editorial yashvendra singh | [email protected]

Open or Shut? The success (or failure) of open source in any enterprise will depend on the CIO

pen source has been became a reality when iconic can bear a negative or positive associated with it. It also focus- Oaround since a long time. technology companies such as impact depending on the way es on mitigating loss of IT value The editors at the first Oxford Mozilla Firefox browser, the open source is managed. An as a result of unmanaged open English Dictionary requested Apache HTTP Server and the enterprise technology decision source solutions within the inputs from amateur readers Linux operating system came maker should, therefore, weigh enterprise. Only time will tell if — a classic example of open into being. both the advantages and disad- his initiative bears fruit or not. collaboration and innovation. Open source also draws it vantages associated with open In this issue’s cover story, we Cornish engine, a type of steam power from the concept of col- source software before coming explore the current status and engine that was developed laboration. It allows people to to a conclusion. the future of open source in the in the 18th century in England analyse any product’s source Traditionally, the biggest Indian enterprises. We spoke to for pumping water from a code and gives them the free- advantage of open source has top CIOs, open source vendors mine, was also a result of infor- dom to alter it and distribute it been its low capex. The biggest and industry experts before mation sharing and innovative as they deem fit. downsides include audit com- coming out with the verdict. But IP arrangements. However, as with every tech- pliance and lack of service whatever may be the future of However, when the free soft- nology, there are positives and support (as compared to pack- open source, one thing is very ware movement took shape in negatives with open source also. aged software). clear. The success (or failure) of the 1980s, it all appeared like Areas of productivity, security, I recently met a CIO who has open source in any enterprise a dream. The dream, however, efficiency and functionality approached open source in a will depend on the CIO. different way. He has set up an As always, we look forward to ‘open source governance pro- your feedback. gramme’ within his company. editors pick Sponsored by his office and endorsed by a team comprising 22 Open Source: key business unit heads and IT Health Check people, the programme’s man- Is open source dying? Is it in date is to maximise and unlock the pink of health? We present the current condition the true value of open source and future well-being of open solutions and at the same time source in Indian enterprises endeavour to minimise risks

October 07 2013 1 OCTOber 2013

22

Cover Story RegulArs 22 | Open Source: Health Check 01 | Editorial 10 | Ent erprise Is open source dying? Is it in the pink of Roundup health? We present the current condition 48 | viewpoint CIO & LEADER.COM BEST OF BREED NEXT HORIZONS VIEWPOINT Volume 02 Creating Value Via Seizing the Fail Factors: Issue 13 IT Consumerisation Pg 17 Opportunity Pg 32 Why Startups Die Pg 48 October 07 2013 150

and future well-being of open source 13 TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF MAKING A SUCCESSFUL CIO TRANSITION OPEN | CIA WRESTLES WITH ANALYTICS CHALLENGES SOURCE HEALTH CHECK IS OPEN SOURCE DYING? IS IT IN THE PINK OF HEALTH? We present the current condition and future well-being of open source in Indian enterprises Copyright, All rights reserved: Reproduction in whole or in part without written permission from PAGE 22 Please Recycle Volume 02 | This Magazine Issue 13 Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine A 9.9 Media Publication And Remove Inserts Before Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Cover Design by Recycling Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Manav Sachdev

2 October 07 2013 www.cioandleader.com

Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Correspondent: Debashis Sarkar DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Director: Anil T Sr. Visualisers: Manav Sachdev, Shokeen Saifi & Sristi Maurya Visualiser: NV Baiju Sr. Designers: Shigil Narayanan, Haridas Balan & Manoj Kumar VP Designers: Charu Dwivedi, Peterson PJ Pradeep G Nair, Dinesh Devgan & Vikas Sharma MARCOM Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on 14 Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay A Question of answers NEXT100 ADVISORY PANEL Manish Pal, Deputy Vice President, Information Security Group 14 | The Protect and Attack Strategy (ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Rahul Agarwal, Executive Director, Farhan Khan, Associate Vice President – IT, Radico Khaitan Berjes Eric Shroff, Senior Manager – IT, Tata Services Sharat M Airani, Chief – IT (Systems & Security), Forbes Marshall Commercial Business, Lenovo India, Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group talks about Lenovo’s India plans Sales & marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) BRAND & EVENTS Brand Manager: Jigyasa Kishore (+91 98107 70298) 42 | tech for gov- Product Manager-CSO Forum: Astha Nagrath (+91 99020 93002) Manager: Sharath Kumar (+91 84529 49090) ernance: leaked Assistant Manager: Rajat Ahluwalia (+91 98998 90049) data and creden- Assistant Brand Managers: Nupur Chauhan (+91 98713 12202) Vinay Vashistha (+91 99102 34345) tials With the rise of Assistant Manager – Corporate Initiatives (Events): Deepika Sharma web-based apps, the threat Associate – Corporate Initiatives (Events): Naveen Kumar model has changed Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari advertisers index 17 | Best of breed: 32 | Next Hori- ’ OFFICE ADDRESS Smartlink IFC Published, Printed and Owned by Nine Dot Nine Interactive Pvt creating Business zons: seizing the Ltd. Published and printed on their behalf by Anuradha Das Dell 4, 5 Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, value via it consum- opportunity Today’s SAS Institute 8, 9 Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd. erisation Done right, external market condi- Juniper 37 A-46-47, Sector-5, NOIDA (U.P.) 201301 Vodafone IBC For any customer queries and assistance please contact [email protected] a top-down IT consum- tions can help you Lenovo BC erisation strategy can create internal growth This index is provided as an additional maximise business opportunities service.The publisher does not assume any liabilities for errors or omissions. value for a firm

October 07 2013 3 Global technology provider achieves three-fold increase in data centre capacity

With volatility, economic uncertainty, fast evolving technologies and ever-changing customer needs eroding business and IT capabilities, the stakes have never been as high as it is today. The Challenge Enterprise eciency, operational results and prompt client responsiveness are no longer good to have but a necessity in today’s cut-throat marketplace. Data centre storage Huge administrative capacity and performance overheads for the IT team At UST Global, a next generation IT service and business process outsourcing provider to capabilities stretched Global 1000 firms, client responsiveness was a critical business mandate. However, an ageing and overburdened IT infrastructure meant that its system could no longer keep pace with customer Expenses service demands. This posed a huge challenge as UST Global was unable to predict storage allocations, resulting in unnecessary purchases of extra capacity and subsequent administrative overheads.

UST Global accordingly turned to Dell to enable them to take advantage of the latest virtualization technologies in its journey to data centre transformation. The Strategy Virtualization: Future Proofing the Data Centre Dell’s transformative solutions, powered by Intel® technology were critical in accelerating UST Global’s A future-proof, virtualized journey to the next-generation data centre. data centre to meet growing business demands Intelligent storage management Assured business continuity Leveraging the powerful combination of PowerEdge™ Dell Compellent’s in-built architect for blade servers, Compellent™ storage arrays and continuous availability and a 60-minutes VMware® vSphere™ 5 technology, Dell created a system recovery ensures business processes custom-built, virtualized data centre for UST Global. continue uninterrupted at UST Global. What The extensive design and engineering of Dell’s more, Dell Copilot Support, the most virtualization solution enables UST Global to quickly proactive, comprehensive 24x7 support in deploy network and storage resources into production the industry, drives optimal day-to-day Results environments, thus ensuring prompt responses to operations at UST Global. client requests. Enhanced productivity ROI achieved 50% Improved client & performance faster than planned responsiveness Today, UST Global’s future-proof, virtualized data centre has completely transformed its IT operations, resulting in significant benefits to the business. With a three-fold increase in server capacity, lower data centre footprint, and a dramatic reduction in resource provisioning time from six weeks to mere hours, UST Global is able to meet its customers’ requirements and drive business growth with ease. Last, but not least, UST Global has achieved ROI 50% faster than anticipated - an amazing feat, made possible by Dell.

To know more on how Dell Enterprise Solutions & Services, powered by Intel® technology, can help you ROI Speed overcome your business challenges, visit www.dell.co.in/domore

Important Dell Details: DELL’s TERMS AND CONDITIONS: All sales subject to Dell’s terms and conditions, see http://www.dell.co.in/tnc OR provided on request. MISTAKES: While all eŸorts are made to check pricing and other errors, inadvertent errors do occur from time to time and Dell reserves the right to decline orders arising from such errors. MORE INFORMATION: Go to http://dell.co.in/details. TRADEMARKS: Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. | © 2013 Dell Inc. All rights reserved. Global technology provider achieves three-fold increase in data centre capacity

With volatility, economic uncertainty, fast evolving technologies and ever-changing customer needs eroding business and IT capabilities, the stakes have never been as high as it is today. The Challenge Enterprise eciency, operational results and prompt client responsiveness are no longer good to have but a necessity in today’s cut-throat marketplace. Data centre storage Huge administrative capacity and performance overheads for the IT team At UST Global, a next generation IT service and business process outsourcing provider to capabilities stretched Global 1000 firms, client responsiveness was a critical business mandate. However, an ageing and overburdened IT infrastructure meant that its system could no longer keep pace with customer Expenses service demands. This posed a huge challenge as UST Global was unable to predict storage allocations, resulting in unnecessary purchases of extra capacity and subsequent administrative overheads.

UST Global accordingly turned to Dell to enable them to take advantage of the latest virtualization technologies in its journey to data centre transformation. The Strategy Virtualization: Future Proofing the Data Centre Dell’s transformative solutions, powered by Intel® technology were critical in accelerating UST Global’s A future-proof, virtualized journey to the next-generation data centre. data centre to meet growing business demands Intelligent storage management Assured business continuity Leveraging the powerful combination of PowerEdge™ Dell Compellent’s in-built architect for blade servers, Compellent™ storage arrays and continuous availability and a 60-minutes VMware® vSphere™ 5 technology, Dell created a system recovery ensures business processes custom-built, virtualized data centre for UST Global. continue uninterrupted at UST Global. What The extensive design and engineering of Dell’s more, Dell Copilot Support, the most virtualization solution enables UST Global to quickly proactive, comprehensive 24x7 support in deploy network and storage resources into production the industry, drives optimal day-to-day Results environments, thus ensuring prompt responses to operations at UST Global. client requests. Enhanced productivity ROI achieved 50% Improved client & performance faster than planned responsiveness Today, UST Global’s future-proof, virtualized data centre has completely transformed its IT operations, resulting in significant benefits to the business. With a three-fold increase in server capacity, lower data centre footprint, and a dramatic reduction in resource provisioning time from six weeks to mere hours, UST Global is able to meet its customers’ requirements and drive business growth with ease. Last, but not least, UST Global has achieved ROI 50% faster than anticipated - an amazing feat, made possible by Dell.

To know more on how Dell Enterprise Solutions & Services, powered by Intel® technology, can help you ROI Speed overcome your business challenges, visit www.dell.co.in/domore

Important Dell Details: DELL’s TERMS AND CONDITIONS: All sales subject to Dell’s terms and conditions, see http://www.dell.co.in/tnc OR provided on request. MISTAKES: While all eŸorts are made to check pricing and other errors, inadvertent errors do occur from time to time and Dell reserves the right to decline orders arising from such errors. MORE INFORMATION: Go to http://dell.co.in/details. TRADEMARKS: Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. | © 2013 Dell Inc. All rights reserved. by Nitin Jadhav, CTO, ESDS Software Solutions the author has more than seven years of experience in the IT industry I Believe and is responsible for managing the IT department of ESDS

banking software hosted and man- aged by our highly skilled team of technology specialists. In a bid to provide disaster recov- ery at a very low and affordable cost, ESDS has developed a solution named disaster recovery as a service (DRaS) that can save up to 90 per- cent of banks DR costs. In the event of a disaster, banks would be able to continue running their systems from a remote location, using ESDS' eNlight Cloud Services. Once the bank has re-established its physical location, we will send the mirror image of the bank's system to the reconstructed facility. Moving to the cloud will reduce disaster recovery time for your bank to a matter of hours from two to three days and banks would only pay for the service when disaster actually strikes. According to a circular by RBI in 2011, banks are required to keep records (hard copy & soft copy) for 10 years of transactions in a man- ner that the retrieval of data is fast and easy. To overcome this problem, we have come up with a robust web based document management sys- tem that we offer as a service to the banks. Documents are converted into electronic format and stored on a central server which can then be accessed for reading or print- ing from any location via secured access. This saves lot of time and money that is spent in maintenance current Core Banking challenge of records. While 100,000 pages require 10 physical cabinets for fil- Innovation reduce disaster ing, in electronic format they can recovery costs be saved on couple of DVD’s. We ESDS’ hosted core banking solution for banks believe that banks should focus on managing their business rather than helps banks with low capex budgets papers. ESDS has also built state we a ESDS have innovated core banking to be provided on SaaS model. of the art data centers for banks on This model will benefit small and medium sized banks that are not able to BooT model and are being managed afford the Capex associated with setting up their own data center or purchas- and maintained by our technical ing the software outright. Our hosted core banking solution provides banks, staff. Besides, we are also providing credit societies and microfinance institutions access, via the internet, to core ATM/card switch solutions.

6 October 07 2013 LETTERS

CIO&Leader LinkedIn Group Join over 900 CIOs on the CIO&Leader LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CIO&Leader group at:

www.linkedin.com/ groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are: Virtual CTO/CIO A long term IT partner for your business growth

This is a model that SMBs are slowly waking up to. CIO&LEADER. COM While their IT head can chip away with his day-to-day Mohit Puri, Country activities, an external help (a part time CIO) can give their Manager, India and IT a proper direction and can review performance to SAARC, Watchguard, feels social media is are CTOs more ensure the company's objectives are met. exposing enterprises to new threats interested in http://www. —Balasubramanian S R cioandleader.com/ satisfying the CFO & Business & IT Consultant cioleaders/opin- ions/9807/social- media-changing- Board rather than security-landscape the consumer? If CTO is aligned to the CFO and the Board in that order. The CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the consumer? If he is not, then he may be in hot water Opinion sooner or later. what should a ciso arun gupta, CIO, Cipla outsource?

Altaf Halde, MD (South Asia), Kaspersky, India, talks about information security WRITE TO US: CIO&Leader values your feedback. We Business is increasingly adopting new technologies want to know what you think about the magazine and how without considering the security implications. to make it a better read for you. Our endeavour continues to be work To read the full story go to: http://www.cioandleader. in progress and your comments will go a long way in making it the com/cioleaders/features/15071/ciso-outsource preferred publication of the CIO Community.

Send your comments, compliments, complaints or questions altaf halde, MD (south about the magazine to [email protected] asia), kaspersky labs, india

October 07 2013 7 “An ideal platform for business leaders to share leadership strategies and help business flourish” ISHAAN SURI DIRECTOR, INTERARCH BUILDING PRODUCTS

COCOBERRY | OZONE OVERSEAS | DTDC | DHANUKA AGRITECH | HOLOSTIK | PRECISION INFOMATIC CEOs JUST JOINED SHRI LAKSHMI COTSYN | O3 CAPITAL | EMI TRANSMISSION | GRAVITA INDIA | AND MANY MORE...

Inc. India invites all CEOs and MEMBERSHIP BENEFITS Annual membership to Inc. India Leaders Forum will entitle you to the following benefits founder managers to an exclusive membership programme which fosters knowledge PEER LEADERSHIP SUMMITS BRIEFING SESSIONS COMPLIMENTARY RESEARCH AND sharing in the NETWORKS Annual meeting to A series of quarterly ADVERTISEMENT ADVISORY community and Provides an opportunity set the agenda for the meetings throughout the Access to the 9.9 Media Access to our in-house strengthens for chief executive officers community’s strategic year. Constructive debate, bouquet of magazines research reports on and owner managers and most current issues. diverse opinions and in- for complimentary issues of relevance to your efforts to to engage with a ‘like- The Forum’s summits depth discussions provide advertising (Includes: Inc. high-growth companies. build and take minded’ peer group. bring together a focused a premier networking and India, CTO, CIO&Leader, your enterprise audience and authoritative instructive forum CFO, IT Next, EDU & I2) to the next speakers, in a highly interactive format level of growth and business Membership to Inc. India Leaders’ Forum is corporate but limited to Entrepreneurs, Directors and Chief Executive Officers excellence

TO KNOW MORE ABOUT THE MEMBERSHIP PROGRAMME Please contact Rajat Gupta at [email protected] or call at 0120-4010 914

feature Inside Enterprise Big Data Investments to Rise in 2013: Round-up Gartner Pg 12 illustration by anil t illustration IBM Unveils SmartCloud Business Data Briefing Solution It will allow executives to quickly move their business processes into the cloud 38% IBM has introduced a new cloud and mobile- same time, customer service leaders can launch audio Growth of public enabled social business software and service capabili- and video based desktop and mobile conferences to cloud services ties dubbed as IBM SmartCloud. The new offering review the latest training materials with their global from IBM will allow line of business executives team in order to improve service to customers. market in India in to quickly move their business processes into the IBM SmartCloud Connections includes new fea- 2013 cloud to drive better decision making and increase tures, such as mobile file synch and share. Now any productivity. With this solution, line of business lead- employee can access the cloud and share important ers in sales can update a customer presentation on documents in the way that works best for them, their iPad in real-time, incorporating feedback from whether online or offline, on their smartphone or tab- a meeting that just ended. The executive can then let, desktop application or browser. IBM SmartCloud synch the newest version into the cloud to ensure the Connections includes new community features such entire team has access to the latest document. At the as social bridging.

10 October 07 2013 Enterprise Round-up

They Mark Said it Zuckerberg

Zuckerberg feels that when he started Facebook, he could build it because he had access to the Internet and a few basic tools that gave him what he needed to build this for the world.

“And if we can get to a point where everyone around the world has access to those same tools, then everyone is going to be able to benefit llustration by shigil N arayanan I llustration from the innovation and ideas Firms Fear Privacy Activities and hard work of billions of Are Insufficient They consider people around the world.”

privacy aspects in an ad hoc fashion — Mark Zuckerberg Founder, Facebook The perceived level of maturity attached to organisations' privacy activities has decreased since 2011, as many organisations deem their existing privacy activi- ties to be inadequate, according to a survey by Gartner. The survey found that 43 percent of organisations have a comprehensive privacy management programme in place, while seven percent admitted to “doing the bare minimum” regarding privacy laws. “More than a third of organisations still 'consider privacy aspects in an ad hoc fashion' and it is surprising that so many companies are saying that they are not conducting privacy impact assessments before major projects. Sixty-two per cent do not scan websites and applications, or conduct an organisation-wide privacy audit every year. organisations must put these activities on their to-do list for 2014,” said Carsten Casper, research vice president at Gartner. These results are based on 221 respondent organisations surveyed in April and May 2013 in the US, Canada, the UK and Germany that are responsible for privacy, IT risk management, information security, business continuity or regulatory com- pliance activities.

Quick Byte on Entertainment Almost 50 percent of device screen time is spent on entertainment, such as playing games, reading books, watching live TV or listening to music/ radio, according to a recent end-user survey by Gartner

illustration BY S higil N arayanan illustration —Gartner

October 07 2013 11 Enterprise Round-up

ment plans around big data, stages of big data adoption, business problems solved, data, technology and challenges. The survey found that of the 64 percent of organisations investing or planning to invest in big data technology in 2013, 30 percent have already invested in big data technology, 19 percent plan to invest within the next year, and an additional 15 percent plan to invest within two years. Industries leading big data investments in 2013 are media and communications, banking, and services. Thirty-nine percent of media and communications organisa- tions said that they have already invested in big data, followed by 34 percent of banking organisations and 32 percent of services fir Planned investments during the next two years are highest for transportation (50 percent), healthcare (41 percent) and insur- ance (40 percent). However, every vertical industry again shows big data investment and planned investment. source BY photos.com From a regional point of view, North America continues to lead investments with Big Data Investments to Rise 38 percent of organisations surveyed say- ing that they have invested in technology in 2013: Gartner 64 percent of specifically designed to address the big data challenge. Asia/Pacific organisations were organisations will invest in big data notably ambitious with 45 percent indicat- technologies in 2013 ing that they plan to invest during the next two years. Consistent with Gartner experi- Big data investments in 2013 continue to said Lisa Kart, research director at Gartner. ence, EMEA and Latin America tend to lag rise, with 64 percent of organisations invest- “Our survey underlines the fact that organ- in technology adoption, for which big data ing or planning to invest in big data tech- isations across industries and geographies is no different. Regardless of geography, nology compared with 58 percent in 2012, see ‘opportunity’ and real business value investment typically has different stages according to a survey by Gartner. However, rather than the ‘smoke and mirrors’ with that organisations go through. It starts with less than eight per cent of survey respon- which hypes usually come.” knowledge gathering, followed by strategy dents have actually deployed. The Gartner survey of 720 Gartner setting. The investment is small, and mostly “The hype around big data continues to Research Circle members worldwide, which consists of time. Then it is typically fol- drive increased investment and attention, was conducted in June 2013, was designed lowed by an experiment or proof of concept. but there is real substance behind the hype,” to examine organisations’ technology invest- Still, the investment is small and tentative. Then, after completing a successful pilot, the first deployments take place. Here the investment curve rises. Over time, business Global Tracker operations start to rely on the deployments, and the investments move from implement- ing systems to managing them. Gartner has reduced its “For big data, 2013 is the year of experi- forecast of expenditure on mentation and early deployment,” said Frank Buytendijk, research vice president at public cloud services in India Gartner. “Adoption is still at the early stages by two percent for 2013 to with less than eight per cent of all respon- $434 million from the earlier dents indicating their organisation has estimate S ource by photos.com deployed big data solutions.”

12 October 07 2013 Enterprise Round-up

meet their specific business needs,” said Thomas Oracle Brings Kurian, executive vice president of product devel- Security 10 Services To opment, Oracle. 10 new Oracle Cloud services include: Oracle Cloud The Compute Cloud: Enables customers to leverage new services expand elastic compute capabilities to run any workload in the cloud. Oracle’s portfolio Object Storage Cloud: Provides users with a highly-available, redundant, and secure object store for persisting large amounts of data. Database Cloud: Provides full control of a dedi- cated database instance and supports any Oracle database application Java Cloud: Provides Oracle WebLogic Server AS has announced the clusters for deployment of Java applications and Slaunch of a new software gives full administrative control over the service suite which will help modernise with automated backup, recovery, patching and public security organisations high availability capabilities. worldwide, in managing both big BI Cloud: Enables users to analyse data with data and big budget deficits. visual, interactive dashboards for the Web and The new platform combines mobile devices. SAS Analytics and SAS Secu- Documents Cloud: Provides a flexible, self-ser- rity Intelligence with Memex’s vice file sharing and collaboration solution with secure search and intelligence- mobile and desktop sync. management technologies. The Mobile Cloud: Simplifies enterprise mobile con- new offerings are the culmina- source BY photos.com nectivity, enabling enterprises to build any app, tion of SAS’ 2010 acquisition Oracle has announced launched 10 new for any device connected to any data source. of Memex, a worldwide leader cloud services in its Oracle Cloud portfolio as Database Backup Cloud: Enables businesses in intelligence management. it sees organisations of all sizes eager to move to backup Oracle databases to the Oracle cloud. Part of a broader suite of secu- more of their information systems to the cloud. Billing and Revenue Management Cloud: Enables rity intelligence solutions that The new services expand Oracle’s comprehensive enterprises with robust and highly scalable sub- address fraud, financial crimes portfolio of Application, Social, Platform and scription billing to capture recurring revenues and cybersecurity, the new SAS Infrastructure Services and are all available on a from new services. portfolio covers four critical areas subscription basis. Cloud Marketplace: Provides a global market- of public security: law enforce- “To realise the true benefits that cloud computing place where partners can publish applications and ment, national security, fusion offers, organisations need access to flexible, reli- customers can browse through and discover new centres and border control. able and secure cloud services that are designed to solutions to address their business needs. SAS for Law Enforcement: Helps law enforcement combat crime and terrorism more effec- Fact ticker SAP University Alliances (UA) which tively, and enhance customer has already educated over 147,000 service, improve officer safety SAP to Unveil Student students from over 90 schools in and ensure compliance while Start-ups It is aimed to foster a India on SAP HANA. reducing cost. “It is important for organisations SAS for Intelligence Manage- culture of innovation today to play an active role in ment: Makes it easier for agen- Sap has announced that it will Additionally, SAP will unveil the developing more readily employable cies to direct, track and audit host the second edition of its youth Student Start-ups on SAP HANA talent. Through the engagements information as it moves through- focused event – SAP Techniversity program, aimed to foster a culture that SAP undertakes, students from out the system. at KTPO in Whitefield,B angalore on of innovation among engineering across Karnataka are exposed to SAS for Fusion Centers: 28 September 2013. The day-long students. Through the program, and educated on the latest trends Consolidates information from event will see 5624 students from SAP educates students on SAP and technologies that shape the diverse sources and formats, 348 colleges across India learn HANA and supporting technolo- IT industry in our State,” said M N creating a single, consistent view about the latest trends in technol- gies, and mentors them through the Vidyashankar, Principal Secretary of intelligence to prevent terrorist ogy and unwind though a variety of prototype and development phase Commerce and Industries Depart- and criminal activity. cultural performances. of their projects. This is in addition to ment, Government of Karnataka.

October 07 2013 13 Growth Mantra: Building a new channel ecosystem for the tablets/ smartphones rahul agarwal | A Question of answers

rahul agarwal | lenovo The Protect and Attack Strategy In conversation with Yashvendra Singh, Rahul Agarwal, Executive Director, Commercial Business Segment, Lenovo India, talks about Lenovo's plans for the Indian market

What is your strategy to pro- making it the clear #1 PC company However, our investment in the tect PC market share, at the in the world for the first time. This PC market won’t lessen as we believe same time increasing the market was a very important milestone for that there are sufficient opportunities share in notebooks, smart phones Lenovo, and besides sustaining lead- for profitable growth owing to the and tablets segment? ership in the PC category, the com- low PC penetration in the country We follow a strategy called ‘Protect pany consciously focused on leverag- (nine-10 percent). The PC will always and Attack’ which refers to protect- ing new opportunities, by expanding remain at the heart of the products, ing our strengths where we enjoy into PC+ category which consists of it will just evolve into different form strong lead (PCs) and attacking areas smartphones, tablets and smart TVs. factors such as the hybrid, convert- of greatest potential (PC+ devices like IDC’s 4Q12 Worldwide Smart Con- ibles etc. Our innovation is clearly Tablets, Smartphones, Convertibles, nected Device Tracker recognized reflected in events like, the CES etc.). Lenovo clearly exhibits strong Lenovo as the world’s third largest 2013, where we won more than 50 business momentum and proves that maker of “smart connected devices,” awards across various categories. Protect and Attack is the right strategy. trailing only Samsung and Apple. With our brand repute, strong enter- Although the global PC market This will be our main area of invest- prise market share, category defin- continued to decline, Lenovo still ment this year. We have a wide array ing innovative products, and a clear delivered strong results. In FYQ1 of innovative products, which we will roadmap to lead the PC+ category, we 2013, Lenovo’s witnessed a record bring to India as per the needs and are aiming to be one of the leaders in share of 16.7 percent (as per IDC), demands of the market. the PC+ Era.

October 07 2013 15 A Question of answers | rahul agarwal

In this era of BYOD, how you are planning to attract enter- prise customers? Do you have any “The future of products specific features/ application for for the enterprise PC business users? market is likely to be The future of products for the enterprise PC market is likely to impacted greatly by be impacted greatly by mobility. mobility” There will be an increased interest in technologies like cloud comput- ing, enterprise grade tablets and other mobility based devices, as and when more organisations realise the potential of technology as a business enabler. These technologies not only drive process innovation, and reduce operational costs, but also help the organizations to focus on their core skills and increase productivity For CIOs and CTOs, safeguard- ing data assets of the enterprise while supporting BYOD, will always remain a real challenge. Hence we see greater implementation of enter- prise grade mobile computing devic- es, as they provide added security features to end users while giving the same level of user experience. We have a dedicated line of prod- ucts to meet the needs of varied way and have tied up with new part- high end offerings which has been things I enterprise customers. We introduced ners to sell these products. Believe in well received in the market ThinkPad Twist, especially for the Simultaneously, our legacy part- There are high end tablets target- SMB customers, ThinkPad Helix ners will get a novel product to sell For CIOs ing corporate users. Few of our mar- with advanced mobility features, which is going to be an extension and CTOs, quee products in this category are the which has a detachable screen that of their footprint. This will help us safeguarding ThinkPad tablet and the ThinkPad data assets of can be used as a tablet, ThinkPad X1 gain new customers from newer tablet 2. These tablets offer a com- the enterprise Carbon — a premium business seg- market segments. while supporting fortable screen size which is very ment ultrabook, ThinkCentre TINY, BYOD, will convenient for viewing documents which is the world’s smallest desktop Smart phones/tablets these always remain a on the go. The enterprise tablets also PC, aimed at saving commercial real days offer similar features. real challenge offer a higher grade of security as estate, and our recent launch, Think- Keeping that is mind what is your compared to the consumer tablets. We have a Pad tablet 2, which is a Windows strategy to gain market share, dedicated line of The ThinkPad tablet 2 also comes based tablet with enterprise grade especially among the enterprise/ products to meet with a stylus and a port to attach security features business users? the needs of an external keyboard which makes Innovation is what sets us apart varied enterprise working and editing an easier task. customers How is your partnership with and we will leverage it to build and As of now, we don’t have plans to

EMC flourishing? How is it grow our existing product portfolio. We are pushing introduce smartphones for the enter- helping you to boost business into We have a wide range of products the Iomega brand prise space networking equipment space? targeting different segments. For the in India in a big We are building a new channel eco- As an outcome of this partnership, Government and education deals, way and have system for the tablets/smartphones. tied up with new we have started selling Iomega prod- we have a variety of Android tablets. The process takes time, but we are partners ucts globally, and these products Similarly, for smartphones, we have confident of setting up an effective are completely retailed through our a wide range of products covering all system which will help us maximise channel partners. We are pushing the price segments and markets. The our reach. We will leverage our cur- the Iomega brand in India in a big recently launched K900 is one of our rent partners wherever possible.

16 October 07 2013 Best of

BreedFeatures Inside Making a Successful CIO Transition Pg 20 i on BY Photos.com Illustrat Creating Business Value Through IT Consumerisation Done right, a top-down IT consumerisation strategy can maximise business value for a firmBy Jack Cooper, Evangelos Katsamakas and Aditya Saharia

T consumerisation refers to the increasingly transformational impact of consumer IT on enterprise IT. Smartphones and tablets, mobile apps and app stores, cloud services such as e-mail, storage and collaboration tools, and social networks and related social technologies are some prominent examples of the consumer IT that is transforming enterprise IT. In many organisations today, IT consumerisation is occurring as an unmanaged afterthought drivenI by employees and enabled by functionally powerful, accessible, and pervasive technol-

October 07 2013 17 BEST OF BREED | management

ogy that frees employees to work anytime, need to make sure that business processes and investing in early-stage companies is a anywhere. It is an emergent and haphazard are revised (and even reengineered) to cre- mutually beneficial arrangement; PepsiCo bottom-up process, with more and more ate additional business value. Organisations provides mentoring and financial resources employees bringing their own devices, apps need to establish an environment where and, in return, gets early access to these and cloud services into the workplace. innovation in the devices and apps are startups’ new products and ideas. Attempting to block the growth of IT continually evaluated and tested, and when Leverage the apps ecosystem and re-eval- consumerisation or deciding to ignore it are appropriate, employees are given guidelines uate traditional enterprise IT vendors. The both fatal strategies. They could expose an for their use in work-related activities with- very same technologies that drive IT con- organisation to security risks, and reduce out compromising corporate security and sumerisation have opened the floodgates the competitive position of the organisation privacy standards. For example, Vanguard for the development of innovative apps by due to its failure to exploit emerging digital continues to drive IT consumerisation with digital startups that grow on a variable costs innovations that can increase revenues, its Enterprise 2.0 (E2.0) agenda. Through basis and require much lower capital than profits and productivity. its E2.0 pillars of mobility, enriching com- in the past. A digital startups ecosystem is What organisations need is an IT con- munication, and collaboration, Vanguard now in place, in which small, agile teams sumerisation strategy that maximises busi- continues to mature the ability to allow “the of motivated and skilled individuals can ness value. A top-down strategy needs to be crew” (as Vanguard employees are called create new apps, outperforming larger soft- developed whereby IT consumerisation is internally) to securely access corporate ware producers that operate with extensive exploited and management gains control of systems remotely, or on campus, using bureaucratic controls. This app develop- the use of IT consumerisation devices, apps an assortment of handheld technologies, ment trend suggests that vendors that domi- and services in the workplace. Management while maintaining strict controls that are nated the enterprise IT landscape in the needs to provide leadership in defining mandated by several regulatory agencies in past might be less relevant in the future. business goals and process changes and to the financial services industry. Vanguard Redefine IT management priorities. set rules about how devices, apps and ser- has business and IT-partnered teams that When Bristol-Myers Squibb decided to vices are selected, validated, introduced and focus on evaluating market trends and adopt a single instance of SAP globally in managed. At the same time, organisations developing solutions in mobile applications, early 2000, like many large IT projects, need to realize that a comprehensive IT collaboration, cloud computing, virtualisa- there was significant organisation inertia. consumerisation strategy goes beyond being tion, unified communications and agile (Disclosure: One of the authors, Jack Coo- your own device (BYOD) management. development, all in the spirit of producing per, was the global CIO of Bristol-Myers Based on our discussions at the Fordham greater business value and increased speed Squibb and a member of the executive team CIO Roundtable meetings, we’ve found to market. Additionally, an organisation may overseeing the implementation at the time.) these six factors to be important in the suc- undertake its own app development effort, In many cases, Bristol-Myers Squibb man- cessful management of IT consumerisation. either internally or by investing in early- agers strongly resisted any changes in the Focus on innovation to create business stage IT ventures. For example, for the past structure as well as in business processes. value. IT consumerisation is changing the several years PepsiCo has invested 10 per- One of the factors leading to the success of way we think about the role of IT in defin- cent, on average, of the digital-media budget the SAP implementation, which produced ing and supporting business strategy. Like of its US beverage brands in startups. Pepsi- more than $3 billion in productivity gains, other disruptive technologies of the past, we Co management believes that working with was that the change was lead from the top down. The project was mandated by the Bristol-Myers Squibb executive team and all throughout the project, senior executives from different areas of the company empha- In cases when the adoption sized the importance of seeing the project to a successful completion. of new technology conflicted In the past, almost all large implementa- tions of systems that would have a major with corporate standards, effect on work required a careful and struc- tured change management process that had the IT department has to to be coordinated across many different organisational units. In these projects, the take a firm stand and say no IT department played a key role in change management and setting standards. In to ad-hoc adoptions cases when the adoption of new technology conflicted with corporate standards, the IT department had to take a firm stand and say no to ad-hoc adoptions.

18 October 07 2013 management | BEST OF BREED

IT consumerisation has changed this equation. We no longer have an environ- ment where every piece of technology is purchased and deployed by the IT depart- Companies need to rethink ment. In this new environment, IT man- agement must be an enabler, not a blocker. IT management priorities and It has to allow managers of individual departments to set adoption priorities and establish an environment where to leverage end user knowledge and produc- tivity. As access devices move away from the innovative applications can be purview of the IT department, there will be a natural shrinkage of corporate IT budgets quickly and easily evaluated and, perhaps, a corresponding decline in internal political power. IT managers must learn to deal with this new reality. Adoption company’s definition of "appropriate use" much an employee uses BYOD in perform- of new and innovative IT consumerisation may be more limiting than the legal defini- ing company work. Each of these programs apps will still require funds from corporate tion. Also, a company may at any time or has their respective pluses and minuses. In budgets, and some of the app funding may place compel an employee to examine the developing a strategy for managing BYOD mean reduced funding for legacy systems device (and in case of a company-owned costs and reimbursement, an organization maintenance and support of in-house IT device, surrender the device) to determine must bear in mind that the use of BYOD for infrastructure and systems development. the appropriateness of the data stored on company work has the potential to expand Manage the new security risks. Using IT the device and to determine the usage in sharply for an extended period, which may consumerisation apps in an organisation work-related activities. lead to increasing reimbursement costs for increases security risks since traditional IT Determine and control BYOD costs and the organisation. security perimeter defenses cannot protect reimbursement. Costs for apps and the BYOD: An Opportunity to Create Busi- data when BYOD exists in the workplace. usage of smart devices vary from location to ness Value. While managing IT consum- Using a data-centric approach and encryp- location. In many cases, employees may be erisation is a challenging task, and one that tion technology can mitigate the risk of data willing to buy their own devices and pay the involves great changes in the workplace, breaches. Other steps that can reduce secu- monthly costs with little, if any, reimburse- it also provides a strategic opportunity rity risks include the validation and testing ment. But, in general, we expect employees to create business value. In this article, of BYOD apps for possible security risks; and organisations to develop a more holistic we outlined six critical success factors in a formal company-wide decommissioning approach toward sharing the cost associated developing an IT consumerisation strat- procedure for smart devices when their use with use of privately owned devices to run egy. Companies need to implement a is discontinued; and training programmes work-related applications. In such cases, the data-centric approach to mobile security to for smartphone users on data security and company also has to develop policies about mitigate security pitfalls and concerns. They awareness of privacy issues. As a part of an add-on services that it is not responsible to also need to set guidelines for controlling IT consumerisation strategy, a company- pay for. According to estimates by Forrester costs, and establish a policy for the equi- wide procedure that can quickly and easily Research, by 2016, 350 million workers will table reimbursement of costs incurred by evaluate the security risk, business value use smartphones—and 200 million of them employees. Most importantly, companies and life-cycle costs of IT consumerisation will take their own devices to the workplace. need to rethink IT management priorities apps needs to be established. To be effective, Even at a minimum monthly rate of $30 and establish an environment where inno- the management and control of this proce- per month for data access, employees will vative applications can be quickly and easily dure needs to be established at a high level be incurring a cost of $72 billion a year, not evaluated and implemented to maximise in an organisation. including the cost of purchasing the device. business value. Codify a global IT consumerisation policy. In many cases, these employees would — Jack Cooper is the founder & CEO of JM Guiding principles for an IT consumerisa- expect their employer to help them defray Cooper Associates and previously a CIO at tion policy should include that “ownership” the cost of acquiring and using the device. Bristol-Myers Squibb. Evangelos Katsamakas of the device does not matter. Regardless There are two basic approaches an organisa- is an associate professor and area chair of of the location where the work is being tion can adopt in establishing a reimburse- information systems at the Fordham Schools of conducted, and the devices used to perform ment programme: No reimbursement Business. Aditya Saharia is an associate pro- such work, all employees must conduct irrespective of the amount the device is used fessor of information systems at the Fordham themselves in a manner consistent with all to perform company-related work, or split Schools of Business. company policies and practices. When a the costs with an employee or a contrac- — The opinion was first published in CIO conflict exists between company-mandated tor using a BYOD in performing company Insight. For more such stories, please visit www. policies and any local and national laws, a work. The split could be determined by how cioinsight.com.

October 07 2013 19 BEST OF BREED | management

Making a Successful CIO Transition Mark Katz discusses the myriad challenges and opportunities he faced as he changed industries and jobs to become the new CIO of ASCAP By Pat O’Connell

witching industries for a CIO creates both challenges and oppor- tunities to make a quick impact. Mark Katz, CIO Sof the American Society of Com- posers, Authors and Publishers (ASCAP), talks about what it takes to make a transition. Katz’s career began in finan- cial services and steadily pro- gressed in a number of firms before he become the CIO of a major reinsurer. When moving to ASCAP this time last year, Katz’s goal was to turn IT into a leaner, more agile organisa- tion. With the full support of the executive management team, he undertook some significant challenges to turn around the source BY p hotos.com IT department. “When I arrived, the teams were in silos, with some operat- Open space meetings represent a repeatable ing independently, dedicated to technique for getting a rapid and lasting agile adoption certain users, and not effectively communicating to other team members about what and how they were providing solutions,” says projects were using a traditional waterfall approach methodology. Katz. “IT was acting in some capacities as an order taker for a great Probably of more concern, though, was that all requested changes number of break/fix projects. There was little transparency across were granted for each business request, with less of an eye toward the entire project portfolio. Most salient, however, was that larger the overall impact to the portfolio, the business and the technology

20 October 07 2013 management | BEST OF BREED

department. In addition, there were some ‘stealth’ projects that had no real business case in a lot of instances.” Katz worked with ASCAP COO Al Wallace, his senior IT team and business line lead- ers to bring about transparent and meaningful governance. Initially, Explaining Katz invested a great deal of time with the business users to under- stand their needs and priorities, and a lot of time with his staff, infrastructure including one-on-one meetings with every IT member, as he worked on changing the culture in IT as part of a planned re-organization improvements without of the department. Katz next addressed IT methodologies. “I’m a big fan of the agile methodology and self-organised teams,” he says. providing examples of After spending some time first understanding ASCAP’s culture, productivity and dollar Katz wanted to ensure that agile was properly introduced to the firm. “Indeed, agile represents much more than a methodology savings is meaningless change,” he says. “It is about alignment, transparency and commit- ment in partnership with the business: adoption through real ‘opt- ing in.’ With this new approach, IT now has a more informed seat at the table with the business, and we’ve been able to get key busi- Katz says. “I now rely on industry sources, like Gartner, and trusted ness people to fully participate in agile scrums. However, to really colleagues in the IT industry. Also, in moving to a new industry, ensure that agile was adopted at ASCAP, open space meetings were it is critically important to avail one’s self of industry conferences held where business users and technology staff participated. Atten- as well.” In terms of managing his time in a new company, Katz dance was excellent.” Open space meetings represent a repeatable concentrated on controlling the number of meetings he attended, technique for getting a rapid and lasting agile adoption. It’s based as well as effectively managing each meeting. “Too many meetings on the hypothesis that human engagement is what actually powers were break/fix discussions that turned into open-ended design and genuine and lasting agile adoptions. “In terms of the mechanics of ‘solutions on the spot’ meetings,” says Katz. “I empower managers agile, we start by writing the epic story for each product team, then to work with their teams on issues like this, and I focus my IT meet- breaking the story down into sprints, all prioritized by the business, ings as decision-making meetings. You have to pay attention to the working through the product owners,” says Katz. “Then we have meeting agenda, and focus on what you want out of the meeting.” the daily 15-minute scrum with a view to releasing useable software Katz found that these steps have led to having more time to meet every two to three weeks. Our approach is “yes, we can,” not “no, we with business users and his direct reports. “I have a weekly one- can’t.” Change is always welcomed, even late in a sprint. The busi- on-one meeting with my directs, as well as a weekly management ness users decide the priorities, and the scrums are very candid and team meeting. In addition, I have quarterly town hall meetings, very honest. This has led to velocity, but, more importantly, to vastly with speakers from the business, as well as for providing updates improved communication with the business lines.” on the IT vision for the company.” In meeting with the business, Another key initiative for Katz was governance, and he developed clear and constant communication is key, Katz notes. “Explaining a project management office (PMO) for the major systems projects. the justifications and benefits of moving the data center was a major “The PMO is creating integrated process workflows across the com- priority. You have to spend time on the strategic level, not down in pany. Its charter is to provide increased transparency that further the weeds. You have to understand their thinking processes and builds upon business trust. ASCAP leverages a federated gover- what their issues are. Speaking the same language as the business is nance model with full business and IT participation. Large projects important. Explaining infrastructure improvements without provid- over a certain threshold are approved on an up or down vote via the ing examples of productivity and dollar savings is meaningless.” executive committee. All other projects are assessed for synergies Lastly, Katz suggests that “you have to take time to understand and duplication and then prioritized with the business.” Katz col- the people and the culture, before making change. Getting buy-in, laborated with the Wallace, the COO, to ensure a full business case and alignment, and learning when and how to say no. And get- was presented for the significant projects. ting the right people in the right roles.” Katz notes that as a fairly ASCAP was in the middle on a major infrastructure project when accomplished keyboard player himself, he has a great deal of pas- Katz joined the organisation. The large-scale project required spend- sion to ensure that the 470,000 songwriter and composer members ing a great amount of time with hardware vendors. “As a new CIO, I of ASCAP are treated with the utmost care and respect, and that initially had to spend a lot of time with my managers to understand ASCAP’s technology platform enables it to remain the leading the applications and the infrastructure. They were extremely knowl- performance-rights organisation in the world. edgeable and critical to my success. The vendors did not provide any — Pat O'Connell is the founder and president of The Conall Group, a off-the-shelf packages, so everything is custom-built for every per- consulting and research firm, and an adjunct professor at Columbia Uni- formance-rights organisation in business, of which ASCAP is the versity in its Executive Masters of Science In Technology Management largest in the world.” Not unique to the music industry, many ven- Programme. dors tried to sell one-stop shopping solutions to Katz without fully —The opinion was first published in CIO Insight. For more such stories, understanding ASCAP’s needs. “Vendors wasted a lot of my time,” please visit www.cioinsight.com.

October 07 2013 21

Open SourcE | COVER STORY

Open Source Health Check The open source market is growing in India on the back of the ongoing economic downturn. The challenge for the open source community, however, is to make inroads into the enterprise segment By Atanu Kumar Das | Illustration by Manav Sachdev Design by Anil VK

October 07 2013 23 he open source market has always shown a lot of promise. Even today, according to open source vendors, the market is definitely growing both in the SMB as well as the enterprise segments. But users have a different perspective. They feel that open source still has a long way to go before it makes a strong presence felt in in larger enterprises. The prime reason being that large organisations still trust proprietary software when it comes to running mission critical appli- cations. The fear of reliable service support attached to open source makes them think twice before deploying it in their IT environment. As Vijay Sethi, VP and CIO, Hero Motocorp, says, “The market for open source is growing and one of the best things that happened for the open source market is that the support has increased on the ser- vices' front. But still a lot needs to be done." Sethi also feels that top organisations are still running their mis- sion critical applications on proprietary software primarily because of his very issue. “I do not see many organisations using open source in mission critical applications and this can only change if the support system of the open source fraternity improves. We have all mission criti- cal applications running on proprietary software. Sethi also has his doubts when it comes to costs. Traditionally, open source has been associated with cost savings, This has been its biggest USP. Debating this, he avers, "I have heard people saying that there are cost advantages when one uses open source. Any project implemena- tion has four components -- acquiring software, buying hardware, paying for consultancy, and finally getting support. In open source, one may not pay for software licenses, but has to invest a lot in service support. So, I have my doubts how much an organisation can ulti- mately save by using open source.” All these challenges, however, haven't stopped Sethi from experi- menting with open source.

24 October 07 2013 Open SourcE | COVER STORY

He has recently started using an open source applica- tion custom developed by a systems integrator. "It is a pilot project and we are evaluating it. It has been six months since we have started using it and the software is running fine. I will assess the same for a few months and then see how we can increase the pen- etration of open source in our organisation," he says. The current economic scenario has provided impeus to open source as lots of organisations, mostly in the SMB segment, are looking to reduce their capex.

Growing but slowly Dinesh Kaushik, IT Head, Caparo India says that his organisation is now looking at using open source at the base level in terms of open office, emails etc. “We are thinking of using open source primarily because it is free when we use it for internal pur- poses. I have also got positive feedback from our peer organisations. Let us start using it and one year down the line, we may start using it more prominently,” says Kaushik.

“We are thinking of using open source primarily because it is free when we use it for internal purposes” Dinesh Kaushik IT Head, Caparo India

Alhough proprietary vendors have introduced According to Tiwari, “Open source market is growing pay-per-use models to help customers reduce capex, and we can see some level of adoption of open sources the cost differential between open source and pack- across enterprises as well. The recent surge in demand aged software comes into play at introductory levels. of open source vendors and their availability, can be For instance, open office, which requires no or little considered as an indicator of this market’s growth.” support, offers an advantage over its packaged coun- Tiwari says that at Policybazaar they have deployed & S higi l N a r ayanan ya terpart. There could be price parity in bigger open open-source and select open-source stacks are perform- source solutions where one may have to shell out ing quite well. Since, core functions require innovation more on service support. and vertical thinking those are kept out of the purview Saurabh Tiwari, CTO of Policybazaar.com has of open-source. Supporting functions, on the other intelligently leveraged open source to save precious hand, are developed using some of the best known Sr isti M a ur v S ach dev,

resources. open-source stacks. This approach has radically saved PHOTO IMAGING BY: M ana

October 07 2013 25 COVER STORY | Open Source

the company resources and allowed them to focus their to see it being used in mission critical applications, but energies in areas requiring innovation. people still have less confidence because of the support Manoranjan Kumar, CIO of an SME, Kanoria Chemi- infrastructure,” says Kumar. cals & Industries, feels that the open source market is Meanwhile, Open Stack, a foundation build growing and their organisation is also running a lot of to serve developers, users, and the entire applications on open source. ecosystem, feels that the growth of open source is “For us open source has proved to be a boon because it unquestionable because today many organistaions has helped us reduce costs. Whether it is VoIP or email are looking at open source to address the latest or file servers, we have been able to adopt open source to trends like cloud, big data and mobility. our liking. I vouch for open source a lot and would like According to Mark Collier, Chief Operating Officer, OpenStack Foundation, “Open source has become a given in the enterprise space. Everyone uses open source solutions now. Linux is the default in the data- centre, and of course the LAMP stack has been power- ing web applications for many years now, and with the rise of big data, apps like Hadoop are very prevalent.” “I vouch for open source a lot and Collier also feels that enterprises are using open source because the technologies are flexible, would like to see it being used in meaning that one can often plug in their existing mission critical applications, systems more easily, such as billing or charge-back or authentication systems. but people still have less confidence “When I talk to enterprises, our community concept is very appealing when considering open source tech- because of theManoranjan support Kumar infrastructure” CIO, Kanoria Chemicals & Industries Limited P hoto by J it e n G an d hi

26 October 07 2013 nologies. One thing I didn’t mention is cost. Of course open source software is free to acquire, but this really isn’t the top reason for adoption, it’s much more about the flexibility to integrate and to be a part of a thriving community with multiple vendor support options, eliminating lock-in,” adds Collier.

Proprietary supporting open source There are numerous proprietary vendors today who are supporting open source and they have developed appli- cations using open source and proprietary software that are being used by enterprises. For instance, Oracle contributes to many different open source projects and communities. Hundreds of Oracle engineers are part of open source communities and develop code that is freely available in open source. For example, Oracle’s Linux kernel team contributed a cluster file system and dash Oracle Cluster File System 2 (OCFS2) — to the Linux kernel under the terms of the GPL, GNU public license. OCFS2 was the first ever cluster file system in the mainline Linux kernel. Oracle has been a member of Eclipse since the proj- ect’s inception, and has made many contributions to the Eclipse community. Oracle’s BPEL designer — a design-time tool to orchestrate web services into busi- ness processes — is offered as an Eclipse plug-in, in addition to being a part of Oracle JDeveloper. Oracle has also committed to contributing object/relational mapping functionality to the Eclipse Foundation to help promote Enterprise JavaBeans 3.0.

Challenges The most prominent challenge that confronts the open source community is the lack of proper support for users and also clarity in the licenses which the users are using. “I think the biggest challenge is the fear that there won’t be some- one there to help if something goes wrong, or even before that in the plan- “The main challenge is the ning and implementation phase to to get good advice from experts. The best lack of skills available way to address that is with a very strong implement and support open source. and diverse ecosystem. We made that a priority from the very beginning in Open- Also, the revenue model to sustain Stack, and now have the top three Linux development of the distributions, top three server manufac- not openstructured source” tures, network vendors, etc. On top of these solutions is traditional IT vendors backing OpenStack, Nishant Singh CEO, CRMnext you have a number of firms offering profes- sional services like training, architecture, etc. We recently launched a training marketplace to help enterprises connect with trainers, and those classes are happening all over the world today,” said Collier.

October 07 2013 27 COVER STORY | Open Source

According to Nishant Singh, CEO, CRMnext, “The main challenge is the lack of skills available to imple- ment and support open source solutions. Also, the revenue model to sustain development and enhance- ments of the open source solutions is not structured and it requires huge upfront investments.” The decision of adopting open-source software should not be taken just on the basis of the cost involved. It entails a detailed analysis and understand- ing of the requirements before switching to open source and availing its complete benefits. There are multiple challenges that one could face at this junction. Selection of an open-source: Selection is a major challenge as one needs to account various aspects — licensing, community support, operating systems etc, before deciding upon an open-source stack. Software adoption requires a learning curve: You may need to hire an expert in your open source prod- uct to get your IT staff up to speed. Customisation and upgrade could be tough: One may lose the advantage of community driven develop- ment, if open-source is not customised to handle any future upgrades without hassles. Unanticipated cost: One might feel, it is free soft- ware but it can involve unanticipated implementation, administration and support costs. Hence these costs should be accounted as well. Be ready for surprises: Work on an open source might stop anytime as no one in the open source com- munity is obligated to help you or answer any of your questions forever. When it comes to licensing, one needs to be very cautious as it can lead to numerous complications. “There are variations in licensing models under which open-sources are being released; hence not all open sources are completely free for use. At times yes, licensing can be an issue if the licensing agreement has not been referred properly. A casual approach towards understanding the licensing agreement could be disastrous later. Some licenses allow you to use the source code freely and a few may restrict “A casual approach towards the usage under commercial setup. Hence, it is highly recommended, one should read understanding the licensing agreement the licensing agreement in detail before taking a call,” says Tiwari. could be disastrous. Some licenses Sethi feels that some organisations are still not clear about the licensing of allow you to use the source code freely open source. and a few may restrict the usage “When one is using open source for under commercial setup” internal purpose and not making any Saurabh Tiwari money out of it, till then the software CTO, Policybazaar.com is free, but when an organistaion starts using open source commer- cially then they have to share a part

28 October 07 2013 Open SourcE | COVER STORY

“I think the biggest challenge is the fear of their revenue with the open that there won't be someone to help if source community. Many firms are not clear how to weigh the something goes wrong, or even before that in the same and so there is confusion. Mark Collier Moreover, some organistaion planning phase to get good advice from experts” might not disclose that they are Chief Operating Officer, OpenStack Foundation using open source commercially, and if that is found out later then the software becomes a property of the open source community. This is a challenge that needs to be addressed,” adds Sethi. of software. New versions come out every six months, quickly followed by a summit, so that’s the cadence. The Future Road Map In between summits, there are user group meet- One thing is clear, if open source wants to grow fast, ups happening weekly. Meeting face-to-face is really its proponents have to be on their toes. important, to augment collaboration,” says Collier. To ensure that open source keeps on growing, the Sethi feels that in order to keep on growing in the Open Stack Foundation are bringing people together market, the open source community should focus to share their knowledge. on quality and that can lead them ahead. “As a foundation, we try to bring people together to “I think larger enterprises look for quality and to share knowledge as often as possible. We hold what make inroads in bigger enterprises, the open source we call the “OpenStack Summit” twice a year, where community should kook at improving their quality thousands of people come together to discuss how of software. Also the support mechanism needs to they are using OpenStack, and plan the next release keep on improving in the future,” sums up Sethi.

October 07 2013 29 “Dearth of skill-sets is an issue” In conversation with Atanu Kumar Das, Asheesh Raina, Principal Research Analyst, Gartner India, talks about the future of open source market in India

30 October 07 2013 Open SourcE | COVER STORY

How has been the market for open source in the enterprise space? Do you see the adoption increasing? India is trying to be globally competitive when it comes to the adoption of open source. The prime advantage of open source is its low pricing and that has helped them grow. The most important thing is, now we are witnessing more systems integrators who are concentrating on open source and that helps is “The usage of open source is delivering better services to the customers. Services was always a concern area for open source and we at tricky in the sense that if one Gartner see that improving but still a lot needs to be done. Moreover, open source has played a key role in is using open source for the latest trends like mobility, big data and cloud. The internal purposes, then it is popular mobile platform Android is on open source. When it comes to adoption, I see it being more used free. But when an organisation by the small and medium enterprises, although big organisations are also using it, but that is still at a very is using it for commercial small level. Another important user of open source is the government sector and the support of the govern- purpose then they have to pay ment is very important for this community to grow and come with innovative applications. an amount to the Open Source

What are the challenges in convincing enterprises to adopt Community” open source? Some of the challenges for the open source is its Asheesh Raina safety and security. Users do not find all the function- alities in open source and they have to build those on their own and that is a deterrent in using open source. Moreover, organisations do not use open source in mission critical applications because of security issues and support problem. There are also licensing issues as people are not well versed with the increasing and I feel that there is scope for growth for GPL and LGPL licenses. The usage of open source is both proprietary and open source software. tricky in the sense that if one is using open source for internal purposes, then it is free. But when an organ- How important it is to have freedom from vendor isation is using it for commercial purpose then they lock-in for enterprises? have to pay a amount to the Open Source Commu- Open stack vendors have always supported the free- nity, which many organisations are not aware of. The dom from vendor lock-in and we are witnessing that Open Source Community should come up with clear now. Many organisations are now using proprietary directions on the usage of open source and that will and open source to build one application and it is be a big help. Another thing that we notice is open helping them achieve what they seek. Today, most of source is not that trendy or jazzy where as proprietary the applications are interoperable and that will be the offers a lot of features and looks. Proprietary software trend going forward. vendors are now reducing their prices and have come up with models like cloud and software as a service. Going forward, how do you view the open source market growing? Governance is a big issue in open source and going Are there enough skill-sets available for the support of forward I believe that policies needs to be made which open source software? are clear to understand. Licensing has always been There is definitely a dearth of skill-sets and that is an issue and as IP laws grow stronger, organisations proving very costly for the adoption of open source. would like to avail for licenses very carefully. Open But, if we compare the skill-sets available five years source community wants that if they are using open ago, the pie has definitely increased. I feel that big source with proprietary software they have to make organisations are equipped to handle open source the source code public which many enterprises are internally but for small organisations, they need sup- not doing. These things needs to be addressed if we port on a regular basis. The share of open source is want open source market to grow.

October 07 2013 31 Features Inside How Obamacare Will NEXT Impact IT Pg 34

CIA Wrestles With Analytics HORIZONS Challenges Pg 35 Imag i ng by V kas sharma

n “The IT Market’s Hot: What’s in it for Seizing the You?”, we examined the overall trends in the economy and their impact on the IT marketplace. Net, net: The IT mar- Opportunity ket, for both products and workers, is hot,I and there are lots of new opportunities for professional and business growth. Today’s external market conditions The Mixed Blessings of a Hot Market can help you create internal growth The hot IT market is all well and good if you are looking for a new job, but what if opportunities, especially ones that you like your job and don’t want to leave. What opportunities does the hot IT market provide incentives for employees to hold for you? In fact, the hot IT job market stay put By Marc J. Schiller might look like a disaster as you struggle

32 October 07 2013 management | NEXT HORIZONS

to hold on to your best employees, many of whom are being enticed by new opportuni- ties and increased salaries. This situation can be especially difficult if your employer is still feeling a bit shaky from the great reces- Your back-pocket list is sion and hasn’t jumped on the IT invest- just a starting point. What ment bandwagon yet. Naturally, that makes the grass seem a whole lot greener on the you really want to find out other side. So, what are you supposed to do? Keep it is where other companies, a secret? Hope your people don’t find out about it? Clearly, that won’t work. preferably ones in your The challenge, and the subject of this arti- cle, is how to use the external market con- industry, are investing ditions to help you create internal growth opportunities—the kind that gives you and your employees incentive to stay put. were 100 percent convinced could move Reasons for their investment, such as Start With the End in Mind the business forward. All they needed was a what they are trying to achieve To get your company to invest in new IT- budget and a willing user community. Investment amounts, including dollars, enabled initiatives, it will take two basic Now is the time to dust off that list of IT hours, people and duration. things: 1) The initiative or project has to be initiatives and carefully review it. Reconnect I know that list sounds like a very dif- something your company genuinely needs with all the things that you were convinced ficult assignment, but that’s where the and can benefit from, and 2) your senior in the recent past could make a big differ- hot IT market can be very helpful. When management must be convinced that’s the ence to your business. Take your list and IT investments start moving, people start case. So far, all of this is pretty obvious. sort the items into the following five catego- talking. Vendors, in particular, can’t help What that means practically is that you ries of requirements: themselves. They just love to brag about all can’t just march into the CEO’s office and To continue day-to-day business operations the new great things they are doing at other tell her about the overall business and IT To lower our daily operating costs companies in an effort to get you to also investment trends or point out that the To be at parity with our competitors jump on the bandwagon. resulting hot IT job market is making it dif- To achieve an edge over our competition But it’s not just the vendor community. ficult for you to retain your best workers and To directly increase sales (be careful with Recruiters call more often and speak more expect it to have much impact. It’s going to this one). openly about job opportunities and what take a little more sophistication (and data) You’re not quite sure where your set of stands behind them. Industry friends and than that. ideas is in comparison to your competitors? colleagues that take new positions frequent- That’s where step 2 comes in. ly talk about the new challenges for which Here’s what you can do. they were hired. Step 1: Reconnect With What’s Needed Step 2: Get Current With Industry With all these different people talking, You, and probably everyone in your compa- Developments the trick is to listen—and listen well. And ny, has been heads down the last few years, Your back-pocket list is just a starting point. the best way to listen is to not listen alone. tightly managing costs and holding on to What you really want to find out is where Bring your people in on this effort. Explain customers. Who's had time to think much other companies, preferably ones in your to them that you want to improve your about IT investments? Probably no one in industry, are investing. company’s competitive intelligence as a the executive suite, but, of course, you can’t What you are looking for is a list of IT- precursor to proposing new IT investments. help yourself. After all, as the individual that related initiatives that your competitors Explain to them how they can use their is charged with making systems work, you have undertaken. And, if you are really personal networks to ethically collect this are always keenly aware of the shortcomings ambitious, an explanation of why they have type of competitive intelligence. Help them in the business processes (and the support- invested in those initiatives and the benefits understand how valuable it will be for your ing systems) and you see lots of opportuni- they are hoping to achieve company to understand the overall trends in ties to improve things. What you are looking for is a list with the IT investment when it is supported by spe- I know that I’m on solid ground here following information: cific industry examples. because in more than 25 years in this indus- Project or initiative description By involving your people in this try I haven’t met a single senior IT manager System or technology involved research, you not only improve your abil- that didn’t have a long list in their back Names of companies investing ity to collect the information, but you also pocket of different IT initiatives that they in this area bring them into the investment discus-

October 07 2013 33 NEXT HORIZONS | management

sion and teach them how to best support share the overall market data this is your opportunity to an IT investment request. and trends that are driving IT shine. Why? Because you aren’t investments. Next, drill down selling IT projects, you are sell- Step 3: Put It All Together to what’s happening in your ing competitive positioning By the time you’re done with this prepara- industry, including how it is 49% tory work, you’ll have: investing in IT. Make sure to will be the worldwide That’s It General information on IT investment keep the data aggregated and growth of 3d printers That’s how you leverage exter- trends and IT skill shortages across a general at this point in the in 2013 nal market conditions and variety of industries conversation. And when they information to create new A well categorized list of your best IT ask you what’s driving all that opportunities for you, your IT investment ideas for your company IT investment, you reveal the workers and, ultimately, your Data on the kinds of projects and IT detailed data they care about company. It’s a powerful formu- investments your competitors are making most: what your competitors la. Go for it—and let me know and why they are implementing them. are doing and why. But don’t stop there. how it works out for you. Now, with the obvious caveat that you’re Once you have presented your competi- not going to sell management on a project tive data, it’s time for you to present your — Marc J. Schiller has spent more than two your company won’t benefit from, it’s time analysis of what your company should do. decades teaching IT strategy and leadership to to get into sales mode. You may argue for investments that are the world’s top companies. Schedule some time in an upcoming required to match your competition. You leadership team meeting to present a talk may opt for an investment that you believe — The opinion was first published in CIO on “the state of the industry from an IT will help transcend your competitors. What- Insight. For more such stories, please visit www. investment perspective.” At that meeting, ever it is that you want to sell, cioinsight.com.

How Obamacare Will Impact IT Choosing the right partner will always be key to success for any new initiative By C.J. Ravi Sankar

s the US health-care industry begins implementing the The Consumer Union 2012 survey reveals that consumers dread Patient Protection and Affordable Care Act (PPACA), shopping for health insurance. commonly called Obamacare, insurance companies are Increasingly, customer expectations are shaped by their experi- experiencing a change in their business environment. For ences in using services across other industries, such as retail and example, regulatory changes like medical loss ratio man- financial services. For payers to deliver on these customer expecta- datesA require a reduction in administrative spend, while business tions, they will need to: model changes will force payers to invest in better management Build a flexible business architecture systems. What’s more, the influx of new, uninsured customers has Optimise business processes to cut costs and improve efficiencies made business leaders rethink their member acquisition and reten- Create and manage customised experiences tion strategies, due to the following challenges: Unify their customers’ experiences across multiple channels. For a typical payer, about 20 percent of medical spend goes to one Payer CIOs are at the center of this sea change as their business percent of its customer base, while 50 percent of the healthy cus- partners will seek their leadership in transforming payers into tomer base incurs only three percent of the medical spend health-information organisations. By leveraging technologies like Temkin Customer Experience ratings place the health insurance social media, mobile devices, data analytics and cloud computing, industry at the bottom in delivering customer experience. CIOs can improve traditional organisational capabilities to deliver

34 October 07 2013 analytics | NEXT HORIZONS

these information-based products and services. Social collaboration is expanding the means by which consumers gather information and interact with businesses. Mobile device usage is changing the way organisations attract, acquire and engage with customers. Analytics and big data enable organisations to predict customer behavior using data from multiple sourc- es, including application systems, social media, and more. Finally, cloud comput- ing offers the flexibility to deliver these applications at scale. Partners that deliver superior customer experiences and provide a combination of payer domain expertise and best practices from other industries will have an advantage over

traditional partners. Imag i ng by vi kas sharma The other key challenge for CIOs is finding financial support for the chang- Social collaboration is expanding the means ing model while maintaining current by which consumers gather information business delivery. CIOs need to revisit their strategies for “run the business” applications, examining ways to reduce costs through managed choosing the right partner for this journey will be key to the suc- services and portfolio optimisation in order to reallocate their cess of their new initiatives. budgets for transformational initiatives. Vendors with expertise — C.J. Ravi Sankar is the vice president and head of payer-provider in helping organisations control expenses and invest the realised practice at HCL Technologies. savings in the creation of new capabilities will be the partner of — The opinion was first published in CIO Insight. For more such stories, choice. As payer CIOs drive their organisational transformation, please visit www.cioinsight.com.

CIA Wrestles With Analytics Challenges The intelligence community is looking for innovations that would enable it to rapidly analyse data By Michael Vizard

hile there is a lot of controversy to be. Speaking at the recent Security real-time is next to impossible. these days about the amount of Innovation Network Summit in New York, “To watch all the video that currently data that the National Security Dawn Meyerriecks, deputy director for moves across the Internet in one minute Agency and other intelligence the directorate of science and technology would take five years to watch,” says groups are collecting, analysing at the Central Intelligence Agency, says Meyerriecks. “And we can’t ingest all that Wall that data in ways that make it actionable that ingesting all of the data the agency data at scale.” is still a major challenge, regardless of how requires remains a major challenge. And As a result, the CIA is concentrating its omnipotent an organisation is perceived even once it is collected, analysing it all in research and development investments

October 07 2013 35 Even with the use of Hadoop, the cost of collecting big data is still enormous i mage by photos.com

on analytics applications and systems that level of scale that goes beyond the average According to Travis Koberg, director for would enable the agency to more easily enterprise, Howard Dresner, chief research data services for CSC, the systems integra- analyse data where it resides as opposed to officer for Dresner Advisory Services, says tor expects the world of big data analytics trying to store it in one central data ware- the agency is encountering many of the to be federated across applications that will house, Meyerriecks says. same advanced analytics challenges facing span both on-premise and cloud computing Most of that research and development IT organisations as they move deeper into platforms. “We trying to build an industrial activity is being managed through In-Q-tel, the realm of big data. Even with the use of strength platform for big data,” says Koberg. a venture capital firm created by the CIA, Hadoop as a framework for storing data, the “But we still believe that most of these appli- and the Intelligence Advanced Research cost of collecting and correlating massive cations are going to wind up being feder- Projects Activity (IARPA) organisation that amounts of big data is still enormous. ated.” The degree to which that ultimately the Department of Advanced Research Proj- To mitigate those costs, it would be less happens, however, is anybody’s guess. Right ects Agency has set up. expensive if the analytics could be applied now the pendulum is swinging toward Meyerriecks says that specific projects, across federated sources of data. “That’s aggregating data in the cloud. But as the such as IARPA’s Aggregative Contingent not something anybody is going to solve cost of aggregating all that data continues to Estimation (ACE), is investigating advanced any time soon,” says Dresner. “They would increase, the IT community—and the intel- analytics technologies that would make it first have to come up with a standard way to ligence community—are clearly looking to easier to analyse data in place. And IARPA’s index all the data first.” breakthroughs that would enable them to Knowledge Discovery and Dissemination Naturally, systems integrators see big data analyse massive amounts of data regardless program is looking into adapter and seman- analytics as a significant opportunity. CSC, of where the data resides. tic technologies that would make it less for example, just acquired Infochimps, a difficult to discover data and establish some provider of data analytics as a service that — The opinion was first published in CIO meaningful context around it. aggregates data using an implementation of Insight. For more such stories, please visit www. While the CIA is clearly operating at a Hadoop and a NoSQL database. cioinsight.com.

36 October 07 2013 LIGHT EVERY CORNER IDENTIFY EVERY THREAT Every day, new cyber threats and attack techniques emerge to strike your Event Details: network. With the growth of APTs and hacktivist groups, staying on top of 16th October the threat landscape is more challenging than ever. Besides, as mobile de- Grand Hyatt vices, social media, and the cloud become commonplace both inside the 9:30 am to 4:00 pm enterprise and outside, technology adoption is moving faster than security, thereby creating problems for security practitioners. 18th October Taj Palace Raising alarm bells, security experts believe that based on the way the enterprise landscape looks now, companies are on their way to a com- 9:30 am to 4:00 pm plete breakdown if they don’t change their security strategies immediately. 30th October To overcome these security concerns, technology leaders need the next ITC Windsor generation of security innovations. 9:30 am to 4:00 pm To learn more about how Juniper Networks is changing the face of network security and cyber-attack prevention, join us for a day-long session with our security specialists. Bring your network security questions and take advantage of our on- site Technical Security Specialists!

Juniper Ad_C&L.indd 1 10/10/2013 12:36:04 PM CIO& LEADER custom series | sas

Visualising the Power of Your Data Organisations of every size, in every industry, have data that can deliver insights. Advanced analytics and data visualisation are providing organisations with real-time insights and foresights, empowering them in enhancing performance and multiplying opportunities. Sudipta K. Sen, Regional Director – South East Asia, CEO & Managing Director — SAS Institute (India), shares his thoughts on how analytics can empower organisations in leveraging the newest and most important asset class — data

lmost 99 percent of the unstructured data has become an industry- world’s written words, wide strategic imperative. Analytics has images, music, video and found its way into boardroom discussions data are transmitted in the and organisations are keen on driving a two-letter Boolean alphabet culture of data-driven decision making. of ones and zeroes. Data is Technological advancements in analytics Apouring in from every conceivable direc- is enabling organisations in deriving bet- tion and big data is only getting bigger. ter value from their data and empowering However, big data is a relative term. When non-technical business users in taking data grows beyond the ability to manage, decisions faster and more accurately. Let’s it’s called big data. Most organisations have explore some key areas that highlight capabilities for storing data, however, pro- the same: cessing times are high. Today, most CIOs are concerned that the amount of amassed Leveraging forward-looking data is becoming so large that it is difficult insights: to find the most valuable pieces of informa- The rapid increase in data volumes has tion and insight from it. Creating mean- Sudipta K. Sen compelled organisations to manage and Regional Director – South East Asia, CEO & ingful insights from both structured and store data efficiently. A major chunk of Managing Director - SAS Institute (India)

38 October 07 2013 sas | CIO& LEADER custom series

data is created by individuals/customers spread across geographies and in different formats, such as text documents, tweets, The image shows a videos, updates, blogs, etc. Organisations business dashboard across industries are embracing analyt- of SAS Visual ics to derive meaningful insights from this Analytics. Business data. Traditionally, users have been using analytics to describe current scenarios users can quickly or find answers to past issues. While this view and interact with is important, it is even more important to reports via the Web or leverage analytics for forecasting and solv- mobile devices, while ing tomorrow’s problems today. This helps IT maintains control organisations in eliminating gut-feel and of the underlying data guesswork from decision making process and helps take forward-looking decisions and security based on facts.

Human brain needs visualisation: highly accurate insights. Modern organisa- ent users and with appropriate privileges to A picture is worth a thousand words — tions are looking for optimal ways to gain edit. This ensures that data is secure and at especially when you are trying to under- insights from big data in shorter report- the same time it’s being leveraged to drive stand and gain insights from data. It is par- ing windows. It's all about getting to the business outcomes. ticularly relevant when you are trying to find relevant data quicker. Revealing previously Organisations of all types and sizes gener- relationships among thousands or even unseen patterns, sentiments and relation- ate data each minute, hour and day. There millions of variables and determine their ships, delivering valuable information in is no going back; the flow of data will not relative importance with the help of for- real time and speeding the time to insights. shrink, on the contrary it will only grow expo- ward-looking data visualisation tools, such With technologies such as in-memory ana- nentially. Everyone — including executives, as SAS visual analytics, users can simply lytics, businesses can find answers to their departmental decision makers, call centre drag and drop parameters to explore data most pressing questions in seconds or workers and employees on production lines and derive meaningful insights. Data is minutes, which earlier took hours and days — hopes to learn things from collected data represented visually in the form of graphs, to process. This helps in reducing reporting that can help them make better decisions, charts, diagrams, etc., which makes it times, shrinking costs, enhancing efficien- take smarter actions and operate more easier for the users to explore, correlate cies and improving accuracy and agility of efficiently. With advanced analytics and data and forecast. Data visualisation techniques decision making. visualisation techniques, organisations can makes analytics much more approachable uncover the true potential of their data and and easy to share and collaborate with Analyse anywhere, anytime: unleash valuable insights about consumer peers across organisation. This empowers Data exploration and decisions should preferences, growth drivers, business the non-technical business users, reduces not stop just because the users are out of trends, market forecasts, etc. With the ability burden on IT and helps inculcate an office. Data visualisation and self-service BI of deriving accurate insights faster, explor- enterprise-wide culture of data-driven tools empowers decision makers at every ing data visually, sharing report with peers decision making. level to see and interact with critical infor- and interacting with dashboards on mobile mation and decision-making data — any- devices; organisations can enable business Analytics at the speed of thought: time, anywhere — on their mobile devices users/functions to drive an enterprise-wide Most analytical solutions are ‘seemingly such as tablets. Having on-the-go access culture of data-driven decision making and fast’ — their processing speeds are fast, to current, relevant information means attain breakthrough business outcomes. however, they work only on subsets of data faster decision cycles and uninterrupted and not on the entire database. True value workflows. Users can also share reports of big data and accurate decision making with colleagues and gather their insights. brought to you by can only be unlocked when organisations This ensures that decisions are not being analyse data in its entirety and not just sub- made in silos and are rather accurate. sets. To do so, it is important that analytics Another vital aspect that a mobile BI solu- and BI solutions leverage in-memory ana- tion must ensure is the capability to view lytics technique in order to resolve complex and explore dashboards securely. Different problems in near-real time and deliver views should be made available for differ-

October 07 2013 39 Event Cloud: A Game Changer Microsoft and SoftwareOne organised a CXO round table showcasing how cloud can revolutionise business

CIOs participating in the round table discussion

Mayank Srivastava (left), Managing Director, SoftwareOne, welcoming a delegate at the event

Participants networking during free time

he three biggest trends in the enter- productivity, to business prise technology space today are solutions. It doesn’t make mobility, social, and big data. These business sense to make a trends can have a huge impact on one-off software decision how businesses engage with their in today’s world.” customers,T partners, and employees in "Whether you're con- order to better business agility, economics, sidering cloud solutions and experiences both inside and outside Speaking at the event, Mayank Srivas- such as the Windows Azure Platform their company. The key to unlocking this tava, Managing Director, SoftwareOne said, and Office 365, the System Center Suite, impact is cloud. “No business service you create today lives upgrading to Windows 8, seeking to Against this backdrop, Microsoft and Soft- on an island. You need apps, communica- enhance Business Intelligence through wareOne, in association with CIO&Leader, tion, and collaboration to connect together SQL or upgrading communication and organised a round table discussion on ‘Cloud in an agile way. To achieve this, you need a collaboration options with Lync and Share- Power’ for CXOs in Gurgaon recently. comprehensive cloud—from platform, to Point - we deliver strategic recommenda-

40 October 07 2013 cloud power | EVENT REPORT

tions, smart alternatives and practical tools to assist future planning. All firmly based on your needs," he said. SoftwareOne is a licensing solutions provider with the unique combination of being a truly global LAR. With a presence in 80 countries, it is exclusively focused on software volume licensing and privately- owned since it was set up in 1985. The company optimizes and manages software spend, while facilitating relationships between customers, publishers, and local best-of-breed services partners. Mayank delivering his address On how his company could help CXOs in moving to the cloud, Srivastava said, “We know software licensing inside and out. Our team has decades of real-life industry experience, giving us the depth and breadth to tackle any licensing chal- lenge head-on. We offer a leading-edge web platform and online tools that provide full transparency into your software licensing anytime and anywhere you require it.” The event saw some of the top CXOs debating the pros and cons of Mayank thanking a delegate for paricipating in the thought provoking discussion cloud computing. Sharing his experience, Kapil Mehrotra, CIO, Apollo Munich said, “Cloud has come to be the biggest business enabler for an enterprise technology decision maker today. It lends a CIO the power to deploy any resource of IT service on the fly. By leveraging cloud, we have accrued tremendous capex savings while at the same time achieved scalability and agility Office 365 is powered by the same Micro- savings associated with hardware over- for our business.” soft email and collaboration products that head, electricity, and software deployment; Providing insights into how Micro- businesses have been using for decades.” Enhanced security with 128-bit encryption; soft enables enterprises in harnessing According to Microsoft, Office 365 and 99.9 percent scheduled uptime with cloud, Ritu Chaturvedi, Director Office gives ‘anywhere/anytime’ access to email, financially backed service-level agreements 365, Microsoft, said, “The Microsoft Office documents, contact information and cal- (SLAs),” Chaturvedi said. 365 service offering combines the familiar endars on almost any device. Moving all or “For today's CIOs and business lead- Office desktop suite with the latest, cloud- some of the applications to the cloud can ers, the cloud presents an opportunity to based versions of our next-generation com- save organization time and money as well redefine the role that the IT and non-IT munications and collaboration services: as free up valuable resources to work on business functions play in implementing Microsoft Exchange Online, Microsoft other IT projects that haven't been able to a business strategy. Because of its power SharePoint Online, and Microsoft Lync schedule previously. to fundamentally change how business Online. These services work together “Benefits of Office 365 include elimi- operate and compete, the cloud has the seamlessly to provide the best productivity nating time and effort spent managing potential to a game changer for many com- experience on PCs, phones, and browsers. email and collaboration services; Cost panies,” she added.

October 07 2013 41 Data Briefing TECH FOR 9% Fall in PC shipment in the GOVERNANCE third quarter of 2013

Leaked Data and Credentials: Cracked Web Apps With the rise of web-based applications, the threat model has changed By Jonathan Lampe

42 October 07 2013 security| TECH FOR GOVERNANCE

If you’ve been paying attention to vulnerabilities in web applications, you’ve certainly heard of attacks involving SQL injections, cross- site scripting, and poor session management. Thanks to the efforts of groups like OWASP, many responsible software vendors and open source project leaders now treat these types of vulnerabilities seriously, and issue patches and hot fixes to remove them from production code soon after discovery.

However, there are many other exploits that threaten ers can “spear-fish” known users of an application, pose Internet-facing applications. This article covers a common as tech support in social engineering exploits, seed false exploit not listed in the OWASP Top 10 Application Secu- downloads, or use other backdoors and Trojans to plant rity Risks, but is nonetheless used to steal credentials and their exploits on target computers. Once their exploits are data from Internet-facing applications today. planted, hackers may then use hard-to-detect channels In the “old days,” distributed applications were to retrieve their ill-gotten gains, such as a new parameter deployed using a client-server model that used pre-com- to an exploited web page that downloads the secret log of piled binary code on desktops and servers. These applica- credentials and data their exploit created. tions could be cracked by experienced programmers, but the people who cracked these applications were more Examples of Exploits How a Hacker Might often looking for ways to circumvent licensing (or insert Apply and Use Exploited Code a self- replicating virus) than steal credentials or data. “BankingWebApp” is a web application written as a C#- 5POINTS Furthermore, if a crack was intended to steal credentials based application in Microsoft Visual Studio. It generates or data, the hacker often had to be “within the walls” binary DLLs that contain much of the program logic but  Most web-based because the targeted application usually ran over a LAN exposes individual *.aspx pages for each separate page in applications now use or WAN than the Internet. the application. User sign in is handled by “signon.aspx.” human-readable web Here’s a sample scenario: A hacker with a local copy pages

Web Applications are Easy to Modify of BankingWebApp discovers that a target bank runs you cannot With the rise of web-based applications, the threat model BankingWebApp by reading an online support forum. rely on any anti-virus changed. Most web-based applications now use human- They insert code into a hacked version of signon.aspx package to detect readable web pages written in PHP, ASP, C#, Perl, CGI, that writes all incoming usernames and passwords to modified web IRuby or other web scripting languages. Many others a secret log file. They also insert code into the same file applications depend on human-readable templates or configuration that displays the contents of the secret log file on the web your defense files that control how the application works. page when a special parameter is added to the URL (e.g., against this attack The switch from all-binary applications to mostly-script- “&debug=1337"). vector flows directly ed applications significantly lowered the bar of technologi- The hacker then contacts an individual at the target from the hackers’ goal cal prowess for would-be hackers. Today, a nefarious indi- bank through the support forum and convinces them in some cases, vidual with introductory-level web application skills can to download and apply the hacker’s exploit. Once the hackers will try to cut-and-paste code from the Internet into a sign-in page hacker’s exploit is in place, it gathers several hundred sets serve downloads to to write out all credentials to a secret log file. In a client- of customer credentials a day. After a month, the hacker popular packages on server world, the same trick would have required mastery executes a single “debug=1337" transaction against the their own sites of assembly code. publically-accessible signon.aspx to download thousands you can detect of valid credentials, and proceeds to use or sell the creden- and defend against Information Stolen by Exploited Web Applica- tials to criminal elements. these types of attacks tions is Easy to Retrieve by using the right mix The switch from LAN/WAN applications to Internet- Real-World Instances of Exploit of file integrity check facing applications also freed hackers from having to be It is difficult to locate real-world instances of this type of utilities present in the building to exploit their targets. Now hack- exploit in major commercial applications through Google

October 07 2013 43 TECH FOR GOVERNANCE | security

searches, but you can readily find examples of this type of exploit in popular content management systems (CMS) such as Joomla, DotNetNuke and WordPress. However, you may want to perform The best defense against malicious- a visual inspection of your own Internet-facing web applications before ruling them immune to this type of exploit. If your web appli- ly modified code is to automatically cation relies on directories full of “*.aspx”, “*.asp”, “*.php”, “*.pl”, scan your web apps for unauthor- “*.cgi” files, and those files are legible in Notepad on Windows (or vi on *nix), your web application may be vulnerable to this kind of ised changes. In the case of custom attack. (Check with your vendor if unsure.) or internally-developed web apps,

Most Vulnerable Applications Web Applications that this may be your only defense Rely on General-Purpose Web Servers Applications that depend on a general-purpose web server such as Microsoft IIS, Apache HTTPS, Apache Tomcat or Nginx are most Train Authorised Personnel to Use Change Control vulnerable to this type of attack. By design, general-purpose web Procedures servers allow several different web applications to share the same If you deny hackers the ability to install virus and Trojans in your web server, and it is the responsibility of each individual web appli- network, the next most likely vector into your systems will be cation to be a good citizen of the commons (e.g., not taking too through your people. Social engineering schemes can be devised to many resources, not destroying another application’s data, etc.). gain the trust of employees through shared user forums, or to blus- ter an employee through an urgent inbound phone call “from cor- Web Applications that Run Human-Readable Code porate” or a specific Fortune 500 vendor. “Spear phishing” schemes Web applications that entirely rely on human-readable scripts tend can also be developed to target specific email addresses in your com- to be more vulnerable than web applications that obfuscate or com- pany with official-looking upgrade notices or security alerts. pile their code. However, applications that partially hide code in this The hackers’ goal in all of these schemes is to convince someone way, such as binary DLLs used in many ASP.NET applications, may on your staff to download the hacker’s exploit from an unofficial site still be vulnerable to redirection in human-readable intermediate and then apply it to a production system. And if a solitary staffer can files or web filters, such as IIS’s ISAPI filter mechanism. do all that without telling anyone else, that would be ideal from a The best defense against maliciously modified code is to automati- hacker’s perspective. cally scan your web applications for unauthorised changes. In the Your defense against this attack vector flows directly from the case of custom or internally-developed web applications, this may be hackers’ goal. Any change control policy worth its name already con- your only defense. Fortunately, there are several “file integrity moni- tains two elements that inhibit these kinds of attacks. toring” tools that perform this exact function. First, good change control policies require at least two different Your file integrity check application should check all the static con- people to approve and apply changes. If you take away the ability for tent (images, stylesheets, JavaScript files, etc.) and code used by your people to act in isolation, you take away the ability for them to inde- web application. It should be configured to check a few times a day pendently make poor decisions. This is the same concept behind (at least), keep a trusted signature off the target machine in case the separation of duties in accounting; while the temptation to make a hacker is smart enough to recalibrate the local signature, and can be bad decision – to steal money – will always be great, the means to turned off and recalibrated cleanly during your planned outage. actually carry out bad decisions is greatly reduced when two people Note that some commercial web applications include their own must make the same bad decision to proceed. built-in file integrity checks. When evaluating new web applications, Second, change control often dedicates the use of separate test it may pay to ask about included file integrity features up front. and production systems, and specific tests that must be performed on the test system before code is promoted into production. While Use Anti-Virus Software to Watch for Exploit Delivery the technical aspects of running exploited code on a test system Vehicles will probably not uncover the exploit itself, a hacker must usually You cannot rely on any anti-virus package to detect modified web be willing to invest more time, and thus increase their chances of applications. By and large, antivirus packages look for binary signa- being detected, if exploited code must be shepherded through a test tures of known viruses in executables, or look for unusual operating- environment first. system behavior in applications, such as injecting code into operat- ing system executables. However, you can use anti-virus software to Beware of Third-Party Contributions, Even to Major detect and prevent the installation of the backdoors, Trojan horses, Packages and viruses that allow hackers to modify your web applications. Hackers who cannot rely on Trojans or poorly trained personnel still Without those, hackers must rely on vectors such as open RDP have one significant vector to exploit if their targeted web application sessions (usually protected behind VPNs these days) or the ability accepts third-party contributions: targeting the add-ons rather than of authorised personnel to follow instructions from an untrusted the core packages. In some cases, hackers will try to serve down- source to corrupt your application. loads to popular packages on their own sites. In other cases, they

44 October 07 2013 security | TECH FOR GOVERNANCE

can get the original package authors to serve the exploits SFTP instead of FTP to protect your credentials from as official add-ons or translated editions of the original snooping, and consider the use of strong authentica- software. In the most extreme cases, some hackers have tion through the use of SSH keys (with SFTP) or SSL actually replaced the official downloads with their own client certificates (with FTPS). You should also disable exploited packages, but this type of exploitation rarely $4tn unnecessary FTP accounts, use IP lockouts to head lasts for long. The best defense against these types of will be the size of off brute force (password guessing) attacks, consider exploits is to communicate with the provider of your soft- worldwide it spending limiting access to a limited number of IP addresses, ware application before applying add-ons or translated in the year 2014 and check your logs for login attempts that appear to be editions to understand whether or not the zeroing in on particular usernames. Changing the code code that makes up those elements is supported and behind existing web applications is a time-intensive but blessed by the sponsoring organisation. If it is not, and effective way for hackers to harvest authentication cre- another reputable organisation does not stand behind dentials and data. However, you can detect and defend the code, it may be best to forgo the add-on or switch to a against these types of attacks by using the right mix of different application. file integrity check utilities, antivirus software, and change control policy. You can also limit your exposure by avoiding add-ons and Watch your FTP or SFTP Access translations from third parties, and being careful with the way you In many of the cases where a popular CMS has been hacked at a par- use remote file transfer technology. ticular site, it was because the web site operator left no password or — Jonathan Lampe is a Security Researcher for the InfoSec Institute. an easily-guessed password on an FTP or SFTP account associated — The artcile is printed with prior permission from www.infosecisland. with that site. If you use FTP or SFTP to remotely manage your web com. For more features and opinions on information security and risk site, make sure that all accounts use strong passwords, use FTPS or management, please refer to Infosec Island.

How Pros Can Migrate and Maintain Security The best way to tackle this problem is by coming up with a vendor management methodology By Matt Neely

ore and more often, CIO’s and most of the security controls in the cloud, level of security while being flexible CSO’s are being tasked with there are often cases where security profes- enough fit these different service models. moving their company’s core sionals are responsible for managing and applications to the cloud. A maintaining key security controls. Start by Building a Framework: headache for security profession- For example, if a company is host- To build cloud security, you first need to Mals to say the least, and a challenge to quickly ing a home grown application at a PaaS create a programme to review, approve and generate security requirements and ensure (Platform as a Service) provider, then the manage cloud providers. This is something those requirements are followed. Another company’ would generally be responsible you can try to create on your own, or you problem that arises is that most companies for the security of the application itself. can follow an example my company created. already have existing security requirements The cloud provider of the PaaS would be To develop this framework start by meet- in place for traditional third-party vendors, responsible for the securing the platform ing with stakeholders to gather business, but these requirements are not a good fit for and infrastructure supporting the applica- technical and security requirements. Then the cloud services being adopted. tion. It is critical to clearly outline who is compare that with the regulatory require- Unlike traditional third-party solutions responsible for which component and have ments related to the data that would be where the vendor is responsible for all or requirements which provide the desired stored and processed by cloud providers.

October 07 2013 45 TECH FOR GOVERNANCE | security illustration by shigil narayanan illustration To build cloud security, you first need to create a programme to review, approve and manage cloud providers

Once you do that you can leverage existing Security of Cloud Services: ity were clearly defined, each requirement security policies, procedures and stan- In addition to creating a framework and in the CSF should be assigned to either the dards while adding additional require- earning corporate buy-in, security profes- cloud security provider or the business. ments specific to cloud computing envi- sionals also need to develop processes to During this review process you can enumer- ronments. To ensure the requirements prioritise, review and track which cloud ser- ate risks posed by the proposed solution are flexible enough to apply to the various vices are approved for use. and outline where the solution did not cloud models and use cases, the require- The best way to tackle this problem is by meet the CSF. By leveraging the knowledge ments should be broken down by the type coming up with a vendor management solu- you gather, and using existing technology, of cloud service used and the classification tion methodology to develop a programme as a security professional you are able to of the data processed and/or stored by to review, approve and manage the cloud quickly respond to the needs of the business the provider. service providers. Having this solution while minimising the risks of moving core Once the framework is complete meet will allow security professionals to enter applications to a cloud environment. This with executives at your organisation to requests to have potential cloud service pro- solution not only allows for cloud vendors review the Cloud Security Framework viders reviewed. Once a provider is entered to be quickly and easily reviewed, but also (CSF). During this meeting convey the for review, a questionnaire can be generated provides a programme to manage cloud importance of the framework to the busi- based on the type of cloud service used and services used by the business to ensure cor- ness and outline how the company should the data stored and/or processed by that porate information stored in-house or in the align to the new framework. Once you provider. This questionnaire should then cloud is protected equally. receive executive management buy-in, the be sent to the point of contact at the cloud framework can be adopted for use by all service provider to gather information on — Matt Neely is Director, Research, Innova- lines of business moving services to the what security controls are present in their tion and Strategic Initiatives at SecureState. cloud, not just IT. This will provide the environment. Once the questionnaire is company with a unified approach to man- complete, CSO’s and CIO’s staff can work — The artcile is printed with prior permission aging the security of cloud services, thus with the cloud service provider and their from www.infosecisland.com. For more features ensuring all corporate data moved to the organisation to snap the cloud service into and opinions on information security and risk cloud is appropriately secured. the CSF. To ensure the lines of responsibil- management, please refer to Infosec Island.

46 October 07 2013 Stay ahead of your peers. Grab this unfair LIGHT EVERY advantage CORNER IDENTIFY EVERY

THREAT GET IT NOW ! Every day, new cyber threats and attack techniques emerge to strike your Event Details: The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in network. With the growth of APTs and hacktivist groups, staying on top of th 16 October their professional environment ITNEXT invites you to participate in the 2-day the threat landscape is more challenging than ever. Besides, as mobile de- Grand Hyatt Pocket CIO programme to equip yourself with strategic, technical and soft- vices, social media, and the cloud become commonplace both inside the skills needed for senior management roles. The training sessions will be 9:30 am to 4:00 pm enterprise and outside, technology adoption is moving faster than security, hosted by experts, and will feature eminent CIOs. City& 18th October thereby creating problems for security practitioners. SESSIONS WILL COVER Taj Palace Contemporary trends in a current technology area Date Raising alarm bells, security experts believe that based on the way the 9:30 am to 4:00 pm Delivering innovation or improving business outcomes through IT solutions BENGALURU enterprise landscape looks now, companies are on their way to a com- Best practices for installing, operating and improving enterprise 25th – 26th services/infrastructure octoBer plete breakdown if they don’t change their security strategies immediately. 30th October Thinking strategically about IT To overcome these security concerns, technology leaders need the next ITC Windsor Leadership in the corporate context APPLY NOW ! generation of security innovations. 9:30 am to 4:00 pm www.itneXt.inneXt100 REGISTER THROUGH MOBILE APP To learn more about how Juniper Networks is changing the face of network Download the NEXT100 app on your phone eVeNt By security and cyber-attack prevention, join us for a day-long session with or tablet, and register for Pocket CIO our security specialists. program. Access the latest white papers in association with and case studies, and watch videos p RESENTS Bring your network security questions and take advantage of our on- INDIA’s FUTURE CIOs site Technical Security Specialists!

Platinum Partner Premier PrinciPal Partners tecHnology Partners neXt100 Book suPPorting Partner Partner Partner

* SEATS ARE LIMITED AND WILL BE OFFERED ONLY TO QUALIFIED CANDIDATES

Juniper Ad_C&L.indd 1 10/10/2013 12:36:04 PM VIEWSteve DuplessiePOINT | [email protected]

Fail Factors: Why Startups Die There Are No Fed Funded Tech

Business Models i on by photos.com Illustrat

It’s been a while since I’ve seen a printing more cash every day and diligence call with Peter Levine of new way to fail in business, hence spending beyond the means of thirty Andreesen Horowitz on this very the dearth of additions to this series. generations! Why not you? subject — whereby he came to the But now we have a new one — the VCs haven’t helped. They have same conclusion. How and when fantasy business model. funded these fantasies and never do they make money? There was Most failures of startups, through bothered to look (or care) that eventu- never an answer. history, can be classified in just a few ally (unless you are the Fed), a com- They aren’t the only ones. I can’t camps: 1. the product never worked, pany needs to take in more money About the for the life of me figure out how 2. the market never cared or existed than it spits out in order to sustain author: Carbonite is going to make money. I (there was no real problem), or 3. the itself. Call me old school, but it’s that Steve Duplessie see the same exact thing — the more execution (team/CEO) was awful. simple. Nirvanix is the most recent is the founder of customers they bring on, the more and Senior Analyst Sometimes it’s just bad timing. Luck (but certainly not the only) victim of at the Enterprise money they will lose. Unless they always plays a role. Tech business fictitious Fed funding fantasy land. Strategy Group. cheat, in which case they will collapse models were all the same. Spend For all the joy and love of a cloud Recognised eventually under their own weight. money, build product. Sell product to storage service, 15 years after, Peter worldwide as Did you ever see the Saturday lots of people for more than product Bell’s Storage Networks collapsed the leading Night Live skit about the bank who’s independent costs to build. Buy low, sell high. because it couldn’t find a sustainable authority on motto was “we make change”? “4 Sell more, make more. Yadda yadda profitable business model (that one enterprise storage, quarters for a dollar, or ten dimes, or yadda. Today the business model was more technology related — not Steve has also 20 nickels. Perhaps 2 quarters and matters as much, if not more, than being able to securely multi-tenant consistently been five dimes!” When asked how they the product/technology and often kit back then killed the idea) — with ranked as one of make money, the answer was “Vol- the most influential even the market itself. lots of customers and buzz. At the IT analysts. You ume!” It’s kind of like that. Somewhere during the insanity of end of the day, I could never figure can track Steve’s The bet is clearly that if you can get the dot com bubble, it became okay out how they were going to make blog at http://www. really big and eliminate competition, to have a business plan that never, money. I’m not that smart, granted, thebiggertruth.com and WAIT IT OUT (so your costs ever showed how you make any but the math never made sense. decrease over time and the elimina- money. Fast forward 25 years and The more customers they added, tion of competition enables you to we seem to have come full circle. the more they would lose. Surely raise revenue for a less expensive Heck, the Federal Government of smart VCs would have picked up on service), then eventually you will the mighty USA is fine with simply that, no? I vividly remember a due make money.

48 October 07 2013

Lenovo® recommends Windows 8 Pro. WHEN YOUR THINKPAD TAKES A KNOCK, THE DATA DOESN’T GET KNOCKED OUT. THINKPAD OUTTHINKS FALLS AND BUMPS WITH MAGNESIUM-ALLOY ROLL CAGE.

The Lenovo ThinkPad® features a unique magnesium-alloy roll cage that protects the HDD from falls and bumps. This prevents any damage to the critical components and keeps your data safe.

Crash zones

Impact points

Tough chassis

Give your business the ThinkPad advantage www.lenovo.com/in/en | 1800-3000-9990 | [email protected]

20 YEARS OF LEADERSHIP THROUGH INNOVATION

Lenovo reserves the right to correct any errors, inaccuracies or omissions and to change or update information at any time, without prior notice.Trademarks: The following are trademarks or registered trademarks of Lenovo: Lenovo, the Lenovo logo, For Those Who Do and ThinkPad. Microso and Windows are registered trademarks of Microso Corporation. Other company, product and service names may be trademarks or service marks of others. ©2013 Lenovo. All rights reserved. AP_IND_PRN_Q2-14_36700_CIO28x21