CIO&Leader_July 2017 (1)

EVENT REPORT

Meet this year's 24 brightest

security professionals Pg 08

INTERVIEW

Mandar Marulkar on the CDO Role

Pg 38

Volume 06

Issue 04

July 2017

150

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF

SPECIAL AWARDS COVERAGE ISSUE

Featuring the finest moments from the two-day

security conference and awards ceremony

that felicitated India's future CSOs

A 9.9 Media Publication

EDITORIAL

Shyamanuja Das

shyamanuja.das@9dot9.in

Whither

Security

Leadership?

T

Security is getting

aligned more and

more with the

organizational

risk management

even though in

some cases older

structures have

not changed

he issue that you are holding in your

hand carries the report on our recent security

conference where, along with some

really compelling content, we felicitated

the winners of our NEXTCSO award winners.

NEXTCSO, to the uninitiated, is our

small contribution to identify and honor

the security professionals who have it in

them to become the next chief information

security officers.

As we present the highlights of the event

in this issue, I would like to bring out a

couple of observations during the event

and while analyzing the data pertaining to

demographic and professional profiles of

the winners and other applicants.

First, security is becoming more interesting.

In the conference, speaker after

speaker spoke about security threats,

future challenges, and risks to business

in a language and with examples that all

of us can relate to. There was very little of

those highly technical schematic diagrams

that were the mainstay of any security

presentation earlier. The bad news is, if

we can so closely identify with the threats,

they are so much more real than they used

to be—and for most of us.

The second—not entirely isolated from the

first—is the emergence of ‘leaders’ rather

than techies or even managers who are now

required to lead this war against the big,

bad world of cyber criminals. It was quite

evident from the data that I analyzed. There

is little difference between the hard skills of

the winners and the non-winners. The differences

are all primarily about soft skills

like innovation, entrepreneurial skills and

people skills. That is a definite change.

This time, I got a chance to get into deeper

conversations with a lot more CISOs. That

gave me a good idea of what is going on in

their minds. While the space is too short

to get into that, we will carry some of those

videos in our website. One thing is clear

–Security is getting aligned more and more

with the organizational risk management

even though in some cases older structures

have not changed.

More about that later—especially as we

have done a survey around this very phenomenon.

July 2017 | CIO&LEADER

1

A 9.9 Media Publication

EVENT REPORT

Meet this year's 24 brightest

security professionals Pg 08

INTERVIEW Volume 06

Issue 04

Mandar Marulkar on the CDO Role

July 2017

Pg 38

150

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF

SPECIAL AWARDS COVERAGE ISSUE




CONTENT

JULY 2017

EVENT REPORT

08-29| NEXTCSO

Awards 2017




advertisers ’ index

Infocom

Airtel

Cover Design by:

Manoj Kumar VP

IFC

BC

Please Recycle

This Magazine

And Remove

Inserts Before

Recycling

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from

Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine

Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at

Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

This index is provided as an

additional service.The publisher

does not assume any liabilities

for errors or omissions.

2 CIO&LEADER | July 2017

CASE STUDY

04-06

Intelenet Global Services'

CIO 'taps' into AI

www.cioandleader.com

INSIGHT

30-31

The new workplace

mojo

32-33

How to identify

early AI adopters

34-35

Mind the fence

36-37

The glitch that

brought down NSE

INTERVIEW

38-39

The 'safa' wearing safe

brigade

MANAGEMENT

Managing Director: Dr Pramath Raj Sinha

Printer & Publisher: Anuradha Das Mathur

EDITORIAL

Managing Editor: Shyamanuja Das

Associate Editor: Shubhra Rishi

Content Executive-Enterprise Technology:

Dipanjan Mitra

DESIGN

Sr Art Director: Anil VK

Associate Art Director: Shokeen Saifi

Visualiser: NV Baiju

Lead UI/UX Designer: Shri Hari Tiwari

Sr Designers: Charu Dwivedi, Haridas Balan,

Manoj Kumar VP & Peterson PJ

Sr Photographer: Jiten Gandhi

SALES & MARKETING

Director-Community Engagement

for Enterprise Technology Business:

Sachin Mhashilkar (+91 99203 48755)

Brand Head: Vandana Chauhan (+91 99589 84581)

Assistant Product Manager-Digital: Manan Mushtaq

Community Manager-B2B Tech: Megha Bhardwaj

Community Manager-B2B Tech: Renuka Deopa

Assistant Manager Community: Mirzanoor Rahman

Associate-Enterprise Technology: Abhishek Jain

Assistant Brand Manager-B2B Tech: Mallika Khosla

Regional Sales Managers

South: Ashish Kumar (+91 97407 61921)

North: Deepak Sharma (+91 98117 91110)

West: Prashant Amin (+91 98205 75282)

Ad Co-ordination/Scheduling: Kishan Singh

Assistant Manager - Events: Naveen Kumar

Assistant Manager - Events: Himanshu Kumar

PRODUCTION & LOGISTICS

Manager Operations: Rakesh Upadhyay

Asst. Manager - Logistics: Vijay Menon

Executive Logistics: Nilesh Shiravadekar

Logistics: MP Singh & Mohd. Ansari

OFFICE ADDRESS

Nine Dot Nine Mediaworx Pvt Ltd

121, Patparganj, Mayur Vihar, Phase - I

Near Mandir Masjid, Delhi-110091

Published, Printed and Owned by Nine Dot Nine Mediaworx

Private Ltd. Published and printed on their behalf by

Anuradha Das Mathur. Published at 121, Patparganj,

Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091, India.

Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,

NOIDA (U.P.) 201301.

Editor: Anuradha Das Mathur


3

CASE STUDY

Intelenet Global

Services' CIO 'taps'

into AI

The IT leader is using a design thinking approach to

nurture a new level of cross-departmental proximity

with the help of T.A.P framework

By Shubhra Rishi


Case Study

The T.A.P team contributed to the

success of the AI tool, with the help

of which the company was able to

cut down 10-11% in operational cost

Ask a CIO about business alignment

and he/she will emphasize on the

need of it but do very little for it.

Not Rajendra Deshpande; the Chief

Information Officer at Intelenet

Global Services (formerly Serco) has

adopted a design thinking approach

to "business alignment" into a new

avatar: T.A.P.

Deshpande’s role isn’t just limited

to providing IT solutions for business.

Instead he has a customer-facing

role and is expected to constantly

create business value for his organization

as well as customers.

Attuned to the role, two years ago,

Deshpande came up with an innovative

idea to create the T.A.P framework

in order to build the capability

to align IT activities to business strategy

and performance goals. The T.A.P

framework comprises teams from

three functions namely Technology,

Analytics and Process Excellence.

Deshpande followed a creative process

when it comes to harnessing the

IT team’s potential. "Conventionally

The Creative CIO

Rajendra Deshpande is combining the power of creativity

and technical expertise at his workplace. The T.A.P framework

is a result of this genius. He is a doodler, photographer

and a traveler. He possesses many diverse talents and that’s

what keeps him inspired at work. He is a mentor for many of

his team members. Sometimes in his rare free time, Deshpande

sketches infographics; his most recent on Conference

Call – A Reality Show. He works collaboratively, has great

client focus, and brings a real depth of technical expertise

across a number of IT disciplines


5

Case Study

"Adopting a design

thinking approach and

ensuring cross training

of team members has

helped us create a strong

value proposition for

business as well as

customers"

- Rajendra Deshpande

CIO, Intelenet Global Services

IT is always seen as a hindrance for

implementing business initiatives.

Not anymore.

"With T.A.P, a new business initiative

involves inputs from tech, business

and process excellence champions,

where we identify all new ideas,

understand the priorities, and collect

the few ideas that are most compelling

for business," says Deshpande.

One such idea was the in-house

implementation of an artificial intelligence

(AI) tool to allow retrieving

airline ticketing fare rules across

multiple time zones and websites.

Deshpande says that there was a

need for a system that is capable

of communicating with the client

systems and Global Distribution

Systems (GDS) in order to simplify

the fare rules.

The company wanted to build this

tool to serve all different time zones

in the most efficient manner in order

to serve their customers in the travel

or tourism industry.

“Companies across the globe are

willing to invest millions in developing

a product which can talk to multiple

GDS’ across multiple time zones

and POS,” says Deshpande.

The T.A.P team closely worked with

the development team to design the

AI tool that communicates with the

GDS and retrieves the PNR details,

reads through the fare rules and

check the applicable conditions,

thereby calculating the applicable

charge or refund due post an amendment

or a cancellation.

“Adopting a design thinking

approach and ensuring cross training

of team members has helped us

create a strong value proposition for

business as well as customers,” says

Deshpande.

The T.A.P team contributed to the

success of the AI tool, with the help

of which the company was able to cut

down 10-11% in operational cost – the

processing time required to process

a request using the tool and improve

their first call resolutions.

“The AI tool was among the several

projects that the T.A.P team

undertook and effectively delivered,”

says Deshpande

Moreover, the team now works

with different customers instead of

working for them.

Currently, there are 150 people in

the T.A.P framework who are allocated

to different projects. For each

project, Deshpande says, while the

core T.A.P team remains the same,

different resources – based on their

domain expertise— are allocated to

different projects.

As a result, Deshpande has also

been able to address the talent gap in

the organization. “We have been able

to create positive synergies within the

teams and improve the overall organizational

culture,” he says.

Deshpande’s goal has been to

keep IT aligned with shifting business

priorities. In a way, he has set

an example for other CIO peers by

constantly reinventing the wheel;

taking business and customer-facing

responsibilities; addressing the skill

gap; recognizing talent.

But above all, Deshpande is transforming

organizational culture,

thereby fostering a new level of

cross-departmental proximity; not

just alignment


#TheBigPicture

Applicants from

companies with over

48% 2500 employees

Applicants handling

IT budgets of more than

53% 5cr each

Come and establish

camaraderie with the

IT giants of tomorrow

For engagement opportunities, please contact

Sachin Mhashilkar

sachin.m@9dot9.in, +919920348755

Vandana Chauhan

vandana.chauhan@9dot9.in, +9199589 84581

NEXTCSO Event Coverage






T

he worst thing about a security breach is

neither reputation risk nor the data theft

that compromises the privacy of an individual.

The worse is the inability to learn

from them - to turn the reactive approach

to a strategic one.

In the last one year, an average of 36.6M

records has been stolen in India - a 14%

increase from 2015. WannaCry and Petya

are recent ransomware attacks that have

yet again, raised questions about enterprises'

security preparedness.

Unfortunately, the cyber security professionals

haven't been able to keep up. Apex

body NASSCOM claims that India has a

50,000 cyber security workforce; however,

it predicts that we will need at least one

million skilled people by 2020.

According to ISACA’s State of Cyber Security

2017, 37% of respondents say fewer

than 1 in 4 candidates have the qualifications

employers need to keep companies

secure. The survey also reveals that almost

27% of respondents state that they are

unable to fill open cyber security positions

in their enterprises—with another 14% of

respondents unaware as to whether their

enterprises could fill these positions or not.

This leaves a quarter of cyber security

positions unfilled, the survey reports.

In the wake of mounting security incidents

– over 27,482 reported in 2017—

the government is taking some concrete

steps to appraise the role of the Chief

Information Security Officer (CISO).

Indian-Computer Emergency Response

Team (CERT-In) mandates all ministries,

departments and organisations to

appoint a CISO and have strengthened

the role to implement the right security

controls while promoting a culture of

defense. Banks and insurance companies

have also been mandated by regulatory

bodies such as RBI and IRDAI to appoint

a full-time CISO by April 30 and to formulate

an effective cyber crisis management

plan by June 30 of this year.

While the basic expectations from the

CISO will continue to remain the same:

information security (IS), information risk

management (IRM), data protection, and

oversight of audits, governance and compliance,

as well as technical, operational,

legal and regulatory risks.

But the basics won’t be enough.

With the business and threat landscape

changing rapidly, CISOs will have to

upgrade their skills and ensure that any

cyber security strategy contributes to

financial stability and growth, and embeds

security in all of the organization’s plans.

This means that organizations need to

appoint someone on your board who’s not

only dedicated to cyber security but also

understands regulatory requirements and

overall business strategy.

Perhaps that’s what will make a nextgeneration

CISO?

The aim of NextCSO Awards 2017 is

just that: To find exceptional individuals

who have the ability to take on the top job.

They are selected through a rigorous and

comprehensive process that will evaluate

professional achievements, management

and leadership skills that are essential to

the making of a next-gen CISO.

Here’s a glimpse into the NEXTCSO

Conference that celebrated the triumph

and victory of 24 next-gen CISOs and 20

NEXTCSO jury who handpicked them.


9


Next-Gen Security For

The New Age CISO

The theme of the mid year conference was to discuss the changing

role of the CSO in the enterprise and how it will be influenced by a

number of factors including new business models and business

channels, new threats, new skills, training and education that will be

needed for both security specialists and leaders

10 CIO&LEADER | July 2017


Security is approaching the realm of the sacred in the corporate

world -- and the CISO is its protector. How to safeguard

your assets? - is a question troubling security leaders and

organizations alike. At the NEXTCSO mid-year conference this

year, our goal was simple: To give the security leaders a glimpse

into the future, new opportunities and new possibilities

Vikas Gupta, Publisher & Director, 9.9 Media welcoming delegates at the NEXTCSO Midyear

Conference at Crowne Plaza, Jaipur

R Giridhar, Group Editor, CIO&Leader and CSO Forum introducing the first speaker of the

NEXTCSO Mid-year Conference


11


Sunil Varkey, VP & CISO, Wipro Technologies kicked off the conference with the title session on 'NextGen Cyber Security: Re-thinking

Strategies & Processes'

The first session set the context for the day 1 of the conference where Sunil Varkey presented a CSO's

perspective on the past, present and future of security, its changing landscape and juxtapositioned it with

lessons from Wannacry and Petya. He also discussed the need for creating adaptive architecture and

effective governance as a strategic measure to prepare for the future

Sapan Talwar, Founder & CEO, Aristi

Ninja, delivering a session on 'SecDevOps:

Integrating Security into the Application

Development Process'

InfoSec missteps are becoming extremely

costly, and billions of dollars Enterprises

spend far less on software supply chain

security. Sapan said that SDO best practices

will help organizations implant secure coding

deep in the heart during development.

Automation in coding and workflow security

tests will make secure software an inherent

outcome in today’s agile environment

12 CIO&LEADER | July 2017


CISOs listening attentively to the ongoing sessions at the CISO conference

Sanjivan S Shirke, Senior VP - IT & Head -

Information Security, UTI Asset Management

Co enchanted the audience with an interesting

session on 'Handling Ransomware Threats &

Zero Day Attacks'

Ransomware is a threat not in the distant

future, said Sanjivan Shirke at UTI Asset

Management Co. Ransomware is the fastest

growing malware threat, targeting users of

all types—from the ... average, more than

4,000 ransomware attacks have occurred

daily. He also stressed on the need for

security teams to stay current on threat

vectors, and keep operating systems and

applications up to date with current patches.

User education, he said, is the starting

point for enterprise security and is even

more important now


13


"Organizations have improved

their abilities to resist attacks,

but attacks take different and

increasingly complex forms,"

said Raddad Ayoub at Ernst &

Young. He talked about the executing

control measures in the

corporate shield and how they

work against DDoS or virus

attacks, but not against sophisticated,

persistent attacks that

dedicated and organized cyber

criminals are launching every

day.

He advised that the CIO and

CISO need to fully understand

the organization’s strategic

direction, risk appetite and

operations to support the adapt

and reshape phases.

The session on 'Cyber Resilience: Sense, Resist & React' was conducted by Raddad Ayoub,

Partner, EMEIA Advisory Center for Cyber & Governance Risk and Compliance, Ernst & Young

NEXTCSO Winners and CISOs attentively listening to the ongoing sessions at the CISO conference

14 CIO&LEADER | July 2017


IT operations in many organisations

lack process capabilities

for comprehending realtime

intelligence and taking

timely action to safeguard the

assets. Shree Parthasarathy

at Deloitte Touche Tohmatsu

said that threat Intelligence

services enables organisations

to proactively manage technology

resources more effectively

by providing alerts and

advisory related information

on the latest vulnerabilities to

different IT resources.

Shree Parthasarathy, Partner & National Leader - Cyber Risk Services, Deloitte Touche

Tohmatsu India addressed the CSO community on 'Threat Intelligence: The New Frontier'

Cyber-attackers are leveraging

automation technology to

launch strikes today. WannaCry

is not a one-off event. Manish

Tewari at Microsoft said

that they has been committed

to ensuring our customers are

protected against these potential

attacks.They recommend

those on older platforms, such

as Windows XP, to upgrade to

the latest platforms. The best

protection is to be on a modern,

up-to-date system that incorporates

the latest defense-indepth

innovations. Older systems,

even if fully up-to-date,

lack the latest security features

and advancements.

The hot topic of 'Protecting Your Critical Information Infrastructure' was delivered by

Manish Tiwari, CISO, Microsoft India


15


LUNCH

During the Security Cafe, our partners and CISOs grouped for a discussion on a wide range of security topics

The aim of the 'Security Cafe' was to embark on a fresh dialogue on next-gen security. In their effort to launch

new digital initiatives, security is the latest conundrum that's troubling leaders today. Is there a way organizations

can protect their critical assets on cloud? What would be the role of the CISO if they were to embrace

digital? Security leaders were divided into different groups where they engaged with our partners on the

various security challenges and opportunities in the future

9.9 Media conducted a lucky draw and gave away prizes to 10 winners

16 CIO&LEADER | July 2017


The NEXTCSO mid-year conference drew a full house comprising an attendee

list of top security delegates from some of the largest companies in India. The

rich content delivery and an elite speaker panel gathered accolades from jury,

winners and speakers alike.

Delegates, CISOs and our

partners networking between

speaker sessions


17


At the NEXTCSO Conference,

Shivakumar Sriraman at VISA,

spoke about the future of payments.Today

there are more

technology players in the market;

hence, there's even more

disruption. When it comes to

payment security,companies

are in a constant dilemma:

convenience or security? Fraud

remains near historic lows, but

data losses continue to accelerate.Companies

need to constantly

think beyong cards and

passwords. The key to securing

the future of payments lies

with tokenization; expanding

from device-based to card-notpresent

applications.

An impactful session on 'Securing the Future of Payments' was delivered by Shivakumar

Sriraman, Chief Risk Officer – India & South Asia, VISA

Maneesh Dube, Executive Director, Russell Reynolds Associates - India & Tim Cook, Managing Director, Wychwood Partners - UK jointly

delivered a session on 'Keeping Pace with the Evolving Role of the CISO'

While all this is happening globally, only a handful of CISOs get more than INR 1 Cr. in India. So

the big question is: what differentiates the heavy hitters? Tim and Maneesh talked about the five

top capabilities that include experience, intellectual horsepower, vision, leadership and the ability

to collaborate.They also discussed the top job requirements such as application security, product

security, security architects, forensic investigation and behavioral analytics, required to secure a

high-paying CISO role.

18 CIO&LEADER | July 2017


As organizations increasingly embrace IoT into

mainstream operations, the onboarding and management

of IoT devices becomes critical to success.,

said Santanu Ghose at HPE Aruba. He said

that companies need a strategy to securely connect

mobile and IoT devices at the edge, to extract the

value associated with smart buildings

Santanu Ghose, Director, HPE Aruba and Arpit Bhatt, Consulting Systems Engineer - Security and IoT,

HPE Aruba delivered a session on 'Smarter Security Across the Intelligent Edge'

CISOs and NextCSOs attending Wine and Cheese session

conducted by Microsoft

Jatinder Singh Pabla, Lead - Office 365 Business,

Microsoft India, spoke to CISOs on 'How to build

a Secure Productive Enterprise'. The session was

moderated by Sachin Mhashilkar, Director-Community

Engagement, 9.9 Media


19


Rajiv Nandwani at Innodata

discussed the Bimodal

approach in IT- the practice

of managing two separate but

coherent styles of work; one

that is focused on predictability

and the other focused on

exploration. Nandwani said

that both modes are essential

to create substantial value and

drive significant organizational

change, and neither is static.

Marrying a more predictable

evolution of products and

technologies with the new and

innovative is the essence of an

enterprise bimodal capability.

Both play an essential role in

digital transformation

An interesting session on Aligning Security & Risk Management with Bimodal IT was

conducted by Rajiv Nandwani, Director & VP - Global Information Security & CISO, Innodata

Anuj Tewari at HCL Technologies

discussed the growing

dependency of CISOs on third

parties due to globalization

and expanded use to support

core products, economic pressure

– need for efficiencies

and cost savings as well as

growing threats. Today the

third parties are expected to

deliver critical specialized services

and there is a growing

need to maximise value and

deliver great commercial outcomes

through relationships.

He recommended creation of

assess controls based on risk

of product or service.

The highly engaging topic of 'Beyond the Enterprise: Securing the Third Party Ecosystem'

was delivered by Anuj Tewari, CISO, HCL Technologies

20 CIO&LEADER | July 2017


Welcome to NextCSO Awards 2017 - The

inaugural speech and presentation was given

by Group Editor, R Giridhar

The NEXTCSO winners were decked in a formal attire along

with the traditional 'safa' at the NextCSO Awards 2017 -

awaiting their turn at the ceremony

The stage was set at The

Crowne Plaza, Jaipur for the

NEXTCSO Awards 2017. The

award winners were selected

through a rigorous and comprehensive

process that will

evaluate professional achievements,

management and leadership

skills that are essential

to fulfilling the challenging

role of a CISO

An interesting panel discussion on Making the Leap to NextGen Cyber Security Moderated by Faraz Ahmed, CISO, Morgan Stanley

Panelists: Bharat Gautam, CISO, Hero FinCorp, Murli Menon, Director & CSO, Atos and Milind G. Mungale, SVP & CISO, NSDL

e-Governance Infrastructure


21


Felicitation of NextCSO Awards Winners

The 24 next-gen security leaders receiving the NEXTCSO Awards in a grand ceremony at The

Crowne Plaza, Jaipur on 7-8th July 2017

22 CIO&LEADER | July 2017


The awards program draws on the support and involvement of India’s top executives and leaders to

select 24 exceptional individuals who have skills, talent and motivation to take on the top job


23


NextCSO Awards Jury Felicitation

The NEXTCSO jury being felicitated at the awards ceremony. The final selection was made by a prestigious

committee of top 20 information security leaders

From L to R: Manoj Nayak, SBI Life Insurance, Thiyagarajan Saravanan,

HPCL, Indrajit Saha, Indian Oil Corporation, Sanjivan S Shirke,

UTI Asset Co, Faraz Ahmed, Morgan Stanley, Sunil Varkey, Wipro

Technologies, Burgess Cooper, Ernst & Young, Milind Mungale NSDL

e-Governance Infrastructure Ltd, Anuj Tewari, HCL Technologies, Uday

Deshpande, Tata Motors

24 CIO&LEADER | July 2017


Entertainment

At the NEXTCSO Awards, Rajasthani artists lit up the stage

with folk music and dance performances. In Matka Bhavai

dance, the number of vessels gradually increase and the dancer

balances up to seven or more on her head. The folk singer

sang traditional songs from Bikaner among other places, as

the audience matched their steps with the dancers


25


As the awards night came to

a close, Sachin Nandkishor

Mhashilkar, Director - Community

Engagement, at 9.9

Media, looked back at the

event that it had been. He

thanked the winners, jury,

and partners, HPE Aruba,

Microsoft, Sophos, Juniper

and InstaSafe, for their support

and encouragement,

in helping CSO Forum put

together a fantastic NEXTC-

SO conference and awards

ceremony

Vote of thanks by Sachin Nandkishor Mhashilkar, Director-Community Engagement, 9.9 Media

Felicitation of Partners at the NEXTCSO 2017

26 CIO&LEADER | July 2017


CSO Mid-year Conference - Day 2

The Day 2 of the NEXTCSO

Conference had an interesting

line up of speakers discussing

a wide range of topics such as

artificial intelligence in security,

IoT intelligence and testing,

connected cars and the

cybersecurity threat - all relevant

and crucial to the future

of enterprise security

In today's unpredictable

times, information security

and cyber security must

co-exist and be balanced

such that the former continues

to strengthen the

foundations,and the latter

becomes a visible business

enabler, based on customer

confidence. He proposed a

framework that should provide

a broad guideline on

Information & cyber security

for insurance industry.

It should be flexible, leverage

existing international

approaches, standards, practices,

focus on risk management

and total compliance

and enable effective understanding

of response recovery

versus prevention

Meeting the Regulatory Bar: Information Security & Regulators by Manoj Nayak, CISO, SBI

Life Insurance Co


27


Using AI & Machine Learning for Cyber Security

by Venkatsubramanian Ramakrishnan, Head - Information Risk Management, Cognizant

Security professionals are

hesitant to use quantitative

methods because of the following

common misconceptions

that include cyber security is

too complex to model quantitatively.

Venkatakrishnan

Subramanian at Cognizant

says that we have to ask ourselves

exactly how the existing

risk matrices and risk scores

alleviate these issues. Are

they really helping us to make

decisions? The answer is that

quantitative, probabilistic

methods must be used specifically

because of lack of perfect

information, not in spite of

it. If perfect information was

available, probabilistic models

would not be required at all.

Bringing connectivity to

the car has enabled vehicle

manufacturers to offer an

increasing range of services.

This allows users to access

information on the move and

fulfil the promise of seamless

connectivity. Uday Deshpande

at Tata Motors discussed

the transformation of cars

from mechanical systems to

mobile computer networks

has opened up an array of

new attack points. and invited

the attention of hackers to

unleash more organised criminal

activity

Securing the Connected Automotive Ecosystem by Uday Deshpande, CISO, Tata Motors

28 CIO&LEADER | July 2017


Towards the end of the NEXTCSO

mid-year conference, Sophos

conducted a lucky draw and gave

away prizes to one lucky winner

IoT will offer opportunities

for companies which are manufacturing

IoT goods, and also

for those companies which

are providing services related

to IoT. Pratiksha Doshi at

E&Y demonstrated different

use cases of IoT across

verticals. The manufacturers

of smart devices, sensors or

actuators, and the application

developers, marketing strategists,

analytic companies and

internet service providers

(ISPs) will all profit from

the evolution of IoT.

The session on IoT Security and Testing was delivered by Burgess Cooper, Partner -

Information & Cyber Security, Ernst & Young and Pratiksha Doshi, Director, E&Y


29

INSIGHT

The new

workplace mojo

The study highlights that success lies in the effective

implementation of a digital workplace strategy capable of

driving true cultural change that accelerates business

By CIO&Leader

30 CIO&LEADER | July 2017

Insight

W

Smarter workspaces don’t just

create happier employees – they also

help in creating newer and authentic

relationships with customers and

the ecosystem as a whole

orkspace is no longer seen as a

physical environment as the disruptive

impact of digital transformation

spreads across organizations

and industries, according to a latest

IDC study. As per the study, entitled

“Workspace Transformation: The Key

to Tomorrow’s Digital Enterprise,” success

lies in the effective implementation

of a digital workplace strategy capable

of driving true cultural change that

accelerates business.

The detailed IDC study outlined

current enterprise trends along with

appropriate use cases to support

informed decision making about

market offerings. It also assessed

a real-world solution – Dimension

Data’s Workspaces for Tomorrow on

Microsoft Office 365 – which aims to

address enterprise needs for a reliable,

mobile, flexible, secure, and costeffective

solution.

“Can business leaders, CIOs, and IT

leaders today claim to have enabled

truly digital workspaces – where

employees and the overall ecosystem

can share knowledge and forge more

productive business relationships

beyond natural work groups? The

answer more often than not will be

"No." Should they be worried? The

answer is a resounding "Yes." The Digital

Workspace is no longer an option

– it is an imperative,” said Arjun

Vishwanathan, Associate Director –

Emerging Technologies, IDC India.

According to Vishwanathan, smarter

workspaces don’t just create happier

employees – they also help in creating

newer and authentic relationships

with customers and the ecosystem as a

whole. “Although newer technologies

and increased training are the standard

go-to models, it is becoming clear

that perhaps the most effective strategy

is in creating an enhanced and

adaptive workspace through improving

the workspace itself,” he said.

The report notes that Dimension

Data is uniquely poised to enable

solutions around this with its Enduser

Computing Development Model

(EUCDM), which allows organisations

to identify not only the current

state, but also define the future road

map and requirements. As well as

assessing the way employees meet,

work, and collaborate, the Dimension

Data solution also offers the

implementation and management of

user-aligned technologies via planning,

deployment, integration, and

managed services.

A critical part of the picture is the

global partnership between Dimension

Data and Microsoft; which aims

to drive value for organisations. As

a key alliance partner to Microsoft,

Dimension Data brings enhanced

access to early adopter programs,

technical support, and Microsoft’s

future direction.

The study indicates that digital

transformation efforts are going to

continue to dramatically change the

workspace landscape – particularly

at the edge. An explosion of new

device types and applications are

being fueled by trends, such as

Internet of Things (IoT), augmented

reality/virtual reality (AR/VR), and

cognitive computing.

“The ability of our Workspaces

for Tomorrow solution to support a

variety of services, including advisory

and management and to be an allaround

partner in progress is symbolized

by the tangible business value on

offer. That includes cost savings, business

and operational efficiencies, security,

and enhanced user experience

and satisfaction,” said Kiran Bhagwanani,

CEO, Dimension Data India.

“When viewed from the perspective

of an organisation that is traversing

its own DX journey, these attributes

have the potential to deliver seamless

transformation and outcomes that are

predictable, and place the enterprise

on a forward- looking growth trajectory,”

said Bhagwanani


31

Insight

How to identify

early AI adopters

In a new research paper, McKinsey & Company aims to

explore the potential of artificial intelligence (AI) to become

a major business disrupter

By CIO&Leader

A

rtificial Intelligence creates news almost

every day. In the last year, tech giants, such as

Google and Baidu invested between USD 26B

to USD 39B in artificial intelligence. However,

according to a research paper titled Artificial

Intelligence: The Next Digital Frontier?’ published

by Mckinsey & Company, the adoption

of AI in 2017 has remained low - with 41% of

enterprises said that they are still uncertain

about the benefits of the technology.

The survey that gathered responses from

3,000 businesses around the world also

32 CIO&LEADER | July 2017

Insight

How companies are adopting AI

AI adoption is greatest in sectors that are already strong digital adopters

High AI

adoption

Medium

AI

adoption

Low AI

adoption

•

•

•

•

found that many business leaders

are uncertain about what exactly

AI can do for them, where to obtain

How AI-aware are you?

20% they are adopters

3+ technologies

3%

2 technologies 7%

1 technology

41%

say they are uncertain

of AI

Retail

Media / entertainment

CPG

Assets

Usage

Digital Maturity

Six characteristics of early AI adopters

Digitally mature

Adopt multiple

technologies

31%

10%

Partial adopters

Larger

businesses

Focus on growth

over savings

10%

40%

Experimenters

Contemplators

Adopt AI in

core activities

C-level

support for AI

Source: McKinsey Global Institute, McKinsey&Company

AI-powered applications, how to

integrate them into their companies,

and how to assess the return on an

Labor

investment in the technology.

For the rest, Mckinsey & Company

defines six characteristics of early

AI adopters that differentiates them

from late bloomers:

The first feature is that early AI

adopters are from verticals already

investing at scale in related technologies,

such as cloud services and big

data. Those sectors are also at the frontier

of digital assets and usage. This

is critical, as it suggests that there is

limited evidence of sectors and firms

catching up when it comes to digitization,

as each new generation of tech

builds on the previous one.

Second, independently of sectors, large

companies tend to invest in AI faster

at scale. This again is typical of digital

adoption, in which, for instance, small

and midsized businesses have typically

lagged behind in their decision to invest

in new technologies.

Third, early adopters are not specializing

in one type of technology. They

go broader as they adopt multiple AI

tools addressing a number of different

use cases at the same time.

Fourth, companies investing at

scale do it close to their core business.

Fifth, early adopters that adopt at

scale tend to be motivated as much

by the upside growth potential of AI

as they are by cutting costs. AI is not

only about process automation, but

is also used by companies as part of

major product and service innovation.

This has been the case for early

adopters of digital technologies and

suggests that AI-driven innovation

will be a new source of productivity

and may further expand the growing

productivity and income gap

between high-performing firms and

those left behind.

Finally, strong executive leadership

goes hand in hand with stronger AI

adoption. Respondents from firms

that have successfully deployed an

AI technology at scale tended to rate

C-suite support nearly twice as high

as those from companies that had not

adopted any AI technology


33

Insight

Mind the fence

Perimeter security may be important, but understanding

of technology and data security is imperative

By CIO&Leader

Despite the increasing number of data breaches

and nearly 36.6 million data records being

lost or stolen in India in 2016, the vast majority

of IT professionals still believe perimeter

security is effective at keeping unauthorized

users out of their networks, as per Breach

Level Index. However, companies are under

investing in technology that adequately protects

their business, according to the findings

of the fourth-annual Data Security Confidence

Index released recently by Gemalto.

Surveying 1,050 IT decision makers worldwide,

businesses feel that perimeter security is

keeping them safe. Out of the 100 IT decision

makers from India, most (98%) believe that it is

quite effective at keeping unauthorized users

out of their network. However, 49% are not

extremely confident their data would be protected,

should their perimeter be breached, a slight

decrease on last year (58%). Despite this, nearly

seven in 10 (69%) organizations report that they

believe all their sensitive data is secure.

Are you protecting your data?

Many businesses are continuing to prioritize

perimeter security without realizing it

34 CIO&LEADER | July 2017

Insight

Job descriptions of the five CDO archetypes

Progressive

Thinker

Creative

Disruptor

Customer

Advocate

Innovative

Technologist

Universalist

Promotes open,

dialogue-oriented

culture

Industry-wide

reputation

as thought leader

Early adopter

Change agent

Promotes open

culture: innovative,

agile,

experimental

Young, softwareoriented

culture

Promotes open

culture: responsive,

adaptive, customercentric

Client advocate

Promotes open,

agile culture

Change agent

Promotes open

culture, dialogueoriented

and flexible

Industry-wide

reputation as

throught leader

Leading

ambassador for

change

Source: Strategy& analysis, PwC

is largely ineffective against sophisticated

cyber attacks. According to the research findings,

93% of Indian respondents said their

organization had increased investment in

perimeter security technologies such as firewalls,

IDPS, antivirus, content filtering and

anomaly detection to protect against external

attackers. Despite this investment, two thirds

(66%) believe that unauthorized users could

access their network, rendering their perimeter

security ineffective.

These findings suggest that there is a lack

of confidence in the solutions used, especially

as over a third (38%) of organizations

have seen their perimeter security breached

in the past 12 months. The reality of the situation

is worsened when considering that,

on average, less than 10% of data breached

(11%) was encrypted.

Businesses’ confidence is further undermined

by over half of respondents (45%) not

knowing where [all] their sensitive data is

stored. In addition, over a third of businesses

do not encrypt valuable information, such as

payment (33%) or customer (39%) data. This

means that, should the data be stolen, a hacker

would have full access to this information,

and can use it for crimes including identify

theft, financial fraud or ransomware.

As many believe that unauthorised users

could access their organization’s data if

they penetrated the network, the worry

of future breaches is a justified ongoing

concern. According to respondents from

organizations that have suffered a perimeter

security breach, only 8% of breached data

was encrypted, on average. If unauthorised

users access the network and access the data

within it, it is more likely than not that they

have full visibility of that data as well.

Security practices and the link

to data regulations

Over nine in ten (94%) surveyed IT decision

makers believe that two-factor authentication

can help their organization comply with

data protection regulations and pass security

audits. The majority think the same for

encryption of PII (88%) and key management

(84%). However, many organizations do not

even have these measures in place when it

comes to stakeholders accessing company

data (Fig 10). This suggests that there is a

divide between what IT decision makers

believe is best and what organizations currently

have been able to implement


35

Insight

The glitch that

brought down NSE

The recent NSE outage was caused by a software error, says

a preliminary SEBI investigation—a reminder that we may be

taking basic availability for granted

By CIO&Leader

36 CIO&LEADER | July 2017

Insight

Atechnical glitch shut down India’s

largest stock exchange, the National

Stock Exchange, for more than three

hours on June 10, 2017 as the system

failed to boot in its opening time: 9

am. The cash and derivative transactions

were held up, though NSE

halted the futures and options (F&O)

operations too at around 10 am.

After two failed attempts at 10.45

am and 11.15 am, normal trading

could only be resumed at 12.30 pm.

This happened in a day where BSE

Sensex saw a record high and also

gained in volumes because many

traders switched to BSE because of

the NSE glitch.

This outage comes exactly three

years after the July 2014 outage

at Bombay Stock Exchange (BSE)

which had lasted for three hours.

The NSE outage impacted trading

for a longer period.

Two previous cases of trading

halts at BSE have been because of

connectivity issues. NSE too had

experienced a glitch in October 2012

but trading was impacted for less

than fifteen minutes.

In August 2013, the US bourse

NASDAQ, on which the NSE is

modeled, had stopped functioning

for more than three hours,

due to a glitch. Even the New York

Stock Exchange (NYSE), the largest

exchange in the world, had stopped

trading for almost four hours exactly

two years back, on 9 July 2015.

“The matter is being examined by

the internal technical team and external

vendors, to analyze and identify

the cause which led to the issue and

to suggest solutions to prevent recurrence,”

NSE said in a press statement.

Lack of Backup?

Three hours is a very long time from

trading point of view and many traders

were unhappy that NSE did not

switch to a backup system.

NSE has been quoted as saying that

it did not invoke its Business Continuity

Plan (BCP) because the plan

was meant to provide continuity in

case of natural disasters, hardware

failures and connectivity-related

issues only.

The stock exchange regulator, Securities

and Exchange Board of India

(SEBI), which was directed by the

Indian Ministry of Finance to investigate

the issue and submit a report by

the day end, clarified that the glitch

was a software issue.

This outage comes exactly three

years after the July 2014 outage

at Bombay Stock Exchange (BSE)

which had lasted for three hours.

The NSE outage impacted

trading for a longer period

“On preliminary analysis, the technical

problem apparently is related to

software,” SEBI said in a statement.

The regulator also ruled out the possibility

of cyber attacks. “It does not

seem to be related to any cyber security

related compromise,” it clarified

in the same statement.

SEBI has directed NSE to submit

a detailed report on the matter. The

regulator has also asked NSE to have

a review of their Business Continuity

Plans and to submit a detailed plan

as to what measures are going to be

taken to avoid such recurrences.

What to make out of the

glitch?

At the lack of any detailed public

report, it is difficult to analyze what

caused the delay. However, based on

the information known so far, certain

things are clear.

1. It was not a cyber attack; it was a

system error

2. NSE did not switch to its BCP

because that was reserved for

natural disasters or hardware failures,

meaning it has not taken into

account situations like this where

the business continuity was severely

compromised, for its BCP

This just means that even for mission

critical applications such as stock

market trading, there is serious gap in

business continuity planning. In the

last few months, a series of outages in

airlines, such as Delta, United and British

Airways had brought into limelight

the gaps that remain in the resilience

plans of these airlines, the NSE outage

has once again highlighted that issue.

In none of these cases, any external

attack was involved.

While a stock market outage may

not have seen as much social media

outrage as an Airlines outage, the

potential impact in business terms

could be much bigger.

Are we ignoring the basic reliability

and resilience plans while readying

ourselves for tackling possible

external actors?


37

INTERVIEW

“I want to foster a

digital culture in the

organization”

Mandar Marulkar, CIO & CDO, KPIT Technologies, talks

to Sachin Nandkishor Mhashilkar on his new digital role

and what it entails

38 CIO&LEADER | July 2017

Mandar Marulkar, KPIT Technologies

Interview

‘‘With the pace at which

digitization is taking place, it

is important to ensure all your

employees are enabled - both

from a cultural and skill-set

point of view’’

–Mandar Marulkar

CIO & CDO, KPIT Technologies

According to you, what are some

of the scenarios that are likely to

impact your industry by 2020?

Companies are upgrading their IT infrastructure

to support IoT in the future. When we

talk about 20 billion devices in 2020, they will

generate a huge amount of data and that’s where

professional services will be expected to churn

out data and come up with relevant business

use cases. In such a scenario, creating a platform

that will enable interactions between producers

and consumers and monetizing the data will be

extremely important.

What are some of your key priorities

for 2020?

From an automation perspective, embedding

programmability into the infrastructure and

integrating the software-defined with your core

IT infrastructure will give birth to a true DevOps

culture. The next priority will be moving on

from the monolithic application stack and the

waterfall methodology to application development.

It is also important to understand the next

generation threats and build the overall holistic

cyber security platform, not only to protect your

business applications and typical IT stack but

to secure the OT infrastructure, especially as

billions of devices now generate data from an

OT perspective and that needs to be integrated

with IT. The other area will be to build a digital

culture in your organization. With the pace at

which digitization is taking place, it is important

to ensure all your employees are enabled -both

from a cultural and skill-set point of view - in

order to grab the challenge of 2020 and provide

innovative solutions to the industry.

How will the rapid evolution of

technology impact your industry

in the year 2020?

It is very difficult for any organization to cope

up with the rapid pace of innovation happening

around the world. Lot of disruption is

taking place in start-ups and companies you

didn't know about or didn't exist until today.

So we need to ensure that workload migration

from on-premise to public cloud is secure and

cost-effective.

What are your personal goals for

the year 2020?

I’m getting into a new role of a Chief Digital

Officer (CDO) and I’m expected to showcase

our internal innovations to customers. Also, I

want to create a digital culture in our organization,

for the leadership as well as millennials,

who join the company.


39

NEW CHALLENGES

NEWER POSSIBILITIES

Come contribute to

CIO Agenda 2020

To know more about the event, log on to

#CIO2020

#Agenda2020

CIO&amp;Leader_July 2017 (1)

Create successful ePaper yourself

Delete template?

Save as template?

CIO&Leader_July 2017 (1)