Volume 02 | Issue 05

Th

e B

ig D

aTa

Ma

rk

eT

| Cr

eD

iT C

ar

D B

re

aC

h N

oT

ifiC

aT

ioN

s

A 9.9 Media Publication

Volume 02

Issue 05

May 2013150

S p i n e

cio

& l

ea

de

r.c

om

05Tr ac k Te c h n o lo gy B u i ld B u S i n e S S S hap e S e lf

NexT horizoNs

The CIO of the Future Pg 38

TeCh for goverNaNCe Deconstructing ‘Defensible’ Pg 44

No holDs BarreD

Security of Apps Has Become Critical Pg 42

Standingarun gupta cio, ciplahas leveraged his cross-industry knowledge to create new solutions and new ways of thinking. He stands tall among peers. Page 16

Tall

1May 2013

editorialyashvendra singh | yashvendra.singh@9dot9.in

Leadership Styles A successful

leader adapts his leadership style

according to situations

remain the same, and anyone in the CIO role will need to move among them."

"Some CIOs may shrink from these challenging requirements. Such individuals should either ask themselves whether they want the full weight of CIO responsibilities or consider a narrower role where they can be comfortable and excel," the report says.

A stellar example of a situ-ational leader in the world of enterprise technology is Arun Gupta, CIO, Cipla. He has always led from the front in whatever industry and whatever situation he has been in. We hope you will enjoy reading this issue's cover story. We will look forward to your feedback.

The situational leadership theory has come to be a well

accepted model of leadership. According to this theory, there is no one perfect style of leader-ship. Effective leadership is relat-ed to the task at hand. The most successful leaders are those that are able to adapt their leadership style according to the individual or team that they are leading.

There are few people who have personified this leadership style better than Kushal Pal Singh, the former Chairman of real estate behemoth DLF.

Singh set out with the vision to create a world-class city on

involved in settling family dis-putes, arranging school admis-sions, helping with medical care and other issues in which they needed my advice...it helped cre-ate a relationship of mutual trust and respect, and even affection," he says in his autobiography Whatever the Odds.

In the evening, he was a com-pletely different man, chang-ing himself according to the demands of the situation as he engaged with sophisticated tech-nocrats and business leaders.

The situational leadership model is fast emerging as the norm in the context of a CIO too. According to a report by PwC, "The situational CIO is the norm at top organisations and will become the norm elsewhere during the next decade. The size and shape of the triangle of roles— sourcing, operations, and strategy—will vary by organ-isation according to industry, scale, executive beliefs, and other factors. Yet the apexes will

the ourskirts of Delhi. He went on to acquire 3,500 acres of raw land on which a large part of the city of Gurgaon today stands. The amazing part was that DLF, according to Singh, was able to acquire 3000 of acres without a single case of litigation or even a hint of violence or protest.

This was only possible because of Singh's leadership abilities. While negotiating land deals with poor farmers, he became one of them. He used to spend hours with them in their huts, to understand their problems.

"Over time I virtually became a part of each family and was soon

editors pick

Standing Tall Arun Gupta, CIO, Cipla, has leveraged his cross-industry knowledge to create new solutions and new ways of thinking

16

2 May 2013

may2013

Cover Story

16 | Standing TallArun Gupta, CIO, Cipla, has leveraged his cross-industry knowledge to create new solutions and new ways of thinking

COpyrIGht, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Interactive pvt Ltd. is prohibited. printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. printed at tara Art printers pvt ltd. A-46-47, Sector-5, NOIDA (U.p.) 201301

Please Recycle This Magazine And Remove Inserts Before Recycling

regularS01 | Editorial06 | EntErprisE

roundup48 | viEwpoint

Cover design by: shokeen saifi photo by: jiten gandhiimaging by: peterson pj

Volume 02 | Issue 05

Th

e B

ig D

aTa

Ma

rk

eT

| Cr

eD

iT C

ar

D B

re

aC

h N

oT

ifiC

aT

ioN

s

A 9.9 Media Publication

Volume 02

Issue 05

May 2013150

S p i n e

cio

& l

ea

de

r.c

om

05Tr ac k Te c h n o lo gy B u i ld B u S i n e S S S hap e S e lf

NexT horizoNs

The CIO of the Future Pg 38

TeCh for goverNaNCe Deconstructing ‘Defensible’ Pg 44

No holDs BarreD

Security of Apps Has Become Critical Pg 42

Standingarun gupta cio, ciplahas leveraged his cross-industry knowledge to create new solutions and new ways of thinking. He stands tall among peers. Page 16

Tall

16

3May 2013

SpeCial leaderShip SeCtion page 24a to 34

3

xx

25 | top down expoSe employeeS to extreme ConditionS SC Mittal, Group CTO, IFFCO, feels that a leader should always be prepared to take additional responsibilities

32 | opinion a view to die For? Even as recently as 1998, when I led the first Singapore Mount Everest Expedition, our aim was to climb the mountain with more than minimal experience

26 | leading edgeFive routeS to more problem Solving Tricky problems must be shaped before they can be solved. To start that process, leaders should look through multiple lenses

34 | ShelF liFe the leader'S Code: Mission, Character, Service, and Getting the Job Done

xx

me & my mentee30 | “Working in tandem” Sachin Jain, CIO & CISO, Evalueserve, and Anuj Joshi, Group Manager, It, Evalueserve, talk about the different aspects of a mentor-mentee relationship

4 May 2013

www.cioandleader.com

no holdS barred42 | SECUrIty Of AppS hAS BECOME CrItICAL parag Amalnerkar, Country Marketing Manager, hp Software & Solutions, talks about hp's focus areas

advertisers’ index

Riverbed IFCCyberoam 5Microsoft IBC, BC

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

10 | BEst of BrEEd: the art of being a great it leader A great IT leader has a vision, and has a personal relationship with his or her team

44| tEch for govErnancE: deconstructing 'defensible' Too many assets, not enough resources

38 | nExt horizons: the cio of the future Becoming a business game changer

42

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Anuradha Das Mathur

EditorialExecutive Editor: Yashvendra Singh

Managing Editor: Rachit KingerConsulting Editor: Atanu Kumar Das

Assistant Editor: Akhilesh ShuklaCorrespondent: Debashis Sarkar

dEsignSr. Creative Director: Jayan K Narayanan

Sr. Art Director: Anil VKAssociate Art Directors: Atul Deshmukh & Anil TSr. Visualisers: Manav Sachdev & Shokeen Saifi

Visualiser: NV BaijuSr. Designers: Raj Kishore Verma Shigil Narayanan & Haridas Balan

Designers: Charu Dwivedi Peterson PJ & Pradeep G Nair

MARCOMDesigner: Rahul Babu

STUDIOChief Photographer: Subhojit Paul

Sr. Photographer: Jiten Gandhiadvisory PanEl

Anil Garg, CIO, DaburDavid Briskman, CIO, RanbaxyMani Mulki, VP-IT, ICICI Bank

Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo

Raghu Raman, CEO, National Intelligence Grid, Govt. of IndiaS R Mallela, Former CTO, AFL

Santrupt Misra, Director, Aditya Birla GroupSushil Prakash, Sr Consultant, NMEICT (National Mission on

Education through Information and Communication Technology)Vijay Sethi, CIO, Hero MotoCorpVishal Salvi, CISO, HDFC Bank

Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

nEXt100 advisory PanElManish Pal, Deputy Vice President, Information Security Group

(ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan

Berjes Eric Shroff, Senior Manager – IT, Tata ServicesSharat M Airani, Chief – IT (Systems & Security), Forbes Marshall

Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group

salEs & markEtingNational Manager – Events and Special Projects:

Mahantesh Godi (+91 98804 36623)National Sales Manager: Vinodh K (+91 97407 14817)

Assistant General Manager Sales (South):Ashish Kumar Singh (+91 97407 61921)

Brand & EvEntsBrand Manager: Jigyasa Kishore (+91 98107 70298)

Product Manager-CSO Forum: Astha Nagrath (+91 99020 93002)Manager: Sharath Kumar (+91 84529 49090)

Assistant Manager: Rajat Ahluwalia (+91 98998 90049)Assistant Brand Managers: Nupur Chauhan (+91 98713 12202)

Vinay Vashistha (+91 99102 34345)Assistant Manager – Corporate Initiatives (Events):

Deepika Sharma Associate – Corporate Initiatives (Events): Naveen Kumar

Production & logisticsSr. GM. Operations: Shivshankar M Hiremath

Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar

Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari

oFFicE addrEssPublished, Printed and Owned by Nine Dot Nine Interactive Pvt

Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane,

Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd.A-46-47, Sector-5, NOIDA (U.P.) 201301

For any customer queries and assistance please contact help@9dot9.in

This issue of CIO&Leader includes 12 pages of CSO Forum free with the magazine

Get future-ready network security withCyberoam Enterprise Solutions

As enterprises adopt new trends like BYOD, applications and device

explosion, cloud computing and virtualization, they need to prepare for

emerging security risks in their networks. Cyberoam helps secure the

corporate office, data center and branch offices of enterprises against the

constantly evolving threat landscape by offering them future-ready security

with NG Series UTM appliances, virtual UTMs, and Cyberoam's next-

generation feature set.

Comprehensive physical/virtual network security

Advanced integrated security features – Application Controls, WAF,

Outbound Spam, Identity-based controls, VPN, advanced threat

protection

Centralized security management and visibility

One-click compliance reports for HIPAA, SOX, PCI DSS

ISO 20000 certified Global support; training to enterprise security teams

Unique Platinum Support Service for Cyberoam's enterprise customers

Cyberoam enables Enterprises with:

!

!

!

!

!

!

S e c u r i n g Y o u

www.cyberoam.com

Platinum Support Services

Centralized SecurityManagement

Reporting

Web Application Firewall

Application Visibility & ControlOutbound Spam Protection

Next-Gen Security. Wirespeed Performance. Easy Compliance.

Email us at or join our webinar to know more about Cyberoammarketing@cyberoam.com 'Enterprise Security Solutions'

Cyberoam Product Line :

© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.

Unified Threat Management(Hardware & Virtual)

Centralized Management(Hardware & Virtual)

Centralized Reporting

6 May 2013

story InsIde

App Dev Projects To

Leverage Cloud Mobile PaaS Pg 08

billionWill be the worth of cloud services market in India by 2017

Cloud Services Pose A Risk To Sensitive Data: Survey 70 percent respondents indicate risk to sensitive data NetIQ has announced the results of a cloud secu-rity survey commissioned through IDG Connect, revealing that while companies have become increasingly comfortable with the security of third-party cloud service providers, data secu-rity – particularly at the end user level – as well as concerns over meeting compliance requirements, remain top-of-mind among cloud adopters.

Fifty-one percent of IT executives surveyed believe that the cloud increases data security overall. How-ever, almost 70 percent of respondents indicated that consumer cloud services pose a risk to sensitive

data in their organisations and 45 percent are not fully confident that their cloud provider's security processes and programmes meet their data secu-rity requirements. Additional findings found a mix of concern and confidence in cloud security: Forty-five percent do not have full visibility and con-trol of their cloud-based data when users sign up on their own. Only 46 percent train end-users on how they should securely access data in the cloud.

Forty-two percent of organisations are not fully con-fident that they demonstrate regulatory compliance concerning sensitive information/assets.

$4.2data BrIefIng

EntErprIsEround-up

ill

us

tr

at

ion

by

ph

ot

os

.co

m

7May 2013

E n t E r p r I s E r o u n d - u p

About half of the world’s companies will enact BYOD (bring your own device) programmes by 2017 and will no longer provide computing devices to employees, a new gartner report predicts

QUICK Byte on Byod

Gaining Competitive Advantage With Big Data enterprises need to embrace technology and innovation CIOs must realIse that innovation needs to go well beyond the technology used to manage big data, according to Gartner. To get maximum value, enterprises will need to seek and embrace innovation in the way business problems are analyzed with big data.

“Big data requires an enterprise to embrace innovation on two levels. First, the technology itself is innovative. Second, enterprises must be willing to innovate in the way they do decision support and analytics. This second reason is not a tech-nology challenge, but rather a process and change management challenge. Big data technologies bring innovative ways of analyzing existing business problems and opportunities. New data sources and new analytics can improve the enterprise in ways that have never been leveraged before,” said Hung LeHong, research vice president, Gartner.

Big data's ability to analyse unstructured data, large volumes and disparate sources leads to innovative opportunities. In most cases, there has been very little precedence for the ways big data can add value to an enterprise. It was never pos-sible to run these kinds of analyses or access these new types of data.

Japanese finance minister recently stressed on the fact that working should be seen as a good thing, rather than as a punishment.

“That is why we must have a work ethic engrained in our hearts and minds. And I think on that Japanese people and Indian people will be able to even further solidify our strong ties.”

They SAiD iT

TAro ASo

—Taro Aso, Finance

Minister, Japan

ill

us

tr

at

ion

by

ph

ot

os

.co

mil

lu

st

ra

tio

n b

y p

ho

to

s.c

om

E n t E r p r i s E r o u n d - u p

8 May 2013

App Dev Projects To Leverage Cloud Mobile PaaS 40%of projects will leverage cloud back-end servicesBy 2016, 40 per cent of mobile application development projects will leverage cloud back-end services, causing development leaders to lose control of the pace and path of cloud adoption within their enterprises, predicts Gartner.

Cloud mobile back-end services provide a specialised form of platform as a service (PaaS) to support mobile application devel-opment. These cloud services — referred to

by some in the market as "mobile back-end as a service" — provide the back-end capa-bilities commonly required by mobile appli-cations, such as user management, data storage, push notifications and social net-work integration. In addition, some cloud mobile back-end services allow developers to deploy server-side code.

"Cloud mobile back-end services stand to become a key component of the application

PC shipments in 2012 to China amounted to 69 million units, exceeding the 66 million total reached by the United States

development ecosystem," said Gordon Van Huizen, research director at Gartner. "As a result, a given organisation may begin using them without first developing the requisite understanding of the issues and risks asso-ciated with employing cloud services for application infrastructure. What's needed, then, is something of a crash course in the fundamental concerns of deploying applica-tion functionality in the cloud."

A primary goal of mobile back-end ser-vices is to make the use of cloud capabili-ties, such as data storage, as natural to the mobile application developer as possible. The programmer develops mobile applica-tions using familiar storage programming mechanisms, and the cloud service acts as a black box that stores and retrieves the data as necessary. But as the use of cloud services by mobile applications grows, the challenge of governing the security and use of sensi-tive corporate data also grows. Left ungov-erned, this results in the hidden movement of potentially sensitive data to the cloud, and the possibility of inadequate security. Gov-erning such interactions between mobile applications, enterprise systems and the cloud may require additional security and governance capabilities beyond those found in a particular mobile application develop-ment platform (MADP).

"Governance technology can only be effec-tive, though, if it is used," said Van Huizen. "Clear policies must be established and communicated to developers prior to the use of cloud mobile back-end services by applications that may access corporate or customer data."

A significant amount of enterprise appli-cation development takes place outside the scope of IT in the form of business unit application development, end-user application development and development outsourced by business units to third par-ties. Historically, most mobile application development not performed by IT has been outsourced. This is beginning to change with the emergence of visual app builders and other forms of rapid mobile applica-tion development tools. With the increased demand for mobile applications, non-IT developers will increasingly look for ways to provide mobile applications that satisfy their business requirements, and they will begin building their own mobile applications.

gloBal traCKer

PCs

so

ur

ce

: g

ar

tn

er

ill

us

tr

at

ion

by

ph

ot

os

.co

m

9May 2013

SAP introduces SAP hANA enterprise Cloud it is the next-generation in-memory platform

sEcurIty

according to a new sur-

vey of 250 it manag-

ers commissioned by smith

micro software, 75 per cent of

enterprise it managers rank

security as their main concern

when it comes to mobile hotspot

device usage among employ-

ees. these results are in stark

contrast to consumer-focused

survey data issued earlier this

year that found only one-third

of consumers are concerned

with security of smartphone and

other personal hotspots.

additionally, while 93 per

cent of companies surveyed

are responsible for all or part of

employee data plans, almost

half of it managers feel they do

not have adequate control over

employee hotspot devices.

"While a growing number

of consumers are embracing

mobile hotspots and the advan-

tages of multi-device connec-

tivity, when these devices are

introduced into the workplace,

enterprise it inherits the respon-

sibility to make them secure,"

said Doug louie, senior director

of product marketing at smith

micro. "in addition to secu-

rity risks, more than one-third

of it managers were concerned

about the lack of control over

hotspot policy management, as

well as reducing the burden on

technical support and training,

saving companies a lot of time

and money."

IN resPONse to strong global

customer demand, sap ag

has announced the sap hana

enterprise cloud service. this

cloud-based offering is designed

to provide organisations with a

new deployment option to gain

immediate value from sap hana,

the next-generation in-memory

platform.

agaINst the backdrop of the latest US Law against Unfair Competition, the American Cham-bers of Commerce released a statement on the implications of the law on Indian exports. As per BSA Global Software Piracy Study, IT theft exceeds $63 billion worldwide, which hurts eco-nomic growth, job growth, investment, and incen-tives for innovation in most regions, markets and businesses.

The Unfair Competition Law has been passed in two states -Louisiana and Washington, the

Software Piracy Could hurt indian exports to the US firms using pirated software could be barred

faCt tICKer

going forward, running mission-

critical sap erp, sap crm, sap

netWeaver business Warehouse

and new and unprecedented appli-

cations powered by sap hana will

be possible as a managed cloud

service with elastic petabyte scale.

With today’s announcement, sap

will bring together the ease of the

cloud with the performance of sap

hana in a simple and powerful

model, according to a statement.

“With sap hana enterprise

cloud, we are addressing a fun-

damental customer need that we

have seen since we first launched

hana,” said Vishal sikka, member

of the executive board of sap

ag, technology and innovation.

“customers want more and more

options in how they take advantage

of the value sap hana brings.

With the sap hana enterprise

cloud, we are delivering hana

at scale with instant value and no

compromise.”

Attorney General announcements of California and Massachusetts are under the ‘Unfair Competi-tion law’ of these states. The other 36 states are seeking ways to use the traditional powers of their office to address the unfair competition advantage and taking actions under existing Fair Competi-tion acts. These growing enforcement actions are a logical and welcomed step toward the call made by US officials to curb unfair competition and ensure a level global playing field for suppliers and manufacturers. USA has traditionally been a prominent market for India, with exports across sectors increasing from $5,014.48 million in 1995 to $19,493 million by the end of 2010. Now, this law becomes decisive of the overall export performance and in turn a major determinant in economic growth of the country. However, as the first enforcement action by a US lawmaker against an Indian company that is alleged of using pirated software, the Pratibha Syntex lawsuit puts forward a clear call for compliance. There is a crucial les-son here, in that exporters from India across verti-cals can now legitimately be barred from accessing the US marketplace. Failure to comply could result in loss of access to the lucrative US markets and injunctions against sales. This certainly translates into a significant negative impact on a business and its bottom line. “Today, the global economic situation is forcing governments around the world to look at enforcing laws that provide a fair ground for competition. The US law against ‘unfair competition’ is another step in this global trend. US being a key export market for India, it is critical that exporters review the software used in their supply chains to ensure license compliance and abide by the law,” said Ajay Singha, Executive Director, American Chambers of Commerce.

E n t E r p r I s E r o u n d - u pil

lu

st

ra

tio

n b

y p

ho

to

s.c

om

Best ofBreed

Dehumanisation of the Workforce Pg 12

Features InsIDe

Words Matter: ‘stakeholders,’ not ‘Customers’ Pg 14

The Art of Being a Great IT Leader

a great It leader has a vision, and has a personal relationship with his or her team By Charles Araujo

What does that word—leader—really mean? Leadership may be both the most written about and most discussed term in the modern business lexicon—and yet the most widely misunderstood.

I am as guilty as anyone when it comes to throwing around the term. I often catch myself talking about “senior leadership” when what I am really talking about is the

senior management team. Yes, too many of us are guilty of using the terms “management” and

ill

us

tr

at

ion

by

ma

na

v s

ac

hd

ev

10 May 2013

“leadership” interchangeably. But they are not interchangeable. While we may hope that our senior executives are leaders, we have all experienced far too many execu-tives who were the exact opposite. At the same time, we are entering an era in which leadership skills must be present at every level of an organisation, not just with senior management. So, what does it mean to be a great IT leader? I sat down recently with Cameron Cosgrove, vice president of appli-cation development for First American. We got together to discuss the recent efforts with DevOps, but instead I got a master class in leadership. As Cameron and I talked, it occurred to me that while there is a certain amount of “art” to leadership, there are also a clear set of practices that one can internalise and adopt to make themselves a better leader. Specifically, I observed four key elements of the art of leadership, as demonstrated by Cameron and his work at First American, and I think they are some-thing we can all learn from.

Great Leaders Are VisionariesWhen we hear the word “visionary” we tend to think in terms of big thinkers, people who change the world. They appear to be a rarified breed of human. If the challenge is for each of us to become IT leaders, then we can’t all be expected to be this kind of rare visionary, can we? But I think of a visionary as something different. I see a visionary as someone who simply has a vision of a future somehow unimagined by others and who is willing to share that vision and lead others toward it. The vision doesn’t necessarily have to be the “change the world” variety or oper-ate on a grand scale to be powerful.

When Cameron started at First American, he had a vision. It was both simple and pow-erful. He saw his purpose as creating an IT organisation that was stable and executed flawlessly so the CIO could be the Chief Innovation Officer, constantly looking for ways to leverage IT to generate new revenue and growth opportunities. He then translat-ed that vision into meaningful and tactical goals that his team could understand. He used this vision as a rallying cry to inspire those around him. He began to hold leader-ship meetings in which he sought share his vision, inspire teams to get involved and teach leadership skills to his management

only be realised through the efforts of oth-ers. And they know that if the vision is to be realised, they must enable and empower others to be successful.

I remember the day when I was a young manager and my CIO pulled me aside. I was new to the position, and she asked if we could talk. I am not sure what I had expected, but I know it wasn’t what unfold-ed next. “I want you to know that I have a very important job,” she began. Ok, I knew where this was going; this was the “make sure you remember who is boss” talk. “My job,” she continued, “is to make sure that you have whatever you need to do your job. And to make sure that any of the political stuff stops with me so that you can focus on getting the job done.” I frankly have no idea how I responded. I was in shock. Here was a senior IT executive, my boss, some-one that I respected enormously, telling me that in her eyes, she worked for me. That she was there to serve my work needs so that the vision for the organisation could be realised. It was a powerful moment and one that had a tremendous impact on me.

Cameron explained to me that he saw his job as taking care of operations so his boss could focus on the more strategic issues, I saw the same type of servant leadership I’d experienced earlier as a young manager. As a leader, you must see yourself as being in the service of everyone around you—certainly those who work for you, but also your peers and managers. It’s an attitude that projects humility and commitment. It gives people hope, courage and enough faith to be willing to step up and accomplish things they didn’t know they were capable of accomplishing.

Some leaders are revered. Some are admired. But the greatest leaders are those that while being both revered and admired, also build deep and personal relationships with their coworkers

team. Soon others in the organisation began to join in.

Not because they had to or because they were told to, but because they wanted to be a part of it. If you think of someone who was a great leader in your life they are almost always someone who inspired you to accomplish more than you imagined possi-ble—and who helped you be more than you realised you could be. They did not do it by telling you what to do. They did not spoon-feed you little tasks and then micromanage you. They dreamed out loud. They shared a vision of a future that they believed was pos-sible. And they inspired you to want to be a part of that future. And so, without being asked, you showed up. You went above and beyond simply because you believed in what you were doing. And you shared the vision with others. That’s what it means to be a visionary. It doesn’t have to be “change the world” big, but it is the only thing that truly has the power to change everything. And it is something that each and every one of us has the power to do.

Great Leaders are ServantsIf you’ve read my book The Quantum Age of IT, you know that I am a big believer in the concept of “servant leadership.” While the concept has existed for thousands of years, it is often misunderstood. We tend to think of servants in a derogatory fash-ion. But being a servant simply means that you seek to be of service to others. Embedded in the idea of servant leadership is the foundational principle of humility. In its simplest form, a great leader under-stands that what they can achieve alone is extremely limited and that their vision can

11May 2013

l e a d e r s h i p | B e s t o f B r e e d

Great Leaders Are AccountableLeadership is about more than just inspir-ing people. In the end, leaders are judged by what they and their teams accomplish. Inspiration is the fuel that powers achieve-ment, but it also takes discipline and com-mitment to weather the difficult times that beset any ambitious undertaking. A great leader knows that type of commitment requires mutual accountability. First and foremost, a leader must be willing to hold him or herself accountable to their teams. They cannot see themselves as “above the law” or beyond any reproach. They must operate with complete transparency with their teams in order to establish the level of trust and commitment that is needed in strong teams. But more than that, great leaders require their teams to be account-able to each other. There is power in a team that is inspired by a leader. But there is much more power in a team that shares that vision among themselves and feels account-able to each other as they mutually pursue a goal. Cameron explained that when he launches a significant effort, he has the team draft a team agreement in which the team outlines their commitments to each other. Next, Cameron has each of them sign it. The team agreement is a visible state-ment of their level of commitment and accountability. By first submitting yourself

as accountable to your team and then leading your team to be accountable to each other, you create a fraternal environment in which your team will go from being a mere collection of people to a single body—almost a family—that is pursuing a single goal.

Great Leaders are PersonalAt one point while Cameron and I were enjoying our lunch, he called over the waiter. Cameron pointed to a table across the patio and, handing the waiter a credit card, told him that he wanted to pay for their lunch without them knowing who had done it. The table included members of his release management team, and he simply wanted to give them a little tangible recogni-tion for doing their jobs well day in and day out. As Cameron had waved to them earlier, I have no doubt that they later put two and two together. Nevertheless, it exemplified one of the characteristics that I think pre-vents some good leaders from being great leaders. Some leaders are revered. Some are admired. But the greatest leaders are those that while being both revered and admired, also build deep and personal relationships with their coworkers. They are not aloof or

placed on a lofty pedestal. They do not stay locked in their quiet ivory tower, day-in only appear-ing to occasionally address the minions. Instead, great leaders live in the trenches and work aside their teams. They also invest in their teams on a per-sonal level. They are approach-able and go out of their way to make themselves accessible. Inspiration is great. Account-

ability builds trust. But more than anything else, people will walk to the proverbial end of the earth for people who know them, have invested in them and believe in them.

We are entering a new and exciting era for IT professionals. Leadership will be in great demand and short supply. But I believe there is a great IT leader in each of us. There is an art to great leadership, but it is an art you can learn. Make a commitment to become a great IT leader, and learn the art of leadership. It will make all the difference. — Charles Araujo is the founder and CEO of The IT Transformation Institute, which is dedicated to helping IT leaders transform their teams into customer-focused, value-driven learning organisations.— The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

74%is the gloBal

marketshare of android phones

Dehumanisation of the Workforcetoday’s management practices often fail to recognise It workers as skilled craftsmen By Frank Wander

it was serendipitous. By leading five turnaround transforma-tions across four corporations, I discovered the root cause of IT failure: The industrial era dehumanisation of the workforce has bequeathed management practices that are incompatible with the emotional, cognitive and collaborative underpinnings of IT today.

It became clear to me that unsuccessful information technology organisations and projects were failures of corporate management, not of IT processes and technology, and certainly not due to the IT workers. Most of the workers were competent, dedicated profession-als, toiling in cultures where the social chemistry was corrosive and

12 May 2013

B e s t o f B r e e d | m a n a g e m e n t

ate away at the fabric of the organisation. What else could possibly explain our profession’s unbroken track record of failure, one that might be unrivaled by any other industry.

Consider how long failure has been with us. The first modern, IT mega-project was the development of IBM’s OS-360 mainframe operating system in the early-to-mid 1960’s. When the OS-360 was finally introduced in 1967, a year late, its budget had skyrocketed to more than $500 million, more than four times the original $125 million estimate. By then, the OS-350 had become a threat to both management and the company. In fact, Frederick Brooks, the endeavour’s project manager, noted in his book The Mythical Man Month: “The product was late, it took more memory than planned, the costs were several times the estimate, and it did not perform very well until several releases after the first.” To anyone in IT, this sounds like it was written yesterday, not 50 years ago.

So, when we examine failure today, we see little has changed. For nearly 60 years, IT projects, especially mega-projects, have failed at alarming rates. A recent McKinsey Quarterly study of 5,400 large projects ($15 million or greater) revealed that their collective cost overrun was $66 billion, while 17 percent of the projects actu-ally threatened the viability of the enterprise itself.

No other human endeavor has endured such a track record of repeated failure, with an inability to discover how to get it right. With trillions of dollars of collective experience spanning six decades, how could this be? How did we get here? Why is this prob-lem so persistent in the face of thousands of pundits, robust process frameworks, and maturity models?

Everyone has an answer, but no one has a solution. Until now, that

is. A humanising workplace movement has already begun, so this will change.

A Pattern of Toxic BehaviorsI didn’t see the problem during the first turnaround. Nor did I see it during the second. But by the third, a clear pattern of toxic behav-iours and practices was evident. The workers were wrongly regarded as interchangeable parts—nothing could have been further from the truth. They were, in fact, assets, because the institutional knowledge they possessed had been acquired over many years at great cost, and had high productive value. Yet, even today, human capital is often accorded zero value in traditional corporate America, because it isn’t tracked. Human capital accounting still doesn’t exit.

Culture is also an enormous lever of productivity, and one that had been ignored. Consequently, we continue to intimately architect our networks and systems, but often leave the culture to chance; we should be intimate with this, too. Often times, corporate cultures are toxic to productivity; sometimes, even highly toxic.

During the fourth turnaround I began to extensively read books and research papers on emotion, neuroscience and social psychol-ogy, so I could understand why our leadership practices were toxic, and why my turnarounds had worked. By the end of the fifth, my understanding had deepened further, and my research continued, culminating in my just-released book, Transforming IT Culture.

We must re-humanise work. I know people will scoff at that state-ment and say “It isn’t going to happen, at least in my lifetime.” I disagree, as I see human understanding of workplace humanisation taking root beyond the universities. There is an awakening. Mean-

We must re-humanise work. I know

people will scoff at that

statement and say “It

isn’t going to happen, at least in my

lifetime” ill

us

tr

at

ion

by

ma

na

v s

ac

hd

ev

13May 2013

m a n a g e m e n t | B e s t o f B r e e d

while, employee engagement levels remain at all-time lows, so an incredible waste of human capital occurs as long as this situation persists. Gallup says the lack of engagement crisis costs hundreds of billions of dollars a year. (I think its numbers are low.) Leaders are seeking an answer, and it is coming.

Professionals in IT are craftsmen, not machine parts. If you look back prior to the industrial era, you find skilled craftsmen who took great pride in their work. They ingeniously handcrafted their products, controlled the quality. They were highly skilled workers who started as apprentices and learned to perfect their craft over many years. They worked in craft shops, small cohesive com-panies that provided flexibility, cared about their craftsmen, and had engaged workers who were valued and grateful for their employ-ment. It was so “un-industrial.” This is not to suggest there were no hardships, or that some owners didn’t take advantage of workers. Certainly, that existed. But the owners and managers deeply appreci-ated what it took to learn a craft, and highly valued their apprentices and experienced journeymen. These workers were engaged, and the relationship between management and their craftsmen was far bet-ter than the management and worker relationships of today.

IT is a profession, and a highly complex one, where hyper-special-isation and long time-to-competency is the norm. The professionals in our business are modern craftsmen, turning out piece work, but the difference today is that hundreds of minds contribute to the final product. This is collaborative craftsmanship. The construction pro-

cess is a magnitude, perhaps several magnitudes, more complex, as these professionals are not just co-workers, but co-creators. Their collective intelligence, creativity and emotion are all baked into the final outcome.

If the social environment is supportive, the craftsmen can deliver a great outcome. If it isn’t, the bonds needed for co-creation don’t exist, so failure is too often the result.

Management has yet to adapt their practices to this new world. In fact, our present management practices stem from the roots of the modern industrial corpora-tion, where “human resources” were just another raw material used to run the manufacturing plant. Conse-

quently, this is a blind spot—and a costly one. It is time to embrace our workers, and learn to run the human infrastructure with as much care and insight as we use to manage our computers and networks. It will happen, and like the industrial era, it will transform the world.

For companies to prosper, their professionals must be appreciated and allowed to flourish. Today’s winning companies, like Google, understand this. These insightful companies have re-humanised work, and own not just the present, but the future. As for the dehu-manised companies, they can change or slowly fade away.

—Frank Wander, a former CIO, is founder of the IT Excellence Institute.

— The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

$2.1bnWill Be the size of it infrastructure

market By 2013

Words Matter: ‘Stake-holders,’ Not ‘Customers’Improve your professional relationship with colleagues by changing the words you use to refer to them By Marc J. Schiller

We shape our professional envi-ronment out of the words we use to describe it.

How we refer to things makes a big difference. We shape our

own world—and others’ perception of us—via the words we use to describe our reality.

Much of what we do in IT requires com-municating subtle and complex issues

Turning “Users” Into “Customers”For years, IT staffers and managers have referred to the knuckle-dragging business folk with whom they worked as “users.”

As IT staff realised they needed to be a little more friendly and supportive of their business colleagues, and given that IT is fundamentally an internal service function, internal IT teams copied external service

to others. When we use precise language to describe a situation or relationship, we honor precision and clarity, thereby increasing our reputation with others and ultimately our chances for professional success. When we adopt generic or com-mon language, we end up with … well, merely generic or common results. Let’s make it real.

14 May 2013

B e s t o f B r e e d | m a n a g e m e n t

providers and began referring to their colleagues, with the best of intentions, as “customers.”

The term “customer” is prob-lematic because it has very spe-cific connotations, especially in North America, where we have grown up on a steady diet of phrases such as “The customer is always right,” “Never argue with a customer” and “Give the cus-tomer what they want.”

Whether this attitude is right or wrong on a global level isn’t the point. The fact of the matter is that when you perceive your work colleague as a customer, you are preconditioned to give them what they want, because you think your highest priority is to make them happy lest they “take their busi-ness elsewhere.”

But the truth is that your colleagues are not your customers and you are not an external service provider. You are both in business together.

Do you want your colleagues to be happy? Of course, but that’s not your only con-sideration. Your role is not just to provide

what they ask for, but to provide guidance, governance and to apply professional IT dis-cipline to their requests. All of this is in the service of the greater good of the business.

What’s the Right Term?So, if “customer” is the wrong term, what’s the right one? My personal favorite is “stakeholder.” A stakeholder is someone who holds a stake or an interest in an undertaking. And that’s exactly the way it

is. You each have a stake in the other’s success. Not only is it a more accurate term, but it gener-ates more mutual respect.

“Customer” may indeed sound friendlier or more service orient-ed. But is that really in the best interests of IT and the overall business? Using the term “stake-holder” in place of “customer” may seem like a small issue, but it sets a more appropriate tone for the relationship between IT and the business functions it supports.

Shifting from “customer” to “stakeholder” will not only

impact how others see you but, more impor-tantly, will influence how you see yourself, and how you navigate relationships with your business colleagues.

—Marc J. Schiller has spent more than two decades teaching IT strategy and leadership to the world’s top companies. — The article was first published in CIO Insight. For more stories, please visit www.cioinsight.com. ill

us

tr

at

ion

by

ph

ot

os

.co

m

m a n a g e m e n t | B e s t o f B r e e d

Standing

TallC O V E R S T O R Y | S T a n d i n g T a l l

16 May 2013

By Yashvendra SinghDesign by Shokeen Saifi | Imaging By Peterson PJ

arun gupta, CiO, Cipla,has leveraged his cross-industry knowledge to create new solutions and new ways of thinking. He stands tall among peers.

s t a n d i n g t a l l | C O V E R s t O R y

17May 2013

One look at the profile of Arun Gupta, CIO, Cipla, and you realise the depth and breadth of his knowledge. A rich experience of 30

years in IT spent in diverse sectors ranging from construction and retail to telecom and pharma, catapults Gupta in a league of his own. There are few CIOs in India who can match such a profile.

“I am always curious to learn new things. My inquisitive nature led me to explore new sectors,” says Gupta, as a matter of fact.

But reaching the summit takes more than curiosity. It calls for a key focus on strategy, creating business value, and leading business inno-vation and transformation. It also demands a strong focus on driving

1984. The job entailed onsite repairs of computers and peripherals. Being good at electronics, the repairs came naturally to Gupta and he was soon managing a few “painful” customers.

Even though it was not his respon-sibility area, within six months, Gupta also started making calls with the sales team and getting to know the rationale behind the computers installed by customers.

“I started making calls because I wanted to learn more than what I was doing. While I was adept of han-dling the hardware, I did not have customer understanding. It worked well for the callers too. With a tech-nical person in their midst, as they were able to address the queries then and there. There was a clear value in me coming along,” he says.

Walking

The exTra miletechnology and enabling business with improved customer satisfaction, while reducing operational IT bud-gets. During his long professional journey, Gupta has displayed all these abilities and more.

Going the Extra MileAn important trait of a leader is to walk the extra – to do more than what is required. Gupta exhibited this trait early in his career. After completing his graduation in Physics and Elec-tronics Instrumentation from SIES College, Mumbai University, in 1983, he enrolled into a four-month com-puter course with NIIT thereafter.

After completing the residential four-month course from NIIT, Gupta started his career as a Customer Ser-vice Engineer in NELCO Mumbai in

Arun Gupta, CIO, Cipla, has led from the front. He has always gone beyond the call of duty to display true leadership ability

C O V E R S T O R Y | S T a n d i n g T a l l

18 May 2013

helping them in deploying his solu-tions across sectors.

While at OMC, Gupta briefly interacted with Raj Reddy a couple of times. This was enough for him to lean an important lesson for life.

“What struck me was his intense passion about the subject, which made him talk to a small engineer like me. I learnt that humility comes with greatness,” he says.

Innovative Thinking, Innovative Solutions Providence landed Gupta an oppor-tunity in 1991 at the Great Eastern Shipping Company when they were looking for a Systems Administrator.

“The then EDP Manager (Satish Pendse of Highbar) hired me and put me in-charge of the new UNIX mini-computer which had been procured for the automation of the shipping operations. I enjoyed the freedom to innovate and quickly created many programmes to help the users start using the system beyond the applications. While the killer app in the beginning was automated telex, soon we had multiple systems for various parts of the business. I auto-mated every damn thing within a few months. There were 100 odd pro-grammes that I wrote,” says Gupta.

For instance, today it is easy to manage extensions in an enter-prise but it wasn’t so in the early 90s. Gupta wrote a utility to address this problem.

Pendse quit a year later and Gupta volunteered to take over the EDP operations along with his responsi-bilities with the shipping business.

“We soon decided to implement Oracle Financials to expedite the finance and accounting processes. This was the first implementation of Oracle Financials in India and that posed some interesting challenges.

During that time, no one was buy-ing solutions off the shelf and enter-prises developed their own solutions. A solution like Oracle Financials cost Rs 1 crore which is the equivalent of Rs 30 crore today. For a Rs 400 crore

Those were the days of EDP and people were writing complex programmes to automate various activities. Gupta got so fascinated with the complexities behind soft-ware that he started befriending the EDP managers.

“After completing calls, I would spend some time with the EDP managers asking them about their role, what they did and how they made things work. The fascination was so high that I set myself a target to become an EDP manager, not knowing at that time how I would get there,” he recalls.

Soon Gupta got an opportunity to shift to a smaller though fast growing CAD/CAM/CAE company -- OMC Computers -- which was promoted by Voltas and Prof Raj Reddy of Carn-egie Mellon University. He jumped at the opportunity in July 1985 and moved to the world of graphics most of which was created internally by the R&D team at OMC.

To understand why computers behave the way they do, Gupta also enrolled at NCST, which according to him “was great and gruelling but extremely satisfying.”

“My interest in systems software made me get deep into UNIX, data-bases and compilers. Along with a friend and batch mate from NCST, we would spend long hours getting to know the internals of UNIX and crash/rebuild systems overnight. Our company OMC did not grudge us the experiments as we collectively could solve almost any problem that had hardware and software depen-dencies,” says Gupta.

Over the years in OMC, he moved up the ladder quickly moving from Customer Service Engineer to Territory Manager – Managing a team of engineers which also pro-vided presales support to potential customers. The company brought Silicon Graphics workstations into the country and also diversified into banking and commercial multi-user systems which gave Gupta the oppor-tunity to work with key accounts

“i am always curiOus TO learn new Things. my inquisiTive naTure led me TO explOre new secTOrs”

company, it was a huge investment. “But there were people who stood

behind the project. We handled change management remarkably well. With the help of our imple-mentation partner, we executed the project over nine months going live in April 1994 marking a new phase of IT adoption at GESCO. I was appointed the IT Manager and the journey gained speed with many other initiatives including the auto-mation of operations on-board the ships as well as the newly found real estate division,” says Gupta.

Believer in Teamwork For Gupta, his team comes first. He has always given the team its due. Recalling an incident around Oracle Financials, he says, “I must give credit to my team mates who toiled day and night towards making the journey a success. When the Oracle Financials database crashed on a Friday evening, the local support partner and principals gave up the effort. Two young ladies in the team along with me and a few friends took up the effort connecting with people all over the world to seek a solution.

—arun Gupta, CIO, CIpla

s t a n d i n g t a l l | C O V E R s t O R y

19May 2013

Over the next three days and nights they worked to recover everything upto the last transaction, a feat that was deemed impossible.”

“I also had good colleagues and mentors who helped me navigate the corporate cultural maze making sense in a way that the initiatives that we undertook had complete business connect,” says Gupta.

Gupta’s strong team management

and mentoring skills come to the fore from the fact that 15 of his sub-ordinates have went on to become CIOs. He still has a great rapport with them.

“Out of the 15 CIOs that have been my team members, 12 are in touch with me regularly. The others are abroad and even they meet me when-ever they are in India. I once invited one of my subordinates, who is now

the CIO of a rival pharma company, to interact with my team members. He accepted my invite and came from abroad. My CEO was zapped,” he says.

The Big LeapIn July 1996 after spending close to five years at GESCO, Gupta moved to DSP Merrill Lynch with a lofty title of Vice President – IT. As titles go, it was a big jump and boost for him. The role and responsibility were to bring the India operations on par with global systems.

“Working with the local manage-ment and global IT, the journey was great. My success was acknowledged with a position at the regional HQ in Hong Kong. Life had different plans though and with the currency crisis in the region, the company down-sized the regional position leaving me in a quandary about the future,” says Gupta.

The lifeline came from DHL Worldwide Express which he joined in 1999 as the National IT Manager. With Y2K impending, the key priority for Gupta was to achieve compliance.

“With focus, determination and extreme project management, we consolidated from 18 data centres to five with multiple applications that required remediation. In May from being at the bottom of the pile in 50+ countries we stood at the peak ahead of everyone in September delivering

“my inTeresT in sysTems sOfTware

made me geT deep inTO unix, daTabases and

cOmpilers”—arun Gupta, CIO, CIpla

LEGEndary

lIfe lINe

1984 20021991 1996

Gupta started his career as a Customer Service engineer in NelCO Mumbai in 1984

After spending close to five years at GeSCO, Gupta moved to DSP Merrill lynch with a lofty title of Vice President – IT. As titles go, it was a big jump and boost for him. The role and responsibility were to bring the India operations on par with global systems

Providence landed Gupta an opportunity at the Great eastern Shipping Company when they were looking for a Systems Administrator

Gupta joined DHl Worldwide express as the National IT Manager

Gupta moved to Pfizer India as Senior Director – Business Technology

1999

C O V E R S T O R Y | S T a n d i n g T a l l

20 May 2013

expected compliance. No planes fell of the skies, nothing really happened, no one knows if that was because or despite the effort,” he says.

Gupta moved on to explore the world of ecommerce evangelising revenue over eyeballs creating a busi-ness model for ecommerce logistics by leveraging existing infrastructure and operations. Soon the business grew with marquee customers which he managed until the dotcom bomb exploded. Considering that the model was built on strong fundamentals, it survived. With planned global appli-cation and data centre consolidation, the local opportunity appeared to no longer offer a challenge; with move-ment abroad not exciting enough, Gupta sought opportunities outside. According to him, “handling a P&L for the first time was great learning.”

“The first time I handled P&L was scary. I saw the CFO, CMO and CEO fighting. This was when I learnt that you have to make business profitable despite operational costs being allo-cated to you. This was also the time when I started thinking like a CEO and CFO,” he says.

Hughes Tele.com (now Tata Tele-services Maharashtra Limited) was growing in leaps and bounds acquir-ing high value profitable corporate customers from the incumbent. The IT challenge and the lure of the tele-

com industry combined to convince Gupta to take on the opportunity in 2001 as Vice President – IT.

“From fixing billing systems to bringing the cost down, everything in between was a great experience in a high growth company which had everyone contributing to everything from operations to customer acquisi-tion. Helping with a data focus and running the ISP operations while nurturing the team to run with new ideas was great joy. Reducing cash losses for your business teaches you many things,” he says.

In 2002, Gupta moved to Pfizer India as Senior Director – Business Technology.

“It was a great experience work-ing with a company of that scale and size, with a lot of learning on global best practices. Apart from the India specific initiatives creating a few pioneering efforts for medical representatives in India, the major initiatives revolved around value beyond commercial operations for Pfizer. Working with a colleague, we launched the platform for strategic sourcing traversing IT, operations, clinical trials etc,” he says.

After close to three and a half years at Pfizer came the opportunity at

"I believe in empowering peo-ple and allowing them to take independent decisions. Some-times that does not deliver the best results, but gives a lot of learning to the team which also enhances their commitment. I think situational leadership is probably the best approach to being successful. We all have a primary style of working; we need to recognise the different facets of the team and adapt accordingly rather than expect-ing them to adapt to us.My philosophy in life has

been to do the best you can, results will come. You cannot be successful alone, your team needs to deliver to what you dream and promise. If they are unable to, then it is your failure as much as theirs. Help them grow and you will grow with them. Plan well, challenge often, man-age expectations.Work and life balance is pos-sible only if you want it and are willing to prioritise; man-age your time well and you will find that balance hap-

pens. If you don’t delegate, you will not grow. You are not indispensable. I started blog-ging to give vent to my feel-ings, views and opinions. So most of my principles, you will find them on my blog, they are for everyone and anyone who is interested. I get many comments and messages, some who disagree with what I say; and that is fine with me as disagreement does not make my viewpoint incorrect, it is just another viewpoint, a new perspective."

Philips Electronics India Limited, a diversified product portfolio, a large presence, a global but local company in terms of commercial operations. The Philips Innovation Campus was however a very different set of dimensions. A year into the role, the lure of the sunrise industry and retail could not hold Gupta back and in 2007 he moved to Shoppers Stop as Group Chief Technology Officer.

“Retail poised for growth with large investments by every business house made the market extremely competi-tive and IT played a critical role in ensuring that Shoppers Stop group continued to enjoy the early mover advantage. We invested early and continued to leverage the fruits of the investments far better than competi-tion. From ecommerce to business intelligence, the journey was excit-ing even during the downturn when Shoppers Stop made key investments in new capabilities with IT. Over five years the business doubled and the team continued innovating with new solutions,” says Gupta, going down memory lane.

May 2012, yet another new chapter was opened with Cipla, one of the oldest and large pharmaceutical companies in India. Cipla recognised

2012

Gupta moved to Shoppers Stop as Group Chief Technology Officer

2007

Gupta started yet another new chapter when he joined Cipla

in person

s t a n d i n g t a l l | C O V E R s t O R y

21May 2013

the benefit that IT can deliver towards

scalability and globalisation

and took Gupta on board to trans-form the

IT land-scape and

help achieve the long-

term business goals.

“The journey has just begun and the future

holds a lot of promise with

significant invest-ments in vari-

ous tools

and technologies across the busi-ness. The next two years will bring us to the forefront of how IT can deliver benefits in the pharmaceuti-cal industry,” he says.

“Each opportunity brought a new learning and contributed towards my development as a better professional. Every company was different, every industry was different. I learned a lot understanding the different nuances of the industries. This also gave me a platform to use cross-industry knowl-edge in every company. A different perspective creates new solutions and new way of thinking. That I would believe has been one of my success factors.”

“I have been able to balance tech-nology and business. The former has been easy as has been my founda-tion. Besides, I read and interact with people, which helps. The latter is all about talking to people from various departments, not necessarily related to IT. executive meeting also help. Here it depends on the individual. He may shut off till something relevant to him comes up. Or he may actively participate in the discussions.”

Since joining Cipla, Gupta has been interacting with a dozen of his competitors. It is interesting to note that their CIOs are also con-

fronting the same issues and we are now looking at how we can resolve them collectively. Gupta has a five year road-map. He doesn’t know what he will do after that.

Tough Situations, Tough actions

“I cannot say that any decision was toughest, all of

them were tough at that time

and required use of then

available infor-mation

to deter-mine the

arun gupta CiO, Cipla

C O V E R S T O R Y | S T a n d i n g T a l l

best way forward. In hindsight it all appears to have been easy. If I reflect back, I would say that I enjoyed the journey with able help from peers, vendors, well-wishers, business users, critics, family, everyone gave me something,” he says.

“The most challenging situation I guess was when I was asked to down-size my team in one of my compa-nies. It was difficult to tell someone that you are no longer required when they were part of the team working well in their own way. I did what I did, I hope I don’t have to do it again.

There have been many high points, some of them being large project success, e.g. Oracle Financials go-live, Sales Force Automation that

went global (across two industries and companies), signing global outsourcing contracts, opening of shared service centres, winning Hall of Fame awards, and finally seeing my team mates become CIOs in their own right; as of date I can count more than 15,” recalls Gupta

Professionally, the low points for Gupta were some of the projects that did not work as anticipated.

“There have been low points when projects failed. I remember a project where I didn’t focus on the deliver-ables and left it to my team, which failed to rise up to the challenge. it became messy at the end. The sec-ond instance was when I had given a team member a specific task and

he started filing false reports. These incidents led me to conclude that one has to be a situational leader. You cant deal with everybody in the same manner. One has to adapt according to different individuals,” he says.

So what is top on Gupta's priority list now? “I have taken up a very chal-lenging task now. I will talk about it sometime later when we have climbed the peak of Mount Everest (that is my project name),” he says.

From his vast experience in differ-ent verticals, Gupta has an advice for CIOs who are aspiring to become future enterprise technology leaders.

“It is not about technology, it is about people and the business,” he sums up.

How long have you known arun Gupta? How is he as a boss?Although I have worked with Gupta for a year, I know him for about seven years. He is an extremely good manager of people. He not only understands his team mem-bers but also knows how to get things done. He is empathetic to the other per-son’s viewpoint. Another good quality that Gupta possesses is that nobody can take him for granted.

How is he in his personal life?Gupta is a very down to earth person. He is among the top notch CIOs in the country, and he has reached this position through sheer knowledge and ability. Gupta knows what he does, for him nothing is by fluke.

What is his management style?He is a situational leader and believes in del-egating work. Once he has assigned a task to somebody, he doesn’t bother to ask fre-quently. He is concerned only with the final output. He trusts his team, and is involved only when strategising. Of his management style, 60 percent is delegative.

do you recall an incident when Gupta’s leadership abilities came to the fore?I can remember an incident during my stay at Philips during 2006-07. Gupta was asked by the top management to bring about improvements in the logistics department by leveraging IT. Gupta wanted to follow the Theory of Constraints (TOC). Philips, on the other hand, is a big MNC where strategy flows from the headquarters. Despite this, Gupta put all his efforts in pushing TOC among business leaders within the com-

pany. I soon left the company and don’t know if Gupta’s approach was followed or not but his viewpoint was well accepted. The way he maneuvered the entire case was laudable.

What are the areas where he can improve?Normally, Gupta reserves his comments only when asked for because of which peo-ple feel that he is arrogant. I feel if he is able to change this aspect, it could help change some people’s wrong perception.

“gupta knows what he does”ajay Meher | Sr. Vice President & Head - IT and Post Production at Sony entertainment Television fire

“gupTa is a very dOwn TO earTh persOn. he is amOng The TOp nOTch ciOs in The cOunTry”

s t a n d i n g t a l l | C O V E R s t O R y

23May 2013

C&L S

ECTIO

N

“When the effective leader is finished

with his work, people say it

happened naturally.”

— Lao Tzu

24AMay 2013

SpECIAL

LEAdErShIp SECTION

C&L S

ECTIO

N

24B May 2013

CIO&LEADER This special section on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:

An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm

This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors

Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each other’s strengths and weaknesses, opine on each other’s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests

A one-page review of a book on leadership

TOp dOWN

ME & MY MENTEE

LEAdINg EdgE 26

2530

34 ShELF LIFE

I N T r O d u C T I O N

Expose Employees to Extreme ConditionsSC Mittal, Group CTO, IFFCO, feels that a leader should always be prepared to take additional responsibilities

ties. We have a lot of centres outside the country and for this we identify a team member from IFFCO head office to head the IT operation in a foreign country where IFFCO has started a base. This exposure is very beneficial for the employ-ee because they now get to handle all the problems hands on. An employee can only grow and become a future leader if he is exposed to extreme conditions. We also get to know the real character of a person in problematic situations, and IFFCO provides that to the deserving employees. I have had numerous discus-sions with the team members who had the opportunity to head IT in an overseas location and they have all given me positive feedback about that experience.

One of the new things we have done in IFFCO is to use video conferencing while doing all the appraisals annually. This has saved huge costs for the com-pany and has also reduced the amount of time required for the appraisals. Ear-lier, all the directors used to come to Delhi office and employees from different locations also used to come to Delhi for the appraisals. The whole process used to take around two months and employees also had to invest a lot on travelling and staying in Delhi. Now everything has changed and employees from different locations can get their appraisals done by video conferencing. – As told to Atanu Kumar Das

I have been associated with Indian Farmers Fertiliser Cooperative Ltd (IFFCO) for the last 28 years and all the IT development in the company has been under my supervision. I have always believed in coming up with innovative ways to help the company leverage technol-ogy. One of the most important developments within the company has been the human resource (HR) appli-cation. It is one of the most exhaustive programmes where the management gets to know the vacancies, retirements, retention programmes, employee profiles, grooming future leaders etc at one click. Till today, the management feels that we have the best HR application in the industry and whole credit of this goes to the tech-nical team of IFFCO. We worked extremely hard for this project and invested a lot of time in developing a solu-tion that is not only scalable but is error-proof.

Another thing that I think is unique in IFFCO is our tradition of giving employees additional responsibili-

Top Down SC MiTTalGroup CTo, iFFCo

25May 2013

ima

ge

by

su

bh

oji

t p

au

l

Rob Mcewen had a problem. The chair-man and chief executive officer of Canadian mining group Goldcorp knew that its Red Lake site could be a money-spinner—a mine nearby was thriving—but no one could figure out where to find high-grade ore. The terrain was inaccessible, operating costs were high, and the unionized staff had already gone on strike. In short, McEwen was lumbered with a gold mine that wasn’t a gold mine.

Then inspiration struck. Attending a conference about recent developments in IT, McEwen was smitten with the open-source revolution. Bucking fierce inter-nal resistance, he created the Goldcorp Challenge: the company put Red Lake’s

closely guarded topographic data online and offered $575,000 in prize money to anyone who could identify rich drill sites. To the astonishment of players in the mining sec-tor, upward of 1,400 technical experts based in 50-plus countries took up the problem. The result? Two Australian teams, working together, found locations that have made Red Lake one of the world’s richest gold mines. “From a remote site, the winners were able to analyse a database and generate targets without ever visiting the property,” McEwen said. “It’s clear that this is part of the future.”

McEwen intuitively understood the value of taking a number of different approaches simultaneously to solving difficult prob-

lems. A decade later, we find that this mind-set is ever more critical: business leaders are operating in an era when forces such as technological change and the historic rebalancing of global economic activity from developed to emerging markets have made the problems increasingly complex, the tempo faster, the markets more volatile, and the stakes higher. The number of variables at play can be enormous, and free-flowing information encourages competition, plac-ing an ever-greater premium on developing innovative, unique solutions.

This article presents an approach for doing just that. How? By using what we call flexible objects for generating novel solu-tions, or flexons, which provide a way of

Five Routes to More Problem SolvingTricky problems must be shaped before they can be solved. To start that process, leaders should look through multiple lenses by olivier Leclerc and Mihnea Moldoveanu

leaDinG eDGe

olivier leClerC anD Mihnea MolDoveanu

26 May 2013

27May 2013

shaping difficult problems to reveal innova-tive solutions that would otherwise remain hidden. This approach can be useful in a wide range of situations and at any level of analysis, from individuals to groups to organizations to industries. To be sure, this is not a silver bullet for solving any problem whatever. But it is a fresh mechanism for representing ambiguous, complex problems in a structured way to generate better and more innovative solutions.

The flexons approachFinding innovative solutions is hard. Precedent and experience push us toward familiar ways of seeing things, which can be inadequate for the truly tough challenges that confront senior leaders. After all, if a

problem can be solved before it escalates to the C-suite, it typically is. Yet we know that teams of smart people from different backgrounds are more likely to come up with fresh ideas more quickly than indi-viduals or like-minded groups do. When a diverse range of experts—game theorists to economists to psychologists—interact, their approach to problems is different from those that individuals use. The solu-tion space becomes broader, increasing the chance that a more innovative answer will be found.

Obviously, people do not always have think tanks of PhDs trained in various approaches at their disposal. Fortunately, generating diverse solutions to a problem does not require a diverse group of problem

solvers. This is where flexons come into play. While traditional problem-solving frameworks address particular problems under particular conditions—creating a compensation system, for instance, or undertaking a value-chain analysis for a vertically integrated business—they have limited applicability. They are, if you like, specialised lenses. Flexons offer languages for shaping problems, and these languages can be adapted to a much broader array of challenges. In essence, flexons substitute for the wisdom and experience of a group of diverse, highly educated experts.

To accommodate the world of business problems, we have identified five flexons, or problem-solving languages. Derived from the social and natural sciences, they help users understand the behavior of individuals, teams, groups, firms, markets, institutions, and whole societies. We arrived at these five through a lengthy process of synthesising both formal literatures and the private knowledge systems of experts, and trial and error on real problems informed our efforts. We don’t suggest that these five flexons are exhaustive—only that we have found them sufficient, in concert, to tackle very difficult problems. While serious men-tal work is required to tailor the flexons to a given situation, and each retains blind spots arising from its assumptions, multiple flex-ons can be applied to the same problem to generate richer insights and more innova-tive solutions.

Networks flexonImagine a map of all of the people you know, ranked by their influence over you. It would show close friends and vague acquaintances, colleagues at work and col-lege roommates, people who could affect your career dramatically and people who have no bearing on it. All of them would be connected by relationships of trust, friend-ship, influence, and the probabilities that they will meet. Such a map is a network that can represent anything from groups of people to interacting product parts to traffic patterns within a city—and therefore can shape a whole range of business problems.

For example, certain physicians are opin-ion leaders who can influence colleagues about which drugs to prescribe. To reveal relationships among physicians and help

xx

ima

gin

g b

y p

ho

to

sc

om

o l i v i e r l e C l e r C a n D M i h n e a M o l D o v e a n u | l e a D i n G e D G e

28 May 2013

l e a D i n G e D G e | o l i v i e r l e C l e r C a n D M i h n e a M o l D o v e a n u

The decision-agent flexon takes this basic logic to its limit by providing a way of rep-resenting teams, firms, and industries as a series of competitive and cooperative inter-actions among agents. The basic approach is to determine the right level of analysis—firms, say. Then you ascribe to them beliefs and motives consistent with what you know (and think they know), consider how their payoffs change through the actions of oth-ers, determine the combinations of strate-gies they might collectively use, and seek an equilibrium where no agent can unilaterally deviate from the strategy without becoming worse off.

Game theory is the classic example, but it’s worth noting that a decision-agent flexon can also incorporate systematic departures from rationality: impulsiveness, cognitive short-cuts such as stereotypes, and systematic bias-es. Taken as a whole, this flexon can describe all kinds of behaviour, rational and otherwise, in one self-contained problem-solving lan-guage whose most basic variables comprise agents (individuals, groups, organisations) and their beliefs, payoffs, and strategies.

For instance, financial models to optimise the manufacturing footprint of a large industrial company would typically focus on relatively easily quantifiable variables such as plant capacity and input costs. To take a decision-agent approach, you assess the payoffs and likely strategies of mul-tiple stakeholders—including customers, unions, and governments—in the event of plant closures. Adding the incentives, beliefs, and strategies of all stakeholders to the analysis allows the company to balance the trade-offs inherent in a difficult decision more effectively.

System-dynamics flexonAssessing a decision’s cascading effects on complex businesses is often a challenge. Making the relations between variables of a system, along with the causes and effects of decisions, more explicit allows you to understand their likely impact over time. A system-dynamics lens shows the world in terms of flows and accumulations of money, matter (for example, raw materials and products), energy (electrical current, heat, radio-frequency waves, and so forth), or information. It sheds light on a complex system by helping you develop a map of the

“assessing a decision’s cascading effects on complex businesses is often a challenge”—olivier Leclerc

identify those best able to influence drug usage, a pharmaceutical company launch-ing a product could create a network map of doctors who have coauthored scientific arti-cles. By targeting clusters of physicians who share the same ideas and (one presumes) have tight interactions, the company may improve its return on investments com-pared with what traditional mass-marketing approaches would achieve. The network flexon helps decompose a situation into a series of linked problems of prediction (how will ties evolve?) and optimisation (how can we maximise the relational advantage of a

ity to calculate the effects of changing them, whether they’re groups of people, products, project ideas, or technologies. Sometimes, you must make educated guesses, test, and learn. But even as you embrace random-ness, you can harness it to produce better solutions to complex problems.

That’s because not all “guessing strate-gies” are created equal. We have crucial choices to make: generating more guesses (prototypes, ideas, or business models) or spending more time developing each guess or deciding which guesses will survive. Con-sider a consumer-packaged-goods company

given agent?) by presenting relationships among entities. These problems are not simple, to be sure. But they are well-defined and structured—a fundamental require-ment of problem solving.

Evolutionary flexonEvolutionary algorithms have won games of chess and solved huge optimisation problems that overwhelm most computa-tional resources. Their success rests on the power of generating diversity by introducing randomness and parallelisation into the search procedure and quickly filtering out suboptimal solutions. Representing enti-ties as populations of parents and offspring subject to variation, selection, and retention is useful in situations where businesses have limited control over a large number of important variables and only a limited abil-

trying to determine if a new brand of tooth-paste will be a hit or an expensive failure. Myriad variables—everything from con-sumer habits and behavior to income, geog-raphy, and the availability of clean water—interact in multiple ways. The evolutionary flexon may suggest a series of low-cost, small-scale experiments involving product variants pitched to a few well-chosen market segments (for instance, a handful of repre-sentative customers high in influence and skeptical about new ideas). With every turn of the evolutionary-selection crank, the com-pany’s predictions will improve.

Decision-agent flexonTo the economic theorist, social behaviour is the outcome of interactions among indi-viduals, each of whom tries to select the best possible means of achieving his or her ends.

29May 2013

“the insistence on nearunanimity is counter-productive because it stifles debates”—Mihnea Moldoveanu

Olivier Leclerc is a principal in

McKinsey’s Southern California

office

Mihnea Moldoveanu is associate

dean of the full-time MBA program

at the University of Toronto’s

Rotman School of Management,

where he directs the Desautels Centre for

Integrative Thinking.

causal relationships among key variables, whether they are internal or external to a team, a company, or an industry; subjec-tively or objectively measurable; or instanta-neous or delayed in their effects.

Consider the case of a deep-sea oil spill, for example. A source (the well) emits a large volume of crude oil through a sequence of pipes (which throttle the flow and can be represented as inductors) and intermediate-containment vessels (which accumulate the flow and can be modeled as capacitors). Eventually, the oil flows into a sink (which, in this case, is unfortunately the ocean). A pressure gradient drives the flow rate of oil from the well into the ocean. Even an approximate model immediately identifies ways to mitigate the spill’s effects short of capping the well. These efforts could include reducing the pressure gradi-ent driving the flow of crude, decreasing the loss of oil along the pipe, increasing the capacity of the containment vessels, or increasing or decreasing the inductance of the flow lines. In this case, a loosely defined phenomenon such as an oil spill becomes a set of precisely posed problems addressable sequentially, with cumulative results.

Information-processing flexonWhen someone performs long division in her head, a CEO makes a strategic deci-sion by aggregating imperfect information from an executive team, or Google servers crunch Web-site data, information is being transformed intelligently. This final flexon provides a lens for viewing various parts of a business as information-processing tasks, similar to the way such tasks are parceled out among different computers. It focuses attention on what information is used, the cost of computation, and how efficiently the computational device solves certain kinds of problems. In an organissation, that device is a collection of people, whose processes for deliberating and deciding are the most important explanatory variable of decision-making’s effectiveness.

Consider the case of a private-equity firm seeking to manage risk. A retrospec-tive analysis of decisions by its investment committee shows that past bets have been much riskier than its principals assumed. To understand why, the firm examines what information was transmitted to the com-

improve the productivity of its researchers can use flexons to illuminate the problem from very different angles.Networks. It’s possible to view the problem as a need to design a better innovation network by mapping the researchers’ ties to one another through co-citation indi-ces, counting the number of e-mails sent between researchers, and using a network survey to reveal the strength and density of interactions and collaborative ties. If coordinating different knowledge domains is important to a company’s innovation productivity, and the current network isn’t doing so effectively, the company may want to create an internal knowledge market in which financial and status rewards accrue to researchers who communicate their ideas to co-researchers. Or the company could encourage cross-pollination by setting up cross-discipline gatherings, information clearinghouses, or wiki-style problem-solv-ing sites featuring rewards for solutions.Evolution. By describing each lab as a self-contained population of ideas and techniques, a company can explore how frequently new ideas are generated and filtered and how stringent the selection pro-cess is. With this information, it can design interventions to generate more varied ideas and to change the selection mechanism. For instance, if a lot of research activity never seems to lead anywhere, the company might take steps to ensure that new ideas are presented more frequently to the busi-ness-development team, which can provide early feedback on their applicability.Decision agents. We can examine in detail how well the interests of individ-ual researchers and the organisation are aligned.

— This article is pu blished with prior permis-sion from McKinsey Quarterly.

mittee and how decisions by individuals would probably have differed from those of the committee, given its standard operating procedures. Interviews and analysis show that the company has a bias toward riskier investments and that it stems from a near-unanimity rule applied by the committee: two dissenting members are enough to pre-vent an investment. The insistence on near-unanimity is counterproductive because it stifles debate: the committee’s members (only two of whom could kill any deal) are reluctant to speak first and be perceived as an “enemy” by the deal sponsor. And the more senior the sponsor, the more likely it is that risky deals will be approved. Raising the number of votes required to kill deals, while clearly counterintuitive, would stimu-late a richer dialogue.

Putting flexons to workWe routinely use these five problem-solving lenses in workshops with executive teams and colleagues to analyse particularly ambiguous and complex challenges. Partici-pants need only a basic familiarity with the different approaches to reframe problems and generate more innovative solutions. Here are two quite different examples of the kinds of insights that emerge from the use of several flexons, whose real power emerges in combination.

Reorganising for innovationA large biofuel manufacturer that wants to

o l i v i e r l e C l e r C a n D M i h n e a M o l D o v e a n u | l e a D i n G e D G e

30 May 2013

MenTorSaChin JainCio & CiSo, evalueServe

MenTee

anuJ JoShiGroup ManaGer, iT, evalueServe

What do you look for in a mentee?SachIn JaIn The first and foremost thing that I

look for in a mentee in having the right attitude towards work. He should have sense of ownership, should possess team play skills and should have the ability of people management. Some of the other traits that I look for is sound knowledge of technology, good understand-ing of business and he should be able to interact with the client in an effective manner. I believe that client management is very important from a leadership per-spective and it helps immemsely in the growth path of the mentee.

What do you look up to in your mentor? anuJ JoShI A mentor should possess excellent

listening skills and that is present in Sachin. He would listen to you for hours and try and understand your per-spective and then provide his own inputs. Moreover, a mentor should also have motivational skills and should be able to work transparently. The mentor should have excellent communication skills and I am lucky to have a mentor like Sachin who has all these qualities. To add to this, I can also share my personal issues with my men-tor and expect to get valuable response from his end.

How do you identify the priority areas where you think your mentee needs to focus on for

further professional development?SachIn JaIn One of the important thing that is needed is

regular assessment of the mentee and a CIO can never be disconnected with his team members. A CIO should not leave the team member on its own, he should be there to handhold the mentee whenever needed and should also provide spot feedback to the mentee. At Evalueserve, we have a very open culture and that helps in the growth of the employee professionally. It is the onus of the employee to show dedication and learn and the CIO is always there to help him out.

Do you think your mentor spends enough time with you? How do you think your

mentor could contribute more towards your professional growth?anuJ JoShI In today's time it is very difficult to have enough time. My mentor keeps on travelling a lot but the most important thing is that he is just a phone call away. He is there whenever I need to discuss any impor-tant matter and that I feel is a bliss for the mentee. We always keep on communicating and the amount of motivation he provides, helps us to keep up with the fast pace of information technology.

How do you think your mentee can take more responsibilities and take more

bigger decisions?SachIn JaIn Anuj has the quality of always taking responsibilities and he has done a lot of project single handedly. He would come up to me and discuss a par-

“Working in Tandem”

Me & My MenTee

31May 2013

S a C h i n J a i n & a n u J J o S h i | M e & M y M e n T e e

ticular idea and we would do the brainstorming and once we are sure that a particular project would be beneficial for the company, I would give him a free hand and he would deliver the project. Also, Anuj is very good at bringing into my notice some key things which maynot have occurred to me. I can trust him fully that he would give his best and do the project exactly the way I wanted him to.

Does your mentor delegate enough tasks and responsibilities to you? How often do you take key

decisions yourself? How would you like the situation to change (if at all)?anuJ JoShI Sachin is very good at delegating work and in turn I have also learned to delegate work to my team. This way there is no extra pressure on anybody and we know exactly what is needed from the team. There have been many a days, where I have taken key deci-sions because Sachin has entrusted that responsibility to me. I am very happy to work under a mentor like Sachin.

Are there any conflicts between you and your mentee? If so, how do you resolve them? If not, what do you think is

the secret of your smooth working relationship?SachIn JaIn I would not say that we have conflicts because I think if one has conflicts then it is very difficult to work together. In case of me and Anuj, we have healthy discussions and the most important part is we both want to understand each other's perspective.

Please describe your working relationship with your mentor and how the two of you address key challenges

together or resolve any conflicts of opinion?anuJ JoShI I would describe our relationship to be very professional and understanding. We both try and understand each other and work towards achieving the goal of the company. We have always addressed key challenges of the company together and have come out with amazing results. There have been times when some things don't work as you have planned, but Sachin knows how to react in those situations and that is a big positive for any team member.

What are the two or three things you have learned from your mentee?

SachIn JaIn One of the most likable traits about Anuj is his dedica-tion and I am really amazed by the kind of hard work he has put in the company. Another thing which is admirable about Anuj is his solution-oriented approach towards work.

What are the two or three key things you have learned from your mentor?

anuJ JoShI I have learned motivational skills from Anuj which is excellent. He can pump the team up and that helps a lot in getting the work done. Moreover his communication skills is above par and I am trying to learn that from him. I have also learned delegation skills from him and that has helped us as a IT team.—As told to Atanu Kumar Das

“one of the most likable traits about anuj is the

dedication he puts in. i am really amazed by this”

“sachin is very good at delegating work and in

turn i have also learned to delegate work to my team”

ima

ge

s b

y s

ub

ho

jit

pa

ul

32 May 2013

DaviD liMopinion

A View to Die For? Even as recently as 1998, when I led the first Singapore Mount Everest Expedition, our aim was to climb the mountain with more than minimal experience.

aBouT The auThorDavid Lim, Founder, everest motivation team, is a leadership and negotiation coach, best-selling author and two-time mt everest expedition leader. he can be reached at his blog http://theasiannegotiator. wordpress.com, or david@everestmotivation.com

The wRITeR Ernest Hemingway once said that there are only three true sports in the world – the rest being mere-ly games – and listed them as motor racing, bullfighting and mountaineering.

But in the decades since the last of the giant Hima-layan peaks fell to the boots of mountaineers, has the sport of mountaineering, at least where Mount Everest is concerned, changed irreversibly, and not necessarily for the better?

Each year, like part of a tick-list for driven people, Everest sees hundreds of climbers swarming its flanks, almost all of them attempting to scale it from either its standard routes from the south in Nepal or the north, from Tibet.

I applaud anyone who wishes to take on the personal challenge of the peak, as it is still not an easy accom-plishment.

In its purest form, the sport of mountaineering is about freedom of expression. It’s about self-determina-tion, route finding, working as a team, and challenging yourself in a pristine, harsh and remote arena.

And yet, climbing Everest has lost most of the ele-ments that make mountaineering what it is. For Everest at least, the aim of the game is summitting, and some-times at all costs.

Ask those climbers this season who were told to turn around but did not, and then died on their descent, largely due to exhaustion and mistakes made in a hypox-ic state of lacking oxygen.

Veteran mountain guide Dave Hahn told me more than a decade ago on my second Everest expedition that ‘there is the sport of mountaineering, and then there is this thing called Everesting’. Mr Hahn should know;

he’s climbed Everest an amazing 14 times.In ‘Everesting’, it seems more and more people want

to get to the top without investing in a long and often rewarding apprenticeship in mountaineering.

Even as recently as 1998, when I led the first Singa-pore Mount Everest Expedition , our aim was to climb the mountain with more than minimal experience, clocking up significant time on other mountains prior to tackling the peak.

That year, taking the standard route from Nepal, 45 people summitted. This spring season on Everest, near-ly 400 people have done so. In 1998, none in Nepal died. In the season just ended, 10 have died.

It is clear from this, as well as some shocking pic-tures this year of more than 150 people jammed up in a queue leading to the final summit camp at the 8,000m mark, that the situation on Everest is fast becoming unsustainable.

In mountaineering, there are objective and subjec-tive dangers, the former being risks which are difficult to control, such as encountering a teetering ice tower hanging over the climbing route and not knowing when exactly it might crash down.

But what is killing more people on Everest are the subjective dangers. These are the more controllable risks, such as climbers’ physical conditioning and train-ing, their prior experience and their development of the mountaineer’s ‘inner voice’ that is uncannily correct in helping experienced climbers make the right call in dif-ficult situations.

Here is what is making Everest a real circus of danger: For many of the less experienced climbers who have joined a commercial expedition, most of the

33May 2013

D a v i D l i M | o p i n i o n

key decisions are made by their trip leaders. A huge amount of logis-tics and decision- making is out of their hands com-pletely.

As such, there is often a lack of mountain ‘awareness’ – knowing what is in place, under-standing the limits of their bodies under stress, being able to be resilient when situa-tions change. They also have a shallow experience and skill base on which to rely when things go wrong.

On a perfectly calm day in 1998, I was horrified to see two climbers stall above me. They waited until a third climber – a guide – joined them to demonstrate something as basic as how to thread a rope into a braking device to descend a fixed rope safely. This is akin to

climbers died in a single incident happened because their expedition leaders looked at the weather reports and chose to interpret the facts to merely confirm what they wanted to do – to reach the summit on a specific date, even though that date was far too close to a likely change in weather for the worse.

For years, there have been calls by some of the most respected climbers in the community to restrict the numbers going up Everest. But in a dollar-poor econo-my, this is unlikely to happen, at least on the Nepal side.

In addition, who would have the unenviable task of deciding who qualifies to climb and who does not?

The very ethos of the ‘freedom of the hills’ held by most mountaineers would work against any of us want-ing to be the competency police on Everest.

But until some systemic changes are made to how people approach their preparation for Everest, who organises the climbs, and who are allowed to climb it, the view from Everest, for at least a few unprepared or unlucky ones, will be a view to die for.

DAVID LIM IS A LEADERSHIP AND NEGOTIATION

COACH AND CAN BE FOUND ON HIS BLOG http://

theasiannegotiator.wordpress.com, OR subscribe to his free

e-newsletter at david@everestmotivation.com

xx

im

ag

e b

y p

ho

to

s.c

om

“For years, there have been calls by some of the most respected climbers in the community to restrict the numbers going up everest. But in a dollar-poor economy, this is unlikely to happen”

teaching a non-driver how the brakes of a car work after you’ve let him loose on the highway.

Worse, many outfits that operate on Everest are under-equipped and when a client gets into trouble, they do not have the resources to mount a coherent rescue.

As the window of summitting in relatively stable weather in the season is usually confined to just a few periods of four to five days at a time, when people decide to make a summit push, everyone else does so too, lead-ing to huge jams at the bottleneck areas where there is a more difficult technical challenge to be negotiated.

I know of people who have had frostbite and other such injuries from cold because they were waiting for an hour at a choke point to get their turn on the summit. It’s a recipe for disaster if bad weather then sweeps in.

A third key factor is cognitive biases at work. Among the most common is ‘sunk cost’ – most wannabe Ever-est climbers have saved up the US$40,000 to $65,000 (S$52,000 to S$84,000) required to have their once-in-a-lifetime shot at the summit and are loath to turn back even when wisdom dictates that they do so. More experi-enced climbers are invested in their sport and lives, and often make the better decision.

Another factor which can affect anyone is ‘confirma-tion bias’. The well-reported 1996 tragedy where eight

34 May 2013

The Leader’s Code: Mission,

Character, Service, and Getting the Job Done

“The LeaDeR’S coDe” is a unique book by a decorated US Marine

Corps veteran Donovan Campbell. Campbell is a management and technology consultant and author of New York Times best selling “Joker One: A Marine Platoon’s Story of Courage, Leadership, and Brother-hood." He has served three combat deployments in Iraq and Afghani-stan. In his latest book The Leader's Code the author reveals virtues that hold up impressive leadership.

The book, unlike other leadership guides, offers a practical action plan that can be used in day-to-day life where leadership skills are required. The author, in the book, covers pro-fessional as well as personal life of an individual.

Taking cues from his life dur-ing olive green uniform the army veteran comprehensively narrates military servant-leader model. As per the model the first responsi-bility of a leader is his mission, fol-lowed by his team. He himself is a distant third. With this model he tries to explain the concept of self-sacrifice, which is lacking in today's leadership.

Talking about the foundation of servant-leadership, Campbell high-lights six key attributes: humility, discipline, wisdom, excellence, kind-ness and courage.

He has beautifully drawn lessons from his time in the army, history, scripture and business.

The author narrates how to develop virtues in order to take lead-ership with confidence, conviction, and passion.

Campbell states that true leaders foster fellow feelings for others and they act to achieve quality in what-ever they do.

They are the people who always know how and when to self-correct and are moderate in their behaviour. Campbell’s search for these essen-tial attributes is diversified. He takes it from the office board-rooms of some of the world’s suc-cessful enterprises to the Infantry Officer Course.

Some of the attributes are picked from the 12-week training that American Marines use to prepare their leaders to sacrifice for the wel-fare of others.

Globally, including America

people have little faith left in the political and business leaderships of the country. Most of them are seen as greedy, selfish, incompetent , hypocritical, criminal, shortsighted or all of the above.

Due to this widespread breach of trust in leadership people have started loosing faith in many of our basic institutions.

The people, however, still respect Army for their commit- ment and willingness for sacrifice for their country.

Campbell, no doubt has written a brilliant, profound, all-inclusive scrutiny of leadership and leaders. The key teachings can be well taken and well articulated, are relevant at home, within the ownership, and as well as in professional life.

The Leader’s Code is an essential book for anyone worried about today’s leadership crisis in our country and communities.

—By Akhilesh Shukla

aBouT The auThorDonovan campbell graduated from princeton university in may 2001 and joined the marine corps as a second lieutenant. he was awarded a bronze star with Valor for heroism during his second deployment, in which he led a forty-man infantry platoon through some of the fiercest fighting of the war.

“True leaders foster fellow feelings for others and they act to achieve quality in whatever they do.” —Donovan CaMpBell

ShelF liFe

NEXTHORIZONS

While most CIOs agree that their role will change in the next five years, less than a third see themselves as developers of business strategy or driv-

ers of their company’s competitive future today, according to a new study by Emerson Network Power. Nearly half characterise themselves as IT service providers and cost centers to the business leaders in their organisation.

One challenge preventing CIOs from playing a more strategic role is the sheer

The CIO of the FutureBecoming a Business Game-Changer

xx

ill

us

tr

at

ion

by

sh

igil

na

ra

ya

na

n

38 May 2013

complexity of the job. They find themselves dealing with an IT infrastructure that has been pushed to the limit with new technolo-gies and growing business demands and must devote most of their time to making sure “the lights stay on.”

At the end of the day, there is little time or budget remaining to allow them to focus on strategic priorities that help their organ-isations stay ahead of business demands. Those CIOs who do manage to stay ahead of business demands are ones who are able to budget for innovation and focus on strategi-cally adopting new technologies.

Survey MethodologyIn an effort to better understand the changing role of the CIO, Emerson Net-work Power surveyed CIOs and top IT executives of companies in the United States, Latin America, Europe and Asia. Participants were recruited by EMI Online Research Solutions from panels of IT deci-sion makers, and screened to be the top IT executive at a company, business unit or region; including those with the title Chief Information Officer. Online interviews were completed in February 2013. The sample of 560 respondents was balanced by region, industry and company size to the popula-tion of IT executives at companies with 500 or more employees.

Changing Role of CIOAn overwhelming majority of CIOs have experienced changes in their roles, and expect those changes to continue. Ninety percent stated that their role had changed at least slightly. CIOs from Asia (79 percent) and Latin America (78 percent) lead the pack in expecting significant change in their role in the next five years. This is compared to less dramatic change expected in the United States and Europe, where about half believe their role will change significantly in the next five years.

The most-cited changes that are expected to occur to the CIO role involve developing and adopting advanced technology, such as cloud computing and virtualisation.

Making improvements to management and operations are also seen as pivotal to the evolution of the CIO role. Those improve-ments include taking on more responsibility for business decisions, training others how

to leverage data analytics and contributing to increasing company profitability with technology that supports revenue growth and reduces costs.

The combination of the increasing role of technology in society and business’ growing dependence on IT means more responsibil-ity, challenges and pressure for CIOs and IT

42% of CIOs consider themselves “IT Service Providers” to the business leaders in their organisations. In Latin America, one third considers themselves “IT Partners” and one third “IT Service Providers”

Business Game Changer - Driver of Competitive Future

Business Peer -Develop Business Strategy

It Partner -Influential Collaborator

Cost Center -Unappreciated Value

100

90

80

70

60

50

40

30

20

10

0

Number ofRespondents

It Service Provider-Reliable and Effective

Latin Americatotal Sample USA Asia Europe

560 149 148 142 121

9%

60% of CIOs consider themselves aligned with business demands. Only 28% consider themselves ahead of business demands

Ahead of businessdemands

Not keeping upwith business demands

100

90

80

70

60

50

40

30

20

10

0

Number ofRespondents

Aligned with Business Demands

Latin Americatotal Sample USA Asia Europe

560 149 148 142 121

28%

60%

12%

26%

66%

8%

31%

66%

3%

27%

61%

13%

33%

64%

3%

10%

15%

26%

42%

7%

14%

11%

26%

42%

7%

16%

17%

28%

36%

3%

14%

30%

39%

8%

10%

21%

34%

33%

2%

39May 2013

m a N a g E m E N T | N E X T H O R I Z O N S

leaders, but correspondingly higher impor-tance to the organisation.

Growing Need to be More Strategic At a time when industry analysts such as Gartner, and publications such as CIO Magazine are directing CIOs to be more strategic, forty-two percent of CIOs still characterise themselves as “IT service pro-viders” and “cost centers” to the business leaders in their organisations, rather than “IT partners,” “business peers” or “business game changers*.”

There is a noticeable difference between the United States and the other regions on this topic, especially in the emerging markets of Asia and Latin America. Latin American and Asian CIOs are more likely to see themselves as business peers and part-ners, with Asian CIOs more often identify-ing as key drivers of the business.

While the majority of CIOs do not perceive themselves as game changers or business partners, they do believe they are successfully aligning IT with busi-ness demands. Sixty percent of CIOs state they are aligned with business demands while nearly an additional one-third (28 percent) say that they actually stay ahead of business demands.

Those CIOs staying ahead of business demands are doing so by taking a more stra-tegic approach to their role; using data anal-ysis to support business decision-making, forecasting and adopting new technologies, and actively embracing innovation.

Acting as IT Service Providers When it comes to the issues keeping CIOs up at night, the study sheds light on a glar-ing barrier preventing many CIOs from adopting a more strategic role.

The challenge preventing many CIOs from playing a more strategic role seems to be the sheer complexity of the job. Overall, CIOs identified 40 issues as being very or extremely impor-tant to their role as IT leader in their organisation. While they understand priorities and what issues will have the greatest impact on business, CIOs find themselves spending most of their time simply acting as “IT

service providers” and doing everything they can to make sure the IT infrastructure stays up.As business strategy becomes increas-ingly dependent on technology, there is an opportunity for the CIO to become more of a business partner and potentially a busi-ness game changer.

Becoming a Business Game-ChangerMost CIOs listed “budgeting for innovation” as an important issue; however the major-ity of CIOs also admit it is one of the issues they are acting upon the least. While inno-vation is imperative to business success, budget limitation can stifle that innovation. There is an opportunity for CIOs to become advocates for innovation by promoting a more strategic, well-funded approach. They can make the case that adopting this type of approach with technology innovation is beneficial to the continued growth and success of the organisation. Unfortunately, to become this advocate takes time and resources; something that is in short supply for most CIOs. Our Executive Brief, “Iden-tifying the Biggest IT Resource Drains,”

(EmersonNetworkPower.com/EfficiencyDrains) includes common operational efficiency drains to address to help carve out time and resources for stra-tegic initiatives.There seems to be an opportunity for CIOs to embrace a more strategic role when it comes to social media tools. While CIOs over-whelmingly say that enabling employee and customer col-

laboration with social media tools is not of highest importance, they also agree that social media tools will cut traditional email use in half for internal collaboration among employees and for collaboration with cus-tomers by 2018.

Security presents another opportunity. Of the 40 issues identified by CIOs as being important, those that they are acting upon the most are focused on security, such as protecting data stored in mobile devices and ensuring enterprise security. This is not a new issue for corporations. Security is also one of the concerns most cited by compa-nies reluctant to move to the cloud. Those CIOs who are able to adequately address data security issues and alleviate concerns will be better positioned to adopt new tools and paradigms, such as cloud computing and BYOD initiatives.

ConclusionThe findings of this Emerson Network Power study highlight a growing opportu-nity for CIOs to become more strategic in their role and have a greater impact on the success of their companies. While many IT professionals are taking steps to become the strategic IT leaders, this study indicates that more can be done; particularly when it comes to budgeting for innovation and pro-viding clear direction for new applications of technology, such as in the use of social media tools for collaboration.

By creating the time and the budget to embrace innovation and focus on adopting new technologies, CIOs can stay ahead of business demands and ensure IT is driving the business toward financial objectives.

64mnSmaRTpHONES SOld by SamSuNg glObally IN

q1 Of 2013

While the majority of CIOs do not perceive themselves as game changers, they do believe they are successfully aligning IT with business demands. Sixty percent of CIOs state they are aligned with business demands

40 May 2013

N E X T H O R I Z O N S | m a N a g E m E N T

N O H O L D S B A R R E D | P A R A g A m A L N E R k A R

42 May 2013

In an interview with Atanu Kumar Das, Parag Amalnerkar, Coun-try Marketing Manager, HP Software & Solutions, talks about HP focus on software and what are the concern areas for the CIOs

DOSSIER

Company:Hewlett-Packard

EstablishEd:

1939

hEadquartErs:

California, US

produCts:

Printers, Digital

Cameras, Scanners,

PCs, Mobile Phone etc

EmployEEs:

350,610

“Security of Apps has become critical”

P a r a g a m a l n e r k a r | n O H O l D S B a r r e D

43May 2013

How is HP Software performing in India?

The concentration on the software front has been increasing gradually for HP. We are working on helping enterprises monetise their data. We take a approach where we speak to the CIOs, CSO, Compliance Heads of the enterprises and find out their pain points and then work with our partners to offer software which can be used to the opti-mum level by the enterprises. We offer our products as a service model where enter-prises can get their problems addressed through our 24x7 support centre. Globally, HP Software contributes four percent to our overall revenue and we expect this share to increase in the coming years as we are con-centrating a lot towards software.

How can HP software help achieve better performance

for enterprises?Let me share an example of the telecom side. Mobile operators work in a highly competitive and increasingly saturated mar-ket. Voice services have become commodi-tised and demanding. Subscribers are no longer attracted by pure network offerings. Providing value-added services (VAS) is now vital for operators wanting to maximise rev-enue and generate growth. From messaging and specialised ring tones to more sophis-ticated offerings such as mobile banking, VAS are booming because they enhance the provider’s business as well as the customer experience.

The downside is that adding new services is increasingly complex, leaving operators with large and highly complicated delivery environments. Management can be a big challenge but failing to maintain availability of everyday mobile services can quickly dam-age customer loyalty. That is why mobile operators enlist outside help from managed service providers such as Comviva.

To manage client environments, Comviva and HP created Network Operations Centers (NOC) or Value Added Services Operation Centers at customer premises. Comviva teams constantly monitor how systems and applications are performing and then coor-dinate trouble-shooting teams on the ground.

Its main business service management tool is HP Operations Manager (OM). This is particularly valuable because it not only

detects problems but also applies advanced logic to determine the real cause of an inci-dent. It then provides advice on the likely business impact and helps prioritise reme-dial action. HP Network Node Manager (NNM) increases service levels and decreas-es business impact by managing network health whilst HP Performance Insight (PI) allows the teams to collect, consolidate and centralise performance data.

The mobile VAS end-user monitoring package from HP manages service avail-

agement (ITSM) solution, HP service man-ager (SM) and end-to-end visibility of busi-ness transaction is supplied by HP business availability center (BAC).

Can you elaborate on HP IT Performance Suite?

HP IT performance suite software suite includes the HP performance center (PC) and the HP quality centre (QC). The HP PC software tests, analyses, and validates application performance against customer business requirements. The HP QC soft-ware prioritises testing based on business risks. It manages and automates the deliv-ery of secure, quality applications. This allows enterprises to strengthen its testing practice and to introduce new services for the delivery of high quality applications to its customers. HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. We brings together a portfolio that spans printing, personal computing, soft-ware, services and IT infrastructure to solve customer problems. As more companies turn to IT to help them innovate and stay competitive, the quality and security of soft-ware applications becomes more critical in supporting today’s business demands. The powerful combination of HP performance center and HP quality centre provides a comprehensive application testing and qual-ity management solution. This enables our customers to improve IT performance with secure and reliable business applications.

What are concern areas for CIOs today?

Security is a major concern for the CIOs and they are trying a lot of ways to get the network protected. We have been constantly in touch with numerous enterprises where we interact with different CIOs and they have always shown concern about security. Moreover, inclusion prevention from a network perspective is also a challenge. We at HP are working on building software that can provide a secure environment. We realise that capex keeps on going down every year and a CIO has to manage a lot within this limited budget. The objective of the vendor should always be in providing the best product at a reasonable price and we always try to achieve this.

“ We realise that capex keeps on

going down every year and a CIO has

to manage a lot within this limited

budget”

ability, service response times, faults and performance. It also provides helpdesk ser-vices using IT infrastructure library (ITIL) principles to advise on incident, problem, change and configuration management. HP Software Professional Services Organisation (PSO) provides consulting services through all phases of deployments which are typi-cally delivered with a five-year support.

Running on HP Integrity and ProLiant servers with HP storage, a typical Comviva set-up is completed by the IT service man-

44 May 2013

TECH FORGOVERNANCE

Too Many Assets, not Enough Resources By Rafal Los

Global marketshare of Samsung in the smartphone segment

31%DATA BRiEfing

illu

st

ra

tio

n B

Y s

hig

il n

ar

aYa

na

n

Deconstructing ‘Defensible’

45May 2013

s E C u R i T y | T E C H F O R G O V E R N A N C E

FPOinTS

5 There are two

types of defenses

--- active and static

acTive defences are dramatically

different, and

require constant

human interaction

sTaTic defenses are your automated

systems that

tend to 'set and

forget (about)' like

anti-virus

acTive defenses are almost always

significantly more

costly

sTaTic defenses are generally less

costly, and can

cover a wider range

of assets

I want to talk about a problem we all have, regardless of organisational size, but like any other condition few admit to and even less talk about openly. Basically - in just about every organisation (with little exception) there are more things to defend than there are resources to defend with. Period.

Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it? Except here you're playing the opposite game - instead of trying to go for world domination you're only paying for defense. You're trying not to get overrun. What you have is assets all over the map, quite literally for many of you, and you don't have enough resources to allocate evenly to 'defend' all those assets.

For fear of being overly dramatic, let's look at this from a practical standpoint. There are two types of defenses - active and static. Static defenses are your automated sys-tems that we tend to 'set and forget (about)' like anti-virus, an IPS, firewall, or some other piece of automation that's out there doing its job without human intervention to any large degree. Active defenses are dramatically different, and require constant human interaction to be worthwhile. Depending on the type of strategy you employ your IPS may actually be an active defense, but that depends on how much 'human resource' you attribute to it, and whether you actually act upon alerts, while constantly tun-ing and adjusting to intelligence-based information.

Static defenses are generally less costly, and can cover a wider range of assets. Anti-virus (as terrible of an example as this is) covers every endpoint in your enterprise, potentially, but does so rather poorly. However, given that every endpoint in your enterprise doesn't get classified as a critical asset (more on this in a moment) this is per-fectly OK. There is a great argument to be made that in an enterprise no node can be neglected as it could be the entry point for an attack - and this is 101% valid, but when you've got a limited amount of resources on the defensive front you're forced to make tough choices.

Active defenses are almost always, in my experience, significantly more costly. Unlike their static counterpart, active defenses require [competent] humans to operate,

From the ‘firewall guy’ to the board room - the concept of defensible must stand as the primary directive of the organisation and pull away from the old dogma of 'we must be secure' which is largely nonsense in a modern organisation.

monitor, and react. Active defenses, by their more costly nature, are more scarce and are more difficult to deploy in a 'shotgun' approach... have you ever tried to provide human analysis (even through a filtered dashboard) on a thousand endpoints? Active defenses are deployed stra-tegically at critical points or where the most risk is... and now we're back to sound risk analysis. Active defenses are those like a fine-tuned, well-maintained SIEM which has a human (or team of humans) analysing, updating, and constantly tuning the product to extract maximum signal while minimising noise. SIEM is such a great example because many organisations I've worked with (sadly, most) across a vast variety of SIEM products generally put in their SIEM and then expect it to churn out magic all on its own. Not only is this silly - but it misses the whole point of such a tool. These types of situations arise when a critical piece of security infrastructure only gets half the funding necessary - the purchase - and neglects the other major expense (upkeep, maintenance).

Before I get into why risk analysis is so, so critical, let's talk about assets. Not every asset in your organisation is equally valuable. No earth-shattering revelation there, I'm confident of that. What may be a little challenging is the notion that an attacker will always pick the weakest point of entry, but you can't know which point that is, and you have to adjust defense against that thinking. Even though we can be fairly confident that attackers today are exploit-ing the human factor because it's the easiest, once they're firmly implanted on an endpoint they will start internal reconnaissance to figure out where the things they may want are. This is precisely the reason why all assets are not created equal. While it is absolutely true that at any given point in time your corporate intellectual property may be on FaceBook, Google's GMail, or on an internal file server - if we truly understand what our critical assets are, and how they're consumed or manipulated, then we stand a much better chance of building intelligent defenses around them. The key here is, not every asset in your organisation (laptop, web server, database) is equally important. Building and maintaining smart defenses means having to position your active security infrastruc-ture around the really important things, with the assump-

46 May 2013

tion that the semi-important things which are being protected by static defenses may (likely) be compromised. Once this is accepted, and the shift in thinking follows, we start to attain truly smart secu-rity. Yes, this means understanding at a very deep level what your organisation or business does. Oddly this is one of the key failings of information security professionals.

Now let's talk about that all-important asset risk analysis. At the heart of this business-level exercise is the identification and classifi-cation of assets within your organisation, including cat-egories or tiers. Create tiers of asset criticality, and start asking the question 'what is the risk if this were to cor-rupted/stolen, etc?" Keep in mind that even though the tendency is to place everything in the 'mission critical' class, only a small percentage of organisational assets are actually that critical. You need to determine where the bar is, or perhaps what percentage of the assets is allowed in the 'mission critical' and 'critical' classes. That number or percentage varies by organisation, and risk appetite. It is absolutely vital that this exercise be performed by the information security organisation (in conjunction with the rest of the business stakeholders) to first explain the above concept, and then classify and categorise the assets in your organisation. Risk analysis gives us that propor-tionality perspective, where we can say we have X amount of active

defense capability, and Y amount of assets we need to defend ... and then decide where the bar is set for things that get active vs. passive defense. Arguably this is an exercise that only some of the more mature security organisations will be able to pull off - but it's vital. The problem 'less mature' security organisations have is that because they can't (or won't) take the time to first assess their own landscape, they end up trying to wrap their arms around the entire organisation and defend everything to an equal amount. That is to

say, defend everything poorly.There is no such thing as 'secure', and when we try

and 'secure' (defend) everything equally we end up stretching our resources too thin, and fail entirely. The concept of proportional defense shouldn't be new, in fact the earliest good reference I can find dates back to 1974 in a publication called "A proportional defense model" [ Shumate, K. C. and Howard, G. T. (1974), A proportional defense model. Naval Research Logistics, 21:... ]. While it's not 'new' per-se, I feel it is one that warrants discussion broadly, since there aren't enough organisations (again, from personal experience) who are getting this right.

— The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.

T E C H F O R G O V E R N A N C E | s E C u R i T y

210mTHE TOTAl sAlE

OF smARTpHONEs GlObAlly iN q1 OF

2013

Credit Card Breach NotificationsSafeguarding of data seems to be the last thing on companys’ minds, and it needs to change By Marc Quibell

i've been reading some interesting articles recently concerning the cyber theft of peoples' credit and debit card data to then be sold and/or for everyday use on the 'net. As usual, by the time the victims figure out what happened, the damage is already done - as in a long time ago. Some time in the future, the

response from the company responsible for their own incompetence with the handling of your financial information will be nothing short of "C.Y.A. reactive damage control" designed merely to miti-gate any negative image impacts.

The safeguarding of customer's data seems to be the last thing on these company's minds, and that needs to change.

Case in point is Kreb's recent article about Starbucks, a company they bought (Teavana), and an "ongoing investigation they can't comment about".

Meanwhile, while they continue to give everyone the silent treat-ment, while they continue to try to "substantiate" something that happened well-over four months ago, crooks are past the prime timeframe of having taken advantage of the stolen information. They've had plenty of time to shred any financial security you may have had as well.

They took the money and ran a long time ago. So now, customers are having to deal with malicious use of their

cards, trying to track down the five W's and trying to deal with their financial institutions with things like overdrafts, credit ruin...etc.

The (not) funniest thin g about this whole mess Starbucks continues to irresponsibly perpetuate is that Starbucks will be the last entity to get the word out....after they can finally "substantiate" they were the cause of a very costly breach that their customers have already endured.

47May 2013

s E C u R i T y | T E C H F O R G O V E R N A N C E

Let's not just pick on Starbucks however, and their bumbling with your financial information. How about theSchnucks data breach? Apparently it took them over three months to figure out how credit/debit card data was being stolen. And the worst part about it is they knew card data was being stolen, but they just kept on doing business, allow-ing even more data to fall into the wrong hands.

What's wrong with giving customers real-time infor-mation about the security of their transactions?

Why didn't Schnucks avoid the electronic transactions that contin-ued to put customer financial security and identities at risk?

What Schnucks did was to continue to allow you, the customer, to be robbed, time and time again, months after they were notified of the fraudulent activity. There should be a crime against that.

Hey Starbucks or Schnucks or whoever, why not send out notices when you FIRST had an inkling you may be involved in a security breach? How about something like this:

"Dear Customer,It has come to our

attention that we may have become a victim of a security breach. While our investigation contin-ues, and as a precaution, we would like to warn you against using credit/debit cards at these certain stores and we would also ask that you monitor your credit and banking activity

for any rogue transactions. Signed, Your Caring and Responsible Company"

— The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island. il

lus

tr

at

ion

BY

ph

ot

os

.co

m

48 May 2013

VIEWPOINT

NothiNg is ever truly new in IT, and Big Data is no exception.

Big Data in 2013 is SAP(ERP twenty years ago. Or Siebel (CRM) 12 years ago. It’s rolling out the exact same way.1 Users use all sorts of disparate, loosely connected applications to piece meal a solution together. In the pre-SAP days, it was a warehous-ing system, an inventory system, a manufacturing/flow system, an ordering system, an accounting sys-tem, etc. etc. 2 Someone develops an integrated, single stack application that can throw out all the custom home grown, disparate junk systems and provide a single unified, connected pane of glass. In the SAP case, we called it ERP.3 Advanced IT shops, typically in very large, well-funded companies with strategic vision, jump on the opportunity. They become the early adopters because they know that a successful implementation will pro-vide a distinct competitive advantage to their organisations. These are few and far between.

spent 20 million bucks over five years to get this implemented, you need to change the way you do busi-ness to fit our software.” That’s why these implementations died a pain-ful death. Only after SAP was able to help customers (via partners) to understand that this wasn’t a pana-cea platform that does all the work for you—but a panacea platform to capture and create efficiencies ONCE you re-architected your busi-ness outcomes/processes did it gain huge momentum again. And, it never looked back. In Big Data, I see the same thing evolving. First it’s all about the exciting “Gizmo’s”—the industry gets fired up and buys Netezza, Greenplumb, Vertica, etc. because they do SOME function wicked fast—but mostly without context of the bigger issues (like “what the hell is big data?”). Then we move on to create a class of super geniuses—in this case “Data Scientists” who can manipu-late data so that we can find needles in our proverbial haystacks. You can’t find them right now—they are super rare geeks.

4 The buzz created by the next great thing gets the mainstream market going. These are the everyday folk who’s bosses boss hears about what’s happening out there in the world and asks their IT depart-ment to get on the train—no matter what that train is, or how capable their organisation is at getting on. (Cloud, anyone?)5 Companies drink the kool-aid and start spending like drunken sailors. SAP becomes HUGE. Implementa-tions go from dozens to thousands in short order. Each implementation has a massive up front cost (which SAP loves, as well as the ecosystem providers like EMC or HP in this case), and requires an army of ser-vices to make stuff remotely work. It takes years to customise the system. 6 Eighty percent or more of all those really expensive implementations fail spectacularly—because the issue was never really about the technol-ogy (10 percent), it is always about the business processes—or lack thereof.

In the case of SAP’s rise to glory, the issue was “now that you have

The Big Data Market

We’ve Seen This Movie Before

STEVE DuPlESSIE | steve.duplessie@esg-global.com

About the Author: Steve Duplessie

is the founder of

and Senior Analyst

at the Enterprise

Strategy Group.

Recognised

worldwide as

the leading

independent

authority on

enterprise storage,

Steve has also

consistently been

ranked as one of

the most influential

IT analysts. You

can track Steve’s

blog at http://www.

thebiggertruth.com

illu

st

ra

tio

n b

y r

aj

ve

rm

a