itnext august 2013
DESCRIPTION
ÂTRANSCRIPT
f o r t h e n e x t g e n e r at i o n o f c i o s
August 2013 | `100 | Volume 04 | issue 07 | A 9.9 Media Publicationwww.itnext.com | facebook.com/itnext | @itnext_magazine
Parag Deodharchief risk officer & VP-Pe, Bharti AxA General
insurance co Ltd
Nandkishor DhomneVP-it & cio, Manipal health enterprises,
Manipal Group
Sunil Varkeychief information Security officer,
Wipro technologies
EntErprisE sEcurity chiEfs arEon a mission to sEcurE thE EntErprisE with innovativE
tEchnologiEs and nEw practicEs as dEfEnsE against
growing thrEats and data brEachEs Pg 10
“COBOL on an Integration Spree”interVieW | NitiN DaNg, Country General ManaGer, MiCro FoCus india and saarC | Pg 32
Bosstalk
Take Risk to Innovate
Pg 06
Plus
TransformBusiness,in a Flash
Pg 36
Editorial
1a u g u s t 2 0 1 3 | itnext
Blogs To Watch!
g e e t h a N a N d i k o t k u r
Mission Possible: to Secure
“The challenges that CISOs face are about design architecture that is self-healing and highly resilient to threats and strategy that is tailored to the organisation”
every enterprise or household is always on a mission to secure its assets and maintain a reasonable level of vigilance
against any threat. it is, however, quite natural, sometimes, to ignore certain blind spots; which, unfortunately, prove risky, or even catastrophic, sometimes. Enterprises are reeling under such insecurities with an increase in threats and data breaches, against the backdrop of information becoming the critical component of all businesses and the new currency.
While information security risks were confined more to the chief information security officer’s realm in the past, the trend is changing. Now, it is more to do with the business and the role of CISOs is closely linked to understanding the regulations and the business integrities that it would comply with. With businesses prone to serious risk and increased sophisticated threats that hamper critical data, security officers are compelled to develop their security strategy and security priorities. The challenges that CISOs face are also about designing technology architecture that is self-healing and highly resilient to threats and strategy that is tailored to the organisation to treat the risks appropriately.
The cover feature on Best Practices in Information Security in IT Next’s current edition provides insights into various risks that new emerging technology trends are throwing up. The industry is invaded by new cloud models, virtual tools, BYOD, BYOA trends, which, in parallel, increase the number of risks, as also various types of risks disruptive to business processes. Infosec officers are at the crossroads, working to bring in the best and right tools to defend the growing threat.
The story delves into how they are on a mission to secure their enterprises with the right skills, strategy, resources and technologies, besides ensuring stakeholder buy-in. The key is to let business users have their way in leveraging new technologies in a secure environment.
Information Security Best Practices for the Enterprise Rethinking information security to improve business agility http://www.intel.com/content/www/us/en/enterprise-security/intel-it-enterprise-security-rethinking-information-security-to-improve-business-agility-paper.html
Information Security Best Practices Information Security Best Practices for Your Business http://operationstech.about.com/od/informationtechnology/a/Information-Security-Best-Practices.htm
ITIL V3 and Information Security The role and importance to the business of effective Information Security Management (ISM), how it is supported by an extensive family of global standards and the way these harmonize with ITIL
2 itnext | a u g u s t 2 0 1 3
Contentaugust 2013 V o l u m e 0 4 | I s s u e 0 7
10Page
For the l atest technology uPDates go to itnext.in
cover story13 Access Via Mobile Made Secure Case Study of Manipal Healthcare around its BYOD strategy implementation and security measures taken up as part of the initiative
14 Banking and Insurance--cloud security CISOs from the banking and insurance sector are evolving new risk control mechanisms
17 BYOD’s Security Conundrum CIOs are charged with the task of making mobility work, CISOs are working on solving the BYOD risk puzzle
22 Data Breaches Viz-A-Viz DLP CISOs are turning to tighter controls on email, mobile etc., while effectively using the DLP technology to prevent risks and data breaches
06 Mindlance’s Group cIo, Kamal sharma on the importance of taking risk if one has to innovate
boss talK
32 Micro Focus’s country GM, Nitin Dang on the importance of modernising cobol to enhance productivity and save cost
INtervIew
Facebook:http ://www.facebook.com/home.php#/group.php?gid=195675030582
Twitter :http : //twitter.com/itnext
LinkedInhttp://www.l inkedin .com/groups?gid=2261770&trk=myg_ugrp_ovr
coverDesign: Anil TPhotography: Jiten GandhiWardrobe Stylist: Harsha Thalramani
enterprise security chiefs are adopting new and best
security practices fearlessly and securing the business
environment
F O R T H E N E X T G E N E R AT I O N O F C I O s
August 2013 | `100 | Volume 04 | Issue 07 | A 9.9 Media Publicationwww.itnext.com | facebook.com/itnext | @itnext_magazine
Parag DeodharChief Risk Officer & VP-PE, Bharti AXA General
Insurance Co Ltd
Nandkishor DhomneVP-IT & CIO, Manipal Health Enterprises,
Manipal Group
Sunil VarkeyChief Information Security Officer,
Wipro Technologies
ENTERPRISE SECURITY CHIEFS AREON A MISSION TO SECURE THE ENTERPRISE WITH INNOVATIVE
TECHNOLOGIES AND NEW PRACTICES AS DEFENSE AGAINST
GROWING THREATS AND DATA BREACHES Pg 10
“COBOL on an Integration Spree”INTERVIEW | NITIN DANG, COUNTRY GENERAL MANAGER, MICRO FOCUS INDIA AND SAARC | Pg 32
BossTalk
Take Risk to Innovate
Pg 06
Plus
TransformBusiness,in a Flash
Pg 36
HARDStAnCe
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
3a u g u s t 2 0 1 3 | itnext
15 MINute MaNaGer 45 Flash on a Drive I IBM
endorses that the new flash
storage technology has a durable
and energy efficient spinning
drive which boosts performance
and addresses big data challenges
upDate
08 Nss labs on what the
enterprise security chiefs
should know about NextGen
Firewalls and relying on IP
address and port combinations to
define network applications is no
longer sufficient
cube chat
52 Think Clean, Be Simple|
Vishal Kumar Bisht of Marksman
advocates all to carry the passion
to learn and nurture the passion
INsIGht
40 Myths about Enterprise
Application Orchestration |
CA’s Senior Architect, Sudhakar
Anivella on how to design an
enterprise application solution on
the lines of a well orchestrated
music
opeN Debate
55 Key Ingredients in
planning a cloud bI &
analyticsI Indutry experts
debate on key requirements
and pre-requisites of a well
carved out cloud based bI
and analytics model for
enterprises
52Page
Transform Business, ina flash| Hitachi vouches that flash storage technology will boost peformance, reduce TCO by up to 30 per cent, and help customers achieve business transformation
reGularsEditorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01
Letters _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04
Update _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 08
My Log _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 56
PLeASe recycLe
THIS mAGAzIne
AnD remove InSerTS beFore
recycLInG
advertiser index
Panasonic iFC
emerson 5
e-scan 7
Gartner 16-a
Bry air asia 27
delta 31
Lenovo iBC
vodafone BC
itnext.in
© ALL rIGHTS reServeD: reProDucTIon In WHoLe or In PArT WITHouT WrITTen PermISSIon From nIne DoT nIne meDIAWorx Pv T LTD IS ProHIbITeD.
MaNaGeMeNtManaging Director: Dr Pramath raj Sinhaprinter & publisher: vikas Gupta
eDItorIalGroup editor: r Giridhareditor: Geetha nandikotkur
DesIGNsr. creative Director: Jayan K narayanansr. art Director: Anil vKassociate art Directors: Atul Deshmukh & Anil Tsr. visualisers: manav Sachdev & Shokeen Saifivisualiser: nv baijusr. Designers: raj Kishore verma Shigil narayanan & Haridas balanDesigners: charu DwivediPeterson PJ & Pradeep G nair
MarcoMDesigner: rahul babu
stuDIochief photographer: Subhojit Paulsr. photographer: Jiten Gandhi
sales & MarKetINGbrand Manager: Siddhant raizada (09873555231)senior vice president: Krishna Kumar (09810206034)National Manager -print , online & events: Sachin mhashilkar (09920348755)south: Satish K Kutty (09845207810)North: Deepak Sharma (09811791110)west: Samiksha Ghadigaonkar (+91 9833608089)assistant brand Manager: varun Kumra ad co-ordination/scheduling: Kishan Singh
proDuctIoN & loGIstIcssr. GM. operations: Shivshankar m HiremathManager operations: rakesh upadhyay asst. Manager - logistics: vijay menon executive logistics: nilesh Shiravadekar production executive: vilas mhatre logistics: mP Singh & mohd. Ansari
oFFIce aDDressNine Dot Nine Mediaworx pvt ltdA-262 Defence Colony, New Delhi-110024, India
Certain content in this publication is copyright Ziff Davis Enterprise Inc, and has been reprinted under license. eWEEK, Baseline and CIO Insight are registered trademarks of Ziff Davis Enterprise Holdings, Inc.
Published, Printed and Owned by Nine Dot Nine Mediaworx Private Ltd. Published and printed on their behalf by Vikas Gupta. Published at A-262 Defence Colony, New Delhi-110024, India. Printed at Tara Art Printers Pvt ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301.Editor: Geetha Nandikotkur
36Page
INBoX
4 itnext | a u g u s t 2 0 1 3
An honour to see my article printed Dear Editor, I realised that you have formally published the article that you and I had worked on. I can’t tell you how humbled and appreciative I am of this; thank you so very much. I’m sincerely hon-oured to be part of the IT Next legacy, but I’m also so very sorry that we lost contact. Nonetheless, I’m sincerely pleased to know that you decided to publish what I had put together. I very much like what you printed.
It’s not a “huge” issue, but since I have now been re-employed, I’m wondering whether it’s conceivable/possible to update the credits of the article along the lines of my new position – “Craig A. Tinsley – Sr. IT Service Delivery / Operations Manager, Valeant Pharmaceuticals”. .. or maybe even “Craig A. Tinsley – Sr. IT Service Delivery / Operations Manager, Valeant Pharmaceuticals – formally, Sr. Global IT Operations Manager, Motorola” (or something along those lines). It’s not a big deal if you can’t, but since I have been working for Valeant for the last four weeks, I hope that the credits can be modified a bit. I understand that “IT Next” is an India-based publication, you are strictly an internet publisher OR do you also do hard-print (that is, actual magazine print) as well?
It is an honour to see my article printed in IT Next, and I’d gladly provide write-ups in future issues.
Thanks again, Geetha, and it has been a pleasure working with you.
Craig a. tinsleysr. it service Delivery / Operations Man-ager – Valeant Pharmaceuticals
Reasons to Stay in IT While it is true that we work hard for our money, IT professionals are well com-pensated for that hard work. IT pro-fessionals have a much better chance of finding and keeping a job. IT typi-cally attracts analytical thinkers.
tirtHaDeeP KunDuManaging Consultant
(Note: Letters have been edited minimally, for brevity and clarity)
juLy 2013
www.linkedin.com/groups?gid=
2261770&trk=myg_ugrp_ovr
300 members
BYOD movement can be a security challengeBig data adds a new level of complexity to the IT department’s security challenge.I can understand that IT folks are against the BYOD trend. However, I don’t think they can do anything to stop it. It’s already happening, whether officially sanctioned or not. So the question now is--how to deal with it?
Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches(such as, how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping the organisation’s applications and data separate from the employee’s personal device. Since AccessNow doesn’t require any software installation on the end user device--just an HTML5 browser, network connection, URL address and login details, and IT staff end up with less support hassles. Open the HTML5-compatible browser and connect to the URL given. gunjan sHarMa aVP-it, jabong.com
it neXt Values yOur feeDbaCK
We want to know what you think about the magazine, and how we can make it a
better read. your comments will go a long way in making IT NEXT the preferred
publication for the community. send your comments, compliments, complaints
or questions about the magazine to [email protected].
Key skills that next generation CIOs should possess to move to a strategic roleBY N GEETHA
Get, Set, Strategise
The year 2015 will supposedly see many laurels, with people scaling up to new roles and responsibilities. The next generation CIOs are not an exception–they are set to tread the path of triumph. They seem to be all geared up to experience the change, given the backdrop of the IT management landscape going through a complete overhaul. It is obvious that businesses succeed when IT triumphs.
Therefore, to get the future CIOs there, it is imperative that they develop key skills that would help them move from a support role to a strategic role: that of a CIO.
Time to PivotIT Next has initiated a cover feature to get deeper insights into the vari-ous skills that next generation CIOs need to acquire or possess to enable them to scale up to this function. While a whole catalog of skills has been
Inside Pages
18-19 | Mapping IT capabilities
20-21 | Vendor Management capabilities
22-23 | Interview with ISACA
24-26 | IT Governance
1 5J U LY 2 0 1 3 | ITNEXT
NEXTGEN CIO 2015 | COVER STORY
IMAGING BY SHIGIL N PHOTO IMAGING BY ANIL T DESIGN BY RAJ VERMA
IT NEXT ThAnkS ITS ReAdeRSfor the warm
respoNse
http://www.itnext.in/resources/
magazine
ReAd this issue onlIne
itnext<space> <your feedback>
and send it to
567678*special rates apply
Get, Set,StrateGize
Key Skills that the next generation CIOs should possess to move to
a strategic role Pg 14
3 Sutras of LeadershipDevdutt Pattanaik,Chief Belief Officer,
Future Group Pg 08
‘Public Cloud-the Fusion Advantage”INTERVIEW | Bulent Cinarkaya, VP-ProduCt ManageMent, PuBliC Cloud, oraCle CorP | Pg 34
TPL 2013India’s biggestinter-corporateIT team challenge Pg 43
PLUS
BOSS TALK
F O r T h e n e x T g E N E R aT I o N O F C I O s
July 2013 | `100 | Volume 04 | Issue 06 | A 9.9 Media Publicationwww.itnext.com | facebook.com/itnext9.9 | @itnext_magazine
Boss talk | Kamal Sharma
6 itnext | a u g u s t 2 0 1 3
“Leadership and innovation are key ingredients to any growth. This is especially true for senior IT managers who are on their way up the career ladder”
Future CIOs need to shed their tradi-tional mindset, get more futuristic and start thinking big. Adorning a leadership role is not about age or experience. It is about attitude, and
belief in oneself.
Be FarsightedBeing farsighted is always a huge plus. So, future CIOs should go beyond mere carrying out orders. In other words, they should not stop at saying, “My bosses want me to do more with less, or always want me to reduce costs; hence, I need to look at this tech-nology.” It is not bosses who always need to make demands; in fact, it’s future CIOs who must under-stand that they need to work out effective ways of leveraging new technologies, think of the bigger pic-ture and align the technological strategy accordingly. Being farsighted also enables them to drive better innovation and evolve the best project management strategy for the enterprise.
Understand your tasksThis is easier said than done. It would not be an exag-geration to say that it is a tough job for future CIOs to think big and take tall decisions. But these challenges can be addressed if they understand their tasks and responsibilities well. It revolves around their ability to understand the nuances of the business and add value. As a priority, one must design the policy and be proactive so as to build governance around it; this helps in guarding it better and enabling non-IT func-tions to leverage it effectively.
Leadership PipelineWhile it is important that future CIOs need to be proactive to understand the business, it is equally important to create a leadership pipeline for any enterprise: in particular, that of the CIO. I find the best companies struggling to transition leadership from one generation to another. It is because, in most cases, senior IT folks are not empowered to take decisions as to what would be the best for the business in a given situation.
Take Risk to Innovate
L e a d e R s h I P M a n a g e M e n T
InnovationIt has always been said that innovation forms the major part of any growth story, whether organ-isational or individual growth. Every future CIO should possess the zeal and mandate to do something differently. It has also been said that risk and innovation go hand in hand. To give an analogy, let’s say there are multiple projects and new technologies emerging. Future CIOs needs to have a gut feel of what works and what doesn’t. Sometimes, their decisions may go wrong. But out of 10 projects, at least 7or 8 will be successful, which can happen only if a certain amount of risk is taken. It is not just about financial risk, but also about personal credibility and confidence com-bined with thorough market research. Innova-tion could revolve around how to strike a balance between the activity and acquiring new business skills among various others. What they need to look at is how to carry passion and integrity and nurture them to groom themselves into the CIOs of the future.
Kamal sharma, group CIO, Mindlance
how one can apply Chanakya’s ancient wisdom to bring about changes in today’s corporate environment and management styles.
suggestIOn BOX
Writer: radhakrishnan PillaiPublisher: Jaico Publishing house (2010)Price: inr 280.00
8 itnext | a u g u s t 2 0 1 3
trendsdealsproductsservicespeopleUpdate
I n d u s t r y
tECH tRENDs | Over the past decade business processes and the security landscape have changed considerably as the Web 2.0 trend pushes criti-cal applications through firewall ports that were previously reserved for a single function, such as HTTP. According to NSS Labs’ Research, Inde-pendent Security Research firm, the security administrator is powerless to stop this without crippling essential business processes. This means that relying on IP address and port combinations to define network appli-cations is no longer sufficient. Firewall Functional Capabilities. Firewalls need to be capable of performing deep packet inspection of all packets, on
Things to know about Next GenFirewalls?
all ports, and over all protocols in order to determine which applica-tions are running on the network. NSS Labs’ research also indicates that over the past 18 months, the sophistication and strategic capa-bilities of cybercriminals has out-stripped the pace of advancement within information security prod-ucts. To meet these challenges, firewalls need to evolve into “next-generation”firewalls (NGFW). These will combine legacy firewall capabilities with IPS and incor-porate advanced application and user ID awareness to enable the creation of granular security poli-cies capable of operating in a Web 2.0 world. What the IT Heads need to know?
• Web 2.0 and consumerization make it impossible to implement effective, granular security poli-cies using traditional firewall
• The firewall market is mature, populated with established ven-dors and provides limited scope for true innovation.
• Cost and capabilities, together with ability to integrate with the established security and network infrastructure, become the drivers for traditional firewall product selection by enterprises.
• Enterprise customers are increasingly willing to consider deployment of a consolidated security devices incorporating firewall and IPS capabilities.
• Most enterprises are not fully aware of the range of applications running on desktops within their network, and are therefore unable to tune the IPS module of a NGFW.
• Enterprise customers are unwilling to increase the complexity of their firewall policy in order to accommodate NGFW functionality.
Relying on IP address and
port combina-tions to define
network applications
is no longer sufficient
Source: IBM
the Cloud Enablement Framework is used to help organizations objectively assess their cloud analytics capabilities. Depicted are examples of how a marketing organization could rank itself based on the three attributes of customer collaboration (yellow), analytics service adoption (green) and cloud service adoption (pink).
Using cloud analytics to drive competitive advantage in a marketing organization.CLOUD
9a u g u s t 2 0 1 3 | itnext
GaLaxy S4 Mini It is now available for
pre-order in India via the
company’s e-store. the
smartphone features a 4.3-
inch HD display with 960 x
540 pixel resolution. smartphone availability
is July 18. the s4 Mini is priced at ` 27,990
BLaCkBerry® 10 SMartphOne
the BlackBerry Q5 smart-
phone features a QWERtY
keyboard in a stunning, youthful design
that is confident and makes it easy for
customers to have fun, create, share and
stay connected. Price: ` 24, 990
tECH tRENDs | Ramco Systems, an enterprise software product com-pany focused on delivering ERP on Cloud, Tablets and Smart phones announced the global launch of its comprehensive HR & Talent Man-agement solution, Ramco HCM on Cloud (Human Capital Manage-ment). The launch also marked the unveiling of Ramco’s In-memory engine, Minnal which dramati-cally improves processing speed by up to 100 times. Virender Aggarwal, CEO, Ramco Systems, said, “The enterprise cloud market is growing rapidly with adoption across organizations of all sizes. Our investments in technology and our focus towards bringing Mobility, Gen-Y User interface, role-based WorkSpaces and
Ramco’s HCM on Cloud Goes GLobal
solution on Cloud. Our ability to offer a multi-country payroll that is flexible enough to integrate with any standard ERP has been a key differentiator in the global market. In order to capture the booming HR software market, we are also part-nering with large ITeS players to offer our HR Platform as a Service.”
raMCO hCM On CLOUDRamco HCM on Cloud is a com-prehensive solution that covers every aspect of an employee life-cycle: Workforce Management, Recruitment, Talent Manage-ment, Employee Development, Workforce Planning and Payroll & Benefits.
Ramco also unveiled Minnal, a flexible, light weight, In-memory Engine which can be used for any Planning, Scheduling, Optimization and batch processing (APO) activity.
Unveils its power-packed, In-memory engine—Min-nal
Security of mobile BYOD, enables cloud-based central management of corporate apps and data on personal devices. Kaseya, a leading provider of IT service management software, announced that it has completed the purchase of Rover Apps, LLC, a provider of innovative cloud solutions that enable users to securely work with enterprise resources using their personal devices without giving up complete control of the device to the enterprise. Terms of the acquisition are undisclosed.
Around The World
Kaseya acquires rover apps
JOhn DOnahOe, ceo at eBay
“Effective leadership is how fast a leader must learn to stay at peak performance. Most successful leaders never stop learning. They are voracious learners who try to find ways to improve”
In-memory engine into a Cloud-based offering has helped us carve a niche position, globally. After taking ERP and Aviation solutions on Cloud, we are now taking our comprehensive HR
quIck ByTe
Lava e-taB 7ZC+ vOiCe-CaLLinG 3G taBLet It has a 7-inch ca-
pacitative touchscreen
display with an 800×480 pixel resolu-
tion. Powered by a 1gHz snapdragon
processor and usB. Price: ` 8,499
Nandkishor Dhomne Vishal Salvi Parag Deodhar
Amit Pradhan Sunil Varkey Amit Kaul
Satish Das Dr K Harsha Upasna Saluja
InsIde 13 | Access via Mobile Made Secure14 | Banking & Insurance-Secure on Cloud17 | BYOD’s Security Conundrum 22 | Data Breaches viz-a-viz DLP25 | Assess Security Risks in a Scientific way28 | QR Code, newest way to leak information
cover story | Best security techniques
enterprIse securIty chIefs are on a mIssIon to secure the enterprIse adoptIng
best securIty practIces as defense agaInst growIng threats
by n geetha Design by raj verma iMAging by anil t
ata breaches can be an expensive proposition for any organisation. Worse still, industry players echo the fact that organisations in India are not confident about detecting and preventing security threats, which result in huge data breaches. The testimony to this fact is Sony paying a fine of £250K for its 2011 PSN data breach, when its network was hit by an attack that forced PSN offline for an extended period of time. UK’s Information Commissioner’s Office (ICO) levied a
hefty fine against Sony for what it called ‘a serious breach’ of the UK’s Data Protection Act. Against this backdrop, every enterprise information security chief has to evolve a defense mechanism against detecting and preventing security threats and data breaches. The reasons to secure get even more compelling as new emerging trends such as cloud computing, BYOD (bring your own device), BYOA (bring your own application), Mobile Applications, QR codes, etc., contribute to the security risks, now increasing in geometrical progression. One of the reasons for a lackadaisical approach towards information security may be that corporate security consumes a huge chunk of time, money, complexity and human resources. Thus, there is little awareness among the business functions and users at large about the adverse implications of data breach or data leakage on the entire organisation.
1 1A u g u s t 2 0 1 3 | Itnext
amit Pradhanchief information security Officer
cipla Ltd
“I believe the major challenge a cIso faces today is managing the
cost for security on personal devices used in the byod culture”
While security chiefs make concerted efforts to create the awareness necessary within their organisations, a huge gap still exists between how business per-ceives threats and how security teams advocate best practices. However, what’s heartening is that information security chiefs are putting their best foot forward to stay on top with a multi-lay-ered, multi-tiered approach but with variations.
But there are concerns as elucidated by Ravi Chauhan, Managing Director, Juniper Networks, especially about how much the existing tools, which could address the new sophisticated risks, are safe. He says, “CISOs need to periodically evaluate and assess the age of firewalls which are largely static and rope in dynamic tools, as it is found that 60 per cent of the current IP related security tools are not fit to prevent new threats.” Chauhan is also apprehensive about the efficacy of the emerging network security technologies in minimising attacks that aim to bring down web applications or curtail gratuitous Internet traffic. Security Best Practices: Need of the Hour
IT Next embarked on a cover feature on providing insights into the best security practices and innovative technologies that enterprise information security chiefs are adopting as a defense against growing threats and data breaches.
Against the growing risks that are driven by the new trends of enterprise mobility, cloud, QR codes etc., CISOs are fearlessly deploying new tools and technologies. Besides identifying risks, educating business groups and users, they are re-designing the security framework and overhauling the entire security thought process.
Whether it is to do with the cloud trends that banking and insurance are adopting and making the best efforts
the best solutions or technologies and strategies that enterprise chiefs should adhere to.
For instance Ravi Chauhan says, “Companies remain focused on the inside-out threat. However, the rise of external attacks suggests that security technology investments need to be more comprehensive and holistic.”
The concern that Amit Pradhan, Chief Information Security Officer, Cipla Ltd., observes is that of increasing cost. “I believe the major challenge a CISO faces today is managing the cost for managing security on personal devices used in the BYOD culture.”
“With a variety of operating systems like Android, iOS, Blackberry, Windows, etc., a significant investment goes into buying a security solutions to control corporate data on these devices. Additionally, with uncertainty of when and how these devices connect to the corporate network, a CISO faces the challenge of ensuring that these are patched properly and reviewed,” adds Pradhan.
Vic Mankotia, VP, Solution Strategy, Asia Pacific and Japan, CA Technologies, advocates that CISOs need to tackle risks and adopt cloud. Mankotia points out, “There is a still a lot of control the CISOs traditionally feel exists with On Premise Security; and they are right about it. However, as DMZ (demilitarized zone) is now the identity, it has forced them to maintain this control with On Premise computing. But they will sooner than later see new business needs, cost benefits and uptake that will then allow them to be more accepting of the cloud computing platform.” Mankotia says the risks are inherent, and that it’s a fine balance between privacy and effective IT. “Sometimes, devices are needed. The needs are different; and the biggest risk is that the data may be contaminated. Personal Networks (social or online)
ravi ChauhanMD-india, Juniper networks
“rise of external attacks suggests that security technology
investments need to be more comprehensive
and holistic”
possible to secure the cloud environment with stringent access controls, or with moving peripheral applications to the cloud, or even with working on key cloud models as a tactical solution, or whether it is BYOD that is being encouraged within the company, security chiefs are all geared up.
CISOs from various industry verticals, security vendors and experts provide views on the risks that should be tackled and
can have data bleed from one to another. Polices are weak, administration is at times too harsh and privacy is sacrificed,” remarks Mankotia.
Mankotia says reactive security is a big market for providers of protection systems. It was considered a luxury, but is now a need, a want. The security of NO has to become the Security of KNOW. P
hO
tO
iM
AG
in
G B
y s
hi
Gi
L n
Ar
Ay
An
An
& P
et
er
sO
n P
J
1 2 Itnext | A u g u s t 2 0 1 3
manipal healthcare has enabled doctors in Outpatient areas to provide patient prescription and diagnosis using
the mobile device as part of its byOD
Access viA Mobile MAde secure
a ni p a l He a l t h E nt e r p r i s e s Ltd. provides medical services and tech-nologies across various ailments.
The Indian healthcare industry has seen an increasing number of professionals using mobile devices for work purposes,
whether they use tablets to look up patient records or access personal applications. Interestingly, “Bring Your Own Device (BYOD)” has flourished in the industry and is an area with promising growth.
Nandkishor Dhomne, VP-IT & CIO, Manipal Health Enterprises, Manipal Group, has estimated that in the next two years, the hospital will have 200+ users on mobile devices, tablets and smartphones accessing critical information and data. “This is the first BYOD wave in our organisation and as a first step, we will allow access to doctors in Outpatient (OP) area so that they can deal with patient prescription and diagnosis using mobiles,” says Dhomne.
The security team is testing various applications and will take a suitable decision on the mobile application very shortly. As a second step, under the implementation strategy, Dhomne plans to focus on the Inpatient (IP) area in which the doctors will be provided access to source patient data in the ward/bedside through mobile and carry out basic tasks like ordering, vitals monitoring, viewing of the investigation reports, etc. “We have prepared a multi-pronged strategy to allow mobile devices under certain terms with stringent security policies; initially, we will allow iOS and android devices; and later, we will open it up for other OS as well,” says Dhomne.
critical applications sourced via mobile “We have enabled our staff to
source emails, Internet, SAP applications, Hospital Information System (HIS) applications, Teleradiology and HRIS,” says Dhomne.
pay backsAlso, “After deploying necessary security solutions, I could observe a safe and secure access to the enterprise informa-tion using mobile devices. We ensured Anytime Anywhere access to business applications for authorised users, with data accessibility on real time basis, reducing Turn Around Time (TAT) for various business processes. This results in better customer satisfaction and improved efficiency as well as improved compliance reporting with respect to Informa-tion Technology clauses of NABH,” he concludes.
security measures Dhomne and his team initiated using Fortinet solution across var-ious access points as part of securing the environment. “As the end point solutions, we have used Symantec and Ironport solutions,” he adds. To secure the environment these have been initiated:
1. Network Segmentation--Instituting separate logical segments of the WiFi so as to segregate the traffic.2. Integrated Identity based access control--Fortinet Solution has been integrated with Active Directory so as to allow the same credentials like user name and password for getting access into the network. Malware and Advance Threat Protection features have been enabled for internet facing traffic on a real time basis. Web content filtering is enabled to ensure safe and secure browsing using enterprise network.
enhancing producitivity“Using Fortinet’s Security Solution, we were able to define security framework and polices for the entire organisation .
Cae Study
nandkishor Dhomne VP-it & ciO, Manipal health
enterprises, Manipal Group
1 3A u g u s t 2 0 1 3 | Itnext
anks and insurance companies are in a situation today where their organisations just cannot do without having a cloud model. Cloud technology potentially offers insurers and bankers an efficient way to undertake the huge amount of actuarial and risk modeling calculations and trans-actions that need to be performed. Gone are the days when the CISO (Chief Informaion Security Offi-
cer) and his team would speak about which firewall to install, or which anti-virus to use. Today, it is about understanding the threat landscape in a holistic fashion and finding ways to lever-age technologies to mitigate risks.
Despite hindrance from the regulatory and compliance framework in terms of increasing security threats and increasing expectations from users and the management, there is a huge pressure on CISOs and IT Heads to deploy the cloud computing model. The cloud trend is paving the way for increased risks and threats, which puts even more pressure on CISOs to have appropriate tools and best practices to counter these risks.
potential cloud risks Being part of the insurance company, Parag Deodhar, Chief Risk Officer, Bharati Axa General Insurance Company Ltd, finds risks associated with data storage is hard to find as regulatory risks, data leakage with multiple users are involved in transac-tion data.
The risks will pave the way to challenges for CISOs, as Jagdish Mahapatra, MD, India & SAARC, McAfee observes, “CISOs have challenges with managing the risk of placing IT assets under the management of third party providers and data protection in the cloud environment. Customers question whether their end user
data will be shared or leaked in any way, breaching privacy laws, and implementing appropriate controls for cloud adoption.”
Amit Saha, Enterprise Security & Risk Management Services, Cloud, Infosys, says different cloud models provide organisations with varying degrees of security threats: for example, concerns around co-location of data with other cloud tenants, virtualisation breaches, inability to enforce enterprise security controls, lack of security controls visibility, difficulty in securing applications / interfaces, etc.
Vishal Salvi, Chief Information Security Officer, HDFC Bank, is apprehensive about moving the core applications to cloud, owing to the perceived risks of data leakage and data breaches which would affect critical information. “Most often, cloud adoption is a tactical approach which is adopted by the banks even if it is a public cloud,” says Salvi. The key aspects for CISOs of the banking and financial segment to adhere to in a cloud model are: to customise the application as per cloud capabilities, have strong applications even though end point vulnerabilities exist, ensure frequent reference of logs, and notification alerts for configurations.
Vic Mankotia, Vice President, Solution Strategy, Asia Pacific and Japan, CA Technologies, points out that cloud computing brings new models to business; however, issues like keeping data resident to the confines of a national border, referred to as Data Sovereignty, is an issue, when you talk security to banks, telecommunications and the public sector.
The risks that Vishak Raman, Sr. Regional Director, India & SAARC, Fortinet, anticipates through cloud for the banking and insurance sectors are:
Data access and control: Whenever data moves outside the walls of the organisation, concerns over the privacy and security of the data arises. While many cloud providers have extensive security measures deployed in their data centres, it is important to fully vet their data security practices to ensure they are best of breed.
Pressure on adopting the cloud model is high on CiSOs from the banking and insurance sector,
who are evolving risk control mechanisms
bAnking & insurAnce secure on cloud
Cloud trendS
1 4 Itnext | A u g u s t 2 0 1 3
Vendor lock-in: To reduce this risk, administrators should investigate the process for extracting data from the cloud service provider and structure their data in a way so as to expedite a future transition to another provider if necessary.
Regulatory compliance: Some compliance bodies have not updated their standards with provisions for cloud-based data. This does not necessarily prevent an organisation from moving data and applications to the cloud, but you must investigate whether a cloud provider’s infrastructure, processes, data access and storage policies meet your organisation’s compliance requirements.
Insuring and banking on best technologies and security practices Vishal Salvi says, “We cannot do without cloud; we have used infrastructure as a solution, and services cloud as a tactical strategy.” “However, as a best practice, we need to get more strategic with regard to information security and as a new measure, a new maturity security model has to be evolved periodically,” adds Salvi. Further, “From a banking security model, we work on a convenience model to be put in place and map stakeholders’ deliverables in certain areas
which will help in devising appropriate strategy.”Salvi argues that it is important to have the fundamentals
right and see if the conventional strategy works effectively. “I think it is imperative for security teams to strategise
on aligning their work structure in terms of designing the framework, measuring incident management, enforcement laws, managing key risk indications and nurturing these controls, which can ensure a better security environment,” remarks Salvi.
Some technologies that Salvi recommends are Net forensic security analysis, data base access management solutions, and monitoring tools to indentify rogue applications.
Bharati’s Deodhar says, “We are evaluating which applications are to be put on cloud and have plans to move learning management systems and peripheral applications on cloud. At this point of time, we are thoroughly evaluating our risk assessment controls mechanism to ensure a secure environment,” says Deodhar.
Deodhar also has plans to place additional security controls at the service provider’s infrastructure and allow little access to critical data.
As a best practice, Deodhar finds that besides using
“we are evaluating which applications are to be put on cloud and have plans to move learning management systems and peripheral applications on cloud” Parag Deodhar chief risk Officer, Vice President - Process excellence & Program Mgmt with Bharti AXA General insurance co Ltd
Ph
Ot
OG
rA
Ph
By
Ji
te
n G
An
Dh
i
Best security techniques | cover story
1 5A u g u s t 2 0 1 3 | Itnext
dual factor authentication tools such as Identity access management solutions, Encryption, DL,P etc., it is critical to buy in stakeholders and education users as part of risk governance to adhere to security policies, and inform the risk team about their requests to download new applications.
As a best practice, Fortinet’s Raman says opting for the right cloud model is critical.
“Factors to consider before adoption are business criticality of the applications the firm wants to move to the cloud, regulatory issues, necessary service levels, usage patterns for the workloads and how integrated the application must be with other enterprise functions,” says Raman.
Further, while integrating cloud security into your corporate security policy, do not count the security of your cloud based service provider and do not assume that your data is automatically secure just because you use a service provider.
You need to do a comprehensive review of the provider’s security technology and processes, and check how they secure your data and their infrastructure.
Do not assume that you are no longer responsible for securing data; and never assume that outsourcing your applications or systems means you can abdicate responsibility for data breach. Some SMBs have this misconception, but you must understand that your company is still ultimately accountable to customers and other stakeholders for the sanctity of your data. Simply put, it’s your CEO who risks going to jail, not the cloud provider’s.
Jyoti Prakash, country sales manager, India and SAARC, Symantec, recommends:
z High-level information security policies that explain the intentions around protecting data based on its content
z Granular procedures and standards on how to implement those policies in specific areas; specifically, a data classification and handling standard.
z Processes for reviewing and proving the effectiveness of those implementations, as well as for notifying the business of breaches
z Other considerations that need to be addressed by organisations before deciding a cloud vendor include:
z Security and privacy: Customers should ensure proper systems are in place for data protection, vulnerability management, identity management, physical and personnel security, availability, application security, incident response and privacy.
z Compliance: Organisations should ensure that business continuity and disaster recovery plans are in place before deciding on a cloud vendor.
z Legal and contractual issues: Recourse in case of failure to meet SLAs, management of intellectual property as well as end of service support should be in place before deciding on a cloud vendor.
By ensuring compliance to the above considerations, businesses can be certain of their data being protected on the cloud.
“most often, cloud adoption is a tactical
approach which is adopted by the banks
even if it is a public cloud and as a best
practice, we need to get more strategic with
regard to infosec and as a new measure, a
new maturity security model has to be
evolved”vishal Salvi
chief information security Officer, hDFc Bank
cover story | Best security techniques
1 6 Itnext | A u g u s t 2 0 1 3
o longer is it about IT dictating the policies and prescriptions of the user and enabling them to use technology. Now, it is the users who drive any trend related to IT, with IT heads hav-ing to amend their policies based on user dictate. BYOD (bring your own device) is clearly an indication of this
trend, as individuals are focused on driving innovation rather than enterprises.
Shantanu Ghosh, VP & MD, India Product Operations, Symantec, reiterates that for big businesses, this change can be hard to deal with – from using standard-issue laptops, smartphones and operating-systems often dictated by the preferences of the IT department, today’s employees are demanding that they be allowed to use devices of their choice. But if you’ve ever tried to transfer data between devices that use different OSes, you can imagine the scale that enterprise IT is dealing with, with thousands of devices on multiple formats and platforms entering the network every day.
In fact, according to Symantec’s most recent State of Mobility Survey, 72 per cent of Indian businesses have faced mobility incidents in the past 12 months, causing revenue loss of 37 per cent, which illustrates the increasing threats. While six out of 10 Indian organisations consider themselves “innovators” in the area of mobility, organisations faced 50 malware infections, 31 breaches through lost/stolen devices and 34 exposures of information over the past year. In fact, 86 per cent had to change policies as a result of mobility incidents, with 1 in 4 banning personal data on corporate devices and 4 in 10 restricting mobile device usages through HR enforcement. Against this backdrop, CISOs are embarking on the new task of tackling this trend by way of understanding the risks, bringing in appropriate policies and tools and best practices to ensure that the trend is leveraged positively.
While CiOs are charged with the task of making mobility work, CiSOs are working out a strategic plan
to solve the byOD risk puzzle using best practices
byod’s securityconundruM
Ashish Thapar, Head-Global Consulting & Integration Services, Verizon Solutions, advocates that CISOs have a very clear policy to identify the device as baseline security gets critical.
rendezvous with risks in byodVP & Chief Information Security Officer, Cognizant, Satish Das sees the risk of non-compliance to organisational and cli-ent security requirements, increase in vulnerabilities and data leakage and privacy concerns.
According to Jagdish Mahapatra, MD, India & SAARC, McAfee, BYOD is rooted in the fact that the mobility of these devices introduces security management issues around access control, data protection and compliance. Additionally, employee-owned devices used for work introduces added IT complexity as it isn’t always clear who owns the device, and furthermore, who owns what data on the device. “With the introduction of these new, unsecured and possibly non-compliant devices easily coming in and leaving with business sensitive information, a security and compliance hole is forcing a re-think of how best to secure the organisation and its business data,” says Mahapatra.
Mahapatra argues CISOs need to look at the BYOD policy from different angles such as Data Loss Prevention, Authentication system, internal intrusion prevention systems, internal firewalls, securing Wi-Fi, DC, Network Admission control etc. On top of all this, the internal IT policy should be detailed and fool-proof to drive the initiative and guide effectively and prevent failure of specific tools. However, the key risks that Sunil Varkey, Chief Information Security Officer, Wipro Technologies, finds, is security governance around Data Loss and Data Leakage along with software licensing compliance, segregation of data etc..
“Intended or ignorant leakage of corporate sensitive data from BYOD device remains the key challenge for any CISO,” says Varkey.
It is also observed that security risks also vary with each enterprise’s focus area. For instance, Amit Pradhan, Chief
Byod trendS
1 7A u g u s t 2 0 1 3 | Itnext
Information Security Officer, Cipla Ltd, finds three key risks associated with the BYOD trend. a. Data transfer from corporate environment to personal
environmentb. Data loss with employees leaving the organisationc. Unauthorised access to corporate data by unauthorised user
of the user device (friend, colleague, etc.)The accompanying challenges are, as Pradhan observes: “I believe the major challenge a CISO faces today is managing the cost for managing security on personal devices used in the BYOD culture.
With a variety of operating systems like Android, iOS, Blackberry, Windows, etc., significant investment goes into buying a security solutions to control corporate data on these devices. Additionally, with uncertainty of when these devices connect to the corporate network, a CISO faces the challenges of ensuring that these are patched properly and reviewed,” he adds.
“A challenging but important task for companies who utilise BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees,” says Govind Rammurthy, MD & CEO, eScan.
Bring your own device (BYOD) to work may make employees happy but it often translates into the IT department handling the headache of safeguarding sensitive data, supporting multiple devices and making things click together. Personal devices such as the Tablet, Smartphone, laptop, etc. are generally harder to secure than organisation-issued devices, as using these devices can put the organisation’s information and systems at a high risk of compromise. In most organisations, BYOD cannot be used as it is not secured easily and effectively.
Also, as mobile devices undergo rapid transformation and new devices flood the market at regular intervals, CIOs will have to keep pace with changes in devices and their adoption, constantly changing and managing the permitted list of devices and security policies around them to better answer BYOD. In many enterprises today, mobile devices have become the weakest link in the security strategy.
need to counter: what are the best tools and practices? As the security landscape gets more complex than ever before, CIOs need to leverage sufficient security solutions to safeguard the information at each and every level.
Atul Khatavkar, VP, IT Governance, Risk and Compliance, AGC Networks, strongly recommends best practices around enterprise Policy/Guidelines/Handbooks that clearly address BYOD issues raised above--End Point Security Tools, Data privacy management tool and BYOD management tools.
Khatavkar further points out that the stronger adoption of BYOD is now leading towards BYOD for social networking on the go. Therefore, it is important to set clear guidelines on defamation, data protection and privacy. Additionally, encouraging direct forms of communication will help in restricting access to data
Mobile APP riskmobile app CiSO Challenges
Consumers are shifting to smartphones, tablets and other
devices powered by various Mobile Operating systems, such
as Android, Apple iOs, Windows, etc.
Among all the other mobile app stores, the Android market
has been targeted with several incidents of malicious or
trojanised apps.
because of Android’s open nature policy and lax regula-
tions for app developers, it is easier for potential attackers
to upload and distribute malware disguised as apps via the
Android Market. Moreover, third-party app stores expose
potential risks to users. games and third-party smartphone
utilities are popular.
best Security tools
z Maximise the security features installed on the mobile de-
vices, highlight the risks and educate end users on how to
mitigate them. use Mobile security Apps, such as McAfee
MDM app or trend-Micro.
z Mobile security should be installed to prevent unauthor-
ised hijacks through malware.
z Control internet access on the mobile using cloud solu-
tions like Websense, Zscalar.
in addition to the above, discipline has to be self-imposed
if one is a part of a corporate network.
best Practices
z treat your mobile device like your PC
z think before you download the app on your mobile device
z scrutinise and prepare a list of apps that are authorised
for installation on the device, free from malware
z Control updates to the installed apps
z Recommend regular audits on the same and also be
aware of the risks and constantly plan for mitigation
methodologies.
z Preferably create a test lab, build volunteers inside the
organization, make them aware of the roles and create
collaboration platforms to share ideas amongst users.
Constantly evaluate the content through the right tools
without being too personal.
z utilise the latest and tested/staged operating systems
on the devices, and almost important, be aware of the
updates.
subramanya C – CtO, Hinduja global solutions
cover story | Best security techniques
1 8 Itnext | A u g u s t 2 0 1 3
loss. There is a strong need to educate the staff on organisational IT policies.
It is also important to keep data back-up strategies in place while being compliant with security certifications such ISO 27001, SSAE 16, SAS 70, SOC 2, ISO 22301 etc..
“While mobile computing is being promoted to be able to have real time data and information, organisations must ensure that devices are hardened and updated to handle malware,” says Khatavkar. In parallel, an organisation can implement policies like allowing different kinds of employees to access varying levels of information from their device, risk based user profiling, limited extent of information accessible to users, developing security awareness for BYOD Users, encouraging employees to report violation or loss immediately, so that organisations can take appropriate action to build a robust environment
Das recommends having a well-defined BYOD policy with compulsory device enrollment in place, security awareness of end users, ensuring malware protection to be enabled on all devices, ensuring having mobile device management (MDM) tools which are standardised across devices and device level encryption.
Sunil Varkey points that a combination of MDM solutions with proper containerisation with a mature process on defining, monitoring and controlling what data and application can be accessed by BYOD along with strong user awareness on the criticality of any data loss or leakage is the right ideal solution. “ BYOD adoption should be in a phased manner related to application, user base and data moving to BYOD and a strong policy should defined and published so that expectations from BYOD will be clear to all constituents,” says Varkey.
Ghosh has suggested five key areas that every company should consider as they establish their mobile strategies to ensure high productivity without increasing their vulnerability:
Ensure secure access to apps: This means maintaining a strong focus on identify management. Organisations must focus on developing strong password policies for their employees’ mobile device use.
Protect your apps and data: With many organisations considering providing mobile access to enterprise content, it places a lot of sensitive data on mobile devices.
Direct control of specific, critical apps and data (as opposed to device-based control) is a very effective approach to apply
“ byod adoption should be in a phased manner related to application, user base and data moving to byod and a strong policy should defined and published so that expectations from byod will be clear to all constituents” Sunil varkey, chief information security Officer, Wipro technologies
Ph
Ot
OG
rA
Ph
By
Ji
te
n G
An
Dh
i
Best security techniques | cover story
1 9A u g u s t 2 0 1 3 | Itnext
Policies thAt Are A Must for byod
With byOD, companies should
control access based on the
need to know, and conduct
continuous vulnerability assessments
More and more organisations are
opening up their networks to the most
popular trend, byOD (bring your Own
Device), and see everything, from iPads
to the latest Android gadget, walk
through their doors.
For organisations, particularly larger
firms with sufficient it staff and secu-
rity infrastructure, the proliferation of
personal devices in the work environ-
ment paves the way for untold efficien-
cies and increased productivity, not to
mention lowered carrier costs. Workers
can answer e-mail, upload information
on file shares and update websites
from the commuter train, the beach
condo or their kids’ soccer games −
often on their dime. On a more personal
level, studies have found that
employees are happier and
more efficient when they use
devices and applications of
their choice for work.
Critical Policies
generally, these devices are
devoid of the most basic secu-
rity features--such as antivirus
and password protection −
incorporated in practically all
workplace PCs. Meanwhile,
the agility enabled by personal
devices means that business
critical apps can, and will, be
accessed from any network
in any location. this leaves a
staggering amount of sensitive
data on the devices, whose
exposure could be highly detri-
mental to the business.
yet it’s getting tougher for
firms to say no to employees
using their own devices--it’s
clear that staff will not stop using their
own handhelds for business, and they
will just try to figure out ways to make
it work.
Here are three suggestions that
will provide some peace of mind for
organisations:
implement a Relevant Mobile Policy:
it’s simple Policy 101. Most organisa-
tions should take the time to really as-
sess their goals and determine relevant
threats (malicious websites, productiv-
ity loss, excessive bandwidth usage)
to the network. some questions the it
department need to ponder over are:
z Which mobile devices will you allow
onto your network?
z Which Os versions will be allowed?
z What applications are required, and
which are not permitted?
z Which employees will be allowed to
use these devices?
z Who has network access based on
who, what, where and when?
Companies should also control
access based on the need to know,
and conduct continuous vulnerability
assessments. And of course, they need
to figure out how to enforce the policies
they have laid down.
Remote Management software: it’s
important to be able to apply the range
of basic security functions, such as an-
tivirus or remote data wiping software,
to any device housing corporate data.
Remote management software gives
it the ability to automatically update
users’ devices with the latest patches
to prevent any existing vulnerabilities
from being exploited in mobile attacks.
blocking non-compliant Devices:
this is where organisations can
practise the art of compromise.
Often, workers are eager to
use their personal devices for
work but reluctant to install
additional software, some of
which might have the potential
to wipe their valuable contacts
and photos from their phone.
As a compromise, firms could
allow their workers to use their
own devices iF they agree to in-
stall certain apps in accordance
with the organisation’s security
policy. if not, they can stick to
an it-issued device.
ultimately, while it may be
hard for employees to agree
to put on remote management
or antivirus software, some
form of trade-off probably
serves both parties best. both
organisations and employees
really have to get ahead of the
curve--byOD is here to stay.
vishak raman sr. regional Director sAArc, Fortinet
cover story | Best security techniques
2 0 Itnext | A u g u s t 2 0 1 3
the desired layers of protection exactly where they are needed, without touching the remainder of the device.
Put in place effective device management: Devices that access business assets and connect to company networks must be managed and secured according to applicable company policies and industry regulations.
Every company should establish appropriate mobile policies, and those should be applied to all managed devices, just as policies and configurations are applied to corporate PCs and laptops.
Solutions towards this include mobile device management applications, such as remote locking and wiping of stolen or lost devices.
Implement comprehensive threat protection: The fact is that mobile devices are rapidly becoming the new preferred target for bad guys.
Different platforms have different risk profiles, and it is important to understand where vulnerabilities exist and to take appropriate action to secure business assets.
Good threat protection should protect from external attacks, rogue apps, unsafe browsing, theft, and even poor battery use.
Supply secure file sharing: Although access, storage, and sharing of files are not uniquely mobile challenges, multiple device ownership and the need to collaborate make the cloud a driver for productivity, allowing for simple distribution and synchronising of information across devices. Businesses should have full administrative control over distribution of, and access to, business documents on any network, especially in the cloud.
e) Employee education: Educating employees about the importance of placing stronger passwords, and using reliable security software for their devices and keeping the software updated is a must.
Put in place processes that would authenticate employees and their respective devices. This would avoid multiple devices from being used by unauthorised people.
“with the introduction of these new, unsecured and possibly non-compliant devices easily coming in and leaving with business sensitive information, a security and compliance hole is forcing a re-think of how best to secure the organisation and its business data”jagdish mahapatra MD, india & sAArc, McAfee
Best security techniques | cover story
2 1A u g u s t 2 0 1 3 | Itnext
Enterprise security chiefs are turning to tighter controls on email, mobile devices and social media, the hub of all attacks, while effectively using DLP technology
Data Breaches viz-a-viz DLP
he Websense 2013 Threat Report confirms that cyber attacks escalated on every front and through every vector last year, strain-ing every layer of enterprise defenses. Moreover, Cyber criminals are already swiftly exploiting the latest advancements in mobile devices, social media and other technologies to advance their art and take an ever-greater toll on legitimate com-
merce. While security strategies must turn to tighter controls on email, mobile devices and social media, the heart of almost all attacks through these vectors continues to be the web.
Regardless of the lures sent through other channels, these attackers use the web to enhance their social engineering efforts and hide their true intent while waiting for the right moment to install malware, communicate with a CnC server or deliver stolen information.
Data Breach, a Growing MenaceVerizon in its DBIR report clearly articulates that data breaches are a multi-faceted problem, and any one-dimensional attempt to describe them failed to adequately capture their complexity. Ashish Thapar, Head-Global Consulting & Integration Services, Verizon Enterprise Solutions, says that Indian enterprises too
how to Protect Your information assets with DLP
Consider the number of data breaches happening on a daily
basis--both inadvertent and deliberate. Many a times, a
mail is sent off to an incorrect id-- a genuine human error!
What if the mail had confidential information? What happens when
a laptop is lost or an old hard disk is disposed of? What happens
when a resigned employee wants to take away his hard work
while leaving the company, which includes company confidential
data? Even worse, what if organised criminal gangs infiltrate your
organisation with a plan to siphon off precious information – as we
saw in a recent cyber crime incident?
One of the tools to help overcome this threat is DLP. DLP solu-
tions help detect and prevent attempts to transfer confidential
data by acting as a gatekeeper at various egress points. The tools
include network tools to monitor all connectivity like Internet and
email gateways, social media, Instant Messaging, FTP, upload-
ing data to cloud storage etc. End point based DLP tools help in
preventing copying to USB storage, SD cards, printing of confiden-
tial information. DLP tools can protect the data at rest, in motion
and in use. Most DLP tools are now capable of analysing SSL
encrypted traffic as well.
While most DLP tools boast of pre-configured policies and
industry specific dictionaries, the policies need to be customised
for each organization--this is the challenge for security manag-
ers. To create effective policies, the organisation needs to identify
what data is created or acquired, why it is confidential, various
locations where it is stored, who has access to it, how and when it
is accessed and transferred and which formats it can be converted
to. The data needs to be classified and policies need to be created
based on the answers to these questions. DLP can either work in
a monitor mode, which means it will only record policy violations
Data Breach & DLP
2 2 itnext | a U g U S T 2 0 1 3
are experiencing data breaches in a big way.“The reason for this is that most IT heads or individuals use
the same password for internal critical applications and also for social platforms such as facebook, linkedin etc, which paves the way for cracking data,” says Thapar.
Surendra Singh, Regional Director, India & SAARC Websense Inc., offers an interesting perspective. He says that the organisational desire to bag more and more projects
followed by three to four years of complex implementation of projects, working around a three year RoI etc., is leading to more insecurity, resulting in data breaches in the process. “In such a scenario, you can never be assured of 100 per cent security; and if you need to have a matrix, about six months of RoI would carry 98 per cent of risks,’ he says.
Singh reiterates the fact that the nature of data has changed, which is the cause for the increasing breaches and that it has been proved that every 5 to 10 per cent of the data constitutes 90 per cent risks being malicious. Amit Pradhan, Chief Information Security Officer, Cipla Ltf, finds repudiation challenges around identity security are on the rise today, and dissolving of physical and logical enterprise boundaries resulting in data breaches.
Dr Harsh, Head-IT, HKM Group, attributes the increasing data leakage to internal culprits and threats, less security mechanisms implementation, bad and poor configuration, no data access policies, no awareness with users on security breaches and policies, no role based access and restrictions and lack of existence of domain controllers/ centralised control mechanisms.
tackling with DLP technologiesWhile many security technologies and practices have been deployed, Data Loss Prevention (DLP) approaches have also been used to address the risks emerging out of data breaches. But Singh says it is critical for DLP technology to address encrypted communications, and better control both inbound and outbound content flow. Sunil Varkey, Chief Information Security Officer, Wipro Technologies, indicates that over the
and alert security managers or in BLOCK mode which will
prevent the data from leaking. In the initial days, the tool could
throw up a lot of false positives and based on an analysis of
these incidents, the policies need to be tweaked.
DLP needs to work in tandem with other security tools like
Encryption and Document Rights Management to create a robust and
comprehensive security solution for protecting your information assets.
a final note of caution, with data no longer being restricted
within the perimeter of the organisation i.e. stored on cloud and
accessed using personal devices like tablets and smart phones,
the challenge is only getting tougher.
Parag Deodhar, Chief Risk Officer, Vice President - Process
Excellence & Program Mgmt with Bharti aXa general
Insurance Co Ltd
“the reason for this is that most it heads or individuals use the same password for internal critical applications and also for social platforms such as facebook, linkedin etc, which paves the way for cracking data”Ashish Thapar Head-Global Consulting & Integration Services, Verizon Enterprise Solutions
Best security techniques | cover story
2 3a U g U S T 2 0 1 3 | itnext
last few years DLP technology has involved reducing false positives, search capabilities in OCR, integration with other products, ease of usage, correlation with various leakage vec-tors, etc. “While adequate planning is required before deploy-ing any DLP technology, the key phase should include data classification, data type definition, data blue printing based on the criticality, understanding each of the constituent groups based on the type of data access, process and acquisition,” says Varkey.
From an innovation perspective, Satish Das, Chief Information Officer, & VP, Cognizant, says there is a high level of customisation being carried out by all DLP vendors to cater to specific organizational requirements, and focus on selective
and customised block policies. Das says DLP technology should be used in a planned manner. Three methodologies which have an effective impact are:
zUsing DLP at gateway level to ensure that all outgoing traffic is scanned. This is to ensure specific traffics such as emails etc. can be monitored and controlled.
zUsing DLP at endpoint level to ensure all data movements on endpoints is tracked while outside the organisation
z Planning DLP for tracking and logging of end user usage logs to analyse for violations.
zUsing DLP Fingerprinting to ensure false positives are at minimumSingh says, “While DLP technology should be put in place as it
can easily detect 1000s of data breach incidents or possibilities, it is equally important to buy in the business stakeholders who should be discussing the business projects with the security team to enable them to ensure secure traversing of data.”
Verizon’s Thapar finds that custom built-in signature criterion is being developed as part of DLP tools to prevent threats and breaches.
innovative PracticesThapar says, “As a best practice, business functions and data flow should be structured, critical data needs to be analysed, mapping the data and how it is traversing should be observed and designing a DLP strategy should be driven by compliance.”
Singh agrees with his peer and says, “Scoping of business project and data and workflow is important.”
Das offers the following best practices: z The ideal method is to start soft with track and analyse mode and then slowly move to Block mode for network traffic in phases.
z Ensure user awareness is appropriate on DLP, which will directly ensure user acceptance of DLP policies.
z DLP incident monitoring needs to be continuous and not incident basedThe latest DLP solutions are not only content-aware, but also
include innovations such as Insight (which helps identify the ownership of sensitive data), Vector Machine Learning (which automatically identifies your most critical data) and others that take into account the rapidly mobile workforce.
Some innovations according to Anand Naik, Managing Director – Sales, India & SAARC, to secure data in a BYOD environment and visibility into “Hidden” data: Companies can now decrypt, extract and analyse content that has been encrypted by the vendor. “File Share Encryption insight is a unique new feature that provides visibility into encrypted files stored on file servers and shares that previously could not be inspected for confidential data. It is a valuable tool not only for preventing accidental data leaks by insiders who just don’t know better, but also identifying malicious insiders who may try to steal valuable intellectual property by first encrypting it in order to avoid detection.
“Finding High Risk Insiders and 90 per cent of DLP is about what you do after you find confidential data,” says Naik.
“While DLP technology should be put in place as it can easily detect 1000s of data breach incidents or possibilities, it is equally important to buy in the business stakeholders who should be discussing the business projects with the security team”Surendra Singh Regional Director, India & SAARC, Websense Inc
cover story | Best security techniques
2 4 itnext | a U g U S T 2 0 1 3
Recent developments in the field of risk management suggest that Info Sec risks must be assessed and quantified statistically based on key risk indicators
assess securitY risks in a scientific waY
n evolving threat landscape cou-pled with complexity in manag-ing data and people in the light of trends like mobility, social, consum-erisation of IT and cloud makes it imperative that security leaders have a constant finger on the pulse of the risk posture of their organisa-tions. Recent developments in the
risk management field suggest that Information Security Risks need to be assessed and quantified based on key risk indica-tors observed over time and analysed statistically, something that many evolved risk disciplines like the medical and finance fields have been doing for quite some time. With advances in mobility, social and cloud, our data has moved out from in-house data centres to somewhere in the cloud. These develop-ments are giving sleepless nights to CISOs who wonder: ‘where and how secure is our information?’ They juggle numerous risks, threats scenarios and security solutions including (but not limited to) DLP software, MDM solutions, Advanced Mal-ware protection, Cross device End Point protection solutions, etc. To answer these vexing questions, security leaders need an effective Information Security Risk Assessment methodology.
Pertinent QuestionsMost risk assessments are based on the judgment of practi-tioners to quite some extent, and rely on their experience and knowledge. These approaches are relatively easier and cheaper. They generally categorise risks into High / Medium and Low and are “point in time” assessments; they are not based on observations gathered over a period of time. So, at best, risk assessment ends up more of a guesstimate game. But decisions and investments require some view of the future. With the cur-rent techniques of qualitative processes of assessment, predic-tions for the future are qualitative judgements or shots in the dark rather than calculated or statistical predictions.
risk assessment
scientific tools to assess risks
z Risk assessments are based on the judgment of practitioners to
quite some extent
z advanced understanding from the medical field can be applied
towards handling risks that information infrastructures face
z Regression analysis is a statistical tool for the investigation of
relationships between variables and is preferred when the focus
is on the relationship between a dependent variable and one or
more independent variables
z There are different kinds of regression; in its simplest form, a
linear model specifies the (linear) relationship between a de-
pendent (response) variable Y, and a set of predictor variables,
the Xs, so that Y = b0 + b1X1 + b2X2 + ... + bpXp
z First-generation regression-based techniques, like multiple
factor or cluster analysis, belong to the core set of statistical
instruments which can be used to either identify or confirm
theoretical hypothesis based on the analysis of empirical data.
z Structural Equation Modelling (SEM) has evolved as an alterna-
tive in recent times as a viable second generation regression
technique
z SEM based statistical approach using PLS algorithm to risk as-
sessment is much better than existing subjective assessments.
It is information oriented rather than assessor or expert judge-
ment dependent, thereby overcoming judgement bias
2 5a U g U S T 2 0 1 3 | itnext
Bring in the Scientific elementThere are a number of fields where risk management has evolved into a science and has, over time, got established through practice and refinement. One such is the medical field, which has made significant progress in creating models for understanding risks from diseases and using the knowledge towards combating diseases. Illnesses or diseases which were not curable in past have effective treatments and medicines available today, possibly because of the rigorous risk manage-ment approach the field has followed.
This advanced understanding from the medical field can be applied towards handling risks that information infrastructures face. Considering information assets to be patients, incidents including hacking and malicious programmes to be diseases, technical counter measures and controls to be medicines and different processes, policies and practices to be treatment protocols, we can draw a fair parallel between medical risk management and information security risk management practices.
Statistically Proven Risk AssessmentLet’s see how statistics can be used to analyse risks with respect to information security. With the help of statistics, one can anal-yse the historical / current trends and make forecasts regard-
ing issues and risks of the future. Traditionally, regression techniques have been used for prediction of possible future outcomes. Regression analysis is a statistical tool for the investi-gation of relationships between variables and is preferred when the focus is on the relationship between a dependent variable and one or more independent variables. There are different kinds of regression; in its simplest form, a linear model speci-fies the (linear) relationship between a dependent (response) variable Y, and a set of predictor variables, the Xs, so that Y = b0 + b1X1 + b2X2 + ... + bpXp.. First-generation regression-based techniques, like multiple factor or cluster analysis, belong to the core set of statistical instruments which can be used to either identify or confirm theoretical hypothesis based on the analysis of empirical data.
Limitations to RegressionFirstly, regression analysis works in a simple model where there is one dependent and several independent variables. We face a much more complex multivariate world where many risk indi-cators influence different risk identifiers. Secondly, regression analysis is applied where a variable can be observed over time, whereas in the context of information security, all the risk iden-tifiers are not observable over time. Thirdly, the assumption is that variables can be measured without error; in the practical
“When an organisation wants
to minimise all potential negative
impacts, it has to look into risk
indicators from all different areas and
aspects, conduct an analysis to figure
out which risks are more severe and
which less” Upasna Saluja
Operational Resiliency Manager Thomson Reuters
PH
OT
OG
RA
PH
BY
S R
AD
HA
KR
IS
HN
A
cover story | Best security techniques
2 6 itnext | a U g U S T 2 0 1 3
world, even in information security, it is rare to find a situation without error.
What is the new tool to Assess?Structural Equation Modelling (SEM) has evolved as an alter-native in recent times as a viable second generation regression technique. SEM allows simultaneous modelling of relationships among multiple independent and dependent factors. Therefore, one no longer differentiates between dependent and independent variables but distinguishes between exogenous and endogenous latent variables, the former being variables not explained by the postulated model (they act always as independent variables) and the latter being variables explained by the relationships contained in the model. SEM has different kinds of regression techniques. Recent research in information security indicates that the Partial Least Square (PLS) regression technique, which belongs to the SEM family, is ideal for assessing risks statistically. It originated in the social sciences but became popular in chemo-metrics (computational chemistry) and in sensory evaluation. PLS regression is also becoming a tool of choice in the social sci-ences as a multivariate technique. PLS is recommended in cases where the number of variables is high, and where it is likely that the explanatory variables are associated, which is also the case in information security. It is particularly useful when we need to predict a set of dependent variables from a large set of indepen-dent variables (predictors). It is useful when the goal is prediction and there is no practical need to limit the number of measured factors; this works very well for information security, since we end up noticing a large number of varied factors (explanatory variables) which impact risks. When an organisation wants to minimise all potential negative impacts, it has to look into risk indicators from all different areas and aspects, conduct an analy-sis to figure out which risks are more severe and which less. The management requires convincing reasoning behind the resource allocation, while risks need to be mitigated. Also, the CISO will want to know whether there are controls or measures which could lead to the reduction of a number of inter-dependent risks. This method presents the advantage of handling missing data too, a very powerful benefit for information security practitio-ners, since missing data is a key challenge they face and hence often choose to go with averages or intelligent guesses.
PLS is a technique that generalises and combines features from Principal Component Analysis and Multiple Regression. A PLS algorithm starting from a table with n observations described by p variables, creates a set of h components with h<p. The determination of the number of components to include in the PLS algorithm calculations is determined based on a criterion that involves cross-validation of factors. Thus, SEM based statistical approach using PLS algorithm to risk assessment is much better than existing subjective assessments. It is information oriented rather than assessor or expert judgement dependent, thereby overcoming judgement bias. It has a statistical foundation, thus providing consistency and wider applicability. A proven model can be used in diverse scenarios and scales of operations.
30.04.2013 28 cm x 10.3 cm
RB
/BA
/131
9HV
CA
1
Phone: +91 11 23906777 • E-Mail: [email protected] 9001:2008 & 14001:2004 CERTIFIED
®
www.bryairfi ltration.com
Backed by
Service
Get in touch with us today!
Gas Phase Filtration• Most effi cient system for
purifying the air• Based on advanced
Honeycomb technology using chemical fi lters
• Bry-Air EcoScrub looks sleek and works quietly
• Designed to complement the servers
Frequent Breakdownshampering your business?
®
Removes harmful gases Prevents corrosion of electronic components
in Control Rooms
R codes have a huge curiosity factor, Quriosity…. It’s a wonderful thing. Tie curiosity to advertising and you’ve got a winner. QR codes can do just that and much more, which is why their popularity is soaring. Each unique square symbol is comprised of black and white markings and can be scanned by many camera phones or
other digital readers to provide information, or, in many cases, a link to a website.
Drawing Hackers’ AttentionAmit Kaul, CEO, Evam Technologies, explains that QR codes, and related mobile tagging formats, can be targeted and manipulated by cyber criminals to easily steer victims to mali-cious websites in a new opportunity to steal identities and commit fraud. Satish Das, Chief Information Security Officer, Cognizant, states three reasons for QR codes to be driving the attention:
z Vulnerable due to lack of end user understanding of the code z Since it’s intended for systems, it’s difficult for humans to
comprehend the actual message from image. z Extremely easy to make and can be done free over
the Internet. QR scanning apps from distrusted sources can be a risk. Like all other apps, they may come with Trojan functionality or malware. Sandeep Godbole, ISACA India Task Force Member and President ISACA, Pune Chapter, says that QR codes are yet another vector for scammers like phishing email, URL shortening services etc., which makes it an ideal vector for spear phishing type of attacks. Stickers, documents that look genuine and that have QR code can potentially lead users to malware or direct them to phishing sites.
QR Challenges for CiSOsAbhijit Limaye, Director, Development &Security Response, Symantec, reiterates that QR codes are an increasingly popular way for people to convert a barcode into a website link using a camera app on their smartphones. It’s fast and convenient, but potentially dangerous. “Spammers are already using it to promote black-market pharmaceuticals, and malware authors have used it to install a Trojan on Android phones. In combina-tion with link shortening, it can be very hard for users to tell in advance if a given QR code is safe or not; so, consider a QR reader that can check a website’s reputation before visiting it. “Once the bait has been taken, the victim must be reeled in. The next step in these attacks fools the user into taking an action to propagate the threat: for example, installing an app, download-ing ‘update’ to your video software or clicking on a button to prove you’re human. The attackers persuade their victims to infect themselves and spread the bait to everyone in their social circles,” says Limaye.
Given the QR’s complexity, Dr K Harsha, Head-IT, HKM Group, finds QR codes drawing new threats owing to less security awareness with customers, similar fraudulent sites will increase security risk and security breaches and educating clients/customers on QR Code is a tedious process.
Amit Kaul argues that QR codes are not inherently dangerous, but they can get linked to content that might infect a mobile device and steal a wealth of information from the user, or in this case, the scanner of the code.
“When a user scans a QR code, it displays a link (QR code has more features than that) in most cases. This allows cybercriminals to use URL shortening services (such as bit.ly and others) to disguise the ultimate address stored in the QR code, which may lead to a page with malware that steals the user’s credentials or to a phishing site. As a mobile browser may
QR codes are an increasingly popular way for people to convert a barcode into a website link using a camera app on their smartphone; which is also
potentially dangerous
Qr coDe newest waY to
Leak information
Qr coDe
2 8 itnext | a U g U S T 2 0 1 3
not always be capable of displaying the complete URL of the opened page, the situation is further complicated,” says Kaul.
Best techniques to Counter the RisksWhile there is always a technique to solve the toughest puzzle, preventing the risks associated with QR code spells certain best security practices which the CISOs are adhering to.
For instance, HKM’s Harsh recommends QR codes should be printed on white or soft pastel colour background for safety and recommends users not to reverse or invert in print. The
“A challenging but important task for companies who
utilise BYOD is to develop a policy that defines exactly
what sensitive company information needs to
be protected and which employees should have
access to this information”
“QR codes are not inherently dangerous, but they can get linked to content that might infect a mobile device and steal a wealth of information from the user, or in this case, the scanner of the code”Amit Kaul Director, Evam Technologies
Govind Rammurthy MD & CEO, eScan
black must be black or a dark contrast colour for scanners to appropriately pick it up. “There should be at least 55 per cent contrast difference if it is going to be printed in colour between the squares and the background,” says Harsha. Kaul points ou a few precautionary measures for smartphone users—such as using a client antimalware application (wherever possible), taking advantage of the corporate Wi-Fi network and its standard network protections to block the malware, or using a QR reader application that checks URLs against blacklists of known malware-laden websites.
2 9a U g U S T 2 0 1 3 | itnext
Kaul recommends three simple procedures to prevent threats:1. Take care before scanning a QR code; just make sure that it is
not covering another code. If you have a doubt, do not scan.2. Once you open an app store or a website on your browser,
ensure that the QR code has taken you to the site you had to go to. Check to see the application’s rating or customer feedback. If there are very few feedbacks or ratings or none at all, it’s best not to continue the installation.
3. If your smart phone allows the installation of security applications that checks sites for malicious content and
downloaded software for malware, ensure you install such an application. This is especially so for Android smartphones, which are now targeted by thousands of malware programs.Cognizant’s Das strictly advocates users not to scan when the
source is unknown, always verify the website authenticity on scan and ensure mobiles have adequate Antivirus Protection to address any emergencies.
Symantec’s Limaye advises users to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or tunnel through a VPN and protect against automated redirection to malicious sites with QR codes.
“there is a high level of customisation being
carried out by all DLP vendors to cater to specific
organizational requirements, and focus on selective and customised block policies”
Satish Das CIO, & VP, Cognizant
“Given the complexity, QR codes are drawing new threats owing to less security awareness with customers, similar fraudulent sites will increase security risk and security breaches and educating clients/customers on QR Code is tedious”Dr Harsha Head IT Security Advisor, HK IT Group
cover story | Best security techniques
3 0 itnext | a U g U S T 2 0 1 3
The power behind competitiveness
+91 9999992084www.deltapowersolutions.com
Powering Competitivenessin DatacentersDelta’s InfraSuite Datacenter Infrastructure Solutions
• Optimized set-up and operation costs• Modular design fits all server rooms architectures• High Flexibility allows quick and easy set-up by companies• Complete environmental management systems allows convenient manager control• High performance power configurations support the green server room concept• High level of integration provides a complete and reliable solution for companies
Fully integrated design and scalable architecture
interview | NitiN DaNg
3 2 itnext | a u g u s t 2 0 1 3
NitiN DaNg | interview
3 3a u g u s t 2 0 1 3 | itnext
Cobol on an integration Spree
Can you elaborate on the innovations in the enter-
prise application modernisa-tion, testing and management solutions arena?Micro Focus operates in the space of enterprise application moderni-sation, testing, and management solutions. Over the years, COBOL has evolved to keep pace with technological developments, inte-grating with most modern tech-nologies today. Most importantly, it has retained many of its tradi-tional strengths. As technology evolves, and new trends emerge, end users demands and expecta-tions of the software applications are constantly changing.
The emergence of social media and web 2.0 applications such as Facebook and new mobile plat-forms such as iOS and Android, are driving users to expect a similar experience and accessibil-ity when working with business applications. At the same time, the emergence of Software as a Service (SaaS) and the availability of Cloud
Nitin Dang, Country General Manager, Micro Focus India and SAARC, looks at the importance of modernising the business-critical COBOL applications which make it compelling for organisations to drive productivity. Dang elaborates on the innovation in traditional COBOL and how it offers cost savings to customers, besides ensuring increased productivity and the ability to drive focus on product innovation
technology mean geographic bar-riers are being broken down. These growing trends are putting pressure on businesses to respond in a timely fashion to constantly changing user expectations and new competition. As organisations scramble to meet the new demands of the market, they expect their IT teams to deliver with constantly diminishing budgets. With this in mind, organisations are find-ing that the quickest, cheapest and safest option is to modernise their existing COBOL applications.
The key has been to keep the language current with new pro-cessing ideas and new capabilities. This makes it easy to adapt COBOL to new environments even though it is a mature language with a lot of operating lines of code. COBOL has a unique capability in that the same COBOL code can be com-piled into native code, .NET and to the JVM without changing a single line of code.
Visual COBOL delivers a more productive, efficient developer
experience. It empowers the organ-isation through innovation, to carry forward its application investments into the future.
How is it being leveraged by customers?Talking specifically about Visual COBOL, we recently worked with Om Logistics India’s lead-ing logistics services company, to build a COBOL-based Enterprise Resource Planning (ERP) system, built using Micro Focus Server Express, which supports the com-pany’s core business modules, including accounting, reporting, warehousing, HR and payroll as well as consignment tracking.
Visual COBOL helped them to leverage the latest industry-standard IDEs to modernise core applications, development of a mobile application to access COBOL systems, and improving the efficiency of the developers by 30 per cent. This is a huge achieve-ment, considering the pressures on IT investment.
interview | NitiN DaNg
3 4 itnext | a u g u s t 2 0 1 3
Which aspect of the whole it framework is leveraging these solutions?There are several enterprise appli-cation modernisation strategies available to organisations that want to prepare themselves effec-tively for the economic upturn. Of those strategies, modernising existing business-critical COBOL applications is one of the most compelling, offering cost savings, increased productivity and an ability to drive much greater focus on product innovation.
According to Forrester Research, 64 per cent of companies surveyed responded that updating and mod-ernising their legacy applications was an important software initia-tive for their current planning cycle. Given the current economic environ-ment, Micro Focus urges organisa-tions to consider how to maximise their existing investments in mis-sion-critical applications through extending COBOL applications to Web Services and SOA, modernis-ing COBOL applications to Web and .NET and integrating COBOL appli-cations to .NET and J2EE. Reducing your costs, streamlining your busi-ness processes, improving produc-tivity and facilitating IT innovation are the cornerstones of a successful business strategy in current times. It has been shown that these four busi-ness goals are not independent and they are not contradictory.
What kind of challenges does it face from the customer standpoint?From a customer standpoint, there are only benefits to having imple-mented COBOL in their infra-structure. The key has been the evolution of the language, through its malleability to the contemporary business environments, with fresh processing ideas and capabilities. This has made COBOL, the legacy language, stand the test of time and still be implemented as a trustwor-thy resource.
How do you measure customer benefits using Cobol?COBOL’s presence, a technological movement that has stood the test of time, is not merely felt in one or two niche industries, but rather, over the past handful of decades, it has infiltrated almost every key vertical industry. For example, the banking and financial industries are one of the first that embraced computing and as such, their IT roots are set in COBOL because it was the pri-mary language used then; and now. If the language’s code were sud-denly removed from banking sys-tems, it would adversely affect the transaction system. However, this does not just pertain to banking. If COBOL were just deleted from air-lines’ systems, flights could no lon-ger be booked online, hotels could not handle reservation requests
and cash registers at retail stores would simply not work. As a matter of fact, COBOL systems are respon-sible for transporting up to 72,000 shipping containers, caring for 60 million patients, processing 80 per cent of point-of-sales transactions and connecting 500 million mobile phone users. It has been estimated that the average American relies on COBOL at least 13 times during the course of a routine day as they place phone calls, commute to and from work and use credit cards.
New application development rarely starts from a blank sheet of paper. Innovations like mobile
“ COBOL’s presence, a technological movement that has stood the test of time, is not merely felt in one or two nice industries, but rather, over the past handful of decades, it has infiltrated almost every key segment”
NitiN DaNg | interview
3 5a u g u s t 2 0 1 3 | itnext
banking, for example, are simply new channels through which cur-rent business applications can be delivered. Existing COBOL applica-tions have extensive business logic built into them containing valuable competitive advantage. Using these applications in new environments for decades to come ensures that both investment and market oppor-tunity are maximised.
Why did om logistics go in for Cobol deployment even though it is considered to be a legacy language? OM Logistics operates in an envi-ronment where the big players were constantly raising the stakes in respect of new technology, but their own was unwieldy and outdated technology. Their business applica-tions used character-based, com-mand line development technology making them clunky to modify and difficult to modernise.
OM wanted a more productive application development toolset with a contemporary, industry-stan-dard developer experience that would exploit its existing invest-ment in powerful COBOL-based applications. Clients expect con-signment-tracking technology and modernising their mobile app was on OM’s list. Visual COBOL’s phi-
losophy of ‘re-use not rewrite’ has enabled OM Logistics to progress its existing COBOL business rules to take advantage of new modern technologies, such as PHP.
In addition to the technology innovations already underway, Visual COBOL has already deliv-ered on the development produc-tivity gains. The company opted for Visual COBOL with Eclipse to be in-line with the latest technol-ogy and move towards mobile and cloud development. I estimate its use has improved development efficiency by around 30 per cent. The customer already completed an application upgrade from Micro Focus COBOL to Visual COBOL and is now planning to develop a very valuable new mobile applica-tion to leverage our COBOL-based business rules.
please elaborate on om logis-tics’ latest up-gradation to Visual Cobol? With Visual COBOL now in place, future and planned initiatives--in-cluding the development of a mobile and PHP application interface, pow-ered by proven, back-end COBOL applications – can hit the launch pad. The gains prompted Om Logis-tics to opt for this reinvention of the Micro Focus design classic.
What sort of innovations has the deployment/language brought to core application of om logistics?
OM Logistics’ experience of Visual COBOL for Eclipse, the industry-leading development environment, has been to dramatically improve the maintenance and development of COBOL applications--a massive advance over previous character-based tooling.The company has seen great developer productivity gains and the company can now deliver higher levels of perfor-mance, capacity, and functionality with much greater ease. It is said to have a more flexible and cost-effective platform for development that can support new interfaces and technologies quickly and easily. Moving to Visual COBOL has been a win-win situation for us.
What is the future road map for Cobol?The most obvious shift in the IT landscape has been a proliferation of new platforms for software appli-cations to be run from--Windows, UNIX, Linux, Cloud, Mobile. The core of every application decision will now have to home in on breadth of platform support. End-users only want one thing: functionality on their platform of choice. It’s up to development teams to ensure that the functionality is present and streamlined, on the right environ-ments, meaning applications need to be built and updated on reliable, robust and portable code.
Change is inevitable, so why make updating and maintaining applications any harder than it needs to be? Programming lan-guages, COBOL for example, are simple to understand and don’t necessarily require prior language-specific experience. If software development teams expe-rience turnover over the years and new developers enter the mix, it is valuable to have code that doesn’t send developers spinning.
The technology innovations of the future are undefined and infinite--some will change the IT landscape for the better.
Find other inter-views online on
the website www.itnext.
in/resources/interviews
IL
LU
ST
RA
TI
ON
by
Sh
Ig
IL
NA
RA
yA
NA
N
New technology enhancements will boost performance, reduce TCO by up to 30 per cent, and help senior IT managers achieve business transformation
by N geeTha
Transform Business, in a
Flash
These enhancemenTs
simplify managemenT
funcTions and improve uTilisaTion To lower Tco by 30
per cenT over a four-year period
The key objective of Hitachi Data Systems Corporation has been to make the lives of senior IT managers simple and easy to cope with data storage challenges. The challenges that these IT professionals face according to Hitachi are:
They have less time to develop and deliver new solutions and services to more customers, and they must do so with flat or decreasing budgets.
To get the most out of their IT investments, they need to maximise performance, efficiency and economics of their infrastructure and resources.
Maximising IT accelerates insight, improves decision-making, and releases resources to let them increase the pace of their innovation and harness information to build competitive advantage.
To address these challenges in a more logical and pragmatic fashion, Hitachi
has made technological enhancements and rolled out three infrastructure solutions: All-flash storage solutions, Storage solutions which are unified ready and solutions which enterprise-virtualisation ready.
Hu Yoshida, VP and Chief Technology Officer, Hitachi Data Systems says, “The three new technology enhancements support this strategy and simplify the tasks of implementing flash, unified storage with primary de-dupe and converged infrastructures for rapid application deployment”
According to Yoshida, Hitachi Unified Storage flash system is designed for organisations that seek to accelerate the performance of their business applications. With integrated Hitachi Accelerated Flash and enterprise storage virtualisation, HUS VM delivers faster access to information and increased efficiency through central management of all storage assets. Database, analytics,
3 6 iTnexT | a u g u s t 2 0 1 3
insight | Flash storage
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
virtual desktop and virtualised server environments benefit from superior performance and improved response times.
“This strategy results in one management platform across server and storage, file, block and object, and simplifies the task of implementing new technologies. Virtualisation enables a smooth transition between technologies and enables the ability to leverage other vendor products and include them in our management stack,” says Yoshida.
What’s new that can Transform Customer BusinessFrom the technology perspective, Hitachi Unified Storage VM (HUS VM) all flash system, Hitachi Unified Storage and Hitachi NAS Platform, and Hitachi Unified Compute Platform (UCP) are expected to reduce total cost of ownership (TCO) by up to 30 per cent compared to alternative solutions, and up to double the performance benefits of previous generations; the new turbocharged solutions maximise IT investments and help customers achieve unsurpassed operational savings despite today’s relentless data growth and cloud infrastruc-ture complexities.
Built on Hitachi’s 3-tier StrategyVivekanand Venugopal, VP&GM, India, HItachi Data Systems vouches for these technologies to deliver the performance, effi-ciency and economics needed for the foundation of seamless enterprise cloud environments. “The technologies also achieve a new milestone in the Hitachi Data Systems 3-tiered strategy for infrastructure, content and information, which builds on existing IT investments to provide a single virtualisation plat-form for all data to support cloud and enable big data.”
Aiming at helping customers transform their data into actionable information and harness its power as a strategic asset for business insight and innovation, the company aligned its product and solutions portfolio around a 3-tiered strategy of infrastructure cloud, content cloud and information cloud that builds on existing IT investments to provide a single virtualisation platform for all data.
The new flash, unified and virtualisation storage platforms too were developed in the basis on the 3-tiered approach to fit into the strategy.
Hitachi Data Systems believes that all data has value and to fully realise this potential, it requires data and information to be stored, governed and managed as an asset. Only then can the data be shared, compared, and analysed more holistically for better insight and innovation.
Venugopal’s intention is to leverage Hitachi Data Systems technology to create social infrastructure solutions that involve cloud services, big data management, machine-to-machine networks, equipment management and control systems. “These solutions will bring intelligent information capabilities to the areas of power systems, railways and transportation, urban development and others, ultimately resulting in more efficient, secure and sustainable societies,” says Venugopal.
“The three new technology
enhancements support this strategy
and simplify the tasks of
implementing flash, unified storage
with primary de-dupe and converged
infrastructures for rapid application
deployment”hu yoshida
VP and CTO, hitachi Data Systems
3 8 iTnexT | a u g u s t 2 0 1 3
insight | Flash storage
How to Maximise iT investments and PerformanceThe flash storage integrates all the enterprise functions of HUS VM with flash module to enable increased performance. The microcode in HUS VM has been optimised for flash to provide 500,000 IOPS now and 1,000,000 IOPS going forward. The flash modules provide 4 times higher performance and 46 per cent lower bit cost than standard SSDs; and with a 5U HUS VM controller, and up to 8X 2U HAF drawers, this could be used as a standalone flash array with the advantage of full enterprise functions like snapshots and replication.
The unified storage and NA is expected to double capacity and performance with its hybrid-core architecture that blends Intel and FPGA technologies. These new file modules can consolidate multiple NAS filers at a 30 per cent lower TCO. These NAS heads have FPGA feature that provides workload aware, primary de-dupe that customers can set and forget. Primary de-dupe is expected to reduce capacity requirement by as much as 90 per cent.
Hitachi’s UCP Pro for Virtualisation platform include VMware vSphere turnkey pre-configured solution with an orchestration layer integrated with VMware vCenter to view, provision, monitor, upgrade and performance tune the entire, stack including server, storage and networks for rapid deployment of virtual machines. UCP Select is server, storage,
“The technologies also achieve a new
milestone in the hitachi Data Systems
3-tiered strategy for infrastructure, content and information, which
builds on existing IT investments to provide a single virtualisation platform for all data to
support cloud and enable big data”Vivekanand Venugopal
VP& gM, India, hitachi Data Systems
and network reference solution, which are pre-validated and pre-certified for deployment of Microsoft Private Cloud (Hyper V), and for Oracle Database Real Application Cluster with predictable performance. UCP select for SAP HANA scale-out solution is a popular converged solution. These enhancements simplify management functions and improve utilisation to lower TCO by 30 per cent over a four-year period.
Customer’s TakeAccording to Venugopal, the adoption of flash technology is seeing an upward trend across various industry verticals. The use of flash controller provides 3 times the improvement in data storage compared to that of the standard SSDs.
All these technologies, besides increasing performance, would help in reducing the footprint, power-cooling cost, effective utilisation of resources, increased capacity efficiency and dynamic provisioning.
“We count on the reliability of Hitachi Data Systems for our most critical workloads. The flash technology, along with dynamic tiering, addresses our needs of high data growth along with higher performance by delivering sub-millisecond response times. Best of all, it protected our existing investments while seamlessly integrating with our storage architecture without any disruption,” says Jitendra Sangharajka, Associate VP, Information Systems, Infosys.
3 9a u g u s t 2 0 1 3 | iTnexT
Flash storage | insight
Designing a successful enterprise solution
is like well orchestrated music. It combines
business processes that cut across functional
areas as well as associated IT services
by Sudhakar anivella
Myths about Enterprise
Application Orchestration
4 0 itnext | a u g u s T 2 0 1 3
insight |EntErprisE ApplicAtion
PH
OT
O b
y: P
HO
TO
s.c
Om
Orchestrating or designing an Enterprise Application is an art which can be compared with the composition of music: It requires the same amount of effort or integration to produce the desired results.
The term orchestration in music refers to the way instruments are played to render any aspect of melody or harmony.
Similarly in EAI, “orchestration” describes the automated arrangement, coordination, and management of complex computer systems, middleware and services to achieve a seamless integration of functionalities present in various applications and provide the desired enterprise-wide solutions.
Each musical instrument is designed with a specific capability and can play sounds in a certain way. The orchestrator must decide which instrument(s) should play a specific chord, when to play it and in which order to create a melodious music score.
eAi Design ProcessSimilarly, each enterprise application is designed to focus on and address a specific functional area of the organization: Finance, HR etc. These applications work within the organisational/departmental bound-aries for which they are designed and developed. For this reason, many IT groups are aligned with these specific functional areas to support them effectively.
As in music, a successful enterprise solution requires careful orchestration of business processes which cut across these functional areas as well as associated IT services.
Enterprise solution design envelops various applications, tools, and organisational processes together in a coordinated way and utilises them in an effective way.
This is not an easy task: it requires dealing with multiple applications running on multiple platforms and also at various locations. It also requires careful orchestration of business processes
ChallengesSome of the common challenges faced by EAI projects are similar to the challenges faced by music orchestrators:
Sudhakar anivella
senior Architect, cA Technologies
“Designing an enterprise application
is not an easy task, as it requires
dealing with multiple applications
running on multiple platforms and
also at various locations”
4 1a u g u s T 2 0 1 3 | itnext
EntErprisE ApplicAtion | insight
1. Duplicate/Overlapping functionality in multiple applications and multiple sources of truth (for exam-ple, multiple applications maintaining employees’ personal data). This is similar to multiple instruments producing the same sound. The orchestrator should choose the proper instrument (the source of truth) to produce the desired musical note.2. Legacy applications with limited facilities for inte-gration. This is similar to some of the instruments that produce the same sound with a fixed pitch and beat. The orchestrator must identify and take necessary care to utilise these instruments as required. Simi-larly, the enterprise solution designer should identify such legacy applications and tailor the solution to fit them in.3. Similarly, other challenges for designing enterprise solutions include difference in semantics, dissimilar integration standards, multiple communication pro-tocols, multiple data formats, etc.. These challenges are in no way different from the chal-lenges faced by any music orchestrator composing a melody.
As we know, a simple note out of sync with the rest of the orchestration will create noise rather than a melody. Similarly, any discrepancy caused by any one application will lead to chaos, not a desired solution.
Enterprise solution designers can learn and apply from the best practices (patterns) followed by great composers for composing melodies to create the best enterprise solutions that cater to effective end user experience.
Key nuances of Application Orchestration � Orchestrating or designing an Enterprise application
is an art which can be compared with the composi-
tion of music
� EaI, “orchestration” describes the automated
arrangement, coordination, and management of com-
plex computer systems, middleware and services
� Each enterprise application is designed to focus on
and address a specific functional area of the organi-
zation: Finance, HR etc.
� as in music, a successful enterprise solution requires
careful orchestration of business processes which
cut across these functional areas as well as associ-
ated IT services
� Enterprise solution design envelops various applica-
tions, tools, and organisational processes together in a
coordinated way and utilises them in an effective way
ranjeev Tiwari
senior manager-IT, max Hypermarket Retail
investments on enterprise architectures
While designing an Enterprise
Application Architecture, one
should think of the scalability,
robustness and flexibility of the
are essentially huge and irreversible”
products for future growth as
4 2 itnext | a u g u s T 2 0 1 3
insight |EntErprisE ApplicAtion
An MBA maynot make youa CIO, butthis can
SESSIONS WILL COVER Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise
services/infrastructure Thinking strategically about IT Leadership in the corporate context
PLATINUM PARTNER
TECHNOLOGY PARTNER NEXT100 BOOK PARTNER
Download the NEXT100 app on your phone or tablet, and register for Pocket CIO program. Access the latest white papers and case studies, and watch videos
REGISTER THROUGH MOBILE APP
CITY&DATE
BENGALURU 23rd –24thAUGUST
MUMBAI 6th – 7th
SEPTEMBER
NEW DELHI13th – 14th
SEPTEMBER
APPLY NOW !WWW.ITNEXT.IN/NEXT100
EVENT BY
*THE PROGRAM IS ENTIRELY FREE OF COST FOR INDIVIDUALS WHO HAVE APPLIED FOR NEXT100 BUT FOR ALL OTHERS THE COST IS INR 2500
The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environment ITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and soft-skills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs.
Second_ADD_revised.indd 4 8/2/2013 4:58:53 PM
Are you at that stage in your career... when you start looking for something more. It could be a new direction, fresh focus or the next mountain to climb.
You’ve already come a long way, but it’s time to aim for the top - the pinnacle.
But scaling the next mountain is a big stretch. You need new skills. You require new perspectives. You want to be a stronger leader.
The Pinnacle Programme will help you do all this - and more.
Stop being consumed by
where you are...
...focus instead on where you want to be.
9.9 Mediaworx, B-118, Sector 2, Noida – 201 301, India Tel: +91 120 4010999
www.theleadershipinstitute.in
4 5a u g u s t 2 0 1 3 | itnext
IL
LU
ST
RA
TI
ON
by
: RA
j v
eR
mA
Enhanced performance, speed to access data and reduction in cost is the prima facie of any customer requirement. Against this backdrop, busi-
nesses are moving to all-flash systems to boost critical application performance, gain efficiencies and strategically deploy resources for data management.
Going by this need, and as part of its strategic initiative to drive flash technology further into the enterprise to help organisations better tackle the mounting challenges of big data, IBM announced flash caching in System x and tiering in Power Systems and brought in FlashSystem family, a comprehensive flash portfolio to help businesses and enterprises to speed big data analytics.
The Company invested $1 billion in flash and opened new Centers of Competency for client engagements believing that flash, a highly efficient re-writable memory, can speed the response times of information gathering in servers and storage systems from milliseconds to microseconds.
TechNOLOgy
Flash on a Drive
a durable and energy efficient spinning drive, Flash ensures performance and enables It
managers in handling big data issues
15minutem a n a g e r
Technology: Flash on a Drive ThIS pAge
Healthy Tips: Eye Care tips for Comp users pAge 46
Product Review: Nokia Lumia 520 pAge 50
TRAININgedUcATIONwORkpLAce
cOmpeNSATIONwORkfORce TReNdS
SkILLS deveLOpmeNTpeRSONAL deveLOpmeNT
what to
look in a
tabletpAge 46
By N Geetha
4 6 itnext | a u g u s t 2 0 1 3
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
15-MinUTe ManaGer
SO
UR
ce
: Uni
vers
ity
of R
oche
ster
med
ical
cen
ter
taKe CaRe OF yOUR eyeS WhILe USING PCDuring a recent visit to an optician, one of
my friends was told of an exercise for the
eyes by a specialist doctor that he termed
as 20-20-20.
step I :- after every 20 minutes of looking
into the computer screen, turn your head
and try to look at any object placed at least
20 feet away.
step II :- try and blink your eyes for 20
times in succession, to moisten them.
step III :- time permitting of course,
one should walk 20 paces after every 20
minutes of sitting in one particular posture.
Helps blood circulation for the entire body.
Circulate among all if you care.
INCReaSe yOUR COmFORt
� the following steps can further reduce
your eye discomfort and fatigue:
� Place the computer straight in front of
you, not off to the side.
� Place the screen at right angles to any
windows to minimize glare.
� adjust the screen angle to minimize
reflections from overhead lights or desk
lamps.
� use drapes, shades, or blinds to control
window lighting and glare. Vertical or
horizontal blinds will direct light away
from you and the computer.
EyE CarE EssEntials for ComputEr usErs
TIpS & TRIckS
Business made easy with FlashAjay Mittal, Director, Systems and Tech-nology Group, India/SA, says, “Because it contains no moving parts, the tech-nology is also more reliable, durable and more energy efficient than spinning hard drives.”
He also finds integrating flash with the data centre and virtualisation in a heterogeneous framework made flash even more sought after. Such benefits have led flash storage to pervade the consumer electronics industry and be built into everything from cell phones to tablets.
Today, as organisations are challenged by swelling data volumes, increasing demand for faster analytic insights, and rising data center energy costs, flash is quickly becoming a key requirement to enable the Smarter Enterprise.
“The economics and performance of flash are at a point where the technology can have a revolutionary impact on enterprises, especially for transaction-intensive applications.
The confluence of Big Data, social, mobile and cloud technologies is creating an environment in the enterprise that demands faster, more efficient, access to business insights, and flash can provide that access quickly,” says Mittal.
Mittal emphasised the point that management of the storage becomes much easy using flash technology, which also promises a reduction in cost. “ To help lead this transformation, IBM is investing $1 billion in research and devel-opment to design, create and integrate new flash solutions into its expanding portfolio of servers, storage systems and middleware.”
As part of that commitment, the company also announced plans to open 12 Centers of Competency around the globe. These sites will enable clients to run proof-of-concept scenarios with real-world data to measure the projected performance gains that can be achieved with IBM flash storage solutions. Clients will see first-hand how IBM flash solutions can provide real-time decision support for operational information, and help improve the performance of mission-
FactsIf you spend hours each day working at a computer screen, you may experience eyestrain, blurred vision, itchy eyes, and occasional double vision.However, studies have found no indication that working on a computer screen causes permanent vision problems. short-term problems, such as tired, irritated, or watery eyes, do bother many people who work at computers, but these problems can usually be corrected by wearing a special pair of glasses for computer work, adjusting lighting in the workplace, and altering the position of the computer screen. 20 Minutes to Relax your Eyes
Do you have future CIOs in your team?
IT INFRASTRUCTURE MANAGEMENTAWARD
If you think that you have mastered the art and science of effectively managing enterprise IT
infrastructure, PROVE IT NOW.
By Applying you stand a chance to:
Win the Regional IT Infrastructure Management Award Win the National IT Infrastructure Management Award
Secure interview with the Jury of NEXT100 and potentially win the NEXT100 awards Get “Pocket CIO” achievement certification
The pace of business
is accelerating around the
globe. As customers become more savvy, and
market conditions become increasingly dynamic, IT
managers need to ensure that their organizations are prepared to
successfully plan and deployIT infrastructure that meets user
needs- speedily and comprehensively.
How to Apply:
Register for POCKET CIO Program in a city of your choice by going to www.next100.itnext.in/pocketcio
Attend the IT Infrastructure Management session which will be conducted by experts from HCL Infosystems
INDIA’s FUTURE CIOs
WORKSHOP CALENDARBENAGALURU 23 - 24 AUGUST 2013 MUMBAI 6 - 7 SEPTEMBER 2013 DELHI 13 - 14 SEPTEMBER 2013
REGISTER TODAY
Presents
IT INFRASTRUCTURE MANAGEMENTAWARD
POWERED BY
ITNextADD_001_revised.indd 4 8/2/2013 5:18:30 PM
15-MINUTE MANAGER
4 8 itnext | a u g u s t 2 0 1 3
critical workloads, such as credit card processing, stock exchange transactions, manufacturing and order processing systems.
IBM FlashSystem 820, for example, is the size of a pizza box, and is 20 times faster than spinning hard drives, and can store up to 24 terabytes of data.
Mittal reiterates that flash systems can provide up to 90 per cent reductions in transaction times for applications like banking, trading, and telecommunications; up to 85 per cent reductions in batch processing times in applications like enterprise resource planning and business analytics; and up to 80 per cent reductions of energy consumption in data center consolidations and cloud deployments.
Cost-Benefit FactorFor instance, according to Mittal, the customer can see a reduction in per dol-lar cost per iOPs using flash, as against SATA or SAS drives.
Mittal vouches for the fact that the technology in a typical system configuration, and a maximum system configuration can return over 1,400,000 input/output operations per second (IOPS) at less than 1 millisecond average response time.
The differentiating factor is IBM SVC which is widely regarded as an
industry-leading standard when it comes to storage virtualisation which is a single point of management and control for small and large heterogeneous storage environments used with flash for better performance.
“The outcome is best when SVC and FlashSystem 820 are configured together,” says Mittal.
Best Flash PracticeAs a best practice, when configuring multiple IO group SVC clusters, custom-ers need to zone every node so that it can access FlashSystem 820. If you configure multiple FlashSystem 820 ports, repeat the zoning so that every SVC node has access to every FlashSystem 820 port.
Logical configuration on FlashSystem
To provide usable storage (managed disks) on SVC, you need to define some logical units (LUs) on FlashSystem 820, and map these LUs to the FlashSystem host ports.
Create at least four LUs on flashSystem 820 storage, and use default masking to map all of the LUs to all of the FlashSys-tem 820 host ports.
When you create zoning, each man-aged disk (mdisk) discovered by SVC will have eight available paths between each SVC node and the flashsystem port.
The tested configurations, for example using 4 LUs or 16 LUs using varying FlashSystem 820 capacity to test 25 per cent, 50 per cent, and 100 per cent alloca-tion. That is, with 4 LUs and 50 per cent allocation, each LU was approximately 2.5 TB in size. Similarly, with 16 LUs and 50 per cent allocation, each LU was approxi-mately 625 GB in size.
If you use FlashSystem 820 as the primary data storage, as with the test results here, add all of the mdisks from the controller to a single managed disk group (also known as a storage pool in the SVC GUI). If more than one FlashSystem 820 is being presented to an SVC cluster, a best practice would be to create a single storage pool per controller.
If you use FlashSystem 820 with the SVC EasyTier function, you will likely want to create multiple LUs for each hybrid storage pool.
Create four or more LUs per hybrid pool, with the combined capacity of these LUs matching the capacity that you want for the SSD tier in that pool.
Customer ForteAs a testimony to the performance of Flash, IBM’s customer Sprint Nextel Corp installed nine flash storage systems at its data center, for a total of 150 TB of additional Flash storage.
The objective was to improve the
“Because it contains no moving parts, the technology is also more reliable, durable and more energy efficient than spinning hard drives”—ajay mittal, Director, systems and technology group, India/sa
15-MINUTE MANAGER
5 0 itnext | a u g u s t 2 0 1 3
the nokia-Microsoft bond is one that many often question, saying that the Finn-
ish company should ditch the latter’s Windows Phone 8 platform in favour of an-
droid. However, given the popularity of the current Windows Phone devices in the
market, such as the Lumia 920 and the 720, coupled up with the excitement of
the Lumia 1020, we don’t see why Nokia would want to find itself a new software
partner. One of the phones that also created waves when it came out was the
Nokia Lumia 520, the cheapest WP8 device in the market at the moment.
Build and Design
the Nokia Lumia 520 takes its design cue from the Lumia 720, in that it has sharp
rounded edges instead of the soft round corners of the Lumia 620 or 820. the
phone’s build follows a gentle curve from front to back that flow rather well with
the curvature of our hands when we’re holding the phone. the smooth matte plas-
tic shell that forms the majority of the phone is also built incredibly well, giving the
phone a very solid feeling.
the 4-inch screen on the phone allows it to be a perfect fit in most hands, not
to mention allowed us to go all one-handed on the Lumia 520. With the new
“screens must be big” fad, we’ve had a hard time using our phones with one
hand, so the Lumia 520 feels really nice in this regard. What are also really nice
are the volume, power and dedicated camera button on the side of the phone,
which stand out quite prominently, meaning that when you press them, there is
adequate feedback for you to know that the phone registered the press.
Software the Nokia Lumia 520 ships with the Windows Phone 8 Os, Microsoft’s latest
mobile operating system. the phone is slated for the amber update, which would
add Bluetooth 4.0, FM radio and other functionality to the phone. However, we’re
going to focus on what the phone has to offer in its current firmware version. the
Lumia 520, just like every other Windows Phone 8 device, ships with a copy of
OneNote and Office for Mobile pre-installed. For a phone that costs as little as
this one, the presence of Office for Mobile should be enough in of itself to be a big
value for money factor. If it’s not, then you will have access to the Microsoft Win-
dows Phone store from where you can download most of the popular apps such
as Facebook, Whatsapp, Viber, Foursquare etc. then there’s also skyDrive, with its
free 7gB of online storage. —source: thinkdigit.com
performance and efficiency of its phone activation application. Increase in performance enabled the enterprise to expand its technology to other parts of the data center.
Flash technology seems to add value to the retail enterprises as well.
As Mittal explains, “One of our retail customers wanted to boost system performance to ensure fast, reliable access to its online catalogue.
The customer chose to replace disk-based storage with solid-state storage technology from Texas Memory Systems (TMS), an IBM Company.
The customer currently operates two pairs of TMS RAM-based RamSan®-440 and flash-based RamSan-710 systems.
To solve its I/O bottleneck, the company moved high-volume Oracle database tables to the RamSan storage.
Unlike disk-based storage, no extra optimiSation or third-party application tuning was required to extract maximum performance from the RamSan.
As the popularity of its online platform continued to grow over the years, the retailer needed more performance, and today operates with two TMS RamSan-440 systems, deployed in a mirrored high-availability configuration with redundant data paths over 8-Gbit Fibre Channel connections.
The benefit that the company observed, according to Mittal, was eliminating storage bottlenecks to deliver the consistently high performance that needs to support its e-retail platform, even as web traffic has increased by more than 50 per cent.
PoCs in ProgressCustomers across various industry verti-cals seem to be going in for proof of con-cept with regard to flash technology and its benefits. IBM is looking at about nearly 100 customers who are keen on moving to flash. Besides this, service providers are seriously looking at flash for their cloud-based storage model and capacity planning.
ajay Mittal, Director, systems and technology group, India/sa,
nokia lumia 520 rEviEwTAbLeT gLOSSARy
Initiative by Event by
Apply TODAy AT www.nexT100.inDownload the NEXT100 App to register and track your application
Do you have future CIOs in your team?
FIND OUT NOW!INDIA’s FUTURE CIOs
VisiT www.nexT100.in TO knOw mOre
About NEXT100NEXT100 is the Indian IT industry’s premier awards program that identifies and honors 100 experienced IT managers who have the skills and talent to become CIOs and leaders. All NEXT100 award winners are selected through a rigorous and comprehensive evaluation process that reviews techno-commercial, management and leadership skills. The final selection of the award recipients is made by a prestigious committee comprising India’s top business and technology leaders
NEXT100 Award Process• Applicants need to complete the online
registration and application form (Last date is 04-Aug-2013)
• All applicants have to take the online
psychometric tests that assesses personality traits and leadership style
• Qualified applicants are shortlisted for interview by jury panel. Each candidate is independently interviewed by two jury members
• Reference checks of qualified candidates are done with work supervisors and designated referees
• The list of NEXT100 award winners is announced by the jury, and award winners are
invited to attend an all-expense paid gala awards night
How to ReferYou can nominate candidates by going to http://goo.gl/X7kWo. The last date for nominations is 31st July, 2013.
PARTNERS
Platinum Partner
NEXT100 Book Partner
Technology Partner
cube chat | Vishal Kumar Bisht
5 2 itnext | a u g u s t 2 0 1 3
i am keen to develop the first e-Learning Platform and make it available on Desktop, Web, Mobile and tablet,” says Vishal Kumar Bisht, Founder, Director, Marksman Technologies Pvt. Ltd.
Think Clean, Be Simple
Vishal Kumar Bisht, Founder Director and CTO of Marksman Technologies Pvt. Ltd., believes in thinking clean and leading a simple life. He obviously draws
his inspiration from the Bhagawat Gita. An aeronautical engineer by profession, Bisht
was associated with an advertising agency and was instrumental in setting up a call centre for a media house. “At the start of my career itself, I was exposed to working on new technologies, which was indeed a turning point in my career, and which fired my passion for coding and data management,” says Bisht.
Besides, Bisht possesses the passion to keep acquiring new technological insights and implement the learning immediately in his organisation or create an environment for his team to implement the new applications. Passionate
about technology, Bisht, being the first generation entrepreneur with over 12 years of experience in application development, product development and IT consultation, has been involved in various Custom Application Development in (ERP for SMEs) and worked in various verticals like Investment Banking, Event Management, educational institutions and government agencies.
As an entrepreneur, he now focuses on the e-Learning vertical and in the past few years, he has been closely involved in the development of various e-Learning products and applications (solutions).
The feather in Bisht’s cap was to do with developing web 2.0 Web Collaboration Application, which is developed using Open Source Technology in RED5 (for the streaming) and Laszlo (in the UI).
“At present, we are working on an online Book Store, an -e-Commerce Portal where the products
Passion to learn new
aspects and nurturing
the passion
My sucessMantra
By N GeeTha
cube chat
5 3a u g u s t 2 0 1 3 | itnext
PH
OT
O b
y s
ub
HO
ji
T P
au
l
catalogues in DB contained more than 10 crore books, and with approximately 15 lakh users of this portal; this is a huge data to manage on a server in real time,” says Bisht. In an attempt to nurture his technological passion, Bisht and team plan to implement big data; and are going to implement in-Search module to fast Searching move using SOLR + Hadoop. The idea is to provide faster access to reports for business groups.
Bisht has various projects to his credit. A keen project management player, he is also a good team player. As the CTO of the organisation and a technology enthusiast, Bisht has rolled out about 400 projects in creating static and dynamic websites and e-commerce portals, involved in business development, project management and
project execution. He has to his account 10 ERP roll outs, also involved with coding and testing. However, the most cherished project for Bisht is developing e-learning applications and products. “I call this e-learning project most innovative, as it is a cloud based e-learning platform for SMEs with the url www.smecloud.in, which provides lot of learning,” says Bisht. Bisht has the confidence to tackle any situation or any team as his experience in working with the corporate sector as well the government sector gave him the necessary exposure. Bisht draws inspiration from N R Narayana Murthy, the Founder of Infosys. While he resorts to sports and music to relieve stress, as a Next100 winner and an entrepreneur, his dream is to emerge as a global leader in e-learning..
FaCT File
Full Name: VisHal bisHT
CurreNT DesigNaTiON: FOuNDer , CeO – marksmaN TeCHNOlOgies PV T. lTD.
CurreNT rOle: CeO aND CTO
exPerTise: e-learNiNg , e-COmmerCe , ClOuD aND big DaTa
WOrk exPerieNCe: aPPrOximaTely 13 years iN THe iT iNDusTry
FaVOuriTe quOTe: “THaT’s beeN ONe OF my maNTras — FOCus aND simPliCiT y. simPle CaN be HarDer THaN COmPlex: yOu HaVe TO WOrk HarD TO geT yOur THiNkiNg CleaN TO make iT simPle. buT iT’s WOrTH iT iN THe eND beCause ONCe yOu geT THere, yOu CaN mOVe mOuNTaiNs.”
sTeVe jObs
FaVOuriTe bOOk: arT OF THe sTarT guy kaWasaki
FaVOuriTe FOOD: sOuTH iNDiaN FOOD
FaVOuriTe DesTiNaTiON: siliCON Valley
FaVOuriTe gaDgeT FOr WOrk: maC bOOk
FaVOuriTe gaDgeT FOr PersONal use: blaCkberry
“At the start of my career itself, I was exposed to working on new technologies, which
was indeed a turning point in my career, and which fired my passion for coding and data management”
H/K SoundSticKS wireleSS
The transparent subwoofer and
the transparent satellites housing
four silver black drivers gives this
speaker system from Harman
/kardon an entirely organic
feel to it.
Hot
Price: ` 15 ,990
weStone Adventure SerieS AlpHA
The culmination of Westone’s two decades
of experience in designing in-ear headphones,
the Adventure series ADV Alpha set is a weather
–sealed, unibody, magnesium headset that is
designed with the real adventurer in mind. The set is
designed to fit snugly in your ear canal and stay
there, no matter what and the cable includes
reflective controls that almost glow in
the dark.Price: ` 15 ,000
KAtA’S Kt pl- e-690 element
This particular cover for your
camera works great in light to
moderate rain but it is not meant for
heavy-duty usage. The transparent back
cover along with the hand sleeves
makes the camera
controls accessible.
Price: ` 3,500
SonoStAr SmArtwAtcH
The product is an elegantly
designed watch that is an excellent
alternative for those who are unhappy
with the pebble’s aesthetics.
Compatible with both, iPHone and
Android device.
new Price: 11 ,000
update
5 4 itnext | A u g u s T 2 0 1 3
Here is a preview of the latest tech toys on the block to add to your arsenal. Take your pick and then go splurging!
Like something? Want to share your objects of desire? send us your wish-list or feedback to [email protected]
indulge The hottest, the coolest and the funkiest next generation gadgets and devices for you
update
5 5a u g u s t 2 0 1 3 | itnext
PH
OT
O I
MA
GI
NG
: s
HI
GI
l N
Ar
Ay
AN
AN
A platform to air your views on the latest developments and issues that impact you
ArchAnA S AwASthi VIce PresIdeNT & HeAd- BFsI, rAMcO sysTeMs Cloud based BI and analyt-
ics is no longer a novice as
most customers in the BFsI
segment are leveraging
the model under the public
cloud. Customers are looking
at a data centric BI cloud
model; we have brought in
standardisation in the cloud
based model, while creating
industry templates.
traditional analytics solu-
tions are built ground-up,
are very complex and take
many man-months to imple-
ment. Cloud model would
enable customers to quickly
and easily adopt business
applications and then gradu-
ate to a full-fledged ERP,
without replacing the exist-
ing system.
VijAy Sethi VP & cIO, HerO MOTOcOrP Cloud Computing strat-
egy needs to be built and
brought to an agreement
with key stakeholders.the
critical steps are:
a) One needs to fully
understand the concepts
and implications of cloud
computing before taking
a decision on whether to
maintain an It investment
in-house or whether to buy
it as a service through the
Cloud.
b) Ensure that the key
members of your It team
are on board. I think there
can always be resistance
from the team that is
managing the current infra-
structure or applications–
for this culture, mindset
has to change.
rAmAndeep Singh ceO, AlTeN cAlsOFT lABs * Public cloud-based Iaas
for a BI system: this option
involves subscribing to an
Iaas vendor and a pay-as-
you-use model on the hard-
ware and systems software.
In this model, enterprises
can deploy their own Ex-
tract transfer and Load,
DBMs and BI software on
top of this. this model helps
enterprises to convert their
CaPEX to OPEX.
* BI/DW Platform as a
service (Paas): using this
option, enterprises can de-
ploy the BI/DW system on a
public cloud or an externally
hosted BI/DW for building
one’s own cloud-based BI
system using one or more
third party products. this
model is useful for sMBs.
Key Ingredients in Planning a Cloud BI&BA
open debAte
Your views and opinion matter to us. send us your feedback on stories and the magazine to the Editor at [email protected]
book For you
Inside the BoxWhy the Best Business solutions are right in Front of you
Star Value:
authORs: DREW BOYD, JaCOB gOLDEnBERg
IT NEXT VerdictGrab a copy of the book to master the five
techniques of sIT--subtraction, division,
Multiplication, Task Unification, and Attribute
dependency-for your creative breakthrough
here’s a book that stands conventional
wisdom on its head and how! how
often have we heard the phrase ‘think
outside the box’ being bandied around
in classrooms, in management work-
shops, in brainstorming sessions…. to
be creative, you must be original and
to be original, you cannot think within
frames and rules. the book Inside
the Box, introduces us to a radically
different concept. It says that for an
organisation to be really creative, we
must think inside the box, using the
familiar and the structured. Employ-
ing templates is, in fact, a quicker and
better way to creative and innovative
thinking. the methodology of creativity
by thinking inside the box has been
derived by research which exhibited a
set of common patterns to the basis
of all creative solutions. this book is
a must read for all managers—those
who were born with a creative streak
and those who have always felt some-
how lacking in that department. Inside
the Box demonstrates that creativity is
something which can be mastered. It
has a methodology by learning which
each one of us can come up with the
next “eureka” moment .
my log
5 6 itnext | a u g u s t 2 0 1 3
Sangita thakur varma managing Editor, india now
A few years from now, the world will be calling us a nation of coders—some in amazement, some out of pure envy. What-ever the feeling prompting the moniker, the facts will prove that we have earned the sobriquet. For starters is the recently released report by Evans Data forecast-ing that India will surpass the United States in the number of software develop-ers it produces by 2017. By 2018, India will have increased its developer count to 5.2 million, a nearly 90 per cent increase from the current 2.75 million developers.
India’s clear info edge has sent a few nations in huddle as they scratch their heads to understand where they failed. For instance, the United Kingdom is blaming its “boring” “dumbed down” school curriculum (5-14 years) for the lack of IT talents in the country and is introducing rigorous computer science in schools.
In the United States, you do have a Mark Zuckerberg once in a while thanks to private coaching. But then India is fast catching up with its own young breed of code crackers with the IT wave sweeping across the country. Indians, it would appear, are being genetically engineered in software labs (read schools). You have a Super Thirty in the boondocks of Bihar, so successful at cracking the tough IIT entrance exam, that it is being feted and cloned across the world, and centres like Kota that specialise in IT coaching and teaching.
Managing A Surfeit of TalentIndia’s rising It talent reservoir will require judicious management
IllustratIon: raj verma
CUBE CHAT | VISHAL KUMAR BISHT
5 2 ITNEXT | A U G U S T 2 0 1 3
CUBE CHAT
5 3A U G U S T 2 0 1 3 | ITNEXT
PH
OT
O B
Y S
UB
HO
JI
T P
AU
L
catalogues in DB contained more than 10 crore books, and with approximately 15 lakh users of this portal; this is a huge data to manage on a server in real time,” says Bisht. In an attempt to nurture his technological passion, Bisht and team plan to implement big data; and are going to implement in-Search module to fast Searching move using SOLR + Hadoop. The idea is to provide faster access to reports for business groups.
Bisht has various projects to his credit. A keen project management player, he is also a good team player. As the CTO of the organisation and a technology enthusiast, Bisht has rolled out about 400 projects in creating static and dynamic websites and e-commerce portals, involved in business development, project management and
project execution. He has to his account 10 ERP roll outs, also involved with coding and testing. However, the most cherished project for Bisht is developing e-learning applications and products. “I call this e-learning project most innovative, as it is a cloud based e-learning platform for SMEs with the url www.smecloud.in, which provides lot of learning,” says Bisht. Bisht has the confidence to tackle any situation or any team as his experience in working with the corporate sector as well the government sector gave him the necessary exposure. Bisht draws inspiration from N R Narayana Murthy, the Founder of Infosys. While he resorts to sports and music to relieve stress, as a Next100 winner and an entrepreneur, his dream is to emerge as a global leader in e-learning..
I am keen to develop the first e-Learning Platform and make it available on Desktop, Web, Mobile and Tablet,” says Vishal Kumar Bisht, Founder, Director, Marksman Technologies Pvt. Ltd.
Think Clean, Be Simple
Vishal Kumar Bisht, Founder Director and CTO of Marksman Technologies Pvt. Ltd., believes in thinking clean and leading a simple life. He obviously draws
his inspiration from the Bhagawat Gita. An aeronautical engineer by profession, Bisht
was associated with an advertising agency and was instrumental in setting up a call centre for a media house. “At the start of my career itself, I was exposed to working on new technologies, which was indeed a turning point in my career, and which fired my passion for coding and data management,” says Bisht.
Besides, Bisht possesses the passion to keep acquiring new technological insights and implement the learning immediately in his organisation or create an environment for his team to implement the new applications. Passionate
about technology, Bisht, being the first generation entrepreneur with over 12 years of experience in application development, product development and IT consultation, has been involved in various Custom Application Development in (ERP for SMEs) and worked in various verticals like Investment Banking, Event Management, educational institutions and government agencies.
As an entrepreneur, he now focuses on the e-Learning vertical and in the past few years, he has been closely involved in the development of various e-Learning products and applications (solutions).
The feather in Bisht’s cap was to do with developing web 2.0 Web Collaboration Application, which is developed using Open Source Technology in RED5 (for the streaming) and Laszlo (in the UI).
“At present, we are working on an online Book Store, an -e-Commerce Portal where the products
FACT FILE
FULL NAME: VISHAL BISHT
CURRENT DESIGNATION: FOUNDER , CEO – MARKSMAN TECHNOLOGIES PV T. LTD.
CURRENT ROLE: CEO AND CTO
EXPERTISE: E-LEARNING , E-COMMERCE , CLOUD AND BIG DATA
WORK EXPERIENCE: APPROXIMATELY 13 YEARS IN THE IT INDUSTRY
FAVOURITE QUOTE: “THAT’S BEEN ONE OF MY MANTRAS — FOCUS AND SIMPLICIT Y. SIMPLE CAN BE HARDER THAN COMPLEX: YOU HAVE TO WORK HARD TO GET YOUR THINKING CLEAN TO MAKE IT SIMPLE. BUT IT’S WORTH IT IN THE END BECAUSE ONCE YOU GET THERE, YOU CAN MOVE MOUNTAINS.”
STEVE JOBS
FAVOURITE BOOK: ART OF THE START GUY KAWASAKI
FAVOURITE FOOD: SOUTH INDIAN FOOD
FAVOURITE DESTINATION: SILICON VALLEY
FAVOURITE GADGET FOR WORK: MAC BOOK
FAVOURITE GADGET FOR PERSONAL USE: BLACKBERRY
“At the start of my career itself, I was exposed to working on new technologies, which
was indeed a turning point in my career, and which fired my passion for coding and data management”
Passion to learn new
aspects and nurturing
the passion
MY SUCESSMANTRA
BY N GEETHA
PH
OT
O/I
LL
US
TR
AT
IO
N/I
MA
GI
NG
CR
ED
IT
IL
LU
ST
RA
TI
ON
BY
SH
IG
IL
NA
RA
YA
NA
N
New technology enhancements will boost performance, reduce TCO by up to 30 per cent, and help senior IT managers achieve business transformation
BY N GEETHA
Transform Business, in a
Flash
THESE ENHANCEMENTS
SIMPLIFY MANAGEMENT
FUNCTIONS AND IMPROVE UTILISATION TO LOWER TCO BY 30
PER CENT OVER A FOUR-YEAR PERIOD
The key objective of Hitachi Data Systems Corporation has been to make the lives of senior IT managers simple and easy to cope with data storage challenges. The challenges that these IT professionals face according to Hitachi are:
They have less time to develop and deliver new solutions and services to more customers, and they must do so with flat or decreasing budgets.
To get the most out of their IT investments, they need to maximise performance, efficiency and economics of their infrastructure and resources.
Maximising IT accelerates insight, improves decision-making, and releases resources to let them increase the pace of their innovation and harness information to build competitive advantage.
To address these challenges in a more logical and pragmatic fashion, Hitachi
has made technological enhancements and rolled out three infrastructure solutions: All-flash storage solutions, Storage solutions which are unified ready and solutions which enterprise-virtualisation ready.
Hu Yoshida, VP and Chief Technology Officer, Hitachi Data Systems says, “The three new technology enhancements support this strategy and simplify the tasks of implementing flash, unified storage with primary de-dupe and converged infrastructures for rapid application deployment”
According to Yoshida, Hitachi Unified Storage flash system is designed for organisations that seek to accelerate the performance of their business applications. With integrated Hitachi Accelerated Flash and enterprise storage virtualisation, HUS VM delivers faster access to information and increased efficiency through central management of all storage assets. Database, analytics,
3 6 ITNEXT | A U G U S T 2 0 1 3
INSIGHT | FLASH STORAGE
NITIN DANG | INTERVIEWINTERVIEW | NITIN DANG
3 3A U G U S T 2 0 1 3 | ITNEXT3 2 ITNEXT | A U G U S T 2 0 1 3
COBOL ON AN INTEGRATION SPREE
Can you elaborate on the innovations in the enter-
prise application modernisa-tion, testing and management solutions arena?Micro Focus operates in the space of enterprise application moderni-sation, testing, and management solutions. Over the years, COBOL has evolved to keep pace with technological developments, inte-grating with most modern tech-nologies today. Most importantly, it has retained many of its tradi-tional strengths. As technology evolves, and new trends emerge, end users demands and expecta-tions of the software applications are constantly changing.
The emergence of social media and web 2.0 applications such as Facebook and new mobile plat-forms such as iOS and Android, are driving users to expect a similar experience and accessibil-ity when working with business applications. At the same time, the emergence of Software as a Service (SaaS) and the availability of Cloud
Nitin Dang, Country General Manager, Micro Focus India and SAARC, looks at the importance of modernising the business-critical COBOL applications which make it compelling for organisations to drive productivity. Dang elaborates on the innovation in traditional COBOL and how it offers cost savings to customers, besides ensuring increased productivity and the ability to drive focus on product innovation
technology mean geographic bar-riers are being broken down. These growing trends are putting pressure on businesses to respond in a timely fashion to constantly changing user expectations and new competition. As organisations scramble to meet the new demands of the market, they expect their IT teams to deliver with constantly diminishing budgets. With this in mind, organisations are find-ing that the quickest, cheapest and safest option is to modernise their existing COBOL applications.
The key has been to keep the language current with new pro-cessing ideas and new capabilities. This makes it easy to adapt COBOL to new environments even though it is a mature language with a lot of operating lines of code. COBOL has a unique capability in that the same COBOL code can be com-piled into native code, .NET and to the JVM without changing a single line of code.
Visual COBOL delivers a more productive, efficient developer
experience. It empowers the organ-isation through innovation, to carry forward its application investments into the future.
How is it being leveraged by customers?Talking specifically about Visual COBOL, we recently worked with Om Logistics India’s lead-ing logistics services company, to build a COBOL-based Enterprise Resource Planning (ERP) system, built using Micro Focus Server Express, which supports the com-pany’s core business modules, including accounting, reporting, warehousing, HR and payroll as well as consignment tracking.
Visual COBOL helped them to leverage the latest industry-standard IDEs to modernise core applications, development of a mobile application to access COBOL systems, and improving the efficiency of the developers by 30 per cent. This is a huge achieve-ment, considering the pressures on IT investment.
Micro Focus's Country GM, Nitin Dang on how modernising COBOL would drive productivity Pg 32
Transform Business, in a Flash: Hitachi's new technology to drive business transformation Pg 36
Marksman's Vishal Bisht believes in thinking clean and leading a simple life to realise the passion Pg 52
Technology, it wouldn’t be far-fetched to say, is now a part of the Indian DNA. So where does it leave the IT managers with a surfeit of geeks to manage?
Managing talent from all accounts is hard work. In fact, it forms part of the management curriculum with the nuts and bolts of processes and systems. The idea of people leadership is itself stressful and now with all the attendant frills of psychology, sociology and management tools, it is as complicated as some obscure scientology process.
But experience tells me that talented people are easiest to manage because they bring dedication to their work. If you are ever grappling with the issue of motivation in your team then it is time you took a hard look at the members. The mark of a high performer is that s/he never needs external motivation.
Come what may, they are always focussed on the goal, as they are self-motivated. Secondly, since they know their job and you know you hired the right man/woman for the right job, can we just ease off a bit?
At my current organisation, the top management’s display of absolute trust in the managers is not just amazing but highly rewarding, both for the company and the manager. They communicate but not micromanage. You as the manager and team leader are trusted. The rewards are being reaped both ways.
3 EssEntial REads
AP_IND_PRN_Q2-14_36701_28x20.5.pdf 1 01/08/13 9:23 PM
