Professional Documents
Culture Documents
4 i n f o r m at i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
contents
THE BUSINESS VALUE OF TECHNOLOGY
23 Cloud views
From SaaS, PaaS and IaaS – Indian CIOs are gradually
With cloud computing in India set to touch USD 1
billion by 2015, cloud vendors are tapping every
available opportunity
stepping up their focus on the cloud. Here is a
snapshot of what you can expect in 2011
6 i n f o r m at i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Volume 2 Issue 10 March 2011
interview
Stefan Van Overtveldt
56
Chief Engineer Officer, Mastek
feature 61
Six ways to fail in the cloud
Our latest survey shows double-digit increases in cloud
adoption. But ignore integration, management and
monitoring at your peril
EDITORIAL.......................................................................... 4
INDEX................................................................................... 8
Case Study 57
NEWS................................................................................... 9
news analysis............................................................... 12
opinion............................................................................50
book review..................................................................60
cio profile.....................................................................64
Global CIO.....................................................................66
analyst angle.............................................................68
practical analysis...................................................69
down to business....................................................... 70
Global CIO 66
Do you Twitter? Follow us at Find us on Facebook at http://www.facebook. If you’re on LinkedIN, reach us at http://www.linkedin.com/
http://www.twitter.com/iweekindia com/informationweekindia groups?gid=2249272
march 2011 i n f o r m at i o n w e e k 7
imprint
print online newsletters events research
Important
Every effort has been taken to avoid errors or omissions in this magazine. In spite of this, errors may creep in. Any mistake, error or discrepancy noted may be brought to our notice immediately. It is notified that neither the
publisher, the editor or the seller will be responsible in respect of anything and the consequence of anything done or omitted to be done by any person in reliance upon the content herein.
This disclaimer applies to all, whether subscriber to the magazine or not. For binding mistakes, misprints, missing pages, etc., the publisher’s liability is limited to replacement within one month of purchase.
© All rights are reserved. No part of this magazine may be reproduced or copied in any form or by any means without the prior written permission of the publisher. All disputes are subject to the exclusive jurisdiction of
competent courts and forums in Mumbai only. Whilst care is taken prior to acceptance of advertising copy, it is not possible to verify its contents. UBM India Pvt Ltd. cannot be held responsible for such contents, nor for any
loss or damages incurred as a result of transactions with companies, associations or individuals advertising in its newspapers or publications. We therefore recommend that readers make necessary inquiries before sending any
monies or entering into any agreements with advertisers or otherwise acting on an advertisement in any manner whatsoever.
8 i n f o r m at i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Cloud Computing
news BSNL-Datacraft
alliance targets
SMBs for cloud
Last year, BSNL and Datacraft
announced an alliance to
jointly provide managed
hosted and cloud services
under the brand ‘onecloud’.
Software After initially testing out the
market, the alliance believes
Sonata Software bags Euro 5 that SMBs represent a huge
market, in addition to the
million IMS deal from ATU enterprises, where both
Datacraft and BSNL have a
Bangalore-based mid-tier IT services Germany. “Sonata offers these major presence.
firm, Sonata Software has bagged services with a combined on-shore This is corroborated by
a Euro 5 million infrastructure and off-shore delivery model,” said independent research from
management services (IMS) deal from Vivek Desai, VP, Sonata Software. analyst firms. For example, a
ATU, Germany’s largest automobile Sonata derives close to 60 percent recent report by AMI-Partners,
service company. As per the terms of of its offshore services revenues from predicts that SMB spending in
the five-year contract, Sonata will be Europe and the majority of this is India on SaaS, is anticipated to
hosting all the applications for them from continental Europe. With close rise by a significant 43 percent
on their data centers in Hannover in to 500 employees and three data in 2011.
Germany. centers in Hannover, Sonata’s service The alliance hopes to
IMS is a significant revenue stream offerings in the region include IT capitalize on this opportunity
for Sonata. “Of our USD 300 million infrastructure management services by offering them a complete
worth revenues, IMS contributes about encompassing data center services, set of services such as
application hosting, server monitoring messaging, ERP, HR or backup
and management, and 24x7 centralized services on the cloud.
helpdesks. “The cloud is a cost-
Sonata claims to have the effective and quick solution
widest range of IMS offering in for the SMBs,” says Karthik
the continental Europe region. In Ramarao, Principal Consultant,
2006, Sonata acquired a majority Datacraft Asia. Ramarao
stake in TUI InfoTec to form a joint believes that SMBs can gain
venture with TUI AG, Europe’s largest from the advantage of BSNL’s
integrated travel company. The reach and connectivity.
acquisition has helped Sonata further Datacraft is in the process
strengthen its foothold in the IT of building six data centers
infrastructure management space. across the country for BSNL,
For the quarter ended December and by around April 2011 all the
30, 2010, Sonata’s consolidated datacenters will be effective.
USD 60-70 million which is roughly 20 revenue stood at about USD 77 The data centers are
percent of our total revenues,” said B million with its international business located in Jaipur, Mumbai,
Ramaswamy, President and Managing (IT services plus TUI InfoTec) Ahmedabad, Ludhiana,
Director of Sonata Software. “Over the contributing USD 43 million. Roughly Ghaziabad and Faridabad
years, big bang outsourcing has been 80 percent of Sonata’s workforce is and are inter-connected.
replaced by a more granular model concentrated in its delivery centers While SMBs are a major focus,
wherein you provide focused services in Bangalore and Hyderabad in India, demand is expected to be
such as storage, support, etc,” he added. while the remaining 20 percent works strong among enterprise
The deal with ATU, bagged out of Hannover. customers too.
about six months back, has further
enhanced Sonata’s presence in Ayushman Baruah Vinita Gupta
march 2011 i n f o r m at i o n w e e k 9
news
Telecom
FORM IV
MNP pushes telcos Statement about ownership and other particulars about
newspaper informationweek to be published in the first issue
towards analytics every year after the last day of February
Industry experts opine that it costs 5-10 times more to 1. PLACE OF PUBLICATION MUMBAI
recruit a new customer than to retain the existing one. 2. PERIODICITY OF ITS PUBLICATION monthly
With MNP, this possibility has increased exponentially 3. PRINTERS NAME sajid yusuf desai
– as subscribers have the opportunity to migrate to a NATIONALITY INDIAN
1[(a) WHETHER A CITIZEN OF INDIA? YES
new network while retaining their existing number.
(b) IF A FOREIGNER, THE COUNTRY
“With Mobile Number Portability (MNP), the OF ORIGIN NOT APPLICABLE
command is in the hand of customers and not telecom ADDRESS Sagar Tech Plaza, A 615-617,
service providers,” opines Amitava Ghosh, Senior VP 6th floor, Andheri Kurla Road,
and Head, Analytics and BI at Reliance Communication. Saki Naka Junction, Andheri (E),
Mumbai 400 072, India
At the recently held SAS Forum held in Mumbai in
February 2011, a number of telecom service providers 4. Publisher’s Name sajid yusuf desai
shared this common belief on the increasing importance NATIONALITY INDIAN
of analytics in understanding customer preferences 1[(a) WHETHER A CITIZEN OF INDIA? YES
accurately, and in maximizing customer value. (b) IF A FOREIGNER, THE COUNTRY
OF ORIGIN] NOT APPLICABLE
ADDRESS Sagar Tech Plaza, A 615-617,
6th floor, Andheri Kurla Road,
Saki Naka Junction, Andheri (E),
Mumbai 400 072, India
10 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Data Center
Elitecore Wins
NASSCOM Innovation Award 2011
for Cyberoam’s Layer 8 Technology
In yet another crowning achievement, Elitecore, provider of Cyberoam UTM
appliances has won the ‘NASSCOM Innovation Award 2011’ in “New
Technology Advancement” category for Cyberoam's Layer 8 technology.
Cyberoam was also recently named the No.1 UTM Appliance Vendor in India as
per the IDC Q3, 2010 Appliance Tracker report.
12 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story Cloud computing
14 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Private clouds witness Cloud views
surge in adoption From SaaS, PaaS and
Evidence on the ground IaaS – Indian CIOs are gradually
indicates that a host of Indian stepping up their focus on the
enterprises are gradually cloud. Here is a snapshot of what
taking a stepping stone into you can expect in 2011
the cloud by building their
own private clouds 16 23
33 38
46
march 2011 i n f o r m at i o n w e e k 15
cover story
Though the evidence is still small, the sector, provisioning of project additional desktops and servers that are
rising adoption of private clouds across infrastructure is perhaps one of the most physically installed in server rooms with
a number of sectors indicates that Indian important pieces in getting a project these VMs. Due to the internal cloud,
enterprises are seriously considering the quickly executed. This is also one of the allocation time for providing project
private cloud as a fundamental part of the most challenging tasks, as most infrastructure has been reduced from
their compute infrastructure. While the companies in this sector execute distinct two days to eight hours. A previous
initial surge was predictably led by the projects for multiple clients spread over machine snapshot can be restored
IT sector, the current evidence indicates multiple countries. As projects can be within five minutes in case of disaster.
that private clouds are blooming in parts short in duration, the IT team has less The speed and agility that a private
in other sectors too. As InformationWeek time for provisioning infrastructure cloud can deliver can be seen from the
scouted for real examples on the according to dynamic needs. Any delay example of Infosys. Using the private
ground, we were pleasantly surprised at in provisioning the required hardware cloud infrastructure, Infosys could build
the number of organizations who had affects project delivery. Similarly, twin data centers in a record time of 5.5
deployed a private cloud. (See box: Who ineffective utilization of hardware months with more than 30 services and
is using the private cloud) infrastructure affects the margins of the two clients going live. More importantly,
Five years ago, when Indian projects. the deployment resulted in major cost
enterprises started looking at Ramping up and scaling down project savings for Infosys with more than 50
squeezing out more value from their IT infrastructure based on project needs percent reduction in the effort cost of
infrastructure, they found an able ally is also not possible with the traditional leveraging Infosys’ Global Delivery Model.
in a technology called ‘virtualization’. model. A private cloud is a perfect model Similarly, Wipro has documented
The benefits of this technology were for companies in the IT sector as it helps savings of slashing the time taken for
amplified in recessionary times, in addressing the challenges of providing provisioning infrastructure using a self-
when CIOs were asked by their top infrastructure quickly. From the initial service portal environment. “The private
management to rein in costs, while statistics shared with us by some of the cloud has helped us in faster provisioning
still maintaining the ability to support leading IT companies, we can gauge the of resources for our projects. Today,
growth. Today, even as the economy is huge benefits that a private cloud can compared to a typical 46 day period for
gradually limping back to normalcy, CIOs offer to an enterprise. provisioning infrastructure for a project,
are now looking at private clouds as a For example, Infosys’ private cloud we can now achieve the same task in just
method to flexibly and cost effectively christened ‘MyCloud’, has the ability 35 minutes,” says Laxman Badiga, CIO,
deliver services and resources from a to host around 3,000 virtual machines Wipro Technologies. Badiga says that
single point. (VMs) with an easy-to-use ‘Self-Service’ the process of identifying, procuring and
portal and template-based provisioning. provisioning resources has been reduced
IT sector leads adoption Infosys is looking at substituting to just sending a request. The resources
Most Indian CIOs are looking at private
clouds as a stepping stone into the world
of cloud computing, as private clouds “Compared to a typical 46 day period for
deliver the same benefits of elasticity provisioning infrastructure for a project,
and standardization, while adhering to we can now achieve the same task in
security and compliance needs. As the
cloud enables standardization, CIOs
just 35 minutes”
have the ability to quickly provision
infrastructure or applications according
to business needs.
For companies in the IT services Laxman Badiga, CIO, Wipro Technologies
16 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
are readily provisioned and available for “With the power and flexibility of
use. Wipro today has more than 1,500
virtual servers running on the cloud.
private cloud, we can now configure and
Patni has a similar experience. re-configure resources based on demand
Satish Joshi, Executive Vice-President and utilization”
and Global Head Technology, Patni,
tells us that the time for provisioning
infrastructure has gone down from
weeks to a few hours. “Today, we can
Vikas Gupta, VP-IT, Tech Mahindra
provision development and testing
environments for new applications within
a few hours,” says Joshi. based on demand and utilization. I would IT function can concentrate its time
Private clouds also provide software say, with highly virtualized pools of on innovation, rather than focusing on
services companies a perfect platform to compute, network and storage, we have maintenance-related activities.
rapidly launch new services. For example, become more flexible and agile,” says
Hexaware recently announced the launch Tech Mahindra’s VP for IT, Vikas Gupta, Private clouds develop
of its cloud service, wherein it proposed vouching for the benefit of a private roots in education sector
to offer clients services in the space of cloud. Clouds are also well suited for
IaaS, PaaS and SaaS. The foundation As Tech Mahindra has a huge focus educational institutes, as most
for launching these services is a private on the telecom sector, it is leveraging its institutions are today struggling to
cloud, built using NetApp’s multi- tenant experience learnt while building private securely and cost effectively provide IT
storage solutions and VMware’s vCloud clouds, and using this to service clients infrastructure. Take the case of Sardar
Director. effectively. Patel Institute of Technology, a Mumbai
“Historically, a typical IT person “We have seen that the resource based-educational institution.
spends close to 70 percent of his and workload demand is cyclical in Tech In an educational institution such as
time in application and infrastructure Mahindra because it is purely driven Sardar Patel Institute of Technology, labs
maintenance related activities. A by business demand. To leverage the are set up as per subject requirements
private cloud enables an IT professional power of private clouds, we have started and as there is no separate lab for
to reduce time on maintenance, and working on porting our applications individual subjects, every machine
concentrate instead on innovation,” to private cloud, some of them being is installed with multiple heavy
emphasizes N Nataraj, CIO, Hexaware specific to the Telco market we target,” applications. This is a headache for a lab
Technologies. explains Gupta. assistant, as he or she has to reconfigure
Given the extreme competitiveness Today, with the adoption of private every machine for addition of new
of the companies in the IT services clouds, the IT function can deliver software or to upgrade existing software.
sector, the utilization and reusability of what the business wants as a catalog Educational institutions also grapple with
the hardware and software infrastructure of services. Gupta says that this the problem of extensive usage of pen-
is crucial. has completely changed the overall drive in college labs, which is the main
“Earlier with a traditional approach, conversation and approach with which source of virus problems.
we were purchasing dedicated stacks the IT function interacts with the Typically, final year students
which we had to live with for three to business for their technology related are provided dedicated desktops for
five years. Today, with the power and needs. The business can choose from their final year project. They submit
flexibility of private cloud, we can now the catalog of services making them a CD containing source code and
configure and re-configure resources more competitive and agile, while the documentation of project during
submission. Setting up the production
environment for the projects is hence
“A private cloud enables an IT difficult after the students pass out.
professional to reduce time on There is a need for effective storage
maintenance, and concentrate instead of projects, which is the institution’s
Intellectual Property (IP).
on innovation” Using Eucalyptus Systems’ private
cloud solution, the institute has built an
internal, private cloud based on open
source technologies and compatible
N Nataraj, CIO, Hexaware Technologies with Amazon’s cloud services. Some of
march 2011 i n f o r m at i o n w e e k 17
cover story
the existing desktops were clustered to “A private cloud model was chosen to
create the cloud infrastructure and no
additional hardware had to be purchased.
ensure the desired levels of security
The institute has been one of and high availability as the healthcare
the early adopters in the educational demand for data security and SLAs are
sector to adopt an open source-based
extremely stringent”
private cloud. “Post deployment, we
can create machine instances on-the-fly
and create an infrastructure according
Dr Neena Pahuja, CIO, Max Healthcare Institute
to requirements. The adoption of the
private cloud has also helped in cutting
our annual IT budget by 70 percent,” a private cloud with implementation healthcare IT spending in India.
explains Dr Deven Shah, HOD, IT assistance from Progressive Infotech. Zinnov believes that the healthcare
Department, Sardar Patel Institute of The computer centre of IIT has always infrastructure in India is currently
Technology. received high demand being a research- chasing a 50 percent gap compared to its
The private cloud also allows oriented institute of higher learning global peers. This necessitates an urgent
students to launch multiple virtual – and a private cloud deployment will need to scale up the infrastructure to
machine instances (based on various enable the institute to move around cater to a population of over a billion.
practical experiments) from any workloads easily for load balancing Apart from the various
computer system. A student can attach purposes and to allocate computing administrative hospital functions that
her storage space to that particular resources. One of the major benefits of can be standardized and delivered using
instance to save any work done. In case the private cloud will be in the area of a cloud-based solution, the research
a particular instance gets infected by critical research or consulting projects undertaken by Zinnov estimates that the
a virus, the infection remains in that that need high computing requirements cloud can lower IT infrastructure cost by
particular instance, and does not affect and some repetitive experimentation. approximately 30 percent.
other running instances. This ensures a After the deployment of the virtual With typical concerns of data
higher level of security. The deployment machines, the old data can be stored and security, integrity and availability, the
has also allowed the college to ensure reused as and when required. ‘private’ cloud is a preferred option for
optimum usage of bandwidth. Each The same benefits, that these organizations in the healthcare sector.
virtual machine instance is allotted a educational institutions have realized This is corroborated by a recent KPMG
fixed amount of Internet bandwidth, with private clouds, can be amplified report titled, ‘The Cloud: Changing the
restricted to a few MBs in terms of when large associations leverage the Business Ecosystem’.
data transfer caps. This ensures that cloud. For example, universities and The report states, “Considering
students do not misuse the connectivity state-education departments can share that the nature of the business involves
to download large multimedia files or their infrastructure and create a private the management of highly sensitive
software or surf unauthorized websites. cloud. patient data; most healthcare providers
Today, each student has his own storage are exploring a private cloud. Until
space in the cloud. Students can use the A healthy outlook for the concept of the cloud gathers
cloud storage space to store their daily healthcare enough acceptance across industries,
experiments. College projects are also In a recent report, management pharmaceutical companies are expected
available to the college for reference consulting firm, Zinnov estimated that to primarily resort to the comforts of the
even after the student attains his degree. the cloud could potentially address environment of a private cloud”. A case
More recently, IIT Delhi also set up close to 40 percent of the total annual in point is Max Healthcare, which has
partnered with Dell Services, to convert
its IT infrastructure of all eight Max
“Post deployment of the private cloud,
Healthcare facilities into a private cloud
we can create machine instances running remotely from Dell Services Data
on-the-fly and create an infrastructure Center.
according to requirements” Explaining the need for creating a
private cloud, Dr Neena Pahuja, CIO,
Max Healthcare Institute, says, “Max
Healthcare is growing fast and our four
Dr Deven Shah, HOD, IT Department, new hospitals will be operational by the
Sardar Patel Institute of Technology third quarter of this year — doubling
18 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
our current bed capacity. We wanted this as it allows them to see patient the US, some large hospitals are coming
to create a scalable IT environment to data anywhere on their Blackberries, together to build community clouds.
support our growth and hence decided to iPhones or iPads. In one case, a doctor In this case, the cloud infrastructure is
go in for a cloud environment. A private was remotely able to diagnose a bleeding shared by organizations in a specific
cloud model was chosen to ensure patient brought in trauma in the early community. A case in point is Toronto-
the desired levels of security and high hours of day, without rushing to the based Mount Sinai Hospital, which has
availability as the healthcare demand hospital. The timely diagnosis helped set up a community cloud to serve 14
for data security and SLAs are very in getting immediate treatment to the other hospitals in the area. The federated
stringent.” patient.” cloud provides individual hospitals
The ease of information access Currently, Max Healthcare has access to an ultrasound application that
and the agility in provisioning IT deployed its Hospital Information System is too expensive for each hospital to buy
infrastructure is a huge advantage. on the cloud, and is planning to rollout individually.
Dr Pahuja cites one example that its Electronic Health Care System (EHR)
demonstrates the true power of the on the private cloud. Helping the retail sector
cloud. The future clearly lies in federated manage crests and troughs
“Some of our clinicians just love or community clouds. For example, in A shared central infrastructure enabled
Infosys Allocation time for providing project infrastructure has been reduced from
two days to eight hours. A previous machine snapshot can be restored
within five minutes in case of disaster. The deployment has resulted in
major cost savings for Infosys with more than 50 percent reduction in the
effort cost of leveraging Infosys’ Global Delivery Model.
IT
Wipro Compared to a 46 day period for provisioning infrastructure for a project,
the same infrastructure can now be provisioned in just 35 minutes.
Sardar Patel Institute The adoption of the private cloud has helped in cutting the annual IT budget
of Technology by 70 percent. The private cloud also allows students to launch multiple
virtual machine instances from any computer system
IIT Delhi One of the major benefits of the private cloud will be in the area of critical
research or consulting projects that need high computing requirements and
Education
some repetitive experimentation.
Max Healthcare The private cloud allows Max Healthcare to set up its process and tools
at new facilities easily, as these facilities get access to Max’s Hospital
Information Management System by just hooking up to the cloud.
Healthcare
Shoppers Stop Will help the organization to match the pace of growth without a
commensurate increase in data center assets
Retail
The Kerala State The Kerala State IT Mission has signed a tri-partite agreement with
IT Mission IIITM-K and C-DAC, Chennai (C-DAC) for testing applications such as
SPARK (State Pay roll and Personnel Management System) on a private
Goverment cloud
march 2011 i n f o r m at i o n w e e k 19
cover story
by a private cloud is beneficial for better performance, responsiveness and maintenance costs,” says Senthil Kumar,
retailers, as it gives them not only scalability with varying load. Technical Director, OTG, NIC, Chennai.
faster access to customer data, but is Dr Ajay Kumar, Principal Secretary The private cloud is being tested for
also helpful in rolling out new product (Information Technology), Government running some of the e-governance
initiatives. A case in point is Shoppers of Kerala, shares the example of projects. Once the testing is fully
Stop, a pioneer in modern retailing. SPARK (State Payroll and Personnel complete, the team plans to submit
“The retail industry is now in an Management System), which is used by the outcome of this setup to the top
expansion mode with the economy nearly 5.5 lakh government employees management, who then will take a call on
looking up. As we expand our business of the state. This application requires deploying this infrastructure across the
operations, scalability of the data huge amount of computing resources country.
center infrastructure was one of the key during the peak period of computation
requirements identified. The business which happens during the last week of Early adopters will boost
need for deploying a private cloud was the month. Such applications may face confidence
driven by resilience, variable load factors problems of poor response time of the For the past few months, we have been
of various applications, data center system due to want of resources. He asked the question, ‘Is the cloud real or
consolidation and potential savings from also cites the examples of applications a big marketing hype?’. When we started
clouds,” explains Arun Gupta, Group in the education department, which out exploring this story, we were not
Chief Technology Officer at Shoppers handle functions such as common sure of the number of Indian companies
Stop. Gupta says that the private cloud admission counseling and results. These that had deployed a private cloud. After
deployment has enabled his firm to applications register heavy traffic only at talking to vendors and a huge number of
save on capital investments by almost the time of admission or results. In other CIOs, we can definitely say that the cloud
40 percent. More importantly, even as periods, the system remains idle. will be a vital part of a CIO’s business IT
business continues to grow, there is no “We have chosen SPARK application strategy in the years to come.
commensurate increase in data center for testing because there are 2 lakh Some CIOs, that we spoke to, say
assets. users. The application receives close to that companies in the SMB sector will be
3 to 6 crore hits during the last week the first to adopt the cloud. Government
A cloud for the government of every month and we believe that is another sector where we will see cloud
Looking at the typical scale that a this will be five times more by 2011. In adoption. And of course, there is the
government institution works, the such applications, pooling of computing emergence of federated clouds. Large
cloud has huge potential to deliver resources would facilitate faster enterprises, that have made significant
huge efficiencies. For example, the operations and only when resources are investment in infrastructure, will
Government of Kerala is testing out a actually needed,” explains Dr Kumar on seriously consider the cloud during the
private cloud. The Kerala State IT Mission how the cloud model can drive further next refresh/upgrade cycle. Gartner has
has signed a tri-partite agreement efficiencies. said that enterprises will also implement
with Indian Institute of Information Another initiative, that has the Hybrid clouds.
Technology and Management-Kerala potential to usher in huge efficiencies While the evidence of companies
(IIITM-K) and Centre for Development across government organizations, is a who have implemented a private
of Advanced Computing, Chennai pioneering step taken by NIC. The Open cloud is still at an extremely small
(C-DAC). In the first phase of the Technology Group at NIC, Chennai is scale, the acceptance of the model
project, IIITM-K and C-DAC are setting testing out a private cloud using Ubuntu by organizations across the industry
up a cloud test-bed. Accordingly, the Enterprise cloud with the help of CSS spectrum proves that the private cloud
initiative hopes to onboard on the cloud Corp. “Our goal is to reduce hardware model will be a vital part of the compute
projects or applications which require cost, save infrastructure setup and infrastructure. Hopefully, the early
adopters will convince the fence sitters
that the cloud story is here to stay, and
“The business need for deploying a the private cloud is a big stepping stone
private cloud was driven by resilience, for organizations that truly want to
variable load factors of applications, experience the power of the cloud. n
20 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story
T
he true sign of a technology being adopted is when which also has a self service module for all 2,200 users.
smaller enterprises start implementing a particular This is a complex requirement as most of the workflows and
technology for maximizing business value. A case in business reports are extremely customized,” explains Som,
point is Somnet Dynagraphics, a small IT solutions firm that on why a private cloud makes sense for his enterprise.
has built a private cloud using open source. Another case in point is True Value Homes, a fast
Says Shantanu Som, Director-Technical, Somnet growing construction company. The pace of growth of the
Dynagraphics, “Our sales people can now load data in CRM organization can be seen from the fact that the company
from anywhere, which entirely runs on cloud. Our support has completed 4 million square feet of cumulative
engineers get support tickets via SMS on their mobile while construction and has projects covering about 12 million
on the move, bettering their response time and increasing square feet in the pipeline—9 million in residential and 3
customer satisfaction.” Som says that the open source million in commercial property. Every year, the firm has
framework has given his firm low TCO. “Now, we have plans to achieve a target of building 2.5 million square feet.
more employee engagement which translates into higher For this organization, meeting IT infrastructure
operational efficiency. Less IT investment per employee is also requirements with the pace of growth is a challenging
another motivational factor.” To enhance security, Somnet task. A private cloud is apt as it gives the firm the ability to
uses 128 bit encryption and OTP (One Time Password). The quickly deliver infrastructure requirements from a central
OTP reaches a user via a SMS. This provides a high security location. “Whenever a new site comes up, it takes only two
environment, even if employees use an Internet café. minutes to provide infrastructure and access to end users,”
The scalability of the private cloud makes it apt for exclaims Arun Mehru, Director-Procurement and IT, True
SMBs. “One of our business units supports around 2,200 Value Homes. Mehru marks ‘security’ as the biggest draw of
installations of high-end multifunction devices and this the private cloud as it helps the IT function in centralizing
is a customer intensive operation. We manage the entire and monitoring user access. True Value has built the private
operation and workflows of that unit with our own solution cloud using hardware from IBM. n
22 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Cloud
Views Leading CIOs share their views on
what they are doing on the cloud
Vijay Sethi, Vice President virtualization in India we will leapfrog from compute on
– Information Systems, physical servers to private or hybrid clouds. The rest
Hero Honda of the world went through the cloud evolution, by first
We have set up a dealer consolidating servers, then virtualizing data centers,
management system then deploying a private cloud, and then getting into a
wherein our vast network federation between private and public cloud.
of dealers can VPN into
our corporate system.
We are now looking at Ravinder Jain, CIO, Aircel
extending this on the SaaS This year we will focus on Cloud and we are considering
platform. For me, IaaS and PaaS the SaaS model and eventually PaaS. But we are not
do not make sense now since I have already made opting for the hosting model.
investments in on-premise infrastructure.
march 2011 i n f o r m at i o n w e e k 23
cover story
24 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
Satish Joshi, Executive Vice-President and Global Head Technology, Patni
The first step in creating a private cloud is a strong assessment and inventory creation of what
computing capacity is installed and what portion is in use. Geographical distribution is an
important component of the assessment. Technology diversity is another. Contractual obligation
is the third dimension wherein an enterprise has to maintain boundaries between different
compute environments despite technological similarities.
The most important issue to be tackled when moving to a cloud environment is change
management which is an important time consuming constraint.
Vikas Gupta, Vice-President, Technology, Tech business units to buy the idea of
Mahindra cloud itself. We don’t practice
charging back our business
As a first stepping stone to private cloud, I would suggest that units for the IT services
an organization must start by looking out for opportunities to rendered to them by my
virtualize server farms. Anything that comes for any new Tech group, TIM (Technical
Mahindra site is now on a virtualized stack and there are simply Infrastructure
no exceptions to it. Another important thing is to rationalize Management). The
your application stack, we did an internal study of our problem is that everyone
application stack and found out that we had about 42 percent wants a piece of hardware
of applications which were seldom used but they were eating dedicated to them not
valuable company resources. worrying about cost too
I am better equipped and informed today and can quickly much. We worked out a
take a decision to keep an application on-premise or off- cost structure of IT services offered
premise. If you want to get ready for private cloud tomorrow to various business units and starting showing them how much
start thinking of introducing hardware standardization when these services cost based on their consumption.
buying new hardware, keeping limited room for exceptions. This notion of ‘theoretical chargeback’ helped us convince
About two years back, we decided to buy standardized hardware them stick to the idea of not going for an exception. I must
only, which has proven to be cost-effective to us in terms admit that the business unit heads really supported us when
of management and procurement. We are now working on we told them how much they were investing on the IT services
centralizing and automating the management piece of it. Our by doing exceptions. My team faced some teething issues
information systems teams are relooking at IT processes to of building capacity on managing cloud so we had to invest
orchestrate appropriately. in sending them to trainings. While we are building skills
It is also equally important to look at your processes and internally for cloud, our resource management group is in sync
complete lifecycle of rending services to business. If your IT with our future cloud related requirements and is mandated
resource demands are not really elastic or cyclic you would be to hire resources appropriately. Lastly, while rationalizing
better off waiting for some more time before deploying your applications the teams have been asked to carefully look at
own private cloud. I suggest building a catalog of services as the frameworks the applications are dependent on. My team
we did, to attach cost and SLA to each service and then do an has implemented an open source private cloud solution in
analysis of various business units’ cost consumption. This is a one of our biggest data centers based in the Western part of
great tool to find out if a certain area of business or a business India to address typical vendor lock-in issues related to private
unit is proving to be more profitable to the organization cloud. Our developers are building new applications for the
compared to other businesses. This may help the top cloud which are not dependent on vendor’s cloud tools and are
management in focusing on that piece of business, though this framework agnostic as much as possible.
is not the only thing to look at to be able to take a decision in Keep in mind that the play is public cloud in future so,
this area, but this is a good way to show at least in theory what private cloud is really just a stepping stone in the journey. Tech
the IT costs are, for a particular line of business. Mahindra is operating in hybrid model today wherein we are
The biggest challenge for Tech Mahindra was to convince running a mix of private, public and non-cloud based services.
march 2011 i n f o r m at i o n w e e k 25
Dr Deven Shah, HOD, IT Department, Sardar Patel Institute of Technology
We used a cache system to improve user experience. For example, when a user launches a
virtual machine he has to wait for some time (loading and booting time), till he gets access
to it. To reduce the time, we included a cache system where lab administrators can cache
virtual machines depending upon the anticipated usage
26 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story
They say marriages are made in forming their own partner ecosystems. their channel programs to include
heaven. Well, great partnerships in In a partner ecosystem various service providers.
the IT industry occur more down to partner entities bring their technologies Take the case of NetApp, a vendor
earth, like in the clouds. While Indian and products together and back this of enterprise storage systems and
enterprises are yet to migrate to the with their combined strengths in technologies. In 2010 NetApp extended
cloud in droves, cloud enablers and integration, technology consulting, its channel partner program to include
solutions providers are hard at work services, sales and marketing. The cloud service providers. It works
getting their solutions and platforms result: a win-win situation for all closely with service providers like HCL
ready. We spoke to various entities in entities, and a-one-stop shop for Infosystems.
the industry about their partnerships customers, backed by a single SLA and a A release from NetApp says service
and strategic alliances—they all single point of support. providers who join the NetApp Partner
emphasized the importance of tightly Let’s talk about the technology Program benefit by “gaining access
integrating all pieces of the cloud vendors first. The traditional approach to a wide range of unique tools and
offering. And to make this possible is to sell products to customers through programs delivered by NetApp.” This
vendors and service providers are the channel. Now vendors are extending includes technical training and service
28 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
benefits, as well as marketing and sales “We help service providers ‘productize’
support. We elaborate later in this
their services based on NetApp
article.
The new trend is summarized technology.We help them reduce the time
well by George Paul, Executive Vice- to market by sharing best practices”
President, HCL Infosystems. “Gone are
the days where the complete vertical
integration came from one organization. Rajesh Awasthi, Director- Telecom and Cloud Service
Today you have the product and Provider, NetApp
technology players. Then there are
experts in the areas of middleware, SI, for these services and even offers a Informs Ganesan Arumugam,
and in the application space. As an SI we development fund for service providers. Director–Partners, VMware India,
design the solution, take this technology And finally, it does a joint go-to-market “VMware owes much of its success to
piece of NetApp and build into it,” said with the service provider (from the sales its global partner ecosystem, which
Paul. perspective). includes more than 1,500 technology
NetApp works closely with SIs, Partners in the ecosystem may partners, more than 2,600 service
telcos and cloud aggregators who also bundle and cross-sell each other’s provider partners and nearly 25,000
deliver cloud services. It assists their offerings. A technology vendor may sell channel partners. VMware teams with
technical operations team to use its the services of an SI or telco to its own industry-leading hardware and software
assets “in an efficient manner” so that customers, for instance. It may use its companies to optimize selected
they “deliver more by using less storage own channel for this purpose, as in the technology and solutions with VMware
capacity”. This is what it calls the case of NetApp. software. Global Alliance Partners
“technical enablement”. These types of partner arrangements integrate their hardware and software
Explaining the unique features of are win-win for all entities in the with VMware technology, support their
its partner program, Rajesh Awasthi, ecosystem as some may not have products running on VMware virtual
Director- Telecom and Cloud Service the expertise in selling, or lack skilled machines and co-sell and/or resell
Provider, NetApp said, “Through this manpower for L2 and L3 support. Such VMware products. Cisco, AMD, Fujitsu,
program we help service providers arrangements can also reduce their IBM, HP are few companies to name
to ‘productize’ some of the services CAPEX drastically. among our global alliance partners.”
based on NetApp technology. We help Apart from using or selling each
them in reducing the time to market by other’s products the partners might also LEVELS OF PARTNERSHIP
sharing the best practices on NetApp go in for a revenue sharing arrangement There are certain partner entities that
technology.” for the product or service that’s focus on their core competencies,
Interestingly, NetApp also offers delivered as a whole to the customer. such as technology consulting or
training for the service provider’s sales Another example is VMware. The systems integration, and depend on
teams, who may be good at selling say, virtualization technology pioneer others for the hosting infrastructure.
voice services, but are not acquainted at works with service providers and has In such instances it is imperative to
selling IT services. This is what it calls established its own partner program work with partners at different levels.
the “sales enablement.” called VMware Service Provider A case in point is Infosys Technologies
Beyond this NetApp works with Program (VSSP). It is positioning VSSP (See Infosys converts cloud threat
the service provider’s marketing team as a framework that allows service and into opportunity in InformationWeek,
for demand generation. It executes hosting providers to consume VMware January 2011.)
joint marketing events for creating virtualization solutions in a way that Infosys offers a plethora of cloud
platforms to create demand generation aligns with their business model. services ranging from its own SaaS
offerings to cloud service aggregation
“Gone are the days where the complete and migration, building private clouds
vertical integration came from one for customers, and cloud service
organization. Today you have product orchestration. Yet it does not build its
own data centers for these services.
and technology players, and experts.” Instead, it has strategic alliances with
over 20 partners at different levels.
Says Vishnu Bhat, Vice President
and Head, Systems Integration,
George Paul, Executive Vice-President, HCL Infosystems Infosys Technologies, “Our strategic
march 2011 i n f o r m at i o n w e e k 29
cover story
partners can be classified in three or “VMware owes its success to its global
four strategic buckets. At one bucket
we have a partner that provides
partner ecosystem, which includes more
infrastructure clouds (IaaS), and the than 1,500 technology partners, more
example is Amazon. At another level than 2,600 service provider partners and
we partner with PaaS providers like
nearly 25,000 channel partners.”
Microsoft (Azure). The third bucket
comprises technology providers such as
IBM, HP, CA, Novell, VMware, Salesforce.
Ganesan Arumugam, Director – Partners, VMware India
com and Hitachi Data Systems. We
also work with third parties to bring in
SaaS offerings. It could also be our own sector. According to estimates, there applications like ERP through a
applications (like HR-in-a-box) or theirs.” are 14 million small and medium-sized SaaS-based model. Partners from the
Tata Communications has an businesses in the country. It is also IT industry are also doing the cloud-
alliance with Google to deliver its own aspiring for 25 percent of the Indian enablement for the telecos, as is the
SaaS products. In October 2010 Tata cloud computing market, which will soon case with Bharti Airtel.
Communications launched InstaApps be worth USD 1 billion. Says Kunwar Kishore, Head of Data
and InstaCompute (both are public cloud Over the years the telecom Centres - Bharti Airtel, “When you are
offerings). InstaApps is built on the companies (telcos) invested heavily working with best of breed partners the
Google Apps platform. These apps will in data center infrastructure and are ecosystem is the key. In the ecosystem
soon be adapted for private clouds. skilled at offering voice services. But you need the virtualization fabric and
“Being a network provider Tata with the ARPU for voice calls shrinking for this we partner with VMware. You
Communications wants to leverage on every year telecos are looking at data also need compute and storage fabrics.
its global networking expertise and offer services to recover these investments. And you need a service provider who
IaaS and SaaS services for SMBs out However, they may lack the expertise in can tie all that together. While most
of its data centers in Hyderabad, and offering IT services, and hence depend of the telcos have chosen to do this
soon in Singapore. We will partner with on an ecosystem of partners from the IT themselves, we have partnered with
an SI for the integration services,” said industry. Savvis. They offer managed hosting
David Wirt, Global Product Head, Tata For instance Infosys helped Aircel services, Web hosting and cloud
Communications. launch its mobile app store last year. computing.”
Tata Communications is pursuing And telecos are now talking to software Bharti Airtel’s enterprise customers
the lucrative opportunity in India’s SMB vendors for offering enterprise will also benefit from this partnership.
30 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story
They will now have a user-friendly front- “In the ecosystem you need the
end, a monitoring mechanism, and the
virtual fabric.
virtualization fabric.You also need
“They will be able to easily move the compute and storage fabrics. And you
virtual instances from one geography to need a service provider who can tie all
another, because they are on the same
that together”
fabric,” said Kishore.
CONCLUSION
In the next few months we will see more
There are certain partner entities that focus on cloud services for enterprises. The
their core competencies, such as technology service providers and their partners are
going to make it easier for businesses
consulting or systems integration, and depend on
to cloud enable their applications and
others for the hosting infrastructure processes.
We’ll also see radical changes in
channel programs and the way vendors
have to recruit skilled manpower. They and enterprise customers,” informed and service providers sell cloud services
would only have to focus on taking Fernandes. to customers. It’s clear that the SMB
these services to customers. So they sector will benefit immensely from
can increase the average revenue per POINT OF ACCOUNTABILITY these partnerships and gain more
user (ARPU). So service providers do In an ecosystem of partners one of confidence to embrace the cloud.
not need to invest into the technology, the players becomes the single point While some may have reservations
or for highly skilled manpower. There is of accountability who is responsible about cloud security, some aver that
no CAPEX for them.” for quality of service and support for security in the cloud will be on par or
iManage offers a plethora of the customer. That means he is also better than what’s available on-premise.
services that include technology liable for the performance issues of After all, the cloud service providers
consulting, compliance based the products or services from other will have to uphold their reputation.
consulting, and subscription-based partners. How does the key partner And great partnerships, water-tight
managed IT services. It also offers cloud manage this and back it with SLAs? integration and trust that happen—
computing through SaaS and PaaS “The strength of the relationship wright here on earth! n
models. It presents a range of managed with the partners becomes extremely
services for micro-SMBs, SMBs and important here. A lot of this will be
large enterprises. backed by a strong agreement with
iManage wants to make it simple our partners. When you work with an Brian Pereira (brian.pereira@ubm.com)
for customers to help themselves to its ecosystem of partners it is important
32 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story
They say a bird is born twice. Once, in their spare time. There are 36,000 our total customer base to reach 285
when it comes out of the egg. Once members in its India Developer plus by end of this fiscal,” says Sukumar
again, when it begins to fly. Consider Community developing applications on R, General Manager-Sales, Ramco
this, in the context of cloud computing. Force.com. Systems. Some of Ramco’s customers
Given the buzzword it has become, SaaS-based ERP market in India is for Ramco OnDemand ERP are Birla
cloud is certainly born and has come out also picking up, reaching to the tune of Tyres, RTE, Srinisons, and Lubrizol
of the shell. But are the clouds soaring USD 7 million (2.2 percent of the overall among others.
high on the Indian skies yet? USD 310 million ERP market in India). Microsoft, world’s largest software
According to India based research According to a survey, only 6 percent maker, was quick to move on to the
firm Zinnov, the total cloud computing of organizations implementing ERP cloud route. Today the company
market in India will grow almost were deploying SaaS options in 2009. claims to have around 40 million paid
ten-fold to USD 1 billion by 2015 from However, this number nearly tripled to customers globally for its cloud-based
USD 110 million today. The report said 17 percent in 2010. In addition to the 17 solutions, some of which include BPOS,
that in the cloud computing market percent that deployed SaaS solutions, O365, Windows Intune, and CRM Online.
in India, software-as-a-service (SaaS) another 24 percent implemented ERP “BPOS in India already has 1,300
has witnessed the most rapid uptake systems that are hosted off-site or in customers on board and we are adding
so far. As components of the overall the cloud. In other words, nearly half 50-100 customers per month. HCL,
cloud market, SaaS in India is likely to of the companies implementing new Infosys, and Wipro are among the
reach a mark of USD 650 million by enterprise software are doing so in the leading partners to provide value-
2015, while platform-as-a-service (PaaS) cloud. added services. We have over 700 plus
and infrastructure-as-a-service (IaaS) Ramco launched its cloud-based partners reselling BPOS,” says Pallavi
markets cumulatively would touch USD ERP–Ramco OnDemand ERP (RODE) Kathuria, Director, Server Business
434 million each by then. in 2008. In September last year, the Group, Microsoft India. Some of its
One of the first milestones for company announced the launch of customers in India include Lavasa,
cloud computing was the inception of RODE 2.0, with significant addition of ACME Tele Power, Dabur, among others.
Salesforce.com in 1999, which pioneered functionalities, features, and modules. Microsoft is devoting a lot of its
the model of delivering enterprise “Currently we have over 2,000 users energy to the cloud. The software
applications through a simple website. from 300 plus client organizations for major’s chief Steve Balmer has claimed
Since then, Salesforce.com has become our ERP on the cloud. We are expecting many times that computing is moving
the poster boy for the SaaS industry.
Realizing the nascent cloud opportunity, “The private cloud will see high adoption
Salesforce.com made its foray into the by large enterprises going forward. The
Indian market in 2005. Many of India’s
hybrid cloud archiving model will be
leading systems integrators such as
TCS, Wipro, and Infosys have become adopted to enable organizations to use
alliance partners of Salesforce.com. hosted messaging services”
The company’s flagship PaaS offering
Force.com offers a huge opportunity
to entrepreneurial developers working Anand Naik, Director, Systems Engineering, Symantec
march 2011 i n f o r m at i o n w e e k 33
cover story
34 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
based models. “We are strongly focused public cloud or private cloud or is it a The type of cloud depends on
on this market in India, with almost mix of both? “Cloud is not a ‘one-size- the type of organization. “The SMEs
32-34 percent of SAP’s business coming fits-all’ proposition,” says Prem Nithin, embrace public cloud while the
from SMEs with 70 percent of our new Principal Consultant, Cisco India and large enterprises have taken the
customers being ‘below Rs 100-crore’ SAARC. “The right approach depends on journey to private cloud, taking the
companies,” says Madhur. the organization’s needs and priorities. virtualization route. The public cloud
Industry experts believe cloud Different service and deployment is about buying the infrastructure
computing will be the way forward models can be adopted to match the or software as a service from the
for SME units because of its greater requirements of applications across the service providers. Private cloud is
flexibility in terms of usage. “Reduction business.” applying the cloud principles that is
in costs and capital equipment
expenditure in terms of hardware and
software has been one of the main “Enterprises may use public clouds for burst or
drivers in the adoption of cloud services
by SMEs. A reduction on the energy peak capacity and for selected services. However,
dependence in enterprises by doing these organizations often require a higher degree
away with data centers and reliance
on a virtualized and shared dynamic of control over their data, applications, and systems
infrastructure is another reason driving than current public clouds allow ”
adoption,” adds Madhur.
Companies like Ramco, which
initially focused only on the SME While enterprises may witness detaching the applications from the
segment, started catering to the large tangible benefits in using public clouds, underlying infrastructure and running
enterprises as the market and product Cisco expects private and hybrid them on a virtual OS/cloud OS within
started maturing. “The reasons why an cloud models to be more common. the enterprise data center,” says
SME chooses cloud ERP are for greater “Enterprises may use public clouds for Sarv Saravanan, Vice President and
control of business in a cost-effective burst or peak capacity and for selected Managing Director, EMC India CoE.
manner while a larger enterprise services. However, these organizations EMC, one of the world’s largest data
will choose cloud ERP to avoid the often require a higher degree of control storage companies, began its journey
difficulties attached with constant over their data, applications, and to the private cloud as early as 2004 to
upgrades, maintenance, IT staff and so systems than current public clouds address its IT challenges like unrelenting
on,” says Sukumar R of Ramco Systems. allow. At scale, a private cloud offers the growth of applications, servers, and
“We have seen that size of an enterprise efficiency and agility of a public cloud storage arrays in the data center. The
is not a limiting factor. If they feel without the loss of control,” says Nithin. deployment of this journey was done in
there is a need for a flexible and agile According to a report by the SME three phases: IT production, business
solution, they will move to a solution Chamber of India, most of the SMEs production and IT-as-a-service. EMC
which offers it. Turnover is actually are expected to go in for public cloud claims the adoptin of private cloud has
not a dimension; it’s the need of the initially due to concerns about the initial resulted in a saving of USD 104.5 million
application which is making companies investment required in this technology. including an estimated USD 88.3 million
go for Ramco OnDemand ERP.” “SMEs are looking for delivered services in capital equipment cost avoidance
or public cloud services, whereas large and USD 16.2 million of operating cost
ONE-SIZE-FITS-ALL enterprises are looking more at a secure reduction due to increased data center
The next question is which model of and customized private cloud service,” power, cooling and space efficiency.
cloud has seen more adoption. Is it says Mudiam of IBM. For large enterprises, the decision
to go in for cloud computing is a big one
“We are strongly focused on this market as concerns like data control, security
in India, with almost 32-34 percent of and management are issues that need
SAP’s business coming from SMEs with to be addressed. “Hence, the private
cloud or the hybrid model will see high
70 percent of our new customers being adoption by large enterprises going
‘below Rs 100-crore’ companies” forward,” says Anand Naik, Director,
Systems Engineering, Symantec. “The
hybrid cloud archiving model will also
Rohit Madhur, Director - Business ByDesign, SAP India be adopted to enable organizations to
march 2011 i n f o r m at i o n w e e k 35
cover story
use hosted messaging services while being lost or stolen. The security standards, and interoperability between
keeping their archives on-premise to practices of the service provider are cloud vendors are some of the factors
drive cost out of the discovery process, another challenge facing potential that would drive mass adoption of
maintain strict access to data, and cloud adopters. “Secure access when cloud,” says Mudiam of IBM.
define who is searching it and where connecting to cloud services—such as
they are sending requests.” authentication/authorization, endpoint THE SILVER LINING
security validation and security in the Cloud is a disruptive technology just
CLOUD BRAKES data center need to be in place before like the Internet. If not in and of itself, it
While cloud computing is known to enterprises zero in on a cloud vendor,” is surely a disruptive IT delivery model
provide significant cost savings and says Naik of Symantec. that has the potential to transform the
efficiencies to companies, security is However, with high levels of security way IT services (software, infrastructure
one of the prime concerns holding back being offered by most cloud vendors and platform) are delivered. In the
full-scale adoption of cloud. According today, CIOs are increasingly becoming months to come, cloud computing will
to the 2010 Symantec Disaster Recovery more receptive to cloud adoption. see a steep growth.
survey India findings, 41 percent of the Adoption of cloud by data-sensitive “Our conversations with customers
respondents indicated that security verticals like BFSI is an indication of have long moved from ‘what/why’ of a
was their biggest concern while putting this change in mindset. According to cloud to ‘how/when’,” says Mudiam of IBM.
applications on the cloud. The Symantec a ‘Cloud Survey Report’ by VMware in Given the huge base of SMEs, India
Enterprise Security Survey 2010 – association with Springboard Research, is well positioned and on track to gain a
Millennial Mobile Workforce and Data after the IT/ITeS sector (the obvious majority share of the global cloud pie.
Loss, reveals that nearly one in four adopters of any profitable technology), Cloud computing today is a reality in
Indian enterprises feel cloud computing the second largest sector interested in India and the number of customers is
increases the risk of losing data, and cloud adoption is BFSI. Other verticals growing by the day. The weather surely
27 percent feel it makes it harder to that are seeing high cloud adoption looks cloudy and clouds are finally
prevent/react to data loss. in India include manufacturing, soaring high on the Indian skies! n
A concern with enterprises telecom, government, education, retail,
considering cloud computing is the healthcare, and transportation, the
fear of data being transmitted and report said.
stored by the cloud service provider, “More education on the benefits of Ayushman Baruah (ayushman.baruah@ubm.com)
keeping it safe, preventing it from cloud, government regulations, cloud
IDC India
According to market intelligence and advisory firm IDC’s India Cloud Computing Market: Current State and Future Roadmap Study
2010, the Indian Public Cloud Computing market was estimated to be USD 66.7 million in 2009 and projected to grow at a compounded
annual growth rate of 40 percent over the next five years to 2014.
36 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
cover story
By Srikanth RP
Nustreet Technologies: The business owner needs help to put in processes and systems
Finding fortune at the so that he can scale effectively. The most optimal way to do this
Bottom of the Pyramid is to leverage IT,” informs Parthasarathy.
Nustreet Technologies calls itself a This is a niche segment, that has not been effectively
‘Cloudware Applications Company’, with a focus
tapped by existing vendors. When compared on a price-feature-
on providing simple business applications for
value scale, most of the existing solutions fail to meet primary
SMBs. Unlike the majority of the SaaS players,
business needs due to the inherent complexity and usage of
who have targeted a broad market such as HR or Healthcare – rolling out enterprise software products. Parthasarathy says
Nustreet specializes in building highly targeted micro vertical
that the price point, expensive support programs, and even
applications. For example, instead of a broad category such as
more formidable upgrade programs make it a nonstarter for
discreet manufacturing, it has built a specialized application for
the small business owner.
companies in the forging business. Nustreet wants to straddle this vaccum with its portfolio of
“The needs of companies in the forging industry micro verticalized applications.
are distinct from the needs of companies in the foundry “An SME business owner, today, is highly pressed for time,
manufacturing business or the sheet metal business. Each constantly on the move and often single-handedly managing
business follows a unique process, and needs a different all aspects of his growing business. He needs information on
approach,” explains S Parthasarathy, Chief technology officer,
his fingertips on how his business is performing, on a set of
Nustreet Technologies, on the need for a micro vertical key parameters very specific to his business. For instance,
approach. a spinning mill owner wants to know his yarn realization
Nustreet Technologies currently has six applications in numbers, a hospital administrator wants to know his revenue-
the market - NuCare for small & medium hospitals, NuLabs forper-patient-bed, while a forging company owner may want to
Stand-alone diagnostic labs, NuSpin for Yarn Spinning Mills,track his on-time delivery. We want to address this need of SME
NuForge for forging companies, NuWorks for Engineering owners through our portfolio of highly targeted, micro vertical
workshops, and NuSheets for Metal Fabrication companies. Theapplications,” explains Parthasarathy. The success of this
company is in the process of building and rolling out an array of
approach can be seen from the fact that the firm already has
several such applications across other industry clusters. 50 customers, that use its cloud-based solutions.
The firm’s objective is simple — address the unique needs of NuStreet applications are offered in partnership with
entrepreneurs or SMBs with unique solutions. Microsoft on the Windows Azure cloud. This is offered in a
“The bottom-of-the-pyramid in the case of business subscription business model, so that customers can use the
consumers are the SMEs — companies
with less than 250 employees today. “The cloud is to SMBs today what
These companies dominate the business the cellphone was to most of us a
landscape, particularly those of emerging
economies like India. This segment has
decade back. The cloud gives SMBs the
the highest growth potential as these oprtunity to leapfrog technologies”
economies scale. Many of them have the
aspiration, expertise, and today, the right
market condition to move to the next level.
However they need a leg up to get there. S Parthasarathy, CTO, Nustreet Technologies
38 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
application immediately, with very minimal upfront investments challenges that any new idea encounters.
in hardware or software licenses. For delivering relevant cloud With this in mind, and the fact that the firm had to
services, the firm has built each application collaboratively with provision for SaaS based services, Mediology wanted to ensure
experts from specific microvertical clusters. that they could provide economies of scale and flexibility
Today, the cloud has improved Nustreet’s ability to reach when the idea gained traction, without investing large capital
out to more customers at an accelerated pace. In addition, as expenditure in the computing hardware. Using AWS provided
the whole model is now on OPEX than CAPEX, it has improved the firm unparalleled scalability and flexibility, which in turn
the firm’s ability to preserve cash — a vital requirement for helped in overcoming infrastructure challenges.
a new company. This in turn, has given the firm a greater Manish Dhingra, Director, Mediology, explains the
capability in rolling out new products. advantage of unparalleled scalability with the help of an
When asked what the cloud is for SMBs, Parthasarathy example. “As part of our core digitization stack, we need to
echoes a thought, which may become an oft repeated quote enable our customers to process their Pre-Press PDF files in a
whenever the topic of cloud computing for SMBs comes up for quick turnaround time. Hence the ability to scale our instances
discussion. Says Parthasarathy, “The cloud is to SMBs today, to match those response levels was a key business challenge.
what the cellphone was to most of us a decade back.” Due to the elasticity of AWS cloud platform, we have been
Parthasarathy says that in the earlier days, getting a able to effectively address this time critical requirement of our
phone connection in India was so cumbersome that most of us customers.”
ended up not using phones. He believes that small businesses Without AWS, the firm would have to purchase hardware
face a similar situation today, and most of them are left out of and spend time in setting up its own servers in a data centre or
the IT revolution. Today, not using a cellphone is considered rent server space on a yearly basis from IT vendors.
unthinkable. Can the same revolution happen in the adoption “Traditional options would have been sub-optimal to our
of IT by small businesses due to the cloud? Nustreet believes requirements as it would mean locking us in a long-term data
that the transformation will happen, and therein lies a massive centre contract that would have cost at least USD 20,000 of
business opportunity. capital expense to provision servers and take care of redundant
storage even before launching our business. For a data centre
rental of 42U space with 3 KVA redundant power, cooling
Mediology Software: and bandwidth would have cost us USD 2,500 per month. In
Publishing on the cloud addition, the time lag associated with the procurements and
The Internet has revolutionized the dependency on a fixed infrastructure would have made it highly
publishing business. Today, established improbable to scale our business as we grew,” explains Dhingra.
newspapers compete with bloggers, tweeters The firm estimates that the traditional way would have cost
and small publishers for mindshare. With the the firm USD 30,000 per annum. It also estimates that the time
Internet becoming a significant contributor spent to set up and maintain those servers would be around 24
to current revenues and future growth plans, established man-months, which is equivalent to another expense of USD
media firms need a quick way to leverage technology to their 20,000.
advantage. “AWS helps us to avoid incurring CAPEX in the old model of
Identifying this trend in the publishing industry early, IT, and turn that into OPEX using the cloud. The total estimated
Mediology Software introduced an innovative way of creating cost avoidance by starting our business immediately with
a virtual world for publishing houses to reach out to their AWS cloud platform is about USD 70,000 per annum. More
audiences. The firm has a SaaS solution on Amazon Web importantly, it gives us the business agility to scale as we grow.
Services (AWS) cloud that enables print publishers to digitize It also helps in channelizing precious funds, human resources
their print content, add social media interactivity and distribute and time to develop our core business,” explains Dhingra on
the content via web and mobile devices. Overall, this helps why the cloud model is perfect for a startup like Mediology.
media companies to increase content circulation, aid better For its innovative business model, Mediology was
tracking, improve monetization, and
achieve greater demographic classification “The total estimated cost avoidance by
of their reader base. starting our business immediately with
For a startup firm, leveraging the
cloud makes perfect sense. The nature
the cloud platform is about USD 70,000
of the media business is built on the sole per annum. More importantly, it gives us
premise of “Economies of Scale.” Hence the business agility to scale as we grow”
during the initial period which was more
of a transitory and that of accepting the
changing paradigms, the firm had to face Manish Dhingra, Director, Mediology
march 2011 i n f o r m at i o n w e e k 39
cover story
recognized as one of the seven finalists and the only one from “The Global Energy Management Center (GEMC) can
the APAC region at the Amazon Web Services (AWS) Start-Up help companies monitor energy consumption patterns from
Challenge, a global competition that encourages start-up multiple sources. These patterns can be further analyzed for
companies to leverage the AWS cloud platform. usage, cost, and carbon footprint in a number of ways that
help in optimizing energy. The center is uniquely positioned
to service the clients across the globe by deploying a Remote
ACME Tele Power: Control Unit that has the capabilities to communicate to a
Energy Management as a cloud-based architecture. The entire application is developed
service on Microsoft Application Framework by using Google API’s,”
Even as energy consumption continues to explains Satyadev Adurti, VP-IT for ACME Telepower, who is
rise at an alarming rate, there has been also responsible for the Global Energy Monitoring Center.
no standardized approach to cut down energy Similar to a remote NOC, the Global Energy Management
consumption at a global level. Apart from center has the ability to monitor energy demand and supply.
innovative companies such as Infosys and Wipro, Using an internal proprietary framework of ACME, the firm
there have been extremely few examples of companies who identifies gaps in production of energy, and tries to optimize
have managed to cut down their energy consumption levels various points in the energy production cycle.
on a sustained basis. The energy analysis team does a dipstick study remotely
Can IT manage and monitor energy consumption patterns to identify various circuits’ consumption patterns. The
of companies the same way as IT infrastructure is managed consumption patterns are then analyzed with the kind of
today? In other words, can energy management be offered as equipment connected to the entire chain and the equipment
a service? efficiency ratings. The efficiency ratings are further analyzed
An innovative Indian company, ACME Tele Power is doing to see any leakage in the entire circuit. ACME then uses an
just that, by creating a ‘Global Energy Management Center’. optimizer tool to generate the gaps.
Similar to the way IT infrastructure is managed today, the firm “Upon identifying the gaps, we propose optimization work
wants to replicate this model to the management of energy at at various levels. This entire activity is performed month-on-
a global level. month to ensure continuous improvements in both production
40 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
“The Global Energy Management As audio games have the potential
of becoming a high value and high
Center can help companies monitor
volume industry, the cloud is the perfect
energy consumption patterns from delivery model.
multiple sources” The ability of the cloud in scaling
up quickly with minimum effort can
be seen from Dialify’s example. Today,
even though Dialify is just a 3-person
Satyadev Adurti, VP-IT, ACME Telepower company, it has been able to deploy and
maintain platforms across multiple large
service providers without a huge effort.
cycles and utilization cycles,” explains Adurti. “In terms of cost effectiveness, we have been able to
To analyze energy supply and demand, the system looks roll our products to multiple carrier networks without any
at downstream inputs like fuel consumption, solar radiation, CAPEX. More importantly, we have been able to sustain
wind patterns and weather inputs to optimize production operations over the past two quarters, without having to
cycles. expand our team, due to the online management offered
What is significant about this model is that the equipment by AWS. Time to be market-wise, we are able to deploy our
directly communicates with a cloud-based infrastructure. applications to new markets within a week in most cases,
This is used by the firm to monitor energy production and whereas in a more traditional physical infrastructure rollout
consumption patterns on a real-time basis. The center this would have been in months,” says Nikhil Soman, Founder,
has deployed a LED video wall that can display real time Dialify Technologies.
monitoring of sites across the globe. Without the cloud, a firm like Dialify would be restrained
When you consider the volume of data flowing in from by the limitations imposed due to budgetary constraints or in
different parts of the globe, the cloud-based infrastructure buying new infrastructure. Today, the cloud has given the firm
seems like a perfect fit. The cloud model has also cut down new wings to fly and expand in new markets.
the time and cost of deployment. For instance, compared to a “Telecom application margins are extremely low. By
traditional form of deployment, the cloud-based solution has standardizing on Amazon Web Services, we have been able
cut down its deployment time by a massive 60 percent. to provide a unique service to carriers and consumers at
If one looks at the landscape, every possible enterprise extremely low costs, leading to higher adoption numbers. Our
can be a customer of ACME Telepower. As the firm already applications are the first movers in the segment and building
has a proven track record in telecom, it has started off with awareness and driving sampling remains our highest priority.
monitoring energy needs of cell towers. AWS based-infrastructure has helped us demonstrate and
ACME Telepower is running a pilot for Aircel for 450 sites, prove scalable deployments which otherwise were a function
wherein it will manage and optimize energy requirements. of significant investments,” informs Soman on the viability of
Looking at the scale of opportunities, the firm is initially a cloud-based model for startups.
targeting enterprises in the telecom, real estate and utility
space. In the future, it is targeting enterprises in the retail,
logistics and banking domain. 8KMiles:
The idea of remotely monitoring global energy Virtual outsourcing
management patterns is an extremely exciting value ecosystem
proposition for enterprises that are struggling to meet their 8KMiles is perhaps the perfect example
energy consumption needs cost effectively. With a cloud- of the power of collaboration that a cloud-
based solution, ACME Telepower has the potential to bring based model can achieve. The firm has
about a similar revolution that was brought in by players in pioneered a unique outsourcing model by
the remote IT infrastructure management space. leveraging the cloud. Aptly called ‘cloudsourcing’, the model
allows firms to get on-demand access to dependable remote
talent and infrastructure.
Dialify Technologies: While large organizations have the luxury of inviting
Audio Gaming via the cloud hundreds of IT companies for bidding for IT-based projects,
Focused on the niche but fast growing small companies do not have the required knowledge or
field of audio games, Dialify builds choice. Due to their small budgets, most of these companies
applications and social games on AWS cloud, are not on the radar of large companies. The firm believes
with dynamic audio interfaces for easy delivery that there is a huge opportunity in addressing the unique
over telecommunication networks in India. needs of SMBs, by using the cloud.
march 2011 i n f o r m at i o n w e e k 41
cover story
“The cloud has helped in leveling the explaining on how the cloud has helped
playing field for companies such as ours his company scale rapidly.
to build businesses and compete in the The success of a company like
8KMiles is also a case in point to
global marketplace” understand how the Internet can help
even small companies compete against
the big players.
“The AWS cloud has helped in
Harish Ganesan, Co- founder and CTO, 8KMiles leveling the playing field for companies
such as ours to build businesses and
“We provide a distributed development platform that compete in the global marketplace.
blends a global talent marketplace with collaboration tools We are now able to offer to businesses across the world our
and cloud infrastructure. This allows businesses to hire innovative end-to-end Virtual Sourcing Model solution on
technology talent on-demand, and have them work on the cloud. Any business can come to 8KMiles.com to hire
cloud-based infrastructure using our pre-configured remote the technology talent anytime they need, and access cloud-
desktops and servers for development and testing,” explains based infrastructure for their development or testing needs
Harish Ganesan, Co- founder and Chief Technology Officer, almost instantly. Once their applications are ready, 8KMiles
8KMiles. can help them seamlessly deploy their applications and go
The 8KMiles platform provides SMBs access to verified live on the AWS cloud. All of this captures the essence of the
quality talent, in addition to pre-built infrastructure delivered cloud – that is being on-demand, pay-as-you-use, infinitely
using the cloud. SMBs, can for example, build their own scalable and more crucially, allowing you to focus on core
testing and development teams and collaborate with them. competencies and innovate quickly,” explains Ganeshan on
For example, a concept called Projectspace helps remote how the cloud can truly transform business models.
providers work as if they were in the same office with video
conferencing, document sharing and status tracking tools.
The firm has been one of the early adopters of AWS, QID Technologies:
and has achieved a lot of flexibility by moving its RFID as a Service
application to AWS. A year back, when we asked a CIO of a
8KMiles’s Virtual Computing Environment (VCE) also leading retail firm, his thoughts on using
uses AWS extensively to deliver remote desktops and test/ RFID, he had just one simple answer – while
development environments for globally distributed teams. the cost of the RFID tag has been reducing
“Our core offering, 8KMiles’ VCE provides pre-configured year-on-year, the overall cost from an Indian
remote desktops and servers on demand. We wanted the context was still prohibitive, and did not offer a business
whole desktop/server delivery to be automated, just in time case for mass deployment.
with almost zero upfront infrastructure investment, with the As one can see, RFID is the perfect example of a brilliant
ability to support a wide range of customizable technology technology, which has not yet found the level of success due
stacks,” explains Ganesan. to its prohibitive cost of deployment. To tackle the high cost
The firm moved its entire web application to AWS in of deploying RFID, an Indian firm, QuantumID Technologies
early 2008 and realized a direct 40 percent reduction in its (QID), has come up with an interesting innovation. The firm
monthly recurring costs. The usage of AWS infrastructure offers ‘RFID-as-a-service’ wherein it offers a complete RFID
cloud platform combined with automation has substantially solution – the hardware, software, and the implementation
reduced the load on its IT infrastructure team, enabling it to on a pay-per-transaction model.
focus its time on the core business. “Instead of spending on CAPEX, retail firms can use
“By using AWS, we were able to try
out proof-of-concepts and experiment
our ideas very quickly and easily, and “Due to the cloud, we can scale up by
pay only for what we use. We were more than 30-40 times without worrying
also able to bring in scalability and about the cost of infrastructure.We
elasticity at the early stages of our
web application design by utilizing
are also able to bring down the cost of
the on-demand pricing model of AWS, deploying RFID”
accelerating our speed-to-market that
helped us achieve our business success
much more quickly,” says Ganeshan Prasanna Gogwekar, COO, QID Technologies
42 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
our model to deploy RFID. The pay- “After moving to Amazon Web Services,
per-transaction model ensures that it our traffic has increased more than
becomes a part of their revenue,” opines three fold.We are now able to launch
Prasanna Gogwekar, COO, QID.
To ensure scalability, QID has
multiple products for bus operators on
enabled its data storage layer associated a SaaS model ”
with its RFID ACT system (Automated
Cargo tracking) on the Microsoft Azure
Platform. The cloud platform is ideal Charan Padmaraju, Co-founder and CTO, redBus
for a closed loop supply chain process.
In these scenarios, data storage requirements can be huge our servers and it took two days. On another occasion,
when you consider that hundreds or maybe thousands of the memory size wasn’t enough to service the work load,
RFID tags are read multiple times at different points in the the process to upgrade took more than a month and our
supply chain. business took a hit,” states Charan Padmaraju, Co-founder
The cloud model gives QID the ability to scale up storage and CTO, redBus.
needs as business volumes grow. “The cloud is central to To address the constraints of infrastructure, the firm
our business. From a scale point of view, we can scale up by decided to move its entire infrastructure to AWS. Post
more than 30-40 times without worrying about the cost of deployment, the firm can build any application it wants
infrastructure. Due to the cloud, we are able to bring down using any platform or any programming model or operating
the cost of providing RFID services, and make it a viable system. It has the ability to control the resources, fit them
proposition to the Indian market,” exclaims Gogwekar. into applications as it sees fit and pay per use.
The cloud also gives it the ability to customize the “After moving to AWS, our traffic has increased more
solution according to different industry verticals. For than three-fold. We are now able to launch multiple products
example, in certain industries such as textiles, transactions for bus operators on a SaaS model. This is possible only in a
can be priced per meter, while in other industries cloud platform due to its elasticity and scalability. We have
transactions can be priced per kilogram. also been able to fully tap our analytics requirement with
The RFID-as-a-service model has already been deployed AWS. AWS gives us an overall cost benefit of about 30 to 40
for Kingfisher Cargo, where the solution has been tested out percent,” explains Padmaraju.
for scale for handling thousands of pieces of cargo. Initially, the firm used AWS to build one of its new SaaS
offerings that it delivered to customers. As the experience
was good, the firm decided to move its entire infrastructure
redBus: to AWS. The firm is completely on AWS today, and runs even
Cloud accelerates business its financial management applications on AWS.
delivery
redBus is an Indian travel agency that
specializes in bus travel throughout India by Prime Focus Technologies:
selling bus tickets throughout the country. Cloud based-media process
Tickets are purchased through the outsourcing
company’s Website or through the Web services As new media delivery platforms such
of its agents and partners. The company also offers software as mobile and web emerge, publishers of
on a Software-as-a-Service (SaaS) basis, which gives bus content face a huge challenge in customizing
operators the option of handling their own ticketing and and delivering the content to multiple platforms.
managing their own inventories. Till date, redBus has To address this challenge, an Indian firm, Prime Focus
sold over 2 million bus tickets and has
more than 100 bus operators, using the
software to manage their operations. “The cloud model has allowed us to
Operating in a high volume market, successfully establish a media supply
the firm was not able to service its chain for the industry, linking all partners
customers quickly as it had fixed number
of servers with limited capability.
in the advertising eco-system through
“Procuring a new server or our platform”
upgrading an existing server took more
than two weeks. For example, once
we wanted to open a port on one of R Sankaranarayanan, CEO, Prime Focus Technologies
march 2011 i n f o r m at i o n w e e k 43
cover story
44 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
case study L&T infotech
46 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
case study pennar industries
With the manufacturing industry a track of budgets and expenses, and made easier
evolving from being product-centric to for checking their India performance as l Better traceability and accountability
more customer-centric, Pennar required a against sales office-wise performance. of information has been achieved
solution that would help them get closer “A scope had to be defined for the l Automation has made it easier to
to their customers. “There was a need for implementation, that was both thorough track and retrieve information at any
a cloud-based distributed solution that and could be accomplished in the limited given point of time
was both location-independent and would period of time, that the company had set l Report generation and database
offer our sales team flexibility in order for implementation. Defining the scope maintenance is simpler and far more
entry, customer follow-up and project was a challenge. Our implementation effective n
management interaction,” says Aditya partner Intelligroup’s assistance was vital
Rao, Director - New Projects at Pennar in helping us overcome this challenge,” Ayushman Baruah (ayushman.baruah@ubm.com)
Industries. says Rao.
march 2011 i n f o r m at i o n w e e k 47
case study IntraSoft Technologies
48 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
opinion
Parag Arora / Cisco India
50 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
opinion
Vikram Watave / Patni
march 2011 i n f o r m at i o n w e e k 51
opinion
52 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
CISO Perspective
The Cloud Security Alliance describes technology world, it’s just a matter provider must be done after careful
cloud as the use of a collection of of time before what is being offered consideration of the SLA agreement
services, applications, information, and becomes obsolete and one may be forced and the organization’s security and risk
infrastructure comprised of pools of to upgrade. This can upset financial concerns. To address this issue, granular
compute, network, information, and calculations. and least privileged model of access with
storage resources which can be rapidly Information handling: How is your detailed audit logs is required to assure
orchestrated, provisioned, implemented information being stored, processed transparency and build trust between the
and decommissioned, and scaled up or and delivered? What are the risks and provider and user.
down; providing for an on-demand utility- how can this be minimized? Which Compliance: Trans-border
like model of allocation and consumption. individuals have access to your data? information flow is a very critical
Phew! Quite a mouthful, yet there Do you trust the providers’ outsourced element of the contract as you want
is not one bit of concurrence among vendors to handle your data? Where is to ensure that you have access to
experts. To add to the confusion, there your data stored? What happens to the systems and forensic evidence in case
are some pretty complex decisions to be backup copy of the file you just deleted of any unfortunate events. Careful
made regarding which model of cloud from your cloud storage? What kind of consideration must be given to the
computing one needs to select. Do I use physical security does your provider’s locations of the service provider and
IaaS, PaaS or SaaS? And one is spoiled data centre have? facilities being used to deliver the
for choices at the available deployment Lock in: Many providers may use service as they may exist across various
models: Public Cloud, Private Cloud, proprietary tools and technologies, and geographies. Some of these geographies
Community Cloud or Hybrid Cloud. organizations need to invest time and may not be extremely accommodating to
Today, many organizations are resources to customize the solutions for compliance and regulatory requirements.
exploring the skies and looking to ride their needs and since the cloud is out in In certain cases, privacy regulations of
the cloud in their endeavor to optimize the open, how does one ensure the same certain businesses and geographies may
and reduce costs and also reduce delivery is not made available to competition? not allow the data to be hosted on a
cycles to business. However, most of these This would also mean vendor lock-in and cloud platform as the data is out of your
organizations are struggling to select the duplication of efforts in changing the network.
appropriate vendor. service provider. Certifications: As no standards
Comparing cloud service providers Data location: One needs to have currently exist for security and services
is like comparing clouds in the sky, each clarity on the location of data. After delivered out of the cloud, one will have
one is unique and has its own nuances, all, you cannot secure it if you don’t to rely on existing standards and best
but never the less, organizations should know where it is. This may also become practices.
be clear about the purpose of using a major issue in an event of a disaster
cloud services and its risk appetite. and you require access to your data for Conclusion
In my view, some top concerns on recovery and if necessary, for forensics A sound risk management program is
using the cloud are as follows: examination. required to address the above concerns.
Financial strength: Organizations SLA and audit rights: Many cloud This must ideally start with a detailed
have to check the provider’s financial providers have standard non negotiable information and asset inventory that
ability to deliver the services for a period SLAs that do not allow you to audit their identifies and labels all information
of time for which the contract may be facilities. An organization must look at assets, their owners and importance and
agreed upon. Cloud is a promising and how this will impact their compliance priority of data in an event of a disaster. n
upcoming area and you have to evaluate requirements, as this may lead to
Faraz Ahmed is Head - Information Security,
how you will be impacted if your provider non compliance of certain regulatory
Reliance Life Insurance
is acquired. In the rapidly changing standards. Selection of a service
march 2011 i n f o r m at i o n w e e k 53
opinion
Pallavi Kathuria / Microsoft India
An open cloud
As one of the most disruptive therefore aid in cloud adoption by more designed to be interoperable across
technologies of our times – cloud and more businesses. Clearly, the case data centers. In the past too, there
Computing brings with itself new for promoting openness on the cloud have been broader security guidelines
challenges and goalposts for cannot be stronger for leading cloud from ENISA (European Network and
interoperability on two broad areas vendors. Information Security Agency) and Cloud
— with the existing on-premise IT Data portability is the first element Security Alliance. The Jericho Forum’s
infrastructures, as well as among various of interoperability — which enables Self-assessment Scheme (SAS) is also a
clouds platforms. The promise of this businesses to move their data in and out great example of industry stakeholders
new technology is reduced to a fraction of any cloud application or platform to coming together to address the security
if it does not work with the existing another cloud platform, or even back concerns about cloud adoption.
technologies seamlessly. to an on-premise deployment, without Coming back to the broader topic,
While more and more businesses losing fidelity. Data portability is more the third key attribute of an open cloud
and organizations look to embrace than a fundamental requirement for an is ease of migration and deployment,
cloud computing, one of the pre- open cloud — it is the core assurance which addresses the process of migrating
conditions for any new investment that any business, or a government will existing IT assets to the cloud. Cloud
in a cloud-based solution is that the seek before embracing cloud computing. platforms should provide a secure
latter would supplement the existing IT Secondly, an open cloud platform migration path that preserves existing
infrastructure — instead of creating new and its applications must support as investments and should enable the
silos of applications and data. Businesses many existing and evolving standards co-existence between on-premise
also demand the assurance of data that would make it easier for applications software and cloud services. This will
security and portability. Finally, they and platforms to interconnect. An open enable customers to run “private clouds”
want the ability to migrate their existing cloud platform must support multiple and partners (including hosters) to
applications to the cloud easily without Internet protocols including HTTP, XML, run “partner clouds”, as well as take
having to rewrite the applications SOAP and REST, and other key cloud advantage of public cloud platform
grounds up in a new language that a standards – including Service Oriented services. Finally, a cloud platform is
given cloud platform mandates. Architecture (SOA) frameworks for data open when it offers choice to application
Summing up these three core centers and virtualized systems, web developers to use any programming
requirements as often articulated by standards like SOAP, REST, AtomPub, language or tool of their choice.
businesses, it is easy to see that the core and federated security standards – that While these principles form the
demand is for a cloud platform that is provide the building blocks for open, bedrock of an open cloud platform,
both open and interoperable. According interoperable cloud services. there are a host of initiatives from cloud
to Sanchit Vir Gogia, Associate Research In fact, a healthy industry and user vendors to further help make the end-
Manager at Springboard Research, momentum is already building up for user transition to the cloud easier.
“While cloud computing has gathered laying down security and interoperability Ultimately it is the customers who
much steam in the recent past; CIOs have standards for the cloud. The launch get to benefit from the advantages
identified security and interoperability as of ‘Open Data Centre Alliance’ – a offered by cloud computing, without
key issues impeding rampant adoption. consortium of leading global IT getting hampered by concerns on data
The key is to offer seamless movement managers with over USD 50 billion in security, portability and access. And
across cloud environments and develop collective IT spending was a big step anything that is good for the customers
industry-wide standards that work with forward. The ODCA has released its is good for the IT industry – resulting in a
most vendors and service partners.” usage model roadmap, which includes win-win situation for all. n
In other words, openness and 19 usage models that address technical
interoperability for a cloud platform requirements for data center and
will allow businesses to harness the cloud infrastructure and is based on Pallavi Kathuria is Director – Server Business at
Microsoft India
full potential of cloud computing and open, interoperable solutions. This is
54 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
interview S t e fa n V a n O v e r t v e l d t / M a s t e k
56 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
case study electrotherm
march 2011 i n f o r m at i o n w e e k 57
case study
Challenges
However, the transition to the new
system was not an easy one and the
company faced three challenges. Firstly,
there was resistance from people in the
organization.
“People were suspicious about their
work being monitored as they came on
to the domain. Another challenge was
transitioning a huge base of users,” said
Rahangdale.
Earlier its user base was in a
workgroup environment. It was a
humongous task shifting such a large
user base into an Active Directory
environment. On the technology front,
there was skepticism about the failure
of the new solution, and how that
failure should be addressed through
a fallback plan.
“Lastly, with the older open source
solution, mails were getting lost. So
there was always a concern about this
happening with the new system too.
We found that theoretically it takes 48
hours to populate the global DNS. But
in fact, it starts populating after just
four hours. We said if that doesn’t work
we can revert to the older system and
there would be a delay/downtime of only
four hours. We also decided to do a pilot
test of the new system for a week and
then deploy it live. But users were not
convinced, because they did not want to
miss important communications during
the transition period,” said Rahangdale.
However, Rahangdale and his team top-down approach to convince users. “The main benefit was really the user
found a workaround by deploying Top management communicated the experience and user acceptance.”
parallel systems for messaging. The various benefits to the users. They He added, “Response times have
trick was maintaining two MX record said the intention is not to monitor, but improved and obviously we can make
entries—these are used when preparing to offer better IT services. This would faster decisions. The mail delivery time
to send SMTP mail to a remote system. reduce the time for deploying services. is less than a second today. This has
One was kept at Electrotherm’s data It would also sync addresses with the made everyone more proactive. These
center and the other with its service global address book,” said Rahangdale. changes are visible too. Even our most
provider. So this solved the problem of But apart from these, there were remote location like Belari is now easily
mails not reaching recipient mailboxes—if other challenges on the compliance accessible.”
these could not reach user mailboxes in and communications fronts. He did not Summing it up in his own imitable
Electrotherm’s data center then these elaborate further on these challenges. style, Rahangdale said the management
would automatically be redirected to the feels “his organization is no longer
service provider, from where they could Benefits walking—it is running!” n
later be accessed. Since the project was driven largely
And how did he get round to cajoling out of a business need, there were no
users to accept the new system? upfront expectations for ROI. Speaking Brian Pereira (brian.pereira@ubm.com)
“At the user level, we had to take a about the key benefits, Rahangdale said,
58 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
book review
The business value of
technology
Preparing for the Cloud
Having the right IT strategy can ensure that
your business is on track to achieve organic
growth and profits, and that it has a cutting
edge over the competition.
Cloud Computing seems to be the most So what constitutes a right IT strategy for
talked-about technology today. But it’s also business? What kind of impact can IT have on
the least understood term. In fact, there your business? How does a company strike a
is no single, unified definition for it. Some balance between business and technology?
organizations/individuals think virtualization IT Strategy for Business sets out to
is synonymous with Cloud. But there is a lot of answer some of these questions. The book
explains how a firm can strike a perfect
Cloud Computing balance between technology and business,
Implementation, Management and Security and gives a practical insight into IT strategies
John W Rittinghouse, James F Ransome for all kinds of enterprises.
It acquaints the reader with different
CRC Press
aspects of IT and business strategies and
Available at: Computer Bookshop, Mumbai their cross linking through various strategic
initiatives. While other books on this subject
interest, particularly for private clouds in India. position IT as a technology, and elaborate on
Organizations that are planning a journey to the cloud should have a thorough its management aspects, this book positions
understanding of the IT services model and Service Oriented Architecture. IT as a strategic business infrastructure and
Cloud Computing — Implementation, Management and Security offers knowledge catalyst.
an accurate description of cloud computing, explores how disruptive it Some important topics discussed in
may become in future, and examines its advantages and disadvantages. this book are: IT management, e-strategies,
The authors take us through the evolution of cloud computing. Then they outsourcing and offshoring, knowledge
survey some of the critical components that are necessary to make the management, and various stages and facets
cloud computing paradigm feasible. They also present various standards of IT strategy implementation; the role of IT in
based on the use and implementation issues surrounding cloud computing areas such as M&A and IT security. n
and describe the infrastructure management that is maintained by cloud
computing service providers. The book concludes with a hard look at
successful cloud computing vendors and the cloud management tools and
services they offer.
The book would have been more complete with the inclusion of a few real-
life case studies of companies that moved their legacy infrastructure to the
cloud — and the challenges they faced in doing so. It would also be interesting
to learn about various cloud computing forums around the world and their
efforts to promote cloud standards. Perhaps there should be a separate
chapter on regulatory and compliance aspects, and how these norms vary
across geographies.
But it makes up for these deficiencies with interesting topics that you may
not find in other books on cloud computing. For instance, we enjoyed reading
about the potential of smartphones connected to the cloud. And the grand
finale before the end of the book is an executive scenario for cloud migration.
It’s a hypothetical case of a fictitious company considering a move to cloud-
based operations. Here you’ll read about the different views that the CEO, CFO,
VPs and EVPs have about the business. Then we hear about the CIO’s struggles IT Strategy for Business
in keeping up with all their expectations. We won’t spoil the element of surprise
Authors: Parag Kulkarni, Pradip K. Chande
by telling you how that CIO overcomes these struggles. The cloud had a lot to
do with it, of course. Oxford University Press
This is a must-read for every CIO. n
60 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
feature CLOUD PERFORMANCE
Our 2011 InformationWeek Analytics of company size, once we delved into and in less time, and they’re shaking up
State of Cloud Computing Survey shows the data. There are now viable cloud established firms like Informatica and
a 67 percent increase in the number of options for almost every layer of the Oracle-SAP as well as EDI players like
companies using cloud services, up from technology stack — from raw computing, Ariba, Hubspan, and Sterling Commerce.
18 percent in February 2009 and 30 storage, databases, and utilities to Boomi and Cast Iron have been acquired
percent in October 2010. IT now has a e-mail to the spectrum of enterprise by Dell and IBM, respectively. Both
choice: Grab ownership of what’s poised applications, all with a “point, click, go” buyers cited the benefits of offering
to be a core part of the enterprise functionality that has maverick business streamlined integration connections
technology toolset, or shortchange units everywhere rejoicing. Ignore across the enterprise. Earlier last year,
key functions and set ourselves up for management at your peril. IBM, acknowledging gaps in its cloud
disaster. Cloud vendors Boomi, Cast Iron, and integration, also bought Sterling, one of
This shouldn’t be a hard call, yet Jitterbit are focused solely on offering the larger EDI players.
over and over we see CIOs underfund integration services for less money This is a new twist to interoperability
or ignore six major areas: integration, that is available only within the cloud.
security, connectivity, monitoring, Previously, there just wasn’t scale to
continuity planning, and build multitenant integration services.
long-term staffing. Only 29 But now, integration services have
percent of companies using or become clouds themselves--middleware
planning to use the cloud have as a service, if you will. The more
evaluated its impact on their options and connections they have, the
architectures. Just 20 percent more competitive they become and the
implement monitoring of more monthly subscriptions they get.
applications and throughput; Will they make it? Yes. There’s a fortune
40 percent don’t have any in margins in integration, especially
monitoring in place. Talk if you have scale, and the financial
about blind trust. performance of these vendors is
There’s a misperception impressive.
that it’s smaller
companies driving the Security: Safety
cloud usage upswing. First
But don’t write “We won’t be involving our
off management security team in this project
shortfalls as an SMB until the last possible moment,
problem; we saw because the answer will be ‘no.’”
almost the same rates of That from a VP at one of the largest
use and planned use regardless retailers in the world. He’s evaluating
a cloud-centric initiative that could says Tom Elowson, president of performance levels for every application
dramatically improve the company’s virtualization cloud provider Acxess. before you add an external cloud.
operations. He went on to say that “We have bandwidth conversation Once your house is in order,
bringing the CISO in without building with potential clients everyday. If they connect with your bandwidth provider
the entire plan beforehand is a death haven’t analyzed their existing usage and establish ground rules around
knell for any project. and started to calculate the potential monitoring of traffic, your lines, and
Think this isn’t going on in your impact, we usually push back.” how you share data. Set up remote
shop? Keep sipping the happy juice. Start with the outbound volume monitoring points outside of your main
This VP guaranteed that end runs are to reach the resource, and take into office. Assemble a set of cloud-based
standard practice among his peers. And account back-end traffic to update monitoring tools. Yes, a cloud app to
the standard mantra of “it’s against data. Bandwidth calculations also watch your cloud apps. Go beyond the
compliance rules” won’t only make you need to factor in data and user growth basic utilities that Amazon, GoGrid,
seem out of touch — you may well be over a five-year period, same as ROI Google, and others provide to add
wrong. PCI 2.0, the rules that govern the calculations. Get solid trending stats on overall monitoring of all Internet traffic.
security of credit and debit card data, usage and volume over the course of
was just released and has little specific several weeks. If you don’t, you could be Continuity: Get Backup
guidance for cloud computing per se, looking at a major fumble. All companies ask their cloud vendors,
but it does lay out clearer rules relating “Do you back up our data?” The answer
to off-premises transactions. In addition, Monitoring: Watch And is always some variant of yes. However,
Amazon recently announced that its Learn the majority of cloud designs focus on
Elastic Compute Cloud is certified for Thirty-nine percent of poll respondents backup and point-in-time failover — not
conducting Level 1 transactions; the say they don’t monitor their cloud archiving.
company will begin offering that service vendors, while an additional 40 percent Always establish a cloud service
this year. The next official PCI standard rely on basic “up/down” tools that are backup and archiving schedule the same
will likely have in-depth rules for cloud no better than a periodic ping. The way you would for any internal resource.
computing, but it won’t be released until latter group’s sole advantage is they’ll Start with your current vendor. Many,
2013. have a 30-second warning before the like CommVault and Symantec, are
Security teams take note: There’s a complaints start rolling in. working to establish options for
new set of guidelines, and a major cloud How to stay on track? First, invest extending internal backup and archiving
vendor has a platform certified for some in data flow monitoring internally. systems to manage cloud-based data.
level of transactions that are subject to Less than 15 percent of respondents All systems have outages, whether
PCI rules. If you think saying “Wait until have systems in place that monitor they’re in house or in the cloud. Focus
2013” is a good move for your business, application and transactional on what vendors will agree to in their
consider polishing up your resumé. throughput. Basic status alerting is service-level agreements vs. what
The better answer is providing nice, but you need to be watching your your internal teams will commit to for
forward-thinking security and network data flows and have established their in-house SLAs. The “five-nines”
connectivity guidelines that people
outside IT can understand and use. Make What are your company’s plans for cloud computing?
sure your guide covers all the policies
you’ve established and explains the 2010 2009
outside compliance areas you’re forced Receiving services today from a cloud provider
to adhere to. We discuss the seven key 30%
areas that must be included in a cloud 18%
policy in our full Analytics Report. Planning to use services from a cloud provider within the next 12 months
13%
Connectivity: The Right 9%
Connections Considering using services from a cloud provider
Just 29 percent of those using or 24%
planning to use a cloud service have 25%
scoped out the architectural impact No plans to use services from a cloud provider
on their Internet infrastructures. You 33%
should be running these numbers before 48%
engaging any cloud provider. Source: InformationWeek Analytics State of Cloud Computing Survey of 607 business technology
professionals in October 2010 and 547 in February 2009
“It’s the biggest miss we see,”
62 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
mantra (99.999 percent) that dominates
Cloud’s impact on internet-facing architecture
discussion among Tier 1 data vendors
Have you examined the potential impact of a cloud service on your Internet-facing architecture?
simply isn’t heard in the cloud. At
best, your uptime will be between 99.9 Yes
Don’t know
percent and 99.95 percent. Decide:
What is the plan for the business 29%
if there’s an outage? When do you
8%
implement the failover plan? Who makes
the call? These are all familiar themes No, and we have
no plans to do so 6%
to business continuity pros, but with an
external twist.
Software as a service should 30% Not yet, but we plan to
have, at minimum, manual processes 27%
documented for users. In the case Not yet, but we will before
of a CRM or project management adopting any new services
application, you may want a separate
cloud or in-house system that could Source: InformationWeek Analytics 2011 State of Cloud Computing Survey of 408 business technology
be activated in the event of a major professionals using, planning to use, or considering cloud computing services, October 2010
failure. For high-volume services, such
as e-mail or EDI transactions, design a U.S. Department of Labor stats. Cloud
system that not only queues ongoing STAFFING: BUILD YOUR BENCH and related hosting services companies
transactions for short outages but has IT as a profession is at a turning point. have had flat job growth for the past
the ability to fail over completely. These While the cloud may be hot, there year. Blame economies of scale. But
aren’t small projects; plan to devote hasn’t been a boom in hiring by these just because the quantity of jobs is
engineering time and funding. vendors, according to the most recent down doesn’t mean you’ll easily find
IT pros who can deftly manage vendor
What are your top concerns related to cloud services? relationships, not just technology
platforms.
2010 2009 Our 2010 State of Outsourcing
Security defects in the technology itself Survey showed that nearly six of
53% 10 IT shops outsource some critical
57% function — management, engineering,
Unauthorized access to or leak of our proprietary information or development. So you can see the
50% staffing challenge CIOs face. This is a
53% major gap that won’t necessarily go
Unauthorized access to or leak of our customers’ information away through market forces attracting
49% additional talent to meet your needs.
47% You need to start building your own
Application and system performance talent bench.
32%
Get ready for a wild ride. Capital
32%
expenditures used to provide a brake,
Business viability of provider; risk company will fail
regulating the pace of internal service
28%
30% adoption. That’s come off with the
Business continuity and disaster recovery readiness of provider cloud, so IT teams need to build new
26% policies and platform models that
22% will protect the company as business
Vendor lock-in activity gets rolling. That’s because,
23% once cloud apps become part of the
17% fabric, there’ll be no slowing down to
Features and general maturity of technology make adjustments. n
17%
19%
Michael Healey is president of consulting firm
Source: InformationWeek Analytics State of Cloud Computing Survey of 607 business technology Yeoman Technologies. Write to us at
professionals in October 2010 and 547 iwletters@techweb.com
MARCH 2011 I N F O R M AT I O N W E E K 63
CIO profile D aya P r a k a s h , H e a d - I T,
L G El e c t r o n i c s I n di a
Career Track easy to come by if you follow your heart i.e. if you aspire to be a
How long at the current company CIO, you must love every aspect of your job. Do not differentiate
I have been working with LG since 2001. in tasks related to core IT or business. Go that extra mile to
gain that business insight as the role of a CIO is continuously
Most important career influencer evolving. You must possess thorough knowledge of various
If I look back and try to pick the most important career technologies to help yourself and your organization to stay
influencer for me, then it would be joining LG and getting ahead of competition.
exposed to the Korean work culture. I was also fortunate to join I am yet to learn the art of saying ‘no’, maybe because so
this organization, when it was trying to establish its footprint far, it has given me more than what it would have taken away
in India. Passion, dynamism, openness and empowerment are from me. I love to interact with budding CIOs — to discuss
some of the salient features which have made it possible for challenges or issues they have at hand. I like to interact and
LG to become one of the key players in the consumer durable mentor these CIOs.
industry in India.
ON THE JOB
Decision I wish I could do over Top three initiatives
I strongly believe in the philosophy of “Life as an ongoing One of the recent initiatives which we took was to bring in
journey” and we always remain a student as life teaches us corporate IT governance by implementing Global Single Instance
lessons of doing things better, everyday and in every moment. of ERP at LG. I am pleased to mention that we successfully
Since decision making is all about choosing the best of all completed the project within a targeted schedule. Some of the
options, there is no decision which stands true in all situations. If other high priority initiatives, we are currently working on, are
one can look back with satisfaction in terms of achievement and Business Intelligence and CRM.
make a little difference to the society by giving back, there is no
decision one may need to completely redo. However, a person How I measure IT effectiveness
must always be open to changes in order to LG India’s operations are spread across the geography and are
remain aligned to goals and visions. represented by a corporate office at Greater Noida, two factories
(Greater Noida and Ranjangaon, Pune), 12 regional sales offices,
VISION 47 branch offices and over 100 area offices.
The next big thing for my industry We have a scientific mechanism of measuring IT effectiveness
will be… through the following ways:
The world is changing very fast and we l Periodic review of the cost Innovation with senior
are witnessing a number of changes in management i.e. ROI on organizational activities through IT
consumer preferences when it comes to initiatives
electronics. Gone are the days, when l By monitoring Customer Satisfaction Index (CSI) which is
the PC used to rule. Today’s world based on the user feedback captured through system on a
is of tablets and smart phones. The scale of 1 to 7
trends also show a great shift in the TV l Conducting a periodic survey to check Net Promoter Score
market as it shifted from Flat Panel to (NPS) across the organization
PDP/LCDs and now 3D/Full HD LEDs.
The next big wave would be Internet- Personal
enabled TVs. Leisure activities: I enjoy reading books, playing cricket and
lawn tennis. I like spending time with my family and friends.
Advice for future CIOs Best book read recently: Maverick by Ricardo Semler.
Some of the common advice I received Unknown talents (singing, painting etc): None that I know of.
from my seniors is to dream big, stay If I weren't a CIO, I'd be... I definitely would have been in
focussed, work hard and be sincere academics. I want to pursue PhD someday. n
and honest. These insights helped me
a lot to reach my present status.
However, I have learnt a few more
things through my own experience. As told to Srikanth RP (srikanth.rp@ubm.com)
For instance, success is comparatively
Info leakages —
Control and cures
A reasonable No, this is not another article on Wikileaks.
This is about how to avoid any kind of
layer, build a threat scenario and find the
likelihood of a plausible threat exploiting
approach is to information leak. The type of information a likely vulnerability. Deploy appropriate
build defence leaks exemplified by Wikileaks is a nightmare
for any information security professional.
controls to mitigate the risk to an acceptable
level.
in-depth by The information leak may have political If this is as simple, why do the leaks
having multiple, significance or it may ruin the reputation happen? We have to look at our assumptions
of a company. It may compromise years of of defence in depth. Did we really build each
independent research work. It may jeopardize national layer totally self-sufficient, independent of
layers to protect security. Not everything will merit a mention other layers? At each step, we will realize
in Wikileaks. But the effect of these leaks that there is one layer which interfaces with
the information could be devastating. What is a reasonable every other layer. This is the layer occupied
protection? by personnel. Whichever of the following you
In the information security field, you can want to have — hardened operating system,
never give an absolute guarantee. Information secure database, securely coded applications,
is like ether. It will somehow find a way out. securely designed network, least privileges for
A reasonable approach is to build defence in- the users, tight access control, or complete
depth by having multiple, independent layers monitoring of every activity — we can never
to protect the information. Each layer should do it without very reliable, trustworthy and
be independent of other layers. And security competent persons. This layer has to be
should be built as if each layer is the only built with utmost care. Every ingenious way
one to protect the information. Let us look at of securing the other layers will fail, if the
how many layers could constitute a complete personnel layer is not built with care.
defence in depth. I propose a seven-layer There are various controls prescribed
model. for the personnel layer. They begin
l Operating system with background checks, non-disclosure
l Database system agreements, and competency check.
l Application programs Unfortunately these are more often treated
l Network as mere formalities. During employment,
l Operational there are other safeguards like segregation of
l Physical duties, job rotation, mandatory vacations and
l Personnel so on. Once again, these are mostly ignored
You can imagine these layers as due to lack of trained persons. The result is,
concentric circles, guarding the information we spend a lot of money on technical controls
which is at the core. Each of these layers is and security devices, but are weak on trained,
capable of leading to leakage of information, competent and trustworthy manpower. It is
deliberate as well as inadvertent. A hacker as if we spend huge amounts on buying the
will try to find weaknesses in each of these most expensive aircrafts, but do not have
layers and carve out a path of least resistance well-trained pilots. Remember, the totality
to reach to the core, which is the critical of the seven layers of defence in depth will
information. only be as strong as the weakest layer, i.e the
What are the measures to be implemented personnel layer. n
in each layer? These depend on the classical
Avinash Kadam is Director, COO and Head of Delivery
threat, vulnerability and risk assessment at MIEL e-Security. He can be contacted at
model. Identify the vulnerabilities in each awkadam@mielesecurity.com.
march 2011 i n f o r m at i o n w e e k 65
global CIO
Chris Murphy
66 i n f o r m a t i o n w e e k ma rc h 2011 www.informationweek.in
class of technology for about the same transformation as more than an effort to power, storage, and other infrastructure
price of just maintaining the base.” cut overlapping applications; it wasn’t to based on usage? There are business
FedEx’s infrastructure simply get rid of multiple billing systems, model questions about that approach,
transformation really starts with for example. Instead, the key was to take and questions around security and
the applications. FedEx faced the this services approach and then combine compliance, but Carter sees no serious
challenge of supporting a maze of apps it with a common environment and the technology barriers.
custom-coded to meet very specific converged infrastructure of servers, So will companies eventually move
transportation and logistics needs. To network, and storage. to hybrid clouds, where workloads shift
modernize those apps, Fed Ex is using a “I can’t emphasize enough how between internal data centers and third
services-based approach. The apps will important it was for us to look at parties? Says Carter:
call on common data sources for 24 core consolidation of the infrastructure rather “There’s no question. We’re already
transportation-related services — say, than just application rationalization,” seeing it from the software standpoint,
providing an address. Carter says. “Getting the applications to with Salesforce and other things that
Likewise, they’ll all be put on a run in a common framework, common are integrated in our environments. I
common technology infrastructure- environment, makes it so much easier believe infrastructure and platform [as
-what FedEx calls its “data center for them to tap the new services that are a service] are just looming out there —
minimums.” That means they use being set up, and make the workloads whether it’s Amazon or Google or HP or
common foundations such as database more portable.” AT&T or whomever, it’s being built out all
or messaging technology. Even with the cost to migrate those over. And it just happens to look exactly
“We’re taking the application base apps to the new environment, to build like what I’m talking about. It’s the same
and running them through a factory a new data center next to its existing stuff. So I have to worry about security
—we’re not just lifting and dropping Colorado Springs location, and to equip it [in public clouds], but I don’t worry
onto the virtualized environment,” with new gear, Carter says the effort still about workload compatibility, I don’t
Carter says. No applications get into has a very high ROI. worry about network compatibility, and I
the new data center until they meet the FedEx’s transition to the new data don’t worry about storage compatibility.
minimums. Once completed, the effect center began last fall. The company has That’s what’s unique. The whole notion
is that “the containers that hold those a similar infrastructure setup on a small of general purpose computing that
apps in a virtual environment are very scale in an existing data center, where everyone refers to as cloud, be it public
portable.” it runs the apps as a test before cutting or private or hybrid, looks like this
To Carter, the key over. The pace of migrations will pick up confluence of events that gives us
strategic decision he and sharply from here, and Carter predicts common server, storage, and
his team made was “enormous progress” over the next two network technology.” n
to look at this years in moving off older infrastructure.
So what about moving to public
cloud environments, the outfits like
Amazon that sell server computing
march 2011 i n f o r m at i o n w e e k 67
analyst angle
Sid Deshpande / Gartner
68 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in
practical analysis
Art Wittmann
march 2011 i n f o r m at i o n w e e k 69
down to business
Rob Preston
In defense of the
IT introverts
Despite the A forthcoming research study conveys
a mixed message about the leadership
introverts the way the Myers Briggs
personality evaluators do. The Myers Briggs
conventional capabilities of introverts, along the standard definitions have less to do with active vs.
wisdom, bearers of the IT profession—at least passive and more to do with how individuals
according to the industry’s oldest stereotype. draw their energy and inspiration — extraverts
extravert An October 4 Harvard Business Review seek out and process information from other
qualities aren’t article on the study effectively damns people; introverts tend to sort things out
introverts with faint praise, as if they’re an on their own. By those definitions, for every
always the stuff odd but plucky bunch of overachievers. successful extraverted leader (Steve Ballmer,
of leadership, The study, due to be published next year, John Chambers, Marc Benioff) there’s a
70 i n f o r m a t i o n w e e k ma rc h 2 0 1 1 www.informationweek.in