C&L_December 2017 (1)

Insight: 

Wither 

Supercomputing? Pg 20 

Opinion 

How Platform Business Models 

Are Transforming... Pg 36 

Feature 

How Innovation Works 

and How To Lead It Pg 38 

Volume 06 

Issue 09 

December 2017 

150 

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF 

GDPR: The 

Countdown to 

New Regime 

With less than six months to go before the most 

comprehensive personal data protection regime 

kicks in, Indian companies rush to comply with the 

new provisions. Looks like the IT/ITES and BFSI 

segments are way ahead pg. 8 

A 9.9 Media Publication

December 2017 | CIO&LEADER 

1 

EDITORIAL 

Shyamanuja Das 

shyamanuja.das@9dot9.in 

The GDPR 

Opportunity 

I 

I am in all my senses when I call GDPR an opportunity, 

notwithstanding how ‘stringent’ and ‘suffocating’ it 

looks today! 

Two trends worldwide are making privacy a big concern—one, 

the rise of neo-authoritarian regimes globally 

who are using democratic means to rise to power and 

two, the increasing entry of technology (and of course, 

companies behind them) to our personal space. I will not 

be surprised if privacy becomes the biggest political issue 

in many democratic countries in the next few years! 

As the concerns rise, anything with the potential of 

breaking into individual privacy will be seen with suspicion. 

Many businesses which have no intention other 

than to sell their products and services will be under 

scrutiny, impacting their business. 

It is better to be over-prepared. 

GDPR—and the privacy legislations being enacted 

around the world, including in India—give the companies 

an excellent opportunity to put transparent processes 

in place. 

Two trends worldwide 

are making privacy a 

big concern—one, the 

rise of neo-authoritarian 

regimes globally who are 

using democratic means 

to rise to power and two, 

the increasing entry of 

technology (and of course, 

companies behind them) to 

our personal space 

Complying with 

stringent international 

regulations are not new to 

Indian companies. Being 

a hub of services—home 

to many global IT, BPO 

companies and location 

for back-offices of many 

large corporations in the 

world—Indians have been 

used to comply with many 

sector-specific as well as 

horizontal regulations. It 

is not surprising that in 

GDPR compliance too, IT/ITES and BFSI companies 

are a couple of steps ahead as compared to others. 

CISOs and CIOs—the ultimate drivers of most compliance 

journeys—have challenging times ahead. 

While GDPR will be relevant for only companies 

that have something to do with EU citizens data, 

India is enacting its own regulation. A committee 

appointed by the Government and headed by a former 

Supreme Court judge has come up with a comprehensive 

discussion paper on the issues at hand. In 

this issue, we present you a set of what we think are 

the most relevant questions for you—in just 5-6 pages. 

The document is 233-pages long. 

The pace at which the committee is working, I will 

not be surprised if, by next year this time, we would 

be discussing the implementation plans for Indian 

personal data security legislation. 

Yes, one of the new requirements may be the 

appointment of a chief data protection officer. And 

there may even be provisions that the person should 

be exclusively devoted to that. 

Security professionals will be the first choice. But do 

we have that kind of talent available? That is another 

big discussion that we must have. 

Hope the year 2017 has been great for you. And 

wishing you a happy new year 2018

Insight: 

Opinion 

Feature Volume 06 

Wither How Platform Business Models How Innovation Works Issue 09 

December 2017 

Supercomputing? Pg 20 Are Transforming... Pg 36 and How To Lead It Pg 38 

150 

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF 

A 9.9 Media Publication 


comprehensive personal data protection regime 

kicks in, Indian companies rush to comply with the 

new provisions. Looks like the IT/ITES and BFSI 

segments are way ahead pg. 8 

CONTENT 

DECEMBER 2017 

COVER STORY 

08-18| GDPR: The 

Countdown to New Regime 

With less than six months to go before the most comprehensive 

personal data protection regime kicks in, Indian companies rush to 

comply with the new provisions. Looks like the IT/ITES and BFSI 

segments are way ahead 

GDPR: The 

Countdown to 

New Regime 

Cover Design by: 

Shokeen Saifi 

advertisers ’ index 

Seagate 

FC 

Vodafone BC 

Please Recycle 

This Magazine 

And Remove 

Inserts Before 

Recycling 

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from 

Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine 

Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at 

Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 2013011 

This index is provided as an 

additional service.The publisher 

does not assume any liabilities 

for errors or omissions. 

2 CIO&LEADER | December 2017

INTERVIEW 

04-06 

"Hybrid cloud serves as an 

ideal foundation to build a 

digital enterprise" 

INSIGHT 

22-23 

Is It Time To Look 

Beyond Attended 

Payment Solutions? 

24-25 

CFO and CIOs: The 

Old Tiff Continues; 

CEOs Agree 

28-29 

5 Key Data 

Predictions For 

2018 

30-31 

2018 Top 10 BI/ 

Analytics Trends 

32-33 

Digital Business Is 

Making CIOs And Their 

IT Organizations More 

Change-Ready 

OPINION 

34-37 

Robot Revolution: Which 

Sector Will Be The First To 

Go 100% Robot? 

www.cioandleader.com 

MANAGEMENT 

Managing Director: Dr Pramath Raj Sinha 

Printer & Publisher: Vikas Gupta 

EDITORIAL 

Managing Editor: Shyamanuja Das 

Associate Editor: Shubhra Rishi 

Content Executive-Enterprise Technology: 

Dipanjan Mitra 

DESIGN 

Sr Art Director: Anil VK 

Art Director: Shokeen Saifi 

Visualisers: NV Baiju & Manoj Kumar VP 

Lead UI/UX Designer: Shri Hari Tiwari 

Sr Designers: Charu Dwivedi, Haridas Balan & Peterson PJ 

SALES & MARKETING 

Director-Community Engagement 

for Enterprise Technology Business: 

Sachin Mhashilkar (+91 99203 48755) 

Brand Head: Vandana Chauhan (+91 99589 84581) 

Assistant Product Manager-Digital: Manan Mushtaq 

Community Manager-B2B Tech: Megha Bhardwaj 

Community Manager-B2B Tech: Renuka Deopa 

Associate-Enterprise Technology: Abhishek Jain 

Assistant Brand Manager-B2B Tech: Mallika Khosla 

Regional Sales Managers 

South: Ashish Kumar (+91 97407 61921) 

North: Deepak Sharma (+91 98117 91110) 

West: Prashant Amin (+91 98205 75282) 

Ad Co-ordination/Scheduling: Kishan Singh 

PRODUCTION & LOGISTICS 

Manager Operations: Rakesh Upadhyay 

Asst. Manager - Logistics: Vijay Menon 

Executive Logistics: Nilesh Shiravadekar 

Logistics: MP Singh & Mohd. Ansari 

OFFICE ADDRESS 

Nine Dot Nine Mediaworx Pvt Ltd 

121, Patparganj, Mayur Vihar, Phase - I 

Near Mandir Masjid, Delhi-110091 

Published, Printed and Owned by Nine Dot Nine Mediaworx 

Private Ltd. Published and printed on their behalf by 

Vikas Gupta. Published at 121, Patparganj, 

Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091, 

India. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, 

NOIDA (U.P.) 201301. 

Editor: Vikas Gupta 


3

INTERVIEW 

"Hybrid cloud serves 

as an ideal foundation 

to build a digital 

enterprise" 

From cost containment to hybrid strategies, CIOs are 

getting more creative in taking advantage of the cloud’s 

economies of scale 

I 

It is clearly a great time to be a datacenter player 

in APAC. There's a surge in local data consumption, 

customers are more inclined towards outsourcing 

datacenter services and government 

regulations are being seen as drivers of Asia 

Pacific’s datacenter services market growth. Can 

you describe which one of these reasons has been 

a guiding force for you to build more datacenters 

in India? Is the company planning to come up 

with more datacenters? 

A datacenter helps keep up with the real-time 

demands of an innovative company. It is also 

an important building block in the digital journey 

of an enterprise. Digital transformation and 

innovation are today, extremely important in 

winning, serving, and retaining customers. To 

meet the growing demand from global cloud, 

social media and telecom VAS companies, we 

are specifically planning to double our existing 

datacenter capacity next year. To this end, we 

are already coming up with two new large 

datacenters in Mumbai and Bangalore by 

April 2018. 

Netmagic currently has nine datacenters. 

The latest and fifth datacenter in Mumbai 

is the biggest facility in India and is spread 

over 3,00,000 square feet. With the two new 

datacenters, this will expand our overall pan 

India capacity to 13,00,000 square feet. 

With great opportunity also comes 

competition. However, in your 

case, bigger players such as Microsoft, 

IBM and Amazon, do not have a single 

physical building in India. How you are 

uniquely positioned to make the most 

of this opportunity? 

A customer looks for end-to-end managed 

services. The fact that we have a physical presence 

is an enabler in this direction. It also reflects in the 

fact that we are datacenter partners to most of the 

cloud service providers. We are uniquely 

positioned as we offer multi-cloud orchestration 

portal to deploy and manage multiple cloud 

platforms. Second aspect that makes us unique 

is the range of services that we can offer right 


Nitin Mishra, Netmagic Interview 

“IT heads should 

also invest in skills 

for cloud such as 

how to configure and 

manage hypervisors 

and hire people who 

have experience in 

procuring cloud" 

–Nitin Mishra, 

Senior Vice President & Chief 

Product Officer, Netmagic (an NTT 

Communications Company) 

from co-location dedicated hosting 

services, Cloud to Infrastructure 

management and security unlike the 

other players who only have cloud or 

some of hosting. 

It seems as though 

enterprise IT managers 

have become a lot more 

comfortable with the idea of 

the hybrid and public cloud. 

Are CIOs/customers leaning 

towards the hybrid cloud 

adoption as the hype 

suggests? 

Definitely. From cost containment to 

hybrid strategies, CIOs are getting 

more creative in taking advantage of 

the latest offerings and the cloud’s 

economies of scale. This is being fuelled 

by the need for enterprises to scale their 

resources to serve their customers better. 

The adoption of hybrid cloud has 

multiple benefits and serves as an ideal 

foundation to build a digital enterprise. 

It provides interoperability and helps 

a company’s systems become far more 

compatible with other systems. 

One of the key benefits of a hybrid 

cloud is provisioning at a lower cost 

and high speed (as and when required 

functionality of the public cloud 

component). A properly configured 

hybrid cloud solution changes the 

conversation between IT and the 

business as it shortens timeframes and 

expands possibilities. Hybrid cloud 

helps companies get a combination of 

the private and the public model and 

enables them to innovate and iterate 

faster at a lower cost. 

How according to you will 

the hybrid cloud markets 

evolve in the next few years? 

While companies will take some time 

to shift their critical workload to the 

hybrid cloud environment, future 

trends clearly indicate a preference 

for hybrid cloud computing. Gartner 

predicts that almost 50% of the larger 

organizations will have embraced 

hybrid cloud models by the end of 

2017. Another survey indicates that 

IT and business executives about the 

importance of digital transformation, 

its goals, and how to achieve them, and 

found that hybrid cloud computing, 

including two or more of a datacenter, 

a public cloud, a private cloud and a 

managed private cloud, is the future 

of enterprise IT. While 83% use or 

will use hybrid cloud environments, 

88% believe hybrid capabilities are 

important or critical to enabling 

digital business transformation. 

Cloud-dependent technologies, such 

as Internet of Things (IoT), real-time 

analytics, and collaboration, will 


5

Interview 

Nitin Mishra, Netmagic 

continue to evolve the end-customer 

relationship, which in turn will 

require public cloud solutions to meet 

scale and time-to-market-challenges. 

The stakes are high, as those who 

figure it out first will gain a significant 

advantage in agility, efficiency, and 

elasticity unshared by their market 

rivals. Now is the time to start plotting 

the path to the future and to move up 

the cloud learning curve. 

IT heads should also invest in skills 

for cloud computing such as how to 

configure and manage hypervisors 

and hire people who have experience 

in procuring cloud. One challenge 

CIOs face is that different cloud 

computing companies have different 

parameters and models for pricing 

cloud resources, so it makes sense 

to have technically savvy people 

in the infrastructure procurement 

or purchase department who can 

understand the complexities involved. 

“Migration to SAP 

HANA from older SAP 

ERP deployments could 

also fuel a massive 

demand for our hybrid 

cloud offering of 

SimpliVPC and public 

cloud, Simplicloud.” 

–Nitin Mishra, 

Senior Vice President & Chief Product Officer, Netmagic 

Flipkart is one of your 

largest customers in the 

space. Tell us about some of 

your other customers. 

Netmagic has over 2000 customers 

globally. We work with a singleminded 

focus on enabling and 

providing services that address the 

mission-critical IT needs. Growth 

usually comes with its own set of 

challenges: the problems of scale and 

unplanned surges. As its existing 

IT ecosystem lacked the agility and 

reliability to respond to growth, 

The Hindu turned to Netmagic’s 

SimpliCloud to future-proof itself 

while chartering new heights. For 

another customer, CIBIL, Netmagic 

constantly coordinated and enabled 

the auto shift of primary to DR for 

the organization. It also provided 

web application firewalls and DDoS 

services to boost CIBIL’s security 

posture. Consul India hosted India’s 

First SAP HANA Implementation on 

Netmagic's Data Center. 

Is there a reason why you 

have consciously stayed 

away from the government 

vertical? 

Earlier we had lesser focus on 

Government but that has changed now 

and we are actively participating and 

also getting success in this vertical. 

We are empanelled with MEITY for 

cloud offering and also with CERT-IN 

for security. We are participating in 

smart cities projects and have some 

early wins like Thane. We are part of 

the ecosystem of System integration 

and application vendor partners to bid 

jointly in large government contract. 

Tell us about your 

future plans. 

Migration to SAP HANA from older 

SAP ERP deployments could also 

fuel a massive demand for our hybrid 

cloud offering of SimpliVPC and 

public cloud, Simplicloud. Currently 

almost all the older SAP deployments 

are done within enterprise 

datacenters. In the next two years, 

around 3,000 enterprises will move 

to SAP HANA and many of them will 

opt for co-location services. 

We see a big opportunity in security 

and that business is growing fastest 

though on lower base. We have a 

comprehensive suite of services 

backed up by 24*7 operation SOC 

(Security Operations Center). We 

are expanding our capabilities and 

services and have got goo wins in large 

SOC requirements. 

Netmagic is expanding its service 

portfolio with a range of cloud 

offerings to position itself as a onestop 

cloud solution provider. Noticing 

a long period of transition where 

customers want hybrid IT solutions 

having a combination of bare metalbased 

DCs, hosted private clouds, 

and multiple public clouds; Netmagic 

is positioning itself as a Multi-cloud 

provider 


ns'k dk lcls yksdfiz; vkSj fo‚luh; VsDuksykWth osclkbV 

fMftV vc fganh esa miyC/k gSaA u;h fganh osclkbV vkidks 

VsDuksykWth ls tqMs+ gj NksVh cM+h ?kVukvks ls voxr j[ksxhA lkFk 

esa u, fganh osclkbV ij vkidks fMftV VsLV ySc ls foLr`r xStsV 

fjO;q ls ysdj Vsd lq>ko feysaxsA fMftV tYn gh vkSj Hkh vU; 

Hkkjrh; Hkk"kkvks esa miyC/k gksxkA 

www.digit.in/hi 

www.facebook.com/digithindi

GDPR: The 

Countdown to 

New Regime 


comprehensive personal data protection regime kicks 

in, Indian companies rush to comply with the new 

provisions. Looks like the IT/ITES and BFSI segments 

are way ahead 

By Shubhra Rishi

Transparency can never be a bad thing. In fact, it is perhaps the only absolute that 

organizations should be able to ensure their customers with certainty. 

Unfortunately, that’s not always the case. 

Blame it on the massive data growth today. In 2011 when IDC predicted that the 

data use was expected to grow by as much as 44 times, it may have surprised some 

of us. in a recent IDC Data Age 2025 whitepaper titled 'The Evolution of Data to 

Life-Critical' it forecasted that the data use is expected to grow to 163 zettabytes 

(approximately a trillion gigabytes), it only made businesses think about the unique 

user experiences and a new world of business opportunities that it will unlock. 

A lot has changed since 2011 to change the attitude towards how companies want 

to use the massive consumer data being generated from a multitude of sources such 

as social media, internet of things, mobile and real-time data. 

This user-generated information is the truth of our data-driven worlds. There’s 

a significant gap between the amount of data being produced today that requires 

security and the amount of data that is actually being secured –and this gap will 

widen. According to IDC’s recent whitepaper, by 2025, almost 90% of all data created 

in the global datasphere will require some level of security, but less than half 

will be secured – and that is highly disconcerting. 

Statistics reveal that some of the worst security breaches (amounting to 20) have 

taken place in the last 5 years; thus pushing the governments to act. 

The General Data Protection Regulation (GDPR) is a result of one such implication 

imposed by the European Union (EU) for organizations across the globe. The 

EU’s GDPR puts the onus of specific privacy requirements in the hands of the entities 

collecting, storing, analyzing, and managing personally identifiable information. 

Firms subject to the GDPR will have to demonstrate their compliance with the 

requirements by May 25, 2018. 

December 2017 | CIO&LEADER 9

Cover Story 

“In India, however, 7 out 10 BFSI 

organizations (handling EU customer 

data/business) we reached out to did 

not want to comment on their GDPR 

preparedness” 

The ABC of GDPR 

The General Data Protection Regulation 

(GDPR) is a law or a regulation, which 

was adopted by the European Commission 

on 27 April 2016. The GDPR 

applies to any organization, regardless 

of geographic location, which controls 

or processes the data of an EU resident 

in a proscribed way. It dictates to what 

extent personal data may be collected, 

the need for explicit consent to gather 

such data, requirements to disclose 

breaches of data and stronger powers 

to substantially fine organizations that 

fail to protect the data for which they are 

responsible. 

Applicability: Applies to entities — 

including third parties that are (i) established 

in the EU, (ii) providing goods 

or services to EU residents or (iii) are 

monitoring the behavior of individuals in 

the EU 

Building: Privacy-by-design principles 

must be incorporated into the development 

of new processes and technologies 

Empowering Consumers: Organizations 

Source: EY’s cyber and privacy insights document 

will have to facilitate customers’ and 

employees’ right to erasure (of data), 

right to portability, and an increased right 

of access. 

Fines: Up to EUR20 million or 4% of 

the organization’s total global revenue, 

whichever is greater; also provides individuals 

new rights to bring class actions 

against data controllers or processors, 

if represented by not-for profit organizations, 

which heightens litigation risk 

Reporting: Organizations will have only 

72 hours to report data breaches 

Employing People: Most organizations 

will need to designate a Data Protection 

Officer and a Data Controller 

Storage: Organizations will have to 

maintain records of processing activities 

Security: Organizations will need to 

scale security measures based on privacy 

risks. 

Permissions: Explicit and affirmative 

consent will be required before processing 

personal data. 

For long, the fleeting mention of 

GDPR in India came up only at the time 

of reporting a security breach. Until in 

2016, Indian regulators namely The 

Reserve Bank of India and Securities 

and Exchange Board of India (SEBI) 

issued frameworks to strengthen cyber 

security in the BFSI sector. 

“Banks, as owners of such data, 

should take appropriate steps in preserving 

the Confidentiality, Integrity 

and Availability of the same, irrespective 

of whether the data is stored/in 

transit within themselves or with customers 

or with the third party vendors; 

the confidentiality of such custodial 

information should not be compromised 

at any situation and to this end, 

suitable systems and processes across 

the data/information lifecycle need to 

be put in place by banks,” RBI explicitly 

highlighted in the framework under 

section subtitled ‘Ensuring Protection 

of customer information’. 

In September 2016, SEBI also asked 

commodity derivatives exchanges to 

put in place a framework to safeguard 

systems, networks and databases from 

cyber attacks. It also announced the 

appointment of a new Chief Security 

Officer who will be responsible for 

strengthening SEBI's regulatory policy 

framework in the area of cyber security. 

Going a step further in April 2017, the 

Insurance Regulatory and Development 

Authority of India (IRDAI) tightened 

the noose on CEOs and CMDs 

of all insurance firms, giving them a 

period of about a year to ensure that 

adequate mechanisms are put in place 

to address the issues related to information 

and cyber security. 

The icing on the cake this year was 

the Supreme Court's landmark verdict 

on the right to privacy. Additionally, 

India is now moving towards legislation 

on data protection. The central 

government had set up an expert committee 

to study the different issues 

relating to data protection in India and 

make specific suggestions on principles 

underlying a data protection bill. 


Cover Story 

These frameworks may not significantly impact GDPR preparedness 

of companies in India. However, they will certainly 

keep up their customer data and security vigil. 

According to Parag Deodhar, Information Security Leader 

at a reputed financial services firm, headquartered in EU 

with subsidiaries spread across the globe, “We have been 

running a global project for GDPR compliance across the 

company and are tracking actions across subsidiaries and 

shared services.” 

The global financial services firm has shared services centres 

outside EU where data for EU is processed, and therefore, 

has to comply with GDPR. 

“We are implementing a data privacy and protection framework 

with global standards such as ISO / NIST etc. Our 

framework has been reviewed by reputed audit firms as well 

as regulators. We have incorporated their recommendations 

in our framework as well,” said Deodhar. 

In India, however, 7 out 10 BFSI organizations (handling 

EU customer data/business) we reached out to did not want 

to comment on their GDPR preparedness. 

However, all of them had heard of the regulation and its 

impact of their business, unlike a quarter (25%) of the 700 

European companies surveyed by IDC Research on behalf 

of ESET, admitted they were not aware of GDPR and more 

than half (52%) of them were unsure of the impact on their 

organizations. 

Research firm Gartner, in a statement issued in November 

2017, believes that less than 50% of all organizations impacted 

will fully comply by that date. 

The IT/ITes sector is the biggest contributor to India’s 

economy – with 66.1% contribution of services sector to GDP, 

“We have taken 

structured approach 

and Framework is 

in place to address 

GDPR needs.” 

Harshad Mengle 

Director – Cyber Security 

Capgemini Sogeti India 

“We supply 90% of our 

Metformin to European 

countries. We have 

employees as well as 

contractors across 

EU –and our Chief 

Compliance Officer 

in cooperation with IT 

security as well as the 

board – is creating a 

Standard Operating 

Procedure (SOP) to 

ensure how it is going 

to impact our business.” 

Jitendra Mishra 

VP– CIO, Wanbury 

the information technology – business process management 

(IT-BPM) sector serves as a major market for IT software 

and services exports are the U.S. and the U.K. and Europe, 

accounting for about 90% of total IT/ITeS exports. Given the 

criticality of IT–BMP services, “India must do all it can to 

protect and promote business in this sector. To a large extent, 

future of business will depend on how well India responds 

to the changing regulatory changes unfolding globally. India 

will have to assess her preparedness and make convincing 

changes to retain the status as a dependable processing des- 


11

Cover Story 

tination,” - according to a white paper titled GDPR and India, 

written by Aditi Chaturvedi for The Centre for Internet and 

Society. 

Capgemini Sogeti India, a fully-owned subsidiary of the 

Capgemini Group, with total revenues of EURO 6,412 million 

this year, is a well-known French IT Services and Consulting 

Organization and has customer across Europe and USA. 

According to Harshad Mengle, Director – Cyber Security at 

Capgemini Sogeti, we have taken a structured approach and 

the framework is in place to address GDPR needs.” 

“It is important to disclose how we are going to protect our 

customer’s data, and this in turn, will give more confidence 

to our EU customers. Some of the challenges include how we 

will alter our entire ecosystem in order to incorporate data 

management protection as per GDPR guidelines, how the 

“We have been running 

a global project for 

GDPR compliance 

across the company 

and are tracking actions 

across subsidiaries and 

shared services. Being 

an EU headquartered 

company, we need to 

comply with all the 

requirements of GDPR.” 

Parag Deodhar 

Information Security Leader at a 

reputed financial services firm 

workflow systems need to be changed, and how IT and monitoring 

systems need to be aligned with privacy data in order 

to be compliant,” said Mengle. 

“A good compliance- to- privacy framework will help 

C-suite build strong technological and process control framework 

which can be also easily integrated with security operation 

management for privacy breaches,” he added. 

The IT Services player has already employed a data controller, 

data processor, and a data protection officer who will take 

up responsibility of ensuring compliance. 

Evalueserve Inc, a knowledge services provider, with estimated 

annual revenues of more than USD 250 million offers 

research, analytics, and data management services to Fortune 

500 companies in the United States and internationally. The 

company has both clients and employees working from EU 

and their personally identifiable data will come under the 

purview of GDPR. 

According to Evalueserve’s Chief Information Officer and 

Chief Information Security Officer, Sachin Jain, we comply 

with UK/EU data protection act for some of our clients – so it 

is not going to be a difficult change for us. 

“However, the team involved has started working on it proactively 

to be ready to show compliance to GDPR well ahead 

of the deadline,” he added. 

The GDPR also levies steep penalties of up to EUR 20 million 

or 4 % of global annual turnover, whichever is higher, for 

non-compliance. The language in the guideline uses the word 

“reasonable” to indicate the level of data protection and privacy 

that companies should observe towards EU citizens. 

Immediate next steps to tackle GDPR 

1. Demanding new privacy rights and obligations Educate key 

stakeholders, including the board of directors Risk-assess 

(including legal applicability) whether the GDPR applies to 

your organization 

2. Establish cross-function and cross-business governance 

structure for assessment of the GDPR’s applicability to 

business operations, evaluation of readiness and management 

of your overall GDPR remediation efforts 

3. Conduct a privacy impact assessment, with a strong focus 

on high-risk data flows of business processes 

4. Conduct a GDPR gap assessment, with a particular focus 

on governance, policies, technology, external dependencies 

(e.g., vendors), existing data flows ("high-risk") and 

processing operations 

5. Design and execute a prioritized implementation plan to 

address gaps based upon risk tolerance, risk priority, 

resourcing and investment 

Source: EY report titled ‘GDPR: demanding new privacy rights and obligations’ 


Cover Story 

“We comply with UK/ 

EU data protection 

act for some of our 

clients so it is not 

going to be a difficult 

change for us. However, 

the team involved 

started working on it 

proactively to be ready 

to show compliance to 

GDPR well ahead of the 

deadline.” 

Sachin Jain 

CIO & CISO at Evalueserve 

Jain said that they take “reasonable” as the baseline protection 

layer or controls one has to deploy to ensure privacy and 

safety of data. 

The concern is natural as the IT/ITes sector in India has 

reported the largest increase in data breaches in 2016. The 

healthcare industry, comes a close second, accounting for 

28% of data breaches, rising 11% last year compared to 2015. 

This calls for stringent measures to protect healthcare 

records of patients in India. The section 43(a) and section 

72 of the IT Act mandates organizations to take reasonable 

provisions to protect sensitive information and provides a 

broad framework for the collection, storage and protection of 

personal information in India – including health conditions, 

medical records and biometric records. 

Other jurisdictions have already enacted sector-specific 

laws to protect medical information. The Health Insurance 

Portability and Accountability Act (HIPAA) is the primary 

law that establishes the US legal framework for health information 

privacy and gives patients substantial control over 

their information. 

At Alembic Pharmaceuticals, the company has tied with a 

leading consulting provider to identify areas where it needs 

to make process and data changes which would be in alignment 

with GDPR regulations. 

According to Gopal Rangaraj, its CIO & Head-IT, GDPR is 

an organic extension and is not a completely new framework. 

In healthcare, end-patient data safety was always a mandate. 

Therefore, we capture patient information including demographic 

data, and how we handle customer complaints handling 

process in the context of GDPR will be interesting. 

Alembic Pharmaceuticals Ltd. is an INR 31.31 billion Indian 

multinational pharmaceutical company headquartered in 

Gujarat, India. Alembic Pharmaceuticals Europe Limited, 

however, is the 100 % subsidiary of the Alembic Global Holding 

SA, and is located in Malta, Europe. 

Rangaraj said that their Indian business does not handle 

any EU datasets – but didn't fail to add that adhering to the 

guidelines and making them more bulletproof is how they 

see the whole thing. 

At Wanbury, Jitendra Mishra, its VP-IT and CIO said that 

the GDPR is an extension of an earlier law 1995 data protection 

directive. The pharma major is the largest manufacturer 

of Metformin in the world and exports to over 50 countries – 

65% of which comprises of regulated markets. 

“We supply 90% of our Metformin to European countries. 

We have employees as well as contractors across EU –and 

our chief compliance officer in cooperation with IT security 

as well as the board – is creating a Standard Operating Procedure 

(SOP) to ensure how the GDPR is going to impact our 

business, how we secure personal information of our customers, 

and how to map all these scenarios to mitigate risks by 

enforcing policies, technology and creating awareness in the 

organization.” 

Across verticals, businesses in India give an impression 

that they are in tune with the implications of GDPR. To an 

extent, they see their data privacy law offering assistance 

when it comes to tackling GDPR requirements as to how 

it will help in demonstrating that India is on par with the 

EU in terms of data protection law. However, almost everyone 

agrees that it needs careful revision to incorporate few 

amendments to align with strong protection regulation. 

Additionally, they believe that it will also ensure all companies 

in India have reasonable practices in place. This will give 

confidence to EU companies with subsidiaries in India or 

outsourcing work to India. 

It looks like the data privacy law has come at the right time 

when some Indian businesses are gearing up for biggest ever 

overhaul of data protection regulation 


13

Cover Story+ 

Towards an Indian Data 

Protection Regime 

Extracts from the issues raised for discussion by the expert 

committee appointed to create a draft data protection bill for India 

By CIO&Leader 

On 24 August 2017, in a historic judgment, a ninejudge 

bench of the Supreme Court ruled that 

right to privacy is a fundamental right, while 

hearing a case on the legality of Aadhaar. 

“We are in an information age. With the growth and 

development of technology, more information is now 

easily available. The information explosion has manifold 

advantages but also some disadvantages. The access to 

information, which an individual may not want to give, 

needs the protection of privacy. The right to privacy is 

claimed qua the State and non-State actors. Recognition 

and enforcement of claims qua non-state actors may 

require legislative intervention by the State,” Justice Sanjay 

Kishan Kaul, one of the judges, said in his judgment. 

“There is an unprecedented need for regulation 

regarding the extent to which such information can be 

stored, processed and used by non-State actors. There is 

also a need for protection of such information from the 

State,” he noted. 

“We commend to the Union Government the need 

to examine and put into place a robust regime for data 

protection. The creation of such a regime requires a careful 

and sensitive balance between individual interests and 

legitimate concerns of the state,” noted Justice DY Chandrachud’s 

judgment, delivered on behalf of four judges 

including then then CJI Jagdish Singh Khehar. 

Towards a Data 

Protection Regime 

By that time, the government had already appointed a 

committee to look into the issues regarding enacting such 

a legislation, under the chairmanship of Justice B N Srikrishna, 

former Judge of the Supreme Court. Their brief 

was to identify key data protection issues and recommend 

methods for addressing them and ultimately come out 

with a draft data protection bill. The other members of the 

committee are Ajay Bhushan, CEO, Unique Identification 

Authority of India; Ajay Kumar, Additional Secretary, 

MeitY; Arghya Sengupta, Research Director, Vidhi Center 

for Legal Policy; Aruna Sundararajan, Secretary, Department 

of Telecom; Gulshan Rai, National Cyber Security 

Coordinator; Rajat Moona, Director, lIT, Raipur; Rama 

Vedashree, CEO, Data Security Council of India; and 

Rishikesha T Krishnan, Director, IIM, Indore. 

Four months after it was formed, on 27 November, the 

committee released a detailed whitepaper outlining all the 

issues that they found to be relevant, seeking responses 

from the public on these questions. 

The document goes into various issues, discusses how 

other such legislation such as EU’s GDPR have handled 

it and has listed its views on those issues while raising 

explicit questions. The last date for submission for the 

responses is 31 December, unless it is extended. 


Cover Story+ 

When enacted, it is the businesses—data 

controllers and data processors as they are 

called—will have to comply with them. And it is a 

no-brainer that it is the CISOs and CIOs who will 

have a major role to play in that compliance; in 

most companies, they will lead the roll out 

The whitepaper starts by noting that a data protection 

framework in India must be based on the following seven 

principles: 

1. Technology agnosticism - The law must be technology 

agnostic. It must be flexible to take into account 

changing technologies and standards of compliance. 

2. Holistic application - The law must apply to both 

private sector entities and government. Differential 

obligations may be carved out in the law for certain 

legitimate state aims. 

3. Informed consent - Consent is an expression of 

human autonomy. For such expression to be genuine, 

it must be informed and meaningful. The law must 

ensure that consent meets the aforementioned criteria. 

4. Data minimization - Data that is processed ought to 

be minimal and necessary for the purposes for which 

such data is sought and other compatible purposes 

beneficial for the data subject. 

5. Controller accountability - The data controller shall 

be held accountable for any processing of data, whether 

by itself or entities with which it may have shared the 

data for processing. 

6. Structured enforcement - Enforcement of the data 

protection framework must be by a high-powered 

statutory authority with sufficient capacity. This must 

coexist with appropriately decentralised enforcement 

mechanisms. 

7. Deterrent penalties - Penalties on wrongful processing 

must be adequate to ensure deterrence. 

When enacted, it is the businesses—data controllers 

and data processors as they are called—will have to comply 

with them. And it is a no-brainer that it is the CISOs 

and CIOs who will have a major role to play in that compliance; 

in most companies, they will lead the roll out. 

For their benefit, we have gone into the 

233-page document and have extracted the most relevant 

questions that have a direct bearing on compliance, 

though it is recommended that they read the entire document, 

which is available at http://www.cioandleader.com/ 

dataprotectionwp 

We have selected only close-ended questions, that are 

most relevant. Questions about nuanced of legal approach 

too are avoided. To help you directly go to questions 

that interest you and the corresponding discussion that 

precedes them, we have provided the chapter no, chapter 

name, question number and the page number along with 

each question. 

Here are the selected questions. 


15

Cover Story+ 

Whitepaper on Data Protection Framework in 

India: Relevant Questions for CISO 

Should the law be applicable to government/public and 

private entities processing data equally? If not, should 

there be a separate law to regulate government/public 

entities collecting data? Alternatives: 

a. Have a common law imposing obligations on Government 

and private bodies as is the case in most jurisdictions. 

Legitimate interests of the State can be protected 

through relevant exemptions and other provisions. 

b. Have different laws defining obligations on the government 

and the private sector. 

[Part II/Ch. 2 (Other Issues of Scope)/Q3/Pg. 33] 

What kind of data or information qualifies as personal 

data? Should it include any kind of information including 

facts, opinions or assessments irrespective of their 

accuracy? 

[Part II/Ch. 3 (What is personal data)/Q3/Pg. 40] 

Should the definition of personal data focus on identifiability 

of an individual? If yes, should it be limited to an 

‘identified’, ‘identifiable’ or ‘reasonably identifiable’ individual? 


Should anonymised or pseudonymised data be outside 

the purview of personal data? Should the law recommend 

either anonymisation or psuedonymisation, for instance 

as the EU GDPR does? 


Should the law define a set of information as sensitive 

data? If yes, what category of data should be included in it? 

Eg. Financial Information / Health Information / Caste / 

Religion / Sexual Orientation. Should any other category 

be included? 

[Part II/Ch. 4 (Sensitive personal data)/Q2/Pg. 43] 

Should the law only define ‘data controller’ or should it 

additionally define ‘data processor’? Alternatives 

a. Do not use the concept of data controller/processor; all 

entities falling within the ambit of the law are equally 

accountable. 

b Use the concept of ‘data controller’ (entity that determines 

the purpose of collection of information) and 

attribute primary responsibility for privacy to it. 

c. Use the two concepts of ‘data controller’ and ‘data processor’ 

(entity that receives information) to distribute 

primary and secondary responsibility for privacy. 

[Part II/Ch.6 (Entities to be defined in the law: data controllers and 

processors)/Q2/Pg. 51] 

How should responsibility among different entities 

involved in the processing of data be distributed? 

Alternatives: 

a. Making data controllers key owners and making them 

accountable. 

b. Clear bifurcation of roles and associated expectations 

from various entities. 

c. Defining liability conditions for primary and secondary 

owners of personal data. 

d. Dictating terms/clauses for data protection in the contracts 

signed between them. 

e. Use of contractual law for providing protection to data 

subject from data processor. 

[Part II/Ch.6 (Entities to be defined in the law: data controllers and 

processors)/Q3/Pg. 51] 

Should the data protection law have specific provisions 

facilitating cross border transfer of data? If yes, what 

should the adequacy standard be the threshold test for 

transfer of data? 

(Part II/Ch.8 (Cross-border flow of data)/Q2/Pg. 68] 

Should certain types of sensitive personal information 

be prohibited from being transferred outside India even if 

it fulfils the test for transfer? 

(Part II/Ch.8 (Cross-border flow of data)/Q3/Pg. 68] 

Should there be a data localization requirement for the 

storage of personal data within the jurisdiction of India? 

(Part II/Ch.9 (Data Localization)/Q2/Pg. 75] 

If yes, what should be the scope of the localization mandate? 

Should it include all personal information or only 

sensitive personal information? 

[Part II/Ch.9 (Data Localization)/Q3/Pg. 75] 

If the data protection law calls for localization, what 

would be impact on industry and other sectors? 

[Part II/Ch.9 (Data Localization)/Q4/Pg. 75] 

On whom should the primary onus of ensuring accuracy 

of data lie especially when consent is the basis of collection? 

Alternatives: 

a. The individual 

b. The entity collecting the data 

[Part III/Ch.7 (Storage limitation and data quality)/Q2/Pg.121] 

How long should an organization be permitted to store 

personal data? What happens upon completion of such 

time period? Alternatives: 


Cover Story+ 

a. Data should be completely erased 

b. Data may be retained in anonymised form 

[Part III/Ch.7 (Storage limitation and data quality)/Q3/Pg.121] 

Should there be a restriction on the categories of information 

that an individual should be entitled to when exercising 

their right to access? 

[Part III/Ch.8 (Individual Participation Rights-1)/Q2/Pg.128] 

What should be the scope of the right to rectification? 

Should it only extend to having inaccurate date rectified 

or should it include the right to move court to get an order 

to rectify, block, erase or destroy inaccurate data as is the 

case with the UK? 


Should there be a fee imposed on exercising the right to 

access and rectify one‘s personal data? Alternatives: 

a. There should be no fee imposed. 

b. The data controller should be allowed to impose a reasonable 

fee. 

c. The data protection authority/sectoral regulators may 

prescribe a reasonable fee. 


Should there be a fixed time period within which organisations 

must respond to such requests? If so, what should 

these be? 


Is guaranteeing a right to access the logic behind automated 

decisions technically feasible? How should India 

approach this issue given the challenges associated with it? 


What should be the exceptions to individual participation 

rights? 

[For instance, in the UK, a right to access can be refused 

if compliance with such a request will be impossible or 

involve a disproportionate effort. In case of South Africa 

and Australia, the exceptions vary depending on whether 

the organisation is a private body or a public body.] 


The EU GDPR introduces the right to restrict processing 

and the right to data portability. If India were to adopt 

these rights, what should be their scope? 


Should there be a prohibition on evaluative decisions 

taken on the basis of automated decisions? Alternatives 

a. There should be a right to object to automated decisions 

as is the case with the UK. 

b. There should a prohibition on evaluative decisions 

based on automated decision making. 


Given the concerns related to automated decision making, 

including the feasibility of the right envisioned under 

the EU GDPR, how should India approach this issue in 

the law? 


Should direct marketing be a discrete privacy principle, 

or should it be addressed via sector specific regulations? 


What are your views on the right to be forgotten having 

a place in India‘s data protection law? 

[Part III/Ch10 (Individual Participation Rights-3)/Q1/Pg.141] 

Should the right to be forgotten be restricted to personal 

data that individuals have given out themselves? 

[Part III/Ch10 (Individual Participation Rights-3)/Q2/Pg.141 

Does a right to be forgotten add any additional protection 

to data subjects not already available in other individual 

participation rights? 


Does a right to be forgotten entail prohibition on display/dissemination 

or the erasure of the information from 

the controller‘s possession? 


Does co-regulation seem an appropriate approach for a 

data protection enforcement mechanism in India? 

[Part IV/Ch. 1 (Regulation and enforcement)/Q2/Pg.146] 

What are the specific obligations/areas which 

may be envisaged under a data protection law in India 

for a (i) command and control approach; (ii) selfregulation 

approach (if any); and (iii) co-regulation 

approach? 

[Part IV/Ch. 1 (Regulation and enforcement)/Q3/Pg.146] 

What are the organizational measures that should 

be adopted and implemented in order to demonstrate 

accountability? Who will determine the standards which 

such measures have to meet? 

[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.155] 

Should the lack of organizational measures be linked to 

liability for harm resulting from processing of personal 

data? 


Should all data controllers who were involved in the 

processing that ultimately caused harm to the individual 

be accountable jointly and severally or should they be 

allowed mechanisms of indemnity and contractual affixation 

of liability inter se? 



17

Cover Story+ 

Should there be strict liability on the data controller, 

either generally, or in any specific categories of processing, 

when well-defined harms are caused as a result of data 

processing? 

[Part IV/Ch. 2 (Accountability and enforcement tools)/Q5/Pg.155 

Should the data controllers be required by law to take 

out insurance policies to meet their liability on account 

of any processing which results in harm to data subjects? 

Should this be limited to certain data controllers or certain 

kinds of processing? 


If the data protection law calls for accountability as 

a mechanism for protection of privacy, what would be 

impact on industry and other sector? 


What are the subject matters for which codes of practice 

or conduct may be prepared? 

[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.160 

What is the process by which such codes of conduct or 

practice may be prepared? Specifically, which stakeholders 

should be mandatorily consulted for issuing such a code 

of practice? 


Who should issue such codes of conduct or practice? 


How should such codes of conduct or practice be 

enforced? 


What should be the consequences for violation of a code 

of conduct or practice? 


How should a personal data breach be defined? 


When should personal data breach be notified to the 

authority and to the affected individuals? 


What are the circumstances in which data breaches 

must be informed to individuals? 


What details should a breach notification addressed to 

an individual contain? 


Should a general classification of data controllers be 

made for the purposes of certain additional obligations 

facilitating compliance while mitigating risk? 


Should data controllers be classified on the basis of the 

harm that they are likely to cause individuals through 

their data processing activities? 


What are the factors on the basis of which such data 

controllers may be categorized? 


What are the circumstances when Data Protection 

Impact Assessments (DPIA) should be made mandatory? 

[Part IV/Ch. 2 (Accountability and enforcement tools: Data Protection 

Impact Assessment)/Q2/Pg.173] 

Who should conduct the DPIA? In which circumstances 

should a DPIA be done (i) internally by the data controller; 

(ii) by an external professional qualified to do so; and 

(iii) by a data protection authority? 



What are the circumstances in which a DPIA report 

should be made public? 



Is there a need to make data protection audits mandatory 

for certain types of data controllers? 

[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection 

Audit)/Q2/Pg.173] 

Should data audits be undertaken internally by the data 

controller, by a third party (external person/agency), or by 

a data protection authority? 


Audit)/Q4/Pg.173] 

Should it be mandatory for certain categories of data 

controllers to designate particular officers as DPOs for the 

facilitation of compliance and coordination under a data 

protection legal framework? 


officer)/Q2/Pg.174] 

What should be the qualifications and expertise of such 

a DPO? 



What should be the functions and duties of a DPO? 




INSIGHT 

Whither 

Supercomputing? 

The state of global supercomputing in five charts 

By CIO&Leader 

A 

Every six months—in May and November 

every year—Top500.org, a site tracking 

supercomputers, comes out with the list of the 

world’s 500 fastest. The list provides data on 

the sites where they are hosted, their theoretical 

and achieved performance, their chitecture, 

their manufacturers, and a number of 

other data points. 

Analysis of the Top500.org data provides 

excellent insight into the state of supercomputing 

globally at any point of time. 

The insights presented here are based on the 

data presented in the lasts—November 2017— 

list that also happens to be the 50th list since 

its beginning. 

Our insights are drawn from analysis of 

the Top500.org data for last 10 years—From 

November 2007 to November 2017. 


Insight 

Measuring the Speed of Speed 

How fast is today’s fastest supercomputer? According to 

November 2017 Top 500 list, it is 93 petaFLOPS—that is 93 

million billion floating point operations per second. This is 

200 times faster than the fastest supercomputer in November 

2007 and 1.6 million times faster than the fastest supercomputer 

in June 1993, when the list made its debut. 

The Acceleration 

How fast have been the fastest (all figures in TFLOPs/second) 

33862.7 

33862.7 

93014.6 

478.2 

1759 10510 

Nov_07 Nov_09 Nov_11 Nov_13 Nov_15 Nov_17 

Global Power Shift 

Like in many other things in business and economy, in 

supercomputing too, the action has shifted from America 

and Europe to Asia Pacific. 

The Chinese Invasion 

Supercomputing is the latest area where China overthrows the US 

from top even as India's presence is further marginalized 

283 

144 

10 

4 

9 


China US India 

Power of the Cluster 

In terms of the architecture, there is a clear shift to clusterbased 

supercomputing. Almost nine out of ten Top500 

supercomputing sites are cluster-based. 

The Definite Shift to Clusters 

Cluster 

MRP 

202 

The Asian Edge 

Supercomputing power too shifts to Asia, driven by China; 

India's rise could push it further 

289 

287 

274 

277 

212 

109 

149 

93 

The Manufacturers’ Story 

While Cray still remains the supercomputing company, with 

shrinking share of MPP architecture, Cray’s share in Top 

500 is coming down, even though it still accounts for more 

than one third of Top 50 sites. Lenovo and a host of Chinese 

manufacturers show up on the radar, thanks to China’s rise 

in supercomputer usage. 

103 102 

150 152 

257 

179 

122 121 

60 60 

Manufacturer's Share 


Lenovo completes China story 

Asia -Oceania Europe Americas 

China is the New Supercomputing 

Superpower 

The big rise of Asia in the supercomputing scene is almost 

entirely because of the rise of China—and despite the fall of 

other Asian contenders like Japan and India. 

In fact, it is a big shift that happened in the latest Top 

500 list. For the first time, China replaced the US as the 

top supercomputing country accounting for more Top500 

supercomputer sites than the US. 

India has been reduced to a marginal player with just four 

of the Top500 fastest sites present in the country. That is a 

drop from 12 such sites that it had just four years back. 

2% 9% 

2% 

24% 

3% 

14% 

3% 20% 

4% 

4% 

4% 

4% Top 50 

8% 

10% 

4% 

10% 

11% 

11% 

36% 

16% 

HPE Lenovo Inspur Cray Inc. Sugon 

Huawei IBM Bull Dell EMC Fujitsu 


21

Insight 

Is It Time To 

Look Beyond 

Attended Payment 

Solutions? 

Unattended payment systems bring in efficiency by 

significantly reducing wait time. They could be just the 

right solution for smart cities 

By Niranj Sangal 


Insight 

AAutomation and intelligence are being incorporated 

in almost any business sector today. This integration 

has resulted in more effective business practices, and 

presents a new and improved level of productivity, 

transparency and reliability. The business of payments 

in India has been a witness to digital transformation; 

consumers were obligated to look beyond 

paper money to plastic cards, pre-paid instruments 

like e-wallets, smartcards, etc. On understanding 

the landscape of payment trends, businesses and 

customers are equally looking out for simple, quick 

and economical manners of transacting. It is certain 

that PoS and digital wallets are here to stay, however, 

introducing mobility within payments has plenty of 

scope and possibilities that are beyond these existing 

solutions. Unattended payment solutions or selfservice 

solutions are known to add more flexibility 

and can open new avenues and revenue streams for 

existing businesses. 

Digital payments have introduced transparency 

and automation across businesses, but Indians have 

experienced very little in terms of self-check-out 

kiosks, ticket vending machines, vending machines, 

etc. Western markets have adapted to self-service 

payments across businesses like transport, fuel, 

retail, hospitality and even car parks since years. 

According to Growth Industry Analysts, the US is 

currently the largest market for intelligent vending 

machines and the global market is expected to reach 

approximately 2.7 million unattended terminals by 

2020. Additionally, unattended retail is estimated to 

reach USD 275 billion globally by 2020, according to 

a research by ReportsnReports.com. 

Unattended payment terminals and solutions provides 

for smooth, safe, secure and convenient mode 

of payments across Kiosks for bill payments, movie 

tickets, vending machines, etc. and AFC (Automated 

Fare Collection) solutions for rail tickets, metros, etc. 

It happens to be one of the best systems for managing 

parking especially in a country like India, where parking 

is scarce and there are losses in revenue. 

There are very distinct reasons on why such solutions 

gradually become a choice for many. Not only 

is it user friendly, it has been known to lower or 

even eliminate time wasted in long queues due to its 

queue-busting uniqueness and this also channelizes 

sales. Similar to PoS, the solution also needs to be 

compliant with PCI DSS norms and are hence equally 

safe and secure. Integration with existing loyalty 

programs and acceptance of cash, cards, wallets and 

even NFC and contactless payments make it multifaceted 

and acceptable by consumers. 

Unattended payment 

solutions or self-service 

solutions are known to 

add more flexibility and 

can open new avenues 

and revenue streams for 

existing businesses 

Very recently, Delhi Metro made a bold move by 

deciding to install around 400 unattended terminals 

across it network which will enable commuters to 

recharge smart cards and buy tokens by swiping a 

debit or credit cards themselves. Installing such selfservice 

terminals in this case can be viewed as an 

optimal and a profitable alternative considering ticketing 

rush. Our experience with retailers across the 

world tells us that it has helped draw more customers 

thus increasing sales without the need to increase 

staff or offload existing workload on existing staff. 

The technology used in such systems allows the solution 

to be managed remotely. The solution has visibly 

eased operations and challenges associated with payments 

at large format outlets. 

Such solutions can ease out transactions, 

especially in smart city projects across India. Keeping 

in mind the potential of such solutions, it is only 

about time that the solution is made more readily 

available to consumers 

–The author is the Group CEO, OMA Emirates Group 


23

Insight 

CFO and CIOs: The 

Old Tiff Continues; 

CEOs Agree 

However, CFOs and COOs blame it on lack of CIOs’ lack of 

business expertise, even as 96% senior executives say CIO- 

CFO collaboration crucial or very important for success of IT 

transformation 

By CIO&Leader 


Insight 

AAs many as 96% of senior executives see close collaboration 

between CIO and CFO as critical or very important for 

success of IT transformation in an enterprise. However, a 

predominant majority (89%) of them acknowledge that significant 

barriers exist, at present that prevent the two from 

effectively collaborating with each other, says a new report 

based on a global study of senior executives conducted by 

Forbes Insight, in association with Dell EMC. 

Ironically, one of the manifestations of that barrier could 

be the difference in perceptions between the two about what 

creates that barrier itself. While CFOs blame it on reporting 

structure and CIOs’ lack of business expertise, CIOs think 

a significant reason could be CFOs ‘outdated attitude’ about 

the primary role of the CIO. Interestingly, CEOs seem to 

endorse that view—and even more emphatically. While only 

30% CIOs point to CFO’s outdated attitude as a big reason 

for creating the barrier, as much as 45% CEOs think so. 

20% 

29% 

25% 

29% 

32% 

30% 

11% 

13% 

CIO 

What creates the barrier to effective 

CIO-CFO collaboration? 

20% 

20% 

30% 

35% 

18% 

30% 

16% 

13% 

CFO 

There are no significant barriers 

No clear mandate from CEO/ 

board 

CFOs have outdated attitudes 

about the primary role of CIO 

Lack of incentive to work more 

closely together 

Conflicts arising over traditional 

reporting structure 

CIOs' lack of business expertise 

CFOs' lack of sufficient technical 

expertise 

Conflicting responsibilities and 

priorities 

Source: Forbes Insight/Dell-EMC Study 2017 

While only 30% CIOs point 

to CFO’s outdated attitude 

as a big reason for creating 

the barrier, as much as 45% 

CEOs think so 

However, many (30%) CFOs do admit that it is their community’s 

outdated attitude that is the major factor in creating 

the barrier. “The finance team becomes a barrier if the 

discussions are only about the budget and how to run as 

lean as possible. That’s a losing attitude for IT Transformation,” 

the report quotes Khozema Shipchandler, Global CFO 

of GE Digital as saying. 

There’s significant regional variation too. While in the 

Americas, the reasons for the barrier are thought to be due 

to structural issues—conflicting responsibilities and reporting 

structures—in APAC, it is name calling. ‘CIOs lack of 

business expertise’ and ‘CFOs’ outdated attitudes about 

CIO’s role’ that are identified as the top reasons that contribute 

to the barrier. 

What are the biggest consequences if CIOs and CFOs 

do not work together effectively? As many as two out of 

three (63%) think the risk of falling behind competition is 

increased significantly. 

Another significant finding reinforces that idea. The report 

finds that it is not investment but the effective collaboration 

between the two that makes a company a leader or a laggard 

in IT transformation. “Although leaders and laggards in IT 

are seeing different outcomes, the results aren’t a function of 

who spends the most for IT Transformation. This year and 

in 2018, both groups are devoting significant percentages of 

their total budgets in this area,” the report notes. 


25

Insight 

On the other hand, ‘being able to react more quickly to 

market changes’ is seen as the top benefit accruing from an 

effective CIO-CFO collaboration. 

An entrepreneurial mindset was identified as the most 

important characteristic of a CIO when leading IT transformation 

while the impact of IT transformation on a CIO’s role 

is seen to be significant. As many as 72% senior executives 

said in an organization undertaking IT transformation, the 

CIO helps shapes future business models. 

How has IT Transformation impacted CIO's role? 

Helps shape future 

business model 

Is becoming a strategic 

advisor for helping the 

business capitalize on the 

latest technology 

Is expected to work more 

closely with the C-Suite 

to develop new business 

opportunities 

Is a resource for helping 

the business deliver new 

products and services 

faster than competitors 

Is a key resource in 

supporting the current 

business model 

Has become a formal 

member of the executive 

committee/board 

No longer focuses 

solely on implementing 

and managing the IT 

infrastructure 

Characteristics most important for a CIO when 

leading IT transformation 

An entrepreneurial 

mindset 

Ability to bring about 

transformation while 

simultaneously running the 

traditional IT environment 

Ability to act as a change 

agent acrosss technology 

and business disciplines 

28% 

39% 

64% 

64% 

70% 

63% 

72% 

71% 

68% 


74% 

On being asked about factors driving IT Transformation 

strategy, the good old ‘reducing IT cost’ topped the response. 

‘Being first to market with new products’ is seen as another 

significant driver. 

The report, titled "IT Transformation: Success Hinges on 

CIO/CFO Collaboration", is based on a global survey of 500 

The biggest consequence of CIOs and CFOs not 

working together effectively 

Our risk of falling behind 

competitors increases 

Our decisions about technology 

investments are not as timely or 

accurate as possible 

We struggle to scale as 

business demands change 

We’re slow to capitalize on 

technology innovation 

We can’t roll out new products 

and services fast enough to 

satisfy current business demands 

We can’t efficiently integrate 

acquired business 

13% 

21% 

21% 

34% 

49% 

63% 


Biggest benefits from closer 

CIO-CFO collaboration 

React more quickly to 

market changes 

Attract new customers in 

current markets 

More quickly introduce 

new products and services 

requested by the business 

Make better, faster decisions 

about investments in 

emerging technologies 

Successfully enter new markets 

Increase sales and profits 

Improve and streamline internal 

operations and reduce costs 

11% 

9% 

9% 

16% 

14% 

14% 

63% 24% 

A passion for innovation 

63% 

Increase shareholder value 

5% 


Expertise as a 

business advisor 

Ability to overcome 

resistance to change 

among end-users 

44% 

55% 


CEOs, COOs, CIOs and CFOs. The survey and a series of 

in-depth interviews with global IT and business executives 

highlight other underlying frictions that thwart CIOs and 

CFOs from forming a united front to capitalize on the benefits 

of IT Transformation 


Insight 

Worldwide 

IT Services 

Revenue 

Rises In 

2017 

As per the report, an increase 

of 4.0% year-over-year has been 

recorded in 1H17 

By CIO&Leader 

W 

Worldwide 

revenues for IT Services and Business 

Services totaled USD 475 billion in the first 

half of 2017 (1H17), an increase of 4.0% year over 

year, according to the International Data Corporation 

(IDC) Worldwide Semiannual Services 

Tracker. IDC expects worldwide services revenues 

to surpass USD 1.0 trillion in 2018. 

While IT Services delivered more than two 

thirds of overall services revenue in 1H17, spending 

on Business Services grew faster than the 

overall market at 6.0% year over year. IT Services 

revenues were largely driven by spending on 

technology outsourcing and project-oriented 

services, such as application development and 

systems and network implementation. Business 

Services spending was led by business process 

outsourcing and business consulting services. 

The largest of the 14 foundation markets IDC 

uses to analyze end-user spending and vendor 

revenue was business process outsourcing with 

1H17 revenues of USD 92.9 billion. Systems integration 

was the second largest foundation market 

at USD 62.1 billion. Business consulting was the 

third largest foundation market in 1H17, followed 

by IT outsourcing and software deploy and support 

services. The fastest growing markets were 

hosting infrastructure services (9.8% growth) and 

business consulting (8.2% growth). IT outsourcing 

was the only foundation market to experience 

declining revenues in 1H17. 

On a geographic basis, the United States was 

the largest services market with revenues of USD 

216.7 billion in 1H17. Western Europe was the 

second largest region, followed by Asia/Pacific 

(excluding Japan)(APeJ). The markets with the 

fastest year-over-year growth in 1H17 were APeJ, 

Central and Eastern Europe (CEE), and the United 

States. Only two of the eight regions (Japan 

and the Middle East & Africa) recorded a decline 

in services revenue in 1H17. 

"Cloud-related services expected to surpass the 

USD 100 billion mark this year," said Lisa Nagamine, 

research manager with IDC's Worldwide 

Semiannual Services Tracker. 


27

Insight 

5 Key Data 

Predictions For 2018 

Emergence of decentralized immutable mechanisms for 

managing data is one of the key predictions highlighted by Mark 

Bregman, CTO, NetApp 

By Mark Bregman 

D 

1. Data becomes self-aware 

Today, we have processes that act on data and determine 

how it’s moved, managed and protected. But 

what if the data defined itself instead? 

As data becomes self-aware and even more diverse 

than it is today, the metadata will make it possible 

for the data to proactively transport, categorize, 

analyze and protect itself. The flow between data, 

applications and storage elements will be mapped in 

real time as the data delivers the exact information 

a user needs at the exact time they need it. This also 

introduces the ability for data to self-govern. The 

data itself will determine who has the right to access, 

share and use it, which could have wider implications 

for external data protection, privacy, governance 

and sovereignty. 

For example, if you are in a car accident there 

may be a number of different groups that want or 

demand access to the data from your car. A judge 

or insurance company may need it to determine 

liability, while an auto manufacturer may want it 

to optimize the performance of the brakes or other 


Insight 

mechanical systems. When data is selfaware, 

it can be tagged so it controls 

who sees what parts of it and when, 

without additional time consuming 

and potentially error prone human 

intervention to subdivide, approve and 

disseminate the valuable data. 

2. Virtual machines 

become “rideshare” 

machines 

It will be faster, cheaper and more convenient 

to manage increasingly distributed 

data using virtual machines, provisioned 

on webscale infrastructure, 

than it will be on real machines. 

This can be thought of in terms of 

buying a car versus leasing one or 

using a rideshare service like Uber 

or Lyft. If you are someone that hauls 

heavy loads every day, it would make 

sense for you to buy a truck. However, 

someone else may only need a certain 

kind of vehicle for a set period of time, 

making it more practical to lease. And 

then, there are those who only need 

a vehicle to get them from point A 

to point B, one time only: the type of 

vehicle doesn’t matter, just speed and 

convenience, so a rideshare service the 

best option. 

This same thinking applies in the 

context of virtual versus physical 

machine instances. Custom hardware 

can be expensive, but for consistent, 

intensive workloads, it might make 

more sense to invest in the physical 

infrastructure. A virtual machine 

instance in the cloud supporting variable 

workloads would be like leasing: 

users can access the virtual machine 

without owning it or needing to know 

any details about it. And, at the end of 

the “lease,” it’s gone. Virtual machines 

provisioned on webscale infrastructure 

(that is, serverless computing) are 

like the rideshare service of computing 

where the user simply specifies the 

task that needs to be done. They leave 

the rest of the details for the cloud 

provider to sort out, making it more 

convenient and easier to use than traditional 

models for certain types 

of workloads. 

3. Data will grow faster 

than the ability to 

transport it...and that’s ok! 

It’s no secret that data has become 

incredibly dynamic and is being generated 

at an unprecedented rate that will 

greatly exceed the ability to transport 

it. However, instead of moving the 

data, the applications and resources 

needed to process it will be moved to 

the data and that has implications for 

new architectures like edge, core, and 

cloud. In the future, the amount of data 

ingested in the core will always be less 

than the amount generated at the edge, 

but this won’t happen by accident. 

It must be enabled very deliberately 

to ensure that the right data is being 

retained for later decision making. 

For example, autonomous car manufacturers 

are adding sensors that will 

generate so much data that there's no 

network fast enough between the car 

and data centers to move it. Historically, 

devices at the edge haven’t created 

a lot of data, but now with sensors 

in everything from cars to thermostats 

to wearables, edge data is growing 

so fast it will exceed the capacity of 

the network connections to the core. 

Autonomous cars and other edge 

devices require real-time analysis at 

the edge in order to make critical inthe-moment 

decisions. As a result, we 

will move the applications to the data. 

4. Evolving from “Big 

Data” to “Huge Data” will 

demand new solid statedriven 

architectures 

As the demand to analyze enormous 

sets of data ever more rapidly increases, 

we need to move the data closer 

to the compute resource. Persistent 

memory is what will allow ultra-low 

latency computing without data loss; 

and these latency demands will finally 

force software architectures to change 

and create new data driven opportunities 

for businesses. Flash technology 

has been a hot topic in the industry, 

however, the software being run on it 

didn’t really change, it just got faster. 

This is being driven by the evolution 

of IT’s role in an organization. In the 

past, IT’s primary function would have 

been to automate and optimize processes 

like ordering, billing, accounts 

receivable and others. Today, IT is integral 

to enriching customer relationships 

by offering always-on services, 

mobile apps and rich web experiences. 

The next step will be to monetize the 

data being collected through various 

sensors and devices to create new business 

opportunities and it’s this step 

that will require new application architectures 

supported by technology like 

persistent memory. 

5. Emergence of decentralized 

immutable mechanisms 

for managing data 

Mechanisms to manage data in a trustworthy, 

immutable and truly distributed 

way (meaning no central authority) 

will emerge and have a profound 

impact on the datacenter. Blockchain is 

a prime example of this. 

Decentralized mechanisms like 

blockchain challenge the traditional 

sense of data protection and management. 

Because there is no central point 

of control, such as a centralized server, 

it is impossible to change or delete 

information contained on a blockchain 

and all transactions are irreversible. 

Current datacenters and applications 

operate like commercially managed 

farms, with a central point of control 

(the farmer) managing the surrounding 

environment. The decentralized 

immutable mechanisms for managing 

data will offer microservices that 

the data can use to perform necessary 

functions. The microservices and data 

will work cooperatively, without overall 

centrally managed control 

–Mark Bregman, CTO, NetApp outlines 5 key 

CTO predictions for 2018. 


29

Insight 

2018 Top 10 BI/ 

Analytics Trends 

BI software maker Tableau presents top 10 BI trends for 

the new year 

By CIO&Leader 


Insight 

D 

Don’t Fear AI 

Machine learning can make the data 

analytics process more efficient, leaving 

the analysts with more time to 

think about business implications and 

the next logical steps. It also helps the 

analyst explore and stay in the flow 

of their data analysis because they no 

longer have to stop and crunch the 

numbers. Instead, the analyst is asking 

the next question. 

The human impact of liberal arts 

As analytics evolves to be more art 

and less science, the focus has shifted 

from simply delivering the data to 

crafting data-driven stories that inevitably 

lead to decisions. 

The Promise of NLP 

The rising popularity of Amazon 

Alexa, Google Home, and Microsoft 

Cortana have nurtured people’s expectations 

that they can speak to their 

software and it will understand what 

to do. This same concept is also being 

applied to data, making it easier for 

everyone to ask questions and analyze 

the data they have at hand. 

The Debate for Multi-cloud 

Rages On 

As multi-cloud adoption rises, organizations 

will have to manoeuvre 

through the nuance of assessing 

whether their strategy measures how 

much of each cloud platform was 

adopted, internal usage, and the workload 

demands and implementation 

costs. 

Rise of the Chief Data 

Officer 

To derive actionable insights from data 

through analytics investments, organizations 

are increasingly realizing the 

need for accountability in the C-Suite 

to create a culture of analytics. For a 

growing number of organizations, the 

answer is appointing a Chief Data Officer 

(CDO) or Chief Analytics Officer 

(CAO) to lead business process change, 

overcome cultural barriers, and communicate 

the value of analytics at all 

levels of the organization. This allows 

the CIO to have a more strategic focus 

on things such as data security. 

The Future of Data 

Governance is 

Crowdsourced 

BI and analytics strategies will 

embrace the modern governance 

model: IT departments and data engineers 

will curate and prepare trusted 

data sources, and as self-service is 

mainstreamed, end users will have the 

freedom to explore data that is trusted 

and secure. Top-down processes that 

only address IT control will be discarded 

in favor of a collaborative development 

process combining the talents of 

IT and end users. 

Vulnerability Leads to a 

Rise in Data Insurance 

Cyber and privacy insurance covers 

a business’ liability for a data breach 

in which the customer’s personal 

information is exposed or stolen by a 

hacker. As data’s value increases and 

Top-down 

processes that 

only address IT 

control will be 

discarded in favor 

of a collaborative 

development 

process combining 

the talents of IT 

and end users 

so do the threats, companies will look 

for an option Z—the last option. 

Increased Prominence of 

the Data Engineer Role 

Data engineers are responsible for 

extracting data from the foundational 

systems of the business in a way that 

can be used and leveraged to make 

insights and decisions. As the rate of 

data and storage capacity increases, 

someone with deep technical knowledge 

of the different systems, architecture, 

and the ability to understand 

what the business wants or needs 

starts to become ever more crucial. 

The Location of Things will 

Drive IoT Innovation 

One positive trend that is being seen 

is the usage and benefits of leveraging 

location-based data with IoT devices. 

This subcategory, termed “location 

of things,” provides IoT devices with 

sensing and communicates their geographic 

position. By knowing where 

an IoT device is located, it allows us to 

add context, better understand what 

is happening and what we predict will 

happen in a specific location. 

As it relates to analyzing the data, 

location-based figures can be viewed 

as an input versus an output of results. 

If the data is available, analysts can 

incorporate this information with their 

analysis to better understand what is 

happening, where it is happening, and 

what they should expect to happen in a 

contextual area. 

Universities Double Down 

on Data Science and 

Analytics Programs 

The hard skills of analytics are no 

longer an elective; they are a mandate. 

2018 will begin to see a more rigorous 

approach to making sure students 

possess the skills to join the modern 

workforce. And as companies continue 

to refine their data to extract the 

most value, the demand for a highly 

data-savvy workforce will exist — 

and grow 


31

Insight 

Digital Business Is 

Making CIOs And 

Their IT Organizations 

More Change-Ready 

It is known that digitalization and technological evolution 

has transformed the role of the CIO 

By CIO&Leader 


Insight 

AAccording to 2018 Gartner CIO Agenda Survey, 51% 

of CIOs surveyed in India reported that they are taking 

charge of innovation and 49% have indicated that 

they are heading up digital transformation. 

The survey results show that, overall 95% of CIOs 

expect their jobs to change or be remixed due to digitalization. 

IT delivery management is taking up less and 

less of the CIO's time. Respondents believe that the two 

biggest transformations in the CIO role will be becoming 

a change leader, followed by assuming increased 

and broader responsibilities and capabilities. 

Globally growth is the No. 1 CIO 

priority for 2018 

However in India, CIOs reported optimizing enterprise 

operational excellence (66%), tracking business 

value of IT (64%) and business cost optimization 

(62%) as their top priorities. The good news for CIOs 

in India is that more money will be available to support 

these priorities. IT budgets in India are expected 

to increase by 7.4% in 2018. This compares to an 

expected 3% IT budget increase globally. 

Define the role – focus attention 

beyond IT 

At least 84% of all top CIOs surveyed have responsibility 

for areas of the business outside traditional IT. 

The most common are innovation and transformation. 

51% of respondents in India said that the CIO 

in their organization is in charge of innovation while 

49% said the CIO heads up digital transformation 

and 30% said the CIO leads enterprise change. The 

survey found that CIOs are spending more time on 

the business executive elements of their jobs compared 

with three years ago. In fact, CIOs from top 

performing organizations are spending up to four 

days more on executive leadership. The more mature 

an enterprise's digital business is, the more likely the 

CIO will report to the CEO. 

In a change from previous surveys, respondents 

were asked to name the top differentiating technologies 

(in previous years they were asked about investment 

levels). Business intelligence (BI) and analytics 

still retain the No. 1 spot, with top performers most 

likely to consider them strategic. 

Implement the new role 

79% of CIOs report that digital business is making 

their IT organizations more "change-ready," which 

suggests that now is a good time to implement change 

to the IT organizations, and, in turn, should make the 

transition to the new job of the CIO easier. 

The first part of the new job of the CIO is to build 

the required bench strength to scale the enterprise's 

digital business through support for the digital ecosystem. 

This means hiring new resources to put in 

place the right digital team structures. Some CIOs 

favor a separate digital team while others make digitalization 

part of the day job of IT and the enterprise. 

However, 71% of the top performers have a separate 

digital team to help them scale their digitalization 

efforts. The most common structure for these teams 

is to report to the CIO, although the biggest difference 

between the top performers and their peers is in the 

CEO reporting relationship of these teams. 

"The effects of digitalization are profound. The 

impact on the job of CIO and on the IT organization 

itself should not be underestimated," said Mr. 

Rowsell-Jones. "In this new world, CIO success is not 

based on what they build, but the services that they 

integrate. The IT organization will move from manufacturer 

to buyer, and the CIO will become an expert 

orchestrator of services. The real finding though is 

that this is happening now, today. CIOs must start 

scaling their digital business and changing their own 

jobs with it now." 


33

OPINION 

"Robot Revolution: 

Which Sector Will 

Be The First To Go 

100% Robot?" 

Dr Antonio Espingarderio reveals that we are 

going to see more of merging between human 

intelligence and machine learning 

By Dr Antonio Espingarderio 


Opinion 

WWe 

live in a time where technology is 

the driving force of the constant evolution 

of the world we know. Society has 

advanced at a much faster rate in the 

past century than any other known 

point in time, and it seems to be only 

gathering pace. Robotics will accelerate 

this change, altering the workplace 

we see now by taking over tasks traditionally 

handled by humans and 

completing them at a much faster and 

more efficient rate. We are likely only 

decades away from seeing some industries 

dominated by robots, but which 

sector will be first? 

Industry has undergone huge 

changes continuously since the days of 

the industrial revolution. It continues 

to do so, with the International Federation 

of Robotics (IFR) stating "by 2019 

more than 1.4 million new industrial 

robots will be installed in factories 

around the world". Considering the 

IFR projections and the constant need 

for producing more goods faster and 

cheaper for an increasingly connected 

and growing population, then it is 

most likely that this is the first sector 

that will see complete automation over 

the next few decades. But is this so 

surprising? Automation in factories 

has been on the increase for a number 

of years. How automation integrates 

factories in the wider supply is an 

interesting concept. 

The concept of industry 4.0 involves 

having automation, internet of things, 

cloud computing, interoperability and 

decentralised decision making. In other 

words, the factory becomes 'smarter' 

and efficient. Nevertheless, it is not only 

the integration of robots in factories 

that will change, but the whole notion 

of logistics. Today after ordering goods 

it takes a long time for them to arrive to 

their final destination. This is essentially 

because the production chain is disconnected 

from the distribution chain 

as goods are produced in disparate 

locations. However, with high levels of 

automation, production isn't an issue. 

The main question is how to distribute 

goods as quickly as possible. It is likely 

that either factories will have to move 

within closer proximity of their customers 

thus decentralising their branches 

or distribution will be made autonomous 

in order to make it a more efficient 

process. Overall this will shorten the 

time between the ordering stage and 

delivering stage, which will represent 

big changes in economic terms. 

Secondly, autonomous driving 

vehicles are already revolutionising 

our concept of transportation. One of 

the main reason for their development 

is safety. According to the Association 

for Safe International Road Travel, 1.3 

million people die in road accidents 

every year. The phenomenon means 

a complete rearrangement in the way 

transportation takes place with the 

"road travel" time gaining new meaning 

in terms of global management and 

productivity. Tasks that are repetitive 

and dangerous are likely to resemble 

the three Ds of robotics: dirty, dangerous 

and dull. However, this is like to 

be more evolution than revolution and 

an iterative process that takes time. It 

will mean a progressive introduction 

of autonomy features in road vehicles 

through the forms of autonomous parking, 

braking assistance, pedestrians' 

awareness, night vision, heat detection, 

lane detection, road signs detection and 

wheel and seats alarms, among others. 

This is what you are going to see over 

the next decades when buying or renting 

cars, but don't expect driving autonomously 

to arise suddenly. There is still 

a long way to go in terms of vehicles, 

infrastructures and maps. The phenomenon 

is likely to open a set of new 

opportunities in terms of car services 

and geographical information systems 

such as map purchases and updates. 

Similarly, the notion of time management 

is likely to change. We can use our 

time to do other things while in autonomy 

modes. Advertising and ecommerce 

on vehicles is likely to take new routes 

in terms of human productivity, leisure 

or education. 

In both examples, automation will be 

using machine learning. The advantages 

of processing high volumes of 

information, finding patterns and 

highlight flaws or new ways of thinking 

are vast, especially in supervised 

learning. The use of these systems 

will mean "smarter business", more 

competitiveness and better outcomes 

for all stakeholders. However, because 

the rooting of these systems is largely 

dependent on "human common sense", 

their adoption is likely to result in a 

merger. Humans are tremendously 

good at common sense and pondering; 

computers are extremely good in 

presenting facts, patterns, source data, 

numbers, graphs, tables, metrics and 

so on. So, what you are going to see is 

not "robots taking over", but instead 

the merging between human intelligence 

and machine learning. 

Lastly, areas such as critical thinking, 

advising, customisations, arts, design, 

dedicated customer service, empathy 

and sympathy are not likely to be fully 

integrated into robotics anytime soon. 

In other words, robots can't takeover 

where there is creativity, emotions, 

social intelligence and human contact 

involved. These are all human traits 

difficult to generate and translate 

through machines so roles and sectors 

reliant on these skills are likely to be 

safe from to robotic revolution for the 

foreseeable future. 

Interestingly the rise of robotics has 

led to a new set of jobs that are safe from 

robotic revolution for the foreseeable 

future. As Voltaire said "work saves 

us from three great evils: vice, boredom 

and need". Despite the imminent 

robotic revolution, it seems "work" will 

continue, it is only the nature of "work" 

that will change 

–The author is member of IEEE Robotics 

& Automation Society 


35

Opinion 

How Platform 

Business Models 

Are Transforming 

Insurance… 

Insurance players have started collecting and 

leveraging customer data in newer ways, creating 

completely new opportunities for themselves 

By Sangeet Paul Choudary 


Opinion 

TTesla 

has already changed the rules of 

the transportation and energy industries. 

Up next might be insurance. 

Earlier this year, Tesla announced that 

it would offer lifetime auto insurance 

bundled with the cost of the car. The 

company is betting that its improved 

machine learning will bring down the 

risk profile of its entire fleet of connected 

cars. 

Tesla’s announcement is only one of 

the many examples of how the traditional 

insurance model is poised for 

change. Traditional insurers have long 

relied on two customer touchpoints: 

at the time of sale and at the time 

of claim. As the world gets increasingly 

connected, the current data void 

between these two touchpoints is 

about to be filled. 

Insurance firms are already shifting 

in this direction. In the past, they captured 

data as a one-time event, using it 

to statically determine customers’ risk 

profiles and premiums. Today, they 

are embracing connected technologies, 

especially in the auto and health 

sectors, to offer personalised and 

dynamic insurance premiums to their 

customers. 

Connected Data Paving 

the Way to Innovation 

Some insurers, like Progressive and 

Insure The Box, got a head start by 

retrofitting cars with data-capturing 

devices, while others are relying on 

partnerships with original equipment 

manufacturers. Greater market intelligence 

gathered via these sensors and 

connected products allows insurance 

firms to offer personalised premiums. 

This new source of data can also 

inform product innovation. Bought 

By Many, a UK-based insurtech firm, 

has successfully intermediated such 

opportunities by aggregating users 

with special insurance needs – a rare 

illness or a unique occupational hazard 

– and allowing insurers to serve 

them at scale. 

This connected model is also seeing 

early signs of uptake in the commercial 

insurance world. Logistics firms 

managing large shipments can gather 

sensor data to inform insurers on the 

status of shipments. Even business 

insurance can look at data patterns 

captured by cloud-based invoicing 

and accounting applications to determine 

the liquidity and credit-worthiness 

of parties. 

But connected insurance and personalised 

premiums are only the first 

steps towards a much larger potential 

for value creation. The insurance 

industry has long monetised the 

promise to protect customers should 

an extreme event take place. With 

constant data capture, they can now 

promise avoidance of such extreme 

events in the first place. 

New Monetisation 

Opportunities 

Value creation will begin with a feedback 

loop training insured parties to 

change behaviours based on the data 

captured about them. Auto insurers 

have started experimenting with such 

feedback. In the UK, Marmalade fits a 

black box behind the car dashboard of 

young drivers, providing them with 

feedback and education to improve 

their driving habits over time. This 

unlocks new monetisation opportunities 

for the insurer, in the form of 

value-added services ranging from 

education on better driving to tracking 

a stolen vehicle or a possible break-in. 

In doing so, insurers will increasingly 

compete with non-traditional insurance 

players. 

As insurers move down this path, 

they will realise that ownership of 

consumer data can give them a great 

competitive edge. They will also reckon 

that one firm alone cannot manage 

all possible value creation for the end 

consumer. This is all the more true of 

insurers whose processes have been 

geared towards risk assessment and 

claim management rather than product 

innovation. 

To exploit their data advantage while 

also scaling value creation, insurers 

will have to explore ecosystem-based 

approaches. In such ecosystems, the 

insurer will work with a range of third 

parties willing to offer relevant value 

to end customers based on their data 

profile. Some insurers have partnered 

with external platforms like Nest to 

track home safety indicators. However, 

the data ownership may still lie 

with the external platform. The real 

opportunity for insurers is in owning 

these data and creating their own 

ecosystem instead of relying on thirdparty 

ones. 

Regulators Will Have a 

Role to Play 

The transformation of insurance firms 

into insurer ecosystems presents a 

large opportunity. Unlike traditional 

insurance whose moat and scalability 

ride on a comprehensive network of 

agents, insurer ecosystems will be 

easier to defend because of network 

effects. The more data they will capture 

about customers, the more third 

parties will partner with them. In 

turn, the more third parties that offer 

value, the stronger the value proposition 

will be for the end customer. 

Eventually, a few large ecosystems 

may own the market. 

Regulators will also need to understand 

the ecosystem opportunity if 

they are to enable this shift. While 

traditional insurance data are heavily 

regulated, much of the data that supports 

new value creation is less clearly 

regulated at present. For example, data 

on active care and cure are heavily 

regulated in the healthcare sector but 

wellness and fitness data live in greyer 

zones. Regulators will need to draft 

policies that balance user privacy 

and innovation 

–The writer is co-author of Platform Revolution 

and author of Platform Scale. 


37

FEATURE 

How Innovation 

Works And How 

To Lead It 

Anand P Gaikwad, Senior Manager, ITSP2 Global Program 

Management at Volkswagen IT Services India NEXT100 

Winner 2017, talks about how leadership is an art of 

shaping people and transforming each team member to 

become the future leader 

By Anand P Gaikwad 


Feature 

IIn 1978, Transformational Leadership 

was introduced by expert, James Mc- 

Gregor Burns, in his book “Leadership”. 

He explained it as a process where 

followers of a leader are developed to 

the higher levels of morality and motivation. 

In the same context, I would like 

to submit my perspective about leadership 

and opportunities for innovation. 

What is Leadership? 

“Leadership is a combination of art and 

science; it is an attitude to make people 

work better than they would have been, 

without you,” - this certainly does not 

mean that you perform micro-management 

or sit on someone’s head to make 

them work better rather to build an 

attitude to deliver their best. If you are 

a leader with power, you can easily control 

people but this will lead to failure. 

Leadership is not about controlling 

people but inspiring them to perform 

well and encourage them to think out of 

the box, make mistakes, and learn from 

them. Delegation is one of the most 

important aspects of leadership. If true 

leaders think in terms of developing the 

people they are leading, they delegate. 

This also helps discover new perspectives 

of a team member and motivate 

him/her to hone their potential. 

The Inside Out Approach 

I would like to give a reference of the 

“Golden Circle” explained by Simon 

Sinek in one of his TEDx talks in September 

2009 at Washington D.C in the 

United States of America. 

He gave an apt example to explain 

how big companies and their exclusive 

products become successful - just by 

changing the way they think, and market 

their products better. In a similar 

way, leaders can change their approach 

and adapt the ‘Inside Out Approach’ to 

be successful in his/her role. 

The leaders are influencers but not 

many of them actually think of why 

they want to influence people; Do they 

influence to control, motivate, or lead? 

By knowing the current issues in the 

team and identifying the opportunities, 

he/she can very well define “WHY”. 

WHY: Very few people or companies 

can clearly articulate WHY they do 

what they do. This isn’t about making 

money – that’s a result. WHY is all 

about your purpose, cause or belief. 

WHY does your company exist? WHY 

do you get out of bed in the morning? 

And WHY should anyone care? 

“If the leader knows the objective of 

his actions, he/she can be a positive 

leader.” 

As a leader, one should always look 

for the opportunities to develop the 

team and self to strengthen the delivery 

and keep the team spirit up. There 

is always a scope for the leader to 

improve; it is just a matter to understand 

why there is an opportunity and 

what needs to be changed. 

Once the leader knows why, the next 

thing is to delimit “HOW”, once the 

problems are known and the opportunities 

are identified, then leaders must 

outline how to tie the loose ends and 

handle the situation. 

HOW: Some companies and people 

know HOW they do what they do. 

Whether you call them a ‘’differentiating 

value proposition’’ or ‘’unique selling 

proposition,’’ HOWs are often given 

to explain how something is different 

or better. Not as obvious as WHATs , 

Leadership is not 

about controlling 

people but inspiring 

them to do well and 

encourage them to 

think out of the box, 

make mistakes, and 

learn from them 

and many think these are the differentiating 

or motivating factors in a decision. 

It would be false to assume that’s 

all that is required. 

This could be another important factor 

of situational leadership where the 

leader has to show the dynamics of his/ 

her skills and solve the problem without 

hurting the moral, sentiments, and 

motivation of the team. 

A proven example of this is the 

‘Gamification’ concept that I introduced 

in one of the organizations I worked to 

handle a similar situation. It is crucial 

to identify the loose ends and the corresponding 

opportunities and then 

define the HOW, so the sentiments of 

the team are skillfully handled. Do 

not touch the moral aspect and keep 

your team motivated just by allowing 

healthy competition in the team. 

Now the WHY and HOW is distinct, 

it’s a time to do the marketing for your 

WHAT. It is simply about educating 

the team on your strategies, purposes 

and deliverables. 

WHAT: Every single company and 

organization on the planet knows 

WHAT they do. This is true no matter 

how big or small, no matter what 

industry. Everyone is easily able to 

describe the products or services a 

company sells or the job function they 

have within the system. WHATs are 

easy to identify. 

The strategy is to have the synergy 

between you and the team. The purpose 

is to align them and yourself to the 

organizational goal and altogether create 

an inspiring vision for the future. 

Innovation in Leadership 

Using innovation in leadership can 

positively improve the perception of 

the leader and it improves the collaboration 

and the efficiency, I believe this 

is the best way to state the thin line 

between efficiency and effectiveness. 

It is not only to improve the results 

but also to build the design thinking 

culture in the organization. Getting the 

team united with your inspiring vision 

is essential for future viability. 


39

Feature 

The hardest skills to find are those that can’t be performed by machines 

Q: How difficult, if at all, is it for your organisation to recruit people with these skills or characteristics? 

Q: In addition to technical business expertise, how important are the following skills to your organisation? 

Difficulty in recruiting people with skill 

Respondents who answered somewhat 

difficult or very difficult 

Importance of skill 

Respondents who answered somewhat 

important or very important 

Creativity and 

Innovation 

77% 1 

Leadership 

75% 

2 

Emotional 

intelligence 

64% 

4 

Adaptability 

61% 

5 

Problem solving 

61% 

6 

Source: PwC’s 20th Annual CEO Survey on the impact of innovation & technology on business growth 

Develop Innovative 

Behavior to Lead & 

Personalize 

Sometimes the job gets boring and it 

can lead to demotivation. Personalizing 

is one of the aspects to keep the 

teams motivated. For example, the 

quarterly leadership meet is planned 

in the boardroom for two days. Instead, 

move this meeting to a beach and spend 

quality time with your team in an open 

environment where all the participants 

can rejuvenate and have fun. It 

is extremely crucial to allow your team 

to unwind and put their mind off the 

work. This quality time can help them 

come back to their respective jobs with 

positive force. This will also elevate 

the human experience and broaden 

the scope of the knowledge and understanding 

in the team. 

Transformative Play 

(Gamification) 

Routine work such as day-to-day 

operations is a very inflexible process. 

Playing a game associated with your 

objective and well-defined rules always 

improvises the perfection and unquestionably, 

your business delivery. This 

concept certainly has power to deliver 

the quality service to our customers 

and build a healthy competition within 

the team. 

Collaborative Thinking 

An innovative leader always collaborates. 

It does not matter if the idea 

shared is impossible or unrealistic but 

it creates the opportunity for others to 

think and come up with possible and 

realistic ideas. For example, setting 

up a “Thinkers Club” (The concept of 

Thinkers Club was in place since 1819 

and it was popularized throughout the 

German Confederation). As an activity, 

the club members will meet every week 

on any day for an hour just to “think”, 

discuss, talk and present the ideas that 

they think are helpful to build a strong 

organization and justify the core value 

of “Innovation”. 

Experimentation 

Innovative thinking leads to redefine 

the problem or reframe it. Looking at 

the problem in a different way gets the 

required insight. An innovative leader 

always looks at the issues in a unique 

way to uncover the hidden sights and 

experiment on finding possible solutions. 

It is simply not experimenting 

but checking how it has yielded the 

results he/she desired 


100 

Finance decision-makers 

of India’s top companies 

will be getting together 

in March 2018 

Are you there? 

(WATCH THIS SPACE FOR MORE DETAILS) 

For engagement opportunities, please contact 

Seema Menon 

seema.menon@9dot9.in, +919740394000 

Mahantesh 

mahantesh.g@9dot9.in, +919880436623

C&amp;L_December 2017 (1)

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

C&L_December 2017 (1)