CIO & LEADER-Issue-06-September_iPad

INSIGHT
Data Protection - India Still A Long
Way Off Pg 24
ITERVIEW
Questions for a Futurist
Pg 10
Volume 06
Issue 06
September 2017
150
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
AI does
not mean
losing jobs;
it means
it's time to
reskill your
workforce
Page 12
A 9.9 Media Publication

EDITORIAL
Shyamanuja Das
shyamanuja.das@9dot9.in
Reskilling:
Why we
must avoid
misplaced
priorities?
T
We should
not confuse
between
reskilling
needs arising
because of
automation
and reskilling
needs arising
because of
changes in
technology
India is the global IT services hub. So, we get
to see many of the IT trends much before they
actually touch, let alone significantly impact,
our domestic businesses.
The early advent of hype around a technology
trend often creates so much confusion that
the enterprise IT departments end up having
misplaced priorities.
As my colleague Shubhra discusses the
challenges and opportunities associated with
IT reskilling, it is important to steer clear of
one such potential confusion—between the
reskilling needs created because of automation
and reskilling to remain competitive.
There is little doubt in anyone’s mind that
the latter is an imperative—more so in a fast
growing economy like India.
It is the former that needs a very careful
consideration. For the large offshore
IT industry in India, it is a huge challenge.
For one, it reduces the need for large manpower,
which is India’s major differentiator,
not to talk of cost. Two, going for large scale
automation replacing IT jobs means a large
redundant workforce, leading to layoffs.
Large scale mass layoffs are a big problem
to handle for the industry, where prime
capital is manpower. Indians are still sensitive
to retrenchment. In short, it is an issue to
deal with.
For enterprise IT, automation, if anything,
is an opportunity in the short to medium
run. With so much of cloud and outsourcing
already in place, impact on jobs will be only
marginal. In the long run, it may change the
dynamics of IT delivery itself and that may
require a completely different delivery model
but that is not happening anytime soon. For
the time being, automation is a clear opportunity
for the CIOs.
Having said that, reskilling cannot be
ignored as a priority. With new technologies
such as AI, IoT, data analytics and distributed
ledgers becoming mainstream, businesses
need large number of people with those skills.
More importantly, the new risks arising out
of cyber threats require a specially-skilled
army of fighters. That requires reskilling of
existing information security professionals.
All these are real needs.
We should not confuse between the two different
types of reskilling needs
September 2017 | CIO&LEADER
1

S P I N E
INSIGHT
Data Protection - India Still A Long
Way Off Pg 24
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
A 9.9 Media Publication
ITERVIEW Volume 06
Questions for a Futurist Issue 06
September 2017
Pg 10
150
Page 12
CONTENT
SEPTEMBER 2017
COVER STORY
12-17| AI does not mean
losing jobs; it means it's time
to reskill your workforce
After all, it is often, not the strongest of the species that
survives, but the one that is the most adaptable to change
advertisers ’ index
Airtel
AI does
not mean
losing jobs;
it means
it's time to
reskill your
workforce
Cover Design by:
Shokeen Saifi
BC
Please Recycle
This Magazine
And Remove
Inserts Before
Recycling
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from
Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine
Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at
Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 2013011
This index is provided as an
additional service.The publisher
does not assume any liabilities
for errors or omissions.
2 CIO&LEADER | September 2017

OPINION
04-05
How India Has Fared With
Modi’s Digital Vision
www.cioandleader.com
06-07
Are Intelligent Machines
Overtaking Human Skills Or
Complementing Them?
INTERVIEW
08-09
A chatbot is maturation of
the need for consumers
who want self service
EVENT REPORT
18-19
CloudSec 2017: Leveling
Up Security
INSIGHT
20
Adobe India Is Closing
The Gender Pay Gap
22-23
Raghuram Rajan’s 8
Expectations From
IT
MANAGEMENT
Managing Director: Dr Pramath Raj Sinha
Printer & Publisher: Anuradha Das Mathur
EDITORIAL
Managing Editor: Shyamanuja Das
Associate Editor: Shubhra Rishi
Content Executive-Enterprise Technology:
Dipanjan Mitra
DESIGN
Sr Art Director: Anil VK
Art Director: Shokeen Saifi
Visualisers: NV Baiju & Manoj Kumar VP
Lead UI/UX Designer: Shri Hari Tiwari
Sr Designers: Charu Dwivedi, Haridas Balan & Peterson PJ
SALES & MARKETING
Director-Community Engagement
for Enterprise Technology Business:
Sachin Mhashilkar (+91 99203 48755)
Brand Head: Vandana Chauhan (+91 99589 84581)
Assistant Product Manager-Digital: Manan Mushtaq
Community Manager-B2B Tech: Megha Bhardwaj
Community Manager-B2B Tech: Renuka Deopa
Associate-Enterprise Technology: Abhishek Jain
Assistant Brand Manager-B2B Tech: Mallika Khosla
Regional Sales Managers
South: Ashish Kumar (+91 97407 61921)
North: Deepak Sharma (+91 98117 91110)
West: Prashant Amin (+91 98205 75282)
Ad Co-ordination/Scheduling: Kishan Singh
Manager - Events: Naveen Kumar
Manager - Events: Himanshu Kumar
PRODUCTION & LOGISTICS
Manager Operations: Rakesh Upadhyay
Asst. Manager - Logistics: Vijay Menon
Executive Logistics: Nilesh Shiravadekar
Logistics: MP Singh & Mohd. Ansari
OFFICE ADDRESS
Nine Dot Nine Mediaworx Pvt Ltd
121, Patparganj, Mayur Vihar, Phase - I
Near Mandir Masjid, Delhi-110091
Published, Printed and Owned by Nine Dot Nine Mediaworx
Private Ltd. Published and printed on their behalf by
Anuradha Das Mathur. Published at 121, Patparganj,
Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091, India.
Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,
NOIDA (U.P.) 201301.
Editor: Anuradha Das Mathur
SECURITY
28-40
BA outage: Human?
Computer? Process?
September 2017 | CIO&LEADER
3

OPINION
How India Has
Fared With Modi’s
Digital Vision
While the Digital India initiative is great on paper, its
execution has been far behind schedule
By Pradipto Chakrabarty
LLaunched on July 1, 2015, the Digital India
initiative of Prime Minister Narendra Modi
generated a good deal of euphoria. The aim of
this ambitious project is to create an empowered
society and knowledge economy with emphasis
on e-governance. The projected expenditure
on this project is INR 1,13,000 crore. Its highlights
included providing high speed internet
services to citizens. Digital India also aimed
at ease of doing business in the country and
on providing broadband services in all villages,
implementing tele-medicine and mobile
healthcare services, electronic education delivery
and making governance more participative
– thereby improving processes and delivery
of services through e-governance with the
power of UIDAI, payment gateway, EDI and
mobile platforms.
4 CIO&LEADER | September 2017

Opinion
Digital Dream
Modi’s Digital initiative also aimed to
provide internet services to 2.5 lakh
villages and 1.5 lakh post offices which
would be converted to multi-service
centres. The government promised to
lay national optical fibre network in
all 2.5 lakh gram panchayats and take
steps to ensure that by 2018 all villages
were covered through mobile connectivity.
It also planned to train 1 crore
students from small towns and villages
for IT sector by 2020.
These measures – the nine pillars of
digitalisation – envisaged in the vision
document, were just what India had
been waiting for all these years and
what it needed to implement to become
a truly global economy.
Pat on the Back
Understandably, the initial response to
Modi’s Digital India vision from leading
global players was extremely positive.
Many of them offered to be India’s
partner in this initiative. Microsoft
CEO, Satya Nadella, for instance, said
that his company would set up low cost
broadband technology services in 5
lakh villages across the country. Sundar
Pichai, CEO, Google hoped that
with this initiative India would play a
big role in driving technology forward
and improve the lives of its citizens.
However, the digitalization of a country,
especially a country of the size and
diversity of India -- cannot be a taken
as a silo; it has to have a 360 degree
perspective encompassing all socioeconomic
parameters.
Slow Implementation
So while the Digital India initiative is
great on paper, its execution has been
far behind schedule.
There are many reasons for the PM’s
digital juggernaut rolling so slowly.
The major hurdle towards implementing
the DI mission is the wide
digital divide that exists in India. It is a
paradox that even though mobile penetration
in India is high, the internet
connectivity is one of the lowest among
countries. Without internet connectivity,
the effectiveness of digital services
is hugely compromised. Lack of
language and digital literacy in using
technology to access and use information
is also a problem. Although smart
phones are available cheap in India,
most people, especially in rural and
semi-rural areas have no idea how to
use them. The root cause of such literacy
barriers is of course our under
resourced education system and abysmally
low IT awareness among user
communities.
Nations around the world are recognizing
the transformational impact
of bringing more of their population
online and network operators and
device manufacturers are exploring
ways to further reduce the cost of
access and provide service to underserved
populations. India needs to do
this with greater urgency and speed.
Most of India is still not connected
– even if they are, the network infrastructure
is so poor and archaic that
speed is a major concern. Even in metros,
we have to put up with abysmal
speed even on 4G networks. This must
change, and fast.
How to Expedite Things
For effective implementation of the
Digital India mission the laying of
the National Optical Fiber Network
(NOFN) has to be speeded up on war
footing. At the moment, this activity
is taking place at snail’s speed. The
Bharat Broadband Network Limited
(BBNL) the special purpose vehicle
along with its implementing agencies
which are PSUs with archaic processes
and procedures and in many cases also
slow in technology adaptation. They
need to pull up their socks and work
with greater zeal and vigour to deliver
Modi’s vision of Digital India.
The infrastructure (the hardware as
well as the Network infrastructure),
too, is dated and in many cases, maintenance
of equipment not up to the
mark. Quite often, the government
does not have enough people skilled in
these domains.
Another important reason for the
slow implementation of Digital India is
lack of understanding of new technologies,
such as cloud, mobility and IoT.
Cyber security is a major issue which
is, unfortunately, not being given the
attention it deserves. This ought to be
a major concern, especially now with
sensitive data uploaded on IT systems.
The Digital India content is highly
vulnerable and needs to be secured
against cyber-attack. This becomes
even more critical with the large volume
of financial transactions moving
digital now.
Major Imperatives
To translate the Prime Minister’s
vision of Digital India into reality
speedily we need to have a multipronged
strategy and work on multidiscipline
areas to bridge the digital
divide that exists in India at present.
The simplest way of doing this is
through mass IT awareness programs.
Improving IT skills– both at user end
as well as implementation end needs to
be a major priority.
The importance of cybersecurity and
cyber defence as key pillars of Digital
India’s march forward cannot be over
emphasized. It has to be kept in mind
at every stage of implementation of the
digital India initiative. We also need to
cut down on bureaucracy in the implementation
of NOFN – this is the first
and most important step to connect
the country on high speed broadband.
And finally, there is no option but to
think of cloud-based solutions to disseminate
digital services
–The writer is Regional Director,
CompTIA, the voice of the world’s
information technology industry.
CompTIA is dedicated to advancing
industry growth through its educational
programs, professional certifications and
public policy advocacy
September 2017 | CIO&LEADER
5

Opinion
Are Intelligent
Machines Overtaking
Human Skills Or
Complementing Them?
This technology shift is also triggering the dramatic
rise of human-machine interaction (HMI)
By Shirish Patwardhan
6 CIO&LEADER | September 2017

Opinion
TThe
fourth Industrial Revolution or
Industry 4.0, which coalesces several
emerging digital technologies, is
increasing the interaction of our physical
world with the virtual. While still
in its early stages of development, it
is already changing the face of manufacturing.
This technology shift is also
triggering the dramatic rise of what
is called the human-machine interaction
(HMI), which involves aspects of
interactions between humans, robots,
computers, Artificial Intelligence (AI),
robotics, humanoid robots, etc. Many
believe that consumers will adapt to
this trend much earlier than industrial
use cases.
The interactive technology is rapidly
advancing to take more space in our
daily lives. Think intelligent mobility
and parking, robot-administered
assisted care, fitness tracking wristbands
or smaller machines acting as
assistants to their owners.
But, while we are using more and
more devices to support our body, the
devices themselves are beginning to
simulate the human being. This begs
the question whether we are making
ourselves machine-like or making
machines human-like? The answer is
both. We, as humans, want to sense
everything internal and external to
our bodies and be aware of any health
issues much ahead of time while also
improving communication between
humans and machines.
Modern-day machines are as intelligent
and intuitive as the human brain
and can respond to us meaningfully.
Take, for example, Siri, the intelligent
conversational system in Apple devices,
or the other conversational systems
that use text, sound, accent, vision,
handwriting and gesture as different
interfaces, to personalize communication.
The use of chatbots, the intelligent
conversational agents which comprehend
human questions and provide
right answers in a natural interactive
dialogue will become more pervasive.
The definition of the machine has also
evolved to include ‘things,’ such as
cars, appliances, footwear, door locks,
drones, prosthetics, exoskeletons, etc.
The applications of HMI are continuously
changing, where machines
initially discover and later conform to
their “owner’s” requirements. In fields
like medical science, the technology
will make devices and systems more
efficient, user-friendly and accurate. It
is joining forces with information and
communications technology (ICT) to
unlock endless possibilities in improving
implants, exoskeletons, prosthetic
and orthotic devices, amongst other
interactive machines worn by the body.
Cardiac and brain pacemakers, retina
implants, cochlear implants are a
reality now. So are prosthetics and exoskeletons,
which are controlled using
brain signals. Healthcare experts are
looking at the ability of implants to
be retained inside the body for longer
periods, as the next breakthrough.
Several small machines co-exist in
the body but work in silos for different
tasks, making the system highly complex.
Imagine if there were a unique
power source or a central control system
in the body, complementing all the
machines, similar to how the human
body has the brain as its central unit.
Researchers are already working on
making this possible. We are also seeing
a huge interest in smart devices
that help people monitor their fitness,
heartbeat, health condition, etc.
Human-Robots Interaction (HRI)
is another branch in this field that
involves integrating robots safely
in our everyday lives to administer
assisted care. The success of it depends
more on establishing and ensuring a
reliable partnership and interaction,
based on trust.
Robots in the industrial sector are
increasingly performing jobs that are
repetitive or mundane. At the same
time, giving rise to the fear that they
will soon wipe out human jobs. With
concerns around ethical thinking and
the decision-making ability of robots
without human intervention, the
scenario of robots overpowering the
human skill in entirety is misplaced.
Remember, machines or robots need
instructors to train and program them
along with instructing them to differentiate
between the dos and don’ts
involved in performing a task or the
right and wrongs of the many actions
they do. Such training involves considerable
effort and time. At best, workers
who deal with repetitive or mundane
jobs are transferring their knowledge
to a machine or robot while shifting
their focus on tasks that are creative
and strategic.
Robots will never acquire the ability
to make decisions on their own. They
will be good at doing upto two or three
jobs assigned or already programmed
for them, but not beyond that. The
human brain consumes a small
amount of energy—just 20% energy
from the body—to learn and then to
execute their knowledge, as compared
to what robots are doing today.
In the future, we can see robots
expand their presence in the assembly
lines of factories, space stations,
military fields for rescue operations,
hazardous places like bomb disposal
sites, coal mines, nuclear power stations,
etc. They can also act as a remote
investigator during times of disasters
to search and rescue victims in roads
or as autonomous vehicles.
With Industry 4.0 being the next big
industrial revolution and companies
moving towards it, businesses should
navigate the automation wave by
using the complementary strengths of
both machines and human resources.
Acceptance by the end-users will be
the crucial determining factor for the
higher adoption of HMI applications
–(The author is Co-founder and CTO at
KPIT Technologies)
September 2017 | CIO&LEADER
7

INTERVIEW
A chatbot is
maturation
of the
need for
consumers
who want
self service
Today AI and chatbots are seen as practical innovation – something
that can actually be implemented or deployed. CIO&Leader spoke to
Chris Koziol, President at Aspect Software, on how the company sees
the impact of chatbots on customer experience
Aspect Software has been in business for
over 40 years. What have been some major
milestones for your business?
I think the big change has been the ability to switch
providers. The power has shifted from companies to
the consumer and that consumer now is demanding
companies to show them a different level of engagement.
They expect companies to know them personally, know
their preferences, and know their past history. They
expect companies to fit into their lives versus foreseeing
the consumer to fit into their life or their organization.
They also expect companies to enable them to connect
with them via mobile and that means any time, any place
because they are constantly moving around. A consumer
now expects the companies they do business with,to be
able to enable them to interact on their time frame in
the channel that they prefer. The consumer also expects
companies to help save them time and make it more
intuitive. If they have a question, make sure that the
answers are readily available, knowledgeable and
responsive. And that is really transforming companies all
over the globe.
8 CIO&LEADER | September 2017

Chris Koziol, Aspect Software
Interview
“The true recipe for CX is about
applying technology to lower the overall
cost of interaction at the basic level of
information exchange and free up your
human resources to truly solve problems
and add value and build relationships”
–Chris Koziol, President, Aspect Software
Is that something that
you consciously thought
about when you were
launching Aspect Via?
Well it really started about three or
four years ago; three years ago we
made an acquisition of a company
called Voxeo and it was a Gartner
Magic Quadrant leader in IVR and
many of the analysts and our
competitors questioned - why would
Aspect buy an IVR company? The real
critical asset for us wasn’t necessarily
the IVR capabilities but it was the
mobile platform that we call CXP Pro
and it truly enabled self service and
omni-channel capabilities. That
became a critical component for us to
enable the vision of Via.
According to a new 2017
report, 80% of businesses
want to deploy chatbots by
2020. How has Aspect latched
on to this AI trend both
globally and in India?
A chatbot is just the maturation of the
need for consumers who want selfservice
with companies saying - what
I need to do is to create a cost effective
way to provide access to information;
It came out of a focus of what could a
company do to increase availability of
information and lower the overall cost
of providing access to that information.
At Aspect, we have started leveraging
our CXP Pro application to enable the
development of chatbots. Some of the
examples are wide ranging - it could be
an application from a utility company;
it could be an application like a virtual
concierge that we have implemented
for a local hotel chain in London.
But isn’t it true that
thoughtless deployment
of chatbots and self-service
solutions can limit companies
of 360-degree views that
customers expect to have with
a brand. How according to you
can companies prevent such
service silos from taking
place?
Well I think that companies see the
need for it. It is a matter of – do they
feel comfortable and confident in the
capabilities that are out there that
they can leverage to truly execute it.
Organizations are trying to look for
knowledge workers, for people to
help them take this technology and
apply it to their unique problems. So
the maturity may not be there from
a technical competence standpoint.
That’s why they’re looking at
providers like Aspect to help them
accelerate how they can apply this
technology to their unique needs and
the ability to create a chatbot and
minimize the risk and enable them
to accelerate how they could apply
that technology to solve their unique
problems.
What is the perfect recipe
for CX that combines
human interaction and new
age tools and workplace
optimization solutions?
What the customer want is not
someone to read them information
that they can read themselves; they are
looking at an agent to help them solve
a problem. The true recipe, I believe,
is about applying technology to lower
the overall cost of interaction at the
basic level of information exchange
and free up your human resources to
truly solve problems and add value
and build relationships. This does
three things; one, it drives customer
loyalty; two, it makes agents more
productive and happier which lowers
the overall cost; and three, it drives the
return on investment
September 2017 | CIO&LEADER
9

INTERVIEW
“Businesses and
governments
must partner to
create solutions
that promote
humanity”
Through the explosion in science and
technology development, human and society
will change faster in the next 25 years than
they have in the past 200 years. That raises
a very important question: how do we create
a human enterprise in the midst of this
technological evolution. CIO&Leader spoke to
Steve Wells, Director of Operations at Fast
Future Publishing, discussed the business
and societal implications of increasing
automation and how will that need the
creation of a very human enterprise
What do we need to do to
create a very human
enterprise?
As a society, we could choose to reign
in those technological developments,
and we could understand what it takes
to use those technologies so that they
serve humanity rather than humanity
serve these technologies, to create
this notion of a human enterprise.
What is it we need to do as businesses
and as employers to maximize the
opportunity that people give us
within our businesses alongside the
technology?
That's a critical question.
Today if we do move to a point where
so many people are unemployable,
we need to think of its impact on
humanity. We need to ask and answer
questions such as: How do politicians
and governments understand and
create solutions for those people who
are unable to work? How does the
tax regime around the world, not just
10 CIO&LEADER | September 2017

Steve Wells, Fast Future Publishing
Interview
“If we use artificial
intelligence (AI),
robots, machines
for easy mundane
jobs, then maybe
we can focus people
on other tasks”
–Steve Wells, Director of Operations,
Fast Future Publishing
nationally, but globally, change in
order to value and reward companies
that employ people at the cost of those
that deploy technologies?
How do we prevent
companies from
rendering people
unemployable?
I do think that there is need for
some kind of partnership between
businesses and governments so that
we can introduce these technologies
that promote humanity. If we use
artificial intelligence (AI), robots,
machines for easy mundane jobs,
then maybe we can focus people on
other tasks. If AI is doing the run-ofthe-mill
things such as turning the
handle, maybe there is an opportunity
for us and our businesses to develop
deep relationships with people we do
businesses with, and help the people
that work in our companies to develop
and grow.
Are companies
implementing the
concept of a human
enterprise?
There's so much difference in the economies
of different countries and companies
around the world. If there is strong
growth for a country and a company,
then you can implement the concept of
a human enterprise. If you create automated
processes and systems, you can
deploy those and you can employ more
people. But let's be clear: Even when
we do move to a new situation when
we have greater automation, there are a
number of jobs that will be critical; jobs
around programming, around leadership,
and around trying to understand
and articulate new business propositions.
But are these going to be enough
to offset reductions in other sectors?
Frankly, I don’t know.
But there needs to be partnership
between businesses and governments.
Otherwise, what is the real incentive
for a commercial organization
to forego profits in order to be a
really good employer and be totally
socially responsible?
What are some of the
ethical issues that could
arise due to implementing AI?
We could potentially create an
interesting dynamic in companies
going forward that retain people in
their organization but also deploy
artificial intelligent robots. For
instance, how do you compete as a
person looking for promotion against
an artificially intelligent robot? How
do you compete against an enhanced
human who has decided to merge
himself with some kind of competitive
enhancing drug or technology that's
embedded in them?
That's an ethical issue beyond the
raw power of the potential of artificial
intelligence that is linked back to a
mixed workforce
September 2017 | CIO&LEADER
11

12 CIO&LEADER | September 2017

AI does not mean
losing jobs; it means
it's time to reskill your
workforce
After all, as the saying goes, it is often, not the
strongest of the species that survives, but the one
that is the most adaptable to change
By Shubhra Rishi
September 2017 | CIO&LEADER
13

Cover Story
As I write this story, I'm
fully aware of the future
of my job as a technology
journalist. We now know
that artificial intelligence
(AI) can now be used to write a grammatically-correct
news copy. The Press
Association, a news agency operating
in the UK and Ireland, has won a EUR
706,000 grant to run a news service
with computers churning out localized
news stories.
IT jobs suffer the same fate at the
hands of cognitive technologies. This
doom, as some like to call it, was long
coming.
And yet, we continue to be hopeful
about the future of our work. A
research titled 'Workforce of the
future: The competing forces shaping
2030' carried out by PwC over the last
decade, drew on the inputs of 10,000
people in China, India, Germany, the
UK and the US, has revealed that 73%
think technology can never replace the
human mind while 37% are worried
about automation putting jobs at risk –
up from 33% in 2014.
As if we didn't know already: Yes,
automation will curb employment
-including jobs in IT. But the more
fundamental – and difficult – question
we must ask of the future of work is: Is
reskilling of the workforce a solution
to this problem?
According to World Economic
Forum’s 'Future of Jobs' survey in
2016, organizations recognize reskilling
and retraining as a priority. Just
over 2/3 of respondents from the
survey believed that future workforce
planning and change management
features as a reasonably high or very
high priority on the agenda of their
organization’s senior leadership, ranging
from just over half in the infrastructure
sector.
“Every few years there is a need to
find new-age solutions to meet the
needs of enterprise and engineering
“WE PROBABLY
DID NOT RESKILL
OURSELVES
IN THE 2000S,
THEREFORE
FACE THIS
REDUNDANCY
NOW.”
Tamal
Chakravorty
Director IT & Test,
Ericsson Global
Services India
environments. It’s true for all areas.
Look at consumer durables, look at
refrigerators or TVs. IT is no different
and new products keep coming out
and therefore, new skills are required
to run and manage those products,”
said Tamal Chakravorty, Director IT &
Test at Ericsson Global services India.
"But honestly these may not be
termed as “new” therefore, skills
may not necessarily be “new”. If someone
talks about cloud skills today it
was the same skills in 2000 called
“hosted datacenters”. We probably
did not reskill ourselves then; therefore,
face this redundancy now," added
Chakravorty.
We have been here before
Enterprise IT jobs were threatened by
the advent of cloud. But we all know
what happened there. From 2012 to
2015, IDC predicted cloud to generate
a total of 6.75 million jobs. Even
though a quantifiable number is not
available to measure the impact that
cloud had on the overall employment
in the IT sector, but it can be measured
indirectly via the rise in demand for
IT services, the growth of online commerce,
smartphones, and startups...
the list is endless.
The net effect of any job loss caused
by increase in the adoption of cloud
has more than made up for the overall
employment opportunities that it created
in different industry sectors.
Sanjeev Prasad, Global CIO at
Sutherland Global Services, who
crafted a cloud first strategy as early
as 2010 during his tenure as a Global
CIO and leader of Digital Platforms
at Genpact, has seen the evolution of
cloud from close quarters. He said
that the advancement in technology
is bound to bring in automation and
retire redundant jobs.
And AI is a déjà vu moment for
cloud computing -with one stark difference.
According to Padmaja Alaganandan,
Executive Director - Consulting at
PwC Consulting, “while technology
has been making rapid strides since
the industrial revolution, it is the first
time that some of the cognitive functions
and complex decision making
are being taken over by machine intelligence.
In that sense we are at some
kind of inflection point.”
A recent survey run by the Future
of Humanity Institute, a research
center that studies existential risks
at the University of Oxford in the UK
and Yale University in the US, asked
352 machine learning researchers to
predict the journey of AI. It was found
that there is a 50% chance of AI outperforming
humans in all tasks in 45
years and of automating all human
jobs in 120 years.
The years may seem far away from
2017, but it really isn’t if we take into
account the rate at which technology is
evolving.
14 CIO&LEADER | September 2017

Cover Story
Future workforce strategies, industries overall
Unconscious bias among managers
Lack of work-life balance
Lack of role models
Lack of qualified incoming talent
Women’s confidence, aspirations
Societal pressures
Unclear career paths
Lack of talent, leadership development for women
Don’t know
No barriers
Lack of parental leave
44%
44%
39%
36%
31%
23%
17%
15%
12%
10%
6%
Source: Future of Jobs Survey, World Economic Forum
What should we do?
“There's no perfect answer but it presents
a huge opportunity for training
companies to prepare the digital workforce
of the future,” said Prasad.
According to Alaganandan, there are
two important steps that come before
reskilling of the workforce. The first
step, she said, is to think through and
plan for the workforce for the future.
“Companies need to create a flexible
ecosystem that can provide easier
access to different skill sets and allows
different stakeholders to become part
of the value chain.”
The second step is to determine
the role of AI in order to address
which of the jobs in your organization
can be best done through cognitive
technologies.
The third and the final step, she said,
"is to identify and up-skill employees
in your workforce for better, more
important jobs in the organization."
India's most profitable PSU, Indian
Oil is on a 5 -year mission to automate
its fuel outlets in the country. Besides
automation, it also plans to turn 30
out of its 130-odd terminals into smart
ones in the next one year. The Corporation
has about 25,000 petrol pumps
of which 8,800 are already automated.
The company is using IoT to collect
a large amount of data from its plant
machinery and equipment. It is using
analytics to not only improve the efficiency
and performance of plants but
perform predictive maintenance to
determine the condition of in-service
“MANAGING ALL
THESE NEW-
AGE PLATFORMS
WILL REQUIRE
RESKILLING.”
Deepak Agarwal
Executive Director
- IT, Indian Oil
Corporation
equipments. It is also planning to
deploy a chatbot for its field force with
an aim to assess its usefulness in their
day-to-day working.
"Managing all these platforms
requires reskilling," said Deepak
Agarwal, Executive Director - IT,
Indian Oil Corporation.
“We have reskilled more than 90%
of our existing workforce,” he added.
The trick, Agarwal said, is to make
sure that our internal IT team is working
side by side with external stakeholders
in the project from planning
to execution for long-term IT projects;
for one-time deployments, we can
always hire external stakeholders,”
he added.
Chakravorty said that we must align
our training programs with the organization's
future strategy and answe
questions about finding the necessary
skills for it.
The other approach is to hire smart.
The PSU recruits once a year and the
process starts well in advance. Agarwal
said that they are hiring more
statisticians apart from computer sci-
September 2017 | CIO&LEADER
15

Cover Story
ARTIFICIAL INTELLIGENCE
The next digital frontier?
The current AI wave is poised to finally break through
Investment in AI is growing at a high rate, but adoption in 2017 remains low
In 2016, companies invested
$26B to $39B
in artificial intelligence
TECH GIANTS
$20B to $30B $6B to $9B
3x
STARTUPS
External investment growth since 2013
20%
of AI-aware firms say
they are adopters
3+ technologies
2 technologies 7%
1 technology
41%
of firms
say they are uncertain
about the benefits of AI
3%
10%
31%
Partial adopters
10%
Experimenters
40%
Contemplators
How companies are adopting AI
AI adoption is greatest in sectors that are already
strong digital adopters
High AI
adoption
•
Assets
Six characteristics
of early AI adopters
Digitally mature
Larger
businesses
Usage
Medium
AI
adoption
Retail
Media / entertainment
CPG
Adopt AI in
core activities
Adopt multiple
technologies
Low AI
adoption
•
•
•
Labor
Focus on growth
over savings
C-level
support for AI
Digital maturity
Four areas across the value chain where AI can create value
PROJECT:
Smarter R&D and
forecasting
PRODUCE:
Optimized
production and
maintenance
PROMOTE:
Targeted sales
and marketing
PROVIDE:
Enhanced user
experience
Five elements
of successful AI
transformations
Use cases /
sources of value
Data
ecosystems
Techniques
and tools
Workflow
integration
Open culture
and organization
16 CIO&LEADER | September 2017

Cover Story
ence specialists. “We are making sure
that we recruit from good universities;
HR, to understand what kind of workforce
is needed; business, to tell us
in advance when they will need tech
skills, and IT, to decide whether we
need to retrain our existing manpower
or hire from outside,” said Agarwal.
A number of new jobs will be
required to understand the applications
of AI. These are likely to require
advanced degrees and highly specialized
skill sets.
"IT employees who cannot enhance
their skills to work in a highly automated,
large-scale environment,"
said Prasad.
“But the job prospects will be high
in areas such as data science, critical
thinking, business analytics, etc,” he
added.
This is not going to be easy.
What does it mean for IT
leaders?
A few years ago, it was predicted that
the CIO role will perish.
Today CIOs from top performing
organizations are spending up to four
days more on executive leadership.
“THE
ADVANCEMENT IN
TECHNOLOGY IS
BOUND TO BRING
IN AUTOMATION
AND RETIRE
REDUNDANT
JOBS.”
Six steps for the future IT leader
Act now.
This isn’t about some ‘far future’ of work – change is already happening,
and accelerating.
No regrets and bets.
The future isn’t a fixed destination. Plan for a dynamic rather than a static
future. You’ll need to recognize multiple and evolving scenarios. Make
‘no regrets’ moves that work with most scenarios – but you’ll need to
make some ‘bets’ too.
Make a bigger leap.
Don’t be constrained by your starting point. You might need a more radical
change than just a small step away from where you are today.
Own the automation debate.
Automation and Artificial Intelligence (AI) will affect every level of the
business and its people. It’s too important an issue to leave to IT (or
HR) alone. A depth of understanding and keen insight into the changing
technology landscape is a must.
People not jobs.
Organisations can’t protect jobs which are made redundant by technology
– but they do have a responsibility to their people. Protect people
not jobs. Nurture agility, adaptability and re-skilling.
Build a clear narrative.
A third of workers are anxious about the future and their job due to automation
– an anxiety that kills confidence and the willingness to innovate.
How your employees feel affects the business today – so start a
mature conversation about the future.
Source: PwC's Workforce of the future: The competing forces shaping 2030 report
Sanjeev Prasad
Global CIO,
Sutherland Global
Services
According to Gartner’s 2018 CIO
Agenda, 79% of CIOs report that digital
business is making their IT organizations
more "change-ready." However,
the major roadblock in the way of
growth will be the lack of talent. CIOs
feel that these technologies, especially
AI, will require new skills, "some of
which will be hard to find." .
Change is constant – even for
IT leaders. If organizations are to
embrace the future, they must not
only focus on their workforce but the
leadership at the top.
Adaptability will be an essential
leadership skill to navigating the
changes ahead. CIOs along with the
IT workforce will have to develop
skills to manage a mixed workforce,
gain understanding of a new technology,
and identify the people who can
be upskilled in the organization. It’s
impossible to predict the skills that
will be needed even five years from
now, so leaders and their organizations
need to be ready to adapt and
reskill– in the world they envisage – or
be ready to perish
September 2017 | CIO&LEADER
17

EVENT REPORT
Dhanya Thakkar, Managing Director- APAC,
Trend Micro, at the opening ceremony of the
CloudSec 2017 in India
CloudSec
2017:
Leveling Up
Security
Cyber security remains top
priority for enteprises across
the globe
By CIO&LEADER
AAt the CLOUDSEC 2017 on 13th September
2017, we saw some of the concerns surrounding
cyber security getting voiced and
addressed. IT and security leaders around
the world discussed the multi-faceted
threats facing their enterprises. The three
cyber attacks this year, namely WannaCry, Petya, and the
more recent Locky, are proof that organizations need to
level up their security preparedness. A total of 600 executives
attended the conference and deliberated on various
cyber security related topics during the one-day conference,
which saw participation from top enterprises, security
experts, and industry leaders.
The opening address was delivered by Dhanya Thakkar,
Managing Director- APAC, Trend Micro, who talked about
the role of the CIO as one of the key drivers of risk mitigation,
and to lead necessary change and transformation.
The session by Bill McGee, SVP, Hybrid Cloud Security at
Trend Micro provided insights on the latest and upcoming
trends in cloud computing, which may challenge current
information security mindset and practices. McGee provided
recommendations on how businesses can leverage
cloud computing trends without compromising the security
of their networks and infrastructure.
The keynote session was delivered by Gulshan Rai,
National Cyber Security Coordinator (Ex-Officio Secre-
The keynote panel discussion titled ‘Turning security into competitive
advantage in the era of Fast-IT’
tary), Government of India, who talked about how the need
for good cyber security will require the cooperation of the
industry. He spoke about the need for collaboration between
the Indian government and security industry bigwigs.
The other noted experts and industry leaders who participated
in a keynote panel discussion titled ‘Turning security
into competitive advantage in the era of Fast-IT’ included
Simon Piff, VP of Security Practice at IDC, Myla Pilao,
Director, TrendLabs Research at Trend Micro, Vishal
Salvi, CISO, Infosys, Jayantha Prabhu, CIO at Essar Group,
18 CIO&LEADER | September 2017

Trend Micro
Event Report
The keynote of the event was delivered by Gulshan Rai, National Cyber
Security Coordinator (Ex-Officio Secretary), Government of India
Renowned author and commentator,
Gurcharan Das, addressing the delegates in
his evening keynote session
The audience listening intently to the ongoing
evening session
The lit up stage at the CloudSec event in Mumbai
Sunil Varkey, VP & CISO at Wipro Technologies, and Christophe
Durand, Police Senior Superintendent at Interpol
Global Complex for innovation (IGCI). The session was
moderated by business story-teller and event facilitator,
Vijay Ramachandran.
Speaking at the event, Nilesh Jain, Country Manager, India
& SAARC at Trend Micro said, “The CloudSec event elevates
the question of how ready and prepared organization
are when faced with trivial or even big security incidents.”
The speakers at the event raised important questions on
a number of cyber security threats such as ransomware,
cloud security, shadow IT, among others.
Vishal Salvi, CISO at Infosys, said, "The advent of ransomware
tells us how important cyber security is for digital
evolution today. We can expect the tech evolution and innovation
to change dramatically but we can definitely change
the way we look as experts and start having that influencing
capacity to engage the stakeholders, give the right messages,
get the right budget, and make sure that we are working
very closely with the CIO and technology teams to build
necessary controls."
Other important speakers at the event included Mayur Danait,
CIO at Lupin, Arun Kumar Parameswaran, Managing
Director at VMware India, Mohit Pande, Country Manager-
India at Google Cloud, and Mr. Rajiv Chandra, Chief General
Manager-Information Systems at HPCL, among others.
The evening keynote session was delivered by renowned
author and commentator, Gurcharan Das. He addressed
a packed gathering of industry leaders, practitioners, and
CISOs cited examples from The Mahabharata and drew
comparisons with the digital age. He discussed the importance
of communication among leaders and selecting the
right people for business and security.
The action-packed day ended on a high note with dinner
and cocktail
September 2017 | CIO&LEADER
19

INSIGHT
Adobe
India Is
Closing
The
Gender
Pay Gap
Its female employees earn 99%
of what male employees earn
By CIO&Leader
EEarly this year, CIO&Leader did a story to find that
the consistent improvement in the hiring of women
over the last year is indicative of a trend that is
slowly bridging the gender divide. However, gender
pay disparity is a recurring phenomenon in enterprises
all around the world. Not in Adobe India.
The company, in an announcement, said that its
female employees earn 99% of what male employees
earn and is working to close the remaining gap
in the country.
At its annual 'Adobe and Women and Leadership
Summit' recently held in San Jose, the company
also said that it expects to close the gap by the end of
its fiscal year, with women paid USD1.00 for every
USD1.00 earned by male employees.
In a blog, Adobe’s Executive Vice President,
Customer and Employee Experience Donna Morris
said, “Adobe’s current global workforce is 30%
female. That’s up 2% from last year – but not as
high as we would like it to be. We’ve focused on
improving our hiring practices – from recruiting to
how we assemble interview panels and train managers.
This year to date, 40% of our new hires have
been women, up significantly from prior years.”
The company has also rolled out a “Breaking
Bias” training, which covers how unconscious bias
can influence us in the workplace. “The program
has resulted in broad and transparent conversations
about the many ways we can make our teams
and company more inclusive,” Morris wrote in the
company blog.
Adobe India in 2015 started offering up to six
months of fully paid leave for new parents, and since
then, hundreds of employees receive these benefits
20 CIO&LEADER | September 2017

Insight
Indians
Prefer
Female
Chatbots
Over Male
A survey reveals that 40%
prefer polite, not sounding
serious or posh
By CIO&Leader
OOver 40% of Indian consumers prefer artificial
intelligence-powered chatbots to be female who
are polite, not sounding serious or posh, a new
survey has revealed.
The survey, commissioned by Amdocs, a
global software and services provider, showed
that more than half (53%) of consumers prefer
their chatbots to look like a human, since human
agents better understand their needs (82%) and
can take multiple questions at once (62%).
This is because chatbots cannot deal with complex
requests, understand human emotions or
deliver personalised offers as well as humans.
Further, 43% consumers said they prefer
chatbots to be female, rather than male (21%)
and exhibit personality traits such as sounding
polite, caring and intelligent, as well as sounding
younger and funnier as opposed to sounding
serious and posh.
"Consumers have a good sense of how bots
can serve them, better developed. Their level of
frustration with today's bots is striking," General
Manager at Amdocs Gary Miles said in a
statement.
For the study, over 1,022 female and male consumers
between the ages of 18 to 74, gave their
critical judgment on the use of AI for customer
care and commerce.
The consumers complained that the current
chatbots struggle with their complex requests,
do not deliver personalised offers and lack
human attributes.
Moreover, the survey also revealed that service
providers are not investing in the right areas in
terms of their AI investments.
A total of 83% are prioritizing AI investment
in increasing speed of response and 50% in
information security and privacy.
However, customers seek better personalisation
or more comprehensive information in chatbots
September 2017 | CIO&LEADER
21

Insight
Raghuram Rajan’s
8 Expectations
From IT
Is Indian banking up for it?
By Shyamanuja Das
IIt is exactly one year since Raghuram Rajan relinquished his charge as RBI governor. As I was
going through his newly released book, I Do What I Do, it was good to be reminded of the expectations
he had from information technology—some of which we have covered right here.
Interestingly, Rajan—known more for his clear thinking, no-nonsense approach and fierce
independence (“I do what I do”)—rarely spoke in lofty, vague superlatives when it came to his
expectations from technology. Like in most other issues, he was very, very specific.
It is not that he did not acknowledge the role technology has already played in changing the
face of banking; but he wanted more and often in ways that neither the policymakers nor the
players were even thinking of. And it was never—I could not even use ‘rarely’—just a nice
sounding big idea. He put forward strong argument based on not only his deep understanding
22 CIO&LEADER | September 2017

Insight
of the Indian banking system and its
issues but also his clear assessment of
the state of relevant technologies.
“Note that none of this is really futuristic,”
Rajan once said while urging
banks to use IT to track performance
of bankers based on their real track
record in evaluating, designing and
monitoring projects “but it requires
a much stronger marriage between
information technology and financial
engineering, with an important role
for practical industry knowledge and
incentive design.”
Here are eight specific expectations
from banking technology that he has
articulated in his speeches delivered
on various occasions in the last few
months of his governorship.
1
Integrated IT for
daily reporting on
status of loans
“IT and IT usage has not penetrated
into the banks as properly as we would
like. Banks are still not fully integrated
in terms of IT usage so that on a daily
basis, it can spin out details of the
loans. If you do not know the picture
on a daily basis, there are activities
that can pile up over time, which can be
extremely risky for the bank.” - October
23, 2015, IDRBT Banking Technology
Excellence Awards, Hyderabad
2
Tracking Project
Finance
“Financiers should put in a robust
system of project monitoring and
appraisal, including where possible,
careful real-time monitoring of costs.
For example, can project input costs be
monitored and compared with comparable
inputs elsewhere using IT, so that
suspicious transactions suggesting
over-invoicing are flagged?” - August
16, 2016, FICCI-IBA Annual Banking
Conference, Mumbai
3 Re-engineering
business processes
“Adopting technology is more than
automation. It calls for serious efforts
IT systems within
banks should be
able to pull up
overall performance
records of loans
recommended by
individual bankers
easily
at re-engineering business processes.
Workaround solutions do not last
long and the price for overhauling the
system in the long run may be just
too expensive to manage.” - August
16, 2016, FICCI-IBA Annual Banking
Conference, Mumbai
4 Tracking &
incentivizing people’s
performance
“The incentive structure for bankers
should be worked out so that they
evaluate, design, and monitor projects
carefully, and get significant rewards if
these work out. This means that even
while committees may take the final
loan decision, some senior banker
ought to put her name on the proposal,
taking responsibility for recommending
the loan. IT systems within banks
should be able to pull up overall performance
records of loans recommended
by individual bankers easily, and
this should be an input into their promotion.”
- August 16, 2016, FICCI-IBA
Annual Banking Conference, Mumbai
5
Bringing down the
cost drastically
“The cost structure in the banking system
despite use of all the information
technology is still significantly high.
We can see the effect of the IT revolution
everywhere in the banking system,
except on the expenses side.
“Why aren't the expenses coming
down?”
“It is only by reducing the cost
of transactions (that) we can reach
all.” - October 23, 2015, IDRBT Banking
Technology Excellence Awards,
Hyderabad
6
Cyber security
“With changes in technology,
cyber security, both at the bank level
and at the system level, has become
very important. I think it would be
overly complacent for anyone of us to
say we are well prepared to meet all
cyber threats. A chilling statement
by an IT expert is “We have all been
hacked, the only question is whether
you know it or you don’t”. While the
statement may be alarmist, it is an antidote
to complacency.” -August 16, 2016,
FICCI-IBA Annual Banking Conference,
Mumbai
7
Tracking online
transactions to gauge
credit worthiness of small
businesses
“Yet another technological development
to watch is the alliance between
internet marketplaces and financial
firms. The information obtained from
monitoring sales and cash flows of
the online merchant can be the basis
for making him a loan and recovering
payment.” - January 29, 2016, NCAER,
New Delhi
8
Leveraging social
media to better
understand customer
needs (not just market
brands)
“There is tremendous information
available, ranging from social media
habits to the kind of products customers
use and so on, which can be used to
not just better serve the customer but
also for efficient banking.” - October
23, 2015, IDRBT Banking Technology
Excellence Awards, Hyderabad
Apart from cyber security, are Indian
banks even thinking along the lines of
technology applications articulated by
Dr Rajan?
September 2017 | CIO&LEADER
23

Insight
Data Protection -
India Still A Long
Way Off
The rise of data consumption is breaking all
previous records
By CIO&Leader
24 CIO&LEADER | September 2017

Insight
A
As governments of the world realise
the urgent need to tame the anarchic
world of the Internet -- dominated by a
couple of tech giants -- and write new
rules pertaining to users' rights, data
privacy and spread of false news and
extremist content, India too must shun
archaic regulations and implement
New-Age cyber laws.
The debate is now growing about
exercising some form of control over
the web when billions are communicating
daily over social media platforms,
smartphone use is on the rise
and data consumption is breaking all
previous records.
Look at how the Unites States has
brought Facebook under intense
scrutiny over Russian ads on its platform
during the 2016 US presidential
election, or how the European Union
in June slapped a record USD 2.7 billion
fine on Google after it found that
it "abused its market dominance as a
search engine by promoting its own
comparison shopping service in its
search results, and demoting those of
competitors".
Speaking at the United Nations last
week, British Prime Minister Theresa
May said technology companies must
go "further and faster" in removing
extremist content from their platforms.
In the meanwhile, there is widespread
criticism across the world,
including in India, about sharing of
user data on WhatsApp and its parent
company, Facebook.
Like the West, the time is ripe for
India to wake up from its slumber in
terms of cyber regulation and come up
with appropriate strategies to tighten
its cyber policies vis-a-vis the Internet,
say experts, adding that the existing
cyber law is not adequate to deal with
current realities.
"India does not have any detailed
legislation on data privacy on Internet/
social media platforms. India also does
not have a data protection law. The
“If big Internet
players want to
have access to the
India market, they
have to comply
with Indian
regulations.”
—Pavan Duggal,
SC Advocate & Cyber Law Expert
September 2017 | CIO&LEADER
25

Insight
Information Technology Act, 2000,
which got amended only in 2008, is
neither a data privacy law nor a data
protection law," Pavan Duggal, cyber
law expert, told IANS.
According to him, Indians are slowly
beginning to discover that they have no
effective remedy once they are targeted
in the anarchic system of Internet,
including social media platforms.
Data intermediaries and data repositories
need to be made responsible for
ensuring data privacy of their customers,
stressed Duggal, also a Supreme
Court advocate.
"India can come up with dedicated
new legislation on data protection as
well as data privacy. The Supreme
Court has already expressed the hope
in the landmark judgment of Justice
K.S. Puttaswami vs Union of India
that the Government would take into
account the fundamental principles
concerning privacy which have been
laid down by the Supreme Court and
enshrine them in new provisions of
law," Duggal informed.
According to The New York Times,
in the last five years, more than 50
countries have passed laws to gain
greater control over how their people
use Internet.
"India is woefully under-prepared
to address issues of data protection
and cyber-security. We need a data
protection law that protects citizens
from misuse of data by the government
and companies with strict liability and
extremely high statutory damages that
must be awarded within a strict period
of time," noted Mishi Choudhary, President
and Legal Director of New Delhibased
Software Freedom Law Centre
(SFLC.in), a non-profit setup.
"In addition, we need a citizen's privacy
charter against surveillance. But
overall, we need simplicity in communications
in terms of use, law and not
an overload of legal jargon and overregulation,"
Choudhary told IANS.
According to Duggal, it appears that
governments at times do tend to get
intimidated by Internet giants.
What are the main obstacles or reasons that challenge your Information
Security operation’s contribution and value to the organization?
Management and governance issues
Lack of executive awareness or support
Lack of quality tools for managing information security
Lack of skilled resources
Budget constraints
Fragmentation of compliance/regulation
Other (please specify)
What do you consider to be the information security challenges of the IoT
for your organization?
Finding hidden or unknown zero-day vulnerabilities/ attacks
Identifying suspicious traffic over the network
Knowing all your assets
Ensuring that the implemented security controls are
meeting the requirements of today
Keeping the high number of IoT connected devices updated
with the latest version of code and security bug free
Tracking the access to data in your organization
Managing the growth in access points to your organization
Defining and monitoring the perimeters of your
businesses ecosystem
"However, every country provides a
fertile market for big Internet players
and, hence, the country can rely upon
its intrinsic strengths to regulate the
big ones. Just because an Internet player
is a big player, that does not mean
that the said player is not amenable to
regulation," Duggal emphasised.
With a nearly 1.3 billion population
-- and most of it now connected -- India
represents a huge market for web
players who can't afford to ignore its
potential.
"If big Internet players want to have
Don't know
Other (please specify)
42%
41%
41%
39%
37%
24%
6%
50%
44%
40%
40%
37%
28%
28%
23%
11%
5%
Source: E&Y Global Information Security Survey 2016-2017
access to the India market, they have to
comply with Indian regulations," Duggal
added.
With a growing chorus for digital
India and realising a billion dreams, a
new legal cyber framework should be
the first and foremost step by the government.
"The onus is now on the government. It
will be interesting to see what approaches
the government would want to adopt
in this case," the experts noted
Is India prepared to handle a new data
protection law? Only time will tell
26 CIO&LEADER | September 2017

SECURITY
State of Information
Security 2017
Presented here are the findings, divided into three
sections: IS maturity, incidents and outlook & opinion
of CISOs
By Shyamanuja Das
28 CIO&LEADER | September 2017

Security
OAlmost all senior information security professionals
think that the boards/CEOs in their
organization fully or partially understand the
risk arising out of information security threats.
While 51% feel that their CEOs/boarders are
fully aware of the risks, another 36% think they
adequately understand those risks, according to
the State of Information Security 2017 research,
designed and conducted by IT Next.
Almost all senior information security professionals
think that the boards/CEOs in their
organization fully or partially understand the
risk arising out of information security threats.
While 51% feel that their CEOs/boarders are
fully aware of the risks, another 36% think they
adequately understand those risks, according to
the State of Information Security 2017 research,
designed and conducted by IT Next.
Yet, as many as 31% of organizations do
not have designated heads of risk. If that number
sounds high, here is a factoid. Last year,
it was as much as 49%. There is considerable
improvement.
In another worrying finding, about 35%
respondents said their organizations do not
measure financial loss due to security incidents
at all. A further 35% revealed it is only measured
if the incident has a direct relation to revenue.
However, there is good news. There is more
and more business alignment. Two out of three
respondents said the security strategy should be
dependent on nature of business even as CISOs
finally start to see themselves as organizational
risk managers and business enablers rather
than ‘protectors’, ‘compliers’ to regulatory
requirements and tech implementers.
The State of Information Security 2017 survey
focused primarily on two aspects:
Organizational maturity in terms of appreciating
the risks arising out of information security
issues and how organizations are handling
that
how CISOs (or other senior security professionals)
perceive their roles and responsibilities
ahead
The research was an effort to understand the
business alignment of information security
within large and medium Indian organizations
and was not meant for getting into technologies,
solutions and tech-related practices of businesses.
There are industry standard global surveys.
The only overlap with those surveys could be a
couple of questions about actual security incidents
that happened in last 12 months and how
they perceive the probability in the next 12.
The research was conducted among the
participants of NEXTCSO Conference
organized by CSO Forum at Jaipur between
6th and 8th July 2017. While 40% of the participants
were CISOs, 6% were CIOs while further
6% were EVP/VP/Directors. From among
the organizations, as much as 56% were
large organizations, with more than 5000
employees.
September 2017 | CIO&LEADER
29

Security
Designation (Chart I)
Chief Information Security Officer
40%
Chief Information Officer
EVP/VP/Director
6%
6%
GM/AVP
11%
DGM/Sr. Manager
Other (Pl mention)
17%
19%
Total Respondents: 47
Organization Size (Chart II)
19%
12%
8%
Less than 500 people
Between 500-1000 people
Between 1000-5000 people
25% 25%
Between 5000-10000 people
Between 10000-50000
12%
More than 50000 people
The research was an effort to understand
the business alignment of
information security within large and
medium Indian organizations and
was not meant for getting into technologies,
solutions and tech-related
practices of businesses. There are
industry standard global surveys. The
only overlap with those surveys could
be a couple of questions about actual
security incidents that happened in
last 12 months and how they perceive
the probability in the next 12. (Chart I)
The research was conducted
among the participants of NEXTCSO
Conference organized by CSO Forum
at Jaipur between 6th and 8th July
2017. While 40% of the participants
were CISOs, 6% were CIOs while
further 6% were EVP/VP/Directors
(See Chart 1). From among the organizations,
as much as 56% were large
organizations, with more than 5000
employees. (Chart II)
Presented here are the findings, divided into three sections: IS Maturity, Incidents and Outlook & Opinion of CISOs.
30 CIO&LEADER | September 2017

Security
Information Security Maturity
Does your Board/CEO understand risks
arising out of information security?
13%
36%
Yes, fully
Yes, adequately
Somewhat
51%
Today, there is a far greater realization
about the risks arising out of information
security by the top leadership.
Is there a designated Head of Risk in your organization?
49%
2016 51%
Yes
No
39%
2017 61%
There’s an increase in organizations with a designated Head of Risk, but the
number of organizations who do not have the position is still significant.
One change
you will like
to see in your
organization’s
information
security
practice
“Awareness through training and learning”
September 2017 | CIO&LEADER
31

Security
Reporting
CIO
33.3%
CEO
Chief Risk Officer
COO/CFO
10.3%
10.3%
12.8%
A Business Unit Head
5.1%
Other (Pl mention)
28.2%
However, the top security professionals who report into CIOs outnumber those reporting to the
Head of Risk by 3:1. That means security is still seen as a technical issue by many. Except for
some sectors like banking and insurance—where regulators mandate that CISOs should not
report to CIOs.
One
change you will
like to see in your
organization’s
information
security
practice
“Behavior of users when handling IT assets”
Is the financial loss due to security incidents measured?
18%
25%
Always
Only when there’s a direct relation to revenue
25%
35%
Only when it is big
Never/Rarely
Probably, the most disturbing finding from the entire research—more than one-third respondents
said their organizations do not measure the financial loss due to security incidents. Less
than one out of five organizations do it all the while. Despite heavy investment in information
security, organizations still do not link breaches to business impact.
32 CIO&LEADER | September 2017

Security
One change
you will like
to see in your
organization’s
information
security
practice
“Security as an integral part of all
business decisions”
Security frameworks used
ISO - 27001 ISMS Requirements
ISO - 27002 Code of Practice for InfoSec Controls
ITIL (Information Technology Infrastructure Library)
PCI DSS
ISO - 22301 Business Continuity Management System
COBIT (Control Objectives for Information and Related
Technology)
BS-7799
ISO - 27005 Information Security Risk Management
ISO - 27035 Incident Management
EU Data Protection Act and Privacy Regulations
ISO - 27004 Information Security Metrics and Measurements
Health Insurance Portability and Accountability Act (HiPAA)
ISAE 3402 & SSAE 16
ISO - 20000 Standard for Service Management
ISO - 27014 Governance of Information Security
ISO - 27032 Guidelines for Cybersecurity
ISO - 38500 IT Governance
Gramm-Leach-Bliley Act (GLBA)
41%
28% 0%
26% 3%
21% 8%
21% 5%
18% 5%
15% 8%
15% 5%
13% 5%
13% 0%
13% 0%
13% 0%
10% 3%
8% 8%
8% 8%
3%
3%
3%
0%
0%
82%
5%
Frameworks currently used
Planned
ISO Frameworks have become the de-facto standards for security
across organizations.
One change
you will like
to see in your
organization’s
information
security
practice
“Better user awareness”
September 2017 | CIO&LEADER
33

Security
Incidents
What are the total number of incidents that took place in the
last 12 months?
23%
Less than 6
Between 7-12
Between 13-25
77%
More than 25
Not a single respondent admitted to having faced more than 12 incidents in the last 12 months.
More than three-fourths said they have witnessed six or less!
One change
you will like
to see in your
organization’s
information
security
practice
“Business demands information
security as a service”
What kind of incidents have you faced in the last 12 months?
Malware/virus
Targeted Attacks/Spear phishing
Ransomware attack on organizational IT
General Data Breaches
Distruption of IT services/DDoS
Website Hacking
Attacks on employee devices
Others
8%
8%
8%
8%
15%
15%
23%
44%
No surprise here, malware is still most common but targeted attacks are significant too.
34 CIO&LEADER | September 2017

Security
One change
you will like
to see in your
organization’s
information
security
practice
“Adherence to policies and procedures”
Which out of these do you see as most important security
challenges in the next 12 months?
Ransomware
APT
6%
14%
17%
17%
Cloud security
9%
10%
Mobile malware
6%
9%
Malware
8%
9%
Phishing
Data breaches
Social engineering
Shadow IT
Cybercrime
Spear phishing
DDoS
Website hacking
8%
6%
7%
15%
6%
4%
6%
5%
5% 2017
6%
5%
2016
4%
4%
9%
2%
3%
Share of Total Responses (2017) vs Share of Total Responses (2016)
Ransomware is the top of the mind threat for most. Organizations seem
to have been fairly successful in thwarting DDoS attacks.
One change
you will like
to see in your
organization’s
information
security
practice
“Adoption of international
security frameworks”
September 2017 | CIO&LEADER
35

Security
Outlook
Do you agree that IS strategies should be
dependent on nature of business?
21%
Completely
39%
Largely
14%
To some extent
Not much
25%
In what can be interpreted as a shift towards better business alignment, close to 4 in 10
respondents feel IS strategy is business-dependent while every two out of three respondents
say strategies should be completely or largely depend upon nature of business.
What is your most critical challenge?
Non-availability of skilled manpower
Creating/enforcing an organization-wide
security policy
Getting budget
10%
10%
15%
15%
20%
41%
Chasing shadow IT/unauthorized applications
Technology upgradation
5%
8%
15%
12%
2017
Managing vendors
Convincing top management about risk
potential of information security breaches
Conforming to regulatory compliance
3%
3%
5%
11%
9%
18%
2016
Share of Total Responses (2017) vs Share of Total Responses (2016)
While the CISOs seem to have convinced the organizations the value of having and enforcing a
security policy, now they face a tough challenge in getting manpower. Going forward, this could
be the big bottleneck.
36 CIO&LEADER | September 2017

Security
One change
you will like
to see in your
organization’s
information
security
practice
“Top management attention”
What out of the following activities will take most of your time in
the next 12 months?
Meeting compliance requirements
14%
14%
Creating security policies
12%
12%
Assisting in creating risk strategies for your
organization
9%
11%
Creating a MSSP strategy/selecting MSSP vendors
1%
10%
Learning newer technologies & solutions/Doing
certifications in new tech
7%
10%
Choose security solutions
7%
9%
Analyzing information
8%
8%
2017
Formulating risk strategies for your organization
7%
8%
2016
Learning about risk management/Doing
certification in new security standards.
4%
7%
Mobilizing top managers to understand the
importance of information security
5%
14%
Fighting shadow IT
5%
6%
Implementing already decided security solutions
4%
11%
Share of Total Responses (2017) vs Share of Total Responses (2016)
While meeting compliance requirements is not seen as a major challenge, CISOs say it will still
take a lot of their time. In short, something that calls for greater automation.
One change
you will like
to see in your
organization’s
information
security
practice
“Quick adaptability to changes
in risk landscape”
38 CIO&LEADER | September 2017

Security
Perceived CISO Role in next three years
As an organizational risk manager
18%
24%
As a business enabler
As the protector of organnizational
information and intellectual asset
9%
22%
20%
35%
As the prime custodian of governance &
compliance
13%
21%
As a creator of completitive advantage
3%
11%
2017
As a catalyst of change
10% 15%
2016
Share of Total Responses (2017) vs Share of Total Responses (2016)
From seeing themselves as protectors and compliance implementers just a year ago,
CISOs clearly see themselves as business managers today. Probably the single biggest
finding of this year’s research.
In relation to your role, which of these words do you most identify with?
Compliance
59%
Protection
59%
Goverance
54%
Threat
54%
Enablement
44%
Safety
44%
Defence
31%
Risk
31%
Catalyst
26%
Prevention
26%
Vulnerability
18%
While the previous question indicates that CISOs want to be seen as business managers, they
have to travel a long distance. Even today, the words they associate most with are compliance
and protection.
One change
you will like
to see in your
organization’s
information
security
practice
“Seeing early, acting early”
40 CIO&LEADER | September 2017