cio & leader.com Best of Breed Next Horizons Viewpoint Unlocking Your Firm’s Innovation Potential Pg 10 How to Lead Like Red Burns Pg 38 Desktops-as-aService Pg 52 14 T r a c k t e c h n o lo g y B u i ld b usi n ess Shape self What CIOs Can Learn From US Govt. Shutdown | CIA Director Warns of ‘Cyber-Pearl Harbour’ Volume 02 | Issue 14 "I have always leveraged IT for business transformation" Mukund Prasad Director-Group HR, Business Transformation & Group CIO, Welspun Group of companies A 9.9 Media Publication Volume 02 Issue 14 October 21 2013 150 editorial yashvendra singh | [email protected] Transforming Business To transform business, a thorough study of the three key business drivers — people, process and technology — is needed I n the year 1962, American Airlines introduced its computer reservation system called SABRE. In a decades’ time, the solution transformed into much more than just an inventorycontrol system. The technology provided American Airlines the base for tracking spare parts, generating flight plans and developing a host of decision support systems for the top management. Not only did this prove to be a strong differentiator for American Airlines, the system has since become a standard for airlines looking to meet similar needs. Today, no company would want to lag behind in technology deployment. The growing competition in the market is putting immense pressure on enterprises to adopt new and evolving technologies without any delay. They are forced to keep pace with the changing trends lest they lose out to competition. This change is also reflected in the demands made by the top management on the CIO. In the past, all that the enterprises wanted from the IT department were reliable IT operations and a steady and secure infrastructure. Today, this qualifies for the mini- editors pick “I have leveraged IT for business transformation” 16 In a career spanning over three decades, Mukund Prasad has successfully led many business transformations mum. The top management in a corporate looks at the CIO and his team to come up with innovative ways and means of leveraging technology that will enable the company to grow and differentiate from competition. Taking a cue from this, enterprise technology decision-makers are coming up with creative architectures, enabling access to flexible environments for application development, and are making available business data in real time -- all this to provide the much-needed competitive advantage to businesses. But is this all that is required for transforming business? Unfortunately, no. To ensure the success of any transformation, a CIO would have to have a thorough study of all the three key business drivers – people, process and technology. While a CIO has a firm grip on technology, there could be chinks in his armour when it comes to understanding the business. Mean- while, business transformation is possible only if one has a clear understanding of each business process within the corporate. In this issue’s cover story, we have profiled one such enterprise technology leader who has been there done that. In a career spanning more than three decades, Mukund Prasad, Director Group HR, Business Transformation and Group CIO, Welspun Group has worked in several top enterprises in varied sectors. In each of these companies, Mukund has left an indelible impression in the form of business transformation by leveraging technology. We hope you are inspired by his leadership journey, and will look forward to your feedback. October 21 2013 1 October 2013 16 Cover Story 16 | “I have always leveraged IT for business tranformation” In his career October 21 2013 BEST OF BREED NEXT HORIZONS VIEWPOINT Unlocking Your Firm’s Innovation Potential Pg 10 How to Lead Like Red Burns Pg 38 Desktops-as-aService Pg 52 Volume 02 Issue 14 October 21 2013 150 14 T R A C K T E C H N O LO G Y Volume 02 | Issue 14 2 Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 S P I N E WHAT CIOS CAN LEARN FROM US GOVT. SHUTDOWN | CIA DIRECTOR WARNS OF ‘CYBER-PEARL HARBOUR’ Please Recycle This Magazine And Remove Inserts Before Recycling 01 | Editorial 06 | Enterprise Roundup 52 | viewpoint CIO & LEADER.COM spanning over three decades, Mukund Prasad, Director-Group HR, Business Transformation & Group CIO, Welspun Group, has successfully led many business transformations RegulArs B U I LD B USI N ESS SHAPE SELF "I have always leveraged IT for business transformation" MUKUND PRASAD DIRECTOR-GROUP HR, BUSINESS TRANSFORMATION & GROUP CIO, WELSPUN GROUP OF COMPANIES A 9.9 Media Publication Cover design by: Anil T Special leadership section Page 26A to 37 27 | Top Down Team management Atul Nigam, Head-IT, Samsung Data Systems India, says a CIO should always motivate team members to bring the best out of them 35 | opinion Major events of the first Singapore Everest Expedition in 1998 The year 1996 was a more hopeful year, with the team succeeding on a number of alpine summits xx 30 | Leading edge Doing Well By Doing Good: A Leader’s Guide 28 my story 28| Innovation should be a regular affair Rajesh Ramachandran, President and CTO, Rolta India Limited, shares his leadership journey with Debashis Sarkar of CIO&Leader Addressing community problems increasingly requires cooperation among the private, public, and notfor-profit sectors 37 | SHELF LIFE The Elephant Catchers Key lessons for breakthrough growth October 21 2013 3 www.cioandleader.com 44 NO HOLDS BARRED 44 | “CFO can be a CIO’s greatest ally” Jaspreet Singh, Associate Director, Ernst & Young LLP, talks about various facets of IT transformation 46| tech for governance: how the nsa deploys malware Once an attacker has infected a victim, he has full access to the user’s machine 10 | Best of breed: Unlocking your firm’s innovation potential After an unrelenting focus on cutting costs, organisations must now innovate 4 38 | Next Horizons: how to lead like red burns Here are five leadership lessons from the career of the late Red Burns, cofounder and leader of NYU master’s program October 21 2013 advertisers’ index ESDSIFC VodafoneIBC HPBC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions. Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Correspondent: Debashis Sarkar DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Director: Anil T Sr. Visualisers: Manav Sachdev, Shokeen Saifi & Sristi Maurya Visualiser: NV Baiju Sr. Designers: Shigil Narayanan, Haridas Balan & Manoj Kumar VP Designers: Charu Dwivedi, Peterson PJ Pradeep G Nair, Dinesh Devgan & Vikas Sharma Consulting Sr. Art Director: Binesh Sreedharan MARCOM Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay NEXT100 ADVISORY PANEL Manish Pal, Deputy Vice President, Information Security Group (ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan Berjes Eric Shroff, Senior Manager – IT, Tata Services Sharat M Airani, Chief – IT (Systems & Security), Forbes Marshall Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group Sales & marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) BRAND & EVENTS Brand Manager: Jigyasa Kishore (+91 98107 70298) Product Manager-CSO Forum: Astha Nagrath (+91 99020 93002) Manager: Sharath Kumar (+91 84529 49090) Assistant Manager: Rajat Ahluwalia (+91 98998 90049) Assistant Brand Managers: Nupur Chauhan (+91 98713 12202) Vinay Vashistha (+91 99102 34345) Assistant Manager – Corporate Initiatives (Events): Deepika Sharma Associate – Corporate Initiatives (Events): Naveen Kumar Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 For any customer queries and assistance please contact [email protected] Enterprise Predictions For IT Cos For 2014 Pg 8 image by photos.com Round-up story Inside Healthcare Providers In India To Spend $1 Bn in 2013 An increase of seven percent over 2012 care providers in India will spend $1 billion US Dollars on IT products and services in 2013, an increase of seven percent over 2012, according to Gartner. This forecast includes spending by health care providers (includes hospitals and hospital systems, as well as ambulatory service and physicians' practices) on internal IT, hardware, software, external IT services and telecommunications. “IT services, which includes consulting, implementation, IT outsourcing and business process outsourcing, will be the largest overall spending category through 2017 the forecast period within the health care providers sector,” said Anurag Gupta, research Health 6 October 21 2013 director at Gartner. “IT services is expected to grow 6.9 percent in 2013 to reach $276 million USD in 2013, up from $258 million in 2012 – with the consulting segment growing by 12.4 percent.” Internal services will achieve the highest growth rate amongst the spending categories — forecast to be 14.5 percent in 2013. Internal services refer to salaries and benefits paid to the information services staff of an organisation. The information services staff includes all company employees that plan, develop, implement and maintain information systems. Software will achieve a growth rate of 11 percent in 2013 to reach $98 million in 2013. Data Briefing 49% Will be the growth of 3D printers in 2013 Enterprise Round-up They Ratan Tata Said it illustration BY peterson pj In December 2012, about three weeks before he would retire as the head of Tata Group, Tata made a startling admission — he said the salt-to-software conglomerate was unlikely to ever enter the airline business. The reason that drove Tata to his decision was “destructive competition” VMware Unveils Enhanced Cloud Solutions The cloud solutions will simplify and automate management of IT services “Overseas, people go bankrupt or companies go bankrupt. Here they never do, they continue to be sick and still operate. Then they are operating to kill you.” —Ratan Tata, Former Head, Tata Group VMware has announced new capabilities and enhancements across its portfolio of cloud management solutions to simplify and automate management of IT services for multiple clouds and platforms. New product releases include VMware vCloud Automation Center 6.0, VMware vCenter Operations Management Suite 5.8, VMware IT Business Management Suite, and VMware vCenter Log Insight 1.5. In addition, VMware will update the automation and management capabilities of VMware vCloud Suite 5.5. For IT to keep pace with business demands, stay relevant and deliver IT services with agility, it must transition from being builders to brokers of IT services," said Ramin Sayar, senior vice president and general manager, Cloud Management, VMware. "VMware cloud management solutions enable IT to deliver this agility while standardizing and ensuring governance and control -- whether the goal is to better manage a highly virtualized environment, build a vSphere-based private cloud, extend to the hybrid cloud or broker services across many providers. Quick Byte on Green IT Spending on green IT and sustainability initiatives in India is expected to increase 17.6 percent to reach $29.2 billion in 2013, from $24.8 billion that was spent in 2012 —Gartner October 21 2013 7 image BY photos.com Enterprise Round-up Predictions For IT Cos For 2014 Many industries will face intense challenges in 2014 and beyond Gartner has revealed its top industry predictions for IT organisations and users for 2014 and beyond. Most industries are facing accelerating pressure for fundamental transformation, including embracing digitalization in order to survive and stay competitive. Gartner's annual Predicts research on industry trends titled "Top Industries Predicts 2014: The Pressure for Fundamental Transformation Continues to Accelerate" features 12 strategic planning assumptions that CIOs, senior business executives and IT leaders should factor into their enterprise planning and strategy-setting initiatives. "Transformation remains a critically important phenomenon across all industries. Many industries will face intense challenges in 2014 and beyond, and will have no choice but to radically change their established business models," said Kimberly Harris-Ferrante, vice president Global Tracker on Cloud Fifty percent of enterprises worldwide will be using hybrid cloud by 2017 8 October 21 2013 50% 50% and distinguished analyst at Gartner. “Last year saw many industry decision-makers focusing on adopting new technologies to improve business operations by addressing developments such as the Nexus of Forces, the convergence of social, mobile, cloud and information. Today, by contrast, leaders are significantly shifting their business models and processes.” Harris-Ferrante said that this trend is driven in part by the challenges of consumer empowerment and market commoditization, which in many ways are greater than in the past, and are particularly difficult for traditional enterprises to address. The need to digitalise the business and be customercentric is also crucial, and requires new approaches to information delivery, communication and transactions. Business leaders and CIOs must carefully assess their industry-specific strategic requirements, including the demands of consumers and business partners, to map out transformation plans based on new technology availability, consumer demographic/behavioral changes and market conditions. CIOs and other IT and business leaders should use Gartner's predictions and recommendations to better understand the forces that are changing their world and develop strategies to address the requirements of this fast-changing business environment. Top industry predictions include: By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud. By year-end 2017, at least seven of the world's top 10 multichannel retailers will use 3D printing technologies to generate custom stock orders. By 2017, more than 60 percent of government organisations with a CIO and a chief digital officer will eliminate one of these roles. By 2017, 40 percent of utilities with smart metering solutions will use cloudbased big data analytics to address asset-, commodity-, customer- or revenue-related needs. By year-end 2015, inadequate ROI will drive insurers to abandon 40 percent of their current customer-facing mobile apps. Full-genome sequencing will stimulate a new market for medical data banks, with market penetration exceeding three percent by 2016. Enterprise Round-up illustration BY Peterson PJ 34% Use No Protection at Wi-Fi Hot Spots Hooking up to the network can carry hidden risks It's almost second nature now, whiling away a few moments online using a Wi-Fi hot spot. But hooking up to the network can carry hidden risks. Despite this, more than a third of users take no addition precautions when logging on to public Wi-Fi, according to the Kaspersky Consumer Security Risks survey conducted by B2B International and Kaspersky Lab in summer 2013. Nowadays it’s easy to get online — in addition to cellular networks and broadband cable communication networks, there is often have at least one hotspot which can connect computers and mobile devices to the Internet. However, many of these hotspots skimp on protection for users — and many users are unaware or unconcerned about the potential problems this can cause. In our survey, 34 percent of users said they took no special measures to protect online activity using a hotspot, while 14 percent were happy to bank or shop online using any network that came to hand. Just 13 percent take the time to check the encryption standard of any given access point. Does extra caution make sense when using public Wi-Fi, or is it all a worry too far? It’s You, a Website and a Man in the Middle The answer is YES. You never know what “that guy with the laptop at the next table” might be doing. Maybe, like you, he’s checking his email or chatting with friends. But maybe he’s monitoring the Internet traffic of everyone around him – including yours. A Man-in-the-Middle attack makes this possible. Any Wi-Fi access point is a window to the Internet for all the devices attached to it. Every request from a device goes via an access point, and only then reaches the sites that users want to visit. Without any encryption of communications between users and the access point it’s a simple task for a cybercriminal to intercept all the data a user enters. That might include data sent to a bank, or an online store. Moreover, attacks like this are possible even if the hotspot is password protected and a secure https-connection between the required site and the user's browser is established. What data are cybercriminals interested in? Anything they can use to make a profit – especially account logins and passwords for e-mail, e-banking, e-payment and social networks. Fact ticker India Has Biggest Appetite for Mobile Commerce It scores high in using mobile for banking transactions Consumers in India are leading the demand for mobile commerce services, with 97 percent of consumers asking for more mobile interactions with banks, telcos, retailers, utilities and other businesses. SAP AG has announced the study findings for India which indicates an impressive traction of mobile commerce in the country with 80per cent of the population making parallel usage of the mobile phones other than just calls and text messages. The surging popularity of mobile commerce in the country also highlights the increase in the internet penetration with 63 percent of consumers accessing the internet on their mobile atleast once a day. 65 percent of the users feel mobile is a convenient mode of transaction leading to a greater consumer adoption in this segment. The study found that India scores high in using mobile for banking transactions when compared to other countries in the world. “The dynamic nature of business as well as the freedom to operate from different parts of the world and at odd times has created a need for mobile commerce becoming mainstreamed,” said Neeraj Athalye, Head - Sales , SAP Platform & Technology Business at SAP. Scanners C anon has announced the launch of it’s first ultralight portable scanner imageFORUMLA P-201 scanner along with the introduction of CaptureOnTouch, a mobile application for easy scanning on the go. The scanner and application together will help consumers to effectively scan the documents in variety of file formats like PDF, JPEG and so forth. Users can further share the scans through e-mail or archive in other applications on a click. Canon is mainly targeting sales representatives of insurance companies who digitize customer documents on-site. Besides this demand for mobile scanning is expected to rise for frequent travelers, SOHO’s, MSME/SMEs & doctors etc. Scanning anytime, anywhere of important documents with P-201 is just a plug away. “There are 2 million selling agents for BFSI vertical. India will modernize the last mile sales transactions. The portable scanner will help in making this more efficient,” said Dr. Alok Bharadwaj, Executive Vice President, Canon India. P-201 is capable of scanning variety of document sizes and paper densities like plain paper, postcard and business card. The scanner scans at a speed of 7.5 seconds per page with a 200 x 200 dpi result. It has contact image sensor and supports simplex scanning side. October 21 2013 9 Best of Breed Features Inside What CIOs Can Learn From US Government Shutdown Pg 12 Unlocking Your Firm’s Innovation Potential After an unrelenting focus on cutting costs, organisations must now innovate T By Frank Wander here is a dearth of top-line growth as the economy continues to bear down on traditional corporate America. Years of cost cutting produced short-term financial gains in order to satisfy Wall Street—often at the expense of the talent infrastructure. Today, the single largest loss in America is our waste of human capital. Consequently, companies now yearn for innovation. Short-sighted “staff redesign” initiatives led to the elimination of highly experienced workers with deep institutional knowledge, leaving behind a disengaged workforce 10 October 21 2013 illustration BY photos.com What Executive Coaching Can Teach CIOs Pg 14 m a n a g e m e n t | B EST OF B REED with limited experience. As Steve Jobs understood, deep experience underpins creativity: “Creativity is just connecting things. When you ask creative people how they did something, they feel a little guilty because they didn’t really do it, they just saw something. It seemed obvious to them after a while. That’s because they were able to connect experiences they’ve had and synthesise new things. And the reason they were able to do that was that they’ve had more experiences or they have thought more about their experiences than other people.” So, what now? Each corporation must take its demoralised, disengaged and inexperienced workforce and unlock both incremental and breakthrough innovation; it must awaken the full potential of both individuals and teams. Nothing is more productive than a small, tightly knit group of high-aptitude professionals with deep institutional knowledge, operating in a culture conducive to creativity. Yes, nothing! Traditional corporations have lost their innovation potential because they now lack the necessary ingredients. Fortunately, the damage can be reversed. Your organisation does not have to find innovation to be elusive. Creative outcomes are not the result of chance, but of a thoughtfully designed talent infrastructure that delivers the desired results. If you embrace the caring practices outlined in this article, and are sensitive to the roles that talent and culture play, you can position yourself to outcompete. Making innovation an organisational imperative is important, but it is just step one. You must approach this opportunity in a thoughtful, holistic manner to continuously make progress. Innovation is a product of mind and emotion. It requires deeply experienced, engaged and socially cohesive teams. Workers can be in an innovative state of mind, or they can be mentally disengaged, producing survival level output. It’s up to you and your organisation. To achieve the former, talent must be valued and embraced by management, nurtured so they have the required institutional knowledge, and immersed in an environment where prosocial behaviour is both an expectation and the norm. By removing the socially corrosive forces that impair a firm’s cognitive infrastructure, creativity can be unlocked, making large, Unfortunately, the leadership practices employed by traditional corporations are toxic to the cognitive and emotional drivers of creative thought untapped pools of innovation potential available. Unfortunately, the leadership practices employed by traditional corporations are toxic to the cognitive and emotional drivers of creative thought. By treating knowledge workers as interchangeable parts, management reveals it is ignorant of the cognitive and emotional underpinnings of innovation. They destroy that which they most crave. Culture is, in fact, a crucible in which the social chemistry of your organisation crystallises into a positive and supportive environment or, in the case of many large organisations, one that is negative and poorly suited to creativity. It is the social environment that drives mood, sentiment, desire and, if designed right, unlocks innovation. In addition, innovation comes in different flavors. Everyone immediately thinks “breakthrough,” but incremental innovation is equally necessary. The breakthroughs create new streams of revenue, and sustain you over the long term, while incremental innovation supports you by improving the attractiveness and market share of existing products and services. Both are needed to remain healthy. Focusing on the breakthroughs by anointing a special group sends a clear message to everyone else: “Innovation is not your job.” Why leave pools of talent untapped? An inclusive design is better. Therefore, innovation is an outcome— a byproduct of the culture you build and the talent you nurture. Here is a list of 15 design fundamentals that will help you unlock your organisation’s collective creativity and innovation: Humans are creative by nature. Just watch a group of children and this becomes immediately obvious. Creativity is an abundant tool, even if it lies dormant in your organisation. As Abraham Maslow said, “But why in God's name isn't everyone creative? Where was the human potential lost? How was it crippled? … We have got to abandon that sense of amazement in the face of creativity, as if it were a miracle that anybody created anything.” That said, extraordinary creativity is a gift, so hiring some talent with a creative and innovative track record should be one of your goals. They can work on breakthrough innovation and strategy, or be seeded in teams that need a boost. Make innovation everyone’s job. If you have a breakthrough innovation and strategy team, don’t treat them special. It’s just one of many roles the company has to fill to be successful. Everyone must be embraced to be engaged. As Steve Jobs said, “Innovation comes from people meeting up in the hallways or calling each other at 10:30 at night with a new idea, or because they realized something that shoots holes in how we’ve been thinking about a problem. It’s ad hoc meetings of six people called by someone who thinks he has figured out the coolest new thing ever and who wants to know what other people think of his idea.” A creative mind is just too valuable to waste. Mood and social climate are foundational. That’s because an innovative state of mind is a byproduct of your environment. Research has shown that an upbeat, positive environment helps the creative juices flow. It has also been proven that humor and fun are great aids to creativity, and thus innovation, so encourage people to have fun. As Albert Einstein said, “In my experience, the best creative work is never done when one is October 21 2013 11 B EST OF B REED | m a n a g e m e n t unhappy.” You will get more creativity and a lot more productivity, too. Everyone knows we have an employee disengagement crisis. Care about your workers and make sure they know you have their back. How could anyone be creative when they are focused on survival? Create an organisational design that tears down the walls that separate people. Mix business and IT talent together. Melding teams with different points of view and thinking styles, a la Myers-Briggs, will unleash creative abrasion, a well documented method of stimulating group creativity. Offshoring is a tool, and like all tools it must be used correctly. This model is the exact opposite of what is required for innovation. Large teams of cheap, inexperienced resources telegraph a clear message: people don’t count. Please read my last CIO Insight article, “Offshoring: Pathway to a Competitive Disadvantage,” to understand how vital your decisions are in this area. Stress and fear cause individuals to engage in protective behaviours in order to survive. This destroys innovation and creativity because higher-order cognitive reward them and openly praise processes are cut off when the their success. limbic system, our threat senBuild an open environment, sor, is stimulated. where ideas are valued, not Provide an environment that dismissed. As Einstein said, offers think time. Albert Ein“The important thing is to not stein took long walks so that will be the it stop questioning.” If you don’t he had time alone to think and spending in india by have a culture where people are refine his theories. When you the year 2014 comfortable to speak up, the read about how breakthroughs important questions will never happened, examples of think be asked. Social milieu drives time appear consistently. It is creativity. Great explosions of a design decision you need to creativity throughout history have come make. Humans have abundant enthusiasm in clusters, so people clearly feed on the and creative energy when they are doing knowledge and passion of others. The more what they love. Let people have a say in their creative your teams, the greater the likelinext assignment. Don’t let managers hang hood it will be expressed. Build a blame-free on to talent like they are prisoners. culture. Innovation is often about trying and Nurture deep and intimate institutional failing. If failure becomes blame, then you experience amongst your staff. This drives have an innovation short-circuit. breakthroughs because it provides a large number of threads of knowledge which can — Frank Wander, a former CIO, is founder be woven together to unlock innovation. and CEO of the IT Excellence Institute, and Conversely, superficial institutional experiauthor of Transforming IT Culture ence is like a threadbare fabric that is most — The article was first published in likely to fail. If you are a leader, be a great CIO Insight. For more stories please visit www. audience. Encourage people to be creative, cioinsight.com. $71bn What CIOs Can Learn From US Govt Shutdown There are plenty of business continuity and disaster recoveryrelated lessons to be learned from the shutdown By Eric Thomas E mployees that expect federal paychecks, veterans that need benefits, impoverished families that rely on government programs, and federal CIOs that are mandated to meet the IT demands of a diverse stakeholder community are all adversely affected by the US government shutdown. Of course, federal CIOs do not engender the most sympathy from the public or garner the most press coverage when it comes to the government shuttering many services. In fact, they might not receive any public sympathy and I have yet to see any mention of the plight of federal CIOs on CNN. But that is all the more reason they, and their staff, must be aptly prepared. The following is a list of 12 October 21 2013 seven things each federal CIO should understand about the government shutdown. Of course, many of these items are applicable to any CIO or IT leader who has to deal with business continuity, disaster recovery and other unexpected crisis situations Know your most critical investments and services. When funding is cut back, do you know which investments are the most important? Do you have a prioritized list of critical services that can’t be interrupted? Hopefully, you have adopted a portfolio management process that will allow you to quickly create a list of must-have services. Understand the nitty-gritty of your contracts. Will your contrac- m a n a g e m e n t | B EST OF B REED tors be allowed to work off-site? If so, does the contractor charge a price premium for that flexibility? During a suspended contract, do you need to worry that key human resources will be reassigned and institutional knowledge will be lost by the time the contract is restarted? Also, how are your service-level agreements affected by the suspension of selected IT services? Identify your key resources. H. Giovanni Leusch-Carnaroli, former associate chief information officer at the US Department of Transportation and current director at Grant Thornton, has mentioned that you must be careful about deciding which personnel are essential and non-essential. For instance, your privacy officer may be deemed non-essential. That’s a good decision — until there is a privacy breach and thousands of e-mail accounts are compromised. And don’t forget about your help-desk personnel. Are they prepared for helping with a suddenly large number of remote users? Remember, shutdown preparation is costly. Figuring out what happens to your contracts, which personnel are important, which programs are essential and non-essential, all take time away from the normal course of your operations. There is a significant opportunity cost to getting adequately prepared, especially if you haven’t planned for and experienced a government shutdown in the past. Know how your projects will be managed. You just invested in a crucial cyber-security system that is not funded through congressional appropriations. Therefore, the work can continue as it is not directly affected by the government shutdown. However, the illustration BY photos.com Government shutdowns have many effects that are far reaching for federal CIOs independent oversight and project management for the cybersecurity system is supported by a contractor that was just deemed non-essential. Who will be tracking cost and schedule variances? Who will ensure that project milestones are being met? Communicate early and often. During periods of high stress and general confusion, it is always best to communicate early and often. You don’t want speculation to proliferate in the absence of facts. Disseminate your contingency plans and hold conference calls and virtual meetings with your staff to answer questions and address the concerns of staff members. Learn from your trials and tribulations. Use the experience to pinpoint the weaknesses in existing business processes and update your practices accordingly. For example, did your staff feel properly informed? Did you make the right investment priority decisions? Did you forget to include public perception or the impact to other agencies when determining your priorities? And for those project s that were considered essential or non-essential, could you outsource any of those functions? Government shutdowns have many effects that are far reaching for federal CIOs. These tips should help you avert some of the most damaging impacts. — Eric Thomas is the founder and the managing partner at Vergys LLC, which provides strategic management consulting services to federal, public and private sector organisations. — The article was first published in CIO Insight. For more stories please visit www.cioinsight.com. October 21 2013 13 B EST OF B REED | m a n a g e m e n t What Executive Coaching Can Teach CIOs CIOs need to care less about who they report to and more on results, and focus on relationship management By Larry Bonfante 14 October 21 2013 illustration BY photos.com A s many of you know, in addition to being a practicing CIO, over the past four years I have also served as an executive coach to dozens of very talented CIOs. I’ve been asked to share some of what I’ve learned from having the opportunity to coach these successful IT leaders. This month I will focus on common themes that I deal with in my coaching practice. Next month I will write about what I’ve learned from this experience that has made me a better CIO. As you can imagine, in working with dozens of CIOs in various industries, in all geographies, and in all sizes of companies, I have worked to support my clients’ leadership development in many areas and have helped them tackle numerous challenges. However, there are some recurring themes that are both worthy of mention and are common across clients and industries. Here are four of them. The importance of actively marketing the value of IT. Many CIOs view marketing as an unsavory exercise that they are both uncomfortable with and unskilled to perform. At best, they view their own marketing efforts as something they will do after they do their “day job.” I’m here to tell you that articulating the value of IT and how you are leveraging your company’s investments in the human and financial resources required to drive IT operations and projects is your “day job.” If people don’t understand the value of A lack of direct reporting structure is not an excuse for failing to drive transformational value what you do and how it impacts the bottom line in business terms that resonate with them, your likelihood of getting the support you need to be successful is pretty slim. Who you report to is less important than the results you deliver. In my opinion, the trade press has done CIOs a great disservice by leading many of us to believe that for a CIO to be impactful, he or she needs to report to the CEO. It’s not true. Who you report to (for 10 of my 12 years as a CIO, I have reported to the CFO), is less important than the results you deliver, the relationships you create, and the influence you develop as a business executive and a problem solver. A lack of direct reporting structure is not an excuse for failing to drive transformational value. Many CIOs have a chip on their shoulders. Yes, we feel that we are held to a higher level of scrutiny than other functional executives, that people don’t value or appreciate what we do, and that they don’t care to take the time to understand the impact of our efforts. — The article was first published in CIO Insight. For more stories please visit www.cioinsight.com. “I have always leveraged IT for business transformation” In his career spanning over three decades, Mukund Prasad has successfully led business transformation through technology in one company after another across industry verticals. By Yashvendra Singh Design by Vikas Sharma | Portrait Painting by Anil T 16 October 21 2013 mukund prasad | COVER STORY Mukund Prasad Director-Group HR, Business Transformation & Group CIO at Welspun Group An Exceptional Thought Leader in IT Industry “I “Mukund has the ability to analyse multi-dimensional organisational issues, evolve enterprise wide processes and systems and IT-enable any enterprise for performance and profit ” —Vijay Dogra Sr. Vice President - Enterprise Business, HCL Infosystems. 18 October 21 2013 n my career span till date, I have made decisions by taking care of the best interests of business, people and the organisation,” says Mukund Prasad, Director-Group HR, Business Transformation & Group CIO at Welspun Group. To a lot of people, this may sound clichéd. For Mukund, however, these are not just run-of-the-mill words. He has imbibed them into his professional life, strictly adhering to them throughout his career. This has enabled Mukund to successfully lead business transformation through technology in one company after another across different industry verticals such as core manufacturing, steel, pharma, textile, and retail. He has also had a brief stint in IT consultancy. “Things which have helped me in transforming business are the ability to connect with people to inspire, excite and exhibit situational leadership. Also, learning to derive satisfaction and happiness in other people’s performance helps in creating more leaders. I have found that any leader has to have his own style and the best way is to be your own self as far as possible in all situations,” he believes. An engineering graduate, with an MBA degree, Mukund has over 30 years of rich experience in providing leadership in cross-functional areas, including grouplevel HR of a conglomerate, corporate strategy, and defining the business architecture framework and technology strategy for the same. Mukund’s career path has seen him work in some of the best organisations in the country including Tata Steel, PwC, HCL, Ispat (now JSW Steel), Ranbaxy and now Welspun Group. Life as a CIO Mukund joined HCL Infosystems in 1998 and in 2001 took over the role of a CIO. During his stint at HCL, he made major contributions to enhancing organisational efficiency. Some of the initiatives that he took included the complete redesign of the data centre for SAP R/3 ECC 6.0 and mySAP.com –business suite components, implementing an RFID solution for inbound and outbound logistics and mukund prasad | COVER STORY Photo by shekhar Imaging by vikas sharma Mukund Prasad, Director Group HR, Business Transformation and Group CIO, Welspun Group has been dubbed as the “big picture leader.” It would bode well for enterprises if there were more people like him who can blend cultures to create a unified global business world developing a knowledge management portal for the company for creating the repository and enhancing its utilisation. “Mukund is an exceptional thought leader in Indian IT industry -- a rare combination of strategic vision, business wisdom and execution excellence. His deep understanding of not just enterprise IT but also of human resources, all-round business imperatives and management trends makes him an outstanding business leader. He has the ability to analyse multidimensional organizational issues, evolve enterprise wide processes and systems and IT-enable any large enterprise for performance and profit,” Vijay Dogra, Sr. Vice President - Enterprise Business, HCL Infosystems. On Mukund’s biggest strength, Dogra says, “I think Mukund’s deep relationship with his team inspires the team to give that extra discretionary effort that every leader strives for. I have found Mukund very caring about his team even years after moving to different organisations. He is a good task master with clear end-goal in mind. His strength lies in putting together and retaining high performance teams.” “Mukund also analytically cuts through distracting stuff to focus on what matters most at the moment and creating clear direction in an ambiguous environment. Among other things, what sets him apart is his enthusiasm in committing the organization to a shared sense of ethics and values. On a leadership scale of one to five, I would give him a big five,” he adds. COVER STORY | mukund prasad View from the top Betska K-Burr An International Executive Business and Life Coach. K-Burr has clocked over 5,500 Client coaching hours and has been coaching since 1995. M The High Point: Futuristic, transformational responsibilities with other roles in business at a conglomerate level; Bringing standardisation, consolidation, process improvements and process automation with strategic planning and operational effectiveness at a group level globally. 20 ukund knows that every leader’s job is to create more leaders. He is a cheerleader for leadership excellence as he focuses his entire thought processes on how to encourage leaders to reach higher in their competencies – to never be complacent. He is a serious student of PCMK Coaching methodologies from Coaching and Leadership International Inc. Within six months he achieved his Certified Power Coach designation which is a feat difficult to obtain in such a short time frame. He flew to Canada to study the next level up and is currently studying how to be a Certified Group Power Coach. As the Top CIO for India, it would appear to be clear that Mukund’s way forward is to help other leaders achieve what he has achieved through engaging in training to learn exemplary coaching skills and on-the-ground leadership tools which work. Mukund has demonstrated that he is a strategic and global thinker. He is a big picture Leader. We need more people like him who can blend cultures to create a unified global business world. He feels comfortable working with people from any country and from any level of existence. October 21 2013 Mukund moved from HCL Infosystems to join Ispat (Erstwhile Ispat Industries Limited) in 2004. Here too, Mukund spear-headed the IT policy planning and implementation for improving the business productivity. He implemented SAP R/3 ECC 6.0 and the new dimension products of mySAP.com -- CRM, SRM, SCM, BIW, HCM, BIW and the Enterprise portal at Ispat. However, the migration to SAP did not end smoothly. There was a moment of crisis, and a real test of Mukund’s leadership abilities. “During the migration of SAP at Ispat Industries from AIX to HP-UX, while restoring/converting, we faced serious problems in network and black-out increased from the estimated 2 hrs to 4.5 hrs. The entire team was in panic. In such a critical situation, Mukund took the command and managed all the stake holders and the team very effectively,” recalls Alok Kumar, Associate Vice President – IT, JSW Steel Limited. “Mukund is honest in true sense. His communication is very loud and clear and he possesses fantastic self-confidence. Mukund’s highest levels of commitment, a very positive attitude and very effective and efficient way of delegating authorities have left me without doubt in saying that he has been the best boss that I have ever worked with,” he says. Agrees G Venkateshwaran, Associate Vice President – IT, JSW Steel. “Mukund has an excellent knowledge of business and industry in general, and steel in particular. He is very good in networking and relationship building and is excellent in marketing his ideas and influencing people. The way he was able to convince the management in either getting the approval for IT budgets or getting rewards for the right and deserving candidates clearly showed that he was a true leader,” he avers. Satyabir Bhattacharyya, Executive Director - Asia Pacific, Strategic Decisions Group, and a former colleague of Mukund feels that the latter has the ability to align technology extremely well with the business and strategic imperatives and is very thorough in execution planning and implementation. “Mukund worked very closely with me as President and CIO for more than 4 years in a large integrated steel company, where I was holding the position of Director Corporate Strategy and Business Excellence (CS &BE) Division which included the company-wide IT function apart from Corporate Strategy, Strategic Sourcing, Corporate HR and Plant Automation. He was obviously key member of the CMD's core group that was driving the strategic change program in the company being a key member of my Division. As part of the execution of the overall corporate vision and 3-5 year strategic plan, Mukund was responsible for mukund prasad | COVER STORY the IT transformation. He had prepared the IT vision and the blueprint that was tightly aligned with the corporate strategy. He had masterminded the complete execution of SAP and mySAP.com that included implementation of several modules with extremely aggressive deadlines. His execution team had more than 50 people full-time and consisted of more than 500 key users. It must be noted here that the technical support for WAN set ups and management of communication links between remote locations, designing, implementing, and maintaining large multi-location voice and data networks, VPNs, Video Conferencing on ISDN, VOIP solutions and data centers were the other complex challenges for Mukund,” Bhattacharyya says. “He demonstrated very superior leadership skills in effectively meeting the company's strategic goals, he carried along his internal and external customers extremely well, and was considered a great motivator, coach and mentor by each of his team members. I am aware that many of them miss him even today. He is by far the best CIO I have worked with in my 35-year long career,” he adds. Constantly looking for new challenges, Mukund moved from Ispat to the pharmaceutical industry. He joined Ranbaxy in 2007and took over the global responsibility of 29 countries for IT strategy planning and implementation. While at Ranbaxy, Mukund was instrumental in rolling out SAP, APO, BIW, KM.CRM View from the top I Dr. Rajan Saxena Vice Chancellor, Narsee Monjee Institute of Management Studies solutions in all the 29 countries and their governance for maximizing the benefits. He set up business councils for India, Asia pacific, USA, Europe, South Africa, Latin America for proper IT governance and also initiated the consolidation of various applications in various regions. Mukund achieved excellent results in improving the business processes of demand forecasting and production planning and scheduling function with the help of APO and improved the business processes of supply chain, manufacturing and sales planning resulting in increase in schedule adherence in the plant and compliance. Recalling his association with Mukund, Ajay Bajaj, Head – IT, APAC & WEMEA, Ranbaxy, says, “Mukund is a complete team player. He realizes the importance of delegating authority to subordinates. I remember my visit to Moscow with him for a business council meeting with the country head. I was in for a pleasant surprise when Mukund made me give the presentation, while he supported it entirely.” Going down memory lane, Jayant Kapoor, General Manager – Business solutions, Ranbaxy, says, “Mukund was able to instill confidence in the IT team and show way to manage an outsourced operation inhouse at a much lower cost. This involved developing and managing the critical skills. It was a case of paradigm shift for the team that was very successfully handled by Mukund.” Mukund joined Welspun Group in 2009. He continued to lead from the front and displayed highest have known Mukund as my student in the MBA program at XLRI, Jamshedpur since 1981. What impressed me most about Mukund was his skills to adapt to different environments and jobs which were not necessarily the one which he originally started with. He started as an engineer at Tata Steel. After doing his Executive Masters in Management from XLRI, he decided to move out from the production department and explore opportunities in marketing area, which he did successfully when he joined at FMCG firm as Brand Manager. In a short span of time his planning, and execution capabilities and creative skills made him a star performer in this industry. He Toughest decision: To outsource IT at a group level in the conglomerate; To let go the real action to bring flexibility, agility and command and control. also adapted quickly management styles of a family firm. He showed that more than technical skills it were interpersonal skills that can make all a difference to a successful professional irrespective of the organisation and its work culture or management style. Mukund moved again to commodity business but now increasingly in the IT space. Today, his understanding of IT and ERP processes far outsmart those of many other CIOs with whom I have personally interacted. However, he needs to prioritise activities especially when it comes to his academic goals and professional goals, which he pursues with passion for completing his PhD. October 21 2013 21 View from the top M Ajai Chowdhry Former Chairman and CEO HCL Infosystems Ltd. The Low Point: IT is still considered a support function and looks forward to the business head for his nod at every step. It is a business enabler but craves for recognition. 22 ukund shows a lot of character and credentials. He has a curious mind, Interest in people, love and passion for the work which he does and demonstrates the pride of its ownership. He comes out with a lot of energy and a can-do-attitude which is critical in the sense of urgency towards getting the job done. He managed inequality of talent, personality and remuneration with harmony in the team. There are certain qualities in him that I admire. He is a positive thinker and has the ability to recognize the moment to degree of leadership and business understanding in his various initiatives. As Anil M Nimbargi, Sr. Vice President – IT, Welspun Group, says, “He displayed his keen sense if understanding when we were strategising for the Data Center Design and finalising the Technical Architecture for the Welspun Group of Companies worldwide. All the changes that were suggested during the design phase, eased out the future challenges that we would have faced otherwise. Due to this, implementation was smooth.” Kedar Nath Bansal, Asst. Vice President – IT, Welspun Group, echoes the sentiment when he says, “Mukund has successfully architected the IT Strategy and Roadmap for the Welspun Group. His technical acumen was clearly visible when the contract for IT Strategic Outsourcing was getting finalised. Today while we are executing the contract for the last one year, not a single change request was required. And all this was finalised 18 months ago and is running successfully.” According to Guna Nand, GM IT, Welspun Group, “The capability to handle ambiguities and complexities were demonstrated very effectively by him in a multicultural environment across geographies.” The Future Road While Mukund has been doing what is expected from a CIO – align IT with business – but will that be enough going forward? “We have seen a massive change pertaining to the Role of CIO. In last few decades, the role of the CIO has changed dramatically. New technology innovations and more technology savvy end user/ business are also a major reason for the CIO to October 21 2013 find common ground. He knows when to speed up and when to take more time. However, I feel his other qualities of straightforwardness and being nonpolitical can at times prove to be his shortcomings. Mukund’s leadership abilities came to the fore in several projects he implemented at HCL. He kept the team aligned on the business objectives during the challenges of developing the SAP Practice. He built credibility when he brought cost efficiency by consolidating the IT investments and brought automation focus on CRM and Supply chain. change / learn regularly. Learning new technology, business skills and leadership abilities are foremost important now. In coming days, infrastructure people will manage the vendor; helpdesk and enduser support will be more important due to rising demands from the users; application development will be more done in the outsourced model. Hence, the CIO role will also evolve in business strategy and owning more than technology,” he opines. According to Mukund, the big challenges in technology to meet enterprise needs in 2013-14 would be: Deployment of Cloud in the enterprise. This solution is emerging in an interesting way. Data protection and security aspects are critical and it is still not very clear that how cloud solution provider will handle this challenge effectively. Also policies and law of land should require to be taken care. Business Analytics and Executive dashboards: Business Intelligence and analytics need to scale up to massive growth in the data sources. Mobile BI is also required to be explored. Deployment of Mobile solutions will also a major challenge in 2013. How to provide a cost effective mobile solution in heterogeneous environment. BYOD implementation. Business Transformation through supply chain automation, IT enabled Shared Services Enterprise PMO “In fact, making road map and implementation initiations of all the above mentioned solutions are my wish list for 2013-14,” he adds. mukund prasad | COVER STORY A Power Coach A certified power coach, Mukund Prasad, DirectorGroup HR, Business Transformation & Group CIO, Welspun Group, has gone beyond the realm of technology to help others overcome their limitations and achieve their goals T oday’s leaders are expected to be masters at people development. Long gone are the days when a leader could get by on his/her technical ability. Senior leaders around the globe are being asked to step up to the plate and take the time to learn and understand the intricacies of human behaviour – to understand why people do and say the things they do. They are being asked to learn coaching skills where they use clever questioning skills to help their clients self-discover solutions to challenges and goals. To help others achieve their goals and overcome their challenges in all areas of life and at the same time amplify his own strengths and lead-strong with both logic and heart, Mukund Prasad, Group CIO, Welspun Group, decided to undergo training at Coaching and Leadership International (CLI). “Mukund knows that every leader has blind spots in their subconscious mind which is the driver of our actions. Therefore, he works diligently at encouraging those around him to receive coaching from him or another CLI Power Coach to dig deep inside self, to find the blind spots and get rid of them. ,” says Master Coach and Co-President of CLI, Betska K-Burr. “Knowing that the world is currently in a chaotic space because global leaders made decisions primarily with their logical mind, Mukund understands the value of a leader becoming a whole-brain genius thinker where s/he makes far better decisions using BOTH logic (left brain) and heart (right brain). Thus, when using PCMK’s variety of coaching methodologies, he is able to help any leader achieve ultimate clarity on how to achieve a goal or solve a problem,” she says. Lauding CLI and its strong tangible benefits, Mukund says, “At CLI, the methodologies are so strong that they help the person to remove the biggest boulder from his shoulder through processing of all information within his left and right brain to create permanent positive shifts at a cellular level. Betska is an awesome Guru Coach who helps the client in solving his problems by guiding him through excellent methodologies developed by her and has huge commitments to people for their development of leadership abilities. Their return of investment can range as high as 300 percent! These unparalleled coaching and leadership tools bring waves of success of executive tired of poor results from training programs,” CLI, based on Vancouver Island in western Canada, began in 1991 as a coaching, consulting and training company. The industry has known for years that training on its own simply does not produce good results. Roughly ten percent of participants literally benefit greatly from training programs which means that organizations are spending billions of dollars world-wide on coaching and training programs which yield a minuscule 10 percent ROI. Frustrated by this waste of time and money and lack of tools to dramatically improve performance, CLI decided to go into research mode. Today, CLI is known for their development of the Science of Mind-Kinetics training program entitled Power Coaching with Mind-Kinetics (PCMK). This science literally puts the whole brain into action. It turns unconstructive thoughts, words and actions into permanent positive ones. The results (calculated ROI) from these unparalleled thinking tools are astounding. According to Betska, “Mukund is a born teacher. Leaders, I invite you to engage him to dramatically raise your leadership competencies. Be prepared to answer some tough questions. Be prepared to truly look at yourself. Be prepared to tap into the genius which is so rightly yours.” By investing time and effort at CLI, Mukund is today a Certified Power Coach. He now experiences the joy and satisfaction of helping others overcome their limitations and achieve their goals. Mukund Prasad with Betska K-Burr, Master Coach and Co-President of CLI October 21 2013 23 Mukund Prasad, Director-Group HR, Business Transformation & Group CIO, Welspun Group Run, Grow, Transform 24 October 21 2013 Welspun Group became the first Indian manufacturing company to enter into an IT strategic outsourcing tieup when it signed a ten year contract (with periodic contract review) with leading IT solutions provider O p e n S o u r c E | C O V ER S T O R Y W elspun wanted to leverage technology to take a qualitative leap in the next few years. "It was not at all about centralising IT operations, but more about using the amazing power of Information Technology as a tool to usher in business transformations across different segments and sections of the business,” says Mukund Prasad, Group CIO, Welspun. It was an outside-in approach for understanding and integrating Business and Automation. Generally IT outsourcing deals are meant to take care of IT operations (Infrastructure and Application) and their regular day to day maintenance. To assess the benefits of the optimisation of costs along with the challenges of technology obsolescence, it was decided to conduct an ISP study within the group across the seven different Industry segments globally. It was observed that there are too many things required to be done for bringing about synchronisation between the opportunities for standardizing the business processes and automating the same as far as possible. The in-house resources were not adequate to implement the various technology and business transformation projects that were needed to meet the business objectives of the group. After a lot of deliberation, the company decided to go for strategic outsourcing. The requirements of outsourcing were classified into the area of Run, Grow and transform the businesses. The Run part was basically going to take care of the day-to-day operations, maintenance of infrastructure and application and the basic hygiene factors which are required to be taken care of by Information Technology. "By taking the outsourcing route, Welspun was also looking for basic hygeine of its IT. It would have resulted in Hardware / IT Asset Refresh, Statutory Compliance / Licensing, Skill Inventory, Recruitment and retention and IT policies update," says Mukund. What and How The basic plan under the overall project entailed SAP re-implementations and roll outs. The company also set up Intranet and Knowledge Management Portal, and vendor and customer portals. Besides, Welspun also went in for HRMS, Financial Consolidation and Master Data Management (to reduce the number of items and create product catalogue for sales). The mailing solution was upgraded and the security systems enhanced. Also, the network was upgraded and DR/BCP planning was done. Within the next three years, the company would move up to having a Governance Risk & Control (GRC), Business Planning / Demand Planning, Financial Planning and Retail Planning. What is the business Impact created? Partnership with a global leader in IT services . Robust IT processes . Streamline IT Savings on current spend , Risk Mitigation on skills , Business continuity SLA driven IT delivery IT support in global locations in hands of a global vendor who has its operational presence in each country Single window for managing SLA;s , Vendor and all aspects of IT Deliver Business Value – Business & IT Transformation Capex to Opex – saving upfront investments Specialized resources, Process Models, Tools and Experience ITIL based Service Delivery framework to provide consistent global user experience Application & infrastructure Benefits According to Mukund it would have taken seven to eight years to do all these at a group level with internal resources and with the help of implementation partners. We just did not have that kind of time. “We will no longer have to incur huge CAPEX on IT operations, be it hardware or software and the challenge of struggle to retain IT related talent, or reorganizing teams to ensure that all ongoing projects get adequate attention and sufficient skilled personnel have now been shifted or are shared with our new IT partner,” he said. ”This will enable us to deliver better business value, especially since we have integrated SLA driven delivery with a single window for managing all SLA’s and this process based approach to IT would enhance the quality of service received from the vendor in comparison to what would be delivered under a project based approach,” Mukund said. This also has an inherent element of change management involved which will have to be driven judiciously to reap benefits. “Implementation of the ITSO has already begun with the realignment of Welspun’s existing IT resources, and the first few business projects are already under way. The impact of the change will be seen immediately by those employees directly involved in these new projects, but it will not be long before the entire group begins to reap the benefits as well,” addded Mukund. support skills and resources Support the business growth – Both Ramp up and Ramp down. Business controls and audits. Defined roadmap to move to a complete shared services environment Consistency of Service Delivery – SLA based Robust Service Desk and Desk side support High Availability of IT components What is Unique about this? Complete OPEX Model Manpower transition to the selected vendor Comprehensive Scope of work across the group Comprehensive Asset refresh Application and Infrastructure trans form and Upgrade Already identified future business growth requirements is in-scope. Compliances Comprehensive Service Level Agreement (SLA) October 21 2013 25 “An ideal platform for business leaders to share leadership strategies and help business flourish” ISHAAN SURI DIRECTOR, INTERARCH BUILDING PRODUCTS CEOs JUST JOINED Inc. India invites all CEOs and founder managers to an exclusive membership programme which fosters knowledge sharing in the community and strengthens your efforts to build and take your enterprise to the next level of growth and business excellence COCOBERRY | OZONE OVERSEAS | DTDC | DHANUKA AGRITECH | HOLOSTIK | PRECISION INFOMATIC SHRI LAKSHMI COTSYN | O3 CAPITAL | EMI TRANSMISSION | GRAVITA INDIA | AND MANY MORE... MEMBERSHIP BENEFITS Annual membership to Inc. India Leaders Forum will entitle you to the following benefits PEER NETWORKS Provides an opportunity for chief executive officers and owner managers to engage with a ‘likeminded’ peer group. LEADERSHIP SUMMITS Annual meeting to set the agenda for the community’s strategic and most current issues. The Forum’s summits bring together a focused audience and authoritative speakers, in a highly interactive format BRIEFING SESSIONS A series of quarterly meetings throughout the year. Constructive debate, diverse opinions and indepth discussions provide a premier networking and instructive forum COMPLIMENTARY ADVERTISEMENT Access to the 9.9 Media bouquet of magazines for complimentary advertising (Includes: Inc. India, CTO, CIO&Leader, CFO, IT Next, EDU & I2) RESEARCH AND ADVISORY Access to our in-house research reports on issues of relevance to high-growth companies. Membership to Inc. India Leaders’ Forum is corporate but limited to Entrepreneurs, Directors and Chief Executive Officers TO KNOW MORE ABOUT THE MEMBERSHIP PROGRAMME Please contact Rajat Gupta at [email protected] or call at 0120-4010 914 ion ial ct ec se Sp ship er ad le “Only one man in a thousand is a leader of men - the other 999 follow women” — Groucho Marx October 21 2013 26A Introduction CIO&LEADER This special section on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader: 30 27 Leading edge An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm top down The feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors 28 MY story The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership 37 SHELF LIFE The one-page review of a book on leadership 26B October 21 2013 Top Down Atul Nigam head-it, Samsung Data Systems India Team Management A CIO should always motivate the team members to bring the best out of them I have always had the experience of working in a team from the beginning of my career. For a CIO it is important to manage and motivate his team to bring the best out of them. Over the years, I have had the opportunity of leading various teams in diferent organisations. Today, I work with a 175-member team that comprises primarily of developers. They work for different divisions viz. mobile phones, consumer electronics, supply chain mangement and others. As I have learnt during my past endevours, it is very important to ensure coordination among team members. This results in innovatation in the organisation. Currently, at Samsung, we are working on a supply chain application as we have to link various business from different locations. I believe the life for a CIO has become very difficult in today’s time and with consumerisation of IT things are getting more complex. In our organisation though, we have not yet started BYOD and we do not have any plans of introducing it in the immediate future. It is an international practice that BYOD should not be a part of the system and our India office is no exception. Another important thing for the CIO today is to be business-oriented and always try to speak to different vertical heads to find out their requirements and then meet these requirements. This also means that a CIO should have excellent rapport with all the business managers in the company, so that they are willing to discuss the new things they are planning in their respective divisions. For a CIO to survive in today’s competitive world, he has to be very good in business dynamics and how he can provide more business avenues for the company. No doubt he needs to have the required technical skills but business acumen is also equally important. He also needs to train his team in that manner so that they look at deploying any solution which has business benefits. I have always told my team members to align their goals with those of the company’s and work towards achieving a common goal which can benefit the whole IT department. —As told to Atanu Kumar Das October 21 2013 27 My Story Rajesh Ramachandran Innovation Should Be a Regular Affair Rajesh Ramachandran, President and CTO of Rolta India Limited, shares his leadership journey with Debashis Sarkar of CIO & Leader Rajesh Ramachandran started his career in the early 90s developing software for operational technologies at Siemens. Later he moved to Oracle where he worked with Thomas Kurian, who headed the product development for Oracle in late 90s. He then shifted to Ebay and transformed the Indian technology centre into a centre of excellence. He is presently with Rolta India, offering CAD, CAM, geospatial information system solutions, EBusiness and related services. 28 How did your early days help shape you as a leader? I started my career by developing software for industrial robotics, which gathered a lot of interest in the early 90s. Later, I worked for Siemens where I was developing software for operational technologies for power plants, process industries and automotive. At the global R&D centre of Siemens in Germany, I came up with innovative software for networking. Once, I learnt and had the fun of developing softwares, I wanted to venture into the space of business IT, where I could develop software for enterprises. Then I moved to Oracle in the late 90s. I had the great opportunity to work directly under leaders like Thomas Kurian, who headed the product development for Oracle then. We worked together on middlewares. Earlier, the enterprise software was seen as just database and applications, but at Oracle, we found that we just cannot push the data complexity to applications because you want them to be as simple as possible. At Oracle, I got to learn how to be a technology leader. I was introduced to business intelligence, data integration, infrastructure and application development for different channels for web as well as mobile. At Oracle, I understood how to bring technology driven business innovation. Then I moved to Ebay in the the online space, which was catching pace and was becoming a way to reach to the masses. My role at Ebay October 21 2013 was to transform the Indian technology centre into a centre of excellence as well handle the Indian and APAC business. We were among the first to go for a big data-based search at Ebay, which resulted in a big business driver for Ebay. I got to know about bringing an equilibrium on how to bring business driven by technology. In a career spanning over 20 years at Siemens, Oracle and Ebay, I learnt that customers want specific solutions for specific problems. Then I moved to Rolta, where I am enjoying my role as a CTO and at same time being a business leader for a MNC which invests a lot in intellectual property. My whole journey is based upo three principles — it is always important to have good people around you, one needs to have a great ecosystem, where innovation should be a regular affair and finally we need to be result-oriented to be competitive. Please highlight one change in your career that helped you in a big way. I think the change from a technology leader to a people leader happened in 2004 while I was in Oracle. I used to be a product leader and I wanted to be a strong technology leader defining innovation. I also realised that there is a big difference between people leader and people manager. A leader is someone who creates more leaders under him while a manager just manages people working for him. Ra j e s h Ra m a c h a n d r a n | I n t e r v i e w 5points 1 At Oracle, I got to learn how to be a technology leader 2 There is a big difference between people leader and people manager 3 Every leader needs a mirror to reflect himself 4 My best experience with technology was when I gifted my 70-year old mother a smartphone and taught her to use WhatsApp 5 How should a leader think about mentoring and who should he go after to seek mentoring? Every leader needs a mirror to reflect himself. Many a times we get into the flow and lose track of the key capabilities needed in a leader. Any leader needs a mentor. A mentor can be your parents or spouse for seeking advice in your personal life and in the work front, a mentor can be someone at your level or above. photo by Jiten Gandhi Technology changes the common man’s life drastically and I wish I had access to today’s technology while I was a kid Sometimes, I consult with my colleagues to get things right. I beleive that we need to have an executive coach any point of time as a leader to help us see things from the outside and share everything with that person. Share one interesting experience with technology. Though there are many such instances but I would like to highligh a simple personal experience. My best experience with technology was when I gifted my 70-year old mother a smartphone and taught her to use WhatsApp because she used to complain a lot that I did not spend much time with her. With WhatsApp, she is always connected with me and she prefers to ‘WhatsApp’ me instead of calling. Technology changes the common man’s life drastically and I wish I had access to today’s technology while I was a kid. October 21 2013 29 Leading Mary Brainerd, Jim Campbell, and edge Richard Davis Doing Well By Doing Good: A Leader’s Guide Addressing community problems increasingly requires cooperation among the private, public, and not-for-profit sectors. Here, three executives explain how a civic alliance in America’s Minneapolis–Saint Paul region may point toward an operating model. By Mary Brainerd, Jim Campbell, and Richard Davis The vitality The vitality of our communities has always required the involvement of the private sector, not just governments or not-for-profit organizations. Unfortunately, despite business leaders’ best intentions, these collaborative efforts often founder, fueling skepticism about the private sector’s ability to contribute meaningfully to civic advancement. Changing this equation is in the interest of corporate leaders, for whom the ability to work across sectors is becoming a business necessity. It’s in the interest of their companies, which require talented employees attracted to vibrant communities. And it’s in the interest of the world’s cities, which are confronting unprecedented 30 October 21 2013 challenges at a time when many national governments’ resources and support mechanisms are wobbling. Our group, the Itasca Project, has been experimenting for more than a decade with fresh collaborative approaches aimed at boosting the economic and social health of the Minneapolis–Saint Paul region of the United States, America’s 16th-largest metropolitan area, with about 3.4 million people. If you’ve been to any meeting of your local Chamber of Commerce or Growth Association, you may think you know what a civic alliance such as Itasca does. Ten years ago, we would have thought so, too, because we and our companies had long been trying to work productively with governments and not-for-profit groups in the Twin Cities. But we would have been wrong. Although other organisations play a critical role in communities, Itasca is different. It’s an employer-led civic alliance with no individual members, no office, and no full-time staff. We are quite prepared to end Itasca the minute we feel it is no longer adding value. In fact, we debated that very issue—should we continue?—at our fifth birthday and again this year, at our tenth. We keep going because of the opportunities we see to make a difference. In the past decade, Itasca has forged links between the business community and our region’s biggest university. image BY photos.com Ma r y B r a i n e r d , J i m Ca m p b e l l , a n d R i c h a r d D a v i s | L e ad i n g e d g e It has improved the financial fitness of the region through educational programs and cast a national spotlight on growing socioeconomic disparities. Today, Itasca is working to improve higher education and generating quality-job growth, as well as advancing efforts to address transportation issues comprehensively. We don’t claim to have cracked the code to successful trisector partnerships. But we do think our approach—how we’ve organised, focused our efforts, relied on hard facts, and involved, personally, our region’s key leaders—is different enough to spark useful ideas for corporate leaders in other communities. This article outlines that approach, which has not only made a difference in Minneapolis and Saint Paul but also been extraordinarily rewarding for us as individuals. (For more, see the video where the authors discuss the civic alliance’s impact on the Minneapolis–Saint Paul region and them personally.) Who we are Understanding Itasca requires understanding its origins. After World War II, the state of Minnesota enjoyed dramatic economic growth, driven by locally based Fortune 500 companies such as General Mills, Minnesota Mining and Manufacturing (3M), and Northwest Airlines, as well as private, family-owned empires, including Cargill, Dayton, and Pillsbury. That lineup’s not bad for a region that is, for many, flyover country. We don’t enjoy sunshine 300 days a year. We don’t have beautiful mountains or gorgeous seashore. But for the four decades from the 1950s onward, our focus on those factors we could control—such as the quality of life, education, and the arts—made our state incredibly special and a place where people wanted to live. As the new century approached, though, our competitive edge dulled. Between 1990 and 1999, Minnesota’s share of the nation’s initial public offerings and venture-capital investment fell. We began losing the battle for emerging high-technology businesses and slipped as a hub for research and development. By March 2000, David Kidwell, then the dean of the University of Minnesota’s Carlson School of Management, delivered a speech titled “Has the Twin Cities economy lost its blue chip status?” Deep down, we all knew the answer. The question was what could be done about it. Later that year, Mark Yudof, at the time the president of the University of Minnesota, convened 1,200 civic and business leaders to discuss regional competitiveness, and a task force of around 50 local leaders from all sectors was formed. It was a disaster. A group of that many people, representing diverging constituencies and priorities, barely agreed on the shape of the table let alone a path to revitalise our competitiveness. Yet a fuse had been lit. Rip Rapson, then the president of the McKnight Foundation, organized a breakfast meeting with a small group of business leaders who by now were convinced that something had to be done. Itasca eventually emerged from this, though its creation was far from a foregone conclusion in a region awash with groups ostensibly promoting economic growth and competitiveness. To decide whether we could do anything worthwhile, we got in touch with leaders throughout the region and conducted interviews aimed at examining the Twin Cities’ strengths and weaknesses and the degree to which those issues could be addressed collectively. What we found was room for a different kind of organisation: one that was business led while demanding all other perspectives October 21 2013 31 L e ad i n g e d g e | Ma r y B r a i n e r d , J i m Ca m p b e l l , a n d R i c h a r d D a v i s as well and that took a long-term view, peering decades into the future rather than just to the next legislative session. Such an organisation should prioritize regional vitality over business self-interest and be willing to take on issues that are inherently difficult to solve. On September 12, 2003, Minnesota’s governor, the mayors of both Minneapolis and Saint Paul, and about 30 other business and civic leaders attended the first organisational meeting. Ten minutes had been set aside for introductions; this stretched to nearly half an hour as participants expressed their passion for the Twin Cities and their hope that the new organisation could make a difference. We all believed that a group driven by private enterprises but including a broad set of stakeholders could play a constructive role in reviving the economic competitiveness of Minneapolis and Saint Paul. When it came to a name, we were inspired by what many regard as the Twin Cities’ golden era of business-leader civic engagement. In the 1950s and 1960s, regional business leaders would assemble annually at a state park to discuss critical issues, setting aside rivalries between their companies to contribute to the state’s prosperity. The park’s name was Itasca. Our different approach All regions are unique. All have strengths and weaknesses. And all have organisations that see their role as promoting economic vitality, business growth, and community well-being. On this basis, you could consider Itasca and the Minneapolis–Saint Paul region as entirely ordinary. Yet we like to think that our results have been extraordinary—and that they are a direct result of the conscious, deliberate ways we sought to think differently about how a civic alliance should operate. (For more, see sidebar, “How Itasca has made a difference.”) Organise for action In the case of Itasca, “organisation” refers to how we operate, not what we are. We’re not an organisation. We work virtually, without a formal office. There’s no full-time staff, but we have been fortunate to receive support with operations and logistics—such as preparing agendas and documents for meetings—as well as some of the fact-gathering, which is so critical to our work. We leverage personal relationships rather than sell memberships. We have no public-relations people or thirst for recognition. And our budget process comprises a single annual meeting where the total estimated expenses for the year ahead are presented. Invoices are then sent to member companies, with payment optional. We collectively spend some two hours each year worrying about funding. We do have some external financial supporters. However, we believe other civic alliances have the ability to adopt our overarching approach—all communities have smart people, companies, and institutions that can provide support—especially when the benefits of being freed from traditional organisational structures are so obvious. Being a virtual organisation frees us to focus entirely on picking issues and driving for results. It’s a collective effort; while working groups are responsible for individual issues, none “In the case of Itasca, “organisation” refers to how we operate, not what we are. We’re not an organisation” 32 October 21 2013 of us will hesitate to pitch in if we believe we can make a difference. We don’t expend time or energy perpetuating an organisation for an organisation’s sake, and if the day comes when we find there are no issues to address, we will walk away and Itasca will be no more. Focus on specifics Everyone learns from mistakes, and Itasca is no exception. When we first tried to determine which issues we wanted to be involved in, we wrote all of them on a white board, voted, and chose six. A shorter list would have been better. It’s difficult to overstate the importance of carefully selecting issues where you believe you actually can make a difference, rather than those where you would like to. The key is to select the pressure points of issues on which a group such as Itasca— driven by the private sector but working collaboratively with all—can have an impact. When we targeted higher education in 2011, for example, our principal task was to narrow down potential action areas. Our taskforce, led by Cargill chairman and CEO Greg Page, included executives from major employers, such as Andersen Corporation, General Mills, Target, and Wells Fargo. It recommended four priority areas: training students to meet the needs of employers, fostering a private–public ecosystem of research and innovation, forming new collaborations among higher-education institutions to improve efficiency, and helping to increase the number of students who graduate. We immediately decided not to address the final priority—that’s the responsibility of institutions themselves, with little role for the business community. But we knew Itasca could have an impact on the other three, and implementation teams have worked on each since late last year. Although the work is ongoing, early results are encouraging. To give just two examples: our state’s conversation around the issue of higher education has shifted from cutting spending to increasing investment. In fact, Minnesota’s 2013 legislative session was dubbed “the education session” for the way it prioritised investment. And the Minnesota State Colleges and Universities (MnSCU) system and Associated Col- Ma r y B r a i n e r d , J i m Ca m p b e l l , a n d R i c h a r d D a v i s | L e ad i n g e d g e leges of the Twin Cities (ACTC) have been working in parallel on efficiencies. In fact, by adopting modern procurement practices, MnSCU has saved more than 30 percent on copier paper, and ACTC’s board is determining the business case for shared services. The effort to bridge the gap between education and employment fits neatly with Itasca’s broader priorities. We view education, jobs, and transportation as a triangle, with socioeconomic disparities in the center, influenced by the other three. These centerpieces of our work have a critical factor in common: they arelocal. Education involves our children and students of all ages, as well as teachers. Jobs relate directly to our community and what we can do to increase opportunities and the region’s attractiveness. Transportation includes our roads, bridges, and infrastructure. And the degree of disparity among our residents is influenced by all three factors. The bottom line is that these are challenges where we believe Itasca can make a difference. Take a fact-based approach Gathering the facts is critical to our success. While our working groups may be hypothesis driven, before any recommendation is contemplated they spend weeks or even months examining best practices in the United States and around the world, gathering data via interviews, surveys, and other approaches. Because every recommendation is firmly grounded in fact, this approach underpins our credibility with partners and the broader community. They know that Itasca is— to the greatest extent possible—objective, nonpartisan, and driven only by the desire to improve our community. Consider the issue that is central to all that we do: disparities. While the issue of socioeconomic inequality has taken center stage nationally in the past five years, Itasca prioritised it from our first formal meeting, in 2003. Even at that point, it was evident anecdotally that the Twin Cities were increasingly dividing into haves and have-nots, with all manner of deleterious effects on our community. Yet we weren’t aware of any organisation in our region tackling this issue, “When it comes to getting things done, there’s no substitute for the direct involvement of those with authority” and, frankly, we were concerned that it couldn’t be tackled—it was simply too big to be addressed, especially by a small, fledgling civic alliance. Then we got lucky. We discovered that one of our primary supporters, the McKnight Foundation, was already working with the Brookings Institution’s Metropolitan Policy Program to examine publicly available census data on several US cities and determine the types and impact of disparities. We immediately saw an opportunity to become involved, and the eventual report, Mind the Gap, was sobering. Although our region is generally regarded as highly educated, with relatively low rates of poverty and unemployment, the report showed worrisome trends emerging. In particular, it showed that fewer people of color attended college, their household incomes were lower, and they tended to live farther from areas where jobs were. What made the report, released in 2005, so powerful was that it was grounded in facts—in this case, publicly available data—and that the recommendations based on our analysis came from a unique business perspective. Because all of our member companies are major employers, the fact that we were expressing concern about growing socioeconomic disparities and their potential impact on the future vitality of our region carried significant weight. Some eight years later, we can’t claim to have solved the disparities issue. But it is now squarely at the center of all conversations about what kind of community people want the Twin Cities to be and the initiatives that should be pursued to achieve this goal. That would never have happened without the credibility of Itasca as a messenger and the rigor of our approach to understanding and analysing issues. Get leaders involved When it comes to getting things done, there’s no substitute for the direct involvement of those with authority. The members of Itasca who make up our working groups are private-sector chairmen and chief executives, the mayors of Minneapolis and Saint Paul, the governor of Minnesota, and presidents of universities and other institutions. There’s no concern about miscommunication or making false promises that require the approval of others. We are all principals with decision-making authority, sitting in meetings as equal participants with equal voices. Although this practice sounds like common sense, many civic alliances devolve into endless rounds of meetings attended by designated representatives who report back to others, adding layers of complexity and delays. Having principals at the table—principals whose time is precious and who are accustomed not only to making decisions but also to seeing tangible results—ensures our relevance and focuses our attention on what really matters. We all know that the work we do must be worth our time. At one of our first meetings, for example, we discussed research and development undertaken by companies and public institutions in the Twin Cities. A vast amount of groundbreaking work was being done, yet there was little cooperation—research organizations worked in isolation and had done so for as long as anyone could remember. October 21 2013 33 L e ad i n g e d g e | Ma r y B r a i n e r d , J i m Ca m p b e l l , a n d R i c h a r d D a v i s “We’ve never had to recruit participants; they welcome the opportunity to be part of something bigger than they could be elsewhere” We all agreed this made little sense, and the then chairman and chief executive of 3M, Jim McNerney (who now holds the same roles at Boeing), immediately volunteered to chair a task force on the issue. Within seconds, another attendee, the president of the University of Minnesota, Bob Bruininks, piped up: “I’ll co-chair.” Six months later, the working group chaired by Jim and Bob had studied best practices, developed a deep fact base, formed recommendations, and pushed for changes that have transformed private– public sector collaboration across the state. Finding deeper meaning The effort Jim and Bob spearheaded had obvious direct benefits for both of their organisations. Yet not all Itasca initiatives do, which raises the question: why bother? Why do so many leaders of companies, organisations, and institutions devote so much time and effort—our core working group typically meets weekly—to do work that, in many cases, may not bear fruit for years or perhaps decades? If you ask these leaders, the answer is universal and simple: it’s incredibly meaningful. The personal return on investment from their Itasca involvement exceeds that of pretty much anything else they’ve done, including their corporate careers. It’s that significant. Itasca provides a couple of rare opportunities at a personal level. Members interact in a noncompetitive environment with fellow leaders, and they exercise different parts of their brains. While we like to think that managing a major corporation is all about influence, the fact is that it’s often just management: leaders make 34 October 21 2013 decisions, and others fall into line. At Itasca, it’s all about influence. Ideas survive and thrive on the ability of members to bring their colleagues along with them. It’s also creative. Our members have risen to their current positions by being very skilled at specific tasks in specific industries. Yet at Itasca, they may be examining a problem they have little expertise in, which is itself exhilarating. Not only that, they also have permission to try more things and make more mistakes—a luxury that quickly disappears in their day jobs. Don’t get us wrong; we are determined to reach the right answer to a given problem as quickly as possible. But there is leeway for experimentation and learning. At a broader level, there’s no doubting the significance and satisfaction from the altruistic element of civic work, as any executive involved in community groups can attest. We like to imagine it’s more intense for participants in Itasca, who are at the front line of efforts to reinvigorate a region that is responsible for the livelihoods of millions of people, not to mention the well-being of the participants’ companies. While the percentage of revenue that these companies derive from the Minneapolis–Saint Paul area has certainly declined in recent decades, the happiness and prosperity of our employees is linked as tightly as ever to the region’s vitality. Knowing we are working to improve it is incredibly gratifying, even if the full benefits may not be realised in our time at Itasca or even our lifetimes. Finally, Itasca provides lessons that can be applied day-to-day. Some members learn from observing their peers, gaining insight into the way other chief executives think, solve problems, or interact. Others directly implement changes based on findings from our work; for example, our deep understanding of socioeconomic disparities has resulted in formal goals at HealthPartners—to reduce health-care disparities and increase the leadership team’s diversity— as well as changes to the company’s incentive plan to drive results. All members grow personally as a result of their involvement and relish the opportunity to be involved. We’ve never had to recruit participants; they welcome the opportunity to be part of something bigger than they could be elsewhere. We’re obviously proud of our work at Itasca and believe the approach we’ve adopted can be implemented elsewhere. Yet we know none of this is easy. We have false starts when it comes to selecting issues. Some of our initiatives struggle to gain traction. And we have our share of executives who become consumed by their day jobs, letting Itasca fall by the wayside. However, while we are sometimes discouraged, we are never dissuaded. We know personally how meaningful it has been to try to improve the community in which we live and work. The way we see it, leaders spend decades acquiring influence that typically peaks when they reach the very top of their organisations. Wouldn’t it be wonderful to have the opportunity, at that point in your life, to engage with others in the same position and do something bigger than all of you? Mary Brainerd, president and CEO of HealthPartners, was chair of Itasca from 2008 to 2012. Jim Campbell, a retired chairman and CEO of Wells Fargo Bank Minnesota, was chair of Itasca from 2003 to 2008. Richard Davis is chairman, president, and CEO of US Bancorp and Itasca’s current chair. —The authors wish to thank Tim Welsh, a director in McKinsey’s Minneapolis office, and colleagues Allison Barmann, Beth Kessler, Jennifer Ford Reedy, and Julia Silvis, for their collective contributions to the Itasca Project since 2003. OPINION David Lim Major Events of the 1st Singapore Everest Expedition in 1998 1996 was a more hopeful year, with the team succeeding on a number of alpine summits most of 1994 was spent organising a team, as well as beginning the fundraising drive. This was largely spearheaded by David Lim and Justin Lean, requiring significant after -hours work, lunch-time meetings with prospects and so on. As usual, there were some genuine well-wishers and some timewasters who realised that they couldn’t deliver what they promised. Stories in the press at that time focused on the large sponsorship and team challenge. A major boost happened in March 1995 when, after a request was sent, the the President of the Republic, Ong Teng Cheong , agreed to be the Expedition Patron. Mr Ong, unbeknownst to us at that time, had stuck his neck out, ignoring the advice of some of his advisors who warned about supporting a venture that could “fail”. Apparently, his response to these risk-averse people were ” That is exactly why I should give them my support”. These and other nuggets were only revealed much later after the expedition concluded. In a letter of encouragement to the team members, President Ong wrote: “Mountaineering is not a tradition in Singapore. Only people with strong determination and spirit of adventure like you will set your sights on the conquest of Mount Everest. Whether you are climbers or members of the support team, you are all pioneers with the courage to try and succeed.” Meeting the President at his official residence, the Istana, in March 1996 for an update. From L to R: Lim Kim Boon. David Li, President Ong Teng Cheong and Rob Goh. The team began training with some members undertaking smaller trips with each other to places like Mt ABOUT THE AUTHOR David Lim, Founder, Everest Motivation Team, is a leadership and negotiation coach, best-selling author and twotime Mt Everest expedition leader. He can be reached at his blog http:// theasiannegotiator. wordpress.com, or david@ everestmotivation. com Kinabalu and the NZ Alps, where peaks like Mt Cook were climbed. Planning began in earnest to organise a whole-team expedition to climb Kun, part of the 7000m Nun-Kun peaks in Ladakh, India. This expedition took place in August and met with bad weather. They were forced to try a new route on Nun (which was not even planned for)after deep snow made it impossible to reach Kun’s basecmp. WIth little time left, the team regrouped in Leh, the capital of Ladakh and re-launched themselves at another objective organised on the fly - Stok Kangri - a simple 6000-metre peak. Four members, David Lim Rob Goh, YJ Mok and SC Khoo summitted The team returned to review the lessons of the climb and continued the quest to raise the nearly $1 million SG dollars needed for the climb. David’s leadership had been confused at times, and some members had behaved selfishly. All in , it was a sobering lesson that the team dynamics needed work. 1996 was a more hopeful year, with the team succeeding on a number of alpine summits in the Swiss and French Alps in the summer of that year. David Lim and Justin Lean had also pulled off some difficult ascents in the NZ Alps on Mt Tasman. The team also acquired new sponsors Ricola. They would be the single largest non-government linked sponsor with $65000 invested in the expedition. Contrary to what many Singaporeans then and now believed, the TOTAL financial support of the Singapore government and government-linked organisations only October 21 2013 35 op inio n | D av id L im image BY photos.com Only the money issues were unresolved, and team had to consider how they would find another few hundred thousand dollars to complete the funding for Everest in 1998 amounted to 11 percent of the total needed for Everest in 1998. ( inset left: David Lim high on Syme Ridge, Mt Tasman, Jan 1996) However during this time, the naysayers and cynics also became more vocal. In 1996, an opinion piece, and an exceedingly poor piece of journalism for all its factual errors) made fun of the climb, denigrating the climbers et al was published in the major media. Written by an ‘award-winning’ journalist, you wonder if that award was for being Jerk of the Year – not to mention OpEd With The Most Factual Errors. For goodness, sake , at least if the sarcasm and critique had anything like the class of a Salon.com piece, it would have been bearable. As is… we had to put up with this twaddle. Singapore’s largest climbing shop carried, for a long time, a news clipping of us that was parodied by an unknown cartoonist and was displayed for all to see – until we shut our critics up. Such occurrences were part and parcel of pulling off something difficult, and unwelcome in the face of tawdry, and mediocre journalism, not to mention mediocre minds. The Tall Poppy Syndrome comes to mind as well. In September, the team, now somewhat smaller with several voluntary departures, went to make an attempt 36 October 21 2013 at a 7000-metre peak, Putha Hiunchuli by the North Face. This was the first time any SE Asian team had attempted a peak f this scale. Located in mid-west Nepal, the peak had been climbed infrequently owing to the challenging access. After some bad weather in the initial stages, David Lim and SC Khoo stood on the summit. A few days later MB Tamang and Rob Goh did the same. YJ MOk and S. Yogenthiran had to retire for health reasons. Putha Hiunchuli was a tremendous success at a time when there were nagging doubts if the team could pull it all together on a climb. Despite differences and some obvious dislike for each other by some team members, and some selfishness, the team was functioning above expectations. Only the money issues were unresolved, and team had to consider how they would find another few hundred thousand dollars to complete the funding for Everest in 1998. DAVID LIM IS A LEADERSHIP AND NEGOTIATION COACH AND CAN BE FOUND ON HIS BLOG http:// theasiannegotiator.wordpress.com, OR subscribe to his free e-newsletter at [email protected] SHELF LIFE “As in all walks of life, in business too, relationship choices have consequences”— subroto bagchi The Elephant Catchers Key Lesson for Breakthrough Growth those who hunt rabbits are rarely able to rope in elephants, says Subroto Bagchi, the author of The Elephant Catchers. The author feels that catching an elephant is totally different from hunting a rabbit. He says, “elephant catchers come at a price that may raise eyebrows and change the status quo in your existing set-up.” Bagchi compares the difficulties of catching an elephant with small organisations who are wanting to make it big. “There are great success stories of organisations graduating from small game to large, but they all begin with the fundamental realisation that the social contract that brought everyone together in the beginning — with bows and arrows, drums and utensils — no longer works. The social contract that laid the foundation of the village will have to be replaced with one for the city. It is time to step back and rethink the purpose of the organisation, and be ready to remodel its structure and functioning. Being able to work future backward by imagining what the customer, supplier and employee of the future, five and even ten years out, will expect from the organisation is the perfect starting point.” In the chapter, 'The Cat and Dog Differential', the author says, “the key to winning a customer's business is to be able to connect and to come across as hungry, willing, genuine, trustworthy and above all, interesting.” Bagchi compares the business decisions with one's decision of choosing a life partner. It is imperative for orgnaistaions to make the right choice or face the consequences for the decisions they have taken. “As in all walks of life, in business too, relationship choices have consequences. If you seek a marriage of convenience , do so with your eyes open and always be aware that it just might become an unholy alliance.” Bagchi feels that a brand needs to be nurtured and reinvested for it to keep on succeeding. Branding is a very important aspect of an organisation's future prospect. “A brand literally takes birth, grows, and ages ABOUT THE AUTHORs Subroto Bagchi is an Indian entrepreneur and business leader. He is best known for co-founding Mindtree Ltd and for being a business author. Along the way, Bagchi wrote business bestsellers such as The High Performance Entrepreneur, Go Kiss the World, The Professional, MBA at 16, The Professional Companion and The Elephant Catchers and, unless it is renewed, it dies and decays. The brand is an expression of an organisation's mission, vision, values, its reputation and ambition, and it cannot change unless the core goes through a transformation. Bagchi says that he learned the essentials of branding from rather colourful man named Shombit Sengupta who founded Strategy Design, a brand advisory in Paris. “When I first met him around 1996, his company had reported a turnover of $9 million, his brands sold for over $40 billion worldwide for companies like Danone of France and Lakme in India. Legend had it that if you went into any kitchen in Europe, you would see at least six products that carried his signature.” Bagchi says, “Shombit taught me that a brand is not just a logo, a tagline, or a smart-sounding name. It is the perception of the value of a company, product or service in mind of a customer, and a perception is partly rational and partly emotional.” —By Atanu Kumar Das October 21 2013 37 NEXT Illustration by anil t HORIZONS How to Lead Like Red Burns Features Inside Former CIA Director Warns of ‘Cyber-Pearl Harbour’ Pg 40 ‘Game Over’ for BlackBerry in the Enterprise? Pg 42 Here are five leadership lessons from the career of the late Red Burns, cofounder and leader of New York University master’s programme By Jack Rosenberger 38 October 21 2013 O ften lauded as the “Godmother of Silicon Alley,” Red Burns cofounded and led the Interactive Telecommunications Programme (ITP) at New York University, a creative and technology-driven master’s programme that has produced more than 3,000 graduates. Many of ITP’s graduates now work at global brands like Apple, Disney, Google and Microsoft, as well as smaller companies and eager startups, where the best of them carry on Burns’ vision of using technology as both a means l e a d ershi p | N E X T H O R I Z O N S of creative expression and a way to improve people’s lives. Burns died late last month, at the age of 88, and the resulting obituaries and related articles often recalled her inspirational leadership of ITP, from which I have gleaned a handful of lessons about technology, collaboration, checking the periphery and more. Technology is a tool. For Burns, what was important about technology was what it could be used for. When the Sony Portapak videocamera, the first portable video camera, was introduced, a Burns-related project involved documenting a broken stop light to force New York City officials to replace it. As Evan Rudowski, an ITP graduate, wrote in Mashable: “Led by Red and her tion. Burns believed that collaboration vision, ITP was filled with people who and diversity were the two forces that fosbelieved, as I was coming to understand, tered innovation at ITP, according to a New that technology is merely a vehicle York Times profile, and Burns and her for expression. ITP colleagues deliberately created a As amazingly advanced as technology diverse program, both in terms of students could be, it was pointless without dialogue. and faculty. Who cares what it does? What are you Half of ITP’s students are female, which trying to say? Red and ITP was teaching is unusual for a technical program, and people not to be technologists—but artists, many students are from foreign countries. communicators, participants.” As for the faculty, Burns hired a large num“To me, the computer is just another ber of adjunct faculty, which enabled ITP tool,” Burns said in an interview. “It’s like to provide a wide variety of courses (140 a pen. You have to have a pen, and to know at present), quickly adapt to new developpenmanship, but neither will write a book ments in technology, and explore different for you.” areas of study, much of which would be Value collaboration, not competition. difficult to accomplish with a faculty of Burns emphasised collaboration over comfull-time specialists. petition, and one of ITP’s hallmarks is its Technology constantly changes. Burns collaborative atmosphere. “Competition is recognised that technology is always not valued here,” Burns told The New York changing, so she emphasised different Times in 2007. ways of approaching and thinking about “Competitive people have energy, they’re technology, as opposed to having students interesting and so forth. But they’re so master specific technical skills. focused on the competition they fail to see “We’re training people who have to what they’re doing. They just want ‘better, learn to navigate in a world of bigger, stronger, longer,’ and change. If there’s anything conthey miss the periphery. And stant, it’s change,” Burns said that is where you find things in a 1994 interview. “People you don’t even know come here for one purpose—to are there.” understand the possibilities of “People here aren’t trying to will be the growth of this new form [of technology]. beat each other at something, business intelligence These technologies are going or win something,” Burns said software market in to change all the time. They’re in a 2008 interview. “When india by 2014 really going to have to underyou walk around and feel the stand the fundamental nature energy, it’s extraordinary.” of the technologies Diversity is vital to innova- “Competitive people have energy, they’re interesting and so forth. But they’re so focused on the competition they fail to see what they’re doing. They just want ‘better, bigger, stronger, longer,’ and they miss the periphery” 16% and the possibilities. And we look for ways for the technology to be applied in very human ways.” heck the Periphery. Burns urged students to be dreamers and visionaries, and to use technology to explore what she liked to call “the periphery.” Daniel Rozin, a former director of research at ITP, described ITP as the opposite of the traditional academic program “where you have your hypothesis and you go out and prove it, is not the way it goes at ITP…. As Red says, ‘If we knew already what we were looking for, we wouldn’t be looking for it.’ ” ITP graduate Evan Rudowski, Mashable: “Today, when I work on a project I try to think about whether Red Burns might find it worthy: does it serve, empower and engage people? Does it free them to do something they may not have done before? I’m not sure I always succeed, but Red and ITP helped me understand what I ought to be shooting for.” Lastly, this gem from Burns: “If you let technology rule the day, you won’t get anywhere. The only thing that’s important about technology is what you do with it.” — Jack Rosenberger is the managing editor of CIO Insight. You can follow him on Twitter via @CIOInsight. — This article was first published in CIO Insight. For more stories please visit www. cioinsight.com. October 21 2013 39 N E X T H O R I Z O N S | se c u rit y CIA Director Warns of ‘Cyber-Pearl Harbour’ The government needs to work hard to protect the security of the country’s critical infrastructure By Michael Vizard image by photos.com U nless private industry is allowed to work more collaboratively on IT security with the government, the prospect of a cyber-Pearl Harbour event wiping out huge swaths of the US infrastructure is very high, according to former CIA Director Leon Panetta. Speaking at last week’s McAfee Focus 2013 conference, Panetta noted that 90 percent of the US’s critical infrastructure is in private hands. Defending that infrastructure will require a strong partnership between government and the elements of the private sector that have control of those systems, he said. “A cyber-attack would virtually paralyse our nation,” Panetta said. “This goes way beyond hackers and criminals or people trying to steal sensitive information.” To reduce the risk of cyber-warfare, Panetta is hopeful that countries will come together to sign bilateral cyber-warfare agreements similar to today’s nuclear non-proliferation treaties. In the meantime, Panetta is encouraging the US Congress to pass a set of laws that would indemnify companies that share information with the US government from being sued by their customers. Panetta said the problem the legislation faces is that, with all the gridlock in Congress, nothing is getting accomplished. “We’re dealing with record deficits, debt and gridlock,” he said. “That bodes ill for the kind of future we want our children to have.” In addition to making people more aware of the potential cyber- US needs to defend itself from nation states and terrorist organisations that already have cyber-warfare capabilities 40 October 21 2013 warfare threat, both industry and government need to keep investing in security technologies, Panetta said. The US and many other countries, he noted, now routinely include cyber-attacks to wipe out an enemy’s infrastructure in their military plans. Panetta said the US needs to be able to defend itself from nation states and terrorist organisations that already have cyber-warfare capabilities or are actively trying to acquire them. Panetta noted that an Iranian-backed group was able to destroy 30,000 computers owned by Saudi Aramco using a Shimoon virus. Multiply that type of attack against transportation, financial, health- N E X T H O R I Z O N S | m o b i l it y care and electrical systems and it becomes pretty apparent how devastating cyber-warfare can be, Panetta said. Greg Brown, vice president and CTO for cloud and Internet of things at McAfee, said the primary issues that CIOs need to contend with when it comes to most embedded systems is that they were designed long before they could be connected to the Internet. As such, the systems usually don’t include security controls. Brown said Intel, the parent company of McAfee, recently unveiled a Quark family of processors for embedded systems that, among other things, bakes security into the instruction set of the processor. “Security needs to be integrated with the hardware,” said Brown. As Intel embeds more security functionality into its processors, the chipmaker says the cost of deploying security will decrease, which could help insure that security is more broadly applied. Speaking at the same McAfee Focus 2013 conference as Panetta, Intel president Renee James said Intel plans to embed security in every class of Intel processors. “We believe security needs to ubiquitous,” he said. “In the next two years you’ll see a lot more integrated security. Our goal is to change the economics of security.” — This article was first published in CIO Insight. For more stories please visit www.cioinsight.com. ‘Game Over’ for BlackBerry Enterprise customers of BlackBerry products should find alternatives, a new Gartner report urges By Jack Rosenberger E nterprise customers of BlackBerry’s smartphones and enterprise management software should find alternatives to the financially troubled company’s products over the next three to six months, according to a recently released Gartner report, a copy of which was obtained by Computerworld. The Gartner report recommends three courses of action. BlackBerry responded with a statement, saying: “We recognise and respect external parties’ opinions on BlackBerry’s recent news. However, many of the conclusions by Gartner about the potential impact of a sale or other strategic alternatives, are purely speculative." The Waterloo, Ontario company, however, has not fared well during recent months. A brief timeline of its recent troubles include the disclosure of plans to lay off 4,500 of its 12,500 employees; a loss of $965 million in the second quarter of fiscal 2014; and a decline in revenue by 49 percent in fiscal Q2 from the previous quarter. Meanwhile, the company’s sale to Fairfax Financial Holdings of Toronto for $4.7 billion is pending. 42 October 21 2013 The decline of the once-mighty BlackBerry offers a key takeaway for IT leaders. One should always monitor and periodically review the vendors and service providers Gartner analyst Ken Dulaney's eight-page report, which the firm released to select BlackBerry enterprise customers, suggests three courses of action: Abandon all BlackBerry devices. Contain the use of BlackBerry devices, with users being informed that their devices will be discontinued, while allowing for possible exceptions for users who are approved by management. Upgrade a limited number of users to BlackBerry 10 devices, while supporting Android, iOS and other platforms. Despite its dire situation, BlackBerry remains a presence in the enterprise. In August, Gartner conducted a poll of 400 business and IT leaders and found that 24 percent are on the BlackBerry platform. However, the respondents expected that number will decline to nine percent by 2016, according to Computerworld. The decline of the once-mighty BlackBerry offers a key takeaway for IT leaders: The importance of monitoring and periodically reviewing your vendors and service providers—and watching for troubled companies that, like BlackBerry, might be unable to fulfill your IT needs now or in the near future. — Jack Rosenberger is the managing editor of CIO Insight. You can follow him on Twitter via @CIOInsight. — This article was first published in CIO Insight. For more stories please visit www.cioinsight.com. N O H O L D S B A R R E D | J as p ree t S i n g h DOSSIER company: Ernst & Young established: 1989 headquarters: London, UK Services: Assurance, Tax Advisory, Consulting, Financial Advisory, etc employees: 175,000 “CFO can be a CIO’s greatest ally” In a freewheeling discussion with CIO&Leader, Jaspreet Singh, Associate Director, Ernst & Young LLP, talks about the various facets of IT transformation and believes the finance organisation can be a CIO’s greatest ally when properly engaged 44 October 21 2013 J as p ree t S i n g h | N O H O L D S B A R R E D To many CIOs, IT transformation means nothing. It’s just a hype created by consultancy firms to generate business. What do you think? We live in an era where change — imposed by regulatory or market forces — is rapid, radical and far-reaching. The market is changing in such a way that consolidation, technology shifts, new business models and consumer behavior are forcing actors in the market to adapt to the future while business is still ongoing. Businesses today encounter near-constant upheaval, which they can endure and even benefit from when supported by a rejuvenated IT organisation. Information technology plays a critical role in the success of significant business transformations — not only as a key enabler but also as a source of advantage. However, most organisations are not even coming close to realising the potential benefits of their IT investments. Many organisations are stretched to the breaking point just trying to maintain existing systems. Critical new projects are being shelved. The new projects that are done are often delivered late, over budget, and missing key functionality. We see many organisations in which the business doesn’t trust IT and IT feels marginalised by the business. In many cases, senior management has little awareness of IT governance processes, and IT is viewed as a mere support function with no defined mission. This is neither hype, nor trend, but reality. These problems can be solved, but not with piecemeal solutions. What is needed is a radical transformation not only in how IT does its job, but in how business and IT work together. Thus, in today's change-driven environment, it has become imperative for IT to transform from its traditional function as a technology provider and become an adaptive, responsive and nimble organisation. IT transformation is a very broad term. It can mean re-modeling the architecture or the application mix, or shifting from a centralised model to a decentralised one, or simply cost cutting. So, how do you rate or categorise IT transformation? IT transformation has become a popular piece of the techie vernacular. Describ- ing such an extensive topic in a universal, narrow-scope manner is like tilting at a windmill. But if you ask me, it is something broader than a specific initiative or strategy. It’s about integrating complex IT systems and streamlining IT processes, rationalizing the existing technology base; and enabling them to take advantage of modern, business-friendly technologies to better align the IT system to the needs of the business. In short, it ensures that IT improves What is needed is a radical transformation not only in how IT does its job, but in how business and IT work together operating efficiencies, reduces operating costs, ensures regulatory compliance and business agility, helps business growth, and enhances business value. It is more than mere optimisation or modification of engineering components, but is rather a holistic revamp of the existing technology base used to support the company’s mission-critical business. Ironically, IT Transformation is not about changing things for the sake of change, but about better aligning the IT system to the needs of the business. .While talking of IT transformation, what are the key barriers faced by CIOs? Communication: When it comes to gaining buy-in on IT transformation programs, many of the CIOs fail to convince key stakeholders. Communicating the value and benefit of an IT transformational program to the business is one of the leading challenges that CIOs face. Perception of the IT department: The legacy perception of the IT department as “backoffice order takers” hampers a dynamic CIO’s ability to be seen as an agile busi- ness partner, delivering new and marketdifferentiating business capabilities. This perception can only be altered by articulating the benefits in business terms that resonate with business leadership. CIOs need to focus on enabling the stakeholders to understand the drivers and business benefits; providing clear and continuous communications, partnering with finance to make costs visible and showing due considerations for alternatives, especially from the viewpoint of business segment executives. Uncertainty and Risk mitigation: In the rapidly changing market and technology environment, it is not difficult to foresee that enterprise level IT transformation will encounter a lot of uncertainties. Most of these uncertainties are not predictable in terms of timing and scale at the beginning. To minimise the risks, CIOs need to carefully take care of this kind of risks with a right methodology and frameworks in place to develop a solid mitigation strategy before the transformation journey starts. CIOs or IT leaders have the tendency to confide in their technical comfort zone and the board feels that the CIO's transformational efforts are not insync with the goals of the company or the client's expectation. How can one possibly reduce this gap? In the old days, it was simply a matter of keeping IT projects on time and on budget — but today, the CIO has to be active across every aspect of complex investment programs which can cost millions of pounds. Today, the CIO manages IT change – but, IT is increasingly involved in driving business changes which keep a company ahead of the competition. The CIO needs identify what business changes are required to improve performance, and take on accountability for driving end-toend business process transformation. The experience which IT has gained from technological innovation can be leveraged into the business operating model. The new role will include facilitating collaboration, both internally and across enterprises; managing the rapidly changing area of business and technological security; and tackling the challenges of information and knowledge within the organisation. October 21 2013 45 TECH FOR illustration BY peterson pj GOVERNANCE $4bn Data Briefing Will be the size of India’s enterprise software market in 2013 How The NSA Deploys Malware Once an attacker has successfully infected a victim, the attacker generally has full access to the user’s machines By Dan Auerbach 46 October 21 2013 W s ec u r i t y | T E C H F O R G O V E R N A N C E We’ve long suspected that the NSA, the world’s premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneier—who is working with the Guardian to go through the Snowden documents—we have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. How Does Malware Work Exactly? Deploying malware over the web generally involves two steps. First, as an attacker, you have to get your victim to visit a website under your control. Second, you have to get software—known as malware—installed on the victim's computer in order to gain control of that machine. This formula isn’t universal, but is often how web-based malware attacks proceed. In order to accomplish the first step of getting a user to visit a site under your control, an attacker might email the victim text that contains a link to the website in question, in a so-called phishing attack. The NSA reportedly uses phishing attacks sometimes, but we’ve learned that this step usually proceeds via a so-called “man-in-themiddle” attack. The NSA controls a set of servers codenamed “Quantum” that sit on the Internet backbone, and these servers are used to redirect targets away from their intended destinations to still other NSA-controlled servers that are responsible for the injection of malware. So, for example, if a targeted user visits “yahoo.com”, the target's browser will display the ordinary Yahoo! landing page but will actually be communicating with a server controlled by the NSA. This malicious version of Yahoo!'s website will tell the victim's browser to make a request in a background to another server controlled by the NSA which is used to deploy malware. Once a victim visits a malicious website, how does the attacker actually infect the computer? Perhaps the most straightforward method is to trick the user into downloading and running software. A cleverly designed pop-up advertisement may convince a user to download and install the attacker’s malware, for example. But this method does not always work, and relies on a user taking action to download and run software. Instead, attackers can exploit software vulnerabilities in the browser that the victim is using in order to gain access to her computer. When a victim’s browser loads a website, the software has to perform tasks like parsing text given to it by the server, and will often load browser plugins like Flash that run code given to it by the server, in addition to executing Javascript code given to it by the server. But browser software—which is becoming increasingly complex as the web gains more functionality—doesn't work perfectly. Like all software, it has bugs, and sometimes those bugs are exploitable security vulnerabilities that allow an attacker to gain access to a victim's computer just because a particular website was visited. Once browser vendors discover vulnerabilities, they are generally patched, but sometimes a user has out of date software that is still vulnerable to known attack. Other times, the vulnerabilities are known only to the attacker and not to the browser vendor; these are called zero-day vulnerabilities. The NSA has a set of servers on the public Internet with the code name “FoxAcid” used to deploy malware. Once their Quantum servers redirect targets to a specially crafted URL hosted on a FoxAcid server, software on that FoxAcid server selects from a toolkit of exploits in order to gain access to the user’s computer. Presumably this toolkit has both known public exploits that rely on a user’s software being out of date, as well as zero-day exploits which are generally saved for high value targets. The agency then reportedly uses this initial malware to install longer lasting malware. Once an attacker has successfully infected a victim with malware, the attacker generally has full access to the user's machines: she can record key strokes (which will reveal passwords and other sensitive information), turn on a web cam, or read any data on the victim's computer. What Can Users Do To Protect Themselves? We hope that these revelations spur browser vendors to action, both to harden their systems against exploits, and to attempt to detect and block the malware URLs used by the FoxAcid servers. In the meantime, users concerned about their security should practice good security hygiene. Always keep your software up to date—especially browser plugins like Flash that require manual updates. Make sure you can distinguish between legitimate updates and October 21 2013 5 POINTS the nsa controls a set of servers that sit on the Internet backbone A cleverly designed pop-up ad may convince a user to download and install the attacker’s malware The nsa has a set of servers on the public Internet with the code name “FoxAcid” the nsa’s system for deploying malware isn’t particularly novel Never click a suspicious looking link in an email 47 T E C H F O R G O V E R N A N C E | s ec u r i t y prevalent, you will have to click a lot. For Firefox users, pop-up ads that masquerade as software updates. Never RequestPolicy is another useful add-on that stops thirdclick a suspicious looking link in an email. party resources from loading on a page by default. Once For users who want to go an extra step towards being again, as third-party resources are popular, this will more secure—and we think everyone should be in this disrupt ordinary browsing a fair amount. Finally, for the camp—consider making plugins like Flash and Java ultra paranoid, HTTP Nowhere will disable all HTTP “click-to-play” so that they are not executed on any given will be the rowth traffic completely, forcing your browsing experience to web page until you affirmatively click them. For Chromiof it spending in be entirely encrypted, and making it so that only webum and Chrome, this option is available in Settings => india in the year sites that offer an HTTPS connection are available to Show Advanced Settings => Privacy => Content Settings 2014 browse. The NSA’s system for deploying malware isn’t => Plug-ins. For Firefox, this functionality is available particularly novel, but getting some insight into how by installing a browser Add-On like “Click to Play perit works should help users and browser and software element”. Plugins can also be uninstalled or turned off vendors better defend against these types of attacks, completely. Users should also use ad blocking software making us all safer against criminals, foreign intelligence agencies, to stop unnecessary web requests to third party advertisers and web and a host of attackers. That’s why we think it’s critical that the NSA trackers, and our HTTPS Everywhere add-on in order to encrypt come clean about its capabilities and where the common security connections to websites with HTTPS as much as possible. Finally, holes are—our online security depends on it. for users who are willing to notice some more pain when browsing the web, consider using an add-on like NotScripts (Chrome) or — This article is printed with prior permission from www.infosecisland. NoScript (Firefox) to limit the execution of scripts. This means you com. For more features and opinions on information security and risk will have to click to allow scripts to run, and since Javascript is very management, please refer to Infosec Island. 6% What is Real in Cyberhype? Cyberhype is not going to disappear from the reality we live in By Jarno Limnéll R ecent disclosures of the US intelligence secrets have raised cyberhype to a new level. Continuous reporting on how the United States monitors and intercepts electronic communication has reinforced the globally disseminated metanarrative of an urgent cyber threat. Before the United States, China played the crucial role of the main villain in the narrative. Even if it is challenging to conclude what is real in cyberhype, it should not be perceived as nonsense and disregarded. What is cyberhype? What in it is worth taking seriously? Cyberhype is not primarily about cyber threats. On the contrary, it is 48 October 21 2013 about the promises of transformation in our daily lives brought about by the inventions in information technology. Cyberspace is ought to make our lives easier, happier and more secure. Technology is to fix human deficits and augment our abilities remarkably. These promises are inherent in technology which develops on the basis of the dictum that everything possible is also desirable. Cyber threats were added to the puzzle only later on when it became clear that cyberspace also enables malicious activity. There are multiple factors and strengthening trends that speak for the severity of cyber threats. Firstly, our daily lives are fully dependent on the digital world, which creates an increasing number of vulnerabilities. Secondly, states are strongly involved in cyberspace and allocating incremental resources to the development of their capabilities. These capabilities include intelligence, as well as both defence and offence. Thirdly, the “weapon / counter-weapon” dynamic takes place on two arenas. Evolving defence capabilities trigger the development of offensive weapons and vice versa. Moreover, because an actor can never be sure about the capabilities and intensions of other actors, it tends to act “just in case” and, at worst, resorts to an excessive build-up. Finally, creating, maintaining and using cyber weaponry is cost-efficient in comparison to more traditional weapon systems. s ec u r i t y | T E C H F O R G O V E R N A N C E A transformative turn in the narrative took place in 2010. Both the United States and Israel knew that the use of Stuxnet might endanger human lives and still decided for it. An important threshold was crossed, and ever since cyber capabilities have been an essential tool in states’ politico-military toolbox. The development of these vital capabilities should not be hindered by the inevitable counter-reaction to ever intensifying cyberhype. Critical infrastructure, economy and people’s lives need protection. Efficient protection requires updating not only technological capabilities, but also, for example, legislation that regulates the use of cyber means. Nevertheless, unnecessary intimidation should be avoided when pushing for the up-dates. Occasionally it seems that the evolving cyberhype has started a competition on who is able to scare people the most or use the most intimidating rhetoric. The culture of fear thus created cultivates futile anxiety amongst people and businesses, as well as accelerates the on-going cyber arms race between states. In addition, cyberhype justifies certain political, societal, security (including military) and financial choices, that is, it always serves somebody’s interests. For instance, it increases the sales Image BY photos.com All in all, cyberhype constructs the reality as we know it and reminds us of what could happen of cyber security companies and reasons global eavesdropping. On the one hand, it enhances people’s awareness, but on the other hand, it makes them tired of issues with the prefix of “cyber”. All in all, cyberhype constructs the reality as we know it and reminds us of what could happen. Fears and uncertainties reside in potentiality, which is well reflected in the metanarrative of a global cyber threat. Yet potentiality is not the same as reality. Acknowledgedly, cyberhype needs balancing. The balancing act should still not lead into omission. Cyberhype is not going to disappear from the reality we live in. The existence of hype, however, does not exhaust the fact that the digital world is a domain in which strategic advantage can be either won or lost in a short time frame. Unnecessary emphasis on speed should still be avoided as the unintended consequences of actions and risks caused by retaliation may be significant. Asymmetry prevails in cyberspace, which often grants an advantage to the offender. In addition, the roles of time, distance and effectiveness differ in physical and digital worlds. The aforesaid has lead into three worrying global trajectories. First, cyberspace has likely turned countries more offensive as cyber operations have been interpreted as relatively soft (often equated with nonkinetic) actions to reach one’s goals. The threshold to use them has hence been lowered. Next to that, we currently live in a grey area that emerged from the blurring of war and peace. Obscuring of concepts also mixes the phenomena they are expected to describe thus making both reality and the narrative used to describe it more unstable. Lastly, the challenge in cyber warfare is to differentiate between combatant and noncombatant, as well as to define the borders of operational areas. If both war and peace exist at the same time and if everyone is a likely target as well as an actor in cyber operations, nothing makes sense or can only have a very restricted, situation bound and constantly altering meaning. Cyberhype calls for containment. It also requires a transformation in security thinking towards an enhanced attention to resilience. Politicians should think less about cyberwar and more about cyber diplomacy in order to balance the hype. — This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island. October 21 2013 49 T E C H F O R G O V E R N A N C E | s ec u r i t y How Can you Expose Attacks Many companies and organisations still don’t have the protection they really need to safeguard their systems By Michelle Drolet How do they get in? image BY photos.com T he risk is that security is breached, typically through manipulation of employees using a technique such as spear phishing, and existing security systems are unable to detect the attack. Data can be harvested for many months, or even years, before the breach is discovered. According to a white paper (PDF) from the Enterprise Strategy Group, 59 percent of enterprise security professionals believe their organisation has been the target of an APT, and 40 percent of large organisations have invested in various new security technologies as a direct result of APTs. One of the most worrying aspects of APTs is that advanced attacks typically go unnoticed for over a year Penetration may be achieved stealthily, typically with a targeted attack on an employee. The cybercriminal will gather data online, with social network accounts proving to be a particularly rich source. According to Trend Micro research (PDF), spear phishing is the preferred method, accounting for a staggering 91 percent of targeted attacks. The employee targeted will receive an email that appears to come from an organization like LinkedIn, and if they trust the 50 October 21 2013 content, they’ll follow the link within to a fake website where they may be tricked into allowing a cybercriminal to gain remote access to their computer. Once the attacker has access to one employee’s computer they can use it to gain remote access to devices belonging to other employees in the organisation. The threat has spread dramatically and tradi- s ec u r i t y | T E C H F O R G O V E R N A N C E tional security tools will be none the wiser. Provided the attacker is careful to keep the data theft slow and steady, with frequent small file transfers rather than a big data dump, there’s little chance that it will be picked up by existing security systems. How do you catch them? The idea is to analyse downloads and network payloads in order to expose potentially malicious communications. It’s about detecting malware or human intrusions into your system by paying close attention to the addresses of any communication. Does the external location for a file transfer make sense? Does the address have a bad reputation? Are the SSL certificates legitimate? It’s important to expose suspicious internal communications as well. Is there any reason that a specific employee’s computer should be the source of a remote desktop session on another employee’s device? A proper analysis will flag suspicious behavior and allow the IT department to assess the threat and take action to close it down. Keep your guard up The nature of this threat dictates the need for constant vigilance to keep the cybercriminals out. Shut down one route and they will continue to explore other avenues of access, the more obscure the better. There are many potential penetration points to consider. Activity must be analyzed across the entire organisation and you need realtime information on potential attacks and known malicious sources. How about blocking suspicious URLs and web-based content to stop penetration from the outset? Do you have application firewalls or database security? It’s also wise to ensure that you have data encryption technology in place; far too many companies focus on a Maginot line defense, pouring resources into defending against external attacks and forgetting that if attackers do gain access they can circumvent this security from within. How do you know you’ve caught them? One of the most worrying aspects of APTs is that advanced attacks typically go unnoticed for over a year. You may be locking the stable door after the horse has bolted. That’s why an analysis of internal traffic is so vital. Suspicious behavior must be followed up and investigated. In the longer term you want to reach beyond identifying and blocking attacks to unmask the criminals responsible so that you can share intelligence to nullify their threat. Targeted attacks are still on the rise. As governments and large organizations begin to take action and get a handle on the threat, there’s a real risk that many cybercriminals will look for easier prey. Don’t allow your company to be an easy target. About the Author: Michelle Drolet is founder of Towerwall, a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. — This article is printed with prior permission from www.infosecisland. com. For more features and opinions on information security and risk management, please refer to Infosec Island. October 21 2013 51 VIEWPOINT ken oestreich illustration BY peterson pj Desktops-as-aService The Rising Tide Lifts All Ships if you look at Gartner Research’s 2013 Hype Cycle for IT Infrastructure and Outsourcing Services, you’ll find Hosted Virtual Desktops (HVDs) at the very peak of hype this year, outdistancing all other technologies. For years HVDs were considered a niche technology, where an outsourcing provider (typically a Managed Service Provider or MSP) delivers virtualized desktops from an external source. Think: Cloud-hosted desktops. The cloud-hosted virtual desktop segment is sometimes referred-to just as Desktops-as-a-Service (DaaS) implying that the desktops are on-demand, regardless of where they are sourced. To date, many reasons have throttled broad adoption: Cost, user experience, network speed/latency, doubts about reliability/availability, and more. But the environment is changing and growing. And that growth will be accelerating. Analysts closely track the DaaS market, including estimates for areas of adoption, market size and growth rates (see my recent Blog, How big is the hosted desktop market?) But all of those estimates were based on a mar- 52 October 21 2013 ket formed by a few vendors. By my own estimate, Citrix’s installed base of Service Providers currently leads the pack in terms of worldwide partners and installed DaaS seats. Additionally Desktone has been vying for second place, with TuCloud, Dincloud and others also proliferating offerings. An excellent (albeit year-old) assessment of the state of DaaS is the 451 Research “Desktops as a Service: New approaches to desktop management from cloud service providers” study. But without a second (or third) source of DaaS from a major vendor besides Citrix, the perceived market size (and customers’ comfort to consume) has been limited. Up until now. Welcome to the Party Today VMware’s End-User Computing group announced their acquisition of Desktone and its DaaS infrastructure technology. Clearly VMware sees an opportunity to combine its view of the cloud with the opportunity to further serve the enterprise’s needs for desktop infrastructure. And while Desktone is a relatively small About the author: Ken Oestreich is a marketing and product management veteran in the enterprise IT and data centre space, with a career spanning start-ups to established vendors. player in the market, VMware must assume that aligning their technology with their existing Horizon suite of enterprise virtual desktops will create a large new cash stream for the company. But this move also represents an important step towards raising the Tide for DaaS, toward validating and maturing delivery of HVDs from the cloud. VMware, as a major supplier to Enterprise IT, has put its money behind the bet - indicating that there is money to be made, and that economic opportunity is outweighing hype. In my opinion, we’ll see analysts like Gartner, IDC and 451 begin to adjust their DaaS targets upwards, as vendors begin to make the market. To be sure, customers drive the decision. But they also follow reputable vendors’ direction. This rising tide will also be a wake-up call to other major software and/or cloud vendors. Think: Amazon... Think Azure... I’m betting it may well signal that major cloud vendors will also jump into the DaaS game themselves. And when that happens, the market estimates will again move upwards. Improve office productivity with the new A3 LaserJet MFP. With exceptional speed and wireless direct print#, take your office efficiency to the next level—print, scan, and copy quickly on paper sizes up to A3. Introducing HP LaserJet Pro MFP M435nw. To know more, Call 1800 4254 999; SMS ‘LASERAIO’ to 56070; Visit hp.com/in/a3-mfp The new generation A3, HP LaserJet Pro MFP M435nw • Print speed of 30 ppm (A4) • Mobile printing: HP ePrint*, wireless direct# and step-in USB • Super compact dimension • A3 format *Requires an Internet connection to the printer. Feature works with any connected Internet and email-capable device. Requires HP Web Services Account Registration. Print times may vary. For a list of supported documents, and image types, see www.hp.com/go/eprintcenter. And for additional solutions, see www.hp.com/go/mobile-printing-solutions. # Mobile device must be wireless-enabled. Printer must be HP ePrint-enabled. Feature may require driver or apps, available for download at www.hp.com/go/eprintcenter. ©2013 Hewlett-Packard Development Company, L.P. September 2013.
© Copyright 2024