Technology Feature 10 Mobile Computing Insights pg 20 f o r t h e n e x t g e n e r at i o n o f c i o s THE BIG Opinion Why are you being apologetic about being in tech? PAGE 04 Strategy Feature The Challenges of Aligning IT and the Business PAGE 26 BENEFITS OF BIG DATA ANALYTICS With businesses already deriving big benefits out of their big data and analytics efforts, and many still figuring out the whys and wherefores of data science, here is an account of the big picture of analytics in India and the innovative initiatives that are helping companies save millions June 2015 | `100 | Volume 06| Issue 05 | A 9.9 Media Publication facebook.com/t | @itnext_magazine www.itnext.com | Editorial Get Ready for the Digital Business Rapid changes in the Indian business environment are driving new expectations—and demands—from the IT department More and more business units are keen to utilize the latest advances in technology to deliver new services to customers, improve productivity and accountability, increase revenues, boost customer satisfaction—or to keep up with competition While budgets for many of these new initiatives are becoming available, the big challenge for the IT department is to prepare the infrastructure and processes to support these escalating enterprise expectations And to deliver results quickly To this, IT leaders will need to hone a brand new set skills that will enable them successfully drive digital innovation At the top of the list is the ability to create and deploy mobile enterprise applications The demand is being driven both by employees and customers—and the urgency is real But, delivering on mobility can be tricky—given the wide variety of hardware and software platforms, security considerations, and the brisk evolution of the mobile eco-system So, go out and learn more about the technologies that enable the mobile revolution—and be prepared to re-think your internal processes and systems Closely linked to mobility is the delivery of user experience Technology users now expect—and demand—great convenience and ease of use They want systems that are intuitive and adaptive, and have little patience for desktop screens that have been merely re-sized for the mobile platform Responsive design is just not enough—users expect true mobile apps To this, you will need to work with business units to re-design information flows, delivery mechanisms and user interactions So, read up on user experience design Next on the list is predictive analytics If you can find a way to discover useful correlations from the vast amounts of data that your organization has been collecting, your business users will be delighted Even better, put the tool into their hands and train them to use it Check out how big data technologies can help you this Finally, keep a close watch on how Internet of Things (IoT) is evolving You may be able to deliver great value to the organization by connecting and integrating information from a wide variety of smart devices and sensors Write in, and let us know how you are getting ready for digital business “ IT leaders will need to hone a brand new set of skills that will enable them successfully drive digital innovation.” R G iri d h a r Blogs To Watch! DevOps-  is a concept dealing, among other things with software development, operations and services http://en.wikipedia.org/wiki/ DevOps IT Operations – DevOp http://www.intland.com/ solutions/by-discipline/devops/ DevOps definition: Best explained by what it’s not http://searchsoftwarequality techtarget.com/ news/2240176588/DevOpsdefinition-Best-explained-bywhat-its-not DevOps & IT Management Partners http://electric-cloud.com/ partners/devops/ june | itnext Content Fo r t h e l at est t ec h n o lo g y u P DATES G o to i t n ex t i n june 2015 Volume 06 | Issue 05 Facebook: http://www.facebook com/home.php#/group php?gid=195675030582 Twitter: http://t witter.com/itnext LinkedIn http://www.linkedin.com/ groups?gid=2261770&trk=myg_ ugrp_ovr Page 12 cover story Strategy 12 The Big Benefits of Big Data Analytics An account of the big picture of analytics in India and the initiatives that are helping companies save millions 15 Big Data Momentum Intensifies Pulak Ghosh, an analytics expert who is currently in the panel of UN’s big data group, talks about the current state of affairs as far as big data adoption is concerned in India 18 ‘Machine Learning Help Us Save Millions’ Navin Manaswi, a data scientist and a big data specialist with a U.S.-based food company shares insights on how they leverage data science to forecast demands of products TECHNOLOGY FEATURE 10 Mobile Computing Insights PG 20 F O R T H E N E X T G E N E R AT I O N O F C I O s Opinion WHY ARE YOU BEING APOLOGETIC ABOUT BEING IN TECH? PAGE 04 Strategy Feature THE CHALLENGES OF ALIGNING IT AND THE BUSINESS PAGE 26 THE BIG BENEFITS OF BIG DATA ANALYTICS cover Design: PETERSON PJ With businesses already deriving big benefits out of their big data and analytics efforts, and many still figuring out the whys and wherefores of data science, here is an account of the big picture of analytics in India and the innovative initiatives that are helping companies save millions June 2015 | `100 | Volume 06| Issue 05 | A 9.9 Media Publication facebook.com/t | @itnext_magazine www.itnext.com | itnext | j u n e 38 Disruption Is the New Normal | Attempting to apply old-school approaches and invoke protectionist practices in today’s ever-changing business environment is a recipe for disaster itnext.in MANAGEMENT Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Vikas Gupta Chief Operating Officer - 9.9 Tech: Krishna Kumar How CIOs Can Ensure Their IT Teams Are a Good Fit EDITORIAL Group Editor: R Giridhar Online Editor: Mastufa Ahmed Page DESIGN 30 Strategy 26 The Challenges of Aligning IT and the Business I The issue of aligning IT with the business isn’t really a clear-cut business, IT or management problem, it’s often a feeling that people experience Strategy 38 Between a Cyber-Rock and a Risk Place | With the board of directors asking questions about security readiness, CIOs are under pressure to assess their organization’s ability to respond to threats ESDS conference REPORT 36 Innovations Simplify DC Management | Latest advances ease resource management, and ensure reliable service delivery Sr Creative Director: Jayan K Narayanan Sr Art Director: Anil VK Associate Art Director: Anil T Sr Visualisers: Shigil Narayanan & Sristi Maurya Visualiser: NV Baiju Sr Designers: Haridas Balan, Charu Dwivedi Peterson PJ, Manjith PB & Pradeep G Nair tech insight 20 Why You Must Leverage these Mobile Insights I If you bet on mobile computing, these insights will help you ONLINE & MARCOM DESIGN Associate Art Director: Shokeen Saifi Sr.Designer: Manoj Kumar VP Web Designer: Om Prakash PHOTOGRAPHY Sr Photographer: Jiten Gandhi tech insight sales & marketing 24 “IoT Needs a New Network Architecture” I To handle the demands of the IoT environment, Huawei has extended its enterprise networking product line Product Manager: Maulshree Tewari (+91 9717597903) Sales Director: Mahantesh Godi Regional Sales Manager - North: Deepak Sharma (09811791110) West: Samiksha Ghadigaonkar (09619189019) Dushyant Mehta (0091 98 192 87928) South: Abhijeet Ajoynil (09741414154) Assistant Product Manager-Digital: Manan Mushtaq Ad co-ordination/Scheduling: Kishan Singh tech insight 35 “The Implications of Net Neutrality I The Implications for Internet users and SMBs Production & Logistics Sr GM Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd Ansari RegulArs Office Address Nine Dot Nine Mediaworx Pvt Ltd A-262 Defence Colony, New Delhi-110024, India Editorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01 Opinion _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04 Certain content in this publication is copyright Ziff Davis Enterprise Inc, and has been reprinted under license eWEEK, Baseline and CIO Insight are registered trademarks of Ziff Davis Enterprise Holdings, Inc Indulge_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 40 Published, Printed and Owned by Nine Dot Nine Mediaworx Private Ltd Published and printed on their behalf by Vikas Gupta Published at A-262 Defence Colony, New Delhi-110024, India Printed at Tara Art Printers Pvt ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301 Page 22 advertiser index Accenture IFC Delta 5 Vodafone 10,11 Samsung IBC Huawei BC Please recycle this magazine and remove inserts before recycling © All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine mediaworx Pv t Ltd is prohibited june | itnext opinion| Shyamanuja Das m anagemen t Why are you being apologetic about being in tech? The demands on the CIO to be knowledgable about business is on the rise That does not mean that the CIO has to be ashamed about his tech core competence and give it up completely M other India , Amar, Aan, Andaz, Anokhi Ada, Anmol Ghadi… what is common to these alltime classics, apart from being musical superhits? They are all movies made by Mehboob Khan, with music composed by Naushad Mehboob-Naushad combination is one of the most successful director-composer associations in the history of Hindi cinema Both Mehboob and Naushad were towering figures in their own areas Mehboob was the first showman; Naushad turned Hindi film music into a genre by itself But why am I getting into musicology here? Because I believe something that happened between the two has valuable lessons for all of us—in this case CIOs This is the incident as described by Naushad himself in an interview, which happened in the beginning of their association “When I recorded my first song for Mehboob’s ‘Anmol Ghadi’, he asked Noor Jehan to change a note, add a stress there He was the boss The next day I purposely went on to the sets while the song was being filmed Mehboob welcomed me saying ‘Look at your song being shot!’ “May I see through the camera?” I asked He allowed me I peered through it and asked the people around to move the table to the left, a chair to the right Mahboob caught me by the ear and said, ‘Your job is music, direction is my job’ I said that was the very admission I wanted from him, that his job itnext | j u n e was direction and not music Mehboob’s answer was clear from thereon — never to enter the music room again, and I did all the films unfettered.” A pro respects a pro… The CEO-CIO combination is much like a directorcomposer relationship At the end of the day, it is the CEO who is responsible to the shareholders just as the director is responsible for the film’s overall success In India, music plays an important role in that success While it is director who explains the situation; the mood that he wants; the expression that he expects; sometimes even recommends the playback artist; he has no business telling the composer to change a note here or use a dholak instead of pakhawaj for the beats; certainly not in a commanding tone The responsibility of producing a good tune is the composer’s But why did Mehboob—known in the industry for his life-size ego—listen to a 27 year old? Reason No 1: his ego notwithstanding, he was a A good CEO must know the strengths of the CIO and he should not interfere with the decisions in his functional area Suggestion BOX Sheryl Sandberg examines why women’s progress in achieving leadership roles has stalled She explains the root causes and offers compelling solutions that can empower women great professional Reason No 2: he had immense faith on and respect for Naushad Anmol Ghadi was a 1946 movie; they went on to produce many super hits after that Almost all the names that I mentioned in the beginning were made later Translated to our lingo, a good CEO must know the strengths of the CIO, must respect him/ her While being ruthless in getting the business outcomes is needed, he should not interfere with his decisions in his functional area What is worrying is that some CIOs have unwittingly started believing in this They are almost apologetic about the fact that they come from a technology background; they try to play up their ‘business profiles’ Why is a CIO ashamed of his core function? I myself have argued so many times the need for an understanding of business and appreciation of business outcomes expected from application of IT No one can argue otherwise But that does not translate to being sorry about technology Shyamanuja Das heads business research practice at Juxt SmartMandate, an analytics and research firm based in Gurgaon The power behind competitiveness Ultimate availability without compromising power efficiency Delta Modulon DPH Series, 25–800 kW The modular UPS ideal for medium-sized datacenters • Advanced fault tolerance design • Self-redundancy of control mechanism, power and cooling modules • Hot-swappable key modules and components • Fully rated power factor (PF=1, kVA=kW) • Excellent AC-AC efficiency up to 96% • Vertical scale up to achieve N+X redundancy in a single rack • 19” rack-based design fits perfectly into Delta InfraSuite datacenter solutions +91 9999992084 www.deltapowersolutions.com Update I n d u s t r y trends deals products services people comes with different configuration capabilities, thus allowing developers to test their apps for different configuration of hardware capabilities and Android platforms Jar of Beans Android Emulator Jar of Beans is an Android emulator that runs on the Jelly Bean version of the Android platform and is supported by Intel Hardware Accelerated Execution Manager (HAXM), for hardware acceleration and improved performance Free Mobile Device Emulators TECH TRENDS | A mobile device emulator allows you to test the responsiveness and functionality of your app across platforms including iOS, Android, and Windows without actually having the devices with you Native Android Emulator Android SDK comes with a virtual mobile device emulator that allows developers to test and run their apps without having a physical device It ess Businte y a Str g With the usage of web from smartphones and other smart devices escalating, it’s important to test run your apps on multiple platforms before you set off your journey CFO-CIO: A Growing Collaboration Insufficient understanding of IT issues among finance executives 42% Processes and tools are incompatible across the two functions 36% Lack of finance resources to dedicate to the IT agenda 34% Our organisational structure prevents this kind of collaboration Source: ey.com itnext | j u n e Windows Phone Emulator The windows phone SDK comes with its own emulator that allows developers to test their apps on a virtual device The default memory allocated to the tool is 512 MB so that you can test your apps for lower memory phones available in the market 44% The absence of a clear set of key performance indicators (KPls) that link financial performance and he IT agenda I not perceive any barriers BlueStacks Android Emulator Bluestacks is very much an Android app player that allows you to run Android apps on your Windows PC or Mac However, you can also link it with Eclipse to test your apps Also you can install the apk file of your app and test it using this tool 31% 11% Nokia S40 Emulator Nokia Asha SDK 1.2 comes with an emulator for testing apps targeted for Nokia Asha 502 phones Emulator comes with full UI interaction, messaging features and network communication features This emulator helps developers run and test their apps without having a physical device Sony Xperia M4 Aqua Micromax Canvas Doodle The phone has the new ‘cap-less’ USB port for charging The micro-USB charging slot on the left side of the device is the USP M4 Aqua is can be submerged in up to 1.5 metres of water It is priced at ` 23k (approx) The Canvas Doodle has a 6-inch HD display with 720 x 1280 pixels resolution The smartphone has a quad-core 1.3 GHz processor and runs Android 5.0 Lollipop It has an MP rear camera, and is priced at ` 9,499 Hooq, online streaming service Singtel, Sony Pictures Television and Warner Bros have teamed up to launch this streaming service Hooq will be available in India from June for ` 199 a month Significant Increase in DDoS Attack Activity TECH TIDINS | Accoding to Akamai, Q1 2015 set a new record for the number of DDoS attacks observed across the PLX routed network a jump of more than 35 percent over the last quarter Not only has the volume of attacks increased, the profile has also changed Last year, high bandwidth and short duration attacks were the norm But in Q1 2015, the typical DDoS attack was less than 10 gigabits per second (Gbps), and endured for just over 24 hours There were eight mega-attacks in Q1, each exceeding 100 Gbps During the past year, DDoS attack vectors have also shifted This Akamai’s latest Internet security report identifies new threats from IPv6 quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 percent of the attack vectors, while SSDP attacks were not observed at all in Q1 or Q2 2014 SSDP comes enabled by default on millions of home Around The World and office devices—including routers, media servers, web cams, smart TVs and printers— to allow them to discover each other on a network, establish communication and coordinate activities If left unsecured and/or misconfigured, these home-based, Internet-connected devices can be harnessed for use as reflectors Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 percent of DDoS attacks The software and technology sector was the second most targeted industry in Q1 2015, with 25 percent of the attacks quick byte Attacks on Mobile Wallets and Virtual currencies on Rise New research from F-Secure warns of Growth in Extortion Malware The company has witnessed SMS message sending trojans and ransomware attacks on Mobile Wallets and Virtual currencies on rise in the H2, 2014 According to the report, both Android & iOS have experienced malwares which have tried to attack the banking applications and mobile wallets in H2, 2014 Steve Jobs (1955 –2011) “That’s been one of my mantras —focus and simplicity Simple can be harder than complex; you have to work hard to get your thinking clean to make it simple.” june | itnext update Huawei Tackles Security Threats with a New Strategy Interview Adv Prashant Mali Cyber Law & Cyber Security Expert The devices are equipped with reputation system and multilayer inspection technology, and can inspect over 180,000 files per day DDoS The software can can be flexibly deployed on SDN switches and routers to provide security capabilities to network element devices The software firewall supports many popular virtual environments including VMware, KVM, XEN and UVP, as well as Netconf, RESTful and OpenStack architectures It employs Intel’s latest Data Plane Development Kit using Single Root I/O Virtualization (SR-IOV) technology to deliver compresehnsive security for cloud environments, and the software pattern-matching engine is claimed to deliver up to 40 Gbps performance Government in India to Spend $6.8 Billion in 2015 Internal services refer to salaries and benefits paid to the information services staff of in India will reach $6.8 billion US dollars an organization The information services in 2015, an increase of 5.7 percent over staff includes all company employees that 2014, says Gartner plan, develop, implement and maintain “IT services, which includes consultinformation systems ing, implementation, IT outsourcing and Software spending will grow 10.2 business process outsourcing, percent in 2015 to reach $860 million will be the largest overall spendUSD, up from $781 million USD in ing category throughout 2019 Software spending 2014, led by growth in vertical spewithin the government sector,“ will grow cific software (software applications said Dr Anurag Gupta, research 10.2 percent that are unique to a vertical industry vice president at Gartner Interin 2015 to These are stand-alone applications nal services IT spending will reach $860 that are not modules or extensions of increase 8.8 percent in 2015 to million USD, horizontal applications) reach $1.6 billion USD in 2015 TECH Tidings | Government IT spending itnext | j u n e From data center to boardroom, how you see the responsibilities of CSOs evolve? CISO now shares common responsibility of all cyber crimes committed in his organisation For example, if an organisation is traced via its IP address for a cognizable offence and the organisation lacks reasonable security practices by not finding the right accused, the CISO is implicated as accused The dominant trend is to rely on security solutions vendors to shift the responsibility on the solution offered by vendor, which is a sad state Security needs holistic approach backed by strong man and machine policies In the wake of IT Act 2000 & the Companies Act 2013, has the rule of the game changed for CISOs? IT Act 2000 & the Companies Act 2013 have made the CISO as statutory designation designation recognized by law that makes all organisations to hire CISO or designate one for them They have become important resource in organisation and security has become the board matter What’s your advice for CSOs to have smooth sailing with regard to implementation of best practices keeping in mind regulations, compliance, etc? The CSOs should have compliance chart ready encompassing ISMS, IT Act, 2000, SEBI, Companies Act and other rules and regulations his organisation is subjected to He needs to become “Security Hawk” in the organisation because he has a legal responsibility and he is also responsible for the legal risk his organisation gets exposed Till September 2014, 15k sites were reportedly hacked in the country; a majority of the cases have been filed under the IT Act What’s the message for the CSO from this? India and Indian organisations are on constant radar of malicious attackers I advise that every large organisation or large group should have its own CERT This CERT can have parallel relationships with other CERTs across countries This brings better resilience to a scenario like “Zero Day Exploit” or mass “Cyber Attacks” PHOTO /I LLUSTRATIO N/IMAG ING CRE DIT Leveraging its deep relationships and expertise in the telecom services industry, Huawei has announced an APT security solution that aims to provide comprehensive protection to the cloud, pipe, and devices The solution combines Huawei’s FireHunter security sandbox products, a Cybersecurity Intelligence System, and a software firewall product Huawei has also announced plans to form a Cloud Clean Alliance that will provide real-time cleaning services for denial-of-service (DDoS) attacks Huawei’s FireHunter security sandboxes are designed to detect and defend against APT attacks The devices are equipped with reputation system and multilayer inspection technology, and can inspect over 180,000 files per day The Huawei USG6000V series of virtualized cross-platform software firewalls integrate multiple security functions including traditional firewall, VPN, intrusion prevention, antivirus, DLP and anti- STRATEGY one answer I believe one of the main reasons everyone has so much trouble with alignment is because it’s viewed much too narrowly Now, to the solution Once I understood that there wasn’t a single answer, I began to take a close look at the variety of issues that gave rise to the feelings of “misalignment.” And to cut a long story short, here is what I learned: Each organization has its own unique IT alignment needs­—its unique IT alignment fingerprint You see, just like a hand has five fingers, not all hands are the same Each has its own unique set of fingerprints So it is with IT alignment There are five fingers or areas where IT is susceptible to misalignment And depending on the company and situation the feeling of “misalignment” can come from one or more of these areas Here are the five areas of IT alignment, along with a practical perspective for identifying alignment problems and opportunities The areas of IT alignment: Strategy-Driven Alignment: This is the area most commonly associated with alignment And it’s also the most misunderstood Strategy-driven alignment refers to three things: (1) that the IT project portfolio directly meets the wants and needs of the business community; (2) that IT projects and budget can be directly tied to the company strategy; and (3) that IT investment (where appropriate) forms part of the core strategy of the company Operational Alignment: Central to this element is the IT group’s adoption of an operating model for delivering services and support that meshes with the way the company works as a whole Plainly put, if strategy-driven alignment is about what is getting done, operational alignment is all about how it gets done In 28 itnext | j u n e Just like a hand has five fingers, not all hands are the same Each has its own unique set of fingerprints So it is with IT alignment There are five fingers or areas where IT is susceptible to misalignment particular, how IT services are delivered Calendar Alignment: Calendar alignment is about getting “in sync” with the recurring calendar, pace and timing of the organization overall Simply stated, calendar alignment means dovetailing three interrelated areas of organizational activity: (a) The IT vision, strategy and budget calendar; (b) the “big event” corporate calendar; and (c) the operational calendars of the key areas of your organization Economic Alignment: Economic alignment refers to the set of budget allocation, tracking and reporting activities and how they mesh with the understanding and presentation of costs within your organization Since IT is forever presenting projects and budgets­—many of which are allocated to a number of groups—economic alignment is required to ensure that everyone is speaking the same cost language Sounds simple, but it’s not IT often needs to track and manage costs differently than other areas and this need can cause profound disconnect Cultural Alignment: Companies have personalities, and so the departments within them Corporate personalities arise from combinations of so many soft qualities that it’s difficult to quantify or define them outright But one thing’s for sure; you know it when you see it Cultural alignment means being sensitive to (1) the big picture attitudes of the company to technology and technology-related issues; and (2) the personalities and fit of the IT personnel as members of a larger group Your challenge: What is your company’s IT alignment fingerprint Conventionally, achieving alignment has been oversimplified to mean “the selection and delivery of the right projects.” And while that’s important, there’s clearly more that IT leaders need to consider in order to achieve that often elusive feeling of alignment Try out the above approach, and let me know how it goes —Marc J Schiller has spent more than two decades teaching IT strategy and leadership to the world’s top companies around the globe This article was first published in CIO Insight For more stories, please visit www cioinsight.com Find more at online on the website www.itnext.in/resources/articles Initiative of Find out at A publication of Powered by www.pickacollege.in Education experts and scientists from IITs, Stanford and MIT have joined hands to create India’s first decision making tool to help students and parents choose the right college We have evaluated more than 1000 engineering colleges based on location, program, employability and fees to rank them and help you pick the college that is best for you To search, select and compare streams & colleges visit www.pickacollege.in TECHNOLOGY How CIOs Can Ensure Their IT Teams Are a Good Fit Adaptability and the ability to evolve are critical traits CIOs must encourage in their teams By Larry Bonfante IMAG E: ISTO CKPHOTO.CO M M 30 any CIOs struggle with the issue of succession planning It’s very difficult to both fill positions that have specific required competencies and experiences while concurrently keeping an eye towards the future Finding good people is challenging enough without trying to think about succession planning at the same time Perhaps the best way to accomplish both objectives is to ensure that everyone you hire, regardless of their role, exhibits certain key competencies and behaviors The first thing I look for in candidates is for people who “get it.” Some people seemed naturally wired to understand what outstanding service feels like They get what it is to be pro- itnext | j u n e active, responsive and focused on delivering outstanding results Another important competency is their communication skills The days when technologists could hide behind a glass wall, not deal with people and get by strictly on their technical acumen are over It’s not enough to be technically brilliant You need to be able to constructively engage with your colleagues in the other parts of the organization and be able to translate your functional expertise into business results that help them move the chains A huge issue that I don’t think is given nearly enough consideration to is cultural fit I once worked for a company where the vast majority of the executives I had to engage with were Ivy League MBAs who came from families that had been prominent in their communities for generations I am a kid from Brooklyn, a firstgeneration college graduate who grew up not being able to rub two nickels together While I was able to establish a certain level of credibility and effectiveness with these people, I wasn’t viewed as “one of them.” Cultural fit is also about how you think about things Are you on the same page with the management style of the organization? Is your communication style aligned with the way people express themselves at work? Are you an open book while everyone else keeps everything close to the vest? Do you like to communicate proactively while others handle information on a need-to-know basis? Cultural fit is perhaps the most important variable in terms of long-term success and happiness After all, trying to fit into a culture that is alien to you is not only challenging but exhausting Life is too short to not be able to be yourself I found that I’ve had far more success in cultures where “being Larry” was viewed as a positive thing as opposed to a career-limiting variable Make sure the people you recruit will fit into the culture you are trying to establish in your organization Finally, focus on recruiting people who are interested and capable of learning new things Everything we know today we will have to unlearn and learn new skills in the next few years I want to surround myself with people who are energized by the constantly changing landscape of today’s business world, not terrified of it Adaptability and the desire to evolve are critical elements to what I look for in new leaders —Larry Bonfante is a practicing CIO and founder of CIO Bench Coach, LLC, an executive coaching practice for IT executives He is also the author of Lessons in IT Transformation, published by John Wiley & Sons He can be reached at Larry@CIOBenchCoach.com This article was first published in CIO Insight For more stories, please visit wwww cioinsight.com Find more at online on the website www.itnext.in/resources/articles IMAGe by think stock.in Strategy Threat Intelligence Customers are now asking questions such as how was I attacked, when did it happen, is it still happening and most important who attacked me By Lisa Huff 32 itnext | j u n e O rganizations have made massive investment in a variety of security solutions over the years It is important to understand what investments that have made in security technologies in order to understand the success and possible challenges that they face The initial focus was to secure the perimeter and to invest in firewall, and intrusion detection systems and secure the endpoint by investing in anti-virus solutions to protect the user base The issue with Firewalls and IDS systems is that they need to be continuously updated and require lots of human intervention and have no visibility into unknown or zero day attacks The issue with AV solutions and scheduled scanning is that they typically miss malware threats that are stealthy in nature While these technologies are still must haves as part of and organizations security portfolio, their focus is on known attacks but they have no visibility into new or unknown attacks What followed was the massive investment in SEM/SIM/ SIEM solutions The problem with these solutions even up till today, is that customers are not properly prepared to take on STRATEGY large scale deployments because of a lack of defined processes more important the lack of trained people to support them Finding the needle in the stack of needles continues to be a major issue with SIEM solutions In addition, SIEM is only as good as the level of auditing and logging of the reporting devices/systems Those same systems require human intervention to keep them current but they also lack the visibility of emerging threats which can impact the value of SIEM Organizations now realize that perimeter defense and feeding logs into SIEM are lacking and are now investing in solutions that focus on post prevention/post compromise When the focus shifts to post prevention, having a forensics capability is important and an understanding of what additional data may be required to answer the question of how bad is bad Customers are now asking questions such as how was I attacked, when did it happen, is it still happening and most important who attacked me Many post prevention solutions focus on Advanced Persistent Threat These solutions focus on advanced targeted attacks and advanced malware These advanced attacks are designed to bypass the traditional signature based solutions (mentioned above); which often require user intervention (a “people” issue) to keep them up to date and are only effective when the threat is known One example of an Advanced Threat Solution that customers have begun to implement over the last few years is Network Forensic Full Packet Capture (FPC) solutions These solutions have been implemented over the last few years in an attempt to combat advanced persistent threats by collecting and performing deep packet inspection on every packet that enters and exits the network These solutions are great but require a lot of storage if one is to leverage the data for both real-time and forensic analysis In addition, FPC solutions require the analyst (people) to have a thorough understanding of their network environment in order to establish a baseline of known good and Given the investments that customers have made in security solutions to date, adding Threat Intelligence into the mix is the next logical step that baseline will need to be updated as new threats emerge In addition, the analyst must have a deep understanding of indicators of compromise that could alert them of the unknown threats and advanced targeted attacks and the various techniques that are used Another example of an Advanced Threat Solution that customers have made investments in are Advanced Malware Detection solutions that often include sandbox/simulation technology These solutions are built to handle a high volume of data and if there is something unknown it will be sent to the sandbox environment for further analysis These solutions are not bullet proof and the analyst must wait for the results of the analysis before action can be taken There is also no guarantee that what was found in the simulated environment will directly map to the production environment In addition, the intelligence that powers these solutions relies heavily on what is gleaned from the vendors install base There are other solutions that customers have invested in but I wanted to point out some of the more popular solutions Successful technology deployments have center-around a balance of people, process and technology In many cases, the issues customers have faced over the years have centered-around people and process Organizations have struggled in the past with having enough people and the proper processes in place to ensure that the mean time to remediation when a breach occurs is as short as possible Many of these security solutions require full time resources dedicated to the upkeep and maintenance of each solution Considering the ever- changing threat landscape and the need to perform forensics post compromise, organizations must continue to invest in training of their security teams Another way to educate security teams is to add Threat Intelligence to enhance visibility Having early indications of potential threats before they get to compromise is another way to keep security teams better informed Automated live threat intelligence could help shorten the time it takes to identify potential threats and potentially minimize the frequency of security incidents Given the investments that customers have made in security solutions to date, adding Threat Intelligence into the mix is the next logical step Live Threat Intelligence can provide security teams with pivotal information about potential threats and provide insight and motivation behind some of the more targeted attacks which security teams need focus on first Gone are the days when you implement a solution and wait for them to alert you of a potential threat and begin incident response Organizations need to take a proactive approach to incident response Adding Threat Intelligence into existing processes could improve monitoring and once the threat intelligence data source is trusted, the data could be used to perform active inline blocking in order to capture potential threats before compromise ­ This article is printed with prior permission from infosecisland.com For more such features and opinions on information security and risk management, please refer to Infosec Island Find more at online on the website www.itnext.in/resources/articles june | itnext 33 TECHNOLOGY attack In addition to easier access to cutting-edge tools, malware authors are also blending new techniques with the old, resulting in highly evasive techniques Something New or Déjà Vu? Threat actors are blending old tactics, such as macros, in unwanted emails with new evasion techniques Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures Email, the leading attack vector a decade ago, remains a very potent vehicle for threat delivery, despite the now dominant role of the web in cyberattacks For example: In 2014, 81 percent of all email scanned by Websense was identified as malicious This number is up 25 percent against the previous year Websense also detected 28 percent of malicious email messages before an anti-virus signature became available Digital Darwinism - Surviving Evolving Threats Eight Trends that Pose Data Theft Risks for Organizations Threat actors focus on quality now By IT Next ‘C yber threats in 2014 combined new techniques with the old, resulting in highly evasive attacks that posed a significant risk for data theft,’ says Charles Renert, vice president of security research for Websense The Websense 2015 Threat Report details eight key behavioral and technique based trends 34 itnext | j u n e Cybercrime Just Got Easier In this age of MaaS (Malware-as-aService), even entry level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex multi-stage Threat actors have focused on the quality of their attacks rather than quantity Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013 Yet, the numerous breaches of high profile organizations with huge security investments attest to the effectiveness of last year’s threats Avoid the Attribution Trap It is particularly difficult to attribution, given the ease by which hackers can spoof information, circumvent logging and tracking or otherwise remain anonymous Often, analysis of the same circumstantial evidence can lead to widely different conclusions; use the valuable time following an attack on remediation efforts Find more at online on the website www.itnext.in/resources/articles TECHNOLOGY The Implications of Net Neutrality A primer on the implications of net neutrality for users and SMBs By Amit Nath B efore exploring the implication of net neutrality, let’s understand what Net Neutrality is In practice, net neutrality prevents Internet providers like Airtel, BSNL, etc from dictating the kinds of content users are able to access online The Internet providers are instead expected to treat all traffic sources equally A scenario sans net neutrality essentially translates into an Internet Service Provider (ISP) promoting an affiliate company’s content to its subscribers over a non –affiliate, as charges would be levied on the affiliate companies for promoting their content For example, an ISP would want to promote content of XYZ Company over ABC Company to its subscribers That would happen because the service provider is being paid by the XYZ Company for the additional service Reduced load time for non-affiliate company Net neutrality prevents the Internet Service Providers from being able to favor any company and it must display both XYZ’s and ABC’s content evenly This also means no reduced load time for a non-affiliate company and definitely no blocking of that company altogether In short, net neutrality creates an even playing field among content providers, both large and small to the web And it’s great for consumers because they can access everything they want online for no extra charge At present, an end-consumer controls what they see online and not the Internet Service Provider owing in a large part to net neutrality There are a few Internet service providers who are against the idea of net neutrality These providers feel they should be able to pick and choose what end-consumers see and charge content providers accordingly They feel net neutrality interrupts their true revenue potential ISPs dictating content access If an internet service provider has layers of Internet access then the highest paying end-consumers would be able to access everything on the web and lower paying consumers would only be able to access information the service provider chooses to promote The Internet service providers could also charge content providers to display their content over competitors allowing them to maximize their revenue This additional source of revenue might mean free data plan for consumers However, consumers will lose control of the Internet The Internet service providers will decide exactly what the consumer views online future, where consumers will only view the information the Internet service providers want them to see Threat to small businesses Consequently small businesses, who can’t afford to pay providers to promote their content might just fade away or will have to look for some other means to reach out to their audiences The survivors and the Internet dictators would be the large companies who can afford to pay These will be the content providers whose content will be spread across the web Hence if a world without net neutrality is to be viewed objectively, one has to consider the following situations: •M  anipulation of content and thus users of the Internet • I nternet Service Providers filtering content for ulterior motives •L  ack of choice and freedom of content access to Internet user •B  igger players with larger paying capacity buying off a significant portion of the internet •B  ig hurdle to smaller and emerging players to gain visibility due to lack of a level playing field Death of free and fair Internet If the above hypothetical situations would become a reality, it would mean the death of the free and fair nature of Internet usage for everyone involved from how businesses are looked at to what the Internet user is forced to access under vested diktats of a select few The Indian Government and TRAI are working out on a legal plan of action to outline the dos and don’ts to ensure net neutrality does not get threatened in the face of rapid penetration of Internet in all parts of the country The sooner this is achieved, the safer we all are from the unethical result of its absence ­—Amit Nath, Country Manager, India & SAARC –F-Secure Sponsored Internet Moving forward, considering the worst case scenario, the world could be looking at a completely sponsored Internet in the Find more at online on the website www.itnext.in/resources/articles june | itnext 35 Conference Report | Data Center Services Innovations Simplify DC Management Latest advances ease resource management, and ensure reliable service delivery An interactive panel discussion moderated by R Giridhar, Group Editor, CIO & Leader, Seated from left to right are SatinderSingh, Consulting Systems Engineer, Netapp; PiyushSomani, MD & CEO, ESDS; PratapGharge, President & CIO, Bajaj Electricals; Kiran Beleskar, Associate Director - IT, PNB MetLife India Insurance; and  Keyur Desai, Vice President -IT Infrastructure, Essar F or today’s IT leaders, ensuring that the corporate IT infrastructure is geared to support business needs in an agile and scalable manner is an enormous challenge However, given the rapidly changing dynamics of the economy, competition and customer demand— 36 itnext | j u n e IT infrastructure managers have to be prepared to quickly scale computing and storage resources both up and down And have to this efficiently and cost effectively—even while ensuring reliability and performance At an event organized by CIO & Leader in partnership Data Center Services | Conference Report with ESDS, the challenges of getting the enterprise infrastructure ready to handle the business needs of tomorrow were discussed and deliberated in detail by eminent experts and experienced practitioners Speakers at the event shed light on how the current paradigms are being disrupted by new service and technology offerings that offer greater flexibility and control In his presentation, Dr Rajeev Papneja, Executive Vice President of ESDS explained the new management challenges that are confronting CIOs and IT managers who have adopted virtualization and cloud technologies in the data center—and how the hybrid cloud is becoming the new reality He demonstrated how a unique solution developed by ESDS could help IT managers more efficiently handle major IT infrastructure challenges Satinder Singh, Consulting Systems Engineer with Netapp spoke on the topic, “Building Scalable Cloud Services.” In his talk, Singh delved into the architecture and deployment of hybrid cloud solutions for the enterprise, and described the solutions available The event concluded with a panel discussion in which experienced industry practitioners discussed the challenges of selecting and managing outsourced data center service providers, and deploying cloud applications in the enterprise The panelists also fielded questions from the audience on issues relating to the cloud strategies and data center management Dr Rajeev Papneja, Executive Vice President, ESDS demonstrates how innovative solutions can help infrastructure managers overcome the problems of managing cloud infrastructure Satinder Singh, Consulting Systems Engineer with Netapp, describes the how appropriate selection of components and services can help enterprises benefit from scalable cloud services Delegates give their undivided attention to the speakers who discuss the challenges associated with managing hybrid cloud implementations j u n e | itnext 37 IMAGe by istockphoto.com Strategy Disruption Is the New Normal Attempting to apply old-school approaches and invoke protectionist practices in today’s ever-changing business environment is a recipe for disaster By Samuel G r e e ngar d W hile information technology introduces opportunities to achieve enormous efficiency and cost gains, it also creates a level of disruption that would have been unthinkable only a decade ago Barcode readers built into smartphones are a perfect example They, along with easily available information about products and pricing via the Internet, have introduced showrooming—which has fundamentally reshaped brick-andmortar retailing by making it easy for shoppers to look at a product in a store 38 itnext | j u n e and then buy it from a competitor online We are only beginning to understand what’s possible using more sophisticated devices, big data and algorithms The latest example? A 22-year-old computer whiz named Aktarer Zaman recently built a Website called Skiplagged, which ferrets out rock-bottom airfares by assembling data on so-called hidden city flights, which involve a stopover Apparently, consumers love the site, but United Airlines and Orbitz frowned upon it They sued Zaman and contended that he represents unfair competition, even though he earns no money from the site Besides the utter absurdity of claiming that a Website that uses publicly available data and doesn’t actually book flights is illegal, there’s the Las Vegas-style hypocrisy of attempting to rig the odds in the house’s favor Except this isn’t gambling I’m guessing that United and Orbitz thought Zaman would cave, but he is fighting the lawsuit, and, ironically, publicity over the Internet and the use of GoFundMe (a crowdsourcing funding site) has so far netted him a legal defense fund of nearly $40,000 CIOs and other executives had better take note Attempting to apply old-school approaches and invoke protectionist practices in today’s ever-changing business environment is a recipe for disaster I’m betting that United and Orbitz will ultimately back out, settle or, if it gets to court, lose Their arrogance and heavy handedness—using the legal system to squash any perceived threat—is somewhat predictable, yet pathetic Airlines already threaten to void tickets and frequent flyer miles for travelers who use a hidden city flight There are a few takeaways from all of this First, businesses must learn to live with sites such as Skiplagged A free economy isn’t free from some and not all Second, instead of draining money and resources attempting to block new systems and technologies, it’s smarter to focus on innovation Thanks to all the publicity, I’m sure that a lot more people know about Skiplagged and hidden city flights now than they did before the lawsuit Finally, the Internet, social media, crowdfunding and other tools ensure that if you pick the wrong fight, you may wind up shooting yourself in the foot —Samuel Greengard, a contributing writer for CIO Insight, writes about business, technology and other topics His forthcoming book, The Internet of Things (MIT Press), will be released in the spring of 2015 This article was first published in CIO Insight For more stories, please visit www cioinsight.com Find more at online on the website www.itnext.in/resources/articles STRATEGY Between a Cyber-Rock and a Risk Place With the board of directors asking questions about security readiness, CIOs are under pressure to assess their organization’s ability to respond to threats By Katie Gr aham Shannon & Phil Schnei d e r m e y e r C IOs are under more pressure than ever to accurately assess their organization’s ability to respond to both internal and external threats The board of directors and its audit committee are asking questions about information security readiness, and the CEO, CFO and general counsel are looking to the CIO for real-time answers Currently, there are two trends that are moving in opposing directions, putting CIOs between a rock and hard place The first trend: Social, mobile, analytics and cloud (SMAC) provide opportunities for criminals to, at a minimum, damage a company’s brand, and, at the worst, kill someone— possibly by damaging pacemakers or other medical devices There is no turning back the clock on this one The chief marketing officer and other customer-facing roles have gone digital, and organizations have seen the benefits with increased sales and improved customer experience The second trend: Explosive demand for chief information security officers has created a dramatic shortage of information security, risk and cybertalent at all levels However, it is especially true at the senior level There, technical skills are lower on the list of priorities, and communication skills, relationship-building skills, and gravitas (executive presence) are required The CIO needs a CISO with these leadership soft skills because this person will be presenting to the board and must work seamlessly with functional leaders, including the CFO, general counsel and other business line executives, in order to succeed The Cyber-Skills Mix In the recruiting process, CIOs are comfortable with the challenge of getting the right mix of technical and managerial skills However, in an information security market that is currently experiencing negative unemployment, CIOs will need a go-to-market strategy that emphasizes speed and flexibility In terms of speed and reducing the recruiting cycle-time, consider minimizing both the number of interview rounds and the number of executives that need to interview the candidates Get early buy-in from the candidates by quickly meeting them via video to share your company’s information security strategy, and expect to be in sell mode as the chief brand ambassador of your firm A key stakeholder like the CFO or general counsel should be involved in the first round, versus the approach that most CIOs take: Having their direct reports the round-one interviews If a candidate is considering your opportunity, then he or she is likely considering other positions as well, and the great candidates are looking for challenges and career growth They will be attracted and intrigued by what they hear when they are meeting with non-IT leaders for the job opportunity Also, you should understand both the short-term and the longterm components of the candidate’s compensation Expect that for the right talent, CIOs may be pushed to extraordinary and unique things with compensation to attract the candidate There is an opportunity here for CIOs to work closely with their HR partner from the beginning to ensure that the offer stage is expedited Today, with these qualifications held by others in the organization, CIOs are forgoing these requirements Instead of them being a “must have,” they are now “nice to have.” Many CIOs are looking beyond their own industry for talent, and they often target sectors such as financial services, which has years of experience building information security and risk programs While this strategy will yield “been there, done that” experience, it also has two areas of caution: the ramp-up to learn a new industry and transition challenges That’s combined with the fact that there will likely be a compensation premium when recruiting from financial services With recent examples like the Sony Pictures hack, it is becoming abundantly clear that there is no mote wide or deep enough to reduce the penetration risk to zero The most important point is that an organization looking for top CISO talent needs to be prepared to hook, land and keep this sought-after talent —Katie Graham Shannon is a global managing partner and Phil Schneidermeyer is a partner for the Information & Technology Officers Practice at Heidrick & Struggles This article was first published in CIO Insight For more stories, please visit www cioinsight.com Find more at online on the website www.itnext.in/resources/articles june | itnext 39 indulge HP Omen The hottest, the coolest and the funkiest next generation gadgets and devices for you Here’s a preview of the latest tech toys on the block to add to your arsenal Take your pick and then go splurging! HP’s first gaming laptop NEW in India is priced at Rs 1,59,990 It comes with an Nvidia GTX 960 graphics card, and an Intel Core i7 processor, and 8GB of RAM The device has a 15.6-inch IPS LCD display which is touch enabled Huawei P8 Chinese smartphone maker Huawei announced the Huawei P8 smartphone at a launch event held in Bangkok The phone is headed to India in the third quarter of the year There’s a healthy dose of metal on this smartphone with a polished mattelike finish to it It feels quite premium and is very thin at merely 6.4mm Asus Zenwatch The ZenWatch has a similar design as ASUS’ first Android smartwatch, but comes with a new magnetic charging setup The smartwatch runs on Android 5.1.1 Lollipop OS, a Qualcomm SoC, an AMOLED display with a curved Gorilla Glass protection LG G4 LG is set to launch its latest HOT flagship smartphone in India The LG G4 has a 5.5-inch QHD (538 ppi) display It runs Android 5.1 Lollipop and is powered by a Qualcomm Snapdragon 808 Processor with X10 LTE processor The smartphone sports 16MP F1.8 with LDAF +OIS 2.0 rear camera and an 8MP Selfie Camera Like something? Want to share your objects of desire? Send us your wish-list or feedback to editor@itnext.in 40 itnext | j u n e Huawei OceanStor 9000 with Intel® Xeon® Processors Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks Huawei OceanStor 9000 with Intel® Xeon® Processors of Intel Corporation in the U.S and/or other countries Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S and/or other countries Huawei Telecommunications (I) Co Pvt Ltd 8th Floor, Tower A, Spaze I Tech Park Sector-49, Sohna call: Road,400-822-9999 Gurgaon, Haryana -122002 India For more detail For more details log on to, www.huaweienterprise.in For more detail call: 400-822-9999 ® ® ... itnext 11 cover story | Big data & Analytics` 12 itnext | j u n e THE BIG BENEFITS OF BIG DATA ANALYTICS With businesses already deriving big benefits out of their big data and analytics efforts,... Feature THE CHALLENGES OF ALIGNING IT AND THE BUSINESS PAGE 26 THE BIG BENEFITS OF BIG DATA ANALYTICS cover Design: PETERSON PJ With businesses already deriving big benefits out of their big data. .. what big data tackling warrants to start with, and then move onto advanced analytics initiatives june | itnext 15 cover story | Big data & Analytics What are major drivers of big data and analytics