CIO & LEADER-Issue-01-April 2018 (1)

Column
Cambridge Analytica Case: Look
Beyond The Scam Pg 10
Face Off
Is ROI Becoming Outdated For
Technology Investments? Pg 20
Volume 07
Issue 01
April 2018
150
Track technology Build business Shape self
When an
Enterprise
and a
Start-up Walk
into a room
Lessons from the community on how to
create a thriving partnership and grow
your business Pg 12
A 9.9 Group Publication

EDITORIAL
Shyamanuja Das
shyamanuja.das@9dot9.in
What
makes
them
tango?
T
“A real big
factor—and
arguably what
has changed
the game—is
the hyperscale
cloud providers
like Amazon,
Microsoft and
IBM bringing in
their partners."
The cover story this time focuses on how the
Indian corporates are working with start-ups
to derive business value, resulting in a winwin
for both.
But before you go to the hows, it is not a bad
idea to start with the whys—the imperatives of
what has made this change—being talked
about for long; but finally happening on the
ground only now.
So, why are large Indian companies putting
that extra effort to work with the start-ups now?
It is fashionable. Well, do not get shocked I
put it first. While it may not be the No 1 reason
while taking the final decision on a start-up collaborative
journey, it is often the No 1 reason to
get interested. Being part of the community, you
know quite well that this community is quite
hype driven. And start-ups are the current
hype. My apologies if this sounds
really mean. Let us go to some more
‘logical’ reasons.
Only start-ups can offer some of
the emerging technologies. Like it or
not, many of the new technologies such
as AI, machine learning, advanced
analytics, IoT and their applications
to specific verticals are available only
with the start-ups.
Start-ups are willing to walk that
extra mile. For a large enterprise user,
start-ups are keen to do the tweaking to
their solutions based on the actual need.
Both from business and reference point of view, it
makes tremendous business sense.
The cloud platforms are felicitating it. Another
real big factor—and arguably what has changed the
game—is the hyperscale cloud providers like Amazon,
Micosoft and IBM bringing in their partners.
Cloud has impacted the game in more ways than
one. It has ensured that a start-up focuses on its core
innovation and quickly plugs in horizontal APIs like
UX, security, analytics, even AI-based bots, already
available on the same cloud. So, go-to-market for the
solution is quicker and easier.
Cloud has minimized the needs of integration.
Earlier, a stand-alone solution required a lot of integration
services around itself, which was often not
available easily.
Finally, a cloud-based solution comes with the backing
of a big name. That gives a feeling of assurance.
Yet, the collaboration that is happening is still in
an experimental stage. If Indian enterprises accelerate
their transformation journey, they will continue
to need the start-ups. If that slows down for some
reason, the partnerships may be impacted too
April 2018 | CIO&LEADER
1

Column
Cambridge Analytica Case: Look
Beyond The Scam Pg 10
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
A 9.9 Group Publication
Face Off Volume 07
Issue 01
Is ROI Becoming Outdated For
April 2018
Technology Investments? Pg 20
150
Lessons from the community on how to
create a thriving partnership and grow
your business Pg 12
CONTENT
APRIL 2018
cover story
12-19 | When A Startup
And An Enterprise
Walk Into A Room
When an
Enterprise
and a
Start-up Walk
into a room
Cover Design by:
Charu Dwivedi
Please Recycle
This Magazine
And Remove
Inserts Before
Recycling
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Mediaworx Pvt Ltd. is
prohibited. Printed and published by Vikas Gupta for Nine Dot Nine Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir
Masjid, Delhi-110091. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 2013011
2 CIO&LEADER | April 2018

AROUND THE TECH
04-07
Why Do So Few CIOs Drive
Digital Transformation?
www.cioandleader.com
COLUMN
08-09
Is Hashgraph Better
Than Blockchain?
By Mohua Sengupta
10-11
Cambridge Analytica:
Look Beyond The Scam
By Shyamanuja Das
INSIGHT
26-27
Blockchain’s Red Hot
Indian Use Case: Invoice
Discounting
29
The Rise of
Cyptojacking in
2018
30-31
Blockchain’s Red
Hot Indian Use Case:
Invoice Discounting
Security
34-35
Is Security Secular
Across Industries?
MANAGEMENT
Managing Director: Dr Pramath Raj Sinha
Printer & Publisher: Vikas Gupta
EDITORIAL
Managing Editor: Shyamanuja Das
Associate Editor: Shubhra Rishi
Content Executive-Enterprise Technology:
Dipanjan Mitra
DESIGN
Sr Art Director: Anil VK
Art Director: Shokeen Saifi
Visualisers: NV Baiju & Manoj Kumar VP
Lead UI/UX Designer: Shri Hari Tiwari
Sr Designers: Charu Dwivedi, Haridas Balan & Peterson PJ
sales & marketing
Director-Community Engagement
for Enterprise Technology Business:
Sachin Mhashilkar (+91 99203 48755)
Brand Head: Vandana Chauhan (+91 99589 84581)
Assistant Product Manager-Digital: Manan Mushtaq
Community Manager-B2B Tech: Megha Bhardwaj
Community Manager-B2B Tech: Renuka Deopa
Associate-Enterprise Technology: Abhishek Jain
Regional Sales Managers
North: Deepak Sharma (+91 98117 91110)
West: Prashant Amin (+91 98205 75282)
South: BN Raghavendra (+91 98453 81683)
Ad Co-ordination/Scheduling: Kishan Singh
PRODUCTION & Logistics
Manager Operations: Rakesh Upadhyay
Asst. Manager - Logistics: Vijay Menon
Executive Logistics: Nilesh Shiravadekar
Logistics: MP Singh & Mohd. Ansari
Office Address
9.9 Group Pvt. Ltd.
(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.)
121, Patparganj, Mayur Vihar, Phase - I
Near Mandir Masjid, Delhi-110091
Published, Printed and Owned by 9.9 Group Pvt. Ltd.
(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.)
Published and printed on their behalf by
Vikas Gupta. Published at 121, Patparganj,
Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091,
India. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,
NOIDA (U.P.) 201301.
Editor: Vikas Gupta
April 2018 | CIO&LEADER
3

around
thetech
WhAT
CIOs are
tired of
hearing...
“The CIO
office is a
cost center”
Leadership
Why so few CIOs drive
digital transformation?
A recent research that we
conducted on digital transformation
in some of the core sector
companies in three of India’s top
business groups—Tatas, Mahindra
& Mahindra and Vedanta/Sterlite—
threw some interesting trends.
One of the few points on which
there seem to be a near-complete
consensus among digital leaders,
other CXOs and consultants is that
only a senior, dedicated executive
can drive digital transformation.
‘Dedicated’ is the keyword here.
The current thinking is that driving
digital transformation is a full-time
job. It cannot be just another KRA
for some executive!
It is not too difficult to explain why.
A typical transformation journey,
especially in a traditional business,
could involve a lot of time and focus
to prepare the organization before it
could leverage technology.
“60-70% of the transformation
journey is actually about bringing
a culture shift,’ says Nischal Gupta,
Chief Transformation Officer
at Sterlite Tech. Almost
all executives we spoke to
identified culture shift as
the toughest part of the
transformation journey that
requires undivided attention.
That can be manifested
in a lot of discussion with
other C level executives,
creating communication
programs for all employees,
branded programs and a lot
of similar stuff. Tata Steel,
for example, started with a
reverse mentoring program
where 16 senior executives
agreed to be reverse mentored
by the youngsters. There was
another program called Digital
Enthusiastic Exploration
Program (DEEP) that involved
60 people immersing in
technology. There was another
called Digital Darshan. All
these programs do require
considerable time and focus.
4 CIO&LEADER | April 2018

Around The Tech
By the Book
Based on an in-depth analysis of over
2,600 leaders drawn from a database
of more than 17,000 CEOs and C-suite
executives, as well 13,000 hours of
interviews, and two decades of experience
advising CEOs and executive
boards, Elena L. Botelho and Kim R.
Powell overturn the myths about what
it takes to get to the top and succeed.
Their groundbreaking research was
the featured cover story in the May-
June 2017 issue of Harvard Business
Review. It reveals the common attributes
and counterintuitive choices that
set apart successful CEOs—lessons
that we can apply to our own careers.
Much of what we hear about who
gets to the top, and how, is wrong.
Myth: Those who become chief executives
set their sights on the C-suite at
an early age. Reality: In fact, over 70%
of the CEOs didn’t have designs on the
corner office until later in their careers.
Myth: You must graduate from an
elite college. Reality: In fact, only 7%
of CEOs in the dataset are Ivy League
graduates--and 8% didn't graduate
from college at all. To become a CEO
you need a flawless résumé.
makingheadlines
The #DeleteFacebook hashtag has been doing the rounds on Twitter. As if to
add insult to the injury, users are now deleting their Facebook accounts. Tesla's
CEO, Elon Musk is the latest to join the bandwagon. He deleted his verified Facebook
pages for SpaceX and Tesla after being challenged by a user on Twitter.
However, the #deleteFacebook issue is a bit of a deja vu moment for the company,
which has been embroiled in a series of controversies for the last decade.
Almost eight years ago, an online event christened 'Quit Facebook Day' was
started by a group of dissatisfied Facebook users. Their site, QuitFacebookDay.
com, asked users to "commit to quit" Facebook on May 31 in 2010 by signing their
name or Twitter handle to the list of pledges. The reason was identical - most
users were concerned about the privacy of their data. However, the boycott was
a major flop after just over 30,000 of the site's 500 million users deleted their
Facebook accounts.
The gender gap in pay has narrowed since 1980,
but it has remained relatively stable over the past 15
years or so. In 2017, women earned 82% of what men
earned, according to a Pew Research Center analysis
of median hourly earnings of both full- and part-time
workers in the United States. Based on this estimate,
it would take an extra 47 days of work for women to
earn what men did in 2017.
Why does a gender pay gap still persist?
Much of the gap has been explained by measurable
factors such as educational attainment, occupational
segregation and work experience. The narrowing of
the gap is attributable in large part to gains women
have made in each of these dimensions.
But other factors that are difficult to measure,
including gender discrimination, may contribute to the
ongoing wage discrepancy.
gender
bender
April 2018 | CIO&LEADER
5

Around The Tech
Flip the Cart
matter of
twitter
Walmart Inc. is close to finalizing a deal to buy a majority stake in
India’s leading e-commerce company for at least $12 billion and
may complete the agreement in the next two weeks, according to
people familiar with the matter.
All the major investors in Flipkart Online Services Pvt are now
on board with the Walmart purchase, after an earlier debate over
whether to sell to Amazon.com Inc., said the people, asking not to
be named because the matter is private. Tiger Global Management
will sell nearly all its 20% stake in Flipkart, while SoftBank Group
Corp. will sell a substantial part of its 20 percent-plus holding, the
people said. Walmart will likely end up with 60 percent to 80% of
Flipkart, which will be valued at about $20 billion, they said.
Among the issues that still need to be resolved are what happens
to Flipkart’s founders and who will lead Flipkart after the purchase,
they said. The amount each existing investor sells and the
size of Walmart’s final stake still need to be finalized, they said. It’s
also possible that terms will change or the talks will fall apart.
If completed, the deal would give Walmart a substantial foothold
in an emerging market.
Vital
Statistics
Is the GDPR
applicable
to you?
*Note –the responses to these questions should be
evaluated based on the facts and circumstances in
your organization and discussed with legal counsel.
Three key questions to assessment applicability
1
Are you or your service providers
a processor or controller located
in the EU (e.g., do I have an
affiliate organization in the EU)?*
Yes
Yes
GDPR applies
Yes
No
2 Are you or your service providers a
processor or controller that offers
goods or services in the EU (e.g., do I
offer payment services in England)?*
No
Are you or your service providers
a processor or controller that
monitors behavior in the EU (e.g.,
am I a third party that monitors
credit card balances in France)?*
GDPR may apply
No, I do nothave any entities, subsidiaries or affiliate organizations residing within the EU.
No
No, I do nothave any business activities in the EU, including those of third parties.
No, I do notmonitor behavior or process data of anyone residing within the EU.
Questions to consider include (but are notlimited to):
• Do I have any plans or aspirations to do business in the EU in the future?
• Do I process data of EU citizens who reside in the US?
Source: E&Y’s GDPR: demanding new privacy rights and obligations
6 CIO&LEADER | April 2018

Around The Tech
Four lessons to learn from
Facebook Analytica fiasco
The world's biggest social network is at
the center of an international scandal
involving voter data, the 2016 US presidential
election and Brexit.
Damaging consumer trust
The latest data ‘breach’ comes amid
growing discontent around how consumer
behavioural data is being used
to deliver controversial, harmful or
extremist content to consumers not
only across the Facebook platform,
but also sites on such as YouTube.
Data access versus targeting
As brands look to increasingly
hypertarget consumers through
behavioural data, there are also growing
community concerns about the
significant influence they could have
on consumers. Certainly in the political
sphere, this can be seen from the
alleged claims of Russian interference
in the 2016 US Presidential Election,
as well as Cambridge Analytica’s
impact on Brexit.
This data was shared with Cambridge
Analytica in breach of Facebook’s platform
policies. Facebook admitted in its
statement that it became aware of this
unauthorized use in 2015, and subsequently
asked Cambridge Analytica to
delete the data. Facebook did not see fit
to alert users about this use of their data
and took very limited steps to secure
the data, by seeking certifications that
the information had been destroyed.
Issues for data protection law
This entire affair raises two important
questions about data-protection laws
globally, and particularly for countries
like India that are in the process
of framing their laws on privacy
regarding data protection.
First, the delayed and limited actions
taken by Facebook, upon becoming
aware of the unauthorized sharing of
data, raise questions about how such
breaches may be regulated. The claim
by Facebook that this was not a data
breach is premised on the other claim
that data was harvested in a legitimate
manner after obtaining consent from
the users. This is reminiscent of several
data-security incidents in India, where
public collectors of data have claimed
that by securing only one key point in
a data ecosystem and ignoring others,
they have adequately discharged their
data-security obligations
Rethinking privacy principles
Data-protection laws emerged in a
world that saw a preponderance of
volunteered data. However, as the
bulk of the data collected and traded
is either observed or inferred, it raises
serious questions about whether
these traditional frameworks remain
meaningful. The idea of privacy as
control is what finds articulation
in data-protection policies across
jurisdictions beginning from the
Fair Information Practice Principles
(FIPP) in the United States.
April 2018 | CIO&LEADER
7

COLUMN
By Mohua Sengupta
Is Hashgraph
the Technology
of the Future?
It definitely addresses critical
challenges that Blockchain has
been grappling with
T
The author is EVP & Global Head of
Services, 3i Infotech Ltd.
The most popular questions in the
technology world today is most
definitely the one on whether
Hashgraph is better than Blockchain.
The life and credibility of the
Blockchain is being questioned and
Hashgraph is being predicted as the
technology of the future.
While it is difficult to predict whether
Blockchain is a thing of the past
and whether Hashgraph is the final
answer, one thing is sure, Hashgraph
definitely addresses a lot of the critical
challenges that Blockchain has been
grappling with, the challenge of speed
of processing, the challenge of fairness,
and the huge challenge of requiring
multiple industry regulators to
come together.
Hashgraph can process 250000+
transactions per second as opposed
to Blockchain’s 7 transactions per second.
Hashgraph is fast because it uses
Gossip protocol to spread messages to
the network and also performs some
optimization of the gossiped messages
to reduce the communication
overhead. One other reason behind
this speed of Hashgraph is because
Hashgraph today uses private, permissioned
networks.
Coming to fairness, the main challenge
of Blockchain is its dependence
on miners. There could be forking
and delay because of the actions of the
miners, who can manipulate the process.
Since Hashgraph is based on consensus
and time stamping, it’s faster
and more accurate. The Virtual Voting
Consensus Algorithm of Hashgraph,
which was invented by Dr. Leemon
Baird, makes it straightforward to
know how a node would vote and this
data can be used as an input to the voting
algorithm and to find whichever
transactions have reached consensus
quickly, thus making it more fair.
I feel that one of the biggest challenges
for Blockchain to be a commonly
used technology, is the need
for multiple industry regulators to
come together and set regulations
which will cut across industries. As I
have said before, a Blockchain, or for
8 CIO&LEADER | April 2018

Column
As Distributed Ledger Technologies move beyond the POC stage to
actual implementation stage, we will see even faster evolution
that matter any DLT is beneficial only
when the chains are big or integrated
to each other. While it’s not really a
technical challenge, given the water
tight compartments of today, it’s an
enormous roadblock to overcome
for a DLT. Hashgraph is planning to
overcome or partially address that
challenge by way of their 39-member
council. If run properly it will take
care of enabling cross-industry discussions
and regulations.
Added to this, Hashgraph’s security
is also claimed to be better than that of
Blockchain. Hashgraph has been proven
to be fully asynchronous Byzantine.
This means that it doesn’t make any
assumption about how fast messages
are passed over the internet and
this makes it resilient against DDoS
attacks, botnets, and firewalls. While
the security in Blockchain was never a
challenge, the Byzantine Consensus of
Hashgraph makes it stronger.
While Hashgraph does seem to
have quite a few advantages over
Blockchain, we cannot say that
Blockchain is a thing of the past and
Hashgraph is the new technology
of the future. I can only predict that
Distributed Ledger Technology (DLT)
is the way to go, but whether it will be
Blockchain or Hashgraph or Tangle
or any other DLT, only time can tell.
They are all evolving and evolving
very fast. As Distributed Ledger
Technologies move beyond the POC
stage to actual implementation stage,
we will see even faster evolution. So
it’s very hard to predict which DLT is
here to stay because tomorrow is truly
another day!
April 2018 | CIO&LEADER
9

COLUMN
By Shyamanuja Das
Cambridge
Analytica Case:
Look Beyond
The Scam
While the scam may be the immediate
news, the episode should also serve as a
wake-up call for businesses
T
The author is Managing Editor
at CIO&Leader
The Indian media, like its counterpart in
the West, has focused on the supposed
‘scam’ involving Cambridge Analytica
(CA), the UK-based big data firm that
helped in Donald Trump’s victory
through big data analytics.
The controversy started with a remark
by its now-ousted CEO Alexander Nix,
made to undercover Channel 4 News
reporters about how elections can be
influenced through what is very clearly
unfair means, even while taking a
public posture that the company does
not cross the line of ethics. This came
after New York Times and The Observer
published how a UK-based company
Global Science Research (GSR), hired
by Cambridge Analytica, created an
app and collected data from millions
of Facebook users, in what Facebook
claims to be ‘in violation’ of its policies.
Rest assured, we have a lot to see in the
days to come. With GDPR kick-off date
just about two months away, a lot of that
debate may focus on data privacy with
Facebook too as a target. Facebook CEO,
Mark Zuckerberg, has been warned
by authorities in the U.S and Europe
for a possible testimony. Indian IT and
communications minister, Ravi Shankar
Prasad has also warned Facebook of
stringent actions if any wrongdoing
is discovered.
Role in Indian Elections
Prasad’s warning comes after it emerged
that Cambridge Analytica had been
active in India too.
“CA was contracted to undertake an
in-depth electorate analysis for the Bihar
Assembly Election in 2010. The core
challenge was to identify the floating/
swing voters for each of the parties and
to measure their levels electoral apathy,
10 CIO&LEADER | April 2018

Column
a result of the poor and unchanging
condition of the state after 15 years
of incumbent rule. In addition to the
research phase, CA were tasked to
organise the party base at the village
level by creating a communication
hierarchy to increase supporter
motivation. Our client achieved a
landslide victory, with over 90% of
total seats targeted by CA being won,”
the company’s website says.
The 2010 elections in Bihar was won
by Nitish Kumar’s Janata Dal (United)
against Lalu Prasad Yadav’s RJD, bettering
their tally in the previous elections.
Interestingly, CA was established
by its parent company, Strategic
Communications Lab (SCL) in 2013.
However, according to a report by the
website thewire.in, SCL worked with
a Ghaziabad-based company, Ovelene
Business Intelligence (OBI), run by
Amrish Tyagi, the son of senior JD(U)
leader KC Tyagi.
“OBI is Cambridge Analytica’s go-to
company on the ground in the Indian
subcontinent,” says thewire.in report. It
quotes Tyagi junior who explains that
being partners, they can use each other’s
experience while making a pitch.
This suggests that the work in 2010
Bihar elections was carried out by OBI.
What it means is that full five years
before Prashant Kishor’s ‘famed’
election strategy and execution for
JD(U)-RJD’s landslide in 2015 Bihar
assembly elections, the Big Data game
was very much there in India.
With India’s—and specifically
Bihar’s—demographic reality,
Facebook could have helped a little.
So, it is primarily data analytics that
can be credited for this successful show.
I think that is something that is a
takeaway from the entire episode. That
Indian political parties were already
doing this by 2010, full six years
before Trump won using ‘Big Data’
in the US.
It is now well-known that prime
minister Modi too relied on data
analytics (interestingly, same
Prashant Kishor) in his 2014 Lok
Sabha elections. Maybe, he did that
earlier in Gujarat elections too.
In 2009, a strongman in a regional
political party in Eastern India
(who later fell out with his leader)
used scientific data collection and
juxtaposing that, with publicly
available data, such as Census data
and data from National Sample
Survey Organization, to create
successful election strategies for his
party. The party severed its ties with
one of the national parties and came to
power on its own in the elections.
So, even in the muddy, free-for-all
politics in India, political parties have
started relying on data analytics,
using both scientific data collection as
well as making good use of publicly
available data.
According to report by
Moneycontrol.com, Cambridge
Analytica itself had started focusing
on the 2019 General Elections by
being “in talks with a large opposition
party in India” and had even made a
presentation to the party in August.
The report says it had “etched a datadriven
strategy to target voters on
social media, analyzing online user
behaviour and connecting the dots
across different citizen databases.”
Where businesses lag
All this raises an obvious question.
Does this mean political parties are
ahead in the Big Data game?
In terms of usage of analytics tools,
probably not. But one of the areas
where political parties seem to have a
clear lead is in using open data—or any
publicly available data, for that matter.
There could be four major sources of
data for a business:
1. Internally available data
2. New data collected through custom
research
3. External data available publicly free
or for a price and now
4. Social media data, which is updated
in real time.
Out of the four, businesses have been
focused mostly on the first two while
Many
businesses
think unless
they throw some
big money and
hire a big name
to spend some
time with, they
cannot get any
value out of
their data
the fourth has been the Holy Grail. But
most of them have ignored the third
one—publicly available data, that can
add immense value to the businesses
if analyzed in conjunction with their
internal or research data.
The social sector has been doing a lot
of work using that data.
“Many businesses think unless they
throw some big money and hire a big
name to spend some time with, they
cannot get any value,” says a digital
marketing executive and an open data
enthusiast, rather bitterly.
The whole thing provides the
businesses with an opportunity to open
their eyes to the possibilities that the
political parties have already sensed.
You do not have to steal data for
that. You just have to think outsidein.
Interestingly, the ability to do that
has come as a strong pre-requisite
for the digital leaders, in a research
we have just completed on digital
transformation in Indian companies.
You may make or get amused by
a smart, sarcasm-laden Twitter
comment and move ahead, but it is
also not such a bad idea to pause a bit
and focus on the possibilities
April 2018 | CIO&LEADER
11

Cover Story
12 CIO&LEADER | April 2018

Cover Story
How to create a thriving partnership and derive
business value, resulting in a win-win for both.
By Shubhra Rishi
This month, Bhavish Aggarwal made it to Time's 100 list: a list of 100
most influential people in the world. There are very few people in IT
circles who don't know Aggarwal. He is the co-founder and CEO of
Ola Cabs, who gave India its first app-based taxi service. The startup
idea may not have been unique because it was almost a year after
Uber (formerly UberCab) had already launched (March 2009) in California,
United States but it still gave urban Indians the convenience and comfort of
ordering a cab service on a mobile app. Since then, the Indian tech industry has
never been the same. The last decade may have seen the rebirth of the start-up
ecosystem in the country with a more sustainable business model in the form
of venture capital.
According to a Nasscom Start-up Report published last year, over 1,000 new
starts-ups joined the start-up ecosystem in 2017, taking the total number of technology
start-ups to nearly 5,200. The B2C focused start-ups like Ola Cabs, have
always found favor in the form of funding and have continued to garner 1.5x more
average funding value vis-a-vis B2B start-ups, which increased from 27% in 2016
to 31% in 2017, according to the report.
However, the year 2017 is illustrative of a trend that has been in the making for
the last few years. A trend that has observed an exponential growth of start-ups
with B2B focus - with more than 47% of start-ups out of the 1,000 selling technology
to enterprises. According to the report, this share of B2B start-ups was higher
than B2B share in the overall start-up base of 40 percent. Clearly, the enterprise
product emerges as the top vertical for B2B start-ups, followed by fintech, health
tech and e-commerce.
Not every
start-up idea
must result in
a big business
opportunity;
some can be
just strategic
initiatives
April 2018 | CIO&LEADER
13

Cover Story
According to Gartner's 2014 agenda,
The IT core — infrastructure, applications,
information and sourcing — was
built for the IT past. CIOs report much
of their new technology spending going
towards improving core systems and
capabilities and needed renovations to
ensure fit for purpose and being “digital
ready” include moving to a more
loosely coupled “postmodern-ERP”
paradigm, deploying public and private
clouds, creating the information
architecture and capabilities to exploit
big data, and augmenting conventional
sourcing with more innovation, including
sourcing from, and partnering
with, smaller and less mature enterprises.
By "partnering with, smaller
and less mature enterprises", Gartner
was referring to SMB/start-up engagement
and agile development as a solution
to addressing the dual need to
simultaneously renovate the core of IT
systems and services, and exploit new
technology options.
A few years ago when we spoke to
enterprise CIOs in India they didn't
seem kicked about the benefits of working
with technology start-ups. One of
For a startup,
working on a
technology problem
is one thing, but
creating a business
case is another.
Kamal Karnatak
Group CIO, RJ Corp.
the main reasons for this reluctance to
give B2B focused start-ups a chance was
the lack of trust in the start-ups' ability
to sustain themselves. A success or sustainability
of a start-up or a unicorn was
but a candle in a wind for an enterprise
CIO. Even if the start-up could prove the
viability of its product, the enterprise
CIO was unable to prove it to business.
A lot of enterprises conducted
pilots with start-ups (and still do) but
wouldn't talk about it. Some of these
CIOs belonged to innovation-centric
organizations where they believe
that they can learn a great deal from
start-ups, and inculcate or maintain a
culture of openness and change within.
These enterprises and their CIOs
were the early adopters of this trend,
and the ones who built a framework
early on that allowed them to work
with start-ups in the best possible way.
However, these organizations kept
this 'relationship' a low key affair until
it became fashionable to talk about
the 'association'- and until the digital
transformation wave hit them hard.
The folks at Bajaj Auto were way
ahead of the curve.
#When an enterprise
can work with a start-up
and not worry about its
sustainability or financials
Organization: Bajaj Auto
Start-ups: Universal Robots,
GladMinds, Altisource
Outcome: Achieve
automation, and efficiency
improvement
A start-up may not be
able to create a legible
business case. That's
where enterprises can
play a huge role
A 72-year old flagship brand of Indian
conglomerate Bajaj Group, Baja Auto
is one of largest two-wheeler and
three-wheeler manufacturer in the
world. Despite being one of the oldest
family run businesses in India,
innovation has always been part of
the company's DNA. The company's
engagement with start-ups began in
2010 when they realized the need to
automate and digitize their assembly
lines. The company deployed cobots or
collaborative robots, a patented technology
offered by Universal Robots,
a Danish manufacturer that has just
launched UR5, a six-jointed articulated
arm robot and was expanding
its base in Europe, and didn't launch
business in India until 2016.
According to Pradeep David, CTO
at Universal Robots, Bajaj Auto saw a
gradual rise in the productivity and
efficiency in their production. It also
increased the productivity of their
employees along with their product
quality. As a result, employees could
easily program and set up these low
cost robotic arms with 3D visualization.
The actions of the robot are controlled
and programed by a touch pad
or by simply moving the robot arm to
show the desired path of movement.
The three-wheeler manufacturer
has deployed over 150 cobots since
2010 and is now among the largest
motorcycle manufacturer in the
world. They are of the view that the
added benefits of the cobots are easy
use, very low annual maintenance and
higher energy efficiency.
Vikas Sawhney, General Manager
Engineering (Robotics and Automa-
14 CIO&LEADER | April 2018

Cover Story
Sometimes
you don't see the
problem till an
outsider comes and
shows you a better
way of doing it.
Rajeev Jorapur
VP-MIS, Bajaj Auto
tion) at Bajaj Auto, who oversaw the
deployment, said of the implementation
that they chose Universal Robots
primarily due to the collaborative
nature of the robots. "The key benefits
of Universal Robots’ products such
as their compactness, low pay back
period, flexibility, light weight, costeffectiveness,
accuracy and their safety,
is what ultimately convinced Bajaj
Auto about the suitability of Universal
Robots for its standardized offerings,"
said Sawhney.
Universal Robots wasn't the only
start-up that Bajaj Auto worked with.
According to Rajeev Jorapur, VP-
MIS at Bajaj Auto, start-ups offer an
exciting model of partnership that is
very difficult to get from most other
partners. Their focus is on the task
and to make it happen. They are
driven by passion and are more entrepreneurial
in nature.
"Most start-ups are sharply focused
and they don't have width that you
expect with more established companies.
Thus, you must carefully choose
them with the purpose you have in
mind. We won't be worried about their
sustainability or how strong they are
financially. We believe we would be
able to handle that part," said Jorapur.
The automaker was looking to simply
the manual process of sending the
service coupons to Bajaj Auto every
time the customer visited the dealer
for vehicle servicing.
Jorapur said that it was crucial for
the manufacturer to carefully record
the timeframe within which the vehicle
was brought in for servicing. In the auto
world, customers must get their new
vehicles serviced within a month of purchase
in order to ensure that the product
has a long run. There was no way of
knowing whether the customer or the
dealer followed the process completely.
With this resolve in mind, Bajaj Auto
went through careful assessment and
selected GladMinds Technologies, a
cloud based start-up providing CRM
services. After the deployment of the
solution, the paper-based coupon
system was replaced by a unique digital
token system and was given to the
customer every time he/she brought
his/her new vehicle for servicing at the
dealer's shop.
Jorapur said that sometimes you
don't see the problem till an outsider
comes and shows you a better way
of doing it.
In 2015, the automaker partnered
with an IoT start-up.
At the time, a lot of manufacturing
processes at Bajaj Auto were
performed by external vendors at the
company’s assembly plants. A vendor
would communicate the production
details at a pre-decided frequency but
if machines could tell how they were
performing without human interaction,
not only would the manual effort
at collecting information would go
away and info would come directly
from machines and would be more
timely and reliable than somebody
communicating it.
“With this hypothesis, we
approached the start-up, who helped
us eliminate the manual channels and
helped us plan our maintenance in a
more robust manner,” said Jorapur.
In the last four years, the company
has evaluated over 50 start-ups, performed
POC on 10 start-ups and are
closely working with five start-ups on
fully operational projects.
“Most of our time is consumed in
conducting background checks, financial
analysis and performing due diligence
– that is where most of our effort
and energy is spent,” said Jorapur.
#When an enterprise and
a start-up can work together
on resolving specific
business problems
Organization: ONGC
Start-ups: Undisclosed
Outcome: Inculcate
innovation in business and
eliminate critical business
problems
Some start-ups are only interested in increasing their
own evaluation. You must gauge the motive of such
organizations early on
April 2018 | CIO&LEADER
15

Cover Story
The Rise of the B2B start-ups
B2B v/s B2C focus on start-ups
B2B v/s B2C focus across verticals
Source: Nasscom-Zinnov Start-up report 2017
2017
Total base:
5000-5200
2016
77%
2017
New start-up
additions: 1000
B2c
B2B
73%
40%
13% start-ups both B2B & B2C
14% start-ups both B2B & B2C
59% 47%
6% start-ups
both B2B & B2C
37%
B2B share from
34%in 2016
Verticals
Aggregators/eCommerce
Enterprise Product
Health-Tech
Fintech
Food Tech
B2c
92% 19%
1%
100%
87%
26%
70%
49%
98%
8%
B2B
In 2016, ONGC launched an INR 100
crore Start-up fund to foster, nurture
and incubate new ideas related to oil
and gas sector. The aim of the ONGC
Start-up initiative is to provide the
entire support chain for start-ups
including seed capital, hand-holding,
mentoring, market linkage and followups.
It is also to increase the contribution
of fresh implementable ideas in
the oil and gas sector. ONGC had also
set-up a dedicated portal to take this
initiative forward.
The company invited technology
start-ups to submit their proposals
for business cases (purely business
related or with IT intervention) on the
portal. “There were 70-80 business
cases and they were left to select one or
more based on their area of expertise,”
said Alok Khanna, Executive Director
– IS, ONGC.
After a tedious selection process
of evaluating the proposal comprising
a three tier interview process where
start-ups showcased their technical
and financial viability, the company
selected around 11-12 start-ups to
work on specific business problems.
“One major advantage of working
with start-ups is that they work dedicatedly
on your business case
and if the project succeeds, then the
company will sponsor the project
for a full blown implementation.
What enterprise lack in domain
knowledge, start-ups have in abundance,”
said Khanna.
“Budgeting and funding a start-up
is not an issue— once you have committed
to working with the start-up,
even if IT doesn't have the implementation
budget, business does, and will
fund the project,” he added.
End result: even if 20% start-up
projects are successful, it means that
we have been able to cut down our
business problems.
“We won’t be able to share specifics
of start-ups as all these projects are at
different stages of implementation,”
said Khanna.
#When an enterprise
and a start-up can work
together to improve the
speed of execution of IT
Organization: RJ Corp
Start-ups: Undisclosed
Outcome: Improve
productivity and efficiency
The Gurgaon-based drinks and foods
group RJ Corp is a USD1.1 billion conglomerate.
Its flagship brand, Varun
Beverages is Pepsico’s second-biggest
bottler and its fast-food outfit Devyani
International has 500 retail outlets for
Even if 20% start-up
projects are successful, it
means that we were able
to cut down our business
problems significantly.
Alok Khanna, Executive Director – IS,
Oil and Gas Corporation (ONGC)
16 CIO&LEADER | April 2018

Cover Story
brands such as KFC, Pizza Hut, Costa
Coffee and TWG Tea.
With multiple brands at disposal,
there is no dearth of opportunity for
the company to improve the productivity
and efficiency of its vast-spread
businesses. There is also a huge scope
of innovation at the heart of RJ Corp
and the company believes in quick
decision- making when it comes to IT.
According to its Group CIO, Kamal
Karnatak, it has been collaborating
with start-ups in the areas of data analytics,
video analytics, machine learning
and artificial intelligence, for the
last three years.
“It doesn’t matter if there was
an IT project or not or if we had the
budget for it but if you can create a
business case, you can implement the
idea.” Karnatak , who is a pursuing
a research doctorate from IIT, Delhi,
has a long history of association with
start-ups, and mentors them from
time to time.
“An advanced start-up is always
looking for a means to enter the enterprise
market. They are ready to experiment,
learn and understand your
business, as well as gain exposure of
their own solution,” said Karnatak.
When it comes to working with
start-ups, the conglomerate’s only
motive is solving business problems
quickly - within a short span of six
months to one year.
“Unlike traditional partners who
spend a lot of planning and excuting a
project, a start-up takes less than half
of that time. Some start-ups are only
interested in increasing their own
evaluation. You can gauge the motive
of such organizations,” said Karnatak.
Take for instance, the conglomerate
was using an old analytics platform to
generate reports. However, their Area
Sales Manager (ASM) didn’t have
access to the platform due to huge
licensing costs. To solve this problem,
they worked with a data analytics
start-up who provided a platform that
not only granted access levels to ASMs
but enabled an analytics interface to
generate these reports.
Similarly, the company also worked
with a machine learning/ AI start-up
to help them predict the sale of next 14
days with an 85-90% o accuracy rate.
With the Nike brand, the company is
trying to measure the sales per store
using the same start-up. This is evident
of the fact that the same start-up
was able to find multiple use cases
within the same organization.
In their work with a video analytics
start-up, the primary purpose was to
track footfalls in a single store. However,
Karnatak asked the start-up to
help them gather more data on their
customers – the time they spend in the
store, the ratio of male to females who
We regularly reach out
to new and innovative startups
via referrals, technology
forums, incubators and
innovation summits.
Nitin Chugh
head-digital banking, HDFC Bank
Start-ups should not
compromise on their
business ethos and cultures
went for trials, etc – and integrate it
with the sales system.
“We are internal sellers for startups,
and we need to make sure that
we are able to mould the start-ups
and help them create a typical business
case that will generate business
value,” said Karnatak.
In short, “If I can show the value of
5 crore, I can get a budget allocation of
1 crore,” he added.
#When an enterprise
and a start-up can work
together and grow together
Organization: HDFC Bank
Start-up(s): Niki.ai
Outcome: Create new
channel for doing business
and improve customer
experience
HDFC Bank launched a new Facebook
Messenger chatbot, OnChat. It was
created in partnership with Niki.ai, a
2015 AI start-up. The chatbot can help
customers pay utility services like
bill payments and mobile recharges,
make cab, bus and movie bookings.
So far, the largest private sector bank
has observed 160% month-on-month
growth in transactions since its launch
in December 2016, and has over 2.4
million messages.
The number of repeat users, which
is close to 34%, further bolsters the confidence
in conversational banking. The
Messenger chatbot also opened up yet
another channel for customer acquisition,
with nearly 25% of OnChat users
being non-HDFC Bank customers.
April 2018 | CIO&LEADER
17

Cover Story
Collaborating with a start-up, if the business can
show the value of INR 5 crore, it can get a budget
allocation of INR 1 crore
Niki.ai is not the bank’s first
engagement with a start-up. The
bank started recruiting start-ups
three years ago and has a clear
selection framework in place that
makes it easier to weed out solutions
that don’t fit the bill.
“We regularly reach out to new
and innovative start-ups via referrals,
technology forums, incubators and
summits. Every year, we invite over 50
start-ups to a technology theme-based
Innovation Summit. Niki.ai along
with 10 other start-ups, was chosen
through a multi-layered selection
process,” said Nitin Chugh, headdigital
banking at HDFC Bank.
“We have implemented another
chatbot for employees, on our website,
and these chabots have offered us
great customer insights and learning
experiences. With OnChat, we thought
if customers are spending more time
on Facebook messenger, can the bank
be there?” added Chugh.
The chatbot implementation with
Niki.ai isn’t a one-time engagement.
The start-up will continue to relevant
insurance, banking, and stock broker
use cases to strengthen its natural
language processing capabilities
that will help in cross-selling and
up-selling to their customers.
Last year, Niki.ai released a
Software Development Kit (SDK) for
businesses to enable conversational
commerce on their mobile and web
apps. Since then, the start-up has
garnered a lot of interest from
multiple enterprises.
According to Sachin Jaiswal,
Co-founder and CEO, Niki.ai, “HDFC
is a progressive organization. Any
kind of validation that a client gives
to its service provider is a big deal
because it builds credibility and
builds our business."
Especially, if the service provider is
a start-up.
It is true that enterprises aren’t
comfortable with sharing names of
the start-ups that they work with
– until after the implementation.
Understandably, most organizations
would rather share a success story
Working with
large enterprises
requires start-ups to
have a better cash
flow and ensure that
their product quality
is great, especially
when you are trying
to scale
Sachin Jaiswal
Co-founder and CEO, Niki.ai
rather than a failed implementation.
In 2017, the start-up mortality rate was
20% to 25%., with a majority of them
closing down within 1.6 to 1.9 years
of inception.
The last three years have taught
Jaiswal a few lessons too.
He said, "before you interact with
the client, a start-up must ensure:
Whether you understand the market
Whether there is a need for the
product
Timeline, effort, cost estimate, mark
up client is willing to pay."
“Most start-up players go with an
open mind. However, it helps to be
confident about the maturity of their
product before you approach a large
scale organization. There will be
companies willing to experiment with
a less than mature start-up, but the
probability will be lesser,” he added.
“Working with large enterprises
requires start-ups to have a better
cash flow management process and
ensure that their product quality is
impeccable if, as a start-up, you are
trying to scale. That fundamental
hasn't changed. You have to realize
that what is the market that you are
after and you have to cater to that
market,” said Jaiswal.
Additionally, Jaiswal said that
start-ups you must have a clear cut
understanding of what their business
model is. “If you are a client servicing
business, you will latch on to every
opportunity that will add to your
top-line but if you are a technology
provider, then you must know when to
exit the conversation.”
The truth is, it is the people
18 CIO&LEADER | April 2018

Cover Story
working in the start-ups that make
them attractive to large enterprises.
CIOs are always looking for a fresh
wave of talent among their midst,
which helps them to innovate, to
inspire internal employees, and to
implement a technology product in a
short span of time.
Despite the pressure of digital
transformation and the compelling
need to work with start-ups, large
enterprise CIOs need to be certain of
a start-up's intention. Organizations
should be able to gauge that early on
if it is just a marriage by association.
Many a times, a start-up may display
lack of transparency based on past
experiences of having been taken
advantage of, which makes it difficult
for them to accurately assess a startup’s
product or service, and may
ultimately, face rejection.
It is the job of the start-up to
understand the requirements of
the business. Most start-ups are
rejected because of their failure to
present a viable business case for the
organization. In situations like these,
it is the CIO's or the business head's
prerogative to advise and mentor the
start-up in a direction that helps them
to churn out a success story.
All said, a leap
of faith goes a
long way in any
partnership
Like HDFC Bank, many large
organizations host competitions,
hackathons, and events for start-ups
around a particular technology or a
theme. These events provide the
right kind of exposure and the
opportunity to interact, meet faceto-face,
and display maturity that
opens doors to new relationships and
business partnerships.
In the last three years, digital
transformation has been the driving
force for many large organizations to
seek greener pastures for talent, ideas
and technology. As a result, CIOs and
their organizations are opening their
doors to innovation and new forms of
collaboration with start-ups.
Companies such as RJ Corp,
Bajaj Auto, HDFC Bank, and ONGC,
are only a few examples of large
organizations that are committed to
working with start-ups and in the
last 3-4 years, have kept a consistent
dialogue with the start-ups that they
have worked with in the form of
product upgrades, new business, and
building relationships with them.
Start-ups also should understand
that they must preserve their business
models and stay true their DNA. A
lot of organizations employ the same
tedious assessment process that they
do for other technology partners. As a
result, they expect start-ups to tow the
line and adjust to implementing a little
'extra' on the side. In such cases, startups
must be clear about the business
they are in, and how must they are
willing to accommodate. However, a
lot of start-ups also see this as a form
of additional business opportunity
that will help them mature their
products and make them more
attractive to big customers.
Start-ups have to overcome their
fear of being let down. Many complain
that they are made to work with teams
at large organizations that pose as
innovation centres, and the technology
solution never sees the light of day.
Therefore, organizations and
start-up must clearly define this
We have a total
of 70 clients in
India; Bajaj being
our number one
client with having
deployed 150 so
far. They have been
buying cobots since
2010. Thanks to
them, the top 5 twowheelers
are using
our technology.
Pradeep David,
CTO, Universal Robots
partnership and set up deadlines
for product planning and execution
– even if it means shorter timelines
for a 3-month long technology
implementation. Large organizations
must also appoint people who
understand the start-up ecosystem
and work towards building trust and
creating continuous engagement.
Partnerships demand a lot of time
and investment. Therefore, once you
take the plunge, start-ups and large
enterprises must work together to
sort out their differences at every step
of the way, respect boundaries, and
co-develop innovative new solutions
that better serve their customers – just
like a dream team playing to win
April 2018 | CIO&LEADER
19

FACE OFF
// Is ROI becoming
outdated for technology
investments?
For years, IT leaders have treated
Return on Investment (ROI) as
testament of a successful IT initiative.
For most CIOs, realizing a hard ROI
wasn’t always easy and it wasn’t
necessary that every implementation
had to result in a profit or a loss. In
many cases, companies or CIOs can
find that there isn’t any significant
or tangible ROI associated with an
implementation. These limitations can
result in professional embarrassment
for the IT leader.
Over the years, businesses have
gradually realized the importance
of strategic investments without
expecting any considerable tangible
gains. In the digital era, however, the
return on technology investment is
calculated unlike the standard way of
estimating ROI.
Take for instance; value over
investment (VoI) is more of a pay per
Quick View
Ajay Kumar Meher, says, in
the age of digitalization, ROI is no
longer calculated the same way it
used to be earlier
use model. So, organizations
today are paying based on
their usage of a technology,
and replacing it with a
superior option in case
they get a better or cheaper
technology at any moment
Ajay Kumar
Meher
SVP & Head, IT
& Post Production,
Set India Pvt. Ltd.
of time. With the easy exit
option available, these investments
are broadly driven by ‘value’ of the
investment rather than ‘return’
on investment.
The other type of ROI that digital
organizations are investing in today
is known as futuristic investments.
These investments are made primarily
to build the digital backbone of
an organization, and to enable
business. Business enablement-based
investment in digital technologies
such as machine learning, Robotics,
big-data or IoT, can result in revenue
growth opportunities.
The purpose of ‘building the digital
backbone’- type of investments, is
primarily to strengthen the core of
an organization. This is to say that
organizations should look at this as a
capability enhancement tactic rather
than a ROI based investment.
The truth is technology investments
should be strategic, and not tactical
"The ROI
on tech is
calculated
unlike the
standard way
of estimating
ROI"
20 CIO&LEADER | April 2018

Face Off
Ashok Jade
CIO, Shalimar
Paints
"ROI is
still a valid
framework
to gauge
technology
investments"
Shalimar Paints has more than a
century-old legacy and rich heritage.
It was established in 1902, and is
country’s first paint company in the
field of paints and coatings. Being
the oldest paint company, it was
very essential for us to use technology
to our advantage in order to
compete in the market. The successful
use of technology has always
benefited us to remain in market
despite tough competition.
If we look back to the journey of IT
transformation in Shalimar Paints
for the past couple of years, we spent
initial years strengthening our core
systems like ERP and our core business
processes. As ERP aged, we
started investing in systems such
as CRM, PLM and so on, and our
journey further moved towards new
technologies such as Mobility, Analytics,
BPM, Cloud etc. Today, we
have started evaluating how we can
invest in IoT, VR and get business
ahead of completion.
Last financial year was the year
of digitization for Shalimar Paints.
Our IT investments have increased
more on new technologies while
balancing core systems such as ERP
and CRM.
Today, there isn’t much difference
between innovation and enterprise
IT projects. However, innovation
projects demand more freedom
to fail than business-as-usual infrastructure
projects. I believe that ROI is
important for both, and its relevance
while making technology investment
decisions helps a lot. Take for instance,
investing in IoT may not give you
Quick View
Ashok Jade, CIO, Shalimar
Paints, says, ROI on tech
investments can be in the form
of intangibles
immediate result but once the entire
ecosystem is integrated around IoT
then we will certainly create more benefits
and business value…
I believe that ROI is still a valid framework
to gauge technology investments.
My experience is that many people do
not define exact meaning of returns.
The ROI could be in different forms
such as profit or cash or even in other
forms such as efficiency, productivity,
customer delight and so on… CIOs
should able to convert these in some
measurable form or numbers.
However, I do agree that ROI cycles
have become shorter and technology is
one of the reasons for this. Technology
has changed market dynamics. As a
result, every organization wants to be
ahead of competition
April 2018 | CIO&LEADER
21

POINT OF VIEW: Ctrl-S
“Over 200 innovations
led to the creation
of the most energy
efficient data center”
An interview with Sridhar Pinnapu Reddy, Founder &
CEO, Ctrl-S, on the launch of Tier 4 DC in Bangalore
C
CtrlS Datacenters has launched a Tier-4 Data
center in Bangalore, assessed as one of the largest
Tier-4 data centers in South India. The facility is
expected to provide India’s growing tech giants
with reliable, robust data management and distribution
networks, with near zero downtime, 100%
redundancy and industry’s lowest PUE.
The company has five data centers in the country
(Four Tier-4 Datacenters and one Tier-3 Data
center). The Tier-4 data centers are spread across
Hyderabad, Mumbai, Noida and the Bangalore
facility. Another Tier—3 datacenter is located in
Chennai. It’s data center footprint across the country
spans over half-a-million square feet and has a
rack capacity exceeding 10,000.
You recently launched the Bangalore
Tier 4 DC. Tell us about your
journey so far.
Actually, very interesting. Eleven years ago, when
I started thinking about Ctrl-S, everyone I spoke to,
asked me only one question: Sridhar, what makes
you think you can be successful in this business?
The top five three brands are in the same
business, but they are multibillion dollar
conglomerates. To answer that question, puts my
business plans behind by almost six months. Soon
I realized that I have to be significantly better than
them to be able to co-exist in this business. Add to
that, significantly better quality, much lower prices
plus a lot more flexibility which the larger players
could not offer. In a way, this gives our customers a
competitive advantage.
This was a biggest challenge, at the same time I
had to satisfy my investors and shareholders. So
that’s the kind of a background with which we
started. Obviously it was a huge challenge—you
know whenever there is a challenge something
significant has to come out. That’s what happened
in Ctrl-S, and that’s how we started Tier 4 Data
Center. Today we have enabled over 200 innovations
which led to the creation of the most energy
efficient data center.
Today Ctrl-S is the world’s only LEED platinum
certified data center company. It led to innovations
such as, disaster recovery as a service, community
clouds and as a result, not only were we able to
survive the competition, but we became the market
leaders in terms of growth rates, in terms of presence,
in terms of occupancy levels; in all aspects, we
became the market leader.
Right now, we are present in almost all the
important Indian cities . We have the presence
and we are geared to capture the full potential
Indian enterprises have to offer. Not only that,
three years ago, we embarked on a bold and ambi-
22 CIO&LEADER | April 2018

Sridhar Pinnapu Reddy, Ctrl-S
Interview
"We are able to
provide services from
thirty-six locations
globally in about
eighteen countries."
in this industry has invested in people in establishing a digital
defense center within our service delivery networks. We
have put together a large team to focus only on cyber defense.
tious plan to expand our presence to forty countries
across the world.
Today we are able to provide services from thirty-six
locations globally in about eighteen countries. In all these
countries, we are among the top twenty companies, and the
top five brands are our customers. This is ranging from South
East Asia to Japan to Australia, New Zealand and Middle
East, U.S.A, Mexico, Netherlands, and Norway recently.
How did you boost the confidence of
your customers to ensure that they are
in safe hands?
It’s a continuous battle of securing the digital assets. You
never know what’s going to happen next. So, there are twothree
things which go into staying at the top position. Of
course, there’s technology, which kind of protects the tools,
which are required to establish different set of controls, both
at perimeter level and internal security, external security, data
security, as well as from various bots and malicious attacks.
For each one of them there are differentiated tools. What
we’ve done over a period of time is invest in most state-of-theart
tools, which are from leading solutions providers. And in
terms of people, we’ve gathered, I don’t think any other player
How do you see the customers eventually
benefiting from a Tier 4 data center partner
like you?
It’s very simple. Tier 4 is like having hundreds of differentiators
over Tier 3. It is not just providing dual active power
sources as many in the industry believe. It is about every
aspect of the data center right from physical attributes to the
plot location to that of the strength of the building to hundreds
of parameters which go into the making of a data center.
In all those parameters, Tier 4 is a step above. So if Tier 3
is 900 kg per square meter loading this is 1500 kg per square
meter, which is a significant difference.
What is your roadmap for the year 2020?
We are going to get aggressive in DC design bids worldwide.
So that’s an area where we’re progressing. In the private
cloud space, we’ve formed different divisions for banking and
manufacturing ERP related workloads.
And we’re focusing on verticals such as insurance,
government, and healthcare. Additionally, five different
community clouds are going to roll out in the next, out of
which, two are fully mature and the third is going to be
live next month. And we look at maturing all these five
community clouds over next two-year period. What it
means is that we’re going to have skilled professionals in
different digital technologies just like the way we have ERP
professionals and banking professionals.
We’re going to bring in industry experts and make sure
to give a different value proposition altogether on using
cloud technologies to these customers in that space. And
we look at being present in all the 40 countries in the next
two years. We are also looking at tripling our members in
the next two years
April 2018 | CIO&LEADER
23

insight
Companies Are Going To
Spend A Lot More On AI
and Cognitive Systems
Every industry is evaluating to see how it will impact their
business processes and go-to-market efficiencies
By CIO&Leader
W
Worldwide spending on cognitive and artificial
intelligence (AI) systems will reach USD
19.1 billion in 2018, an increase of 54.2% over
the amount spent in 2017. With industries
investing aggressively in projects that utilize
cognitive/AI software capabilities, the International
Data Corporation (IDC) Worldwide
Semi-annual Cognitive Artificial Intelligence
Systems Spending Guide forecasts cognitive
and AI spending will grow to USD 52.2 billion
in 2021 and achieve a compound annual
growth rate (CAGR) of 46.2% over the 2016-
2021 forecast period.
“Interest and awareness of AI is at a fever
pitch. Every industry and every organization
should be evaluating AI to see how it will
affect their business processes and go-tomarket
efficiencies,” said David Schubmehl,
research director, Cognitive/Artificial Intelligence
Systems at IDC. “IDC has estimated
24 CIO&LEADER | April 2018

Insight
that by 2019, 40% of digital transformation initiatives will
use AI services and by 2021, 75% of enterprise applications
will use AI. From predictions, recommendations, and advice
to automated customer service agents and intelligent process
automation, AI is changing the face of how we interact with
computer systems.”
Retail will overtake banking in 2018 to become the industry
leader in terms of cognitive/AI spending. Retail firms will
invest USD 3.4 billion this year on a range of AI use cases,
including automated customer service agents, expert shopping
advisors and product recommendations, and merchandising
for omni-channel operations. Much of the USD 3.3 billion
spent by the banking industry will go toward automated
threat intelligence and prevention systems, fraud analysis
and investigation, and program advisors and recommendation
systems. Discrete manufacturing will be the third
largest industry for AI spending with USD 2.0 billion going
toward a range of use cases including automated preventative
maintenance and quality management investigation
and recommendation systems. The fourth largest industry,
healthcare providers, will allocate most of its USD 1.7 billion
investment to diagnosis and treatment systems.
“Enterprise digital transformation strategies are increasingly
including multiple cognitive/artificial intelligence use
cases,” said Marianne Daquila, research manager, Customer
Insights & Analysis at IDC. “Business transformation is
occurring across all industries as successful companies
embrace the array and potential impact of these solutions.
Automated customer service agents, increased public safety,
preventative maintenance, reduction of fraud, and improved
healthcare diagnosis are just the tip of the iceberg driving
spend today. With double-digit year-over-year spending
growth forecast, IDC expects to see an increase in general use
cases, as well as a refinement of industry-specific use cases.”
The cognitive/AI use cases that will see the largest
spending totals in 2018 are: automated customer service
agents (USD 2.4 billion) with significant investments from
the retail and telecommunications industries; automated
threat intelligence and prevention systems (USD 1.5 billion)
with the banking, utilities, and telecommunications
industries as the leading industries; and sales process
recommendation and automation (USD 1.45 billion)
spending led by the retail and media industries. Three other
use cases will be close behind in terms of global spending
in 2018: Automated preventive maintenance; diagnosis and
treatment systems; and fraud analysis and investigation. The
use cases that will see the fastest spending growth over the
2016-2021 forecast period are: public safety and emergency
response (75.4% CAGR), pharmaceutical research and
discovery (70.5% CAGR), and expert shopping advisors and
product recommendations (67.3% CAGR).
Retail will overtake
banking in 2018 to
become the industry
leader in terms of AI/
cognitive spending
A little more than half of all cognitive/AI spending
throughout the forecast will go toward cognitive software.
The largest software category is cognitive applications,
which includes cognitively-enabled process and industry
applications that automatically learn, discover, and make
recommendations or predictions. The other software
category is cognitive platforms, which facilitate the
development of intelligent, advisory, and cognitively enabled
applications. Industries will also invest in IT services to help
with the development and implementation of their cognitive/
AI systems and business services such as consulting and
horizontal business process outsourcing related to these
systems. The smallest category of technology spending
will be the hardware (servers and storage) needed to
support the systems.
On a geographic basis, the United States will deliver more
than three quarters of all spending on cognitive/AI systems
in 2018, led by the retail and banking industries. Western
Europe will be the second largest region in 2018, led by
retail, discrete manufacturing and banking. The strongest
spending growth over the five-year forecast will be in Japan
(73.5% CAGR) and Asia/Pacific (excluding Japan and China)
(72.9% CAGR). China will also experience strong spending
growth throughout the forecast (68.2% CAGR).
“The latest iteration of the Cognitive/AI Spending Guide
is a roadmap for the journey of organizational DX through
the use of AI, deep learning, and machine learning,” added
Schubmehl. The Worldwide Semiannual Cognitive Artificial
Intelligence Systems Spending Guide sizes spending
for technologies that analyze, organize, access, and provide
advisory services based on a range of unstructured information.
The spending guide quantifies the cognitive computing
opportunity by providing data for more than 20 use cases
across 16 industries in eight regions. Data is also available
for the related hardware, software, and services categories.
Unlike any other research in the industry, the detailed segmentation
and timely, global data is designed to help suppliers
targeting the market to identify market opportunities
and execute an effective strategy
April 2018 | CIO&LEADER
25

Insight
Blockchain’s Red
Hot Indian Use Case:
Invoice Discounting
Risks such as double financing can be completely
avoided using blockchain. That is what is driving the
usage blockchain for receivables financing
By Shyamanuja Das
26 CIO&LEADER | April 2018

Insight
T
The yet-unnamed blockchain,
built on HyperLedger Fabric,
will be used to secure
recievables financing
This month, three Indian factoring
exchanges and the American
blockchain technology firm MonetaGo
announced launching of a fullfledged
blockchain. The yet-unnamed
blockchain, built on HyperLedger
Fabric, will be used to secure
receivables financing.
The three factoring exchanges
involved are:
RXIL or Receivables Exchange
of India (RXIL), a joint venture
between NSE Strategic Investment
Corporation Ltd (NSICL) and Small
Industries Development Bank of
India (SIDBI)
A.TReDS, a joint venture between
Axis Bank and mjunction Services
M1xchange, operated by Mynd
Solutions
RXIL, Axis Bank and Mynd
Solutions were licensed by the
Reserve Bank of India to operate
Trade Receivables Discounting
System (TReDS), as the service is
known in regulatory parlance, in
November 2015.
MonetaGo, a New Yorkbased
technology firm, is an old
India hand. It was the primary
technology supplier for a blockchain
trial conducted by Institute of
Development & Research in Banking
Technology (IDRBT), RBI’s research
arm, in January 2017. National
Payment Corporation of India (NPCI)
and multiple banks participated in
the trial, which incidentally was also
around trade finance and was also
built on Hyperledger Fabric.
Tech-leveraged Invoice
Discounting
The process of bundling and selling
invoices at a discount, is a major
source of working capital finance
for small and medium (MSME)
companies. Suppliers to any large
company are paid typically in 30 to
120 days. But since the MSME needs
working capital, financial companies
buy the invoices at a discount and
provide finance to the MSMEs and
later collect the money from the
buyer. Because the invoices are
bought at a discounted rate, the
practice is popularly known as
invoice discounting,
While the practice itself is quite
old, in the last few years technology
platforms are being used to make
the process faster and efficient. The
platforms work like any auctioning
platform. Typically, a seller uploads
an invoice on the platform, which
is approved by the buyer. Once
approved by the buyer, the invoice
becomes a factoring unit and is
auctioned on the platform which the
financiers try to buy by entering their
discounting rate. After the final bid is
accepted by the seller (or the buyer, in
case the buyer is bearing the interest
rate), the TReDS platform settles the
trade. The financier is debited and the
supplier is credited.
The shift to new technology-based
platforms is catalysed by RBI’s
proactive stance to promote the usage
along with rapid developments in
financial technologies. This stems
from the Government’s thrust on
energizing the MSME segment to
drive economic growth.
RBI came up with a concept paper,
Micro, Small & Medium Enterprise
Factoring-Trade Receivables
April 2018 | CIO&LEADER
27

Insight
Exchange in March 2014. Based
on feedback from public and
stakeholders, it published the final
guidelines in December that year.
The guidelines outlined the
requirements and the basic tenets
of operating the TReDS, including
the system participants, their roles,
transaction process flow, settlement
process, etc., besides indicating the
eligibility criteria for entities desirous
of setting up and operating such
a system. RBI also clarified, in the
guidelines, that the TReDS will be
an authorised payment system and
will also be subject to the oversight
of the Reserve Bank of India under
the Payment and Settlement Systems
(PSS) Act, 2007.
RBI also specified that MSME
sellers, corporate and other
buyers, including the Government
Departments and PSUs, and
financiers (both banks and NBFC
factors) would be direct participants
Jesse Chenard, CEO, MonetaGo
in the TReDS, which would
provide the platform to bring these
participants together for facilitating
uploading, accepting, discounting,
trading and settlement of the invoices
/ bills of MSMEs.
RBI’s guidelines were forwardlooking
as the regulator explicitly
mentioned that “the bankers of sellers
and buyers may be provided access
to the system, where necessary, for
obtaining information on the portfolio
of discounted invoices / bills of
respective clients.”
It also clarified that the TReDS may
tie up with necessary technology
providers, system integrators and
entities providing dematerialisation
services for providing its services.
The three TreDS platform were
licensed in November 2015. RXIL
was the first to be operational in
January 2017.
KredX, another venture-funded
start-up also into operating an invoice
discounting platform, has also applied
for a licence. KredX has already raised
Series A funding of USD 6.25 million
in October 2016.
Blockchain: Another
Layer of Trust
As the platform providers started
looking out for the latest technology,
blockchain seemed to be tailor made
for the application. Not only it makes
each transaction far more efficient, it
makes it far more trusted too.
What we have seen with this
week’s announcement is almost
unprecedented. Initiated by three
competing new players, without it
being driven by a major financer, is
itself a major step.
“The exchanges realized that there
is significant value in going for a common
blockchain,” says Jesse Chenard,
CEO of MonetaGo, the technology
company that has initiated the platform.
Most important is reducing
fraud and eliminate risks such as
double financing. That will not just
make it far more trusted, but will also
make the system more efficient in the
long run, helping everyone.
“This technology enables us to work
together with the other exchanges to
achieve shared goals without sharing
specific data. I look forward to the day
when other players in the financial
services industry also appreciate
the value add in terms of preventing
frauds related to Bill Discounting and
become a part of this system,” said
Kalyan Basu, MD & CEO of A.TReDs.
“This is a simple and low-cost
technology innovation which helps
us mitigate risks arising from
multiple financing of the same bills
across the platforms in addition
to our existing risk management
processes which provides a clear
benefit. The real benefit will actually
come when other financiers such
as banks, NBFCs, and others
join MonetaGo’s platform,” said
Kashinath Katakdhond, MD &
CEO, RXIL.
Echoed Chenard, “The more the
merrier,” he said referring to more
players joining the blockchain.
The understanding among the
promoters—the three exchanges and
MonetaGo—is that the technology
will be continuously be updated by
MonetaGo.
“We are constantly evaluating new
methodologies and technologies
which we believe will fit into our
long-term product road map” said
Sundeep Mohindru Director and
Founder of M1xhange.
“Tech will change over time. We will
keep supporting that,” said Chenard
of MonetaGo.
The blockchain has been production-active
only for two weeks after
months of testing.
Though this is the first enterprisegrade
live blockchain, there have been
several proofs of concept/trials using
blockchain technology in India.
Most of them have been around two
areas: cross border money remittance
and receivables financing with
invoice discounting
28 CIO&LEADER | April 2018

Insight
Cryptojacking
Is On The Rise
in 2018
As per Symantec, India is among
the most vulnerable countries
By IANS
W
When
it comes to increased cryptojacking
activities, India is second in the Asia-Pacific
and Japan (APJ) region and ninth globally as
hackers create a highly-profitable, new revenue
stream with crypto-mining, cyber security
giant Symantec said in a recent statement.
According to Symantec's "Internet Security
Threat Report", detection of coinminers on
endpoint computers increased by a whopping
8,500% in 2017.
"Cryptojacking is a rising threat to cyber
and personal security," Tarun Kaura, Director,
Enterprise Security Product Management,
APJ at Symantec, said in a statement.
"The massive profit incentive puts people,
devices and organizations at risk of unauthorized
coinminers siphoning resources from
their systems, further motivating criminals to
infiltrate everything from home PCs to giant
datacenters," Kaura added.
Cryptojacking is defined as the secret use of
a computing device to mine cryptocurrency.
With a low barrier of entry cyber criminals
are harnessing stolen processing power and
cloud CPU usage from consumers and enterprises
to mine cryptocurrency.
Coinminers can slow devices, overheat batteries
and in some cases, render devices unusable.
For enterprise organizations, coinminers
can put corporate networks at risk of shutdown
and inflate cloud CPU usage, adding
to the cost.
"Now you could be fighting for resources on
your phone, computer or Internet of Things
(IoT) device as attackers use them for profit.
People need to expand their defenses or they
will pay for the price for someone else using
their device," Kaura added.
Symantec found 600% increase in
overall IoT attacks in 2017. India today ranks
among the top five countries as a source for
IoT attacks.
The firm also identified a 200% increase in
attackers injecting malware implants into the
software supply chain in 2017.
Threats in the mobile space continue to
grow year-over-year, including the number
of new mobile malware variants which
increased by 54%.
Mobile users also face privacy risks from
grayware apps that are not completely malicious
but can be troublesome. Symantec found
that 63% of grayware apps leak the device's
phone number.
In 2017, the average ransom cost lowered
to USD 522.
"Several cyber criminals may have shifted
their focus to coin mining as an alternative to
cashing in while cryptocurrency values are
high," the report noted
April 2018 | CIO&LEADER
29

Insight
Bot Seriously!
Virtual assistants are becoming the new
sine qua non in consumer services
By CIO&Leader
30 CIO&LEADER | April 2018

Insight
OOnline travel portal, Yatra.com and Kotak Mahindra Bank
are the latest in a series of consumer services companies that
are leveraging AI-powered chatbots to serve their customers
better. While almost all leading banks, especially in the
private sector, have already launched these bots, Yatra is one
of the early ones in the online travel business. Online retailer
Flipkart soft-launched a similar conversational search
capability in early 2017.
However, one segment that has led the use of AI-powered
virtual assistants from the front is banking. All new private
sector banks—HDFC Bank, ICICI Bank, Axis Bank, Yes
Bank and now Kotak Mahindra Bank—have launched
similar products while India’s largest bank, State Bank of
India, a public sector bank, too has launched its own virtual
customer service assistant.
While organizations have been flirting with AI-powered
chatbots for close to three years, most of the commercial
launches have happened in the last 18 months.
In November 2016, Axis Bank launched its intelligent
chatbots, in partnership with Active.ai, a Singaporebased
start-up.
A month later, HDFC launched a Facebook Messenger
chatbot created in partnership with Indian start-up Niki.ai,
called OnChat.
In February 2017, ICICI Bank launched its own chatbot
iPal for handling customer queries. It has handled an
estimated 10 million queries.
Flipkart launched its conversational search during
that time.
In March last year, HDFC Bank launched a fullfledged
customer service chatbot called EVA (Electronic
Virtual Assistant).
Around the same time, YES Bank, in partnership with a
Silicon Valley start-up Payjo, launched its wallet services
through a chat-based financial assistant.
In September last year, State Bank of India, the largest
bank in India, launched SBI Intelligent Assistant (SIA),
which the bank says addresses queries the way a “bank
representative does.” The SBI chatbot also uses Payjo.
Most of the commercial
AI-powered chatbot
launches have happened
in the last 18 months
In November 2017, FirstCry, a leading bay and kids
products retailer, launched its own AI-based virtual
assistant Jenna.
The New Kids
In 2018 too, the story continues with more launches
ofcustomer service chatbots.
Yatra.com’s virtual assistant is called YUVA, short for
Yatra Universal Virtual Assistant. YUVA, available on
desktop, Android, IOS, Google Assistant and Facebook
Messenger, supports various Indian accents.
“The users can search and book flights, apply multiple
filters, rearrange options with different sort orders and
modify bookings. The user can provide the complete
information in a single sentence or talk to YUVA
and provide the relevant information in a form of a
communication,’ said the company in a release.
Its future versions will feature multi-lingual support
starting with Hindi followed by other important regional
languages and will be assisting the customers in hotel and
holiday bookings as well.
Kotak Mahindra Bank launched 'Keya', a voice bot
integrated with the bank’s phone banking helpline
and augments its existing IVR in Hindi and English.
It is developed using the technology from Nuance. It
uses automatic speech recognition, natural language
understanding and text-to-speech technology.
Startups such as Payjo, Niki.ai, Haptik are making news
with their solutions to enable consumer companies better
their customer service using AI-powered chatbots
April 2018 | CIO&LEADER
31

Insight
And You Thought
Security Is Secular
(Across Industries)?
The nature and motive of data breaches could vary
significantly across industries. Any strategy formulated
without the understanding of those peculiarities in an
industry will never be very effective
By CIO&Leader
32 CIO&LEADER | April 2018

Insight
Origin of breaches
TThe conversation around enterprise
security and threat management has
always been horizontal. While there
is a broader recognition today that the
business impact of an incident could
vary significantly across industries,
there has been little effort to understand
how the fundamental metrics of
threat vary across businesses.
That means a largely uniform, horizontal
approach towards security.
The recently released Verizon
Data Breach Investigations Report
(DBIR) 2018 — the 11th edition of the
study — reveals why that could be
awfully inadequate.
Whether it is in terms of the origin
(external vs internal) of breach/
incidents, the type of data breached
or the nature of the attacks, the nine
industries covered by DBIR 2018 show
significant difference. Some of those
metrics are key to the understanding
of the nature of threats and hence
important from the point of view of a
solutions approach.
For example, as much as 99% of the
breaches occur in the accommodation
(hospitality) industry involve external
factors, while in healthcare, as much as
56% are internal. In fact, in hospitality,
Point of Sales (PoS) accounts for 90%
of all breaches.
“Often restaurants are smaller organizations
without the luxury of trained
security staff, but they are forced to
rely almost exclusively on payment
cards for their existence,” explains the
report. These attacks are overwhelmingly
motivated by financial gain and
perpetrated by organized crime.
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Accommodation
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Accommodation
Education
Education
Financial
Financial
Healthcare
The differences are not just in the origin.
The motives too are significantly
different across industries. Though
increasingly, financial motives are
becoming predominant, in some
areas—like manufacturing and public
administration—espionage are almost
equally strong motives. In healthcare,
curiosity is a major factor.
The kind of data that is targeted also
vary across industries. In Accommodation,
93% of compromised data is payment
data; in education, 72% of data
is personal. Credentials account for a
huge 41% in the Information sector.
A good counter-threat strategy
requires that the breaches are
Information
Manufacturing
External Internal Others
Prof Services
Motive behind breaches
Healthcare
Information
Manufacturing
Prof Services
Public Administration
Public Administration
Financial Espionage Convenience Fun ideology others
Retail
Retail
understood clearly. Each industry
has a different mix of motives, origins
and the kind of data that is targeted.
Since the security budget and
resources are limited, they need to be
channelized properly to optimize the
effectiveness of the security strategy.
Depending on the nature of
threat, the companies will not just
be able to identify the investment
priorities, it may also help an entire
industry segment to come together
to minimize certain threats. In
areas like healthcare and public
administration, a collaborative
approach may be more effective than
siloed approach
April 2018 | CIO&LEADER
33

Security
1 In 4 Organizations
Using Public Cloud Has
Had Data Stolen
As per the security report, poor visibility is found to be one of
the greatest challenges to cloud adoption in organizations
By CIO&Leader
P
Poor visibility is one of the greatest challenges to
cloud adoption in an organization, according to
McAfee’s Navigating a Cloudy Sky: Practical Guidance
and the State of Cloud Security report. Across
all industries, computing storage and asset protection
are transitioning to the cloud, making it difficult
for IT practitioners to see what is ahead. This
uncertainty and lack of visibility to new environments
are causing some executives to move slowly
or stick to their known paths, while others move
boldly ahead.
“Despite the clear prevalence of security incidents
occurring in the cloud, enterprise cloud adoption
is pressing on,” said Rajiv Gupta, senior vice president
of the cloud security business unit, McAfee.
“By implementing security measures that allow
organizations to regain visibility and the control of
their data, businesses can take advantage of innovative
services and accelerate their business with a
more informed approach to security in the cloud.”
Cloud Services Nearly Ubiquitous
Almost all organizations are well into cloud adoption.
According to the survey, 97% of worldwide IT
professionals are using some type of cloud service
and are concurrently working through issues
34 CIO&LEADER | April 2018

Security
related to visibility and control.
The combination of public and private
cloud is also the most popular
architecture, with 59% of respondents
now reporting they are using a hybrid
model. While private-only usage is
relatively similar across all organization
sizes, hybrid usage grows steadily
with organization size, from 54% in
organizations up to 1,000 employees,
to 65% in larger enterprises with more
than 5,000 employees.
Cloud-First is the Strategy
of Most Organizations, but
in Cautious Decline
Cloud-First is an information technology
strategy that states new projects
should consider using cloud technology
first as opposed to on-premises
servers or software. According to the
report, Cloud-First is the strategy for
IT in many companies and remains a
primary objective. Caution seems to
have taken over for others, as the number
of organizations with a Cloud-First
strategy dropped from 82% to 65%
this year. Despite the reported security
incidents, respondents with a Cloud-
First strategy still believe that public
cloud is safer than private cloud.
Sensitive Data Stored in
the Cloud
The majority of organizations store
some or all of their sensitive data in
the public cloud, with only 16% stating
that they store no sensitive data in the
cloud. The types of data stored run the
full range of sensitive and confidential
information. Personal customer
information is by far the most common,
reported by 61% of organizations.
Around 40% of respondents also store
one or more of internal documentation,
payment card information, personal
staff data or government identification
data. Finally, about 30% keep intellectual
property, healthcare records,
competitive intelligence and network
pass cards in the cloud.
Managing the risk of storing sensitive
data in the cloud means ensuring
the organization has visibility to it. A
focus on fundamental governance and
technological steps, such as requiring
departments and personnel to participate
in asset identification, classification
and accountability helps build
visibility. Data Loss Prevention integration
with cloud providers, including
the use of Cloud Access Security
Brokers, manual or automated data
classification and other technology
steps, will help reduce the risk of sensitive
information flows to and through
cloud services.
Security Incidents Still
Widespread
Prominently, one in four organizations
that uses IaaS or SaaS has had data
stolen, and one in five has experienced
an advanced attack against its public
cloud infrastructure. As organizations
prepare for the European Union’s
General Data Protection Regulation
(GDPR), slated for May 2018, they will
be ramping up compliance efforts.
Organizations that are more confident
in the ability of their cloud providers
are more likely to have plans to
increase their overall cloud investments
in the coming year, while those
less confident plan to keep their investments
at the current level. Fewer than
10% surveyed, on average, anticipate
decreasing their cloud investment
because of GDPR.
Malware continues to be a concern
for all types of organizations and 56%
of professionals surveyed said they
had tracked a malware infection back
to a cloud application, up from 52% in
2016. When asked how the malware
was delivered to the organization, just
over 25% of the respondents said their
cloud malware infections were caused
by phishing, followed closely by
emails from a known sender, driveby
downloads and downloads by
existing malware.
Respondents
with a cloudfirst
strategy
still believe that
public cloud is
safer than private
cloud
Skills Shortage Decreasing
The shortage of cybersecurity skills
and its impact on cloud adoption continues
to decrease, as those reporting
no skills shortage increased from 15%
to 24% this year. Of those still reporting
a skills shortage, only 40% have
slowed their cloud adoption as a result,
compared to 49% last year.
Best Practices and
Recommendations
Based on findings from this year’s
study, the report concludes with three
best practices that all organizations
should actively work towards:
DevOps and DevSecOps have been
demonstrated to improve code quality
and reduce exploits and vulnerabilities.
Integrating development,
quality assurance and security
processes within the business unit
or application team is crucial to operating
at the speed today’s business
environment demands.
Even the most experienced security
professionals find it difficult to keep
up with the volume and pace of cloud
deployments on their own. Automation
that augments human advantages
with machine advantages, such
as that found in tools such as Chef,
Puppet or Ansible, is a fundamental
component of modern IT operations.
Multiple management tools make
it too easy to for something to slip
through. A unified management
system across multiple clouds with
an open integration fabric reduces
complexity
April 2018 | CIO&LEADER
35