CIO January 1 2009 Issue

Bu

sin

es

s

T

ec

hn

ol

og

y

l

ea

de

rs

hip

Benchmark Against Google, YouTube & Amazon

Get Your CFO Sold on Cloud Computing

Squeeze More Value From Your Network

Use Collaboration to Boost SCM

Keep Your Team Keen on Storage Virtualization

Evaluate Your Appetite for Risk

Improve Governance by Going Green

Rethink Your Staffing Approach

Tech Trends For The year ahead

BonusFull coverage oF

the CIO | 09 Programon on DVDDVD

JanuarY 1, 2009 | rs100.00

vol/04 | ISSue/04 www.CIO.IN

HOW TO:

THe YeAR AHeAD SPeCIAL

Vijay [email protected]

From The ediTor-in-ChieF

Another fresh new year is here …

Another year to live!

To banish worry, doubt, and fear,

To love and laugh and give!

— William Arthur Ward

new Year, the oldest holiday in the world, dates back almost 4,000 years to

the Babylonians. To them it signified regeneration, much like it does to us. To me, the New

Year’s about taking time off from work and catching up with family and friends. It’s about

spending a bit more time doing things that I enjoy, like baking bread.

And, it’s about making determinations and resolutions. In my case, they revolve around

fighting the battle of the bulge and knocking some pounds off (for the Babylonians this

was a time for more prosaic issues like

returning borrowed farm equipment

and just having a good time).

There is something about this time of

the year that goes well with renewal and

change and new directions to take.

Given today’s economic climate, I believe, it’s time to fundamentally shift our actions to

reflect this reality, but not in any fearful, oh-what-is-coming-next way. No sir. After speaking

to a host of CIOs, I’m convinced more than ever before that waiting for the economic

environment or the suits in the boardroom to set your agenda for you is hardly the way

forward. In fact, quite the opposite.

I believe that the IT departments that will see the slowdown off, and even prosper, will

do so by tempering their caution with a fair bit of aggression. It’s these teams that will make

a compelling case for continuing investments in IT by first empowering their organizations

to work smarter and be more productive within the current framework.

That’s one of the reasons for this special issue, which focuses on innovation and

improvement and ideas (big and small) that we think will add value to you and the

organizations that you are associated with.

It’s also an issue that contains four Mindtrack surveys that were conducted in the beginning

of December 2008 — to help you benchmark your organization against those of your peers

and prepare you to take this year head on.

Do let me know what you think about this issue of CIO — my inbox awaits your opinions.

Here’s wishing you a year filled with good fortune, prosperity and happiness. Salud.

The IT departments that will see the slowdown off will do so by tempering their caution with a fair bit of aggression.

Slowdown’s the time to speed it up.

Life on the Fast Lane

Vol/4 | ISSUE/042 j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2 12/26/2008 8:11:55 PM

january 1 2009‑january 1 2009‑|‑Vol/4‑‑Vol/4‑|‑issue/04‑issue/04

Vol/4 | ISSUE/046 j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

[FEATUREs]30 | How To BEncHmARk(or takE to pIEcES) YoUR IT InFRAsFRAsFRA TRUcTUREIT InfrasTrucTure How do you create a more agile, responsive and cost-effective It department? Bechtel cIo Geir ramleth dismantled his infrastructure and started over.Feature by Stephanie overby

44 | How To RE-InvEnT(and FUtUrE-prooF) THE sUpplYpplYppl cHAInscM Existing methods of haulage, storage and shop inventory are set to be revolutionized. as a result, the information infrastructure to support the supply chain will need reinvention. Here’s how to prepare.Feature by mark Chillingworth

52 | How To pREp FoR (or ExIt oUt oF) sToRAgRAgRA EvIRTUAlIzATIonsTorage launching a storage virtualization project? Industry watchers offer five key questions.Feature by Stacy Collett

58 | How To IncREAsREAsREA E AgIlITY(and rEdUcE tHEcoSt) oF YoF YoF UR nETwoRkneTworkIng With ever-expanding networks and companies wanting to increase their bandwidth, network costs are rising. Here’s how to control spiraling expenses.Feature by Karen d. Schwartz 64 | How To monETARIlYlYl(and Morally) BEnEFITFRom gREEn I.T.green I.T. a green-friendly It strategy is not just a pr move. It can bring substantial cost, energy and governance benefits.Feature by Cath everett

[THE mInDTRAck sURvEYs]42 | mAkIng BUsInEss ApRIoRITYcusToMer analyTIcs Given the current econonic climate, those facing customers — and in charge of ensuring their loyalty — have to work harder. We asked cIos how important the needs of these employees were and how they were helping.

50 | InFoRmATIon wEllsTorage cIos are convinced that an enterprise-wide information management strategy is important for business success. So what are they doing about it?

56 | sTAYIng connEcTED neTwork InfrasTrucTure Many cIos are betting on unified communications and are planning to invest in it this year. For the rest of what’s in store in 2009, read on to discover what our poll told us.

70 | wHAT AwHAT AwHAT RE YoUAFRAID oF?securITy a majority of cIos say that malware will create havoc in 2009. and a majority of you have lost customer data at least once. our survey of 148 cIos brings to light all that you and your peers want to know.

30 44 64 58 52

co

VE

r:

dE

SIG

n B

y J

ay

an

kn

ar

ay

an

an

8 j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

content (cont.)

deparTmenTs

now onlInE

For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy It strategically. Go to www.cio.in

c o.in

[colUmns]22 | wHAT’s on THE cARDs(and WHat’SproBaBly not) In 2009IT InTellIgence What does the future hold? With a little help from researchers and some educated guesses, here’s what we predict will happen in 2009.Column by nancy Weil

26 | wHAT wHAT wHAT To AxE (or WHat to lEaVEIn placE) In AslowDownapplIed InsIghT cutting It costs can only take you so far. you also need to invest in talent management. Column by david howard-Jones

2 6

2 2

Trendlines | 11 Technology | Virtualization RulesQuick Take | Veneeth Purushothaman on WirelessVoices | Should CIOs Think Like CFOs?IT Personnel | Fear the Database AdminSecurity | Bad Guys Eye Social NetworkingOpinion Poll | Economy Squeezes Biz TravelBy the Numbers | Risk Management Takes RootSecurity | Fire Your Data With Me: Your StaffInfrastructure | Lost in the CloudStudy | Disruptive Datacenter TechnologiesResearch | UC and Open Source Probe Brains

From the editor-in-Chief | 2 Life on the Fast Lane

By Vijay Ramachandran

[EssEnTIAl TEcHnologY]72 | DIFFEREnT T T wAYs wAYs wAY (and tHEIr doWnSIdE)To DATAo DATAo D sEcURITYsecurITy protecting data needs multiple tools.By Jarina d’Auria

76 | wHATcFos lovE (and yoU MIGHt not)ABoUTTHE cloUDpundIT How to sell cloud computing to your cFo.By Bernard Golden

cIo | 09: The Year Ahead program Highlights from India’s largest forward-looking platform in our special platform in our special ddVVdd.

AdverTiSer index

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

aDC Krone 7

aujas 17

aujas 55

avaya 4 & 5

Commscope 9

C a BC

Elitecore 39

EMC 47

Fluke 25

H P 41

IBM 75

Inflow 27

Interface 19

Microsoft IFC

Microsoft 63

Molex 29

nortel 69

Oracle IBC

Rittal 13

SaS 23

Sigma Byte 3

Sigma Byte 61

Symantec 15

Tata 21

Tata 49

Tata Teleservices 1

Wipro 65

Wipro 67

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

AbnAsh singh

president, It operations & center of Excellence, UcB pharma

AlAgAnAndAn bAlArAmAn

Vp-Hr & process architect, Britannia

Alok kumAr

Global Head-Internal It, tata consultancy Services

Anwer bAgdAdi

Senior Vp & cto, cFc International India Services

Arun guptA

customer care associate & cto, Shoppers Stop

Arvind tAwde

Vp & cIo, Mahindra & Mahindra

Ashish k. ChAuhAn

president & cIo — It applications, reliance Industries

C.n. rAm

rural Shores

ChinAr s. deshpAnde

cEo, creative It India

dr. JAi menon

Group cIo Bharti Enterprise & director (customer Service

& It), Bharti airtel

mAnish Choksi

chief-corporate Strategy & cIo, asian paints

m.d. AgrAwAl

chief Manager (It), Bpcl

rAJeev shirodkAr

cIo, Future Generali India life Insurance

rAJesh uppAl

chief GM It & distribution, Maruti Udyog

prof. r.t. krishnAn

Jamuna raghavan chair professor of Entrepreneurship,

IIM-Bangalore

s. gopAlAkrishnAn

cEo & Managing director, Infosys technologies

prof. s. sAdAgopAn

director, IIIt-Bangalore

s.r. bAlAsubrAmniAn

Exec. Vp (It & corp. development), Godfrey phillips

sAtish dAs

cSo & director ErM, cognizant technology Solutions

sivArAmA krishnAn

Executive director, pricewaterhousecoopers

dr. sridhAr mittA

Md & cto, e4e

s.s. mAthur

GM–It, centre for railway Information Systems

sunil mehtA

Sr. Vp & area Systems director (central asia), JWt

v.v.r. bAbu

Group cIo, Itc

AdviSorY BoArd

publisher louis d’Mello

AssoCiAte publisher alok anand

editoriAl

editor-in-Chief Vijay ramachandran

resident editor rahul neel Mani

AssistAnt editors Gunjan trivedi,

kanika Goswami

Correspondents Snigdha karjatkar, Sneha Jha,

Chief CopY editor Sunil Shah

CopY editors deepti Balani,

Shardha Subramanian

design & produCtion

CreAtive direCtor Jayan k narayanan

leAd visuAlizer Binesh Sreedharan

leAd designers Vikas kapoor, anil V k

Vinoj k n, Suresh nair

Girish a V (Multimedia)

senior designers Jinan k Vijayan, Jithesh c c

Unnikrishnan a V

Sani Mani (Multimedia)

designers M M Shanith, anil t, Siju p

p c anoop, prasanth t r

photogrAphY Srivatsa Shandilya

produCtion mAnAger t k karunakaran

dY. produCtion mAnAger t k Jayadeep

mArketing And sAles

vp sAles (events) Sudhir kamath

generAl mAnAger nitin Walia

senior mAnAnger Siddharth Singh,

rohan chandhok

AssistAnt mAnAger Sukanya Saikia

mArketing priyanka, patrao, disha Gaur

bAngAlore kumarjeet Bhattacharjee,

arun kumar, ranabir das

delhi Saurabh Jain, rajesh kandari

Gagandeep kaiser

mumbAi parul Singh, Hafeez Shaikh,

kaizad patel

JApAn tomoko Fujikawa

usA larry arthur; Jo Ben-atar

events

vp rupesh Sreedharan

mAnAgers ajay adhikari, chetan acharya

pooja chhabra

Vol/4 | ISSUE/041 0 j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10 12/26/2008 8:12:04 PM

n e w * h o t * u n e x p e c t e d

T e c h n o l o g y Virtualization will hold the No. 1 spot on CIOs' priority lists in the Asia Pacific in 2009, said research firm Gartner. The top 10 strategic technology areas that will affect, run, grow and transform the business initiatives in 2009, according to Phillip R. Sargeant, managing vice president, global storage markets at Gartner are: virtualization, business intelligence, cloud computing, green IT, unified communications, social software and social networking, Web-oriented architecture, enterprise mashups, specialized systems and

servers beyond blades. Virtualization is not a new technology, said Sargeant, a user since 1993. It will, however, become a strategic area for organizations to save money, provide better power efficiency, and to better utilize servers particularly during the present economic turmoil.Only about seven percent of the millions of servers installed in the world today are virtualized, said Sargeant.

Virtualization is advancing in three trajectories: de-duplication, single-instance storage, and compression, which will promise lower-cost data migration, unified storage management, common replication services, and longer product life.

"Cloud computing is all about 'server delivery', not technology", said Sargeant, who said it can be put under the umbrella term of virtualization or green IT.

The green IT strategy is predominantly associated with energy saving in

datacenters by vendors. But there is much more that they can do, said Sargeant, such as in the process of supply chain, and the choice of materials to produce products with.

Systems were generalized to run multiple applications many years ago, said Sargeant. In the next 12 months, however, systems are expected to be specialized and optimized to run more applications such as data recovery compliance and data application compliance.

Blade servers will start to gain attraction in 2009, and by 2010, they are expected to take over rack servers, according to Sargeant.

"In the present financial situation, organizations will still adopt new technologies as long as they can help them cut cost", said Matt Boon, managing vice president and group team manager, global hardware markets at Gartner.

—By Carol Ko

Virtualization to rule

I n f r a s T r u c T u r e Wireless mobility enables business process, data and people to be connected anytime anywhere and has changed the way many companies do business. Kanika Goswami spoke to Veneeth Purushothaman, business head-technology, Hypercity Retail, to seek his views on it. Here’s what he said:

In which processes do you use wireless mobility applications? Our wireless mobility solutions are primarily within our store network and warehouses. We use it for stock taking, receiving store material and checking the price of items faster.

Our employees now have the option of working from home with access to the ERP, the HR application, e-mails and other documents through a VPN.

What challenges did you face in this deployment?Prohibitive costs are a challenge. Equipment from the access points to controllers and to handheld devices are all costly, more so if you are looking for ruggedness and other features.

Veneeth Purushothaman on Wireless MobilityFinding a device which fits all our requirements and also our budget is a challenge. Wireless vendors who can implement wireless infrastructure and also help build applications are a rare breed. Most of the big vendors who have extremely good wireless equipment and implementation expertise will not be able to help with small-time utilities and applications.

Do you think wireless mobility needs special security applications? Of course it does; particularly when you are allowing access to data

outside your network. We use SSL VPN and multi-factor authentication.

How do you achieve that fine balance between data security and accessibility?It is a difficult proposition but definitely doable. The balance is obtained by ensuring that VPN access is given to personnel after proper signoff from department heads and the IT head. All the external users have to go past the multi-factor authentication to gain access to selected applications.

Quick take

Veneeth Purushothaman

n e w

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9 1 1Vol/4 | iSSue/04

ill

uS

tr

at

ion

by

MM

Sh

an

ith

Tr

en

dl

Ine

s

I T P e r s o n n e l One of the best ways to improve database security is to carefully monitor the very people who have been entrusted to manage them: database administrators (DBAs), says an Aberdeen Group report.

Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches. Companies ranked as using best practices suffered 8 percent fewer incidents of data loss compared to those that did not adoptsuch measures.

However, one of the defining characteristics of companies rated as having good security was a strict management of their managers. This means that database staff are monitored in some form, there is a separation of duties between different managers, and certain kinds of database access are blocked or restricted.

"In this study, respondents estimated that databases are the repository for nearly two-thirds of their sensitive data, so it's no surprise that the results show organizations that monitor privileged user activity suffer fewer data losses," said Aberdeen Group's Derek E. Brink.

"The payoff for monitoring insiders can be significant from several perspectives, including security, risk management, compliance and cost," he added.

"This Aberdeen report establishes and quantifies the risk organizations are taking by not monitoring the actions of privileged insiders, as well as the payback for companies that implement database activity monitoring," said Mark Kraynak of database security company, Imperva, one of the report's three co-sponsors.

Aberdeen makes a number of basic recommendations for companies worried about the topic, such as making sure to eliminate shared and default database admin accounts, monitoring ad-hoc queries to detect unusual requests, and restricting developer privileges.

If this sample is representative, database security — including the monitoring of the DBAs — is actually a fairly well established principle. Fifty-seven percent said they monitored DBA activities, 61 percent enforced separation of duties between privileged users, and 59 percent audited database access in order to detect unusual intrusions.

—By John E. Dunn

Should CIOs Think Like CFOs?c I o r o l e There are many who believe that forward-thinking CIOs should adopt an economic view like CFOs. He should know the brass tacks of financial operations and should have a laser sharp focus on the economics of their companies' business. But is there a downside? Sneha Jha spoke to your peers and here’s what they had to say:

Sunil SirohiVice President, niit

c.r. narayanan Cio, Spanco

telesystems & Solutionstelesystems & Solutionst

“I don’t feel a CIO should think like a CFO. A CIO must have a passion for value creation unlike a CFO who may be more inclined toward cost cutting.”

deepak MadanGM-it, DlF

Write to [email protected]

lend your

Voice

“A CIO needs to be innovative to contain costs and help the business do more with less. He has many hats to wear and many roles to play in an organization, and thinking like a CFO is one of them.”

“A CFO is an executive who calculatesthe risks involved in capital investment, he is

involved in cost of capital, generation and allocation

of funds. On this front, a CIO can provide him

with tools to make better decisions. “

WAtCh thAt DAtAbAsE ADmIn:

For More SeCurity

Vol/4 | iSSue/041 2 j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Trendlines.indd 12Trendlines.indd 12Trendlines.indd 12Trendlines.indd 12Trendlines.indd 12Trendlines.indd 12

Tr

en

dl

Ine

s

Bad Guys Eye Social Networking

Source: Association ofCorporate Travel Executives

s e c u r I T y Cybercrime is likely to move into the social networking world, taking advantage of sites such as Facebook and MySpace, says cyber-security guru Peter Gutmann.

"I would assume Internet crime will migrate to social networking sites in the future," says Gutmann. Social networking sites are incredibly powerful virus platforms. They allow developers to write specific applications for them, which spread in a viral manner.

If these applications were not on a site such as Facebook, they would be considered incredibly fast-spreading viruses, he says.

To date, developers have written social networking applications only experimentally, but Gutmann thinks these platforms will be targeted more heavily in the future. "For some unfathomable reason the bad guys haven't exploited [social networking sites] yet, and I don't know why — it is so easy," he says.

Finding stolen credit card numbers, phone numbers and other personal information is a matter of 10 seconds of searching Google, he says. "It is frighteningly easy to find information —

it is not rocket science," he says. Another thing about these sites is that personal information, posted by users, will be there for ever.

"People put out heaps of personal information, without thinking about how it can be used against them," says Gutmann. To some extent, cyber crooks are already using social networking sites to launch so called spear-fishing attacks, says Gutmann. By getting names, addresses and other information from, for example, job placement agencies, cyber criminals can send targeted phishing letters from your bank, and basically "leapfrog and attack from one site to another", he says.

Anybody can get strong encryption off the Internet these days, but the availability of strong encryption does not have a huge effect on stopping cybercrime, he says. It's so hard to use, nobody wants to use it, he says.

Gutmann researches the usability of security software, which is typically written by geeks, for geeks, he says. "Unless you are a hardcore geek, you've got no hope of understanding it," he says. He looks at how people interact with security software and how it can be

made easier to understand, but he also investigates if "the masses" really need to, or want to, understand encryption.

He has built the OS-independent, open-source Cryptlib security toolkit, which allows crypto-programmers to easily add encryption and authentication services to their software. Even to programmers, encryption is difficult to understand, he says.

The toolkit makes it easy for programmers to build secure applications. The next step is to educate programmers to build security applications "that human beings can actually use, and that is the really hard bit", he says.

Gutmann, an honorary research fellow of University of Auckland's Department of Computer Science, is passionately involved in making encryption more useable for everyday people. He was involved in writing the PGP encryption package, a program that provides cryptographic privacy and authentication, often used for signing, encrypting and decrypting e-mails.

—By Ulrika Hedquist

economy Squeezes Biz travelDrop that suitcase. economic uncertainty and high fuel costs are taking a toll on business travel. in 2009, one-third of travel managers will cut spending. What they are cutting:

5% Other

inF

oG

ra

Ph

iCS

by

bin

eS

h S

re

eD

ha

ra

n

39%Internal meetings

31%Across the board

16%International travel

9% Training travel


Trendlines.indd 14 12/26/2008 7:20:58 PM

Tr

en

dl

Ine

s

B Y Ja r I n a d ’au r I a

be clear about your risks. before establishing erM policies, recognize the risks the business is already taking and set up appropriate compliance standards.

Involvement is key. everyone needs to play an active role. the best way to involve employees is with consistent training and self-assessments about the company’s risk.

Choose your risk manager wisely. this individual has to create a two-way conversation within the business. he also has to manage the risk-taking activity and controls already in place while factoring it into the strategic risk assessment.

enterprise risk management (ERM) has been around for years, but it is in t (ERM) has been around for years, but it is in different stages of maturity within different industries. The insurance industry, for different stages of maturity within different industries. The insurance industry, for example, has only begun to implement ERM into its strategic planning in recent example, has only begun to implement ERM into its strategic planning in recent years, says Paul Horgan, partner and leader of the global risk and capital team of years, says Paul Horgan, partner and leader of the global risk and capital team of PricewaterhouseCoopers (PwC).PricewaterhouseCoopers (PwC).

Significant progress has been made, according to a recent global survey of 53 insurers by Significant progress has been made, according to a recent global survey of 53 insurers by PwC, in which Horgan was the primary author: more than 90 percent have ERM programs PwC, in which Horgan was the primary author: more than 90 percent have ERM programs in place. However, most firms are still not using ERM effectively to manage their new or in place. However, most firms are still not using ERM effectively to manage their new or emerging risks, according to the study. “If they accept the risk mandates thrown over the emerging risks, according to the study. “If they accept the risk mandates thrown over the fence from corporate without pushing back or making sure they understand how it can add fence from corporate without pushing back or making sure they understand how it can add value, then they are being passive,” Horgan says. value, then they are being passive,” Horgan says.

Companies often stumble over ERM’s first steps: defining and communicating risks Companies often stumble over ERM’s first steps: defining and communicating risks in a way that translates into limits, objectives and priorities for employees to follow. As a in a way that translates into limits, objectives and priorities for employees to follow. As a result, less than half of insurers surveyed are confident ERM is embedded in their strategic result, less than half of insurers surveyed are confident ERM is embedded in their strategic business decisions, says the study.

From an IT standpoint, ERM’s effectiveness is also hurt by poor risk data and analysis. Risk assessment tools and methodologies are up and running in only about half of the firms surveyed in the study. And fewer than 40 percent of respondents say their firm’s risk data and systems are ‘good’ or ‘excellent’.

Yet a strong ERM system relies on effective systems and quality data, which are critical in maintaining the flow of timely and reliable risk management information. “We have seen companies suffer unintended strategic disadvantages because they were too slow to react to changes in IT,” Horgan says.

The more standardization you can have from an IT perspective, the lower your risks are overall. CIOs can help by working with the business to create an integrated reporting structure, data systems and modeling capabilities. Many insurers are still at the beginning stages of implementing such change.

Risk Management Takes RootSurvey of insurers finds poor risk data and analysis still hinders how effectively companies are able to employ enterprise risk management.

Bestpractices


1

2

3

…But there is still work to be done.

42 percent of respondents believe their organization spends too little money on risk data management,

up from 30 percent in 2004.

Insurers on the Path to ERM?Confidence is growing in this discipline…

49 percent of insurers are confident that ERm is genuinely embedded in their firm’s strategic planning compared to

4 percent in 2004.

Tr

en

dl

Ine

s

s e c u r I T y Workers that are anxious about being laid off are prepared to steal corporate data on removable devices or bribe it staff for information, a survey has revealed.

Four out of 10 workers in the uK confessed they would steal sensitive data if they thought their jobs were at risk, the survey by security vendor Cyber-ark has revealed. it also shows that some 71 percent of employees globally said they would steal sensitive data if they were fired suddenly.

the data would be used to take to their next employer or as a negotiating tool with their current bosses, the authors of the survey warned.

rumors of looming job cuts would drive almost half of uK workers to use their privileged it access rights to snoop around their company's central network looking for the redundancy list. another quarter of workers said they would bribe someone in the it department to find it.

Memory sticks were the medium favored by staff who said they would steal data, because of their small size, ease of use and difficulty to trace. but photocopying, e-mailing, recording to CD, online storage, online messenger programs and iPods were also channels through which staff said they might take data out from office systems.

Customer contact databases were the most likely files to be stolen, followed by strategic plans, product information and passwords. employees were less interested in taking human resources and legal documents, according to the survey.

adam bosnian, vice president at Cyber ark, said: "our advice is only allowing access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data."

—by leo King

Lost in the CLoudI n f r a s T r u c T u r e Companies hungry for IT efficiency and cost savings love virtualization. The idea of reducing racks of servers into smaller and cheaper machine farms is simply irresistible.

Security vendors have seized on this with an array of products promising 'security in the cloud'. But the adopters often lack a basic understanding of virtualization, and that's a problem, industry experts say.

"People's definition of virtualization is either very narrow — that it's about server consolidation, virtualizing your apps and operating systems and consolidating everything down to fewer physical boxes," says Chris Hoff, chief security architect for the systems and technology division at Unisys. "Or, it's about any number of other elements — client-side desktops, storage, networks, security."

And since the definition of what's coming in the virtualization world can mean a lot of different things, it makes it near impossible to build a security strategy around it, he says.

Joel Snyder, security expert and senior partner at Opus One, says virtualization "has a variety of implications in disaster control, capacity planning, system management and security."

Thankfully, companies at least acknowledge that there's a security challenge to address. Michele Perry, CMO for security vendor Sourcefire, says customers are expressing concern that they have no way to proactively track or identify new virtual systems within their environments.

"With limited visibility, organizations have no way to control where virtual systems pop up without adhering to corporate IT or security policies," Perry says. "This has the potential of creating significant security issues — including unpatched machines, unauthorized access and use, and so on."

Fortunately virtual security is not a doomed concept. "Just because virtualization changes your security environment doesn't mean that the problems it creates are insoluble," Snyder says. "Instead, realize that security in a virtual server environment is different. You have to think differently and use different tools to get the same level of security."

Even Hoff, a vocal critic of virtualization security, is seeing traces of a silver lining.

He notes that the who's who of security vendors are retooling their applications to take advantage of VMware's vNetwork/VMsafe APIs. Others are are working on tighter, better integration. "Operationally and technically there's more integration and tightening going on," he says.

"I think it's actually an excellent move as it continues on the path of not only helping to ensure that the underlying virtualization platform is more secure, but the elements that ride atop on it are equally security enabled also," Hoff says.

Security experts warn that all the vendor activity in the world won't help a company that dives headlong into the cloud without thinking through the risks first. As long as companies fail to grasp the nuts and bolts of virtualization, dangers remain.

—By Bill Brenner

Fire Your Data With Me: Your Staff

il

lu

St

ra

tio

n b

y u

nn

iKr

iSh

na

n a

V



Tr

en

dl

Ine

s

s T u d y A new computing fabric to replace today's blade servers and a 'pod' approach to building datacenters are two of the most disruptive technologies that will affect the enterprise datacenter in the next few years, Gartner said at its annual datacenter conference.

Datacenters increasingly will be built in separate zones or pods, rather than as one monolithic structure, Gartner analyst Carl Claunch said in a presentation about the top 10 disruptive technologies affecting the datacenter.

Those zones or pods will be built in a fashion similar to the modular datacenters sold in large shipping containers equipped with their own cooling systems. But datacenter pods don't have to be built within actual containers. The distinguishing features are that zones are built with different densities, reducing initial costs, and each pod or zone is self-contained with its own power feeds and cooling, Claunch says.

Cooling costs are minimized because chillers are closer to heat sources; and there is additional flexibility because a pod can be upgraded or repaired without necessitating downtime in other zones, Claunch said.

"Modularization is a good thing. It gives you the ability to refresh continuously and have higher uptime," Claunch said.

By not treating a datacenter as a homogenous whole, it is easier to separate equipment into high, medium and low heat densities, and devote expensive cooling only to the areas that really need it, Claunch added.

The move to pods and zones is among what Gartner calls the most disruptive technologies affecting the datacenter. In no particular order, these technologies are storage virtualization; cloud computing; new server architectures; PC virtualization; enterprise mashups; specialized systems (aka hardware appliances); social software and social networking; unified communications; zones and pods; and green IT.

Many of these technologies have been covered by Gartner in previous lists. Enterprises won't have to wait long to take advantage of these technologies: all these trends are beginning to happen now or will do so within the next few years, Claunch said.

If Gartner's predictions are correct, the server industry is soon to undergo a significant transformation.

—By Jon Brodkin

r e s e a r c h the Prince of Wales Medical research institute (PoWMri) will replace its PabX with a 1,000-seat communications platform to connect roaming staff and monitor its tissue preservation freezers, and physical security network.

research at the Sydney-based institute delves into the actions of the brain and nervous system, and covers cells, genes and molecules through to how the elderly walk to the control of breathing.

the institute's it manager andrew Cartwright said the parts for its Siemens time-Division Multiplexing PabX would become rare and expensive after it was discontinued.

"the old system runs on the Siemens hiPath openscape 750 server which reached end-of-life, so we upgraded because parts would become expensive and difficult to get," Cartwirght said. the new system will be phased in with an initial trial of 30 handsets using a gateway to allow it to work alongside the existing PabX. he said the high-end handsets with Web video capability will be used to monitor temperature fluctuations in the laboratory freezers that house human tissue.

"the freezers hold priceless brain tissue at about minus 80 (Celsius). if there is a problem, the temperature will rise straight away and we can detect this on the phones," Cartwright said. information from the freezers, which are considered nodes on the network, can be fed in real-time into the phones and alerts can be triggered to call handsets when a problem occurs.

"the smallest increase in temperature can signal a problem, so the sooner we know about it, the better." the liquid nitrogen tanks can also be monitored and controlled from the phones using an lCD touch screen.

he said PoWMri security will be able to monitor CCtV feeds on the iP phones, and reception will have visibility on deliveries and visitors. the institute operates entirely on open Source platforms. the magnetic resonance imaging (Mri) scanner uses open Source software.

—by Darren Pauli

dataCenter teChnoLogies


ill

uS

tr

at

ion

by

MM

Sh

an

ith

uc and open Source probe

Brains


Well, we blew it a year ago on the prediction that the recent US presidential election would lead to historic turnout — it didn't quite hit that mark — and unprecedented

problems with e-voting systems. The problems, it turns out, were for the most part precedented. On the positive side, we nailed the result, forecasting the election of Barack Obama. Not inclined to rest on that laurel (and a few others we also accurately foretold), we've set forth again to find out what industry analysts are forecasting for 2009, and we've talked to sources as well as to our geekiest friends and colleagues to come up with our own set of predictions for 2009.

Absent from this year's list of 10 prognostications is an entry about Microsoft finally buying at least the ad-search business of Yahoo, if not the whole company. We left that one off the list for next year because we still expect it could happen in 2008. With that in mind and in no particular order:

The Good NewsEconomic downturns tend to drive innovation and also spur rollouts of new technologies and products to lure users to spend money. This has been particularly true over the years in the DRAM (dynamic RAM) market, where companies are focused on trying to get DDR3 out as quickly as they can. They have to get motherboard, chipset and microprocessor companies on board to support new memory chips, so that's what is slowing them down. But we see DDR3 becoming the new mainstream DRAM chip in 2009.

Netbooks have generated a lot of buzz (and no little bit of hype) of late as more of the small, low-cost, lightweight,

What does the future hold? With a little help from researchers and some educated guesses, here’s what we predict will happen in 2009.

In 2009[And What’s Probably Not]What’s On the Cards

Nancy Weil IT INTellIgeNce

Vol/4 | ISSUE/042 2 j A N u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Ill

US

tr

at

Ion

by

an

Il t

Coloumn - 01 - Crystal Balling .indd 22 12/26/2008 5:26:55 PM

Nancy Weil IT INTellIgeNce

energy-efficient laptops hit the market. That will continue apace, but we also expect that the average price of US$400-$500 (about Rs 20,000-Rs 25,000) will drop to the $200-$300 (about Rs 10,000-Rs 15,000) range. Part of the price plunge will owe to volume production because the price of parts will drop as more netbooks are made.

Long Live the iPhoneWe're in accord with market researcher IDC that "it will be a grim year for mobile gadgets — as volume growth flattens in mobile phones, as netbook PCs expand the market but threaten notebook pricing and margins, and as consolidation looms in personal navigation devices." However, we think that the iPhone is going to play a major role — perhaps single-handedly — in keeping the smartphone market afloat, even if it's going to need to be thrown a life preserver along the way. (That's meant metaphorically and not as a prediction that smartphone makers will be next in line for government bailouts.)

Oh, and we also think that IDC's prediction that portable media player shipments will show a first-time drop is spot-on, given market saturation and that there are only so many ways to improve on the players that will induce people to buy new ones.

See Ya!Sun Microsystems will find a new CEO to replace Jonathan Schwartz. We're torn between the view that he'll be ousted and the view that he'll decide it's just time to go, but either way we don't believe he'll be Sun's CEO at the end of 2009, if he even makes it past the first quarter or so. And Sun will cease to exist in its current incarnation, perhaps being part of a blockbuster acquisition, perhaps going private.

Windows 7 will be releasedMicrosoft hasn't announced a launch date for Windows 7, and while earlier indications were that it would be out in early 2010, company executives have recently hinted that it could be out around the end of 2009. With continued sluggish adoption of Vista — not to mention ongoing inroads by Linux, notably in the low-priced PC market — and a warm reception to a beta demonstration of Windows 7 at its Professional Developers Conference in October, we think the hints will become reality and Microsoft will release the OS late in 2009. We'll also be so bold as to predict it will be a vast improvement over Vista. Well, OK, maybe that's not so bold because, you know, how could it be worse, right? But even

so, the Microsoft portion of our crystal ball is telling us that Windows 7 will be well-received and help Microsoft regain some of the OS edge it lost in 2008. (But Linux is still going to nip at Microsoft's heels.)

Cloudy DaysWell, last year we wanted to resist an entry on virtualization; this year it's cloud computing we'd like to deny, the two being kin and all. We agree with Oracle CEO Larry Ellison that the jargon is “complete gibberish" and the definitions encompass that which already exists and doesn't actually need a label. But we digress — the point is that companies will keep moving toward software-as-a-service and cloud storage models as they aim to cut costs. SaaS and cloud-based vendors will haul in new customers and post profits. Meanwhile, ‘private clouds’ will loom on the IT horizon as companies less comfortable with letting someone else manage their data and provide related services will set up clouds behind their corporate firewalls. Some of the more headline-grabbing merger and acquisition news of 2009 will occur with vendors focused on the cloud and with SaaS providers. Google and Amazon.com will continue to be particularly aggressive and will target smaller players in acquisition deals.

Always a Step AheadCybercriminals will find ever more malicious ways to vex us in 2009, what with the success of infecting PDF (portable document format) and Flash files with malware. Ever-more-sophisticated Trojans will emerge in 2009 to swipe data and wreak havoc. Along those lines, sometime during the year, a major online retailer will be nailed with a serious security breach that exposes credit-card numbers and personal data of thousands of customers because some people just never learn from the past.

Security vendor Finjan predicts that the number of people participating in cybercrime will continue to rise — no surprise there — but in a more alarming twist says the increase will occur "with an increasing number of unemployed IT professionals joining in." To that end, more news headlines involving networks being held hostage by disgruntled former employees are in the offing. CIO

Dan Nystedt in Taipei, James Niccolai in San Francisco, Nancy Gohring in Seattle and Juan Carlos Perez in Miami contributed.

Send feedback on this column to [email protected]

The number of cybercriminals will rise — no surprise there — but more alarmingly, the increase will occur with an increasing number of unemployed IT professionals joining in.

Vol/4 | ISSUE/042 4 j A N u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 01 - Crystal Balling .indd 24 12/26/2008 5:26:55 PM

The recent economic storm that has battered economies worldwide has sent companies scurrying to take cover. Many have quickly turned to IT cost-cutting plans in an effort to staunch the

flow of red ink. However, attempts to drive down technology costs may be taking some firms in the wrong direction. The headlong rush to reduce IT costs in the short term can compromise many companies' ability to improve productivity and profitability in the longer term. I believe that by focusing on talent management, CIOs can deliver higher value results at lower total cost. The immediate challenge for senior IT executives is to redirect IT investment in order to cultivate, reward and retain the most critical IT talent — the 'IT stars.'

Technology has long been heralded as a key to cost reduction and it is often assumed that a greater use of IT will create a kind of virtuous circle of continuing cost reductions. In fact, the search for ways to commoditize and cut IT costs actively discourages needed investment in talent management structures that could help the CIO retain highly skilled staff at the critical interface between IT and the business lines.

For that reason, companies must learn to differentiate between IT activities that are truly 'commoditizable' and where costs can be safely cut (such as infrastructure, hardware and systems standards), and the specialized processes that create unique value for the firm (such as risk management, new channel or new product development, and customer analytics and predictive modeling).

Any cost savings from cuts in commodity activities should be candidates for re-investment in 'specialist' areas where success depends on IT stars gaining a deep understanding of

Cutting IT costs can only take you so far. You also need to invest in talent management.

[Or What To Leave In Place]What to AxeIn a Slowdown

David Howard-Jones ApplieD insigHt

Vol/4 | ISSUE/042 6 j A n u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Il

lU

ST

ra

TIo

n b

Y U

nn

Ikr

ISh

na

n a

V

Coloumn - 02 - Careful With That Axe .indd 26 12/26/2008 5:26:09 PM

David Howard-Jones ApplieD insigHt

how businesses create value. This two-pronged approach to IT using both talent and cost management in equal measure is important. Many complex technology projects are never satisfactorily completed and, far from cutting costs, become a drag on profitability. Having the right team in place can help a project avoid this fate. IT success depends on people, not technology.

Put the Spotlight on Talent Haphazard cost cutting raises the danger of underinvestment and losing ground — and good people — to competitors. To mitigate those risks, IT executives should concentrate on two talent-related imperatives:

Recognize that deepening business knowledge in selected IT teams is critical to success. This will be especially true in any area where there is a build versus buy' decision, because the need to make this choice signals that customization and business knowledge will be decisive in determining the project's success. CIOs should put in place opportunities for staff to increase their knowledge of the business: internal IT business training courses, scholarship funding for professional qualifications in their field of business, mentoring for rising stars and cross-training within the business when appropriate.

Build the right talent mix. The right mixture often turns out to be fewer, more skilled and higher paid local staff, combined with lower-cost offshore workers who are also highly skilled. This shift can deliver cost savings and a more concentrated investment in technology talent. Too often, firms have focused on the shift to offshoring without commensurate enhancement of onshore roles throughout the organization.

Rethink Your Staffing Approach CIOs should abandon the idea of taking a single approach to IT talent. Hiring workers who are capable of dealing with the complex IT and business interface is expensive. Instead, IT leaders must pursue a differentiated approach.

Start by identifying tasks where traditional cost cutting, outsourcing and offshoring are appropriate. Examine projects and processes where development requirements are closely specified and fixed, and objectives and standards are clearly established. These could include back-office functions, accounting systems, design and general processing support. By identifying those areas where you can shift resources, you can focus on investing IT talent in business areas with new or rapidly evolving products or methodologies, or where business revenues are high.

Interestingly, a differentiated approach can sometimes deliver net cost savings, even in areas where business practices and products are rapidly evolving and more experienced IT resources are required to meet demanding business schedules. For example, I recently estimated that the credit trading business of one global bank could employ more skilled and higher-paid IT workers and still realize savings in excess of $300 million dollars (about Rs 1,500 crore) over the next five years. The math works by shifting the staffing mix, offshoring some key subsidiary tasks, reducing the total head count and then paying more across the board to staff in the future: both offshore and onshore resources will need higher skills sets to manage the greater expectations of the firm.

Amazon, Ameritrade and Google are great examples of companies whose IT talent mix is skewed toward the specialist end. Of course, the choice is made easy for them since their business models depend on IT excellence. However, it is worth remembering that the question is one of degree: while many IT platforms today can be purchased as commodities, their implementation always requires such a high degree of customization that a significant level of investment in talent to drive this customization is essential.

Getting the right level of business end-user know-how into the IT implementation teams is critical for the success of these projects. There is no shortage of project failures and horror stories in software implementation. Yet project risk in many could have been significantly reduced by enhanced investment in the right business expertise on the IT project team.

Big Questions for IT Leaders Talent management, then, not cost reduction, should be the number-one priority for technology professionals.

For CIOs, this means taking a fresh look at the mix of talent required, how to attract top staff, and how to keep them busy and learning at the interface between business and IT. When a firm learns to differentiate its requirements and skew its talent management in the right direction, cost savings can accrue at the same time that success rates improve.

Big questions confront IT leaders in these turbulent times. Will lessons learned be more widely applied as the spotlight turns to cost reductions and performance improvement in a range of IT-intensive industries? Or will global economic worries prompt executives to search for ways to cut back and put IT once more on the chopping block? I think fortune will favor those brave enough to invest in the talent needed to lead. CIO

Send feedback to [email protected].

the immediate challenge for senior it executives is to redirect it investment in order to cultivate, reward and retain the most critical it talent — the 'it stars.'

Vol/4 | ISSUE/042 8 j A n u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 02 - Careful With That Axe .indd 28 12/26/2008 5:26:10 PM

Call it the CiO ‘Clean slate’ fantasy. If I were starting from scratch, what kind of IT systems would I build to support my business today? For most IT leaders, bound

by long-standing infrastructure choices and loads of legacy systems, it's little more than a parlor game. For Geir Ramleth, however, the question provided the foundation to a new model for delivering corporate IT services.

Ramleth isn't the IT leader for some hot, new startup. He's the senior vice president

and CIO for Bechtel, the construction and engineering company that got its start 110 years ago building America's western railroads and later made a big splash helping raise the Hoover Dam. "We said, ‘if we started Bechtel today, would we do IT in the same way we're

doing it now?"’ says Ramleth. "The answer was no."

When Ramleth first asked the question more than three years ago, the company had just completed a major initiative to streamline IT systems, which had cut costs by nearly 30 percent. But with Bechtel's projects increasingly executed in far-flung geographic

By Stephanie OverBy

How do you create a more agile, responsive and cost-effective IT department? Bechtel CIO Geir Ramleth

dismantled his infrastructure and started over.

Reader ROI:

A new model for running IT

Challenges to operating in the cloud

Lessons from Google, Salesforce.com, Amazon and YouTube

IT InfrASTruCTure

Vol/4 | ISSUE/043 0 j A n u A r Y 1 , 2 0 0 9 | Real CiO WORlD

Feature -01-IT Infrastructure.indd 30 12/26/2008 5:45:38 PM

locations, from Santiago to Shanghai — and with its systems being accessed by thousands of temp workers, customers, even competitors — Ramleth knew a more drastic shift in how IT services are delivered would be necessary to support the company's complex, distributed business model.

Starting with that imagined technology ‘tabula rasa,’ (Latin for blank slate) Ramleth took his cues from some real-life IT pioneers who, unlike most corporate IT organizations, could take advantage of an actual clean slate when building their technology platforms. He incorporated high-bandwidth networking practices from companies such as YouTube, the standardized server approach of Google, extreme virtualization techniques from Amazon, and the multi-tenant application support strategy of Salesforce.com, among others.

The result is the project services network (PSN), an infrastructure to apps overhaul of Bechtel's technology environment that Ramleth says will provide secure, ubiquitous, simplified and rapidly deployable access to corporate and customer information for any user around the globe who needs it. Ramleth calls his approach the "consumerization of the computing environment"—an internal cloud-computing infrastructure serving up in-house applications on demand. Others say it's a sign of the IT times.

"It's really in vogue right now if you're overseeing enterprise IT to look at these upstarts that are talking about how they run hundreds of thousands of servers," says Howard Rubin, president and CEO of Rubin Worldwide and a Gartner senior advisor. "As corporate IT bemoans the issues of virtualizing or large-scale standardization, these younger companies do it all as a matter of course. CIOs are starting to wise up and look at what they're doing right."

An Old COmpAny needs new TriCks "That's not our business. That's not what we do."

That was the reaction from Bechtel's corporate management when Ramleth came to them with his big idea: to

benchmark IT not against construction or engineering industry peers — or even global enterprises of a similar size — but against successful companies in the Internet consumer space. They couldn't immediately imagine any benefit in dedicating time and money to imitating an online consumer company.

It took time and targeted marketing to get the C-suite to warm up to the idea. "I needed to get them to understand that we didn't want to be a Google or an Amazon. We wanted to understand how these guys do things so we can learn from them," explains Ramleth.

By 2006, Bechtel was operating in more locations than ever. And for every 100 employees in the US and Europe who retired, the company had only been able to replace 60. "We have to chase the talent around the world," says Ramleth. "That's why we have [corporate] operational centers in Shanghai, Taipei, Bangkok, New Delhi, Mumbai and Warsaw." At the same time, Ramleth found that a third of the people accessing Bechtel's network were non-Bechtel employees, creating a huge intellectual property risk.

The situation was leading to an untenable IT environment. Bechtel wasn't only inviting all manner of non-employees onto its network. IT deployments took dreadfully long: 30 days to put support in place for a new business project. That was a problem R a m l e t h ' s c o r p o r a t e p e e r s

could understand. "We didn't want our projects to have to wait for us," Ramleth explains. Ramleth knew Bechtel needed a faster, simpler and more secure way to deploy and support IT applications. For starters, he needed applications he could deliver via the Internet, not Bechtel's intranet (an approach Ramleth's team had taken in building one-off IT systems for two multi-billion dollar oil and gas projects in the past). But after several months of trying to tackle the problem by rewriting scads of existing applications, Ramleth realized something more fundamental had to change.

Rewriting all of Bechtel's 200-plus applications — 40 percent of them built in-house — was crazy. "It would be too costly, and wouldn't solve everything," Ramleth says. "We needed to shed ourselves of all of the thinking that got us to where we [were]," says Ramleth. "We had to start from the infrastructure up."

To figure out what a new IT backbone might look like, Ramleth and his team followed the money. Ramleth interviewed venture capitalists and learned that they were betting 80 percent to 90 percent of their investments on consumer-related tech, with the remaining sliver of funding going to enterprise IT. "If that's where the investment is going, they [consumer

IT InfrASTruCTure

Real CiO WORlD | j A n u A r Y 1 , 2 0 0 9 3 1Vol/4 | ISSUE/04


technology companies] are doing something that we definitely have to look at and learn from," says Ramleth.

In fact, Ramleth's search for answers in the consumer tech arena is not unusual, says James Staten, principal analyst with Forrester Research. Today's IT demands require new thinking. "CIOs are being asked to continue to reduce the overall spend on IT," he observes. "They're also being asked to spend more time building new applications and driving flexibility and doing things that transform business." To do it all, something's got to give. "You can't manage IT the same way you've always managed it and empower new flexibility," Staten says. "You have to be able to walk away mentally from old processes and procedures."

Thus, CIOs are no longer satisfied with the 'your mess for less' offering

from an EDS or IBM. They're looking for inspiration from Google and other Internet-era titans. The consumer technology focus on simplification, standardization and on-demand applications made available via cloud computing holds some clues for how Bechtel and other corporate IT

departments might rewire themselves. For most enterprise IT organizations, however, there's been more talk than action to date, observes Rubin. And whether or not corporate IT catches up to its consumer-tech counterparts is, in large part, dependent on IT leadership. "Historically, the CIO was the gatekeeper. But as IT has moved from "mainframe to client server to all over the place," says Rubin, "you have to start to open the gates."

"In the past we wrote applications for an internal, secure environment — inside the firewall," notes Ramleth. "Now we want to create an environment for applications meant for the Internet, rather than the intranet."

Ramleth, who thinks there's a little geek in everyone dying to defy the status quo, has little hesitancy about creating a next-generation IT delivery model. "I'm

passionate about it because I truly believe that we as a company can do business very differently in the future by changing the way we do our IT service offerings," Ramleth says. There's an old adage, popular in the recovery community: if you always do what you always did, you'll

always get what you always got. Ramleth repeats it like a mantra. "There's too much change in the world on all fronts to accept that things should always be the same."

BeTTer BenChmArksRamleth and his team dedicated nearly a year, beginning in the spring of 2006, to study 18 companies, including a few non-consumer companies, which had built their IT infrastructure and applications in the post-Internet era. "We found some tremendous discrepancies between our internal metrics and the metrics these guys were dealing with," Ramleth says.

YouTube, serving up videos to the masses, was paying $10 to $15 (about Rs 500 to Rs 750) per megabit for networking. Bechtel was paying at least 50 times that. One Google system administrator was running approximately 20,000 servers; Bechtel's could manage just 100, which was found to be common in enterprise environments. Amazon offered storage to its individual and corporate customers at 15 cents (about Rs 7.50) per gig per month. Bechtel's shelled out nearly 40 times that amount. Salesforce.com upgraded software for its one million users four times a year with minimum downtime and no training. Bechtel couldn't even get all its users on the same version of its software. (For more on Bechtel's benchmarking results, see Bechtel's New Benchmarks)

"If they can do it, why can't we do it?" Ramleth wondered.

The answers provided a roadmap for PSN. YouTube has lower networking costs because it maintains locations near high-bandwidth areas. Google doesn't need hundreds of employees to run its servers because they're standardized to the hilt. Amazon keeps a lid on storage expenses by making sure its servers are highly utilized. And Salesforce.com offers easy upgrades because it runs one application in one location for a million users.

Bechtel, Ramleth thought, could do some of that. He and his team came up with a plan to incorporate the best practices of those technology powerhouses by building new datacenters and networks to support multi-tenant applications within

Geir Ramleth, CIO, Bechtel, believes that the SaaS model for application delivery will enable the company to deliver new information-based services.

IT InfrASTruCTure


Bechtel. By Ramleth's calculation, the majority of the project could be paid for by re-allocating funds set aside in the regular IT budget for refresh and maintenance work. (Bechtel will not reveal how much the PSN transformation will cost.)

And Ramleth, a native of Norway who enjoys skiing, motor racing and once held an official powerboat speed world record, wasted no time getting started. "I like speed," he says in a moment of sheer understatement.

Between 2002 and 2006, Bechtel's infrastructure group had consolidated

14 datacenters into seven (completely modernizing six of them). Ramleth launched the PSN initiative almost immediately afterward. In 2007, Bechtel built three new standardized datacenters in entirely different locations — one in the United States, one in Europe and one in Asia — and began decommissioning the seven that had just been revamped. The company took 30,000 square feet of datacenter space down to a couple thousand and built out a totally new network between the three new datacenters. "In the past we had brought the network to the data," says Ramleth.

"But with the PSN, we wanted to bring the data to the network. We moved closer to the traffic aggregation points."

The IT group also consolidated additional servers, using virtualization to get to 70 percent utilization. (Virtualizing the apps has been a challenge, however. "As we started doing more virtualization, we had to be more sensitive to how applications are designed and developed as well as how we operate them," Ramleth notes. More on that later.) The transformation was tough for the infrastructure team, admits Ramleth. He highlighted the difference

COmpAny TeChnOlOgy BenChmArk* whAT BeChTel leArned

youTube Wide-Area NetworkYouTube paid $10-15/

megabit (about Rs 500 to Rs 750)

Bechtel paid $500/megabit (about Rs

25,000)

It was more than volume discounts from telecom vendors that got

YouTube its lower costs. YouTube locates its datacenters in places

where there's already a lot of bandwidth, so they don't have to pay

as much for infrastructure.

google Servers

Google employed one systems administrator

for about 20,000 servers.

Bechtel employed one systems administrator per

100 servers.

Bechtel was building whatever the business wanted, whenever it

wanted, wherever it wanted. Google standardized its server infrastructure.

Amazon Virtualization

Amazon sold storage to external customers

for 15 cents (about Rs 7.50)/GB/month

(estimated)

Bechtel's internal storage costs were $3.75/GB/

month (about Rs 187.5)

Amazon could sell storage cheaply, Ramleth believes, because its servers

were more highly utilized.

salesforce.com

Applications

Salesforce.com provided one version

of one application for 1 million users. Upgraded four times per year with

minimal downtime or training.

Bechtel ran 230 applications, up to five

versions of each — nearly 800 different application

versions altogether. Upgrades and training

were constant. No version management.

"We're so far apart from Salesforce, it's scary," says Ramleth. His team

is converting Bechtel's 50 most heavily used apps into single-instance software-as-a-service apps run from

a Google-like portal.

In today's business environment, says Bechtel CIo Geir Ramleth, IT needs to benchmark itself against a new set of peers: successful technology companies that built their IT systems in the Internet era. Doing so is a painful exercise for the ego. "Corporate IT is trying to break the sound barrier, and the Googles and Amazons are supersonic. They're hypersonic," says Howard Rubin, president and CEo of Rubin Worldwide and a Gartner senior advisor. But the exercise can yield big returns.

Ramleth researched 18 companies and developed benchmarks against many of them. Among them were: YouTube, Google, Amazon and Salesforce.com.

Bechtel's New BenchmarksThe company's goal is to bring IT costs in line with today's online powerhouses.

*Benchmarked costs for Google and YouTube are based on research and estimates by Bechtel in 2006 and may not reflect current numbers.

IT InfrASTruCTure



between the two infrastructure overhauls for his team and his peers. The first was done to reduce operation costs, pure and simple. The PSN transformation, says Ramleth, "is meant to change the way we can serve business on a global basis." Today, Bechtel has migrated approximately 50 percent to 60 percent of its users to the new environment. "Our total costs are the same, but with a heck of a lot more capacity," Ramleth says. Ten times more, to be exact.

ACquiring The serviCe prOvider mind seT The infrastructure work, it turns out, was the easy part.

Once the new backbone was in place, Ramleth planned to certify Bechtel's most heavily used applications for the new environment. The ones that made the cut would be offered in a SaaS fashion. Those that didn't would be left to die off as employees and partners using them finished their projects.

There's only one problem: the external multi-tenant application model, which assumes centralized management of apps and data for all users, isn't an obvious fit for Bechtel or other large enterprises.

"The information that we have in our systems is not always ours. We might deal with a partner that has proprietary technology information that they don't want to leave our premises," says Ramleth. "If you have to go to a SaaS provider, you might not any longer know exactly where information is."

It's also tough for a big, often Byzantine business like Bechtel to alter its processes to align with an external SaaS offering. "The change would just be too big," says Ramleth. "Because of the highly distributed way we operate, it would be hard for us initially to integrate a third-party SaaS offering with our work processes and embedded applications." In addition, he says, there are industry- or enterprise-specific applications, like Bechtel's proprietary suite of procurement

application users. Log in to the portal, pick a task and get it done in a few simple steps

rather than logging in to an assortment of applications. "The portal is really

where we'll get the benefits of the consumerization approach," says

Ramleth. He expects that new versions of applications and pieces of applications delivered via the portal will lead to increased productivity and reduced training for users.

Some users will still need the full version of

certain applications — such as computer-aided design

software — and IT will continue to support them. "Those designers

aren't necessarily nomadic users," says Ramleth. "We'll keep the larger-

scale deployment models for those stationary heavy users."

So far, IT has converted about a dozen applications to the new environment and made parts of many more available via the portal. Microsoft Exchange, which used to run on more than 100 server environments around the world, is being consolidated via the PSN. InfoWorks, Bechtel's workflow and document management system — which used to be deployed in a distributed fashion project-by-project — has been rewritten to operate on a centralized, multi-tenant platform.

The development team has had to keep in mind the requirements of the new, highly virtualized back-end when rolling out new Internet-based versions of Bechtel applications. "You have to use technologies that are already certified for use in the virtual environment. You have to tune your databases differently. You have to write and architect applications that can work in a multi-processor environment and [according to a] dynamic utilization model."

In some cases, IT is rewriting the old applications. In others, they're transitioning the legacy systems to the Internet using the virtual application server from Citrix.

Ramleth knows that some applications will be harder to convert to the new environment than others. While there are no "show-stoppers," he says that figuring


Ill

US

TR

AT

IoN

BY

pC

AN

oo

p

applications, that aren't available from a reliable SaaS vendor today.

The solution became for Bechtel IT to become its own SaaS provider to Bechtel's project teams. By the end of next year, Ramleth expects to convert and certify 50 of Bechtel's most heavily used applications for operation in the new environment and offer them to users via Internet-based portal technology that includes Microsoft SharePoint.

gOOgle-like Apps The IT organization studied software usage patterns and found that for any given application, 80 percent of users weren't doing heavy transactions. They were mainly trying to get some information (such as the status of a project) or perform a minimal operation (such as make a purchase). Ramleth's team realized this majority of users could benefit from having access to smaller pieces of big applications via the portal. "You can make a few screens available to a user who otherwise would have had a myriad of applications to go to," says Ramleth. "It wasn't rocket science, but we finally got that." The goal is to create a Google-like experience for enterprise

IT InfrASTruCTure


out how to rework Bechtel's in-house procurement application is going to be particularly difficult. "We can't lean on the vendor community for help," he says. What's more, "it's as big an application as a full-size ERP implementation. But we believe that it's a big differentiator for us in the marketplace."

Ramleth's team is migrating employees and partners to the PSN portal as they are assigned to new projects. Ten thousand users globally are using services within the PSN today, and Ramleth has the complete deployment wrapping up by the end of 2009. It's not an easy transformation for any company. "If you look at Google or Amazon, they were able to build their infrastructure with no legacy," says Forrester's Staten. "Most organizations just find it too hard to operate in the flat Google environment because they have to completely rewrite all of their applications," the way Bechtel is doing.

"To be totally honest," Ramleth says about the apps transformation, "this is where we still have a lot more work to do."

deAling wiTh disrupTiOn It's been a period of disruptive change for IT. "Without change, life would be boring," Ramleth says, but he realizes that many people in his organization hold a dissenting view. The first issue that surfaced was security. "When you start saying, 'We should think more like an external provider,' the first thing people say is, 'Let's be careful with what we're doing in security.'"

Ramleth made a deal with his security team — a hand-shake pact that before anyone spent any significant amount of money on PSN, there would be a clear view of how security might work. By March 2007, when PSN work began in earnest, the security team had embraced a new way of thinking. Bechtel began working with Juniper Networks on a policy-based security model for the PSN. It's not perfect yet, but it's progressing. "It's a big change from having stuff inside or outside a firewall to this model we call any-to-any, secure-when-needed," says Ramleth.

Currently using or

implementing

Plan to use in 1 to 5 years

On the radar/ researching

No plans

Collaboration tools 50% 15% 18% 18%

Enterprise applications (e.g. CRM, ERP, BI)

35% 12% 19% 34%

Application platforms/ development software

34% 9% 27% 31%

Utilities (e.g. anti-virus spam filters, desktop management)

33% 14% 21% 32%

Servers 32% 11% 18% 39%

Storage 31% 16% 22% 30%

Networks 27% 12% 17% 45%

Personal productivity software

23% 13% 22% 43%

Not Yet Business-Criticalless than half of IT organizations currently use on-demand resources for enterprise applications or infrastructure.

Big Changes for IT SomedayThere's potential for the cloud to transform IT. But technology and security must mature, first.

Cloud Computing... Agree Disagree Neither/Not Sure

Will cause a radical shift in IT 58% 24% 18%

Will take years to mature 54% 30% 16%

Current offerings are not appropriate for my business

36% 44% 20%

Vendors have not adequately addressed security concerns

60% 19% 20%

FINdINg a WaYTo The CloudBechtel has bet its IT future on cloud — or on-demand — computing. But for many IT organizations, the concept remains a pie-in-the-sky, according to CIO research.

IT InfrASTruCTure



"What has been harder is getting our IT people to accept these larger changes," he continues. "IT people are not the risk takers of the world." And for many at Bechtel, the PSN represents big professional and personal risk. Specialized skills they spent years perfecting are seemingly going by the wayside in a more commoditized, cloud-based IT world (although the new

to create business differentiation. It frees up money and it frees up focus."

everyThing As A serviCe If Bechtel is able to get its big applications up and running in the new environment by the end of next year, that will be a success. But it's just a baby step, says Ramleth. "If

the job is automatically integrated into the customer's IT systems. If there's a problem with, say, a valve, someone would be able to query the plant's SAP maintenance software and find out who the manufacturer is, what the specs are and how to fix the problem. Better yet, as more viable "X-as-a-service" offerings become available from third-party providers, Bechtel will be in a better position to plug and play. "Could we someday buy storage from Amazon, for example?" asks Ramleth. It's possible, he says. With the in-house transformation behind Bechtel, "making that leap will be easier."

"We see what we're doing with the PSN — creating our own internal proprietary cloud — as an enabler and precursor to [embracing] third-party SaaS offerings in the future," he says. "We'll have already broken down our old operating model and reduced internal complexity." Meanwhile, Ramleth no longer gets blank stares when he talks to his executive peers about incorporating the best practices of YouTube, Google, Amazon and Salesforce.com. Not only that, he reports, "I'm getting a heck of a lot more interest from CIOs asking how they can do this. Maybe they're starting to come into some of the same issues we were, or maybe I'm just articulating it better."

Ramleth is convinced that IT leaders who wait to pursue similar strategies will be at a disadvantage down the road, as they continue to build more complexity and resource demands into their current environments instead of systematically trying to reduce that complexity and increase efficiency. "You have to start opening up a little to this way of thinking so you can start to transition now, rather than making it an expensive forklift operation down the road."

If the day comes when all computing moves to the cloud, at least Bechtel, Ramleth insists, won't have to start from scratch. CiO

Send feedback on this feature to [email protected]


you say the ideal world is when everything is done as a service — computing, storage, software, X-as-a-service — and you look at where enterprises are today, we have a long road to go," says Ramleth.

He imagines a 10-step process. Steps one and two were to build the foundation—three new highly standardized and virtualized datacenters. The next few will be to transition the old applications into the new environment. Then comes the hardest part: getting new business value from the PSN. Or as Ramleth puts it, "what it is that you can do now that you never did before."

One of those new things will be to offer partners and customers lifecycle information management. Today, there's no comprehensive capture of information on Bechtel's massive, years-long projects. But if the PSN becomes a part of day-to-day business, says Ramleth, "we can really start doing cross-company integration."

For example, Bechtel recently built a polyethylene plant in China. Once the PSN is fully deployed and integrated into Bechtel's business operations (by 2011 or 2012), Bechtel could help the plant owner implement its IT infrastructure and applications so that all of the information that was gathered while Bechtel was on

technology, as Ramleth sees it, brings with it additional opportunities as well).

Ramleth identifies three ways employees respond to change. "You have some people that just take you on blind faith and say, 'This makes sense, let's figure out how to do this,'" he says. Next, "there are some early followers who say, 'I would like to be there, but tell me that I am not going to get hurt.' They don't need too much convincing." In the third group "are the people who become part of the problem rather than part of the solution."

The key to winning over the staff is to look for individuals in the latter group whom you can convert from pointing out everything that's wrong with the new plan to helping you figure out what has to change to make it right. Notes Ramleth: "I often say to people, 'I don't know of anybody that embraced change that ever got hurt by it. Most people that embrace change benefit from it.'"

Experts say such a transformation can benefit the larger IT group, "The enterprise can actually start to do things quite differently," says Rubin. "[It can] take all that time and money tied up in technical specialization and leverage that massive amount of new computing power

— geir ramleth

“if you say the ideal world is when everything is done as a service — computing, storage, software, X-as-a-service — and you look at where enterprises are today, we have a long road to go.”

IT InfrASTruCTure


Trendline_Nov11.indd 19 11/16/2011 11:56:19 AM

54.6% Increasing customer loyalty

39.8% Cross/up selling

42.6% Creating appropriate offers

48.1% Mining customer data

53.7% A lack of predictive analytics

11.1% Other

In the Line of Fire

Vol/4 | ISSUE/044 2 j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

CustOmERsAt thE DOOR

Of CIOs have retail or

customer-facing operations.

35.4% 1,000 or more

3.1% 800 – 999

2.1% 600 - 799

7.3% 400 - 599

15.6% 200 - 399

11.5% 100 - 199

25% Less than 100

CROss COnnECt?

Despite the fact that increasing customer loyalty

is the biggest challenge for customer-facing

employees, most CIOs seem to be focusing on data mining projects. IT

projects that are meant to increase customer loyalty

come second.

How many customer-facing employees do you have?

What's In the Way? What key challenges do customer-facing employees encounter?

Respondents chose all that applied.

mAkIng busInEss A pRIORItyGiven the current econonic climate, those interfacing with customers — and therefore in charge of ensuring their loyalty — have to work harder. We asked 148 CIos how important the needs of customer-facing employees were and how they were helping.

Customer analytiCs

CustOmer analytICs

44.8% Increasing customer loyalty

29.2% Cross/up selling

38.5% Creating appropriate offers

53.1% Mining customer data

51% Predictive analytics

14.6% Other

What Are you Focusing On?Do you currently have projects in any of these areas?

kEEpIngCustOmERs hAppy

of CIos say that increasing customer loyalty is the hardest part of

their customer-facing employees' jobs.

CustOmer analytICs

Can It help Organizations Increase Customer Loyalty? According to CIo’s survey, increasing customer o’s survey, increasing customer oloyalty is among the hardest jobs in an organization. What can IT play a role in easing this burden?

“Technology assists the business in pre-empting the consumer’s changing needs by analyzing trends. It is not the post-mortem that helps — but the proactive approach that counts. ”

RAvAvA IkIRAn mAnkIkARGM-IT, Shamrao Vithal Co-operative Bank

“When over 60 percent of your client base are repeat customers, managing their loyalty becomes all the more important. We routinely capture feedback, which we then analyze to better our products and services.”

DAyAyA AyAy pRAkAshHead-IT, LG Electronics

“One can’t create loyalty; one can only retain customers. We ensure that customers

find what they want. With analytics, you understand your strengths and the

opportunities for improvement.”

ARun O. guptAuptAuptCustomer Care Associate and Group CTO,

Shopper’s Stop

“Retaining customers is a top priority. Though we don’t have a BI solution, we

leverage several other tools to collate data and provide maximum visibility about a

customer’s investment to our users.”

ChAItAtAt nyAnyAny WAghDirector-IT, JM Financial

GM-IT, Shamrao Vithal Co-operative Bank

Shopper’s Stop

CUSTOMER ANALYTICS

Presented by

UNVEILING CHALLENGES IN CUSTOMER ANALYTICS



WEt summERs AnD ExtREmE fLOODs, Tesco branded vans darting in and out of suburban streets like minnows in a stream and a conservative party stating it will tax companies on the impact they have on the environment. These issues are indicators of the pressures the supply chain of major retailers and manufacturers in the UK is about to endure from customer consumption habits and regulations.

Existing methods of haulage, storage, shop inventory and customer delivery are set to be revolutionized. As a result, the information infrastructure to support the supply chain will also undergo a major reinvention.

Existing methods of haulage, storage, shop inventory and customer delivery are set to be revolutionized. As a result, the information infrastructure to support the

supply chain will also undergo a major reinvention. Here’s how to prepare. By Mark Chillingworth

Reader ROI:

The new factors affecting the supply chain

How to meet the new challenges

Why collaboration will play a crucial role

SCM

Feature -02-Supply Chain.indd 44 12/26/2008 5:55:57 PM

Management consultants CapGemini have been studying the future landscape of the supply chain. Its 2016 Future Supply Chain report indicates that the complexities of the challenges facing the supply chain are not the sole responsibility of the supply chain manager. In the report, Roland Dachs, supply chain vice president at packaging manufacturer Crown Europe and Xavier Derycke, director of retail chain Carrefour say, "Until now, the most important parameters for supply chain designs have been related to cost efficiency and on-shelf availability," the duo warn of the challenges to come, "new factors are becoming increasingly critical, such as traffic congestion in urban areas, energy consumption, CO2 emissions and the permanent rise in transportation costs."

A raft of legislation has already come into force. In the UK, supply chain managers now have to comply with the London congestion charge, which has drastically reduced the number of vehicles that come into the center of the city. Earlier this year the 'low emissions zone' was introduced, which places a £1000 (about Rs 70,000 ) fine on haulage vehicles that do not comply with standards set down by Transport for London. The British Climate Change Bill, which came into force last November, sets a legal target for Britain to achieve a 60 percent cut in its carbon dioxide emissions by 2050.

In the near future, CapGemini foresees water consumption regulations and increasing security regulations imposed not only on information, but also on the warehouses the supply chain uses to store its inventory.

Consumers embrace these regulations as they believe they improve the quality of life, especially for those living in urban environments. Corporations have to convince their consumers that they are behaving responsibly towards the environment. CapGemini believes

the 2007 Bali Treaty, as well as other legislative initiatives, are "challenging the industry to come up with breakthrough solutions by 2020. Preserving energy and raw materials and other resources like water will become a crucial aspect in future supply chains."

Organizations are already seeing some of the challenges coming into view. Jane Scott, CIO at food services and supply chain provider 3663 said, "We can be more efficient. We have to comply with supply chain legislation already that fits in with being more sustainable." 3663 Food Services supplies the catering and hospitality industry. Its main clients are companies like Compass which runs the Starbucks, Burger King, Upper Crust and Ritazza chains in the UK. Scott has been CIO for the company for five years having joined the company from Coca Cola.

Anthoula Madden, vice president of consumer products and consulting services at CapGemini was involved in the production of the 2016 report, she describes the current supply chain as, "focused at the moment on the replenishment of the

outlets, but not enough on planning and other processes, such as returns or removal of waste and recycling materials. A lot more integrated planning is required."

Nigel Bagley, director of customer development at food and household goods manufacturer Unilever agrees and told experts, "We can't continue to operate with a supply chain that was developed decades ago on a historical method of manufacturing and delivery. The world has changed and we have to change our supply chain to adapt to it."

The Shape of ThingS To ComeWith a focus on keeping retail outlets fully stocked, CapGemini found that the majority of supply chains are also focused on reducing costs and supporting the ROI objectives of the business and its brand reputation, which is, of course, the role of every division of the business.

CapGemini says that new targets will be introduced such as a reduction in the energy consumption and meeting targets to reduce traffic congestion.

report includes a seven-point supply chain modernization plan, with these recommendations for

organizations to consider: in-store logistics which deals with the shelf

ready products, collaborative logistics that takes care

of sharing of transport and warehouses, reverse logistics that includes p r o d u c t r e c y c l i n g , packaging and returnable goods, demand fluctuation management with more planning and monitoring, labeling, alternative energy

forms and more efficient vehicles and buildings, and

last but not the least, joint business planning.

"Current KPIs can be used to measure supply chain efficiency,

they do not adequately address supply chain sustainability," the 2016report states. Its seven solutions bring the CIO into the fold. In-store logistics, which

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9 4 5Vol/4 | ISSUE/04

SCM

introduced, which places a £1000 (about Rs 70,000 ) fine on haulage vehicles that do not comply with standards set down by Transport for London. The British Climate Change Bill, which came into force last November, sets a legal target for Britain to achieve a 60 percent cut in its carbon dioxide emissions by 2050.

In the near future, CapGemini foresees water

supply chain uses to store

Consumers embrace these regulations as they believe they improve the quality of life, especially for those living in urban environments. Corporations have to convince their consumers that they are behaving responsibly towards the environment. CapGemini believes

the moment on the replenishment of the targets to reduce traffic congestion. The 2016 report includes a seven-2016 report includes a seven-2016point supply chain modernization plan, with these recommendations for

organizations to consider: in-store logistics which deals with the shelf

ready products, collaborative logistics that takes care

of sharing of transport and warehouses, reverse logistics that includes p r o d u c t r e c y c l i n g ,

forms and more efficient vehicles and buildings, and

last but not the least, joint business planning.

"Current KPIs can be used to measure supply chain efficiency,

they do not adequately address supply chain sustainability," the report states. Its seven solutions bring the CIO into the fold. In-store logistics, which Il

lU

St

ra

tIo

n b

y a

nIl

t

Feature -02-Supply Chain.indd 45Feature -02-Supply Chain.indd 45Feature -02-Supply Chain.indd 45

will require greater adoption of radio frequency identification (RFID), reverse logistics and greater use of alternative fuel are self explanatory changes, but sharing transport, warehouses and information between high street rivals is a giant leap forward in business collaboration.

CapGemini sees collaboration as imperative to the future supply chain. "Getting products on to the shelves will not diminish as a pressure, but organizations will have to become more dynamic," Madden says. Transport, warehouses

approach to supply chain with shared warehouses on the outskirts of the historic city stocking goods, which were then transported into the center of the city by special cargo trams, before the goods were transferred to electric delivery vehicles for the final leg of the journey.

Madden points out that for many goods and types of retailers there is no competitive advantage in having separate warehouses, for example a group of major book publishers share a warehouse in Amsterdam.

TeChniCal DemanDSScott is currently integrating a new Microsoft Dynamics AX enterprise resource planning (ERP) system into the 3663 wholesale division, which she and CapGemini both believe will improve supply chain management and enable the organization to react to the demands that are to be placed on the supply chain.Scott has already integrated voice-based technology, but is holding back on RFID. "We will sell products in the unit size the customer requires, so not a whole case for example, which makes RFID very difficult to utilize and the cost is prohibitive," she says of the role 3663 plays as both a vendor and distributor of catering food goods. "RFID cannot be used on fresh fruit and vegetables, but I am considering it for roll cages (the wheeled steel crates used for carrying separate goods onto a vehicle and then into the retail outlet)."

Scott said her next main focus will be on using technology to improve vehicle routing and is already seeing benefits, she is currently going out to tender for a partner to develop a telematics navigation system for its fleet of 1,200 vehicles.

Anthoula Madden at CapGemini believes the greatest technology challenge is the lack of standards in retail supply chain information management. She highlights the global data synchronization standard, but says it has been very slow to be adopted.

"The trouble is retailers are still in the process of adopting ERP and removing legacy systems. The adoption of the global data synchronization standard will enable collaboration," she says. In manufacturing, she says the picture is clearer as SAP ERP systems have become de facto technology, and "that is the big difficulty for the two sides of the supply chain".

CapGemini believes this new model of a supply chain is only achievable with greater collaboration "among all parties in the supply chain" and it will require "new ways of working together in the physical supply chain". If industry leaders collaborate, they also believe the government will "enact more appropriate regulations". Technically, they believe this


SCM

and information will have to be shared between manufacturers, retailers and logistics suppliers, the 2016 report states. "Improving such collaboration demands new ways of working together.

"The future supply chain is expected to provide clear benefits for our society, for industry, for individual companies, and ultimately for consumers and shoppers," they report. But they say these challenges are positive for organizations, with transport costs reduced by 30 percent per pallet, handling costs per pallet down by 20 percent and CO2 emissions per pallet reduced by 25 percent, and they confidently predict that on-shelf availability will not be diluted.

Scott, who is part of the wider business management team at 3663, said the organization is looking at the shared warehouse and trucks options. "We are already back-hauling, if a vehicle is returning from a customer we look for an opportunity to fill it up from a supplier on route," she says. Amsterdam has already experimented with a collaborative

Nigel Underwood, CIO at logistics supplier DHL says he and his team are spearheading collaboration in partnership with a DHL global consultancy. The pro-collaborative attitude at DHL has, in part helped it win contracts with Starbucks, Jaguar and Land Rover.

Madden also believes the current upward trend of online shopping and home delivery will change the supply chain radically.

Deliveries after 7 PM will increase and she even predicts that secure delivery points where a consumer can collect something if they are not at home, these could be Post Offices or local storage points.

Already companies such as Ocado fulfill their customer orders direct from a warehouse, taking the shop out of the supply chain.

In Sweden, Madden said she has observed the white goods industry embrace post 7 PM deliveries so that it can ensure that the customer is at home to receive their goods.

“Cios need to be looking to the future, because collaboration will become more important and also the needs of the organization to reduce emissions. — anthoula madden

VP - Consumer Products & Consulting Services, CapGemini


will require a standardized information infrastructure that is flexible, operates in real-time and uses demand data from the consumers as its starting point to give greater clarity of product demand.

For all parties in the supply chain to reap benefits, information transparency is a must as CIOs at retailers open up their information silos to suppliers to see the demand for a product. "Information about the actual status of items in the supply chain, at any moment, is essential to correctly co-ordinate all the combined logistic streams."

CapGemini doesn't underestimate the level of trust that will be required between supply chain partners, but sees it as crucial. For the CIO, this means the development of a platform for the exchange of information with the Web as the base.

Scott at 3663 sees forecasting as the intermediate answer, "Forecasting integrated with demand so that we can use information and technology to make a decent forecast," she says 3663 is very dependent on accurate procurement decisions.

Bagley at Unilever is a great advocate of the role technology and information can play in re-inventing the supply chain. "What our supply chain has today that it didn't have in the past is access to information, and our supply chain is dependent on information.

"So if we want to bring innovation into play, we need to start by thinking about bringing in the information that is available and incorporating that into making a more efficient supply chain."

Cio anD The Supply Chain"CIOs are currently involved to the point of delivering systems and meeting the requirements of the business. They are looking at today's requirements and they need to be looking to the future," Madden says. "Because collaboration will become more important and also the needs of the organization to reduce emissions," she adds.

CIOs becoming involved in the supply chain will need to develop an information architecture that enables

collaboration. "This will mean that an organization will have to have a service-oriented architecture (SOA) in place for this greater flexibility and the ability to share data. When this is in place an organization can change its KPIs."

The CapGemini report breaks supply chain collaboration into four concepts: information sharing, collaborative warehousing, collaborative city distribution and collaborative non-urban distribution, which could include customer pick up.

Bagley agrees that collaboration has a lot to offer, "Historically, we have had a manufacturer supply chain and a retail supply chain, but that is not workable today. That has inbuilt inefficiency, so by collaborating with manufacturers, suppliers, and logistics people and working together we can create a

collaborative model." "For IT, the role is getting the most out of what we have already got," Scott at 3663 says, this includes the efficiency of the truck fleet through route planning and re-routing vehicles if necessary.

It should provide tools to drivers to ensure they can efficiently complete paperwork and monitoring the temperature of their vehicles. "There is a greater need to drive the efficiency more than ever now." CIO


SCM

feeling increasing pressure, both internally from high-level execs and externally from customers, investors, and politicians, companies are taking the size of their carbon

footprints quite seriously.yet, more companies are determining that their own daily operations aren't the

sole contributors to their carbon emissions. rather, they're factoring in the emissions produced by the vendors down their supply chains. no one wants to be a greenhouse gas spewer by association, so to speak.

Exemplifying this trend is the fact that an institution like the carbon disclosure project (CDP) exists. the CDP is a collaboration of over 315 institutional investors managing more than $41 trillion ( about rs 205,00,000 crore) in assets. CDP is working with 11 corporate giants — including It heavyweights HP and Dell — to develop a standard method to gather carbon-emissions information from suppliers.

according to CDP, developing a standard means for suppliers to deliver carbon-emissions information "will vastly decrease the burden on [those] suppliers who might otherwise receive several separate requests for similar information."

"by bringing together the purchasing authority of some of the largest companies in the world, CDP will encourage suppliers to measure and manage their greenhouse gas emissions,” says CDP CEo Paul Dickinson. “this will enable large companies to work towards managing their total carbon footprint, as the first step to reducing the total carbon footprint is to measure its size."

Some of the companies that are participating in the supply chain leadership collaboration include: Cadbury Schweppes, Imperial tobacco, l'oreal, nestle, PepsiCo, Procter & Gamble, reckitt benckiser, tesco, and Unilever.

— by ted Samson

Whose Carbon: Yours or Mine?



InformatIon WellA majority of CIOs are firmly convinced that an enterprise-wide information management strategy is important, if not critical, for the success of their businesses. So what are they doing about it? Read on and find out what the 148 IT leaders polled said.

Game ChangingIs an enterprise-wide information management strategy critical to stay in the game?

12.6% Somewhat agree

1.8% Not necessary at all

34.2% Absolutely inevitable

51.4% Strongly agree

Storage InfraStructure

Whats the State of your Data?Is your data…

10.90% Not integrated at all

68.20% Somewhat integrated structured and

unstructured data

20.90% Fully structured and standards-based

access…Do all employees/users have access to structured data?

10% Full access to all employees

37.3% Partial access to all employees

17.3% Full access to a few employees

35.5% Partial access to a few employeesPartial access to a few employees

of cIos are actively looking at outsourcing information management compared to 29% who would rather do it in-house.

What's Scary?What is your biggest worry when it comes to information storage?

37.3% Archival and/or structuring

10.9% Storage space

1.8% Other

5% Back-up and recovery

information storage?

VOl/4 | ISSUE/045 0 j a n u a r y 1 , 2 0 0 9 | real CIo WorlD


What for? Why would you adopt an integrated approach to accessing and

analyzing data?

To achieve competitive differentiation 72.9%

To stay in the game 17.8%

For compliance only 4.7%

Other 4.7%

Is Storage a Priority?

What's Your 2009 Plan? Over the next 12–18 months, where do you plan to spend the bulk of your storage budget?

40.4% Yes, a priority

42.2% Somewhat a priority but not the first

17.4% Not a priority

14% Data lifecyclemanagement

32.7% Storagearchival andwarehousingtechnologies

29% Storagevirtualization

21.5% Storagearea networks

2.8% Other

STORAGE INFRASTRUCTURE

Presented by

UNRAVELING THESTORAGE ROADMAPOF I.T. CHAMPIONS

are there Benefits to Heterogeneous Storage architecture?Ease of management or vendor lock-in? CIOs are divided on this issue.

“I don’t see any benefits in a heterogeneous architecture since it makes maintenance of storage infrastructure a big challenge. I would prefer a homogenous environment any day.”

atul atul a lutHraHead-IT, PVR

“I use a homogenous environment because it is better for us to get great service from one vendor, rather than a number of unmanageable ones. There is less risk involved as well.”

S.S. SonIExecutive Director-IS, Indian Oil

“I prefer a heterogeneous system as it helps me avoid vendor lock-in, especially in a market situation where the demand

and supply of storage capacity are disproportionate.”

tarun Pantarun Pant DeYVP-IT, Aditya Birla Financial Services

“We prefer not to have more than two vendors, since support and management of any more than that is a problem. We stick to

the best technology offerings.”

SuDHIr K. reDDYCIO, Mindtree

Head-IT, PVR


NASA'S INfrAred Processing and Analysis Center wasn't shooting for the stars when it turned to virtualization to meet its storage needs. IPAC's cash-strapped effort to record images

of our universe — up to 30 million objects captured each night and 42 billion records over the life of the project — required big

storage capabilities, and the engineers needed them fast and at a low cost. "We were trying to find a way to step outside of the

normal storage purchases to meet our 'high performance and high availability on a budget' requirements," explains Eugean Hacopians, senior systems engineer at IPAC in Pasadena. IPAC had already purchased a shared-storage system from Seanodes in

Launching a storage virtualization project? Industry watchers offer five key questions you need to ask.

By Stacy collett

Reader ROI:

Various levels of storage virtualization

The importance of knowing why you want to virtualize

Vol/4 | ISSUE/045 2 j a n u a r y 1 , 2 0 0 9 | reAL CIO WOrLd

STorage

Feature -05-Storage Virtulization.indd 52 12/26/2008 5:57:08 PM

Cambridge to get control of its clusters with multiple compute nodes.

But Hacopians soon learned that he could put storage on the nodes and that they could work as compute servers and storage servers — without additional costs or upgrades.

"In general, I'm not really fond of virtualizing things," he says. In his mind, "everything has its own place. But it's a solution that fits a need."

Indeed, virtualization can offer a solution for many storage challenges. But it can also be costly to buy and complex to implement, and it might require you to purchase equipment you didn't need before, such as new switches or servers. How do you decide on the right approach and choose the right vendor? Industry watchers suggest five key questions to ask yourself and your prospective vendors before selecting a storage virtualization technology.

What problem are you trying to solve?The term 'storage virtualization' has become a catch-all phrase used to refer to many types of technology that make more efficient use of your storage assets. It can also bring these assets under a single management umbrella with a single point of control.

S i n c e s t o r a g e virtualization comes in all shapes and sizes, first determine what level of storage you're trying to optimize. Is the pain point at the block level, file level or tape library level?

For block-level storage, virtualization can help consolidate large, disparate soft assets in the form of storage tiers, or it can simply bring them all under one roof.

At the file level, virtualization comes in handy when companies develop too many islands of network-attached storage. "[If] your users are storing data all over the place, and you can't back them all up under a single roof, you use storage virtualization to bring all that under a single umbrella, and everyone accesses it through a common [naming convention]," explains Ashish Nadkarni, principal consultant at GlassHouse Technologies.

At the tape library level, virtualization is used for making online storage appear as tape to the backup software.

Do you Want host-, Want host-, WnetWork- or array-baseDvirtualization?When deciding what type of virtualization is best, "it really comes down to what problem you're trying to solve and what kind of vendor affinity you have," Nadkarni says.

For most IT units, having host-based virtualization is a given, since volume managers run on the host. More often than not, you'll see host-based virtualization in a storage-area network environment.

"Array-based virtualization is more of a function of which vendor you're going with for your primary storage," Nadkarni says. For example, with some Hitachi Data Systems storage products, virtualization can be deployed by enabling an existing software key within HDS's Universal Storage Platform or its Network Storage

Controller. "So you'll go with array-based if you plan to buy a Hitachi frame

for your Tier 1 storage," he says. Network-based virtualization

is typically used if you plan to make your SAN a multi-

protocol storage network and in doing so are porting the network intelligence — which also includes virtualization.

Some products blur the lines between host-, array- and network-based virtualization.

"Products like Seanodes' would be considered

host-based virtualization because you're virtualizing

over the nodes," Hacopians explains. "You could also think

of it as network-based, because you're virtualizing and spreading

it across and letting the network take care of itself." Industry watchers agree

that virtualization might be easier to

reAL CIO WOrLd | j a n u a r y 1 , 2 0 0 9 5 3Vol/4 | ISSUE/04

STorage

Il

lU

St

ra

tIo

n b

y U

nn

Ikr

ISh

na

n a

V

Feature -05-Storage Virtulization.indd 53Feature -05-Storage Virtulization.indd 53Feature -05-Storage Virtulization.indd 53Feature -05-Storage Virtulization.indd 53Feature -05-Storage Virtulization.indd 53Feature -05-Storage Virtulization.indd 53

implement and cost less if IT groups stick with their vendors. "If you're primarily in a Hitachi environment, for example, array-based virtualization is probably going to make the most sense," Nadkarni says. "If you're a Cisco SAN, and you already have the infrastructure to implement Cisco virtualization, then network-based makes more sense."

hoW much complexity can you hanDle?Host- and array-based virtualization are usually the easiest to implement, experts say. Network-based systems are often the trickiest because there is no direct way of virtualizing in a network. Most IT shops use third-party appliances. Cisco's system usually requires users to buy enabler software or an appliance or other third-party tool that sits alongside it, Nadkarni says.

"Then you have to figure out whether it's going to be asymmetric or symmetric,"

he says. "Where are you going to store your depository? What services do you want to provide? What arrays are you going to virtualize?" In an array-based setup, "you take your second-tier arrays and just virtualize them behind your existing arrays. It's one view to the whole world — like having one entrance to the office," Nadkarni adds.

Gene Ruth, an analyst at Burton Group, says the simplest approach is to choose an all-inclusive system, add appliances and then link them. But beware of diminishing returns. "At some point, it just gets complicated, and it may not be worth it when you aggregate too many appliances," Ruth says. "Then you have to ask yourself, is it better or are you getting this lowest common denominator?"

The hardest part is the planning phase, says Roman Perez, systems engineer at Business Technology Partners in New York. "If you have a big company with thousands

of servers, you have to do it little by little, and that's a big project," he says.

What's your buDget?Your budget will depend on the type of virtualization you need. Block-level virtualization is cheaper if you implement it as part of your upgrade. If you're buying or implementing a new SAN, then incorporating storage virtualization within the SAN is more prudent than buying off the shelf. "It tends to be pricey because you're now trying to 'a-la-carte' it. Do it as part of a larger upgrade so you can bundle some costs into the upgrade itself," says Ruth.

He also recommends that IT managers compile a spreadsheet to compare those scenarios. For virtual tape libraries, it's important to correctly estimate virtualization needs — or risk buying much more capacity than you need.

Do you have an exit strategy?Network-based virtualization can get tricky, Nadkarni says. "It can get a little complex over time, so you have to make sure that whatever architecture you're implementing [can be withdrawn from]," he says. "You shouldn't be stuck with it."

Most storage virtualization products create metadata from your data. That's how the storage objects they virtualize are managed. "Un-virtualizing means figuring out how to re-appoint your metadata back to original data," Nadkarni explains. "The second problem is, your data could be across multiple storage areas or multiple objects. In that case, you now have a challenge of trying to present the same data, in a committed manner, back to the host again."

Storage virtualization isn't an insurance policy against sloppy practices, Nadkarni says. "It's almost like taking a dirty room and stuffing everything that's out of place into a closet," he says. "You really need to put things back into their place. So storage tiering or other good storage practices need to be taken care of first. Then you can move to the next step and implement storage virtualization." CIO


Step 1: Clearly understand what you're trying to achieve with storage virtualization. Is this project part of a broader virtualization deployment strategy? or is it designed for a specific use, such as tiered storage, disaster recovery or basic resource management? Make sure you fully understand what you want to achieve (or overcome) by deploying storage virtualization.

Step 2: assess your current skills and identify gaps. look across your It staff for relevant and related skills. Is your storage specialist virtualization-savvy? Do you have It workers with years of relevant mainframe or system virtualization experience? look at your virtualization project to see whether any specific platform integration will be required (for example, hypervisors, clustering or data sharing).

Step 3: Evaluate independent training and certification. before conducting vendor analysis, make sure you've addressed potential skills gaps in order to make an assessment of different approaches to virtualization and how they might fit into your organization's existing infrastructure.

Step 4: Consider vendor-specific training. Storage virtualization approaches vary from vendor to vendor, so if you have selected a new vendor or are expanding work with an existing vendor, you will likely need some custom training to ensure that you're taking advantage of all the features the vendor provides.

Source: Storage networking Industry association

Vol/4 | ISSUE/045 4 j a n u a r y 1 , 2 0 0 9 | reAL CIO WOrLd

STorage

4-Step Skills AnalysisStorage staffers can make the leap to managing virtual

environments, but not without targeted training.

Feature -05-Storage Virtulization.indd 54 12/26/2008 5:57:11 PM

Trendline_Nov11.indd 19 11/16/2011 11:56:19 AM

ReliabilityIs the attribute that most CIOs are looking for when they outsource

network infrastructure.

Significantly reduced 7.1%

Moderately reduced 19.6%

Marginally reduced 13.4%

No change in budget 23.2%

Marginally increased 19.6%

Moderately increased 13.4%

Significantly increased 3.6%

your budgetHow would you describe your network infrastructure budget for this year?this year?

you Face WithWhat is the biggest challenge in your current network infrastructure?

What Kind of Spender are you? Most CIOs have dedicated 10-20 percent of their overall budget to network infrastructure this year.

Most CIOs have dedicated

0-10 10-20 20-30 30-40 40-50

12.3

31.5

26

20.5

9.5

23.1% Bandwidth

30.6% Maintenance

11.1% Latency

28.7% Future-proofing

6.5% Others

Staying connectedMost CIOs are betting on unified communications and are planning to invest in the technology this year. For the rest of what's in store in 2009, read on to discover what 148 CIOs told us.

Network INfrastructure

NetwOrk INfrastruCture

On an average, a fifth of a CIO's overall IT

budget to be spent on network infrastructure

in 2009-10.

On an average, a fifth

VOl/4 | ISSUE/045 6 j a N u a r y 1 , 2 0 0 9 | Real cio WoRld

% of CIOs% of CIOs

% of their budget they plan to spend on network infrastructure this year.

53.4% Unified Communications

24.3% 10 Gig Ethernet

35.9% Wireless LANs

48.5% MPLS Mesh

35% Converged Networks

1% Others

The percentage of CIOs who use the

offerings of a network services provider.

What's Planned for 2009?Which networking technologies do you plan to invest?


NETWORK INFRASTRUCTURE

Presented by

REVEALING TRENDS IN NETWORKING INFRASTRUCTURE

NetwOrk INfrastruCture

What Would Prompt you to converge your network?CIOs strongly believe that a converged network can optimize operational costs but at the same time there is some debate over cost-effectiveness.

“In the media industry, where data, voice and video usage is high, a converged network helps in centralization and ease of management. It utilizes fewer resources thus increasing cost-effectiveness.”

Sunil MehtaSenior VP & Area Systems Director, Central Asia, JWT

“A converged network enables user collaboration. It also improves security through identity management, for example. We have also seen great value in scaling up to business needs.”

b.l.V. RaoVP Networks & Systems and CISO, Infotech Enterprise

“A converged architecture is great but is not affordable. With the huge

amounts of investment in existing infrastructure, the cost of converged

network is a major impediment.”

t.P. t.P. t anantheSWaRanHead-IT, Mumbai International Airport

"A converged network combined with unified communications is much needed given the current economic climate. It also improves

mobility, efficiency, performance and increases efficiency."

ajay KuMaR MeheRVP-IT, Sony Entertainment Network

Central Asia, JWT

“A converged network enables user

With ever-expanding networks and companies wanting to increase their bandwidth, network costs are on the rise. Here’s how to control those spiraling expenses.

By Karen D. Schwartz


networking

Feature -04-Networking.indd 58 12/26/2008 7:39:35 PM

Of ALL Of thE ongoing expenses needed to keep corporate IT running, network costs are perhaps the most unwieldy. New

technologies, changing needs and ongoing maintenance keep IT staff on their toes and money flowing out the door. But there are ways to manage network costs.

The ProblemAccording to the Aberdeen Group, network costs continue to rise. In 2008, network spending is expected to increase slightly more than 5 percent over 2007. Telecom management industry association AOTMP of Indianapolis, backs that up, estimating that spending for voice and data services alone averages $2,000 to $ 3,000 (about Rs 1 lakh to Rs 1.5 lakh) per employee.

The biggest area for steady cost growth is the ever-expanding network, either as a result of physical expansion or a thirst for connectivity. In the first case, a new branch office could require replication of the security infrastructure through technology like a point-to-point VPN connection. The network may need to add a multiprotocol labeling service to provide that branch office with a wide-area, high-speed connection. And those expenses are in addition to the cost of routers, switches and network appliances.

Internally, the need for speed is driving the increase of network costs. More devices, either in terms of number of ports for network access or the number of network-connected devices per employee, is increasing.One trend is the shift from standard

PCs to mobile PCs. Over the next five years Forrester Research believes corporates will reach an inflection point where traditional PCs are eclipsed by mobile PCs.

"Now you have a device that perhaps needs a port or wired drop at the desk and may also need to be supported on a wireless network, so the number of means by which employees can connect to the network drives the size of the network in terms of end points of connectivity," explains Chris Silva, an

The growth of wireless networking is also increasing IT costs. As companies begin to replace all or part of their networks with Wi-Fi networks to take advantage of newer technologies like 802.11n, they are spending liberally. And don't forget the hidden costs: as new devices enter and new network end points are developed, network management becomes more complex and expensive. For example, you might have your core wired network infrastructure from vendor A but overlay a wireless network from vendor B, which creates two separate management consoles. And as more employees connect to

the network via devices like BlackBerrys and phones, IT must manage and

secure these devices, too. Clearly, companies must

do what they can to manage these costs. AOTMP found

that developing a strategy to manage expenses was the top telecom network initiative for companies in 2008, with reducing spending for telecom services and improved asset and inventory

management services rounding out the top three.

reducing neTwork cosTs

The first step in controlling network costs, says Aberdeen analyst Began

Simi, is to take the network's pulse. That means understanding exactly where the network's performance bottlenecks are and how efficiently the network is performing. "Throwing more bandwidth and money at the problem can be expensive," he says.

There are automated network monitoring tools available to measure these metrics. Both sophisticated products from vendors like Cisco Systems and NetQoS and free tools like PRTG Network Monitor and pier can provide a lot of value, such as reducing bandwidth

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9 5 9Vol/4 | ISSUE/04

networking

analyst with Forrester Research.Other factors also are contributing to

spiraling network costs. Aberdeen Group found that companies expect to grow their bandwidth by 108 percent on average over the next 12 months and expect to increase the number of business-critical apps running on their networks by 67 percent.

Reader ROI:

why network management costs are high

How to reduce these costs Il

lU

St

ra

tIo

n b

y a

nIl

t


and server performance bottlenecks and avoiding system downtime.

Once you know what's going on in your network, there are many methods to reduce costs or prevent them from rising further.

One method is to consolidate physical network infrastructure by finding ways to make the switch that's at the core of the network perform more functions; by doing so, you can reduce the number of appliances and bolt-on solutions your network uses. .

Virtualization is a key part of network consolidation. By setting up network infrastructure to be delivered from a pool of shared resources, those resources can be used more efficiently across a network fabric, explains Peter Fetterolf, a partner at Network Strategy Partners, a Boston consultancy. Virtualization can improve network resource utilization, efficiency and agility, helping lower TCO.

What's more, virtualization leads to reduced overhead in areas like power and cooling; real estate; supervision, maintenance and personnel; and telecom services, he adds. And consolidation of service capacity in a single location creates more predictable demand patterns that permit better utilization, while overhead costs are spread over more productive assets like systems administrators per server.

Another part of consolidation is adopting technology that allows IT to manage both wired and wireless networks from a single platform via APIs or other types of app integration tools. Most big network vendors are battling to provide functions like these, but third-party vendors also can help.

"That means taking one network management console and managing not only just the flow of data bits and bytes, but managing the VPN service, the WAN

optimization tool and other things in the network," Silva says. "You want to consolidate your different management interfaces and consoles into one virtual single pane of glass management, where everything is on one screen."

And don't forget what you already have in place. It doesn't make sense to invest in more technology if you're not maximizing the value of your current investments, Silva says. For example, you may have spent a lot on a wireless network and mobility technology, but if the network hasn't been configured properly, you're wasting money. If built correctly, the network can probably support technologies like voice over wireless LAN or VoIP, for example.

"Most often, you can squeeze more value from what you already have by using the same infrastructure with different overlay technologies," he says. "So in addition to serving data, that investment in a wireless LAN can also work toward cutting down monthly cellular bills of an organization because that network can also support voice. And the same template can be applied to support things like video, using the WLAN for asset or employee tracking and presence-enabling UC systems."

And examine the vendors and technologies you are using for best value. If, for example, you have relied on one vendor to develop your entire network, expenses could get very high very quickly. "There are a lot of different ways to build a network, and there are a lot of different options. They are all worth exploring," Fetterolf says. And once you have done that, don't be shy about pitting vendors against each other, he adds.

Finally, it can also make sense to look beyond the four walls of your organization for cost savings. Outsourcing network management, for example, can save significant money in some cases. In a recent study, Aberdeen Group found that organizations that outsourced network management reported an average savings of 26 percent when compared with their previous spending. CIO

Send feedback to [email protected]


networking

More than 75 percent of 519 It professionals surveyed by King research have already deployed some type of virtualization technology and about 10 percent intend to do

so in the next 12 months. the survey, shows that virtualization isn't just for enterprise It shops anymore as more than half (55 percent) of companies polled said cost savings on hardware, power and space were the primary drivers for adopting the technology. More than 80 percent of those who have deployed the technology reported experiencing savings from reduced hardware requirements.

about 56 percent of the companies surveyed represented midsize companies, or those with between 100 and 5,000 employees. Eighty-five percent of midsize companies have deployed or have plans to deploy some form of virtualization technology in the next 12 months, and about 64 percent of midsize companies report that their organizations have already adopted application virtualization or plan to do so within 12 months.

"the idea that virtualization is strictly an enterprise commodity simply doesn't hold — medium enterprises are embracing virtualization technologies and adopting them at a rapid pace, realizing immediate benefits," said King research's Diane Hagglund.

yet challenges remain. about 37 percent said that lack of virtualization expertise limited their adoption plans and 35 percent cited high costs as a prohibitive factor in adopting the technology.

"the other limiting factors mentioned included a lack of vendor support for virtual platforms and the comfort of the application development department with virtualization technology," the survey says.

—by Denise Dubie

Virtualization Infiltrates Midsize Companies

Midsize companies have jumped on the virtualization bandwagon to achieve cost savings on hardware, power and

space, according to one survey.


Over the next few years, going ‘green’ will become the new black. But as cynical as it may sound, the average CIO is unlikely to develop a green conscience. Instead they will be looking for ways to contain spiralling energy costs, adhering

to new legislative needs and fulfilling growing corporate social responsibility obligations.

Robert Lee, IT director for the logistics and marine business of the Bibby Line Group, says most companies will not be so much adopting

green IT policies as starting to incorporate environmental considerations into their IT strategy.

EnvironmEntal DrivErs“We’re currently driven by two factors — we’ve got economic considerations and governance ones relating to

social responsibility. And green issues are part of that so we’re certainly conscious of them – it’s part of our corporate ethos as a privately-held company,” says Lee. However, this does not mean enterprises are going to start “chucking

By Cath EvErEtt

A green-friendly IT strategy is not just a PR move. It can bring substantial cost, energy and governance benefits.

Reader ROI:

Ways to save energy

How to put together a sustainable plan

Green IT

Vol/4 | ISSUE/046 4 j a n u a r y 1 , 2 0 0 9 | reaL CIO wOrLD

Feature -03-Green IT.indd 64 12/26/2008 5:59:31 PM

out bits of tin and putting in biodegradable computers” any time soon, says Jon Collins, principal analyst at MWD Advisors. Rather the focus will be on controlling the overall environmental impact of technology, with energy efficiency being the main concern.

While energy efficiency has been at the back of many a CIO’s mind for some time, it will start moving to the forefront in this year. Energy costs have doubled over the last 18 months and are expected to double again. That means that the costs involved in running a datacenter will start raising questions at the board level.

Rakesh Kumar, research director at Gartner Group, believes that in a few years, expenditure could leap from about 10 percent of the IT budget to maybe 50 percent.

As this year opens, CIOs will have a wake-up call driven by cost. Most CIOs don’t have any more of a green conscience than anyone else but when they do their budgets many see that their power needs for servers have doubled or trebled. The smart ones are going to see that they have to fix the problem, Kumar says. This increase in the problem, Kumar says. This increase in demand for power is being driven primarily demand for power is being driven primarily by the widespread introduction of x86-based by the widespread introduction of x86-based high-density servers. high-density servers.

A traditional rack of servers A traditional rack of servers typically requires about two typically requires about two kilowatts of power but this kilowatts of power but this figure jumps 10 times for a figure jumps 10 times for a rack of blade servers. The rack of blade servers. The problem is made worse by problem is made worse by multiple racks of blades. multiple racks of blades.

Cool CustomCool CustomErsCooling is another concern as the Cooling is another concern as the same amount of energy is needed to same amount of energy is needed to control blade rack temperatures and control blade rack temperatures and prevent machines from shutting prevent machines from shutting down. All of this is creating down. All of this is creating an exponential demand for an exponential demand for power and the fear is that, power and the fear is that, over the next few years, over the next few years, some datacenters may not some datacenters may not have sufficient available have sufficient available supplies to cope.

To make matters even more To make matters even more tricky, environmental protection tricky, environmental protection legislation is starting to raise its legislation is starting to raise its head, which may even result in a tax on those head, which may even result in a tax on those

datacenters that are deemed to waste energy. For example, in a surprise move in July, the US House of Representatives approved a bill that called for a six-month study on datacenter efficiency to be undertaken by the Environmental Protection Agency.

Among the goals were to determine what chip makers and systems manufacturers can do to increase energy efficiency and to explore what incentives could be introduced to convince organizations to adopt more efficient datacenter technologies. The bill has now gone to the Senate but if passed would require President Bush’s signature.

GrEEn CrEDEntialsThe EU is also starting to consider green IT issues. It is currently examining whether to restrict the levels of carbon emissions from computer equipment and is believed to be looking at introducing a tax on datacenter emissions should they exceed certain limits, although such discussions are still at an early stage.

All of this is feeding into a general awareness of green matters, which, in awareness of green matters, which, in turn, increases the profile of environmental

issues in terms of corporate responsibility obligations. The upshot is, as time goes on, organizations are likely to portray their response to economic and legislative necessities relating to the datacenter as social virtues. Being able to demonstrate that they have gone green in an IT sense will become progressively important to their brand and reputation.

"Not only do we consider green issues important, we think of them as win/win scenarios. Generally, the environment benefits and our costs go down," says Catherine Doran, director of information management, Network Rail

So what can CIOs do to start addressing this situation? Exploring how the datacenter can be run more efficiently in power terms helps, as does undertaking any new procurement with this in mind.

EnErGy Gy G savinsavins GsKen Moss, IT controller at Allied Carpets, for example, found that consolidating and virtualizing servers and replacing PCs with IGEL thin clients at each of its 220 with IGEL thin clients at each of its 220 stores brought it huge energy savings. stores brought it huge energy savings.

The main aim of the project had been The main aim of the project had been to centralize its IT systems to improve to centralize its IT systems to improve

stock control, speed up ordering stock control, speed up ordering times and boost customer times and boost customer

service. But Moss says: “One of service. But Moss says: “One of the drivers for the business case the drivers for the business case was the fact that we could save was the fact that we could save

£70,000 (about Rs 49 lakh) in £70,000 (about Rs 49 lakh) in energy costs. Fuel costs are adding energy costs. Fuel costs are adding

to the expense of doing business to the expense of doing business and we’ve seen substantial and we’ve seen substantial increases over the last few increases over the last few years. But thin clients only years. But thin clients only

use 15 watts of electricity, use 15 watts of electricity, whereas a PC’s ambience is whereas a PC’s ambience is

10 times that.” 10 times that.” Network Rail,

meanwhile, has introduced various

initiatives to try and tackle similar issues. The tackle similar issues. The

organization, which owns organization, which owns and operates the UK’s rail and operates the UK’s rail infrastructure, is gradually infrastructure, is gradually

replacing monitors with low-replacing monitors with low-energy TFT screens, a move that energy TFT screens, a move that

Green IT

Ill

US

tr

at

Ion

by

MM

Sh

an

Ith

Vol/4 | ISSUE/046 6 j a n u a r y 1 , 2 0 0 9 j a n u a r y 1 , 2 0 0 9 | reaL CIO wOrLD

Feature -03-Green IT.indd 66Feature -03-Green IT.indd 66Feature -03-Green IT.indd 66Feature -03-Green IT.indd 66Feature -03-Green IT.indd 66

Doran expects will cut energy consumption by two-thirds.

It has also rolled out handheld computers to replace the paper-based systems currently used by maintenance workers, while providing signal box operators with tablet devices rather than paper forms to check control procedures.

This is expected to save as much as £500,000 (about Rs 350 lakh) in printing costs each year. Printers and fax machines are likewise being replaced with multi-functional devices and print settings are being adjusted to reduce print density to put a brake on toner cartridge consumption.

Easy WinsWith a bit of thought, it is possible to pick off ‘low-hanging fruit’ in a range of areas and although this takes “very little effort, it can make a large difference,” according to Matthew O’Neil, group head of distributed systems at HSBC bank. He has been tasked with looking at the environmental impact of the organization’s IT function and to establish what can be done about it.

For instance, simply encouraging staff to unplug mobile phone chargers

and unused equipment can reap energy saving benefits as can installing power-saving software. To this end, the financial services giant is in the process of testing 1E’s Nightwatchman applications in its London office, with rollout across its 200,000 UK desktops. liGhts outThe agent-based software makes overnight checks to identify which of the organization’s client machines are still running, before shutting them down safely. If this cannot take place, the system generates an exception report so that suitable action can be taken.

The bank has also introduced a three-year virtualization programme to drive up the utilization rates of their equipment. “This a great thing from a cost control point of view. You don’t have to buy new hardware and you draw on the same amount of power and cooling so it becomes self-funding,” says O’Neill. Francis Sullivan, HSBC’s advisor on the environment warns that it is impossible to look at environmental issues in isolation and that sponsorship

at the highest executive level is required to embed a green strategy into organizational culture.

“You have to take a very coordinated approach. If you approach it as silos and departments working independently, it’s not going to have the same impact so IT has to sit at the same table with all the other business areas and work with them,” he says.

ProCurinG BEnEfitsNowhere is this more obvious than in terms of procurement, where IT has collaborated with the purchasing department to build environmental concerns into the process. One of the tools that HSBC uses here is the Zero Waste Alliance’s EPEAT environmental certification scheme, which rates electronic equipment from bronze to gold in terms of green performance.

“Equipment that makes it on to the central standard product list has to have a silver rating or above. But I’ve made it a policy that I’ll provide support for EPEAT kit only, so if people want to go outside that, they have to ask for approval from the Group CIO and pick up the additional costs of support. So you have to have a compelling reason to go outside and no one does,” says O’Neill. In a similar bid, the IT department at energy supplier Centrica is working towards certification under the ISO14001 environmental management standard, which it hopes to attain by April 2007.

The organization has already created an IT environmental policy and is now undertaking an impact assessment to understand how its affect the environment. The next step will be to identify what controls can be put in place to manage risk and, where appropriate, to come up with projects to help improve performance. “It’s much easier to build things in from day one but that doesn’t mean you can’t act later. When your IT kit is at the end of its life, don’t replace it with the same stuff.

“Find something that will run more cost-effectively because that’s just as important as upfront costs. It’s all about delivering sustainable benefits,” says O’Neill. CIO


Green IT

applications that can help to better manage power and cooling and improve management, automation, load and capacity administration will be in demand across

the asia Pacific excluding Japan, according to new IDC research. "as businesses in aPEJ continue to grow, power consumption in energy hungry

datacenters also increases," says adren lim, market analyst of IDC's asia Pacific software research. "Green It has become even more appealing as businesses look towards energy-efficient solutions to reduce power consumption and to alleviate the costs."

Gartner classifies the apps in three main categories: power monitoring and management tools, asset management and automation tools, and server virtualisation software.

the survey indicates Green It technology gaining strong momentum and mindshare across the region, says IDC. this is largely driven by benefits from cost savings, followed by corporate social responsibility (CSr) and compliance. over 75 percent of the surveyed population agreed that cost savings was the main reason for them to invest in green It.

"a large portion of green It practices and supporting software revolve around virtualisation products, but equally important, is the management of these consolidated virtual and physical assets that will bring value through lower power, hardware, and manpower costs," adren added.

— Zafar anjum

3 Apps for Green Datacenters

Vol/4 | ISSUE/046 8 j a n u a r y 1 , 2 0 0 9 | reaL CIO wOrLD

Feature -03-Green IT.indd 68 12/26/2008 5:59:35 PM

How Did You Know?Who alerted you first about a security incident?

Ouch..!How was your organization impacted by the breach?How was your organization impacted by the breach?

Double Whammy!Please specify how often these have occurred in the last year.

Of IT leaders say that their security budgets will increase in this year.

VOl/4 | ISSUE/047 0 j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

53.5% Intrusion detection/prevention system

59.4% Analysis of server or firewall files and logs

29.7% Security event correlation monitoring software

33.7% Managed service provider

11.9% Customer or supplier

21.1% Financial losses

29.8% Intellectual property theft

29.8% Brand/reputation compromised

22.8% Company home page altered / defaced

5.3% Loss of shareholder value

5.3% Extortion

15.8% Fraud

19.3% Legal exposure/lawsuit

Repeated occurrence

One occurrence

Viruses/worms outbreaks 36.8% 63.2%

Wireless network breach 27.3% 72.7%

Loss of customer data/privacy issues 5.3% 94.7%

Internal financial fraud involving information systems

35.7% 64.3%

Theft or leakage of intellectual property (e.g. customer leakage)

17.4% 82.6%

Accidental instances 18.6% 81.4%

Other form of internal breach 33.3% 66.7%

Respondents chose all that applied.Respondents chose all that applied.

35% IDS management and monitoring services

42% Vulnerability management services

32% Firewall services

42% VPN services

24% Application management services

73% Audits

Handing It OverWhich parts of your security set up would you outsource?

WHAt ARE YOu AfRAID Of?A majority of CIOs say that malware will create havoc in the coming year. And a majority of you have lost customer data at least once. Our survey of 148 CIOs brings to light all that you and your peers want to know.

SECURITY

SECurITy


What Will tomorrow Bring?Which threats do you envision over the next 12 months?

Security SpendIn 2009, will your security budget…In 2009, will your security budget…

Should Security be Outsourced?Should Security be Outsourced?Security is a critical aspect of business and requires specialized technical expertise hence outsourcing security solutions is fast becoming a viable option. But there are some caveats:

“Without in-house control there will be no accountability. And, if there is no external input then there will be no sharing of best practices. A combination of both is best.”

ALOK KumARSr. VP-IT, Reliance Infosolutions

“It is a challenge to retain skilled resources at an optimal cost. It is thus advisable to outsource security solutions to a company that has the expertise and can keep data confidential.”

C. mOHAnCTO, Reliance Life Insurance

“Only tasks like penetration testing, risk assessment for new systems, vulnerability

assessment and monitoring of logs can be outsourced — not responsibility and

accountability for information security.”

S. RAvAvA ISHAnKARDirector-IT & Corporate Services,

ING Vysya Life Insurance

“An organization should not outsource its core security because it is critical and cannot be compromised. But, peripheral security can be outsourced to whichever

extent the company wants.”

ARvInD SAKSEnAGroup CIO, Consilium Software

Sr. VP-IT, Reliance Infosolutions

ING Vysya Life Insurance

SECURITY INFRASTRUCTURE

Presented by

ANALYZINGCHALLENGES IN ENTERPRISE SECURITY

taking Precautionary measuresIn 2008, did your company In 2008, did your company review its infosecurity policies and procedures?

85.6%Yes

14.4%No

38.2% Denial of service attacks (DoS)

62.7% Malware

51% Malicious remote access

19.6% Internal financial fraud involving information systems

40.2% Theft or leakage of intellectual property (e.g. customer leakage)

33.3% Loss of customer data/privacy ideas

12.6% Increase by 11% to 30%

35.1% Increase up to 10%

45.9% Stay the same

5.4% Decrease up to 10%

0.9% Decrease by 11% to 30%Decrease by 11% to 30%

SECurITy

Different Ways[And Their Downside]To Data SecurityBy Jarina D'auria

Security | When it comes to protecting data, there isn't one end-all, be-all solution. That's more true now than ever, when your most likely threat is your own employees. As more workers blur the line that surrounds the workday and bring their laptops, smartphones and other devices home, they are potentially putting their companies' data at risk. In a recent CIO survey, 34 percent of respondents had a security breach where their own current employee was the culprit.

Data loss prevention tools provide ways to identify risky data-handling activity and enforce a remediation action, says Jonathan Penn, VP of security and risk management at Forrester Research. Currently available software to prevent data loss addresses three levels of security: protecting networks from rogue devices, protecting systems from inappropriate access and protecting data itself. A modern strategy to keep data secure should involve a bit of each, says Penn.

Protecting against data loss

from security breaches requires

a combination of tools to secure

networks, systems and data.

technologyEssEntial From InceptIon to ImplementatIon — I.t. that matters

Vol/4 | ISSUE/047 2 J a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Essentisl Tec.indd 72 12/26/2008 6:03:23 PM

technology Block Unknown DevicesDeputy CIO Jeff Kuhns needed to protect the networks of 24 campuses within the Pennsylvania State University System against rogue devices — that is, any device not expected to be on the local area network (LAN). To address this challenge, the university's CIO deployed software from Mirage Networks.

The software offers a traditional approach to protecting data by keeping outsiders at bay. Once installed, the Mirage system locates connected devices.

The IT department can set up access policies for each device and for individuals or groups of users. The system protects data by blocking unauthorized devices from accessing prohibited data, thus ensuring that data is safe.

Such 'agentless' solutions are good for organizations that have little control over the devices that their many end users choose, says John Kindervag, a senior analyst at Forrester.

Unlike agent-based solutions, which require software on the device itself, agentless solutions reside on an enterprises' network. However, as with any security tools, they can't stand on their own. "Agentless [technology] has been the primary way data loss prevention has been deployed,"

says Penn, "but few vendors have rich agent functionality that is unified with network scanning and remote discovery."

At Penn State University, says Kuhns, Mirage software is part of "a defense-in-depth deployment of multiple systems and strategies." These include traditional security devices and software such as firewalls and anti-virus technology.

From Devices to DatabasesWith limits to network-based protection in mind, some organizations and their CIOs have turned to tools that ensure legitimate users don't access data improperly. That's the problem that Nick Ray, CEO of expressHR, wanted to address and fix.

ExpressHR helps companies in the UK manage temporary workers. "Our whole business is this application of sensitive data," including Social Security numbers and passport information. "If there was a security breach, it would be terminal," says Ray, describing a scenario that makes headlines. Before heading up expressHR,

he was co-founder and CEO of Prevx, an Internet security company.

"The biggest potential risk was from someone on the inside abusing the system and using the information for something other than work," he says. ExpressHR has tens of thousands of users (including

recruiters and hiring managers) who access their database.

Ray deployed software from Secerno, which provides activity monitoring of databases. "It could learn what were normal requests from the database," says Ray. With the information the Secerno product gathered, the software could automatically build rules to prevent unauthorized usage of expressHR's sensitive data.

The software allows systems administrators to define rules that reflect their particular database's activity. The software learns how the customer's application talks to the database — such as how many times a day a file is accessed or whether it's ever printed. Those typical queries become the basis for access policies. If data is accessed in an unusual way, the system notifies IT managers and automatically executes

once you've given someone access, there are granular questions to ponder: Who can edit the data? or print it? And who can distill it into a different format?

52% Of indian

CiOs say that ensuring data

security and integrity is

a priority in 2009. source: Gartner

ESSEntIAl technology


policies for containing the problem (such as quarantining users or locking down the data).

Ray says the biggest downside to a rule-based solution is the potential to block a legitimate transaction if a rule is improperly specified. Ultimately, he says, the risk of blocking a normal transaction is negligible.

Ensuring UsabilityOnce you've given someone access and have established access polices, then what? There are granular questions to ponder: Who can edit the data? Or print it? And who can distill it into a different format?

Those are normal workflow questions, so it's important to figure out how people use the data when trying to implement security and usage policies.

"You could make your organization extremely secure, but it'll probably be at the expense of the workflow," says Ed Gaudet, senior vice president of corporate development and marketing at Liquid Machines, a provider of enterprise rights management software.

Companies such as Goldman Sachs and Dow Chemical use Liquid Machines software to protect intellectual property by defining not only who can use the information but also how they can use it. The software is typically used to encrypt all corporate data and lets systems administrators create access and usage rights to protect against misuse.

When unauthorized users access data they don't have rights to, they get a message telling them the file is protected.

Controlling information at the data level allows different policies to be set for individual users who travel with the data, even when it leaves the network. This level of control allows security policies to be based on the type of job a person has to do.

That approach maps well with collaborative workflow, says Gaudet, because role-based controls can change as workflow changes. Whatever tools

you use, effective data loss prevention requires you to classify your data, a step many organizations often skip, notes Kindervag. "Until companies classify their data correctly," he says, "all data loss prevention efforts will fail." CIO

Jarina D'auria is editorial assistant. send feedback on

this feature to [email protected]

The whole concept of risk appetite is an understanding of an organization's desire to take on

risk when weighed with potential reward. For most companies, this stays at an implicit level. But

companies that are leading the way from a risk appetite perspective are trying to make it explicit.

Risk decisions range from how an organization invests capital, to budget considerations, to

how to implement a strategy, to whether a strategy even fits within the overall risk appetite of

an organization.

the most urgent need right now is for companies to reconsider what their appetite for risk is in

light of the huge changes in the external environment. Based on organization's position, strengths

and overall ability to take on risk, do they need to make some adjustment? For some companies

that are strongest in their space, this might be a good time to buckle down and take more risk. the

opportunity on the upside could be tremendous. other companies that are border line, or are

potentially on the verge or major problems, might really need to dial down risk taking activities to

stabilize the organization.

Risk appetite isn't an explicit tool. Very few companies are so good at it that they can use a

programmatic approach to market conditions like we've seen in recent months. So, for most

companies, it's been a very ad-hoc-type approach.

Risk appetite and how often a company considers it is really tied back to how much change is going

on in the environment — whether its change that is driven by external factors, like in the market

today, or if its change being driven by an acquisition, merger, or major expansion. that level of

change in and around an organization is what drives the frequency with which you might reevaluate

your risk appetite.

Mark Carey is a Partner in the Deloitte & touche Governance and Risk oversight practice.

— Mark Carey

What's Your Risk Appetite?

ESSEntIAl technology


The benefits of cloud computing could sell your IT department down the river.By Bernard Golden

What CFOs Love[And You Might Not]About the Cloud

Pundit

Infrastructure | Forrester just released a report outlining the CFO-ish benefits of cloud computing. The report, entitled Talking to Your CFO About Cloud Computing is aimed at communicating the benefits of cloud computing to him or her. (Someone a bit more cynical than me might say a companion report, to help you communicate cloud computing's benefits to a CIO, is in order as well).

A couple of things about the report stood out for me. First, Forrester emphasizes the fact that use of cloud computing matches cash flow to system benefits more appropriately than the packaged software use model. In the old way of doing things, a large investment is made early in the project prior to system

build out, and well before the business benefits (presumably financial in some shape or form) are realized. This model is even more troubling given the risk factors associated with IT systems: they are notorious for failing to deliver their promised benefits, and a large percentage of projects end up scrapped due to poor user acceptance.

By contrast, cloud computing is a pay-as-you-go approach, in which a low initial investment is required to get going, and additional investment is incurred as system use increases. In this way, cash flows better match total system cost.

This mirrors use of Open Source software versus proprietary software and, in fact, that's no accident. Cloud computing infrastructures are built, by and large, from Open Source components. After all, the cloud providers don't want to make large investments upfront without knowing the financial outcomes, either. One might say that cloud computing is a proxy for end user Open Source adoption, since it acts as a middleman to ‘civilize’ Open Source for end users.

The second thing that stood out for me: the report makes the argument that cloud computing provides a way to outsource non-critical applications to organizations better suited to run them, allowing IT to focus on critical applications. This makes a ton of sense

and is already applied throughout companies in many different areas.

For example, many companies use outside service providers to run their mail rooms and copy centers. Other companies use fleet management services to run their vehicle fleets. Cloud providers, according to the report, are more efficient at IT operations, using fewer manhours for standard tasks. In addition, cloud providers get better pricing on hardware because they buy in such volume. This core vs. periphery discussion is a long-established one; perhaps the biggest challenge to it is IT organizations are more focused on

process than outcomes and therefore insistent on controlling (and running) everything.

One thing Forrester does not address is the, perhaps, logical outcome of making a case for cloud computing to CFOs: if cloud computing is so good and more efficient and responsive than central IT, why not bypass IT entirely and use an outside service provider to deliver cloud-based systems?

This approach, sometimes labeled ‘shadow IT’ (usually by the disgruntled, bypassed IT organizations) is, perhaps, the biggest IT organization challenge posed by cloud computing. By removing infrastructure ownership from IT, suddenly IT no longer has control over key business resources, making it possible for someone

attuned to a cost/benefit approach, like, say, a CFO, to cut down IT's power.

Cloud computing definitely holds the potential to upend the long-established organizational pecking order and certainly puts IT in a much more precarious position. Any time the case for a technology innovation is made to the CFO, you know things are going to get interesting. CIO

Bernard Golden is Ceo of consulting firm HyperStratus,

which specializes in virtualization, cloud computing and

related issues. He is also the author of Virtualization for

dummies, a best-selling book on virtualization.

Cloud computing matches cash flow to system benefits more appropriately than the packaged software use model.

essenTIal technology

Vol/4 | IssUe/047 6 j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

ET-Pundit.indd 76 12/26/2008 5:29:07 PM

CIO January 1 2009 Issue

Documents

Transcript of CIO January 1 2009 Issue