CIO&Leader_July 2017 (1)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
EVENT REPORT
Meet this year's 24 brightest
security professionals Pg 08
INTERVIEW
Mandar Marulkar on the CDO Role
Pg 38
Volume 06
Issue 04
July 2017
150
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
SPECIAL AWARDS COVERAGE ISSUE
Featuring the finest moments from the two-day
security conference and awards ceremony
that felicitated India's future CSOs
A 9.9 Media Publication
EDITORIAL
Shyamanuja Das
shyamanuja.das@9dot9.in
Whither
Security
Leadership?
T
Security is getting
aligned more and
more with the
organizational
risk management
even though in
some cases older
structures have
not changed
he issue that you are holding in your
hand carries the report on our recent security
conference where, along with some
really compelling content, we felicitated
the winners of our NEXTCSO award winners.
NEXTCSO, to the uninitiated, is our
small contribution to identify and honor
the security professionals who have it in
them to become the next chief information
security officers.
As we present the highlights of the event
in this issue, I would like to bring out a
couple of observations during the event
and while analyzing the data pertaining to
demographic and professional profiles of
the winners and other applicants.
First, security is becoming more interesting.
In the conference, speaker after
speaker spoke about security threats,
future challenges, and risks to business
in a language and with examples that all
of us can relate to. There was very little of
those highly technical schematic diagrams
that were the mainstay of any security
presentation earlier. The bad news is, if
we can so closely identify with the threats,
they are so much more real than they used
to be—and for most of us.
The second—not entirely isolated from the
first—is the emergence of ‘leaders’ rather
than techies or even managers who are now
required to lead this war against the big,
bad world of cyber criminals. It was quite
evident from the data that I analyzed. There
is little difference between the hard skills of
the winners and the non-winners. The differences
are all primarily about soft skills
like innovation, entrepreneurial skills and
people skills. That is a definite change.
This time, I got a chance to get into deeper
conversations with a lot more CISOs. That
gave me a good idea of what is going on in
their minds. While the space is too short
to get into that, we will carry some of those
videos in our website. One thing is clear
–Security is getting aligned more and more
with the organizational risk management
even though in some cases older structures
have not changed.
More about that later—especially as we
have done a survey around this very phenomenon.
July 2017 | CIO&LEADER
1
A 9.9 Media Publication
EVENT REPORT
Meet this year's 24 brightest
security professionals Pg 08
INTERVIEW Volume 06
Issue 04
Mandar Marulkar on the CDO Role
July 2017
Pg 38
150
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
SPECIAL AWARDS COVERAGE ISSUE
Featuring the finest moments from the two-day
security conference and awards ceremony
that felicitated India's future CSOs
CONTENT
JULY 2017
EVENT REPORT
08-29| NEXTCSO
Awards 2017
Featuring the finest moments from the two-day
security conference and awards ceremony
that felicitated India's future CSOs
advertisers ’ index
Infocom
Airtel
Cover Design by:
Manoj Kumar VP
IFC
BC
Please Recycle
This Magazine
And Remove
Inserts Before
Recycling
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from
Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine
Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at
Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301
This index is provided as an
additional service.The publisher
does not assume any liabilities
for errors or omissions.
2 CIO&LEADER | July 2017
CASE STUDY
04-06
Intelenet Global Services'
CIO 'taps' into AI
www.cioandleader.com
INSIGHT
30-31
The new workplace
mojo
32-33
How to identify
early AI adopters
34-35
Mind the fence
36-37
The glitch that
brought down NSE
INTERVIEW
38-39
The 'safa' wearing safe
brigade
MANAGEMENT
Managing Director: Dr Pramath Raj Sinha
Printer & Publisher: Anuradha Das Mathur
EDITORIAL
Managing Editor: Shyamanuja Das
Associate Editor: Shubhra Rishi
Content Executive-Enterprise Technology:
Dipanjan Mitra
DESIGN
Sr Art Director: Anil VK
Associate Art Director: Shokeen Saifi
Visualiser: NV Baiju
Lead UI/UX Designer: Shri Hari Tiwari
Sr Designers: Charu Dwivedi, Haridas Balan,
Manoj Kumar VP & Peterson PJ
Sr Photographer: Jiten Gandhi
SALES & MARKETING
Director-Community Engagement
for Enterprise Technology Business:
Sachin Mhashilkar (+91 99203 48755)
Brand Head: Vandana Chauhan (+91 99589 84581)
Assistant Product Manager-Digital: Manan Mushtaq
Community Manager-B2B Tech: Megha Bhardwaj
Community Manager-B2B Tech: Renuka Deopa
Assistant Manager Community: Mirzanoor Rahman
Associate-Enterprise Technology: Abhishek Jain
Assistant Brand Manager-B2B Tech: Mallika Khosla
Regional Sales Managers
South: Ashish Kumar (+91 97407 61921)
North: Deepak Sharma (+91 98117 91110)
West: Prashant Amin (+91 98205 75282)
Ad Co-ordination/Scheduling: Kishan Singh
Assistant Manager - Events: Naveen Kumar
Assistant Manager - Events: Himanshu Kumar
PRODUCTION & LOGISTICS
Manager Operations: Rakesh Upadhyay
Asst. Manager - Logistics: Vijay Menon
Executive Logistics: Nilesh Shiravadekar
Logistics: MP Singh & Mohd. Ansari
OFFICE ADDRESS
Nine Dot Nine Mediaworx Pvt Ltd
121, Patparganj, Mayur Vihar, Phase - I
Near Mandir Masjid, Delhi-110091
Published, Printed and Owned by Nine Dot Nine Mediaworx
Private Ltd. Published and printed on their behalf by
Anuradha Das Mathur. Published at 121, Patparganj,
Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091, India.
Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,
NOIDA (U.P.) 201301.
Editor: Anuradha Das Mathur
July 2017 | CIO&LEADER
3
CASE STUDY
Intelenet Global
Services' CIO 'taps'
into AI
The IT leader is using a design thinking approach to
nurture a new level of cross-departmental proximity
with the help of T.A.P framework
By Shubhra Rishi
4 CIO&LEADER | July 2017
Case Study
The T.A.P team contributed to the
success of the AI tool, with the help
of which the company was able to
cut down 10-11% in operational cost
Ask a CIO about business alignment
and he/she will emphasize on the
need of it but do very little for it.
Not Rajendra Deshpande; the Chief
Information Officer at Intelenet
Global Services (formerly Serco) has
adopted a design thinking approach
to "business alignment" into a new
avatar: T.A.P.
Deshpande’s role isn’t just limited
to providing IT solutions for business.
Instead he has a customer-facing
role and is expected to constantly
create business value for his organization
as well as customers.
Attuned to the role, two years ago,
Deshpande came up with an innovative
idea to create the T.A.P framework
in order to build the capability
to align IT activities to business strategy
and performance goals. The T.A.P
framework comprises teams from
three functions namely Technology,
Analytics and Process Excellence.
Deshpande followed a creative process
when it comes to harnessing the
IT team’s potential. "Conventionally
The Creative CIO
Rajendra Deshpande is combining the power of creativity
and technical expertise at his workplace. The T.A.P framework
is a result of this genius. He is a doodler, photographer
and a traveler. He possesses many diverse talents and that’s
what keeps him inspired at work. He is a mentor for many of
his team members. Sometimes in his rare free time, Deshpande
sketches infographics; his most recent on Conference
Call – A Reality Show. He works collaboratively, has great
client focus, and brings a real depth of technical expertise
across a number of IT disciplines
July 2017 | CIO&LEADER
5
Case Study
"Adopting a design
thinking approach and
ensuring cross training
of team members has
helped us create a strong
value proposition for
business as well as
customers"
- Rajendra Deshpande
CIO, Intelenet Global Services
IT is always seen as a hindrance for
implementing business initiatives.
Not anymore.
"With T.A.P, a new business initiative
involves inputs from tech, business
and process excellence champions,
where we identify all new ideas,
understand the priorities, and collect
the few ideas that are most compelling
for business," says Deshpande.
One such idea was the in-house
implementation of an artificial intelligence
(AI) tool to allow retrieving
airline ticketing fare rules across
multiple time zones and websites.
Deshpande says that there was a
need for a system that is capable
of communicating with the client
systems and Global Distribution
Systems (GDS) in order to simplify
the fare rules.
The company wanted to build this
tool to serve all different time zones
in the most efficient manner in order
to serve their customers in the travel
or tourism industry.
“Companies across the globe are
willing to invest millions in developing
a product which can talk to multiple
GDS’ across multiple time zones
and POS,” says Deshpande.
The T.A.P team closely worked with
the development team to design the
AI tool that communicates with the
GDS and retrieves the PNR details,
reads through the fare rules and
check the applicable conditions,
thereby calculating the applicable
charge or refund due post an amendment
or a cancellation.
“Adopting a design thinking
approach and ensuring cross training
of team members has helped us
create a strong value proposition for
business as well as customers,” says
Deshpande.
The T.A.P team contributed to the
success of the AI tool, with the help
of which the company was able to cut
down 10-11% in operational cost – the
processing time required to process
a request using the tool and improve
their first call resolutions.
“The AI tool was among the several
projects that the T.A.P team
undertook and effectively delivered,”
says Deshpande
Moreover, the team now works
with different customers instead of
working for them.
Currently, there are 150 people in
the T.A.P framework who are allocated
to different projects. For each
project, Deshpande says, while the
core T.A.P team remains the same,
different resources – based on their
domain expertise— are allocated to
different projects.
As a result, Deshpande has also
been able to address the talent gap in
the organization. “We have been able
to create positive synergies within the
teams and improve the overall organizational
culture,” he says.
Deshpande’s goal has been to
keep IT aligned with shifting business
priorities. In a way, he has set
an example for other CIO peers by
constantly reinventing the wheel;
taking business and customer-facing
responsibilities; addressing the skill
gap; recognizing talent.
But above all, Deshpande is transforming
organizational culture,
thereby fostering a new level of
cross-departmental proximity; not
just alignment
6 CIO&LEADER | July 2017
#TheBigPicture
Applicants from
companies with over
48% 2500 employees
Applicants handling
IT budgets of more than
53% 5cr each
Come and establish
camaraderie with the
IT giants of tomorrow
For engagement opportunities, please contact
Sachin Mhashilkar
sachin.m@9dot9.in, +919920348755
Vandana Chauhan
vandana.chauhan@9dot9.in, +9199589 84581
NEXTCSO Event Coverage
Featuring the finest moments from the two-day
security conference and awards ceremony
that felicitated India's future CSOs
8 CIO&LEADER | July 2017
NEXTCSO Event Coverage
T
he worst thing about a security breach is
neither reputation risk nor the data theft
that compromises the privacy of an individual.
The worse is the inability to learn
from them - to turn the reactive approach
to a strategic one.
In the last one year, an average of 36.6M
records has been stolen in India - a 14%
increase from 2015. WannaCry and Petya
are recent ransomware attacks that have
yet again, raised questions about enterprises'
security preparedness.
Unfortunately, the cyber security professionals
haven't been able to keep up. Apex
body NASSCOM claims that India has a
50,000 cyber security workforce; however,
it predicts that we will need at least one
million skilled people by 2020.
According to ISACA’s State of Cyber Security
2017, 37% of respondents say fewer
than 1 in 4 candidates have the qualifications
employers need to keep companies
secure. The survey also reveals that almost
27% of respondents state that they are
unable to fill open cyber security positions
in their enterprises—with another 14% of
respondents unaware as to whether their
enterprises could fill these positions or not.
This leaves a quarter of cyber security
positions unfilled, the survey reports.
In the wake of mounting security incidents
– over 27,482 reported in 2017—
the government is taking some concrete
steps to appraise the role of the Chief
Information Security Officer (CISO).
Indian-Computer Emergency Response
Team (CERT-In) mandates all ministries,
departments and organisations to
appoint a CISO and have strengthened
the role to implement the right security
controls while promoting a culture of
defense. Banks and insurance companies
have also been mandated by regulatory
bodies such as RBI and IRDAI to appoint
a full-time CISO by April 30 and to formulate
an effective cyber crisis management
plan by June 30 of this year.
While the basic expectations from the
CISO will continue to remain the same:
information security (IS), information risk
management (IRM), data protection, and
oversight of audits, governance and compliance,
as well as technical, operational,
legal and regulatory risks.
But the basics won’t be enough.
With the business and threat landscape
changing rapidly, CISOs will have to
upgrade their skills and ensure that any
cyber security strategy contributes to
financial stability and growth, and embeds
security in all of the organization’s plans.
This means that organizations need to
appoint someone on your board who’s not
only dedicated to cyber security but also
understands regulatory requirements and
overall business strategy.
Perhaps that’s what will make a nextgeneration
CISO?
The aim of NextCSO Awards 2017 is
just that: To find exceptional individuals
who have the ability to take on the top job.
They are selected through a rigorous and
comprehensive process that will evaluate
professional achievements, management
and leadership skills that are essential to
the making of a next-gen CISO.
Here’s a glimpse into the NEXTCSO
Conference that celebrated the triumph
and victory of 24 next-gen CISOs and 20
NEXTCSO jury who handpicked them.
July 2017 | CIO&LEADER
9
NEXTCSO Event Coverage
Next-Gen Security For
The New Age CISO
The theme of the mid year conference was to discuss the changing
role of the CSO in the enterprise and how it will be influenced by a
number of factors including new business models and business
channels, new threats, new skills, training and education that will be
needed for both security specialists and leaders
10 CIO&LEADER | July 2017
NEXTCSO Event Coverage
Security is approaching the realm of the sacred in the corporate
world -- and the CISO is its protector. How to safeguard
your assets? - is a question troubling security leaders and
organizations alike. At the NEXTCSO mid-year conference this
year, our goal was simple: To give the security leaders a glimpse
into the future, new opportunities and new possibilities
Vikas Gupta, Publisher & Director, 9.9 Media welcoming delegates at the NEXTCSO Midyear
Conference at Crowne Plaza, Jaipur
R Giridhar, Group Editor, CIO&Leader and CSO Forum introducing the first speaker of the
NEXTCSO Mid-year Conference
July 2017 | CIO&LEADER
11
NEXTCSO Event Coverage
Sunil Varkey, VP & CISO, Wipro Technologies kicked off the conference with the title session on 'NextGen Cyber Security: Re-thinking
Strategies & Processes'
The first session set the context for the day 1 of the conference where Sunil Varkey presented a CSO's
perspective on the past, present and future of security, its changing landscape and juxtapositioned it with
lessons from Wannacry and Petya. He also discussed the need for creating adaptive architecture and
effective governance as a strategic measure to prepare for the future
Sapan Talwar, Founder & CEO, Aristi
Ninja, delivering a session on 'SecDevOps:
Integrating Security into the Application
Development Process'
InfoSec missteps are becoming extremely
costly, and billions of dollars Enterprises
spend far less on software supply chain
security. Sapan said that SDO best practices
will help organizations implant secure coding
deep in the heart during development.
Automation in coding and workflow security
tests will make secure software an inherent
outcome in today’s agile environment
12 CIO&LEADER | July 2017
NEXTCSO Event Coverage
CISOs listening attentively to the ongoing sessions at the CISO conference
Sanjivan S Shirke, Senior VP - IT & Head -
Information Security, UTI Asset Management
Co enchanted the audience with an interesting
session on 'Handling Ransomware Threats &
Zero Day Attacks'
Ransomware is a threat not in the distant
future, said Sanjivan Shirke at UTI Asset
Management Co. Ransomware is the fastest
growing malware threat, targeting users of
all types—from the ... average, more than
4,000 ransomware attacks have occurred
daily. He also stressed on the need for
security teams to stay current on threat
vectors, and keep operating systems and
applications up to date with current patches.
User education, he said, is the starting
point for enterprise security and is even
more important now
July 2017 | CIO&LEADER
13
NEXTCSO Event Coverage
"Organizations have improved
their abilities to resist attacks,
but attacks take different and
increasingly complex forms,"
said Raddad Ayoub at Ernst &
Young. He talked about the executing
control measures in the
corporate shield and how they
work against DDoS or virus
attacks, but not against sophisticated,
persistent attacks that
dedicated and organized cyber
criminals are launching every
day.
He advised that the CIO and
CISO need to fully understand
the organization’s strategic
direction, risk appetite and
operations to support the adapt
and reshape phases.
The session on 'Cyber Resilience: Sense, Resist & React' was conducted by Raddad Ayoub,
Partner, EMEIA Advisory Center for Cyber & Governance Risk and Compliance, Ernst & Young
NEXTCSO Winners and CISOs attentively listening to the ongoing sessions at the CISO conference
14 CIO&LEADER | July 2017
NEXTCSO Event Coverage
IT operations in many organisations
lack process capabilities
for comprehending realtime
intelligence and taking
timely action to safeguard the
assets. Shree Parthasarathy
at Deloitte Touche Tohmatsu
said that threat Intelligence
services enables organisations
to proactively manage technology
resources more effectively
by providing alerts and
advisory related information
on the latest vulnerabilities to
different IT resources.
Shree Parthasarathy, Partner & National Leader - Cyber Risk Services, Deloitte Touche
Tohmatsu India addressed the CSO community on 'Threat Intelligence: The New Frontier'
Cyber-attackers are leveraging
automation technology to
launch strikes today. WannaCry
is not a one-off event. Manish
Tewari at Microsoft said
that they has been committed
to ensuring our customers are
protected against these potential
attacks.They recommend
those on older platforms, such
as Windows XP, to upgrade to
the latest platforms. The best
protection is to be on a modern,
up-to-date system that incorporates
the latest defense-indepth
innovations. Older systems,
even if fully up-to-date,
lack the latest security features
and advancements.
The hot topic of 'Protecting Your Critical Information Infrastructure' was delivered by
Manish Tiwari, CISO, Microsoft India
July 2017 | CIO&LEADER
15
NEXTCSO Event Coverage
LUNCH
During the Security Cafe, our partners and CISOs grouped for a discussion on a wide range of security topics
The aim of the 'Security Cafe' was to embark on a fresh dialogue on next-gen security. In their effort to launch
new digital initiatives, security is the latest conundrum that's troubling leaders today. Is there a way organizations
can protect their critical assets on cloud? What would be the role of the CISO if they were to embrace
digital? Security leaders were divided into different groups where they engaged with our partners on the
various security challenges and opportunities in the future
9.9 Media conducted a lucky draw and gave away prizes to 10 winners
16 CIO&LEADER | July 2017
NEXTCSO Event Coverage
The NEXTCSO mid-year conference drew a full house comprising an attendee
list of top security delegates from some of the largest companies in India. The
rich content delivery and an elite speaker panel gathered accolades from jury,
winners and speakers alike.
Delegates, CISOs and our
partners networking between
speaker sessions
July 2017 | CIO&LEADER
17
NEXTCSO Event Coverage
At the NEXTCSO Conference,
Shivakumar Sriraman at VISA,
spoke about the future of payments.Today
there are more
technology players in the market;
hence, there's even more
disruption. When it comes to
payment security,companies
are in a constant dilemma:
convenience or security? Fraud
remains near historic lows, but
data losses continue to accelerate.Companies
need to constantly
think beyong cards and
passwords. The key to securing
the future of payments lies
with tokenization; expanding
from device-based to card-notpresent
applications.
An impactful session on 'Securing the Future of Payments' was delivered by Shivakumar
Sriraman, Chief Risk Officer – India & South Asia, VISA
Maneesh Dube, Executive Director, Russell Reynolds Associates - India & Tim Cook, Managing Director, Wychwood Partners - UK jointly
delivered a session on 'Keeping Pace with the Evolving Role of the CISO'
While all this is happening globally, only a handful of CISOs get more than INR 1 Cr. in India. So
the big question is: what differentiates the heavy hitters? Tim and Maneesh talked about the five
top capabilities that include experience, intellectual horsepower, vision, leadership and the ability
to collaborate.They also discussed the top job requirements such as application security, product
security, security architects, forensic investigation and behavioral analytics, required to secure a
high-paying CISO role.
18 CIO&LEADER | July 2017
NEXTCSO Event Coverage
As organizations increasingly embrace IoT into
mainstream operations, the onboarding and management
of IoT devices becomes critical to success.,
said Santanu Ghose at HPE Aruba. He said
that companies need a strategy to securely connect
mobile and IoT devices at the edge, to extract the
value associated with smart buildings
Santanu Ghose, Director, HPE Aruba and Arpit Bhatt, Consulting Systems Engineer - Security and IoT,
HPE Aruba delivered a session on 'Smarter Security Across the Intelligent Edge'
CISOs and NextCSOs attending Wine and Cheese session
conducted by Microsoft
Jatinder Singh Pabla, Lead - Office 365 Business,
Microsoft India, spoke to CISOs on 'How to build
a Secure Productive Enterprise'. The session was
moderated by Sachin Mhashilkar, Director-Community
Engagement, 9.9 Media
July 2017 | CIO&LEADER
19
NEXTCSO Event Coverage
Rajiv Nandwani at Innodata
discussed the Bimodal
approach in IT- the practice
of managing two separate but
coherent styles of work; one
that is focused on predictability
and the other focused on
exploration. Nandwani said
that both modes are essential
to create substantial value and
drive significant organizational
change, and neither is static.
Marrying a more predictable
evolution of products and
technologies with the new and
innovative is the essence of an
enterprise bimodal capability.
Both play an essential role in
digital transformation
An interesting session on Aligning Security & Risk Management with Bimodal IT was
conducted by Rajiv Nandwani, Director & VP - Global Information Security & CISO, Innodata
Anuj Tewari at HCL Technologies
discussed the growing
dependency of CISOs on third
parties due to globalization
and expanded use to support
core products, economic pressure
– need for efficiencies
and cost savings as well as
growing threats. Today the
third parties are expected to
deliver critical specialized services
and there is a growing
need to maximise value and
deliver great commercial outcomes
through relationships.
He recommended creation of
assess controls based on risk
of product or service.
The highly engaging topic of 'Beyond the Enterprise: Securing the Third Party Ecosystem'
was delivered by Anuj Tewari, CISO, HCL Technologies
20 CIO&LEADER | July 2017
NEXTCSO Event Coverage
Welcome to NextCSO Awards 2017 - The
inaugural speech and presentation was given
by Group Editor, R Giridhar
The NEXTCSO winners were decked in a formal attire along
with the traditional 'safa' at the NextCSO Awards 2017 -
awaiting their turn at the ceremony
The stage was set at The
Crowne Plaza, Jaipur for the
NEXTCSO Awards 2017. The
award winners were selected
through a rigorous and comprehensive
process that will
evaluate professional achievements,
management and leadership
skills that are essential
to fulfilling the challenging
role of a CISO
An interesting panel discussion on Making the Leap to NextGen Cyber Security Moderated by Faraz Ahmed, CISO, Morgan Stanley
Panelists: Bharat Gautam, CISO, Hero FinCorp, Murli Menon, Director & CSO, Atos and Milind G. Mungale, SVP & CISO, NSDL
e-Governance Infrastructure
July 2017 | CIO&LEADER
21
NEXTCSO Event Coverage
Felicitation of NextCSO Awards Winners
The 24 next-gen security leaders receiving the NEXTCSO Awards in a grand ceremony at The
Crowne Plaza, Jaipur on 7-8th July 2017
22 CIO&LEADER | July 2017
NEXTCSO Event Coverage
The awards program draws on the support and involvement of India’s top executives and leaders to
select 24 exceptional individuals who have skills, talent and motivation to take on the top job
July 2017 | CIO&LEADER
23
NEXTCSO Event Coverage
NextCSO Awards Jury Felicitation
The NEXTCSO jury being felicitated at the awards ceremony. The final selection was made by a prestigious
committee of top 20 information security leaders
From L to R: Manoj Nayak, SBI Life Insurance, Thiyagarajan Saravanan,
HPCL, Indrajit Saha, Indian Oil Corporation, Sanjivan S Shirke,
UTI Asset Co, Faraz Ahmed, Morgan Stanley, Sunil Varkey, Wipro
Technologies, Burgess Cooper, Ernst & Young, Milind Mungale NSDL
e-Governance Infrastructure Ltd, Anuj Tewari, HCL Technologies, Uday
Deshpande, Tata Motors
24 CIO&LEADER | July 2017
NEXTCSO Event Coverage
Entertainment
At the NEXTCSO Awards, Rajasthani artists lit up the stage
with folk music and dance performances. In Matka Bhavai
dance, the number of vessels gradually increase and the dancer
balances up to seven or more on her head. The folk singer
sang traditional songs from Bikaner among other places, as
the audience matched their steps with the dancers
July 2017 | CIO&LEADER
25
NEXTCSO Event Coverage
As the awards night came to
a close, Sachin Nandkishor
Mhashilkar, Director - Community
Engagement, at 9.9
Media, looked back at the
event that it had been. He
thanked the winners, jury,
and partners, HPE Aruba,
Microsoft, Sophos, Juniper
and InstaSafe, for their support
and encouragement,
in helping CSO Forum put
together a fantastic NEXTC-
SO conference and awards
ceremony
Vote of thanks by Sachin Nandkishor Mhashilkar, Director-Community Engagement, 9.9 Media
Felicitation of Partners at the NEXTCSO 2017
26 CIO&LEADER | July 2017
NEXTCSO Event Coverage
CSO Mid-year Conference - Day 2
The Day 2 of the NEXTCSO
Conference had an interesting
line up of speakers discussing
a wide range of topics such as
artificial intelligence in security,
IoT intelligence and testing,
connected cars and the
cybersecurity threat - all relevant
and crucial to the future
of enterprise security
In today's unpredictable
times, information security
and cyber security must
co-exist and be balanced
such that the former continues
to strengthen the
foundations,and the latter
becomes a visible business
enabler, based on customer
confidence. He proposed a
framework that should provide
a broad guideline on
Information & cyber security
for insurance industry.
It should be flexible, leverage
existing international
approaches, standards, practices,
focus on risk management
and total compliance
and enable effective understanding
of response recovery
versus prevention
Meeting the Regulatory Bar: Information Security & Regulators by Manoj Nayak, CISO, SBI
Life Insurance Co
July 2017 | CIO&LEADER
27
NEXTCSO Event Coverage
Using AI & Machine Learning for Cyber Security
by Venkatsubramanian Ramakrishnan, Head - Information Risk Management, Cognizant
Security professionals are
hesitant to use quantitative
methods because of the following
common misconceptions
that include cyber security is
too complex to model quantitatively.
Venkatakrishnan
Subramanian at Cognizant
says that we have to ask ourselves
exactly how the existing
risk matrices and risk scores
alleviate these issues. Are
they really helping us to make
decisions? The answer is that
quantitative, probabilistic
methods must be used specifically
because of lack of perfect
information, not in spite of
it. If perfect information was
available, probabilistic models
would not be required at all.
Bringing connectivity to
the car has enabled vehicle
manufacturers to offer an
increasing range of services.
This allows users to access
information on the move and
fulfil the promise of seamless
connectivity. Uday Deshpande
at Tata Motors discussed
the transformation of cars
from mechanical systems to
mobile computer networks
has opened up an array of
new attack points. and invited
the attention of hackers to
unleash more organised criminal
activity
Securing the Connected Automotive Ecosystem by Uday Deshpande, CISO, Tata Motors
28 CIO&LEADER | July 2017
NEXTCSO Event Coverage
Towards the end of the NEXTCSO
mid-year conference, Sophos
conducted a lucky draw and gave
away prizes to one lucky winner
IoT will offer opportunities
for companies which are manufacturing
IoT goods, and also
for those companies which
are providing services related
to IoT. Pratiksha Doshi at
E&Y demonstrated different
use cases of IoT across
verticals. The manufacturers
of smart devices, sensors or
actuators, and the application
developers, marketing strategists,
analytic companies and
internet service providers
(ISPs) will all profit from
the evolution of IoT.
The session on IoT Security and Testing was delivered by Burgess Cooper, Partner -
Information & Cyber Security, Ernst & Young and Pratiksha Doshi, Director, E&Y
July 2017 | CIO&LEADER
29
INSIGHT
The new
workplace mojo
The study highlights that success lies in the effective
implementation of a digital workplace strategy capable of
driving true cultural change that accelerates business
By CIO&Leader
30 CIO&LEADER | July 2017
Insight
W
Smarter workspaces don’t just
create happier employees – they also
help in creating newer and authentic
relationships with customers and
the ecosystem as a whole
orkspace is no longer seen as a
physical environment as the disruptive
impact of digital transformation
spreads across organizations
and industries, according to a latest
IDC study. As per the study, entitled
“Workspace Transformation: The Key
to Tomorrow’s Digital Enterprise,” success
lies in the effective implementation
of a digital workplace strategy capable
of driving true cultural change that
accelerates business.
The detailed IDC study outlined
current enterprise trends along with
appropriate use cases to support
informed decision making about
market offerings. It also assessed
a real-world solution – Dimension
Data’s Workspaces for Tomorrow on
Microsoft Office 365 – which aims to
address enterprise needs for a reliable,
mobile, flexible, secure, and costeffective
solution.
“Can business leaders, CIOs, and IT
leaders today claim to have enabled
truly digital workspaces – where
employees and the overall ecosystem
can share knowledge and forge more
productive business relationships
beyond natural work groups? The
answer more often than not will be
"No." Should they be worried? The
answer is a resounding "Yes." The Digital
Workspace is no longer an option
– it is an imperative,” said Arjun
Vishwanathan, Associate Director –
Emerging Technologies, IDC India.
According to Vishwanathan, smarter
workspaces don’t just create happier
employees – they also help in creating
newer and authentic relationships
with customers and the ecosystem as a
whole. “Although newer technologies
and increased training are the standard
go-to models, it is becoming clear
that perhaps the most effective strategy
is in creating an enhanced and
adaptive workspace through improving
the workspace itself,” he said.
The report notes that Dimension
Data is uniquely poised to enable
solutions around this with its Enduser
Computing Development Model
(EUCDM), which allows organisations
to identify not only the current
state, but also define the future road
map and requirements. As well as
assessing the way employees meet,
work, and collaborate, the Dimension
Data solution also offers the
implementation and management of
user-aligned technologies via planning,
deployment, integration, and
managed services.
A critical part of the picture is the
global partnership between Dimension
Data and Microsoft; which aims
to drive value for organisations. As
a key alliance partner to Microsoft,
Dimension Data brings enhanced
access to early adopter programs,
technical support, and Microsoft’s
future direction.
The study indicates that digital
transformation efforts are going to
continue to dramatically change the
workspace landscape – particularly
at the edge. An explosion of new
device types and applications are
being fueled by trends, such as
Internet of Things (IoT), augmented
reality/virtual reality (AR/VR), and
cognitive computing.
“The ability of our Workspaces
for Tomorrow solution to support a
variety of services, including advisory
and management and to be an allaround
partner in progress is symbolized
by the tangible business value on
offer. That includes cost savings, business
and operational efficiencies, security,
and enhanced user experience
and satisfaction,” said Kiran Bhagwanani,
CEO, Dimension Data India.
“When viewed from the perspective
of an organisation that is traversing
its own DX journey, these attributes
have the potential to deliver seamless
transformation and outcomes that are
predictable, and place the enterprise
on a forward- looking growth trajectory,”
said Bhagwanani
July 2017 | CIO&LEADER
31
Insight
How to identify
early AI adopters
In a new research paper, McKinsey & Company aims to
explore the potential of artificial intelligence (AI) to become
a major business disrupter
By CIO&Leader
A
rtificial Intelligence creates news almost
every day. In the last year, tech giants, such as
Google and Baidu invested between USD 26B
to USD 39B in artificial intelligence. However,
according to a research paper titled Artificial
Intelligence: The Next Digital Frontier?’ published
by Mckinsey & Company, the adoption
of AI in 2017 has remained low - with 41% of
enterprises said that they are still uncertain
about the benefits of the technology.
The survey that gathered responses from
3,000 businesses around the world also
32 CIO&LEADER | July 2017
Insight
How companies are adopting AI
AI adoption is greatest in sectors that are already strong digital adopters
High AI
adoption
Medium
AI
adoption
Low AI
adoption
•
•
•
•
found that many business leaders
are uncertain about what exactly
AI can do for them, where to obtain
How AI-aware are you?
20% they are adopters
3+ technologies
3%
2 technologies 7%
1 technology
41%
say they are uncertain
of AI
Retail
Media / entertainment
CPG
Assets
Usage
Digital Maturity
Six characteristics of early AI adopters
Digitally mature
Adopt multiple
technologies
31%
10%
Partial adopters
Larger
businesses
Focus on growth
over savings
10%
40%
Experimenters
Contemplators
Adopt AI in
core activities
C-level
support for AI
Source: McKinsey Global Institute, McKinsey&Company
AI-powered applications, how to
integrate them into their companies,
and how to assess the return on an
Labor
investment in the technology.
For the rest, Mckinsey & Company
defines six characteristics of early
AI adopters that differentiates them
from late bloomers:
The first feature is that early AI
adopters are from verticals already
investing at scale in related technologies,
such as cloud services and big
data. Those sectors are also at the frontier
of digital assets and usage. This
is critical, as it suggests that there is
limited evidence of sectors and firms
catching up when it comes to digitization,
as each new generation of tech
builds on the previous one.
Second, independently of sectors, large
companies tend to invest in AI faster
at scale. This again is typical of digital
adoption, in which, for instance, small
and midsized businesses have typically
lagged behind in their decision to invest
in new technologies.
Third, early adopters are not specializing
in one type of technology. They
go broader as they adopt multiple AI
tools addressing a number of different
use cases at the same time.
Fourth, companies investing at
scale do it close to their core business.
Fifth, early adopters that adopt at
scale tend to be motivated as much
by the upside growth potential of AI
as they are by cutting costs. AI is not
only about process automation, but
is also used by companies as part of
major product and service innovation.
This has been the case for early
adopters of digital technologies and
suggests that AI-driven innovation
will be a new source of productivity
and may further expand the growing
productivity and income gap
between high-performing firms and
those left behind.
Finally, strong executive leadership
goes hand in hand with stronger AI
adoption. Respondents from firms
that have successfully deployed an
AI technology at scale tended to rate
C-suite support nearly twice as high
as those from companies that had not
adopted any AI technology
July 2017 | CIO&LEADER
33
Insight
Mind the fence
Perimeter security may be important, but understanding
of technology and data security is imperative
By CIO&Leader
Despite the increasing number of data breaches
and nearly 36.6 million data records being
lost or stolen in India in 2016, the vast majority
of IT professionals still believe perimeter
security is effective at keeping unauthorized
users out of their networks, as per Breach
Level Index. However, companies are under
investing in technology that adequately protects
their business, according to the findings
of the fourth-annual Data Security Confidence
Index released recently by Gemalto.
Surveying 1,050 IT decision makers worldwide,
businesses feel that perimeter security is
keeping them safe. Out of the 100 IT decision
makers from India, most (98%) believe that it is
quite effective at keeping unauthorized users
out of their network. However, 49% are not
extremely confident their data would be protected,
should their perimeter be breached, a slight
decrease on last year (58%). Despite this, nearly
seven in 10 (69%) organizations report that they
believe all their sensitive data is secure.
Are you protecting your data?
Many businesses are continuing to prioritize
perimeter security without realizing it
34 CIO&LEADER | July 2017
Insight
Job descriptions of the five CDO archetypes
Progressive
Thinker
Creative
Disruptor
Customer
Advocate
Innovative
Technologist
Universalist
Promotes open,
dialogue-oriented
culture
Industry-wide
reputation
as thought leader
Early adopter
Change agent
Promotes open
culture: innovative,
agile,
experimental
Young, softwareoriented
culture
Promotes open
culture: responsive,
adaptive, customercentric
Client advocate
Promotes open,
agile culture
Change agent
Promotes open
culture, dialogueoriented
and flexible
Industry-wide
reputation as
throught leader
Leading
ambassador for
change
Source: Strategy& analysis, PwC
is largely ineffective against sophisticated
cyber attacks. According to the research findings,
93% of Indian respondents said their
organization had increased investment in
perimeter security technologies such as firewalls,
IDPS, antivirus, content filtering and
anomaly detection to protect against external
attackers. Despite this investment, two thirds
(66%) believe that unauthorized users could
access their network, rendering their perimeter
security ineffective.
These findings suggest that there is a lack
of confidence in the solutions used, especially
as over a third (38%) of organizations
have seen their perimeter security breached
in the past 12 months. The reality of the situation
is worsened when considering that,
on average, less than 10% of data breached
(11%) was encrypted.
Businesses’ confidence is further undermined
by over half of respondents (45%) not
knowing where [all] their sensitive data is
stored. In addition, over a third of businesses
do not encrypt valuable information, such as
payment (33%) or customer (39%) data. This
means that, should the data be stolen, a hacker
would have full access to this information,
and can use it for crimes including identify
theft, financial fraud or ransomware.
As many believe that unauthorised users
could access their organization’s data if
they penetrated the network, the worry
of future breaches is a justified ongoing
concern. According to respondents from
organizations that have suffered a perimeter
security breach, only 8% of breached data
was encrypted, on average. If unauthorised
users access the network and access the data
within it, it is more likely than not that they
have full visibility of that data as well.
Security practices and the link
to data regulations
Over nine in ten (94%) surveyed IT decision
makers believe that two-factor authentication
can help their organization comply with
data protection regulations and pass security
audits. The majority think the same for
encryption of PII (88%) and key management
(84%). However, many organizations do not
even have these measures in place when it
comes to stakeholders accessing company
data (Fig 10). This suggests that there is a
divide between what IT decision makers
believe is best and what organizations currently
have been able to implement
July 2017 | CIO&LEADER
35
Insight
The glitch that
brought down NSE
The recent NSE outage was caused by a software error, says
a preliminary SEBI investigation—a reminder that we may be
taking basic availability for granted
By CIO&Leader
36 CIO&LEADER | July 2017
Insight
Atechnical glitch shut down India’s
largest stock exchange, the National
Stock Exchange, for more than three
hours on June 10, 2017 as the system
failed to boot in its opening time: 9
am. The cash and derivative transactions
were held up, though NSE
halted the futures and options (F&O)
operations too at around 10 am.
After two failed attempts at 10.45
am and 11.15 am, normal trading
could only be resumed at 12.30 pm.
This happened in a day where BSE
Sensex saw a record high and also
gained in volumes because many
traders switched to BSE because of
the NSE glitch.
This outage comes exactly three
years after the July 2014 outage
at Bombay Stock Exchange (BSE)
which had lasted for three hours.
The NSE outage impacted trading
for a longer period.
Two previous cases of trading
halts at BSE have been because of
connectivity issues. NSE too had
experienced a glitch in October 2012
but trading was impacted for less
than fifteen minutes.
In August 2013, the US bourse
NASDAQ, on which the NSE is
modeled, had stopped functioning
for more than three hours,
due to a glitch. Even the New York
Stock Exchange (NYSE), the largest
exchange in the world, had stopped
trading for almost four hours exactly
two years back, on 9 July 2015.
“The matter is being examined by
the internal technical team and external
vendors, to analyze and identify
the cause which led to the issue and
to suggest solutions to prevent recurrence,”
NSE said in a press statement.
Lack of Backup?
Three hours is a very long time from
trading point of view and many traders
were unhappy that NSE did not
switch to a backup system.
NSE has been quoted as saying that
it did not invoke its Business Continuity
Plan (BCP) because the plan
was meant to provide continuity in
case of natural disasters, hardware
failures and connectivity-related
issues only.
The stock exchange regulator, Securities
and Exchange Board of India
(SEBI), which was directed by the
Indian Ministry of Finance to investigate
the issue and submit a report by
the day end, clarified that the glitch
was a software issue.
This outage comes exactly three
years after the July 2014 outage
at Bombay Stock Exchange (BSE)
which had lasted for three hours.
The NSE outage impacted
trading for a longer period
“On preliminary analysis, the technical
problem apparently is related to
software,” SEBI said in a statement.
The regulator also ruled out the possibility
of cyber attacks. “It does not
seem to be related to any cyber security
related compromise,” it clarified
in the same statement.
SEBI has directed NSE to submit
a detailed report on the matter. The
regulator has also asked NSE to have
a review of their Business Continuity
Plans and to submit a detailed plan
as to what measures are going to be
taken to avoid such recurrences.
What to make out of the
glitch?
At the lack of any detailed public
report, it is difficult to analyze what
caused the delay. However, based on
the information known so far, certain
things are clear.
1. It was not a cyber attack; it was a
system error
2. NSE did not switch to its BCP
because that was reserved for
natural disasters or hardware failures,
meaning it has not taken into
account situations like this where
the business continuity was severely
compromised, for its BCP
This just means that even for mission
critical applications such as stock
market trading, there is serious gap in
business continuity planning. In the
last few months, a series of outages in
airlines, such as Delta, United and British
Airways had brought into limelight
the gaps that remain in the resilience
plans of these airlines, the NSE outage
has once again highlighted that issue.
In none of these cases, any external
attack was involved.
While a stock market outage may
not have seen as much social media
outrage as an Airlines outage, the
potential impact in business terms
could be much bigger.
Are we ignoring the basic reliability
and resilience plans while readying
ourselves for tackling possible
external actors?
July 2017 | CIO&LEADER
37
INTERVIEW
“I want to foster a
digital culture in the
organization”
Mandar Marulkar, CIO & CDO, KPIT Technologies, talks
to Sachin Nandkishor Mhashilkar on his new digital role
and what it entails
38 CIO&LEADER | July 2017
Mandar Marulkar, KPIT Technologies
Interview
‘‘With the pace at which
digitization is taking place, it
is important to ensure all your
employees are enabled - both
from a cultural and skill-set
point of view’’
–Mandar Marulkar
CIO & CDO, KPIT Technologies
According to you, what are some
of the scenarios that are likely to
impact your industry by 2020?
Companies are upgrading their IT infrastructure
to support IoT in the future. When we
talk about 20 billion devices in 2020, they will
generate a huge amount of data and that’s where
professional services will be expected to churn
out data and come up with relevant business
use cases. In such a scenario, creating a platform
that will enable interactions between producers
and consumers and monetizing the data will be
extremely important.
What are some of your key priorities
for 2020?
From an automation perspective, embedding
programmability into the infrastructure and
integrating the software-defined with your core
IT infrastructure will give birth to a true DevOps
culture. The next priority will be moving on
from the monolithic application stack and the
waterfall methodology to application development.
It is also important to understand the next
generation threats and build the overall holistic
cyber security platform, not only to protect your
business applications and typical IT stack but
to secure the OT infrastructure, especially as
billions of devices now generate data from an
OT perspective and that needs to be integrated
with IT. The other area will be to build a digital
culture in your organization. With the pace at
which digitization is taking place, it is important
to ensure all your employees are enabled -both
from a cultural and skill-set point of view - in
order to grab the challenge of 2020 and provide
innovative solutions to the industry.
How will the rapid evolution of
technology impact your industry
in the year 2020?
It is very difficult for any organization to cope
up with the rapid pace of innovation happening
around the world. Lot of disruption is
taking place in start-ups and companies you
didn't know about or didn't exist until today.
So we need to ensure that workload migration
from on-premise to public cloud is secure and
cost-effective.
What are your personal goals for
the year 2020?
I’m getting into a new role of a Chief Digital
Officer (CDO) and I’m expected to showcase
our internal innovations to customers. Also, I
want to create a digital culture in our organization,
for the leadership as well as millennials,
who join the company.
July 2017 | CIO&LEADER
39
NEW CHALLENGES
NEWER POSSIBILITIES
Come contribute to
CIO Agenda 2020
To know more about the event, log on to
#CIO2020
#Agenda2020