET, FINANCE, PROCUREMENT
WORK EXPERIENCE 13+ YEARS
EDUCATION SENIOR MANAGEMENT PROGRAMME (IIM, CALCUTTA) – LONG DURATION PROGRAMME (1 YEAR) - 2011
STRATEGY, CORPORATE FINANCE, MARKETING, M&A, OPERATIONS & RISK MANAGEMENT
GRADUATE B. COM. ACCOUNTANCY, (UNIVERSIT Y OF CALCUTTA) 1997
PROFESSIONAL TRAINING & CERTIFICATIONS * GARTNER ALD FOR ASPIRING CIOS TRAINING 2012
* CISCO CERTIFIED NET WORK ASSOCIATE (CCNA) CERTIFICATION 2002
* CERTIFIED NOVELL ENGINEER (CNE) NET WARE 4.11 CERTIFICATION 1998
* DIPLOMA IN COMMUNICATION & NET WORKING TECHNOLOGY (ASSET INTERNATIONAL) 1998
FAVOURITE QUOTE KNOWLEDGE INCREASES WITH SHARING
FAVOURITE DESTINATION EGYPT
FAVOURITE BOOK ANGELS & DEMONS
“I owe my success to hard work and my
interest to learn new things and less to luck”
CUBE CHAT.indd 43 1/31/2013 6:28:01 PM
THE BIG Q
3 6 ITNEXT | F E B R U A R Y 2 0 1 3
THE BIG Q
3 6 ITNEXT | F E B R U A R Y 2 0 1 3
FIRST ANSWERSahani’s primary task is to evaluate the private Cloud, public Cloud and co-location scenarios and check for security certifications (ISO27000, 22301, etc). He should also do a due diligence / audit on the service pro-vider to ensure the level of security provided. He must ensure he has a NDA and legal agreement in place with the provider including the right to audit. SLAs should also be put in place as required. The service pro-vider must implement the following frameworks/tools: n Data Privacy Frameworks--ISO27001, PCI-DSS, HIPAA etcn Availability-ISO22301, high availability & DRn Confidentiality--IDAM, Strong Authentication, DLP suiten Event and Log monitoring--SIEMn Malware controls--AV, IDS/IPS, and WAF etc.
SECOND ANSWERAs part of the Cloud initiative, and even before leaping on to the Cloud,
Sahani needs to know a few security best practices in the Cloud framework and those that his service provider needs to work on.
Sahani can strictly follow an “information risk management” framework and must
undertake these tasks: a)Do a data classification and analyse what data will be stored in the Cloud. Depending on
the sensitivity of data, the service provider should to provide adequate security levels and certifications (for example, if credit card data is to be stored, PCI-DSS certification would be required).
b)It is important to understand whether the regulations allow data storage on the Cloud especially when the service provider may be hosting the infrastructure outside the country
c)Strong authentication tools need to be implemented--ideally, dual factord) How access controls will be managed--will users be able to access data from outside the
office network? If yes, what are the Data Leakage Prevention measures?e)Data Storage--segregated from other tenants, encryptedf)Data Availability--what are the requirements and how will it be managed, SLAs for
incident resolution, etc; Disaster Recovery capabilitiesg)Ensure that user ids and access rights granting / revocation and reconciliation process
is followed diligentlyh)Conduct regular audits on the service provider.
THE BIG QUESTIONS...? WHAT KIND OF SECURITY TOOLS OR FRAMEWORKS MUST SAHANI EVALUATE
OR DEPLOY TO MAKE HIS DATA SECURE ON THE CLOUD?
? WHAT ARE THE SECURITY BEST PRACTICES IN A CLOUD FRAMEWORK FOR HIS ENTERPRISE THAT HIS SERVICE PROVIDER NEEDS TO WORK ON?
HERE ARE THE ANSWERS...
PARAG DEODHAR
Chief Risk Officer, CISO & VP-Process
Excellence, Bharti Axa General Insurance
Co. Ltd
About me: A CA, Certified Information
Systems Auditor from ISACA, US and
Certified Fraud Examiner from ACFE, US and
board member on the Bangalore Chapter of
HAVE THE RIGHT TO AUDIT
THE BIG Q.indd 36 1/31/2013 8:00:41 PM
sangIta thakur Varma managing editor, India now
