IT NEXT Vol 02 Issue 02 March 2011

Published on November 2016 | Categories: Documents | Downloads: 65 | Comments: 0 | Views: 368
of 54
Download PDF   Embed   Report

IT Next Magazine march 2012

Comments

Content


IT managers share their experiences and
insights in DEPLOYING & IMPLEMENTING
TECHNOLOGY SOLUTIONS, while industry
analysts examine the road ahead. Pg 14
FUTURE
SEE
THE
Case Studies
on Lowe Lintas &
Usha Martin Pg 26
SECURITY: Benefits
of ISO 27001 certification
for the enterprise
VDI: Virtualisation
on the desktop makes
good business sense
INTERVIEW: Sudhir
Narang on transforming
IT into Business Center
BOSS TALK
Managing people
effectively Pg 04
32 42 46
I
T

N
E
X
T

S
E
E

T
H
E

F
U
T
U
R
E
MARCH 2011

/

` 75
VOLUME 02

/

ISSUE 02
V
O
L
U
M
E

0
2


|


I
S
S
U
E

0
2
EDITORIAL
1 MA R C H 2 0 1 1 | ITNEXT
There was muted silence as a frail-looking
man in a black turtleneck and blue jeans took
stage at the Yerba Buena center in San Francisco.
Over the course of the next hour, Steve Jobs took
the hundreds of enthusiasts through one of the most
anticipated launches of the year, the iPad 2. Within
minutes, the cyber world was abuzz with reports and analysis,
blogs, Facebook status messages, Twitter updates, news sites, fed the
frenzy. Jobs had done it again for Apple; he had ensured that even before the
device was launched, people would be clamouring for it.
iPad’s success is a brilliant instance of how innovation can be truly
disruptive. Apple didn’t invent tablets; the concept has been around for
decades. In fact, the first patent for an electronic tablet used for handwriting
was granted in 1888. The first concept was by Alan Kay in the early 1970’s,
when he came up with the idea of DynaBook. And yet whenever most people
talk about tablets, they start with the iPad. In less than a year (iPad was
launched in Aril 2010), Apple has sold 15 million iPads in 2010 and 40
million in 2011 so far. iPads account for 95% of the tablet market. Apple
achieved this by innovating. By carefully evaluating user needs, and crafted
solutions that met them. The company is not inventive, but disruptive.
Apple can be a template for any enterprise that wishes to be successful.
You need to deliberately look ahead, peer into the future, and design
products and services that will be ahead of their time. In these days of
hyper-competition, innovation alone is not enough; disruption is needed.
As IT leaders, you to need to pick a leaf from Jobs’ biography. Look at things
around you, talk to customers, keep a tab on competition, check the flow
of the tech winds. Study, analyse, and evaluate. Once you have done so,
do it again. Only through force of habit, can you be really be disruptive.
Remember, Jobs didn’t create Apple in a day, it has been around for over
three decades.
Put on your thinking hat and set on the journey, reminding self that no
peak is too high and no river too deep. Go ahead. Be disruptive!.
“In these days of
hyper-competition,
innovation alone is not
enough; disruption is
needed. ”
Disruptive
Creativity
S HAS HWAT D C
Blogs To Watch!
Clayton Christensen - World
Innovation Forum Presen-
tation
http://slidesha.re/itnedit1
Innovate the Future, by David
Croslin
http://scr.bi/itnedit2
Chris Anderson: How web
video powers global innova-
tion
http://bit.ly/itnedit3
How P&G Quietly Launched a
Disruptive Innovation
http://bit.ly/itnedit4
Your views and opinion matter to us.
Send your feedback on stories
and the magazine at editor@
itnext..in or SMS us at 567678
(type ITNEXT<space>your
feedback)
Editorial.indd 1 3/4/2011 6:04:30 PM
2 ITNEXT | MA R C H 2 0 1 1
C
O
V
E
R

D
E
S
I
G
N
:

P
C

A
N
O
O
P
CONTENT
MARCH 2011
xx
Page
FOR THE LATEST TECHNOLOGY UPDATES GO TO I TNEXT. I N
COVER STORY
16 The New Path of Mobility
The cloud bandwagon has got room for the big screen too, with new
breeds of OS unlocking its potential in areas like UC and collaboration.
18 Software Service Solutions
An evaluation of least capital cost intensive opportunities
20 Fighting with Data Thieves
Today, data is a corporate asset and data theft is a big threat that cor-
porates face. How does the Indian law provide for this?
22The Might of Mbps
With 3G in and BWAon the agenda, wireless broadband is a pipe-less
dream come true
24 Some myths deflated
Common cloud computing myths demystified and risks explained
04 People management |
Manage aspirations of people
to tune them into your organ-
isation’s goal. Treat others as
you want to be treated.
BOSS TALK
46 “IT is no longer just a
cost centre” | Sudhir Narang,
MD, BT India, on the company’s
strategies, new technologies
and changing business.
INTERVIEW
Facebook:
http: //www. f acebook.
com/home. php#/group.
php?gi d=195675030582
Twi tter:
http: //t wi tter. com/i tnext
Li nkedIn
http: //www. l i nkedi n. com/
groups?gi d=2261770&trk=myg_
ugrp_ovr
Putting technology to work, as IT
managers share their experiences and
insights in deploying and implementing
technology solutions, while industry
analysts examine the road ahead.
FUTURE
THE SEE
14
Page
Content Page.indd 2 3/4/2011 7:35:20 PM
3 MA R C H 2 0 1 1 | ITNEXT
INSIGHTS
32 The Recipe for
Success
36 The 17 Second
Solution
39 Run the Risk
42 The New Face
of Zero
CASE STUDY
26 From ‘Ignorance
Tolerated’ to IT
Loweconnect is regarded as a
model solution in the advertising
industry. Here’s why…
28 The Power of One
A case study on Internet Threat
Management & UTM adoption
OPINION
12A Consumerisation
of the Enterprise| by Sameer
Shelke, Co-founder, COO and
CTO at Aujas Networks Pvt. Ltd.
15-MINUTE
MANAGER
49 CIO-on-Demand | Helps to
infuse a top CIO’s leadership to a
business that can’t afford one
50 Healthy Habits | Office
chair squats can be effective
52 Battle for the future |
Who will benefit in the the war
between tablets, smart phones,
laptops and netbooks in 2011?
53 Best of both worlds | Sears
India used ‘work from home’
option to manage employees
32
Page
36
Page
ITNEXT.IN
REGULARS
Editorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01
Industry update _ _ _ _ _ _ _ _ _ _ 08
Open debate _ _ _ _ _ _ _ _ _ _ _ _ _55
My log _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _56
PLEASE
RECYCLE
THIS
MAGAZINE
AND
REMOVE
INSERTS
BEFORE
RECYCLING
© ALL RIGHTS RESERVED: REPRODUCTION IN WHOLE OR IN
PART WITHOUT WRITTEN PERMISSION FROM NINE DOT NINE
MEDIAWORX PVT LTD IS PROHIBITED.
Thisindexisprovidedasanadditionalservice.Thepublisher
doesnotassumeanyliabilitiesforerrorsoromissions.
ADVERTISER INDEX
Tata Communications IFC
Sigmabyte 05
APC 7, BC
ISACA 11
IBM Insert after 12
Cisco 13
Red Hat 29
NetMagic 31
airtel IBC
MANAGEMENT
Managing Director: Dr Pramath Raj Sinha
Printer & Publisher: Vikas Gupta
EDITORIAL
Group Editor: R Giridhar
Associate Editor: Shashwat DC
Sr Correspondent: Jatinder Singh
Copy Editor: Akshay Kapoor
DESIGN
Sr Creative Director: Jayan K Narayanan
Art Director: Binesh Sreedharan
Associate Art Director: Anil VK
Sr Visualiser: PC Anoop
Sr Designers: Prasanth TR, Anil T, Joffy Jose
Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange
Designers: Sristi Maurya, Suneesh K,
Shigil N & Charu Dwivedi
Chief Photographer: Subhojit Paul
Photographer: Jiten Gandhi
SALES & MARKETING
VP Sales & Marketing: Naveen Chand Singh
(09971794688)
Brand Manager: Siddhant Raizada (09990388390)
National Manager-Events & Special Projects:
Mahantesh Godi (09880436623)
National Manager -Print , Online & Events: Sachin
Mhashilkar (09920348755)
South: B N Raghavendra (09845381683))
North: Deepak Sharma (09811791110)
West: Hafeez Shaikh (09833103611)
Assistant Brand Manager: Swati Sharma
Ad co-ordination/Scheduling: Kishan Singh
PRODUCTION & LOGISTICS
Sr. GM Operations: Shivshankar M Hiremath
Production Executive: Vilas Mhatre
Logistics: MP Singh, Mohamed Ansari,
Shashi Shekhar Singh
OFFICE ADDRESS
Nine Dot Nine Mediaworx Pvt Ltd
A-262 Defence Colony,
New Delhi-110024, India
Certain content in this publication is copyright Ziff Davis Enterprise Inc,
and has been reprinted under license. eWEEK, Baseline and CIO Insight
are registered trademarks of Ziff Davis Enterprise Holdings, Inc.
Published, Printed and Owned by Nine Dot Nine Mediaworx
Private Ltd. Published and printed on their behalf by Vikas Gupta.
Published at A-262 Defence Colony, New Delhi-110024, India.
Printed at Silver Point Press Pvt Ltd., A-403, TTC Ind. Area, Near
Anthony Motors, Mahape, Navi Mumbai-400701, District Thane.
Editor: Vikas Gupta
Success
Recipe
FOR
The
ISO 27001
Content Page.indd 3 3/4/2011 7:35:26 PM
4 ITNEXT | MA R C H 2 0 1 1
“Manage aspirations of people to tune
them into your company’s goal. Treat
others as you want to be treated.”
Y
oung managers, though highly
motivated, are often confused.
‘Where do I go next? What will
differentiate me? How do I del-
egate?’ While these may seem
like simple questions, the answers, for a young
manager, are not as simple.
Management is not only in the ‘doing’, but actu-
ally in the ‘managing’. It’s a tireless job of planning,
executing, evaluating and re-planning. None of
these include ‘doing’ things; but focus on ‘getting
things done’. It’s about delegating more and doing
less. According to Jack Welch, management is easy.
If you understand your role clearly, you’ll agree.
Delegating and working with a not-as-compe-
tent subordinate is not easy. You may have always
met and exceeded your boss’ expectations, but
there are no guarantees that your subordinates will
be just as competitive. But management also entails
understanding that a team is always far more capa-
ble than an individual. Not all people are equally
competent, and while individually a manager may
add great value, his output is only and exactly what
his team’s output is.
Data is the lifeline of an organisation and man-
agers at every level transform it to add value for the
next level of management. Data in its crude form
can be raw with absolutely no value. As a manager,
you may convert it to information and present it to
your superior. The next-level manager may convert
it into knowledge and finally top management can
use it to make a wise decision. While you are free
to process data exactly how you want to, you have a
focused responsibility of processing it and provid-
ing it to your manager in his required format.
Keeping confidentiality intact, you should also
commit to the free flow of information; whether
from you to your boss or from you to your sub-
ordinates. In such an environment, management
decision-making becomes easy and accurate; with-
Getting
Things Done
PEOPLE MANAGEMENT
out it, analysing becomes difficult, and strategy a
guessing game.
Managing people is not an easy task and there
are no simple rules, though a few general meth-
odologies still apply. Instead of managing people,
manage their aspirations and tune them into your
company’s goal. Treat others as you want to be
treated. Offline or online, publicly applaud a job
well done, focusing on even the small things; and
rebuke only in private, ignoring the small stuff.
As a manager, you also have to interview and
evaluate other people. Always appraise people on
the value they’ve brought to the team/organisation
by their actions/achievements. Appraisal is contin-
uous and not an annual activity. Constantly evalu-
ate your team on all major tasks, while providing
continuous feedback and your overall perception.
People management is not easy, so don’t be
disheartened by any initial failures. Remember,
management still is a tireless job of planning,
executing, evaluating and re-planning.
Shantanu Singh Chauhan is the Director of New Initiatives at
Value First Messaging Pvt. Ltd.
SUGGESTION READ
BOSS TALK | SHANTANU SINGH
Leadership
Secrets of Hillary
Clinton explains
how business
leaders can use
open-mindedness,
focus & resilience
to get results, cit-
ing examples from
Clinton’s success-
ful experiences in
public office.
WRITER: REBECCA SHAMBAUGH
PUBLISHER: MCGRAW-HILL
PRICE: RS. 395 P
H
O
T
O
G
R
A
P
H
Y
:

S
U
B
H
O
J
I
T

P
A
U
L
Boss Talk.indd 4 3/4/2011 3:06:32 PM
OPINION
6 ITNEXT | MA R C H 2 0 1 1
OPINION
W
e recently did
some absolutely
brilliant work
segmenting the
overall IT market
by users’ sophistication with server vir-
tualization techniques and implementa-
tions. We looked across every industry
and every major IT function to catego-
rise Laggards, Followers, and Leaders–
what they mean, and more importantly,
what are the specific concerns, chal-
lenges, requirements, or downright
show-stoppers for each group within
each industry sector, within each matu-
rity segment.
We looked across Servers, Storage,
Networking, Security, and the
Application organisations within IT.
Guess what? The answers differ based
on who you talk to!
We segmented the market into cat-
egories, based on primary metrics:
1. Scope of Deployment – the % of serv-
ers that have been virtualized.
2. Virtual Production Ration – % of
VMs in production.
3. Efficiency – consolidation ration of
VMs per physical machine.
4. Workload Penetration – deployments
across multiple workload.
Takeaways:
Server virtualisation is becoming
ubiquitous. BUT, and this is a big but
58% of organisations have virtualised
less than 1/3 of their servers.
Thus far IT owned applications
dominate what’s being virtualised. File/
There will be an avalanche of growth
over the next 24 months–but it IS NOT
going to come from the “leaders”.
When speaking with ESG’s
management guru, Bob Laliberte,
it became clear to me. Bob called
it perfectly, he said: “A laggard IT
operation ‘monitors.’ A follower
‘manages.’ A leader ‘automates.’”
Brilliant in its simplicity, it is
completely accurate. Whether we’re
talking about managing a virtual
environment or a backup process, it’s all
true. For an advanced society, we sure do
spend a ton of time “monitoring,” don’t
we? How do you monitor something
that isn’t real? And why bother?
If our management techniques are
stuck in medieval times, how do we
expect to ever truly reap the rewards
of “dynamic IT?” It’s bullshit. This
IT stuff was brutally hard to manage
when it was one stovepipe with one app
running to one department. It’s simply
not possible to manage any longer if
“monitoring” is even in the conversation.
I contend that you are a liar (mostly to
yourself) if you think you are actually
“managing” anything.Management
is NOT knob turning anymore. Knob
turning is how you marginalize yourself
out of a job. Remember those assembly
line workers who built cars? They
turned knobs. Robots do that now.
Robots that are smarter, cheaper, and
better at turning those knobs. Know
where the strategic “management” is
now? It’s in designing what you want
to have happen, and programming the
robots to execute on it.This holds true
wherever a knob is twisted. Storage has
TONS of knob turners. Networking still
has knob turners. Servers and Apps
and Databases all have lots and lots of
knobs–but guess what? The knobs are
becoming virtual. You need to become
the architect of the OUTCOME, not the
guy who fixes the leak. You architect.
Tools monitor. Tools manage. Tools
automate your plan.
With permission from ESG Blog, Getting to the big-
ger truth, January 2011
“If our management
techniques are stuck
in medieval times,
how do we expect to
reap the rewards of
dynamic IT?”
Print, etc. 59% haven’t virtualised ANY
“mission-critical” applications.
Those who do virtualise are able to
document increased return on investment
as they become more advanced.
“Dynamic IT” is still an illusion. Very
few are truly engaged in utilising the
advanced capabilities of virtualisation yet.
TECH TALK
STEVE DUPLESSIE
Founder and Senior Analyst,
The Enterprise Strategy Group
Grow Up! The
New World of
Managing IT
Stuff
Opinion_Tech Talk.indd 6 3/4/2011 4:41:54 PM
8 ITNEXT | MA R C H 2 0 1 1
P
H
O
T
O

I
M
A
G
I
N
G
:

P
H
O
T
O
S
.
C
O
M
TRENDS
DEALS
PRODUCTS
SERVICES
PEOPLE
SERVICES | Professional networking major LinkedIn has launched
the beta release of LinkedIn Skills, which is expected to help mem-
bers discover up-and-coming expertise areas that professionals
need to succeed. The product, according to the company, is designed
to surface the top people, top locations, related jobs, and groups
associated with thousands of skills which members have identified
as areas of expertise. These tools will help members stay ahead of
the competition and discover hot skills professionals are adding to
LinkedIn skills’ beta
release launched
their profiles – from application
development to business intel-
ligence to calligraphy.
“With today’s increasingly
competitive marketplace,
LinkedIn is offering the
unique ability to pinpoint top
experts for a particular skill
set, in addition to providing
relevant and actionable insights
about trending skills that can
help professionals manage
their careers,” said DJ Patil,
LinkedIn’s chief scientist.
“Through LinkedIn Skills,
we believe we have a whole
new way of understanding the
landscape of skills - who has
them and how they are changing
over time – and how truly
diverse the universe of skills
actually is, whether it’s java or
ballet,” Patil added.
It also provides top related
skills for a given industry with
trending information on which
skill is growing or declining in
that industry. Hiring managers
can also benefit from the ability
to identify top candidates
and talent who possess the
specific skills the professional
organisation needs. The
networking major claims that
the product offers the ability
to add new skills to the profile,
surface the top professionals
who have similar expertise and
related companies where the
desired expertise will have the
most impact.
LinkedIn Skills is one of
the many new products that
provides rich, relevant insights
that help members manage their
careers and create opportunities
for themselves and their
professional network.
These tools
will help
members
stay ahead of
the compe-
tition and
discover new
professional
skills
UPDATE
I N D U S T R Y
SOURCE: LINKEDIN POLL CONDUCTED
BY RUTH JACOBS, INFORMATION SECU-
RITY RECRUITMENT CONSULTANT
Over 500 IT pro-
fessionals, from
different industry
verticles globally
participated in
the poll
IT satisfaction level with their current information risk/security
position in an organisation
(Figures in %)
INFORMATION
SECU
RITY
31
26
23
10 9
50
40
30
20
10
0
Mostly
Satisfied
Somewhat
Satisfied
Somewhat
unstaisfied
Extremely
Unsatisfied
Perfectly
Satisfied
Update.indd 8 3/4/2011 4:52:42 PM
9 MA R C H 2 0 1 1 | ITNEXT
P
H
O
T
O

I
M
A
G
I
N
G
:

S
H
I
G
I
L
.
N
ZYXEL COMMUNICATIONS
a networking company, has announced the
launch of the NBG4615 Wireless N Gigabit
NetUSB Router, powered
with Wireless N and Gi-
gabit technology, along
with ZyXEL’s NetUSB
feature.
GO WIRELESS
Logitech has introduced the Logitech Wire-
less Combo MK260, a mouse and keyboard
combination designed for
home users and office
workers. The product will
be available in India for a
price of Rs 1,495.
SERVICES | Microsoft India
has launched Office Web Apps
in India. The apps will enable
users to access its office applica-
tions Microsoft Word, Excel,
PowerPoint and OneNote, for
free using their Windows Live
ID on the SkyDrive or Hotmail.
According to the company, this
will also allow users to create,
view, edit, and share Office docu-
ments from anywhere with an
Internet connection. “Office Web
Apps are a key piece of Micro-
soft’s overall cloud strategy and
are designed to empower people
to take their familiar productiv-
ity experience on the web,” said
Sanjay Manchanda, Director,
Microsoft Business Division.
Microsoft launches Office
Web apps in India
students to collaborate on their
school and college projects in a
seamless way”, he added.
Office Web Apps provide
consistent formatting of a
document with full images and
footnotes, table borders and
text effects to the user. To start
with Office Web Apps, users
only require a Windows Live
ID, a supported web browser
and an Internet connection.
Moreover, team members can
work together using Office
Web Apps, regardless of what
version of Microsoft Office they
use and whether they work on a
PC or a Mac.
According to Microsoft’s
claim, over 30 m users
worldwide are already using
beta version of Office Web Apps
in just over six months after they
were introduced.
This will
allow users to
view, edit, and
share Office
documents
from virtually
anywhere
In a new report on the current cyber-crime black
market, PandaLabs has found that the cyber-
crime black market diversified its business model
in 2010, and now sells a much broader range of
hacked confidential information including bank
credentials, log-ins, passwords, fake credit cards
and more. But PandaLabs discovered that this
information can only be accessed by personally
contacting the hackers who are promoting their
info for sale on forums and in chat rooms.
AROUND THE WORLD
Statistics on Cyber-Crime
Black Market
STEVE JOBS, CEO, APPLE AT THE LAUNCH OF
IPAD 2 AT SAN FRANCISCO
“EVERYONE’S GOT A TABLET.
WILL 2011 BE THE YEAR OF
THE COPYCAT? IF WE DID
NOTHING, MAYBE A LITTLE
BIT… PROBABLY NOT.”
“Features like ease of sharing
and high document fidelity make
Office Web Apps a powerful
enabler of productivity in the
cloud for modern information
workers and consumers alike.
Moreover, this is a great tool for
QUICK BYTE
TABLET PC
MSI has launched the WindPad 100W
Tablet PC. This device features the In-
tel mobile platform proc-
essor, 10.1-inch multipoint
touch screen as well as
dual video cameras, & an
ALS light sensor.
Update.indd 9 3/4/2011 4:52:45 PM
UPDATE
1 0 ITNEXT | MA R C H 2 0 1 1
TECH TRENDS| Hyper-fast quantum
computers have edged a step closer to
reality after team of scientists gener-
ated 10 billion quantum bits in silicon
for the first time ever.
The achievement in silicon, which
is the basis of the computer chip, has
important implications for integration
with existing technology, according to
a team of researchers.
Scientists from Britain, Japan,
Canada and Germany believe that
such computers, based on quantum
bits or qubits, will be able to test
many possible solutions
to a problem at once, as
determined by a report from
the journal Nature.
Conventional computers
based on binary ‘switches’,
or bits, can only do one thing
at a time, reports the news
agency IANS.
“Creating 10 billion entangled
pairs in silicon with high fidelity is
an important step forward for us,”
according to John Morton of Oxford
University.
“We now need to deal with the
challenge of coupling these pairs
together to build a scalable quantum
computer in silicon,” Morton, who led
the study, said.
Quantum entanglement involves the
notion that particles can be connected
in such a way that changing the state
of one instantly affects the other, even
when they are miles apart.
Albert Einstein once
famously described quantum
entanglemen as “spooky
action at a distance”.
Other areas of quantum-
related research include
ultra-precise measurement
and improved imaging.
TECH TIDINGS | Total domestic
IT services spending in 2011 is
expected to grow by 15.5% over
2010, riding on the strong waves
of IT outsourcing services, finds
a recent report from Springboard
Research. As per the report, the
market for CY2011 is expected to
reach US$7.5 billion, represent-
ing more than 14% of the overall
APEJ (Asia Pacific excluding
Japan) IT services market.
The research shows that about
70% of IT services spending
in India come from discrete
services and the remaining 30%
from outsourcing services. The
high skew towards discrete
services in India means that
Hyper-fast quantum
computers to be a reality!
Indian IT services market
to reach $7.5 b by 2011
IT NEXT: What benefits does IBM’s
Power7 System server offers to
enterprises?
RAHUL BINDAL: Power Systems are
integrated to help support the complex
workloads and dynamic computing models
of the new kind of world - Smarter systems
for a Smarter Planet. They are designed
to manage the most demanding emerging
applications, ranging from smart electrical
grids to real-time analytics for Indian
market. We estimate up to a 65% increase
in transactions or users could be handled
by the same server previously constrained
by memory capacity. Also, the total cost
of ownership of POWER7 systems can be
better than competitive systems.
Which are the key factors that
differentiates Power 7System
with Intel’s Itanium chip, and Sun
Microsystems’s Sparc chip?
These three processors are targeted by
the respective OEMs for true 64 bit server
computing. The most popular operating
system used on all these architectures is
UNIX. 64 bit Linux from certain vendors
are also available on Power & Itanium.
As these processors are intended to
deliver superior performance & scalability
for workloads, this characteristic is the
fundamental differentiator between the
three. The benefit of this to customer
is in lowered cost of acquisition &
ownership. Customers can potentially
reduce costs of server HW, SW licensing,
maintenance costs, subscription costs
and environmental costs of electricity,
cooling, power backup & rack space.
By Jatinder Singh
INTERVIEW
RAHUL BINDAL, VICE PRESIDENT -
POWER SYSTEMS, IBM SYSTEMS AND
TECHNOLOGY GROUP IBM INDIA/
SOUTH ASIA
The research
shows that
about 70% of IT
services spend-
ing in India
come from dis-
crete services
story tools
%
the Indian IT services
market is still in the
maturing phase.
Springboard expects
the IT services market
in India to continue its
rapid development and
maturation process.
10
quantum bits
in silicon were
generated
by a team of
scientists
billion
Update.indd 10 3/4/2011 4:52:46 PM
UPDATE
1 2 ITNEXT | MA R C H 2 0 1 1
TECH TRENDS | Olive Telecom has
announced the launch of an Android
Gingerbread phone in India, one that
apparently is just 9.9 mm thick, and
sports HSPA+ (14.4 Mbps) connectiv-
ity – the OliveSmart V-S300. Olive
is calling the device the first HSPA+
smartphone in the country. It features
the latest Android phone-specific oper-
ating system – one that was just intro-
duced with the platform lead device,
the Google Nexus S.
The OliveSmart is an “ultra-slim”
bodied phone, boasting of a 4.1-inch
capacitive multi-touch screen with
a 800x480 pixel resolution, a 1GHz
Qualcomm Snapdragon MSM8255
Olive introduces
HSPA+ phone
processor, along with the Adreno 205
graphics engine, 512MB RAM and
2GB ROM, a 5MP rear camera (with
flash and auto-focus) and a front
facing VGA camera for a video-calling,
along with a 1400 mAh battery. Other
features include a dual microphone
arrangement for active “Fluence” noise
cancellation, 720p HD video recording
and playback, Wi-Fi and Bluetooth
v2.1 connectivity along with DLNA,
as well as GPS/accelerometer/ambient
light/digital compass sensors, and 2GB
onboard storage along with microSD
expandability up to 32GB. The
OliveSmart should hit streets in about
a month, at roughly Rs. 20,000.
Qualcomm has launched the next
mobile processor architecture for
the Snapdragon family. The new
processor micro-architecture,
code-named Krait, in the next-gen-
eration Snapdragon, will redefine
performance for the industry, offer-
ing speeds of up to 2.5GHz per core
and delivering 150% higher overall
performance, as well as 65% lower
power than currently available
ARM-based CPU cores. These
chipsets will be available in single-,
dual- and quad-core versions and
include a new Adreno GPU series
with up to four 3D cores, and inte-
grated multi-mode LTE modem.
The latest family of Snapdragon
chipsets will include the single-
core MSM8930, the dual-core
MSM8960 and the quad-core
APQ8064. All chipsets in the fam-
ily will integrate a quad-combo of
connectivity solutions and include
support for NFC, as well as S3D
video and photo capture and
playback. Support for every major
operating system comes standard
on all Snapdragon chipsets.
Samples of the MSM8960 are
anticipated to be available in Q2
2011 and samples of the MSM8930
and APQ8064 are anticipated to be
available in early 2012.
TECH TRENDS
Qualcomm’s
next for
Snapdragon
The early
previews of
the product
revealed it
currently
runs Froyo,
and will
get a 2.3
upgrade
soon after
launch
NOKIA’S BOLD TIE-UP WITH MICROSOFT
TONY CRIPPS, PRINCIPAL ANALYST, Ovum on Microsoft and Nokia partnership that will make Windows
Phone 7 the main operating system for Nokia’s smartphones.
“This is a bold decision by Nokia, but absolutely the right one, given the
drastically changed landscape for smartphones off late. There were few
short term options available to the company to help it get back on terms
with Apple and especially the Android masses, which in 2011 look set to
overtake Nokia in terms of smartphone shipments.”
NEWS @
BLOG
Update.indd 12 3/4/2011 4:52:47 PM
1 2 A ITNEXT | MA R C H 2 0 1 1
OPINION
I
read an article “John Sculley on
Steve Jobs,” which as the name
suggests was an interview tran-
script of John Sculley the former
CEO of Apple. John Sculley talks
about “The Steve Job’s Methodology”
on how to build great products, he says
Job’s always looked at things from the
perspective of what the user experience
is going to be. He didn’t believe in asking
consumers what they want, but rather
built beautiful products which people
ended up wanting.
Similar to what Henry Ford had said
about consumer views on the car, “If I
had asked people what they wanted,
they would have said faster horses.”
How is this changing the
‘Enterprise’ behaviour? The way
people in an Enterprise looked at
end-user technology is different from
how individuals in their capacity
as consumers looked at it. I guess
that’s why end-user technologies
such as laptops or operating systems
had enterprise range products and
consumer range products. Enterprises
used to determine what specific laptop
or mobile product models could be
used for corporate IT services. But
over a period of time, it’s the individual
user need of an organisation that aid
the selection.
Apple, I think, is changing this –
consumerisation of the enterprise
is happening. I was involved in
an Information risk management
framework transformation project
for a service provider in Japan.
While the Management, IT, Business
and Security teams had their own
requirements and expectations from
Several organisations are now
allowing or thinking of ways they
can let the users choose the end-user
technologies to access IT services in a
secure form. The advent of the iPad or the
tablet phenomenon would only make it
impossible for companies to stay away
from this change. It’s not just Apple,
but other companies and technologies
are also driving this change. We now
see interesting ads from “Enterprise”
technology firms such as RIM getting
more consumer friendly (“Blackberry
Boys”) or the younger generation doing
special behavioural changes to get “their
first android.” Also, with the arrival of
various applications, the mobile has
more become a friend with whom you
can talk, chat, play and so on whenever
you feel so.
Apple released the iPad on April 3; it
sold 1 million units by May 3. Analysts
predict close to 8 million iPad’s will sell
in 2010. iPad 2.0 would be released soon
with a prediction of selling 6 million
units a month! Now consider this in the
context that the iPad is available for sale
in only select countries and other tablets
are also making their mark. Mobile
applications are expected to touch sales
of $35 billion by 2014, and Gartner has
predicted a 10 percent drop in their PC
sales forecast for 2011 mostly on account
of the increased interest in tablets.
Hence, I am of the opinion that
consumerisation of the enterprise is a
foregone conclusion and organisations
need to modify their risk management
postures to allow for a range of
‘consumer’ devices and applications to
be used within the enterprise. They also
need to carefully analyse what a small
security breach can do in those mobile
devices. Unfortunately, the knowledge
is very limited so far. While the
Management, IT, Business and Security
teams had their own requirements
and expectations from the project, the
end-users hoped the project would
enable use of the iPhone for business
communication and email “Adapt or
perish, now as ever, is nature’s inexorable
imperative.” – H. G. Wells.
“Consumerisation
of the enterprise is
foregone conclusion
organisations need
to change their risk
mitigation practices to
encompass a range of
‘consumer’ devices”
Consumerisation
of the Enterprise
the project, the end-users hoped the
project would enable use of the iPhone
for business communication and email
(Only one specific mobile device was
allowed to be used for company email).
Incidentally the transformation of the
risk framework did allow iPhone-like
devices to be used by modifying the
process and control framework.
MONEY WISE
SAMEER SHELKE
Co-founder, COO and CTO at Aujas Networks Pvt. Ltd.
12A Opinion_Money wise.indd 12 3/4/2011 2:45:49 PM
FUTURE
THE
SEE
Successful IT management is about anticipating trends
and changes, and being prepared for changes. Industry
watchers offer their views on what’s coming up - and
how you can deal with it
IMAGING: PC ANOOP
Predictions
16 Mobile Computing
18 Data Centre Transformation
20 Data Security
22 Wireless Broadband
24 Cloud Computing
Case Study
26 Knowledge Management
28 Unified threat Management
Insight A look at technology
implementations in enterprises and
their associated learnings
Starting from Page 32
1 4 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 14 3/4/2011 5:14:46 PM
SEE THE FUTURE | COVER STORY
1 5 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 15 3/4/2011 5:14:54 PM
The New
Path of
Mobility
The cloud bandwagon has got room for
the big screen too, with new breeds of OS
unlocking its potential in areas like UC
and collaboration.
BY DEEPAK KUMAR
T
he idea of web-based com-
puting has been around
from quite some time
now. But with social com-
puting, consumers have
successfully navigated the peripheries
of web-based computing and are virtu-
ally knocking at the cores now. And the
knock gets harder with the rapid march
of the new generation of smartphone-
sand the tablet devices.
A new breed of OS is in
With the phenomenal success of the
iPhone and Android-based smart-
phones, a whole new OS paradigm is
emerging. The term OS came into gen-
eral circulation with the advent and
popularity of computers, but is no lon-
ger limited to the PC territory. Its second
dominion has been communications,
duly shaped by smartphones.
Armed with more and more
powerful processors, the newer
smartphones are stepping outside
the territory of communications and
marching into the realm of computing.
On PCs, Windows still continues
to be the only ‘800-pound gorilla’. On
smartphones, while Symbian is still
the leading OS platform, its position has
been challenged by the rapid march of
iOS and Android, which have also put
BlackBerry on the back foot.
To add to the complexity, the OS is
moving beyond PCs and smartphones
too. Of late, we have been hearing
more and more about the OS entering
the realm of audio-visual content,
delivered over a new genre of devices
called tablets and also over a new breed
of high-definition television sets—the
‘new TV.’ No single OS pervades all
three screens—of the computer, the
smartphone and the new TV.
On the new TV front, neither
Windows nor Symbian look set to
gain a foothold for now. The biggest
buzz here is from Android, especially
after the Google TV announcement
last year, with Sony, Intel and Logitech
partnering.
An OS approach will open up
the big screen to a creative breed of
application developers, who would be
bringing a multitude of applications
for the conference room participants,
particularly in areas of telepresence,
unified communications and
collaboration.
As an aside, a key challenge for TV
makers, many of whom happen to be
MOBILE COMPUTING
`1,881
Enterprise Mobility
market in India is
projected to reach
crore
by FY 2015-18
Source: Frost&Sullivan
COVER STORY | SEE THE FUTURE
1 6 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 16 3/4/2011 5:14:57 PM
Consumers have
navigated the
peripheries of web-
based computing
and are virtually
knocking at the
cores now”
PC and smartphone makers too, will
be to design an appropriate input
device, which should neatly blend the
key features of a TV remote and a PC
keyboard.
It’s brimming with
browsers
Not surprisingly, with the knock-
knock of the cloud, competition for a
greater dominance of browser space
has become fiercer than ever before. All
major browser developers have clear
roadmaps in place and all of them are
doing every bit possible to keep users
satisfied; so switching over is not an
easy decision.
While Firefox has taken away
precious usage share from Explorer,
many Explorer users hope that the
browser’s version 9.0, due for release in
2011, will be able to keep them hooked.
Likewise, Firefox users can also hope
that Mozilla, being an almost pure-
play browser company, will be able to
better its offering by virtue of a better
development focus. Then there is
Chrome, which cannot be overlooked
with Google behind it.
Meanwhile, Opera is already a
preferred browser on mobile phones,
though it has not been able to be a
dominant player on desktops and
notebooks. Then, there are social
browsers like RockMelt, Flock and
the indigenous contender Epic, which
are vying for a piece of the browser
action, but haven’t been able to gain
enough traction, partly due to a lack of
marketing muscle. Nevertheless, they
bring forth a slew of features that could
become more mainstream offerings in
the leading browsers too.
The social web browsers attempt
to better address the needs of a
2.0 generation of internet users by
integrating access to popular sites like
Facebook and Twitter.
Flock has been in existence since
2005 and was one of the 12 browser
options offered to MS Windows users
in Europe last year, in response to a
European Commission ruling.
In November 2010, the social web
browser category gained attention
after the news that RockMelt, backed
by Marc Andreessen of Navigator and
Mosaic fame, had been rolled out with
limited beta and early access sign-ups.
Then, there is the feature-rich,
intuitive browser, Epic, developed by
Bengaluru-based start-up Hidden
Reflex. With version 1.2, the browser
has made significant improvements
since its launch in July 2010. Epic’s
native word processor can be invoked
within the browser with one click.
Using built-in transliteration, the word
processor can be used to produce text
in multiple Indian and some foreign
languages. The side-bar in the browser
prompts a user to open a Facebook or
a Twitter side pane, quite intuitively.
The side pane can also be used to open
a wide range of applications, ranging
from YouTube to live TV.
Today, a browser could be competing
not just with other browsers but also
with a reigning operating system and
additionally with some application
software. With more and more content
and applications moving onto the cloud,
browsers have become more central a
piece in the overall ICT ecosystem.
The strong competition bodes well for
an era of web-based computing — an idea
whose time is fast approaching.
DEEPAK KUMAR,
Telco Research Director
IDC India
Deepak is a market researcher,
specializing in the ICT and
Media domains. He has 20
years of experience, of which
10 years have been in the fields
of media and market research
in the ICT domain. He is widely
quoted in the media and is a
regular speaker at industry
events.
ABOUT EXPERT
Enterprise Mobility Strategy
http://mobileenterprisestrategies.blogspot.com/
RESOURCES
90%
of PC growth over the
next three years
Mobile PCs to drive
Source: Gartner
10%
of PC units are
expected to be
displaced by media
tablets by 2014
Source: Gartner
SEE THE FUTURE | COVER STORY
1 7 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 17 3/4/2011 5:15:00 PM
Software
Service
Solutions
An evaluation of least capital cost intensive
opportunities and whether an organisation
can live with third-party support or no
support can enhance the efficiency of
business processes.
BY SOMAK ROY
Challenges:
1. Increasing IT complexity: There are
two things that have made resolving
incidents and managing SLAs, both
difficult and something that you abso-
lutely cannot fail at. Of course, the lat-
ter is due to the close revenue linkages
between applications and revenues. The
former can be attributed to the many
nodes that currently make up any work-
ing IT application. A single transaction
can span many databases and appli-
cations and the middleware system.
The points of failure are many and the
current set of monitoring and manage-
ment systems are typically host specific
and reactive in nature. The process of
triangulation and root cause analysis
becomes mind-numbingly complex as
the administrator tries to reconstruct
the story with data from multiple tools.
The problems are related to a lack of
holistic view of the service, a lack of a
transaction-oriented view, too many
tools, and an unmanageable volume of
false positives.
Fortunately, a few vendors are
offering some solutions to address
these problems. One class of solutions
makes service level resolution relatively
easy and makes proactive management
I
ncreasing IT complexity, vir-
tualisation, enterprise appli-
cations delivered via the SaaS
model are just some of the chal-
lenges impacting a corporate
data centre. The transformation is far
from gradual and very little can be done
to slow things down. This of course
does not take into account the IT man-
agers and CIOs that are going through
planned data centre transformations.
However, there is a strong overlap in
potential tool sets that could benefit
those who are caught in the midst of on-
going change and those that are going
through a massive planned data centre
transformation.
DATA CENTRE TRANSFORMATION
$400
a year in energy
costs alone
Removing a single x86
server from a data centre
will save more than
Source: Gartner
COVER STORY | SEE THE FUTURE
1 8 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 18 3/4/2011 5:15:02 PM
possible by using statistical techniques.
Such tools correlate metrics from many
different systems and application
management tools to build a profile
of normal behaviour at the level of
the end-to-end service and alerts the
administrators to cases of impending
service-level drops. Such tools can
monitor individual transactions and
store data related to the transaction
at every node in its path. This process
helps administrators zero in on the
exact point of outage.
2. Virtualisation: One of the rarely
spoken about challenges in this sector
is the challenge of deciding on the
optimum virtualisation strategy.
The problem can be summed up as
— which application should be sent
to which server, keeping the many
constraints in mind. This naturally
is a tall order. However, without such
careful assessment the much-hyped
benefit of virtualisation, the ability to
move virtual machines around would
remain just hype. Tweaking the virtual
environment is a tedious and a high-
skilled job. The Indian IT manager, for
the most critical problems, is better off
either outsourcing the problem to a
specialist or hiring a few of the best and
the brightest and equipping them with
the best decision-making tools. One
such decision, making tool category
relevant to the discussion, is the
virtualisation analytics tool type. Such
solutions look into workload history,
system configurations, governance
norms, and present to the user, very
visually, which application can go
to which server. This tool type is as
relevant to the IT manager streamlining
his server farm as it is to the IT manager
who has been given a fresh opportunity
to start on a clean slate, in the form of a
data centre transformation project.
3. The rise of SaaS: SaaS introduces
a few governance problems. As with
all solutions in the enterprise, the
authorisation must be based on the
enterprise directory. Also, across so
many areas, procuring SaaS solutions
have become so easy that it is not
inconceivable to discover that teams
are using collaboration and project
management tools, with no knowledge
of IT. Therefore, it is imperative that
IT creates a governance structure for
such scenarios and works on assuaging
fears that IT is fundamentally against
new application types. Business people
who evangelise the use of SaaS are the
rare breed of internal customers who
understand and appreciate technology
and it makes sense to co-opt them
into a decision-making framework for
such SaaS selection decisions. Again,
these are problems and tools for those
who find themselves, involuntarily,
on the SaaS juggernaut’s path and
those who are in charge of data centre
transformation projects, and have the
rare opportunity to a new set of policies
through lessons learnt over the years.
Indian IT managers have the benefit
of lower legacy than their mature
economy counterparts. However,
managing growth in an environment
where the awareness of the benefits
of IT is still low requires some skill
at identifying opportunities in niche
areas that do not involve significant
upfront investments. Such baby
steps could steer the board towards
accepting that IT projects can go
beyond mandatory or insurance-
like investments, and can be oriented
towards improving business processes
on an on-going basis.
SOMAK ROY
Managing Analyst – Ovum
Lead analyst with Ovum IT,
Somak tracks enterprise appli-
cations and Business Process
Management (BPM). His cur-
rent research interest includes
Software-as-a-Service (SaaS)
and third party maintenance.
ABOUT EXPERT
Managing growth
requires some
skill at identifying
opportunities in
niche areas that
do not involve
significant upfront
investments”
Site to watch: http://www.datacenterknowledge. com
RESOURCES
PROJECTS WHERE
IT HEADS ARE KEEN
TO TRANSFORM
DATACENTRES
WITH SPECIFIC
TECHNOLOGY GOALS.
Automation
Green IT
Operations management
Virtualization
Business continuity
58%
64%
60%
59%
59%
Source: HP
SEE THE FUTURE | COVER STORY
1 9 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 19 3/4/2011 5:15:03 PM
Fighting
with Data
Thieves
Today, data is a corporate asset and data theft
is a big threat that corporates face. How does
the Indian law provide for this? Here’s an
overview…
BY PRASHANT MALI
Further, the collection of evidence in
such circumstances become another
issue, as investigation in three different
countries, all of whom may not be on
good terms,is almost impossible, and
the poor technical know-how of our
investigating agencies adds to the
woes. The lack of coordination between
different investigating agencies and
a not-so-sure extradition process is
another headache. However, the biggest
of all these issues is the lack of specific
laws in the country to deal with this
crime; so even if a culprit is caught, he
can easily get away by picking any of the
loopholes in our laws.
What Indian laws say…
The problem of data theft has emerged
as one of the major cybercrimes world-
wide. The UK has The Data Protection
Act, 1984, though India and the US do
not have specific laws to deal with just
data protection. India has its Informa-
tion Technology (Amendment) Act,
2008. The various sections of the ITA-
Act, 2008 which deals with the problem
are briefly discussed below.
SECTION 43: Clause (b) provides pro-
tection against downloading, copying
orextracting data or database or infor-
mation by imposing heavy civil com-
pensationwhich can run intocrores. The
unauthorised downloading, extraction
I
n this era of Information Tech-
nology, data has become a
corporate asset. It is vital raw-
material for brick andmortar
companies, BPOs, and technol-
ogy and IT companies. Data has also
become an important tool and weapon
for corporates to capture larger mar-
ket shares. Due to this, its security
has become a major issue with all the
industries. The theft and piracy of data
is a threat, faced by all IT players, who
spend millionsto compile or buy data
from the market; their profits depend
upon the security oftheir data.
A major issue regarding data theft is
its international character. The result
of this is that different sovereignties,
jurisdictions, laws and rules come into
play, which again is an issue in itself.
DATA SECURITY
$43
In the United Kingdom,
the latest cybercrime
cost estimates released
by the Cabinet Office
showed annual losses of
more than
billion.
COVER STORY | SEE THE FUTURE
2 0 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 20 3/4/2011 5:15:16 PM
and copying ofdata are also covered
under this section. Clause(c) of this
section imposescompensation for the
unauthorised introduction of computer
contaminants or viruses. Clause(i) pro-
vides compensation for destroying,
deleting or altering anyinformation
residing on a computer or diminishing
its value.
Note: Since Section 43 does talk of the
exact amount of compensation, one is
at the mercy of the courts and the intel-
ligence of lawyers, as data being an
intangible asset, it’s worth can run into
millions or trillions of denominations.
SECTION 65: This provides for com-
puter source code. If anyone knowing-
lyor intentionally conceals, destroys,
alters or causes another to do as such
shall haveto suffer imprisonment of up
to three years or fine of up to Rs Two
lakh, or both. Thisprovides protec-
tion against tampering of computer
sourcedocuments, i.e.,copying/theft of
software programmes.
SECTION 66: This section imposes
thepenalty of imprisonment of up to
three years or fine upto Rs Five lakh or
both,on the person who commits the
crime of data theft.
Is data theft covered un-
der the IPC?
Section 378of the Indian Penal Code,
1860 defines ‘Theft’ as ‘Whoever,
intending to take dishonestly any mov-
able property out of thepossession of
any person without that person’s con-
sent, moves that property inorder to
such taking, is said to commit theft’.
Section 22 of the IPC defines
‘movable property’ as ‘The words
‘movable property’ are intended
to include corporeal propertyof
every description, except land
and things attached to the earth or
permanentlyfastened to anything
which is attached to the earth’.
Since Section 378 only refers to
‘movable property’, i.e.,corporeal
property, and data by itself is intangible,
it is not covered under this definition
of ‘Theft’. However, if data is stored in
a medium (a CD, floppy, etc.) and such
a medium is stolen, it would be covered
under the definition of ‘Theft’, since
themedium is movable property. But, if
it is transmitted electronically, i.e., in an
intangible form, it would not specifically
constitute theft under the IPC.
Data, in its intangible form, can at
best be put at par with electricity. The
question whether electricity could be
stolen, arose before the SupremeCourt
in the case ‘Avtar Singh vs. State of
Punjab’ (AIR 1965 SC 666).Answering
the question, the apex court held that
electricity is not movableproperty,
hence, is not covered under the
definition of ‘Theft’ under Section 378
IPC. However, since Section 39 of the
Electricity Act extended Section 378
IPC toapply to electricity, it became
specifically covered within the meaning
of theft.
The next time anyone plans to copy
data or download data from their friends,
clients, teachers or the employer’s
computer or network on a pen drive or
iPod or anystorage device, it would bode
well to remember that it can put a person
behind bars for at least three years and
set them back by Rs 5 lakhs or even lead
to insolvency if a compensation claim
suit is also filed ina civil court, which just
may run into millions.
PER RECORD COST OF
DATA BREACH
(Average cost per record of a sata breach,
2005-2009 in $)
PRASHANT MALI
President at Cyber Law
Consulting
Prashant is a cyber law expert
and has got over 18 years of
corporate experience. He has
worked in both Government
and private sector in industries
including IT, Telecom, Banking,
construction and chemicals.
ABOUT EXPERT
The theft and piracy
of data is a threat,
faced by all IT players,
who spend millionsto
compile or buy data
from the market”
Data Security Round-Up : http://blogs.carouselin-
dustries.com/security/data-security-roundup-2/
RESOURCES
There have been at least
301 security breaches
resulting in the exposure
of more than
8.2
million
records
in 2010
Source: ITRC
250
200
150
100
50
0
SEE THE FUTURE | COVER STORY
2 1 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 21 3/4/2011 5:15:20 PM
The
Might of
Mbps
With 3G in and BWAon the agenda, wireless
broadband is a pipe-less dream come true,
with promises of 100 Mbps and so much
more
BY DEEPAK KUMAR
a broadband revolution of sorts. What
does that mean for enterprises? A lot!
It’s all in the network
The efficiency and productivity of
today’s dynamic enterprises depends
critically on the quality and extent of
the network and its availability. The
network needs to be robust and avail-
able at various levels—between the
data centre and the head office and also
between the head office and branch
offices. The always-on connectivity
with the suppliers and partners is as
important as is access for the mobile and
remote employees.
While the fibre and copper networks
are there in place to take care of
connectivity in metros and urban
areas to an extent, it is insufficient
when it comes to providing access to an
increasingly mobile workforce. Also,
in the government segment, especially
when it comes to government-to-citizen
services, while connectivity till the
district HQ level is largely taken care
of, there is insufficient connectivity
at sub-district and village levels. For
e-Governance to be effective, there is
an immediate need to bridge this divide
and reach out to centres in semi-urban
and rural India.
Why is wireline not
enough?
The past efforts to achieve wide-scale
W
ireless in its 2G
avatar is, at best,
a narrowband
network. It is 3G
that kicks in the
delivery of wireless broadband. And
BWA promises to make it relatively
cheaper and likely, much faster. It is
the legacy limitations of the wireline
network that prompted stakeholders
and policymakers to turn to wireless
networks.
Wireless, in its second generation,
had not let the hopefuls down. Mobile
services gave tele-density a boost to the
extent of causing a telecom revolution.
There is reason to hope again that a
third-generation wireless will spawn
WIRELESS BROADBAND
Source: TRAI
35.09
million wireline telephony
subscribers
At the end of December
2010, there were
COVER STORY | SEE THE FUTURE
2 2 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 22 3/4/2011 5:15:21 PM
access objectives through the wireline
have failed miserably. In fact, wireline-
telephony has been a shrinking market
for past several years now. At the end
of December 2010, there were 35.09
million wireline telephony subscrib-
ers compared to 36.96 million in March
2010. And there were 37.96 million
wireline subscribers in March 2009
and 39.42 million in March 08, as per
the Telecom Regulatory Authority of
India (TRAI) data.
The continued fall in wireline tele-
phony has made it difficult for players
to leverage the platform for broadband
growth from a near-term perspective.
3G versus BWA
The current 3G offerings in India talk of
peak downlink rates of the order of 21
Mbps, while actual rates would be much
lower. On the other hand, BWA options
like Long Term Evolution (LTE) would
promise rates of 100 Mbps and above.
While 3G can be used for both voice
and data, only 5MHz of spectrum
is available per operator in India.
Moreover, no operator has got a pan-
India 3G license, except for the BSNL-
MTNL combine.
The good thing, however, is that there
is a plethora of 3G-ready devices and the
service rollouts are also expected to be
completed over the next few quarters.
BWA, on the other hand, has got the
advantages of cost as well as spectrum
on its side. Moreover, apart from BSNL-
MTNL, which gets BWA spectrum by
default, there will be another pan-India
operator, the Reliance-owned Infotel
Broadband.
The big advantage with BWA,
certainly, is the width of the spectrum,
which at 20MHz, is a jaw-dropping four
times the 5MHz 3G spectrum. A flip
side is that BWA-ready devices are not
a phenomenon yet. Moreover, BWA is
positioned primarily as a data network,
though there are no discrete regulatory
restrictions of using it for voice as
well in future. So even if the network
is used both for data and voice, slow
availability of smartphones and tablet
devices will limit early adoptions to
larger form-factor devices like desktops
and notebooks. Initially, USB modems
are likely to be used for connecting to
BWA networks.
The middle path
3G networks all over the country will
be around, faster than BWA networks,
and that makes 3G a more immediate
vehicle for accessing various enterprise
applications.
3G has the potential to make wireless
broadband an enterprise phenomenon,
which could also accelerate a wider-
scale adoption of cloud-based services.
As such, it will be important for stake-
holders and agencies to incorporate 3G
in their service delivery plans.
It would be required that planners
are operator and network-agnostic
as a matter of policy and planning.
Involving both public- and private-
sector operators will be further
advantageous, especially when it
comes to leveraging 3G for delivery of
government-to-citizen services.
While 3G can give wireless
broadband and its application in
the enterprises a jumpstart, BWA
technologies would take it to the next
level. Together, these networks hold the
promise of making wireless broadband
happen in India by 2012.

DEEPAK KUMAR,
Telco Research Director
IDC India
Deepak is a market researcher,
specializing in the ICT and Me-
dia domains. He has 20 years of
experience, of which 10 years
have been in the fields of media
and market research in the ICT
domain. He is widely quoted in
the media and is also a regular
speaker at industry events.
ABOUT EXPERT
While 3G can give
wireless broadband
and its application
in the enterprises
a jumpstart, BWA
technologies would
take it to the next
level”
Mobile Computing Essentials http://www.pcomz.
com/mobile-computing-essentials.php
RESOURCES
Source: Industry Estimates
`20
billion by 2013
Online advertising in
India is expected to touch
340
million mobile bank
transactions in the
year 2015
India to witness
SEE THE FUTURE | COVER STORY
2 3 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 23 3/4/2011 5:15:22 PM
Some
myths
deflated
As more firms in the APAC region adopt cloud
computing, security and privacy remain the
primary concerns. Here are some common
cloud computing myths demystified…
BY SANCHIT VIR GOGIA
in place to ensure data security for
enterprise cloud users. Cloud providers
must also clearly articulate this
strategy to their clients and prospects
to ensure that an adequate level of trust
is created among those organisations
new to adopting cloud computing.
Springboard Research highlights
some of the more common myths and
realities related to cloud computing and
data security.
Myth: Data security can always
be guaranteed
Reality: Nothing is ever guaranteed.
Vendors can go out of business, natural
disasters can occur, or internal malfea-
sance can take place. However, cloud
infrastructure, applications and busi-
ness services providers do generally
take great care to make data as secure
as possible. In most cases, these efforts
do go well beyond what can be provided
through in-house data centres. None-
theless, human and technical errors,
malicious retribution, and the forces
of nature will conspire against even the
most hardened secured environments.
Myth:  Cloud providers will
never gain unauthorised access
to our data
Reality: A vast and overwhelming
W
hen asked about
their major con-
cerns and barriers
to the adoption of
cloud computing,
respondents to a recent Springboard
Research survey of 474 organisations
across the Asia-Pacific region revealed
that 20% were primarily concerned
about data security.
As per the survey, concerns around
data, in terms of both security and more
specifically privacy, remain top of mind
for a significant number of firms across
the Asia-Pacific region. It is therefore
crucial that both cloud computing
infrastructure and applications
providers have a well-designed strategy
CLOUD COMPUTING
5%
companies currently rely
solely on cloud computing
technologies for their IT
needs
Only
Source: Kelton Research
COVER STORY | SEE THE FUTURE
2 4 ITNEXT | MA R C H 2 0 1 1
Cover Story Option 1.indd 24 3/4/2011 5:15:25 PM
majority of cloud vendors will state
that they never gain unauthorised
access to data. However, there will be
cases where this does happen. Similar
occurrences have continued to hamper
credit card processing companies as
well as new and emerging examples,
including Facebook. The chances of this
happening are generally quite low, but
primarily through the human element,
it can happen. To reduce the chances,
firms are advised to choose providers
who can show that their environments
are not only free of root access accounts,
but encrypt all client data with keys
that they themselves do not maintain.
Myth: It is easy to switch cloud
providers
Reality: A more accurate statement
would be to say that it’s typically
easier to switch from one cloud-based
solution to another than it is to switch
from one on-premise solution to
another. But mostly, this migration is
rarely simple. The nature of the cloud,
including the pay-as-you-go economic
model & the higher degree of open-
ness and standards-based access it
promotes, enhances the ability to turn
off a cloud-based solution and is often
financially less arduous than doing
the same with comparable on-prem-
ise solutions. However, in switching
among cloud providers, there are still
external and internal migration costs
that must be considered.
Myth: Data location is
unimportant
Reality: In theory at least, this state-
ment is not only true but a fundamen-
tal tenet of cloud computing. In reality,
the statement can be reasonably accu-
rate or wildly inaccurate, often based
on the type of data that is being stored.
It is generally less important for non-
sensitive data, but more important
for sensitive data. This is typically
driven by local legislation, discovery
orders issued during legal proceed-
ings, corporate policies, and privacy.
Every current or potential cloud user
must clearly understand their options
and requirements when storing confi-
dential information — whether in the
cloud or not. This includes the location
of the data and how it may move over
time. It could expose them legally or
morally, even without any real breach
of legal compliance.
Springboard Research observes
that the adoption of cloud computing
is accelerating within organisations
across the Asia-Pacific region. To
ensure that this strong growth
continues, adopters of cloud must
fully understand not only the benefits
of cloud computing, but also the risks
associated with the various cloud
computing styles that are emerging.
Springboard Research does expect
that security and privacy will remain
the primary concerns among Asia-
Pacific organisations for the foreseeable
future. We fully expect that these
security-related concerns will inevitably
prevent some organisations from fully
leveraging or adopting cloud-based
solutions. Nonetheless, we believe that
some organisations will confront these
risks and will view any raised security
concerns as just one of a growing
number of general business risks. It
will therefore be seen as an insufficient
reason to limit the adoption of cloud-
based solutions, given the substantial
business benefits they afford.
TOP RISK
ASSOCIATED WITH
CLOUD COMPUTING
Sanchit Vir Gogia, Associate
Research Manager,
Springboard Research
Sanchit has spent extensive
time tracking the Cloud Com-
puting and Software-as-a-Serv-
ice markets. In addition, he
also tracks other technologies
such as Business Intelligence,
Virtualisation and Collabora-
tion. He started my profes-
sional journey as a marketer
with Bose Corporation.
ABOUT EXPERT
Springboard
Research highlights
some of the more
common myths and
realities related to
cloud computing
and data security”
Cloud Computing is greener
http://blogs.hbr.org/winston/2011/03/cloud-com-
puting-is-greener.html
RESOURCES
20%
12%
11%
11%
10%
8%
Security
Availability and performance
concerns
Lack of Cloud knowledge/
understanding
Data privacy, residency, or loss of
data
Integrating with existing systems
Cost
Source: IDC
SEE THE FUTURE | COVER STORY
2 5 MA R C H 2 0 1 1 | ITNEXT
Cover Story Option 1.indd 25 3/4/2011 5:15:28 PM
From
‘Ignorance
Tolerated’
to IT
Loweconnect is regarded as a model
solution in the advertising industry.
Here’s why…
BY PRAVIN SAVANT
W
hat ’s common
between ‘ Daag
Acche Hain’ and
Microsoft Share-
point server? Well,
both are recognised ideas which have
made an impact and stay with you for
a very long time. And each of these was
created by Lowe Lintas and yes, inciden-
tally, they also use the Microsoft Share-
point server in a very productive way.
Lowe Lintas is one of India’s top
advertising agencies and it believes
that the greatest service it can render
is the power of a high-value idea.
The company has built a reputation
for quality and innovative services,
and it relies on a robust information
technology environment to help deliver
what its customers need.
Unfortunately, until about a year
ago, it was difficult to share creative
work across all its offices in India, in
order to generate more region-wise
ideas, brand building, feedback, and
launch a national-level campaign.
While most of the work done by
creative individuals was brilliant
and a huge asset for the organisation,
there was no central repository of
the same, for future reference or any
other business usage. This limitation
imposed constraints on collaboration
and managing knowledge effectively.
This lack of a knowledge base and
collaboration made the organisation
person-dependent rather than process-
dependent. Especially, when there are
almost 800 talented employees working
across brand servicing, planning,
creative, operations and production
- creating in excess of thousands of
artwork. Anything to facilitate this
process would obviously have a direct
impact on the organisation.
We soon realised that we needed to
develop an efficient portal environment
that would enable us to share
information and collaborate easily
within and across business units. So,
we decided to implement a solution that
could satisfy a range of business needs.
This needed to serve as a potential
knowledge management system that
provided the ability to easily publish
WE DECIDED TO
IMPLEMENT A
SOLUTION THAT
COULD SATISFY A
RANGE OF BUSINESS
NEEDS TO DEVELOP
AN EFFICIENT PORTAL
ENVIRONMENT.
KNOWLEDGE MANAGEMENT
2 6 ITNEXT | MA R C H 2 0 1 1
CASE STUDY | LOWE INDIA
Casestudy.indd 26 3/4/2011 3:22:29 PM
We chose to go with
an Office SharePoint
Server, as it satisfied
our criteria & we
felt confident in the
Microsoft platform.
documents on the intranet, effectively
search for information, collaborate
and share information among all
business units. Then, it was time for the
implementation. To set the ball rolling,
change management, business support
and involvement were key factors.
Essentially, it implied that the solution
had to be robust, scalable from a long-
term perspective and at the same time
had to be simple to use.
“We chose to go with anOffice
SharePoint Server because it satisfied
all our criteria and we felt confident
in the Microsoft platform,” says our
CTO Pravin Savant. “With the Office
SharePoint Server, we not only received
a great deal of value for our investment,
but we were also able to put effective,
usable technology into the hands of our
business users,” he added.
The planning and execution efforts
for the readiness of the technology
platform had to be run in tandem
with business alignment and change
management initiative. To this end,
the top management and the core user
group’s involvement had been terrific,
right from the solution design, launch
and sustenance efforts. With an average
70% usage and at least one login per
week and the highest usage being from
regional offices, Loweconnect has been
a success story.
The various services provided are
channelised into the following dimensions:
Communication: It includes top man-
agement communication, internal
news and communication, industry
and client-specific news of interest, and
a creative library with updates on new
creative work. This includes an aver-
age of 3 messages from the CEO’s desk
per month and over 300 industry news
items, 150+TV commercials and print
items in a few months.
Interaction: This includes discussion
forums, blogs, office communicator
chat, polls, surveys, and brain food.
There is an average of 10 blogs/
discussions per month on varied topics.
Transactions: It includes leave
records and links to various key
applications.
Change management: It has helped
us explain the importance of technology
usage across the organisation. It
has also led to many new ideas and
concepts which is rare in this industry.
In the future, it will give us technical
uniformity across various layers.
The success of an IT initiative is
defined by its business relevance.
Collaboration is the critical aspect
in our line of business. Right from
concept to implementation and
sustenance, Loweconnecthas enjoyed
good business buy-in. It has also paved
the way to introduce more technology-
based initiatives at Lowe. In fact, it is
regarded as a model solution in the
industry and has already been included
in a Microsoft reference case study at
their global site.
With the proven success and
adaptability of the platform, more
plans to leverage technology have been
unleashed using the MOSS framework.
Knowledge management and business
intelligence are the two key initiatives,
and very importantly, it’s part of the
unified platform effort, so that the
business leverages all key pieces of
data, derives useful information from
it for business intelligence and then
is able to retain the knowledge which
is retrievable.
As Pravin says, IT is no more
‘Ignorance Tolerated’ at Lowe Lintas,
but it’s doing more of what it should be
— supporting the business to deliver
its goals.
Founded in 1939 as a part of
Hindustan Lever, Lowe Lintas
is one of India’s largest and
most storied communication
groups. Headed by Chairman
and Chief Creative Officer R.
Balakrishnan (Balki) and CEO,
Joseph George, Lowe Lintas
employs spread across eight
divisions and nine cities all
over India.
CHALLENGES: Giving people
a robust yet simple to manage
platform to share & collaborate.
The famous myth around feasibility
to merge mercurial creative
talent with a routine and steady
systems environment. Hence
change management is the biggest
challenge.
SOLUTION: Given our usage of
Microsoft platform (Email on
exchange, Office communicator
for chat) it made a good sense to
evaluate MOSS & it’s been a good
solution giving us desired results
BUSINESS BENEFITS: The single
place to collaborate & shared
has unleashed many business
opportunities and most essentially
it has paved the way for all
future initiatives like Knowledge
management & Business
intelligence. The qualitative benefits
far outweigh the operational time &
efforts savings.
COMPANY SNAPSHOT
2 7 MA R C H 2 0 1 1 | ITNEXT
LOWE INDIA | CASE STUDY
Casestudy.indd 27 3/4/2011 3:22:33 PM
The
Power
of One
This case study on Internet Threat
Management and the implementation
of a ‘United Threat Management’ (UTM)
Solution shows how a single point solution
offers significant benefits.
BY SUBHA K RUDRA
O
ur organisation is spread
across the globe, with 5
manufacturing units, 4
branch offices and 20
warehouses in India itself,
comprising 800 users, all heavily IT
dependent, with each location acces-
sible. This makes our network critical
and sensitive and an ideal target for
sophisticated internet security threats
in the form of botnets, worms, intrusion
attempts from external sources and
phishing attempts, to name just a few.
Though 85% of our systems have been
converted to Linux, anti-virus software
regularly updated and monitored and
other software also adequately patched
regularly, we felt that we must counter
the threats at the entry points itself with
robust and effective solutions, in line
with the latest internet threats, without
spending a fortune.
So, we singled out the entry points
of the threats to our network and the
exit points of the stolen data over the
internet from our network. The major
entry points or sources of security
threats include:
Spam or virus-infected e-mails.
Browsing of unknown, unreliable and
phishing websites by users.
Port-scanning attacks from the Internet.
Random usage of external storage
devices by users.
Three of the above four sources are
external, while the fourth is internal.
The internal threat source was already
countered with updated anti-virus soft-
ware, OS & application software, proper
patching and our internal corporate
data security policy. Hence, the objec-
tive was to plug the external sources.
For this, we centralised all internet traf-
fic through our corporate office. A spam
filter server, armed with an anti-virus,
was brought in to scan all the e-mails
passing to and from the network. A
URL-filter server, again anti-virus-
equipped, was brought in to restrict
and secure users’ web surfing. Software
firewalls were placed to combat port-
scanning and other attacks. Though the
systems were effective, they brought in
new challenges.
It was agreed that to combat/
eliminate the problems within the
existing systems and the external
threats, instead of having individual
solutions, we needed to deploy a single
point solution, i.e., anti-spam, URL
filter, packet filter, etc., all in one box —
United Threat Management (UTM).
The toughest but most important
aspect is to select the right product as
THE IMPLEMENTATION
OF UTM HAS
SIGNIFICANTLY
HELPED REDUCING
COSTS FROM THE
EARLIER SECURITY
SYSTEM IN OUR
ORGANISATION
UNIFIED THREAT MANAGEMENT
2 8 ITNEXT | MA R C H 2 0 1 1
CASE STUDY | USHA MARTIN GROUP
Casestudy.indd 28 3/4/2011 3:22:33 PM
per the organisation’s requirement
from the load of products available in
the market. And the solution lies in a
logical, step-by-step approach. Our
approach included:
1. Listing our requirements point-wise
and as precisely as possible.
2. Major modules or functions that we
checked were:
a. Efficiency in plugging the unused
ports and saving them from online
port-scanning attacks from the net.
b. Threat management: It should always
be identity-based, which makes it
easier to find the problem-causing
system, irrespective of how many IPs
it has changed.
c. The depth of the anti-virus scan in an
anti-virus function.
d. Spam filtering depth and efficiency of
the anti-spam function, etc.
e. HTTP proxy detection and efficiency
of the URL filter and its customisa-
tion.
f. Simplicity of web publishing of the
internal services and security offered
over the same.
g. In built storage: Important for the log,
reports and caching facility, to save
internet bandwidth.
3. We checked and compared the fea-
tures of every particular function with
equivalent standalone products.
4. We checked and compared the man-
agement of the UTM policies through
the management console.
5. We checked and compared the
‘reporting and monitoring’ aspects of
the devices.
6. After shortlisting a few products, we
ran a ‘Proof of Concept’ test for all of
them.
Finally, we zeroed in on one of the
products and placed the device first at
the centralised internet traffic entry-
exit point of our corporate office,
and strategically within our internal
network at different locations, to
filter out unnecessary and unwanted
traffic locally itself, before they reach
the corporate office. This also served
the dual purpose of saving internal
bandwidth and reduced the overhead
of the mother device placed at the
corporate office.
Besides being effective, the other
significant benefits of this solution
have been:
Saving time and man-power: Given
that all of the required and necessary
functions are combined into one box,
reducing the complexity of the security
system, we need not spend time and
man-power to figure out how all our
security devices are working, and how
well they’re working together. Once you
understand how the device works, you
understand your entire security system.
Simple, required and easy-to-under-
stand reports can be instantaneously
generated on demand. Also, a single
solution means a single vendor, a single
point of contact for support.
Saving bandwidth: Strategic place-
ment of the device saves the internal
bandwidth. Unwanted and unneces-
sary content are screened, thus saving
the organisation’s net bandwidth too.
Saving money: Given that the whole
security system is in one device, we had
to invest in one system instead of differ-
ent systems for different solutions. Sav-
ing bandwidth itself saved us costs on
bandwidth augmentation.
The implementation of UTM has
significantly reduced costs from
our earlier security system, without
compromising on data security, and
further availing of different levels of
protection. Saving time and money made
it a worthwhile investment for us.
A Rs. 3600 Crore, integrated
Speciality Steel & Global Wire
Rope Company, Usha Martin
group is engaged in mining,
manufacturing, distribution
& services related to steel &
value added products. The
company’s business is spread
across 4 continents, 14 coun-
tries and 24 global locations.
Usha Martin has emerged as
India’s largest steel wire rope
manufacturer.
COMPANY SNAPSHOT
We singled out the entry
points of the threats to
our network and the exit
points of the stolen data
over the internet from
our network.”
CHALLENGES: Managing mul-
tiple systems, their updation and
patching, besides the patching
their respective OS which again
had their own normal issues.
Secondly, it took a Herculean
effort to create a complete report
against an user as one had to
collect his/her mailing report from
one server in one format and his
browsing record from another
server in another format, then col-
laborating them to form a single
report, often on request from the
appropriate authority?
SOLUTION: The solution was
decided after the products and
placed the device first at cen-
tralized internet traffic entry-
exit point of corporate office and
strategically within the internal
network at different locations, to
filter out unnecessary & unwant-
ed traffic locally itself, before it
reaches the corporate office.
3 0 ITNEXT | MA R C H 2 0 1 1
CASE STUDY | USHA MARTIN GROUP
Casestudy.indd 30 3/4/2011 3:22:35 PM
The benefits of obtaining an
ISO 27001 certification go far
beyond the obvious. It could
even be your USP, giving you
that extra edge in these
competitive times.
BY BERJES ERIC SHROFF
Success
Recipe
FOR
The
ISO 27001
INSIGHT | INFORMATION SECURITY
3 2 ITNEXT | MA R C H 2 0 1 1
Insight_Information Security1.indd 32 3/4/2011 3:36:39 PM
P
H
O
T
O
G
R
A
P
H
Y
:

P
H
O
T
O
S
.
C
O
M
F
or most organisations
today, information
is the most vital
asset. Information
security can be
described as the conservation
of confidentiality, integrity
and the availability of this
information — the three pil-
lars of the IT Security Triad.
ISO 27001 is an international
standard forinformation secu-
rity best practice. The standard
can be implemented in, and is
applicable for all types of organi-
sations, including commercial
enterprises, government bodies and
not-for-profit organisations,for design-
ing a compliant Information Security
Management System (ISMS). The
standard provides the framework for
a vendor-neutral, technology-neutral
management system, that assures an
organisation and its stakeholders that
its information security measures are in
place and are effective.
The structure of the
standard
ISO 27001 has five main clauses (man-
datory controls), 11 domains, 39 control
objectives and 133 controls. The manda-
tory clauses include:
Establishing the ISMS
Management commitment
Internal ISMS audits
Management review of the ISMS
ISMS improvement.
A fundamental tenet of ISO 27001
is the ‘Deming Cycle’ of plan, do, check
and act. The 11 domains covered under
the standard include:
Security policy
Organisation of information security
Asset management
Human resource security
Physical and environmental security
Communications and operations
management
Network access control
THE ISO 27001
CERTIFICATION GIVES YOU
THE EDGE OVER A FIRM
THAT IS NOT CERTIFIED,
AND IT COULD BECOME
YOUR UNIQUE SELLING
POINT, ESPECIALLY IF
YOU HANDLE CUSTOMER
SENSITIVE DATA.
Hence, it affords you the freedom of
including your own controls to
address the technology rolled
out in the organisation. Having
said that, it is important to
note, that the reason for the
omission of any controls
cited in the standard,
must be mentioned in the
Statement of Applicability
(SOA).
So what is the recipe
to ensure the ISO 27001’s
success in an organisation?
The first and foremost
ingredient is to understandthe
culture of the organisation, business
objectives and garnertop management
support. Management support and
commitment in terms of manpower
resources and financial resources are
critical. Recognition of information
security as being a priority by top
management still remains one of
the biggest challenges for CIOs / IT
managers, worldwide. The second
biggest challenge happens to be,getting
sufficient resources. Information
security is not only about IT — it is
also about, amongst other things,
organisational and cultural issues and
human resource management. So if
your management feels that the IT
department can handle this without
support from top management and other
resources (manpower and financial) or
support from other departments, the
project is doomed from the beginning.
The next step usually involves
identifying the scope forISO 27001
compliance. This is a crucial element
else it will adversely affect the cost and
ROI of ISO 27001 implementation.More
often than not, it is not necessary for
an enterprise to adopt a companywide
implementation of the standard. If need
be, this can be extended or staggered to
other divisions / business units, at a
later stage.
Once the scope has been identified,
it is crucial to have a plan in place for
Information systems acquisition,
development and maintenance
Information security incident man-
agement
Business continuity management
Compliance
Albeit the standard does not touch
upon areas such as ‘green computing’
or ‘wireless technology’ per se, there is
nothing stopping you from including
this in your list of controls.
In fact, the controls cited in the
standard are general guidelines to ensure
that the important areas under these
domains are not erroneously omitted.
5800
companies
worlwide are
certified under
ISO 27001
standard
INFORMATION SECURITY | INSIGHT
3 3 MA R C H 2 0 1 1 | ITNEXT
Insight_Information Security1.indd 33 3/4/2011 3:36:42 PM
implementation. Although this is not part
of the standard, it can be one of the major
pitfalls — failing to plan means planning
to fail. If youthink you will be able to roll
this out in two to three months, then you
will land up with a pile of procedures,
polices and other documentation, which
nobody will care about. The standard
is not just about documentation — but
you should be able to implement and
measure the documented procedures and
processes as well.
The backbone of a majority of, if not
all, information security standards,
is decision-making based on risk
assessment. The ISO 27001 is no
exception to this rule. In fact, the standard
explicitly states the requirement of a risk
assessment to be conducted prior to the
selection of any controls.
From a business, compliance or
contractual perspective, the risk
assessment exercise mustidentify the
threat and vulnerability for each asset,
which has a likelihood of impacting
the information security triad of
confidentiality, integrity or availability.
This also makes business sense, since
the organisation would be able to divert
its funds towards addressing the most
critical risks identified.
The risk assessment process would
also enable the management to identify
ways of addressing this risk — whether
the risk needs to be mitigated, avoided,
transferred or accepted.
Building a good team is another crucial
ingredient for success. In my experience,
involving cross-functional teams,
including legal and HR professionals is
absolutely necessary, especially when it
involves framing policies and penalties
for violation of the policies. A CIO / IT
manager cannot be expected to frame
these policies without seeking guidance
from these functional areas. Compliance
(Domain 11) mandated by law applicable
to the organisation for example, need to
be addressed by involving the legal team.
The costs involved for implementa-
tion and certification need to be con-
veyed to the top management, as well
as the ROI. Some of the costs which
could come into play are - cost of inter-
nal resources to produce policies and
implemented and controlled the security
of your information. From the firm’s
perspective, it can lead to cost savings.
Imagine the loss to an organisation
because of a leakage of company
confidential data, for instance, business
strategy, the loss of reputation built
over the years, the cost of the customer’s
private data being compromised and
subsequent law suits, etc. By obtaining the
certification, you effectively establish that
relevant laws and regulations have been
addressed.
Berjes Eric Shroff is Manager IT, Tata
Services
What is an ISO
27001?
ISO 27001 is aimed at organisations
who wish to assess their information
security risks and implement ways
of addressing them. The ISO 27001
standard requires management to:
Systematically examine the organisa-
tion's information security risks, taking
account of the threats, vulnerabilities
and impacts;Design and implement
a coherent and comprehensive suite
of information security controls and/
or other forms of risk treatment (such
as risk avoidance or risk transfer) to
address those risks that are deemed
unacceptable; and
Adopt an overarching management
process to ensure that the informa-
tion security controls continue to meet
the organisation's information security
needs on an ongoing basis.
The benefits
ISO 27001 shares many benefits with
other m anagement standards, like ISO
9001 and 14001.
By having documented procedures
and processes in place, the greater
efficiency and transparency from
their implementation reduces risk of
mistakes and the consequent cost of
re-work.
These benefits are even more ap-
parent in larger organisations where
the clear channels of communica-
tion improve utilisation of time and
resources.
With all of this in place, employees
can feel more at ease and confident
in their roles.
A knock-on effect is happier clients
too, because you will reduce mis-
takes and have traceability if things
were to go wrong.
Importantly, ISO 27001 will ensure
you meet current legislation. With
rules changing regularly, it's impor-
tant that this aspect is kept on top of.
By using a Certification Body that will
re-audit you each year, you're safe in
the knowledge that you are meeting
all legal requirements.
Because you're reducing risk and
demonstrating professionalism and
accountability, your organisation can
also benefit from reduced insurance
premiums and better credit terms.
procedures, cost of external consultants,
cost of registration for certification, etc.
So what is the ROI for an organisation
implementing ISO 27001? Is being ISO
27001 certified just a marketing gimmick?
The ISO 27001 certification does
definitely give you the edge over an
organisation that is not certified,
and it could become your unique
selling point, especially if you handle
customer sensitive data. The ISO
27001 certification instils confidence
in your customers that their personal
information is protected.
Obtaining an ISO 27001 certification
demonstrates that you have addressed,
INSIGHT |INFORMATION SECURITY
3 4 ITNEXT | MA R C H 2 0 1 1
Insight_Information Security1.indd 34 3/4/2011 3:36:43 PM
advts.indd 54 12/22/2009 2:54:15 PM advts.indd 54 12/22/2009 2:54:15 PM advts.indd 54 12/22/2009 2:54:15 PM

Thoughts + feelings + actions =
attitudes = results. Here’s how a
goal image and 17 seconds can help
achieve positive results.
SECOND
17
THE
BY MANISH SINHA
SOLUTION
3 6 ITNEXT | MA R C H 2 0 1 1
insight_mind management NEW.indd 36 3/4/2011 3:46:00 PM
As we play a number of roles
simultaneously in our life, we do fail to
achieve or maintain a balance between
our professional and personal
life. The same failure is
experienced by a
corporate house in
terms of revenue
leakage, employee
retenti on, team
management, sales graph
and innovative strategies.
If you had to recall memories from
your past — your first day at college,
your first boss, your favourite meal —
your mind instantly supplies you with
images. The point here is that we want
to achieve goals but how often do
we supply our mind with an
image to that goal.
The difference between
how our conscious and
subconsci ous mi nd
works is that the former
chooses, accepts, rejects,
and it is where a thought
originates. And the latter
must accept, can’t reject
and can’t distinguish
between real or
imagined.
Our conscious mind
has the ability to think.
Information and ideas
flow from different sources
and through
our five
senses, i.e.,
sight, smell, taste, touch, and hearing.
They feed the conscious mind with
information throughout the day and
this often distracts our attention from
our goals, which could be project
delivery, team management, and risk
analysis.
Science says we live 90 per cent of our
lives subconsciously which means our
habits are stored in our subconscious
and that’s why when we learn to write
with the right hand, we continue to do
so. If asked to write with our left hand,
the shift in pattern doesn’t allow us to
do so accurately. The subconscious has
stored the instruction to write with the
right hand, and to do otherwise triggers
the thought that it would be difficult
and hence the inability.
The thoughts, ideas, expression,
emotions our conscious mind chooses
are accepted by our subconscious which
doesn’t have the ability to think. So, it
can’t reject a thought or an idea. And a
thought, an idea or emotion we impose
on it over and over becomes a habit.
While we are unaware of some
habits, which are the hidden results
of our failures, they do reside in our
subconscious. And they will stay
there until we replace them with new
thoughts and ideas (provided that
moves us in the direction of our goal),
chosen by your conscious mind. The
subconscious is the basis for feelings
and actions. If we feel bad, it means
we’re having a bad thought about
something consciously. If we think a
positive thought, it helps us feel better.
Every activity we perform has
three basic parts: thoughts, feelings
and actions, when added up they offer
the result. The equation is thoughts +
feelings + actions = attitudes = results
To change the results we have to go
back to the basics, i.e., thought which
originates in our conscious mind first,
which when accepted makes our brain
cells work in that direction. Say you
get a call from the CEO and he is
very angry about a decision you
made. The feedback is coming
through your senses (hearing),
if your conscious mind accepts
his anger, it triggers feelings
W
e work with our
mind but what
makes all the dif-
ference is when we
know how our mind
works. It often explains why
we get results we don’t want
at all.
3 7 MA R C H 2 0 1 1 | ITNEXT
MIND MANAGEMENT | INSIGHT
insight_mind management NEW.indd 37 3/4/2011 3:46:03 PM
and the result would be frustration
and tension.
But you can fool the conscious mind
with a 17-second solution. As every
thought has a frequency, it takes 17
seconds to mature, attract feelings and
then action. The key is to shift conscious
thoughts at that moment for 17 seconds
towards another thought, for instance a
goal you want to achieve. But you must
have an image of the goal with you
either on your desk, your cell phone, a
small sticker on your watch or a goal
card (like a visiting card) in your wallet
or pocket. Focus on that for 17 seconds
and it will change your mood, extend it
to an extra 17 seconds and your neurons
will change direction from anger, guilt,
frustration to the joy, peace and love
you would achieve after achieving your
goal. The key here is the image as the
subconscious mind accepts them faster.
But how does all of this help a CIO?
If a project is stuck, the project
manager (PM) has to resolve the issue
but at the same time s/he has family
engagements and others tasks as well.
This is a very real example of problems
people face.
Likewise every CIO has a fixed
number of working hours; it’s a ratio
of 1:2 hours at work and outside. If
we apply the principles of reverse
engineering and give them the tools
to manage 16 hours, the eight hours at
work will be more productive. More
often than not, CIO’s cut into their
personal time to spend time
at work; they’re successful
at work but not at a social
level. And this can be
stressful.
So the next time
you feel negativity
surrounding you, simply
reject the thought and
order your conscious
mind to shift for 17
seconds towards your goal
image. You will be in a lesser
negative frame of mind and
that’ll trigger new feelings at
the end of it. An implicit memory
system is responsible for what a
person believes, thinks and does. You
Ask yourself
these 3 questions
when you have
to make a major
decision:
can retrain your brain and trigger the
right action.
The other trick to change the way
we think is to write what we want to
achieve. It could be any concern area
like project delivery, deadlines, teams
not working, wanting to achieve a
top position at work, relationships,
recognition at work, money, repayment
of big house loans... When you think
of these your mind starts receiving
images, for example, loans and EMIs;
your mind moves in that direction
and leaves behind a negative feeling.
Shift the focus of your thoughts for 17
seconds towards your goal and you’ll
find that adds energy instead of panic.
You can control things by writing
down your goals and dreams because
the process of writing makes you think.
Thinking creates an image of your
goal and that triggers feelings and that
triggers action and it is your actions that
create results.
Best practices for team
management
On a worksheet write a brief bio of the
team members including their goals
for their career.
Check if the team can help each other
through sharing or transferring
knowledge to each other.
Pass this vision clearly to the team
members; it would be great if you
could convert that as an image which
the subconscious accepts easily.
As a catalyst, add the corporate goal
image along with employee goals.
Whenever they see it, it will remind
them about both. This works like
the cybernetics mechanism used in
setting up the autopilot function in
an airplane. The images serve as an
autopilot throughout the project,
especially when the team deviates from
project deadlines, team conflicts, testing
bugs, delayed query responses, but the
image sets the tuning of the team and
reminds them of the goals and how to
accomplish them.
Another technique to maximise the
benefit is to hold a 10-minute conference
call, related to project, at say 10:30 pm
or at 6:30 am to discuss unanswered
points. This is when sensory organs are
at rest and the subconscious gets active
with ideas and emotions. Science says
it takes 22 days of repetition to form
or release a habit. This could be used
to give every member a supportive
hand to replace a bad habit with a
new, good one. It’s only then
that you can truly call it
a team which makes a
collaborative effort rather
than one that indulges
in people politics and
unhealthy competition.
This will help channelise
the energy of team and
no matter how big a
project is, despite even low
budgets, the collaborative
effort will work wonders for
the organisation.
Manish Sinha is Head IT, OnDot
Couriers & Cargo Ltd.
Do I want to take this decision?
After taking this decision, would I be moving in the
direction of my goal?
Would taking my decision harm others?
If the answer to the first two questions is YES and the last is
NO, then you know you’re doing the right thing.
Choose a simple matter initially and then apply it to any
other situation in your life, personal or professional.
These conscious questions serve as a foundation
stone for solid decisions.
3 8 ITNEXT | MA R C H 2 0 1 1
INSIGHT | MIND MANAGEMENT
insight_mind management NEW.indd 38 3/4/2011 3:46:04 PM
P
H
O
T
O
G
R
A
P
H
Y
:

J
A
Y
A
N

K

N
A
R
A
Y
A
N
A
N
T
H
E
RUN
R
I
S
K
Incorporating a Risk-based
Auditing management system
is one of the most effective
solutions for the successful
implementations of business
critical IT systems.
JATIN MODH
C
hoosing the right business critical IT systems that will
meet an organisation’s business requirements is the
first and most important decision towards accomplish-
ing successful implementation; closely followed by the
choice of the system integrator or implementer. During
the implementation, organisations face several significant challenges
or tasks which they need to overcome. These include the reengineering
of the current business processes, reconfiguration of existing controls,
adoption of the new business processes and new
RISK-BASED AUDITING | INSIGHT
3 9 MA R C H 2 0 1 1 | ITNEXT
Insight_risk based management.indd 39 3/4/2011 3:52:37 PM
internal controls. Hence the need
to integrate a Risk-based Auditing
management system is recognised
as one of the keys to successful
implementations of business critical IT
systems. The focus here is on the best
practices which need to be followed
for risk-based auditing during the
implementation cycle.
In a typical implementation cycle,
the Project Management Office (PMO)
is engaged or responsible for the
risk assessment processes. The most
common risk management standards
used by the PMO are ISO 31000:2009
and Enterprise Risk Management –
Integrated Framework (COSO ERM).
The PMO has the most obvious
risk to assess — whether the project
is ready to go live. Apart from this,
there are several other risks which
need to be mitigated for successful
implementation. Some examples are:
Compliance with industry regulations
such as BASEL II, PCI DSS, HIPAA,
etc.
Compliance with various national,
state and local data security and
privacy laws.
Risk that business requirements
will not be fulfilled during the
implementation.
Risk that business requirements are
not properly confirmed during the
testing process.
Risk of delay and budget overshooting
during the implementation.
Stability of the application.
Internal & external security systems.
Every firm doesn’t have the same
degree of risk appetite and risk
mitigating controls. The PMO has
its limitations in the form of expert
manpower & time, to mitigate all the
risks which arise out of huge business
critical implementation projects.
How can the PMO effectively identify
and manage risk in such business
critical implementations? The answer
is to have a Risk Advisor/Auditor who
will provide vital inputs with corrective
actions at the critical stages of the
implementation, to the PMO.
sure that it gets qualified resources for
both the implementation and the risk-
based auditing services.
Pros:
Project Planning is well integrated
and more seamless, as both the
services are provided by a single
entity.
Resources are well managed since
there are lesser coordination and
conflict efforts involved.
Cons:
Independence and objectivity of the
auditing function is eliminated.
Inherent conflict of interest between
the implementation staff and the
auditing staff on achieving on time
and on budget can lead to quality
issues and risks left unaddressed.
2
Organisation’s audit firm
providing Risk-based Auditing
services
This is one of the common approaches
followed.
Pros:
An independent review of the project
status, deliverables and results
are obtained and will protect the
organisation from facing any issues
from their stakeholders against any
critical decision made during the
implementation.
As they are already aware of the
existing processes and controls, the
design of the new processes and
controls, and acceptance of the same
is easier.
Cons:
The skill sets and experience of the
consultants in the implementation or
in use of the application might not be
adequate.
3
Independent firm providing
Risk-based Auditing services
This is one of the most
professional approaches.
Pros:
The consultants are focused and
experienced, and experts in their
respective domain.
An independent review in the true
sense is achieved without a bias
towards any firm or stakeholder.
IDENTITY
THEFT
STATISTICS
2010
The average cost for a business to
recover from a data breach is $6.75
Million. The average cost to implement
identity theft, social engineering and
data breach training? In most cases,
less than $50,000.
62% of those breaches reported
exposed Social Security Numbers,
and 26% involved credit or debt card
information.
15.7% of the data breaches involved
state and federal agencies and the
military. Medical and health care facili-
ties accounted for 24.2%, educational
institutions accounted for 9.8% and the
banking industry, 8.2%. That leaves
businesses as the largest percentage of
breaches - 42.1%.
Malicious attacks, according to the
report, account for more breaches than
human error - the former constitutes
about 17% of breaches, while the lat-
ter, just 15%. However, almost 40% of
those breaches reported did not identify
the manner in which information was
exposed.
Although the risks of hacked databases
often make headlines, the report finds
that paper breaches account for nearly
20% of known breaches.
Only 200 of the 662 breaches were
credited to information provided by
states and agencies with mandatory
reporting.
Source: Identity Theft Resource Center
THE THREE SUGGESTED
APPROACHES ARE:
1
Implementer providing the Risk-
based Auditing services
The organisation must make
INSIGHT | RISK-BASED AUDITING
4 0 ITNEXT | MA R C H 2 0 1 1
Insight_risk based management.indd 40 3/4/2011 3:52:37 PM
Cons:
The brand credibility needs to be
verified before appointing the same.
ROI needs to be evaluated and
approved as it is a costly affair.
Irrespective of the approaches, the key
issue is the type of services offered and
selection of the required services for
an organisation. The services on offer
include:
Complete Risk Assessment
Services:
The Risk Advisor/Auditor needs
to be involved at all stages of the
implementation, right from the design
phase to the go-live phase of the
project. A well-defined risk assessment
programme needs to be in place before
the commencement of the project, as it
helps the PMO identify strategic and
tactical risks at the right time.
Specific Risk Assessment
Services:
These services are specially tailored to
meet the specific demand of the PMO
in which they want to identify and
mitigate specific risks, rather than a
complete risk assessment package. The
common services available are:
Internal Controls Design — targeted
to the design of internal controls.
Business Process Design — targeted
towards the design of the to-be new
business process and its alignment to
the to-be internal controls.
Software Configuration & Change
Management — targeted to the initial
configuration of the application as per
the designed business processes and
internal controls and also the design
of the change management process to
comply with the best practices.
Security Role Definitions &
Assignment — targeted towards
the definition of the roles and the
security of the application to achieve
the integrity of the system’s business
processes and applications.
Testing — targeted towards Final
User Acceptance Testing Results to
confirm the readiness of the system.
Controls Related Software — targeted
towards analysing the need of the
If you are a young adult or a small
business owner, you would tend
to engage in riskier activities that
can lead you to be victimized more
frequently. Youngsters, especially
college students, are likely to use
library computers or share computers
in their dorm rooms with roommates
and others who they do not know very
well. Small business owners tend to
complete a large number of financial
transactions by mail or over the net,
often using their personal accounts
and home address to aid in processing
these transactions.
You are also more at risk to be a victim
of fraud if you get a letter in the mail
from a company that has access to
your personal information stating
you’ve been a victim of a data breach.
While these letters are, unfortunately,
becoming pretty commonplace, it’s
important to pay close attention to
them and not simply drop them in the
recycling or the trash. The majority of
recipients tend to do so (a) because
software configuration and change
management, security role definitions
and assessment and testing, and is
done just to check out the go-live
readiness of the system.
An organisation has investments
made for the brand image perceived
in the market while implementing
business critical systems, with an
expectation that the new system to be
implemented will meet their business
objectives and control objectives,
and will catapult their organisation
into the magic quadrant. Risk-based
Auditing services can definitely
play a quality assurance role for the
implementation.
Jatin Modh is Manager IT, Mettler-
Toledo India Pvt Ltd
WHAT’S AT RISK?
they doubt the legitimacy of the letter
or (b) because they are so used to get-
ting them that they don’t really think
too much of it anymore. If you receive
one of these letters, your chances of
being victimized by an identity thief go
up to one in four. It’s not wise to sit
idly by and not worry about it.
Whether your odds are one in 20 or
one in four for becoming an iden-
tity theft victim this year, those are
pretty high odds; high enough that they
should encourage you to act. One ac-
tion you can take is to sign up with an
identity theft protection company. This
plan can include credit monitoring,
fraud detection, database monitoring,
address change notifications, a lock
on your credit file and more. It all de-
pends on how much security you want
to add to your accounts.
Of course, a higher security plan will
provide you with the most protection,
but having a basic plan is infinitely bet-
ter than having no plan of action at all.
third-party software to identify any
segregation of duties issues, audit
trail and overcome the common
deficiencies of the system.
Go-Live Readiness Assessment
— this is the combination of the
THE RISK ADVISOR/
AUDITOR NEEDS
TO BE INVOLVED AT
ALL STAGES OF THE
IMPLEMENTATION,
RIGHT FROM THE
DESIGN PHASE TO
THE GO-LIVE PHASE
OF THE PROJECT.
RISK-BASED AUDITING | INSIGHT
4 1 MA R C H 2 0 1 1 | ITNEXT
Insight_risk based management.indd 41 3/4/2011 3:52:37 PM
THE NEW
FACE OF
ZERO
Virtual Desktop
Infrastructure and
a ‘Zero Client’ model
are addressingthe
complexities of
growing eterprises
effortlessly.
CHANDRESH DEDHIA
INSIGHT | VDI
4 2 ITNEXT | MA R C H 2 0 1 1
Insight_VDI.indd 42 3/4/2011 3:58:56 PM
O
ver the past few years,
ent erpri ses have
invested in making
their datacentres more
efficient and optimising
them through server consolidation.
This works almost as an antidote to the
earlier server sprawl.
The fundamental behi nd
implementing virtualisation is that
it optimises the server’s hardware
resources, thereby decreasing costs
related to maintenance, utility power,
support and additional hardware
servers. Virtualisation has changed the
way an IT infrastructure works; there
have been profound benefits to all the
organisations from SMEs to enterprises.
Virtualisation as a model has now
matured enough for all organisations
to reap the benefits.
Enterprises have achieved the goal
of optimising their datacentre-level
hardware by way of server consolidation
or rather server virtualisation, but what
about desktops? It has been a daunting
task to manage thousands of desktops
with all the ideal system hardware and
wastage of utility power.
So, is there a way to optimise desktops
too? Yes, there sure is, and that is why
Virtual Desktop Infrastructure (VDI) is
so popular these days. Now one could
comfortably say that virtualisation as
a model is spreading its footprint from
servers to desktops.
But desktop PC management is an
overly complex job. IT departments
have to deal with a countless number
of desktops to deploy, maintain, patch,
update and track. Licencing and end
point security is also a major concern.
More often than not, each employee’s PC
is unique with customised experiences
that complicate the centralised
management of each resource. In a
nutshell, IT departments struggle to
optimally manage the huge number of
desktops deployed across the enterprise.
The ‘Zero’ effect
The ‘Zero Client’ model addresses the
complexities of a growing enterprise
with ease. It expands a desktop PC
environment from a single physical
machine to a multi-client/server
computing model. This means, a user’s
desktop is hosted remotely and accessed
via a ‘Zero Client’ device over the
network. A user no longer has a physical
PC on the desk. The ‘Zero Client’ access
devices do not use PC-based processors
or chipsets and do not run a local
operating system. All the primary
functionality is integrated into a single
chip that has an optimal set of resources
for working with the ‘Zero Client’
virtualisation software and extension
protocol. This System-on-Chip (SoC)
contains patented technologies to
deliver unmatched performance from a
very low-power device. The device also
contains a DRAM used to perform a
local screen display.
We evaluated a ‘Thin Client’ model and
‘Zero Client’model. Our organisation
Virtualisation Technology Is Not Perfect
Single point of failure, powerful ma-
chines, lower performance, and specific
applications, which can't be virtual-
ized, are among the disadvantages of
virtualisation.
Virtualization Solutions Have a Single
Point of Failure
When the machine, on which all the
virtualised solutions run, fails or when
the virtualisation solution itself fails,
this crashes everything.
Virtualisation Demands Powerful
Machines
Virtualisation might save money
because thanks to it less hardware is
required and this allows to decrease
the physical number of machines in an
enterprise but this does not mean that it
is possible to use archaic computers to
run top-notch virtualization solutions.
DISADVANTAGES OF
VIRTUALISATION
Virtualization Might Lead to Lower
Performance
Even if the machines on which virtual-
ized operating systems and virtualized
applications are run are powerful enough,
performance issues are still possible.
What is more, one of the most unpleas-
ant facts is that very often there is no
problem with a particular application
when it is not virtualized but when it is
deployed in a virtualized environment, all
sorts of issues start to surface.
Application Virtualization Is not Always
Possible
While in most cases it is not possible
to predict if a particular application
will misbehave when virtualized or not,
there are also many applications, which
are known to experience performance
degradation when virtualized. Data-
bases are one of the most common
examples of such applications
Source: www.suite101.com
VDI | INSIGHT
4 3 MA R C H 2 0 1 1 | ITNEXT
Insight_VDI.indd 43 3/4/2011 3:58:56 PM
implemented the ‘Zero Client’ solution
in two phases.
Phase 1: We started with a desktop
with a Core 2 Duo/4 GB RAM configu-
ration with a Windows 7 OS and all the
standard enterprise applications. This
desktop acted as the ‘HOST’ system
and we connected five ‘Zero Client’ de-
vices to this model. We got five virtual
desktops ready and from day one, we
began to realise the benefits.
Phase 2: Once we had more require-
ments for desktops for new hires and
desktop updates, we deployed a VM
Hypervisor on theserver hardware and
created four ‘Windows 7’ VMs, which
gave us the capacity to connect up to
40 ‘Zero Client’ devices. This model
was scalable with each ‘Windows 7’
VM that could allow adding at least 10
‘Zero Client’ devices.
Tech Specs: A ‘Zero Client’ device
consists of a SoC (System-on-Chip)
with a VGA port, USB ports, Ethernet
port, mic & speaker ports.
Business Benefits
The ‘Zero Client’ access device costs
less than half the price of entry-level
PCs and the on-going savings are
even higher. With no moving parts or
Customers receive a DCBG virtual workstations with limited access to system
resources, increasing security in terms of the danger of house leaks;
Dramatically reduce the costs of new machines (terminals) for replacement
of obsolete or defective ones;
Enhances the efficiency and extend the working condition of the existing
computers;
Easy and fast administration saves time and money in support of the
company’s IT infrastructure;
Increase labor productivity
24 hour support teams from DCBG
Benefits of Server Virtualisation
Direct customer benefits in terms of server virtualization
Reduction of the size of the data center;
Reduction of staff;
Drastically reducing maintenance costs;
Time savings in case of hardware problems and other
negative incidents
BENEFITS - DESKTOP VIRTUALISATION
S
o
u
r
c
e
:

V
i
r
t
u
a
l
i
z
a
t
i
o
n



a
d
v
a
n
t
a
g
e
s

a
n
d

b
e
n
e

t
s
,

i
n
f
o
d
a
t
a
c
e
n
t
e
r
.
c
o
m
local storage systems, repairs are very
rare and maintenance costs are kept
in check because you only have to
maintain and upgrade the shared PCs
or Virtual PC.
Also, whenever an enterprise has to
upgrade to the latest PC technology, the
‘Zero Client’users will automatically
enjoy an increase in performance.
The ‘Zero Client’ access device is the
size of a small handbook, consumes
less than 5 watts of power, generates
a negligible amount of heat, makes no
noise and produces less e-waste.
Large scale implementations
in India
The ‘Zero Client’ solution has been
successfully deployed across India & the
globe. It includes projects, like, the AP
School project — 5000 schools using
50,000 units of ‘Zero Client’ devices,
Employee State Insurance Corporation
— across India 31,000 units of ‘Zero
Client’, and, Maharashtra Knowledge
Corp Ltd (MKCL) — 1000 centres use
10,000 units of ‘Zero Client’.
Chandresh Dedhia is Sr. Manager- IT,
Fermenta Biotech
Small Setup
Desktop: Core2Duo/4 GB Ram
Windows 7 OS
Supports up to five‘Zero
Client’devices
Large Setup
Server: Quad Core/16 GB RAM
VMware ESX/Xen Server/
Microsoft Hyper-V
Windows 2008 R2 OS
Up to 30 ‘Zero Client’ devices
supported per Windows 2008
R2 VM
E.g.: 4 Windows 2008 R2 VM x
30 ‘Zero Client’devices = 120
‘Zero Client’devices
INSIGHT | VDI
4 4 ITNEXT | MA R C H 2 0 1 1
Insight_VDI.indd 44 3/4/2011 3:58:57 PM
INTERVIEW | SUDHIR NARANG
4 6 ITNEXT | MA R C H 2 0 1 1
“IT IS NO
LONGER JUST A
COST CENTRE”
BT has recently
announced its plans
to invest heavily across the
Asia-Pacific (APAC) region.
What were the reasons for
this and what opportunities
are you looking at?
At BT Global Services, we actu-
ally follow our customers. That
means most of our expansion
programmes are aligned with the
way customers and their needs
grow. We are investing in the
APAC growth and new services,
and expanding in the fast-grow-
ing Asia-Pacific market, where
we already have a strong market
presence. To meet clients’ expec-
tations, we are working on a pro-
gramme, through which, we plan
to expand our platform across
the APAC. And this will begin
from investing in an additional
portfolio and resource capability
that will be aligned to the growth
plans of our global customers,
as our base continues to expand
across the Asia-Pacific. This
means that all the services that
are available to our global cus-
tomers, in the US or in Europe,
will also be available seamlessly
to our customers across the APAC
region as well. Since we plan to
expand our platform, we would
also need a higher skill set to sup-
port that model. We are recruiting
over 300 people in the region for
the same. In terms of sectors, we
aim to drive market leadership in
four key areas over the next three
years, namely, network services,
managed security, unified com-
munications and contact centres.
We will create technology show-
case centres where customers
can interact directly with BT’s
leading-edge products.
How will this impact BT’s
India operations?
India and China are emerging
countries. This investment that
we are making will help these
economies as well. We have
grown in terms of customer
acquisition in India. In 2007,
we got licences for NLD/ILD in
India after the acquisition of i2i.
Since then, out of the 300 people
we have hired, 60 to 70 people
have been from India. We aim to
provide our global portfolio of
solutions to the Indian custom-
ers as well. With this expansion
programme, we are bringing
eight to nine services, including
voice, cloud and telepresence
services, into the market. In the
past, we have invested signifi-
cantly in key IP platforms and
transfer of services onto an inte-
grated platform for voice, video
and data. Core services offered
in the Asia-Pacific region include
convergence, customer relation-
ship management, conferencing,
outsourcing, security, IT transfor-
mation and mobility.
You said the business model
works in line with the vary-
ing market demands, and
that calls for innovation. How
have you planned for it?
When you talk about innovation,
whether it’s in terms of technol-
In India, British Telecom (BT) has its network presence in eight key
business locations from where it connects its customers with its
managed global IP network. In a candid interaction, Sudhir Narang,
Managing Director, BT India, talks with Jatinder Singh about
the company’s strategies, new technologies and changing business
Interview-new.indd 46 3/4/2011 4:01:49 PM
SUDHIR NARANG | INTERVIEW
4 7 MA R C H 2 0 1 1 | ITNEXT
Interview-new.indd 47 3/4/2011 4:01:54 PM
INTERVIEW | SUDHIR NARANG
4 8 ITNEXT | MA R C H 2 0 1 1

“With our expansion
programme, we
are bringing many
services, including
voice, cloud and
telepresence in the
APAC region”
ogy or in terms of a commercial
model, or IPR, it varies. While we
are expanding our platforms and
hiring talent, we also understand
that in a commercial model, the
customer requires something
that’s exclusively for him, and
that’s where innovation comes
in. For any business, the com-
mercial model should be totally
aligned to the customer require-
ments. One should innovate with
the commercial model. It’s not
about revenue sharing, but more
about outcome-based commercial
modelling. Hence, we work upon
a customer satisfaction model.
For instance, we have custom-
ers across the sectors. However,
except IT or ITeS clients, not too
many have understood the con-
cept of outsourcing in its entirety.
We understand that in terms of
commercial value, most compa-
nies are under pressure because
of CAPEX. We are innovating
along with them, too, by offering
them selective outsourcing, with
a very strong SLA-based model-
ling. You might not necessarily
have a revenue-sharing model,
but it must be a value-based
model for customers.
Do you think the outsourcing
priorities of businesses have
changed majorly in the post-
recession era?
Companies here are much more
open, much more advanced in
terms of outsourcing, and it is
strategy outsourcing which has
proven its strength. You are giv-
ing a piece of the operations to
people who are best at doing
those things. Earlier, the key fac-
tor behind the outsourcing model
was time and money (T&M).
However, recession has taught us
a lesson. Now businesses are ask-
ing whether they should continue
negotiating about T&M, or opt for
an outcome-based model. There
is definitely a shift in the indus-
try’s buying behaviour. Earlier,
vendors used to define their own
SLAs, but now since they have
varied customers, they have to
provide the right combination to
keep a customer happy. Now, you
can measure everything.
BT has also been a strong
advocate of cloud comput-
ing. Will implementing a
cloud strategy help service
providers?
Cloud services help service
providers and enterprises to
be agile and responsive. In the
modern world, IT heads also get
connected to their businesses.
For them, IT is no longer just
a cost centre, but is a business
centre as well. Some of the key
questions included in their
cloud strategy are: Does it really
help us to create a green envi-
ronment? Will it help improv-
ing the existing efficiencies? Is
it possible to sustain the tech-
nology longer? Unless they get
the support, and their queries
are resolved properly, this tech-
nology can’t be accepted. That
means pressure is back on the
technology providers and ser-
vice providers. And they have
also started working on specific
solutions, which could meet spe-
cific demands and needs.
Find other inter-
views online on
the website
www.itnext.
in/resources/
interviews
Interview-new.indd 48 3/4/2011 4:01:57 PM
4 9 MA R C H 2 0 1 1 | ITNEXT
Strategy CIO on demand THIS PAGE
People Management Having the best of
both worlds PAGE 53
Healthy habits Excercises at office PAGE 50
A
CIO-on-Demand ser-
vice or an ‘Outsourced
CIO’ may be a fairly
new terminology in
the Indian scenario
and it may sound conceptually simi-
lar to outsourcing the IT needs of an
organisation, but the difference lies
in the core essence of the service ren-
dered. The service provides an afford-
able way to inject a blue chip CIO’s
leadership to the business of an SME
that cannot afford a full-timeCIO, as
part of an interim management.
The service works with the business
to manage the demand for technology
needs in a timely manner. It is an
on-going management service for
SMEs in need of direction to bridge the
gap between business and technology.
It helps organisations align themselves
between business strategy and IT
strategy by providing a roadmap for the
IT function of an organisation backed
by an offshore team to guide it forward.
The need for CIO-on-
Demand services
Every organisation needs somebody
who can join in on calls for vendor or
service provider selection, to make sure
that the organisation’s interest is been
looked after.
TRAINING
EDUCATION
WORKPLACE
COMPENSATION
WORKFORCE TRENDS
SKILLS DEVELOPMENT
PERSONAL DEVELOPMENT
BATTLE
FOR
THE
FUTURE
PAGE 52
OUTSOURCING
CIO-ON-
DEMAND
The CIO-on-Demand service helps
to infuse a top CIO’s leadership to a
business that can’t afford a full-time CIO
15MINUTE
M A N A G E R
BY VISHAL ANAND GUPTA
P
H
O
T
O
G
R
A
P
H
Y
:

P
H
O
T
O
S
.
C
O
M
15 Minutes Manager.indd 49 3/4/2011 3:01:10 PM
15-MINUTE MANAGER
5 0 ITNEXT | MA R C H 2 0 1 1
P
H
O
T
O
G
R
A
P
H
Y
:

P
H
O
T
O
S
.
C
O
M
Sitting all day at the office can be quite taxing
to the body. But that should not be a deter-
ance, as here are some quick office exercises
that can be done on the go.
Office chair squat
This exercise can be one of the most effective
body-strengthening movements. Begin by
standing as tall as possible and relaxing your
shoulders. Lift your toes up to the top of your
shoes. While keeping your back perfectly
straight, lower your hips to within 1 inch from
the seat of your chair. Perform a 10-second
hold at the bottom of the rep. Remember to
keep your knees well behind your toes. Your
hips should be the first muscles to lift your
body back to the standing position.
Desk press
This strengthens both your upper body and
core. While keeping your body in a straight
line using your core muscles, hold a push-up
position with your elbows at a 90-degree
angle. While holding this position, execute 10
knee-drives, followed by 5 push-ups. Repeat
3 to 4 reps.
Business flight
This office exercise targets the hamstrings
and the mid-back regions. Begin by standing
as tall as possible. Pull your head and your
shoulders back and down to create a “perfect
posture” position. Using your hips as a hinge,
bend over while standing on one leg and ex-
tending the other leg so that it and your torso
are parallel to the floor. Hold for 3 seconds,
then return to the original starting position.
Perform this exercise for 1 minute before
switching legs and repeating.
Doing a minimum of 35-50
pushups daily takes from
1-4 minutes and will help
you prevent muscle strains
EXERCISES @ OFFICE
HEALTHY HABITS
Most SMEs do not require a full-time
IT Head. Even if they hire a full-time
CIO, the technical requirement is
not sufficient to keep the CIO occu-
pied full-time; hence he is often also
assigned non-technical responsibili-
ties, which in turn diminishes the core
job profile of a CIO.
On a broader scope, the services
offered by a seasoned CIO range
from strategy planning to defining
a roadmap for IT acceleration, to
defining the annual IT budget that
is aligned with business priorities,
to something as simple as to helping
select and implement a project.
Categorically, the consultancy services
offered by a CIO for a product’s core
could include:
Business process review to identify
the gaps in processes and increase over-
all productivity.
Business-effective infrastructure
readiness assessment for the need to
simplify. Automate and standardise
processes to improve service levels,
increase performance while reducing
downtime and cost.
IT service desk for consistent, efficient
service management issue resolution.
Datacentremanagement for
increased productivity, efficiency
through better SLA management to
upkeep/maintain uptime of power,
servers, applications, database, secu-
rity solutions, network, etc.
End user support to provide a hetero-
geneous environment, resulting from
silo-focused system deployment.
Database services/management for
secure and accessible services without
building additional infrastructure or
increasing administrative workload.
Application management services-
from SLA maintenance of application
availability to cross integration for
better productivity, delivery and per-
formance.
IT project management for achieve-
ment of business goals.
Managed security services to
increase responsiveness, scalability,
flexibility for ensured data privacy in
an increasingly complex and dynamic
security threat environment.
Office chair squats
can be one of the
most effective
body-strengthen-
ing movements.
FACTS
While the desk press
exercise strengthens
both your upper body and
core, the business flight
exercise will target the
hamstrings and the mid-
back regions.
15 Minutes Manager.indd 50 3/4/2011 3:01:12 PM
15-MINUTE MANAGER
5 1 MA R C H 2 0 1 1 | ITNEXT
Network management for monitoring
multi-location activities; maintain hetero-
geneous network topology for improved
availability of the business systems.
Inventory management for monitor-
ing and managing IT assets for opti-
mised cost and better utilisation.
Develop and manage an annual IT
budget plan that is aligned with busi-
ness priorities.
Changes in the IT
department over time
In the ‘90s, IT was merely an Electri-
calData Processing centrewithin each
department (the EDP section), which
reported to line managers from middle
management, who reported to top man-
agement. The command flowed from
top to bottom and in reverse order.
EDP’s core job was handling MIS and
looking after hardware issues ofthe
organisation.
This approach changed in 2000 when
the IT department became a facilitator
towards achieving the strategic goals of the
business. This was when Organisational
Integrated Application was implemented;
all departments were on a single platform
and monitored accordingly. The IT Head
came into the picture and now worked on
guidelines given by top management, in
tandem with peers.
Today, IT is a full-fledged department
which reports to the CIO who is part of
top management.
SMEs to a certain extent still followthe
historical IT approach, although some
have adopted other approaches. It is
not feasible or affordable for an SME to
adopt a layered approach. And this is
where an outsourced CIO comes in — a
modern-day IT approach.
The outsourced CIO is an outside
entity executing the role and all the
A CIO-ON-DEMAND HELPS THE
ORGANISATION GAIN ACCESS TO
KNOWLEDGEABLE WORLDWIDE A
INDUSTRY-SPECIFIC RESOURCES.
“If you’re serving
people & giving people
what they ask for, it
might not be what
they need. It’s always
good to create healthy
tension.”
—Mike Rose, CIO, EVP, Juniper
“I sincerely try to be
honest to myself first
and then to others
as well”
—Sudhir Arya,
Senior Vice President, Amtek
WHAT MAKES A
GOOD LEADER?
Communicate your emotions
Effective leaders are masters of the
classical elements of rhetoric.
Truth should be told
A key element of being a good busi-
ness leader is the capacity to tell the
hard truths.
Invite criticism
We all make mistakes. The important
thing is to find our mistakes before
they get too big. All committee leaders
should ask “What criticism do you have
of me?” to their members.
Beware of opportunism
Leaders should uphold the principle
that work is good & honorable, that the
hardest-working people are the best
people, and that lazy & opportunistic
people should be called what they are.
Don’t be arrogant
Leaders should commend those who
have done good work; & members
should praise leaders who have pro-
vided good direction.
15 Minutes Manager.indd 51 3/4/2011 3:01:17 PM
15-MINUTE MANAGER
5 2 ITNEXT | MA R C H 2 0 1 1
As war between tablets, smart phones, laptops and netbooks heats up in 2011,
let’s analyse which one will suit what type of usage.
1
MULTIMEDIA CONSUMPTION: The tablets, with their 5-inch, 7-inch and
10-inch screens offered a much better experience than the good old
smartphone. And they offered the same performance in a form factor much more
convenient to carry around than the netbook and laptop. Most tablets offer
extremely good multimedia playback in general. Some may suffer if you are
looking to play back HD video content, but will do just fine with standard definition
videos and your music library.
2
DOCUMENT VIEWING/EDITING: For document viewing, the tablet is a
lot more convenient than the smartphone and the laptop. The 7-inch and
10-screen tablets offer a lot of screen space. However, if you have to churn out a
complete article or make a presentation on the move, then a netbook will suit your
requirement. A tablet, with its touch-only screen, will make typing out long text
documents a bit of a pain. Or use a phone with a QWERTY keypad.
3
PHONE USE (VOICE CALLS): The smartphone will be the best compan-
ion here. It fits in your pocket. You can take it out when the phone rings and
see who is calling before deciding whether to answer or not. With a tablet, you can
only see who is calling if the device is in your hands at that time.
4
PHONE USE (TEXT SMS & EMAILS): For the serious text and email
user, a touchscreen phone has never been an option. It has always been a
QWERTY keypad loaded phone. This is why the heavy text and email users prefer
something like a Blackberry phone. The touchscreen bit limits the tablets as well,
along with touchscreen phones. If you rely on text messages and/or emails on the
move, we would recommend you use a phone with a physical QWERTY keypad.
5
GAMING: In this segment, not all tablets are equal. The ones with iOS and
Windows 7 have an advantage over Android tablets. iOS and Windows
tablets have a lot more games available to them, while Android as a platform is
still playing catch-up.
— Vishal Mathur
responsibilities of a full-time CIO,
working in tandem with the top
management and not as part of a business
approach layer; working in conjunction
with the business owner / share holder
to meet and streamline the IT roadmap to
meet the strategic business goals.
The Business Value of
a CIO on Demand
From an operational point of view, an
organisation gets quick answersto ques-
tions on what products or applications
to opt for and getsproper feedback per-
taining to them.
They help the organisation gain
access to knowledgeable worldwide
and industry-specific resources. They
serve as a ready performance reference
for a service provider’s assessment and
deployment of services. With hands-on
project management, licensing and
pricing policy of vendors, they provide
the best technology decision support.
With a vast experience pool, they
package best practices to handle specific
projects based on discussions with
peers of the organisation on past project
handling techniques.
They enhance the business
value of the implemented project
by implementing project portfolio
management techniques which
ultimately helps the organisation
move towards a leaner, meaner IT
organisation.
On the strategic front, they act as
a catalyst that helps devise a long-
term IT strategy roadmap, aligned
with technological needs, to serve the
business.
They conduct a pencil review of
strategic documents by organising IT
and Business Integration sessions.
They help chart a service provider’s
relationship roadmap based on SLA
terms with the business.
The ultimate outcome of their
services is package implementation
of total cost of ownership to position
the business value of the technology
investment.
The author is Deputy Manager (System),
The Calcutta Medical Research Institute.
THE BATTLE FOR
THE FUTURE
COMPUTING PLATFORMS
I
L
L
U
S
T
R
A
T
I
O
N
:

P
H
O
T
O
S
.
C
O
M
15 Minutes Manager.indd 52 3/4/2011 3:01:19 PM
15-MINUTE MANAGER
5 3 MA R C H 2 0 1 1 | ITNEXT
Sears India has attracted a large
pool of talent with their option to
‘work from home’, making the most of
technology advancements.
BY ALOK KUMAR
T
echnology has made it pos-
sible for every employee
not involved in physical-
work to work from any
location. It is a common
practice in the US to telecommute and is
being projected as an effective measures
to save the environment.
In India, although the practice is
much talked about, it has not caught
the fancy of the corporate world or
is being used very cautiously. The
adoption of this practice has been
rather slow in this part of the world
and is mostly limited to MNCs who
already have the practicein place, in
their country of origin.
When I started Sears India, one of the
main factors that attracted talent to us
was the option to ‘work from anywhere’,
leveraging the advancements in
technology. Sears India took a bold step
to implement this practice right from
Day One.
The management team was under
the impression that this practicewhich
is common in the US, can easily be
replicated in India, and it would be better
to have a smaller office with several
people working from home, all the time.
We also deliberated over the question
that if we created larger work spaces and
made it compulsory for every employee
to come to office, how could we make the
employees more productive?
As a company, we made a policy of
providing every employee a company
laptop, secured with a company image
and VPN, a broadband data card or a
fixed line connection and a mobile phone
connection. Each laptop is loaded with
a Microsoft communicator and also an
AT&T Connect, which helps with voice
and video calls from the laptops.
We soon realised that it is a
tremendous tool to bring in higher
productivity and retain employees, if
managed properly.
Over more than one year of working
with this policy, we encountered several
cases which helped us fine-tune the policy
to benefit the company immensely.
While the policy worked very well
with some employees, it was not very
HAVING THE
BEST OF BOTH
WORLDS
PEOPLE MANAGEMENT
I
L
L
U
S
T
R
A
T
I
O
N
:
S
H
I
G
I
L

N
15 Minutes Manager.indd 53 3/4/2011 3:01:21 PM
15-MINUTE MANAGER
5 4 ITNEXT | MA R C H 2 0 1 1
work from home. If the infrastructure
was inadequate, the employee was
helped to upgrade the same at the
company’s cost and only then allowed to
work from home. The third step we took
was to define clear deliverables while
the employee worked from outside the
office. This ensured that there was a
definite amount of work for the person
to do from home.
The team managers were held
accountable for the timely delivery of
the services they were assigned, and
were made accountable to regulate the
work of their home-based staff if that
affected the output.
Since each employee of Sears India
is provided with a company laptop
which has a corporate build installed,
it makes the laptop very safe. No one is
allowed to work without logging on to
the corporate VPN whereby all security
policies are automatically enabled on
the employee’s machine.
A year later, we now have 28% of our
employees working remotely for four to
ten days in a month. We have observed
that there have been no delays or issues
from the user community and the
feedback from employees on this policy
have been excellent.
In fact, the company is able to provide
services to the user community at
odd hours 24x7, through the domain
experts who can work from home as
and when required. This has also been a
blessing for female employees who have
other duties to fulfil apart from work.
Working late nights from home has also
become possible for female employees
and other staff who have personal
duties to fulfil.
Our analysis also revealed that the
productivity of the work from home
employee is the same or higher than
the office staff. We’ve been able to hire
better talent and make an optimal use of
it by offering this freedom. CIOs should
motivate and enable employees to try out
such avenues which help them remain
productive for their organisations and
balance family life.
The author is MD & Head - India Operations, Sears
IT & Management Services (India) Pvt. Ltd.
only with the manager’s permission
and intimation. This ensured that there
were no surprises when the person
wasactually needed on site. This was
followed by an audit check to see if the
employee had the right infrastructure to
effective for a few. Eventually, we
figured that we needed to add some
regulations around the policy to make
working from home truly effective.
The first element we initiated was
that work from home was an option
1. Place of publication Nine Dot Nine Mediaworx Pvt. Ltd., A-262,
Defence Colony, New Delhi-110024
2. Periodicity of its publication Monthly
3. Printer’s name Vikas Gupta
Nationality Indian
(a) Whether a citizen of India? Yes
(b) If a foreigner, the country of origin N.A.
Address A-262, Defence Colony, New Delhi-110024
4. Publisher’s name Vikas Gupta
Nationality Indian
(a) Whether a citizen of India? Yes
(b) If a foreigner, the country of origin N.A.
Address A-262, Defence Colony, New Delhi-110024
5. Editor’s name Vikas Gupta
Nationality Indian
(a) Whether a citizen of India? Yes
(b) If a foreigner, the country of origin N.A.
Address A-262, Defence Colony, New Delhi-110024
6. Names and addresses of individuals
who own the newspaper and partners or
shareholders holding more than one
per cent of the total capital
Pramath Raj Sinha, N-154 Panchsheel Park,
New Delhi 110017.
Vikas Gupta, C-5/10 Safdarjung
Development Area, New Delhi 110016
Asheesh Kumar Gupta, 103, Tower II, The
Palms, South City-1, Gurgaon 122001
Anuradha Das Mathur, C-144, Sarvodaya
Enclave, New Delhi 110017
Kanak Ranjan Ghosh, BH-44, Sector II, Salt
Lake City, Kolkata 700091
Helion Venture Partners India II, LLC, Les
Cascades Building, Edith Cavell Street, Port
Louis, Mauritius
TVS Shriram Growth Fund I, JE
JayaLakshmi Estate # 29, Haddows Road,
Nungambakkam, Chennai 600006
Form IV
Statement of ownership and other particulars about the
publication, IT NEXT as per Rule 8
I, Vikas Gupta hereby declare that the particulars given above are true to the best
of my knowledge and belief.
Sd/-
Dated : 1st March, 2011 (Signature of Publisher)
15 Minutes Manager.indd 54 3/4/2011 3:01:22 PM
UPDATE
5 5 MA R C H 2 0 1 1 | ITNEXT
A platform to air your views on latest
developments and issues that impact you
UNNI NAIR,
MANAGER IT,
ARAMEX
To be honest, Face-
Book has become a big
distraction within the
enterprise space. Not
only do most employees
spend much time on
this social networking
medium, it also chokes
up the bandwidth with
all the videos that are
being played on it. There
needs to be some sort of
control that needs to be
employed to check the
situation. According to
me, the best thing will
be to adopt a policy that
states clearly what is ac-
ceptable and what is not.
But even then, I don’t
think blocking or banning
sites like facebook will
help. For all you know,
such a step could be
counter-productive.
CHETAN
MANJREKAR,
MANAGER
IT, SKYPAK
FINANCIAL
SECURITIES
The biggest danger that
social network sites like
FaceBook and Twitter
face is in terms of infor-
mation security. What
happens if an employee
inadvertently divulges
privileged information
on the sites? There have
been numerous such
cases in the past. If any
confidential information
is mistakingly revealed
on any online social me-
dium, other organisations
might use it for their own
advantage, thus putting
the company in peril. So,
employees need to be
carefully educated on
how to use these sites
and not ban them.
SUDISH BALAN,
BUSINESS
DIRECTOR,
TONIC MEDIA
Blocking Facebook can
be counter-productive.
As it is, most people
check their accounts
on their mobile phones.
Hence, banning it on the
enterprise network won’t
prove to be of much
help. It could also send
wrong signals to the
employees in lieu with
transparency and open-
ness and there could
be instances where
employees by-pass the
firewall using third-party
sites. On the contrary,
the enterprise could
look at a good substitute
like Chatter or Yammer.
If the employees are
hooked on such sites, it
could be a good alterna-
tive to Facebook.
Should enterprises
ban FaceBook?
OPEN DEBATE
Your views and opinion matter to us. Send us your feedback on stories and the
magazine to the Editor at [email protected]

BOOK FOR YOU
Banking Villians
Liaquat Ahamed’s first book has
made the great depression of 1920s
readable. Bankers can write.
STAR VALUE:
IT NEXT VERDICT
The jargon-free account of the futile attempts
of central bankers is a must read for everyone
who has played in the hands of recession.
TITLE: LORDS OF FINANCE
AUTHOR: LIAQUAT AHAMED
PUBLISHER: WILLIAM
HEINEMANN
PRICE: RS 1199
There’s an old saying, “When nothing
else works, blame the bankers.” After
the fiscal collapse of a few iconic banks
in 2008 around the world, we have adu-
lated anyone who has written against
the ‘greedy bankers’. Banking on this
hate wave, Liaquat Ahamed, a banker by
profession, has come out with his first
title called ‘Lords of Finance’, a book on
the collapse of the world economy from
1929-1933, a.k.a. the great depression.
The plot of Britain, France, and Germany
in ruins – with their economies saddled
with debts, population impoverished by
rising prices, and their currency collaps-
ing with unemployed youth, would easily
qualify as a riveting script for the next
Quentin Tarantino cult. With the central
bankers as protagonists, the book traces
back their efforts to reconstruct the
system of international finance after
the First World War. Though they did
succeed for a while in between (mid-
1920s) – when the world currencies
were stabalised, capital became readily
available and economic growth resumed
once again – the cracks appeared in the
fragile picture of prosperity soon.
OpenDebate.indd 55 3/4/2011 4:40:13 PM
MY LOG
5 6 ITNEXT | MA R C H 2 0 1 1
15-MINUTE MANAGER
5 2 ITNEXT | MA R C H 2 0 1 1
As the war between tablets, smart phones, laptops and netbooks heats up in
2011, let’s analyse which one will suit what type of usage.
1 MULTIMEDIA CONSUMPTION: The tablets, with their 5-inch, 7-inch and
10-inch screens offered a much better experience than the good old
smartphone. And they offered the same performance in a formfactor much more
convenient to carry around than the netbook and laptop. Most tablets offer
extremely good multimedia playback in general. Some may suffer if you are
looking to play back HD video content, but will do just fine with standard definition
videos and your music library.
2 DOCUMENT VIEWING/EDITING: For document viewing, the tablet is a
lot more convenient than the smartphone and the laptop. The 7-inch and
10-screen tablets offer a lot of screen space. However, if you have to churn out a
complete article or make a presentation on the move, then a netbook will suit your
requirement. A tablet, with its touch-only screen, will make typing out long text
documents a bit of a pain. Or use a phone with a QWERTY keypad.
3 PHONE USE (VOICE CALLS): The smartphone will be the best compan-
ion here. It fits in your pocket. You can take it out when the phone rings and
see who is calling before deciding whether to answer or not. With a tablet, you can
only see who is calling if the device is in your hands at that time.
4 PHONE USE (TEXT SMS & EMAILS): For the serious text and email
user, a touchscreen phone has never been an option. It has always been a
QWERTY keypad loaded phone. This is why the heavy text and email users prefer
something like a Blackberry phone. The touchscreen bit limits the tablets as well,
along with touchscreen phones. If you rely on text messages and/or emails on the
move, we would recommend you use a phone with a physical QWERTY keypad.
5 GAMING: In this segment, not all tablets are equal. The ones with iOS and
Windows 7 have an advantage over Android tablets. iOS and Windows
tablets have a lot more games available to them, while Android as a platformis
still playing catch-up.
— Vishal Mathur
responsibilities of a full-time CIO,
working in tandem with the top
management andnot aspart of abusiness
approach layer; working in conjunction
with the business owner / share holder
tomeet andstreamline the ITroadmapto
meet the strategic business goals.
The Business Value of
a CIO on Demand
From an operational point of view, an
organisationgets quickanswersto ques-
tions on what products or applications
to opt for and getsproper feedback per-
taining to them.
They help the organisation gain
access to knowledgeable worldwide
and industry-specific resources. They
serve as a ready performance reference
for a service provider’s assessment and
deployment of services. With hands-on
project management, licensing and
pricing policy of vendors, they provide
the best technology decision support.
With a vast experience pool, they
package best practices to handle specific
projects based on discussions with
peers of the organisationonpast project
handling techniques.
They enhance the business
value of the implemented project
by implementing project portfolio
management techniques which
ultimately helps the organisation
move towards a leaner, meaner IT
organisation.
On the strategic front, they act as
a catalyst that helps devise a long-
term IT strategy roadmap, aligned
with technological needs, to serve the
business.
They conduct a pencil review of
strategic documents by organising IT
and Business Integration sessions.
They help chart a service provider’s
relationship roadmap based on SLA
terms with the business.
The ultimate outcome of their
services is package implementation
of total cost of ownership to position
the business value of the technology
investment.
The author is Deputy Manager (System), The Calcutta Medical Research Institute.
THEBATTLEFOR
THEFUTURE
COMPUTING PLATFORMS
ILLUSTRATION: PHOTOS.COM
15-MINUTE MANAGER
5 3 MA R C H 2 0 1 1 | ITNEXT
SearsIndiahasattractedalarge
pool of talent withtheiroptionto
‘workfromhome’, makingthemost of
technologyadvancements.
BY ALOK KUMAR
T
echnologyhas made it pos-
sible for every employee
not involved in physical-
work to work from any
location. It is a common
practice inthe USto telecommute andis
being projectedas aneffective measures
to save the environment.
In India, although the practice is
much talked about, it has not caught
the fancy of the corporate world or
is being used very cautiously. The
adoption of this practice has been
rather slow in this part of the world
and is mostly limited to MNCs who
already have the practicein place, in
their country of origin.
WhenI startedSears India, one of the
main factors that attracted talent to us
was the optionto‘workfromanywhere’,
leveraging the advancements in
technology. Sears India took a bold step
to implement this practice right from
Day One.
The management team was under
the impression that this practicewhich
is common in the US, can easily be
replicatedinIndia, andit wouldbe better
to have a smaller office with several
people working fromhome, all the time.
We also deliberatedover the question
that if we createdlarger workspaces and
made it compulsory for every employee
tocome tooffice, howcouldwe make the
employees more productive?
As a company, we made a policy of
providing every employee a company
laptop, secured with a company image
and VPN, a broadband data card or a
fixedline connectionanda mobile phone
connection. Each laptop is loaded with
a Microsoft communicator and also an
AT&T Connect, which helps with voice
andvideo calls fromthe laptops.
We soon realised that it is a
tremendous tool to bring in higher
productivity and retain employees, if
managed properly.
Over more than one year of working
with this policy, we encountered several
caseswhichhelpedusfine-tunethepolicy
to benefit the companyimmensely.
While the policy worked very well
with some employees, it was not very
HAVINGTHE
BESTOFBOTH
WORLDS
PEOPLE MANAGEMENT
ILLUSTRATION:SHIGIL N
PHOTOGRAPHY: JAYAN K NARAYANAN
T
H
E
RUN
R
IS
K
Incorporatinga Risk-based
Auditingmanagement system
is one of the most effective
solutions for the successful
implementations of business
critical ITsystems.
JATIN MODH
C
hoosing the right business critical IT systems that will
meet an organisation’s business requirements is the
first and most important decision towards accomplish-
ing successful implementation; closely followed by the
choice of the system integrator or implementer. During
the implementation, organisations face several significant challenges
or tasks whichtheyneedtoovercome. These include the reengineering
of the current business processes, reconfigurationof existingcontrols,
adoption of the newbusiness processes and new
RISK-BASED AUDITING | INSIGHT
3 9 MA R C H 2 0 1 1 | ITNEXT
internal controls. Hence the need
to integrate a Risk-based Auditing
management system is recognised
as one of the keys to successful
implementations of business critical IT
systems. The focus here is on the best
practices which need to be followed
for risk-based auditing during the
implementation cycle.
In a typical implementation cycle,
the Project Management Office (PMO)
is engaged or responsible for the
risk assessment processes. The most
common risk management standards
used by the PMO are ISO 31000:2009
and Enterprise Risk Management –
Integrated Framework (COSO ERM).
The PMO has the most obvious
risk to assess — whether the project
is ready to go live. Apart from this,
there are several other risks which
need to be mitigated for successful
implementation. Some examples are:
Compliancewithindustryregulations
such as BASEL II, PCI DSS, HIPAA,
etc.
Compliance with various national,
state and local data security and
privacy laws.
Risk that business requirements
will not be fulfilled during the
implementation.
Risk that business requirements are
not properly confirmed during the
testing process.
Riskof delayandbudget overshooting
during the implementation.
Stability of the application.
Internal & external security systems.
Every firm doesn’t have the same
degree of risk appetite and risk
mitigating controls. The PMO has
its limitations in the form of expert
manpower & time, to mitigate all the
risks which arise out of huge business
critical implementation projects.
Howcanthe PMOeffectivelyidentify
and manage risk in such business
critical implementations? The answer
is to have a Risk Advisor/Auditor who
will provide vital inputs withcorrective
actions at the critical stages of the
implementation, to the PMO.
sure that it gets qualified resources for
both the implementation and the risk-
based auditing services.
Pros:
Project Planning is well integrated
and more seamless, as both the
services are provided by a single
entity.
Resources are well managed since
there are lesser coordination and
conflict efforts involved.
Cons:
Independence and objectivity of the
auditing function is eliminated.
Inherent conflict of interest between
the implementation staff and the
auditing staff on achieving on time
and on budget can lead to quality
issues and risks left unaddressed.
2
Organisation’s audit firm
providing Risk-based Auditing
services
This is one of the common approaches
followed.
Pros:
Anindependent reviewof the project
status, deliverables and results
are obtained and will protect the
organisation from facing any issues
from their stakeholders against any
critical decision made during the
implementation.
As they are already aware of the
existing processes and controls, the
design of the new processes and
controls, and acceptance of the same
is easier.
Cons:
The skill sets and experience of the
consultants in the implementation or
in use of the application might not be
adequate.
3
Independent firm providing
Risk-based Auditing services
This is one of the most
professional approaches.
Pros:
The consultants are focused and
experienced, and experts in their
respective domain.
An independent review in the true
sense is achieved without a bias
towards any firm or stakeholder.
IDENTITY
THEFT
STATISTICS
2010
The average cost for a business to
recover from a data breach is $6.75
Million. The average cost to implement
identity theft, social engineering and
data breach training? In most cases,
less than $50,000.
62% of those breaches reported
exposed Social Security Numbers,
and 26% involved credit or debt card
information.
15.7% of the data breaches involved
state and federal agencies and the
military. Medical and health care facili-
ties accounted for 24.2%, educational
institutions accounted for 9.8% and the
banking industry, 8.2%. That leaves
businesses as the largest percentage of
breaches - 42.1%.
Malicious attacks, according to the
report, account for more breaches than
human error - the former constitutes
about 17% of breaches, while the lat-
ter, just 15%. However, almost 40% of
those breaches reported did not identify
the manner in which information was
exposed.
Although the risks of hacked databases
often make headlines, the report finds
that paper breaches account for nearly
20% of known breaches.
Only 200 of the 662 breaches were
credited to information provided by
states and agencies with mandatory
reporting.
Source: Identity Theft Resource Center
THE THREE SUGGESTED
APPROACHES ARE:
1
Implementer providing the Risk-
based Auditing services
The organisation must make
INSIGHT | RISK-BASED AUDITING
4 0 ITNEXT | MA R C H 2 0 1 1
From
‘Ignorance
Tolerated’
to IT
Loweconnect is regardedas amodel
solution in the advertisingindustry.
Here’swhy…
BY PRAVIN SAVANT
W
hat ’s common
between ‘ Daag
Acche Hain’ and
Microsoft Share-
point server? Well,
both are recognised ideas which have
made an impact and stay with you for
a very long time. And each of these was
createdbyLowe Lintas andyes, inciden-
tally, they also use the Microsoft Share-
point server in a very productive way.
Lowe Lintas is one of India’s top
advertising agencies and it believes
that the greatest service it can render
is the power of a high-value idea.
The company has built a reputation
for quality and innovative services,
and it relies on a robust information
technology environment to help deliver
what its customers need.
Unfortunately, until about a year
ago, it was difficult to share creative
work across all its offices in India, in
order to generate more region-wise
ideas, brand building, feedback, and
launch a national-level campaign.
While most of the work done by
creative individuals was brilliant
and a huge asset for the organisation,
there was no central repository of
the same, for future reference or any
other business usage. This limitation
imposed constraints on collaboration
and managing knowledge effectively.
This lack of a knowledge base and
collaboration made the organisation
person-dependent rather than process-
dependent. Especially, when there are
almost 800talentedemployees working
across brand servicing, planning,
creative, operations and production
- creating in excess of thousands of
artwork. Anything to facilitate this
process would obviously have a direct
impact on the organisation.
We soon realised that we needed to
develop an efficient portal environment
that would enable us to share
information and collaborate easily
within and across business units. So,
we decided to implement a solution that
could satisfy a range of business needs.
This needed to serve as a potential
knowledge management system that
provided the ability to easily publish
WEDECIDEDTO
IMPLEMENTA
SOLUTIONTHAT
COULDSATISFYA
RANGEOFBUSINESS
NEEDSTODEVELOP
ANEFFICIENTPORTAL
ENVIRONMENT.
KNOWLEDGEMANAGEMENT
2 6 ITNEXT | MA R C H 2 0 1 1
CASE STUDY | LOWE INDIA
Wechosetogowith
anOfficeSharePoint
Server, as it satisfied
our criteria&we
felt confident inthe
Microsoft platform.
documents on the intranet, effectively
search for information, collaborate
and share information among all
business units. Then, it was time for the
implementation. To set the ball rolling,
change management, business support
and involvement were key factors.
Essentially, it implied that the solution
had to be robust, scalable from a long-
term perspective and at the same time
had to be simple to use.
“We chose to go with anOffice
SharePoint Server because it satisfied
all our criteria and we felt confident
in the Microsoft platform,” says our
CTO Pravin Savant. “With the Office
SharePoint Server, we not onlyreceived
a great deal of value for our investment,
but we were also able to put effective,
usable technology into the hands of our
business users,” he added.
The planning and execution efforts
for the readiness of the technology
platform had to be run in tandem
with business alignment and change
management initiative. To this end,
the top management and the core user
group’s involvement had been terrific,
right from the solution design, launch
andsustenance efforts. Withanaverage
70% usage and at least one login per
week and the highest usage being from
regional offices, Loweconnect has been
a success story.
The various services provided are
channelisedintothefollowingdimensions:
Communication: It includes top man-
agement communication, internal
news and communication, industry
and client-specific news of interest, and
a creative library with updates on new
creative work. This includes an aver-
age of 3 messages from the CEO’s desk
per month and over 300industry news
items, 150+TV commercials and print
items in a fewmonths.
Interaction: This includes discussion
forums, blogs, office communicator
chat, polls, surveys, and brain food.
There is an average of 10 blogs/
discussions per monthonvariedtopics.
Transactions: It includes leave
records and links to various key
applications.
Change management: It has helped
us explainthe importance of technology
usage across the organisation. It
has also led to many new ideas and
concepts which is rare in this industry.
In the future, it will give us technical
uniformity across various layers.
The success of an IT initiative is
defined by its business relevance.
Collaboration is the critical aspect
in our line of business. Right from
concept to implementation and
sustenance, Loweconnecthas enjoyed
good business buy-in. It has also paved
the way to introduce more technology-
based initiatives at Lowe. In fact, it is
regarded as a model solution in the
industry andhas already beenincluded
in a Microsoft reference case study at
their global site.
With the proven success and
adaptability of the platform, more
plans to leverage technology have been
unleashed using the MOSS framework.
Knowledge management and business
intelligence are the two key initiatives,
and very importantly, it’s part of the
unified platform effort, so that the
business leverages all key pieces of
data, derives useful information from
it for business intelligence and then
is able to retain the knowledge which
is retrievable.
As Pravin says, IT is no more
‘Ignorance Tolerated’ at Lowe Lintas,
but it’s doing more of what it should be
— supporting the business to deliver
its goals.
Founded in 1939 as a part of
Hindustan Lever, Lowe Lintas
is one of India’s largest and
most storied communication
groups. Headed by Chairman
and Chief Creative Officer R.
Balakrishnan (Balki) and CEO,
Joseph George, Lowe Lintas
employs spread across eight
divisions and nine cities all
over India.
CHALLENGES: Giving people
a robust yet simple to manage
platformto share &collaborate.
The famous myth around feasibility
to merge mercurial creative
talent with a routine and steady
systems environment. Hence
change management is the biggest
challenge.
SOLUTION: Given our usage of
Microsoft platform(Email on
exchange, Office communicator
for chat) it made a good sense to
evaluate MOSS &it’s been a good
solution giving us desired results
BUSINESS BENEFITS: The single
place to collaborate &shared
has unleashed many business
opportunities and most essentially
it has paved the way for all
future initiatives like Knowledge
management &Business
intelligence. The qualitative benefits
far outweigh the operational time &
efforts savings.
COMPANY SNAPSHOT
2 7 MA R C H 2 0 1 1 | ITNEXT
LOWE INDIA | CASE STUDY
A Wake Up
Call!
A manager needs to make
sure that there is enough
scope for partners
TANU KAUR
HR Consultant
3 ESSENTIAL
READS
How to attract a large pool of
management?
Pg 53
Why Risk Based Auditing is
important for business critical
IT system? Pg 39
Loweconnect is regarded
as a model solution in the
advertising industry. Pg 26
B
eing a HR consultant, I’ve been
fortunate enough to observe
the rise and descent of some
organisations. Not so surpris-
ingly, one of the major factors
that define the scope of winning or losing is
the way businesses handle their partners—
both external and internal. While many of
them take utmost care in dealing with their
external customers, they simply lack skills
to meet the expectation of employees—
their growth partners, inside the premises.
And that is where the emotions of deep and
bitter anger and ill-will start to penetrate,
which causes the demise of a project and
lead to a complete failure of a division.
In most of the cases, it is the manager
who is largely responsible for the outcome.
The problem persists when managers are
incapable in leading a team because of
their limited understanding of the way
modern businesses work. And to hide
that discomfort, they tend to chose those
people in their team who are apparently
less capable than them. If someone is more
capable, the manager simply tries to cut
him out of the picture.
People look for better opportunities and
targets that should drive their ambitions;
but beyond a point, they also want to grow
as a person and look for steady growth
and transparency. And if this is absent in
their present organisation, there is no other
option than to walk off.
Appraisals, for instance, is one fine
example to substantiate that claim. I’ve
seen many employees leaving their existing
organisation right after their yearly
appraisals. What does that signify? Are
they greedy and moving to another place
just for the sake of raking in some more
money? Or is it the fault of management,
which has not been able to give proper
appraisals? My experience tells me that
it is more to do with the incapability of
the immediate supervisor and uncertain
business practices being followed by the
company. This could have unforeseen
repercussions like talent poaching by rival
firms, business plans getting leaked, profit-
oriented units turning negative and so on.
And since the immediate managers have
kept their seniors in the dark right from
the beginning, it’s challenging for them to
understand the reasons behind this fallout
and to keep businesses profitable.
In a matter of time, an organisation can
lose many employees, just because of bad
people practices being followed at vari-
ous hierarchy levels. More so, the notori-
ous deeds of a company can be spread out
within minutes to the entire partner com-
munity through social media. Hence, the
modern day manager needs to act like an
entrepreneur who makes sure that there is
enough scope for partners—be at any level
—to grow and flourish.
Act before it’s too late.
I
L
L
U
S
T
R
A
T
I
O
N
:

A
N
I
L

T
My Log.indd 56 3/4/2011 4:57:08 PM

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close