C&L May 2018

INTERVIEW
Training your workforce
on digital transformation Pg 8
COLUMN
How to steer clear
of GDPR violations? Pg 18
Volume 07
Issue 02
May 2018
150
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
A 9.9 Group Publication

DON’T GAMBLE,
BE PRACTICAL
Join us at
https://bit.ly/2JCxZ0w
RSVP - Abhishek Jain
abhishek.jain@9dot9.in | +91 9312119363
To register
please scan
#thepracticalcio #cioannual

EDITORIAL
Shyamanuja Das
shyamanuja.das@9dot9.in
CIOs badly
need an
outside-in
perspective…
A
All that we do
in this issue is
to highlight the
important points
within the draft
(communication
policy) that
have direct
and indirect
implications for
IT and security
managers
good two weeks after the Srikrishna Committee
released its whitepaper outlining various
issues to consider in a possible data privacy
legislation in India, I tried to informally seek
the opinion of delegates—CIOs, CISOs and
other senior security professionals—participating
in a security-themed event. Just 3-4 out
of more than 30 delegates knew something
about the report.
I was not exactly shocked. I was already working
on a story on the digitalization journey of
large Indian corporations then and was getting
a strong message that if not many CIOs are leading
the digitalization journey, it is not
because they are devoid of any skills but
many of them cannot draw on a blank
canvas. They are excellent problem solvers
but they expect the ‘problem’ to be
defined for them. Digitalization—where
‘use cases’ is the ruling catchphrase—
does not work that way.
Earlier, enterprise IT managers
understood only technology; then,
understood processes and corresponding
metrics; now, many of them have
a fairly good understanding of their
own business dynamics. That is good
enough to derive value from technology
for ‘business as usual’ part. But
to derive value from new technology, new changes
in economy, business environment, regulatory
regimes, they need to keep their eyes and ears open.
Unlike the Srikrishna Committee white paper, the
new national digital communication policy is a fullfledged
policy document. Despite its positioning as
the latest update to the country’s telecom policy, it
is not a mere sectoral policy draft—partly because
communication itself has broadened its scope and
partly because the government has chosen to include
certain policy positions—such as data privacy itself—
within this policy draft.
Yet, the awareness about its provisions is also low
among the community. All that we do in this issue is
to highlight the important points within the draft that
have direct and indirect implications for IT and security
managers. To that extent, it is not even a story.
But carrying it on cover is also our way of reiterating
that environmental changes are as important as
changes in an organization or a particular industry
in what has already become an outside-in regime
May 2018 | CIO&LEADER
1

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF
A 9.9 Media Publication
INTERVIEW
Training your workforce
on digital transformation Pg 8
COLUMN Volume 07
Issue 02
How to steer clear
May 2018
of GDPR violations? Pg 18
150
CONTENT
MAY 2018
COVER STORY
12-17 | Why the new
policy matters…
Despite a narrower positioning by Department of
Telecommunications, the new digital communication
policy is a statement of intent to improve the digital
environment holistically
Cover Design by:
Manoj Kumar VP
advertisers ’
index
Accenture
BC
Please Recycle
This Magazine
And Remove
Inserts Before
Recycling
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission
from Nine Dot Nine Mediaworx Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for
Nine Dot Nine Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid,
Delhi-110091. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 2013011
This index is provided as an
additional service.The publisher
does not assume any liabilities
for errors or omissions.
2 CIO&LEADER | May 2018

AROUND THE TECH
04
Bending the issue
www.cioandleader.com
COLUMN
20-21
Understanding APIs
for private cloud
implementations
By Abhinav Asthana
24-25
Bringing IoT sensors to
the farm
By Adam Drobot
SECURITY
28-29
Information sharing is
key to ward off cyber
threats
INSIGHT
30-31
Mixing digital
technologies
34-35
Artificial
intelligence sees
big business
38-40
The dirty secrets of
network firewalls
MANAGEMENT
Managing Director: Dr Pramath Raj Sinha
Printer & Publisher: Vikas Gupta
EDITORIAL
Managing Editor: Shyamanuja Das
Associate Editor: Shubhra Rishi
Content Executive-Enterprise Technology:
Dipanjan Mitra
DESIGN
Sr Art Director: Anil VK
Art Director: Shokeen Saifi
Visualisers: NV Baiju & Manoj Kumar VP
Lead UI/UX Designer: Shri Hari Tiwari
Sr Designers: Charu Dwivedi, Haridas Balan & Peterson PJ
SALES & MARKETING
Director-Community Engagement
for Enterprise Technology Business:
Sachin Mhashilkar (+91 99203 48755)
Brand Head: Vandana Chauhan (+91 99589 84581)
Assistant Product Manager-Digital: Manan Mushtaq
Community Manager-B2B Tech: Megha Bhardwaj
Community Manager-B2B Tech: Renuka Deopa
Associate-Enterprise Technology: Abhishek Jain
Regional Sales Managers
North: Deepak Sharma (+91 98117 91110)
West: Prashant Amin (+91 98205 75282)
South: BN Raghavendra (+91 98453 81683)
Ad Co-ordination/Scheduling: Kishan Singh
PRODUCTION & LOGISTICS
Manager Operations: Rakesh Upadhyay
Asst. Manager - Logistics: Vijay Menon
Executive Logistics: Nilesh Shiravadekar
Logistics: MP Singh & Mohd. Ansari
OFFICE ADDRESS
9.9 Group Pvt. Ltd.
(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.)
121, Patparganj, Mayur Vihar, Phase - I
Near Mandir Masjid, Delhi-110091
Published, Printed and Owned by 9.9 Group Pvt. Ltd.
(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.)
Published and printed on their behalf by
Vikas Gupta. Published at 121, Patparganj,
Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091,
India. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,
NOIDA (U.P.) 201301.
Editor: Vikas Gupta
May 2018 | CIO&LEADER
3

around
thetech
WHAT
CIOs ARE
TIRED OF
HEARING...
“We don't have
the budgets but
let's make it
work!"
GENDER
Bending the issue
We have talked a great deal about
gender equality in the workforce.
In enterprise IT and security, the
percentage of women in the workforce is
strikingly poor. Take for instance, ISACA’s
annual State of Cybersecurity 2018
report, a 31-point perception gap exists
between male and female respondents,
with 82% of male respondents saying
men and women are offered the same
opportunities for career advancement in
cybersecurity, compared to just 51% of
female respondents.
The report also found that while gender
disparity exists, it can be mitigated
through effective diversity programs. In
organizations that have one, men and
women are much more likely to agree
that men and women have the same
career advancement opportunities. A
full 87% of men say they have the same
opportunities, as compared to 77% of
women.
A lot of companies are publicly taking
up this cause to improve diversity in
the workforce. Take for instance, staff
in Starbucks' outlets that the company
owns in the U.S.—more than 8,000 in
total—are undergoing racial-bias training.
The city of Boston is also addressing
the cause by offering to train women in
negotiating their salaries better.
In Hollywood too, women are speaking
up about gender bias.
However, IT and security leaders need
to do more. By hiring qualified women,
companies can tackle the widening
skill gap. They can create a cohesive
work environment and help make IT
a preferred career choice for women
employees. How are you addressing the
issue in your organization?
4 CIO&LEADER | May 2018

Around The Tech
BY THE BOOK
This book takes you on a journey to
project a worldview where women
haven't asked for permission from
Silicon Valley to chase their dreams.
They are going for it -- building the next
generation of tech start-ups, investing
in each other's ventures, crushing
male hacker stereotypes and rallying
women and girls everywhere to join
the digital revolution. Geek Girl Rising
isn't about the famous tech trailblazers
you already know, like Sheryl Sandberg
and Marissa Mayer. Instead, veteran
journalists Heather Cabot and
Samantha Walravens introduce readers
to the fearless female entrepreneurs and
technologists fighting at the grassroots
level for an ownership stake in the
revolution that's changing the way we
live, work and connect to each other.
Readers will be introduced to Debbie
Sterling, inventor of GoldieBlox, the first
engineering toy for girls, which topples
the notion that only boys can build.
They'll get a peek inside YouTube sensation
Michelle Phan's ipsy studios, where
she is grooming the next generation
of digital video stars while leading her
own mega e-commerce beauty business.
makingheadlines
The General Data Protection Regulation (GDPR) is newest regulation to come
into effect in the European Union. However, it hasn't deterred two of the Big Four
from being hit with a handful of lawsuits having to do with how they share data.
The Verge, citing the lawsuits, reported they are seeking to hit Facebook and
Google with fines that collectively amount to around USD 8.8 billion. The
lawsuits were filed by Max Schrems, an Australian activist who has long
criticized how the companies collect data on their users.
Under the new regulation, companies have to provide clear consent and justify
why they are collecting data on their users, as well as clarify what they intend to
do with it. They are also required to overhaul their privacy and data collection
policies to better protect consumers.
Google and Facebook have been addressing GDPR before it was law, rolling out
new policies and products to better protect the data, but those steps aren't enough.
What happens when an entire city tries to close the
gender pay gap? In the last few years, the city of
Boston has doubled down on a commitment made
in 2013 by its former Mayor, Thomas M. Menino, to
bring pay equity to the city’s workforce. The Boston
Women’s Workforce Council teams up with the area’s
companies and institutions, including major ones
like Morgan Stanley, Zipcar and the Massachusetts
Institute of Technology, to help them figure out
ways to advance women, which they share with one
another in quarterly best-practice meetings.
The city has also trained over 7,000 women
in salary negotiation, with a goal of training an
additional 78,000 by 2021. A more immediate
deadline: The Massachusetts Equal Pay Act,
passed by the legislature in 2016, goes into effect
in July 2018.
gender
bender
May 2018 | CIO&LEADER
5

Around The Tech
UNCHAINED MELODY
matter of
twitter
The ability of blockchain to track, trace, and authenticate products,
record contracts, guarantee the movement of information and
record transactions means it can be put to use across the entire
value chain, with the benefits consequently being passed on to the
consumer in the form of savings, increased trust and transparency,
and safer and higher quality products.
In this new Deloitte report, we examine the implications and
assess the value of specific blockchain use-cases, analyzing how
they could be used to resolve key business issues.
Deloitte has predicted that blockchain technology will reach a tipping
point in the next five years, moving from a fringe technology
associated with dubious cryptocurrency investments and get rich
quick stories to a standard operational technology across the financial,
manufacturing and consumer industries.
Along the way, blockchain will face significant challenges, but if
these can be overcome and the technology continues to develop as
expected, there could be widespread adoption among enterprises.
The ultimate beneficiary will be the consumer. If blockchain can
create efficiencies and save costs throughout the supply chain.
VITAL
STATISTICS
Why are so few
women investing
into bitcoin?
94.73%
5.27%
*Note –the responses to these questions should be
evaluated based on the facts and circumstances in
your organization and discussed with legal counsel.
6 CIO&LEADER | May 2018

Around The Tech
These five companies have secured the
top five spots in Fortune 500 Companies
2018 list. Amazon entered the top 10 list
of Fortune 500 companies for the first
time. It became the second tech company
after Apple to be in Top 10. Telecom
major AT&T follows Amazon in the list.
Alphabet, Microsoft, IBM, Dell and
Intel are the other tech companies
who feature among the top 10. While
Apple dropped one position in the
revenue ranking, technology companies
till create the most value. The
four most valuable companies on the
list are all technology firms—Apple,
Alphabet, Microsoft and Amazon.
Walmart
Rank: 1
Revenues: USD500,343
Walmart business in the U.S. is
transforming its website into an
online mall offering a slew of brands
and expanding its grocery delivery.
It is also making big moves in both
Five companies in the
FORTUNE500 2018 LIST
China and India, looking to rev up
international growth again.
Exxon Mobil
Rank: 2
Revenues: USD244,363
Oil giant is enjoying the same momentum
as the rest of the energy sector, posting
a 151% year-over-year earnings gain
for 2017 on revenues of USD 244 billion.
Berkshire Hathaway
Rank: 3
Revenues: USD242,137
The conglomerate holding company–
whose many subsidiaries include Geico
and the railroad Burlington Northern–
struggled to grow through acquisitions
in 2017, losing out on its bid for Oncor
when it refused to raise its offer.
Apple
Rank: 4
Revenues: USD 229,234
Apple took a small step back, from
No. 3 to No. 4, despite a 6% gain in
annual sales, but it led the way in
profits with more than $48 billion
in net income. In short, the Apple
juggernaut continues at tremendous
scale and despite the overall saturation
of smartphones, which make up
the vast majority of the company’s
sales and profits.
In a year dominated by proposed
cross-sector health care mega-mergers
like the CVS-Aetna deal, United-
Health Group flew somewhat under
the radar. But America’s largest
health insurer was far from idle.
UnitedHealth Group
Rank: 5
Revenues: USD 201,150
UnitedHealth’s 2017 revenues
spiked 9% compared with 2016 to
$201 billion. That was mirrored
by a 9.1% year-over-year boost in
Optum’s revenues, which grew to
$91.2 billion.
May 2018 | CIO&LEADER
7

INTERVIEW
How are you
upskilling your
IT team on digital
transformation
initiatives?
Simplilearn has launched a digital transformation
academy for enterprises. Have IT leaders enrolled yet?
By Shubhra Rishi
8 CIO&LEADER | May 2018

Anand Narayanan, Simplilearn
Interview
In the last few years, CIOs have been
chanting the ‘digital transformation’
catchphrase as if it is a common cure for
all enterprise IT worries. However, a lot of
organizations have embarked on standalone
digital initiatives and are slowly
evolving their digital readiness. However,
a frequent issue that companies face is
the lack of available talent to lead these
innovations. As a result, a lot of companies
are looking at hiring outside skills
for the duration of the initiative. Some are
also working with startups or external
vendors. What about enterprises/CIOs
that are planning to upskill their existing
workforce on digital skills?
A quick Google search displays several
courses offered by premiere institutions
such as Indian School of Business (ISB),
and online courses by platforms, such as
Udemy, Coursera, edX among others. Simplilearn,
a professional online certification provider,
recently launched Digital Transformation Academy
– a complete suite of courses tailored for
enterprise needs.
We spoke to Anand Narayanan, Chief Product
Officer at Simplilearn, to find out how the Academy
aims to bridge the digital skill gap.
Digital Transformation is a very
broad concept. How do you define it
at Simplilearn?
We believe that, to successfully drive Digital
Transformation, any organization needs to pay
attention to three foundational aspects: People,
Process, and Technology. The people aspect
includes the process of transforming the mindset
of an organization and creating an innovation
driven culture from the grounds up. Process
involves the ability to be “agile” and always follow
“devops” principles. And finally technology allows
an organization to change the way business is
performed. Digital transformation isn’t just about
technology but is also about the people that drive it
and the processes that foster innovations.
Can you talk about the skill gap
issue in enterprise IT?
Digital transformation is already disrupting traditional
technologies, replacing them with digital
domains, such as AI & Machine Learning,
Analytics, Cloud, and Robotic Process Automation.
It is also clear that these skills are not
easily acquired due to their rapid evolution.To
remain competitive and efficient, organizations
have tried hiring for these skills, but the talent
May 2018 | CIO&LEADER
9

Interview
Anand Narayanan, Simplilearn
The Academy has
a suite of training
programs that
help organizations
become competent
in digital
technologies
pool remains small. This leads to a skill gap that can only
be overcome with a strong upskilling program.
We conducted a survey of IT Managers
recently and found that only less than half
of them have completed any kind of certification
in the last two years. Every three out of four of
the respondents said they have done some kind
of certification in the last five years. Why do you
think CIOs/IT managers will be interested in taking
up what you have to offer?
Enterprises, more than ever, are measuring the ROI of their
employees and realizing that they are falling behind on key
skills in the digital domain. Online learning does not drive
user engagement and the completion rates are abysmal as
a result. The Simplilearn learning approach drives user
engagement and skill achievement through a high-engagement,
outcome centric model. Online self learning content,
skills assessments, live classes with industry grade faculty,
teaching assistants to intervene when required and hands
on projects, have helped us to deliver an industry high 72%
completion rate on our curriculum. Being able to achieve the
learning outcomes and truly transform their organization is
what makes our offer exciting to these CIOs/IT managers.
Another survey finding that we encountered
was that 28% of IT Managers said they
would go for learning new technologies; however,
leadership skills still topped the choice list.
Clearly leadership skills are a CIO's top priority
and they would rather spend dollars on hiring
temporary skills. Then why would CIOs reskill at
all or do you feel differently about this?
In recent focus groups and discussions that Simplilearn
has had with CIOs and L&D heads, it was clear that
while the target group thought that leadership skills
were important, a majority of their budgets were going
towards technology training. IT Managers and CIOs
are realizing that there is a significant technology shift
happening in the industry with the mainstream use of
digital technologies and this is clear from the way their
training budgets are being allocated.
While there has been intermittent use of a transient
workforce, this approach has not delivered a culturally
aligned outcome for these corporations. This transient
workforce solves for the technology aspect, but it fails
to deliver on the people and process aspects due to poor
alignment of outcomes. It has become an imperative for
corporations to upskill their employees or risk being left
behind as a result.
What's the vision and mission of the Simplilearn
Digital Transformation Academy for
enterprises?
The Simplilearn Digital Transformation Academy is our
flagship initiative to enable enterprises become digital ready.
We are partnering with organizations to equip them with the
skills needed to survive the digital era. The Academy has a
suite of training programs that help organizations become
competent in digital technologies. The program covers all
knowledge aspects of the people, processes and technology
framework and allows any organization to quickly move up
the digital transformation capability ladder.
What is the broad breakup of the course
module?
The Simplilearn Digital Transformation Academy covers
varied topics across the people, process and technology
aspects. On the people side, the academy provides
training around design thinking, and UX principles
which can lead to a more innovative, customer centric
approach within an organization.
On the process side, the academy covers core topics
such as Agile and DevOps which allow an organization to
run lean and fast. And on the technology side core digital
disciplines are covered such as AI and machine learning,
robotic process automation, big data, data analytics, digital
marketing, and cloud computing.
Our outcome centric curriculum is a blend of online selflearning
and live instructor led classroom, allowing the
learner to learn from anywhere. The courses are designed
for three levels of training - Practitioner, Consultant, and
CXO, and are based on the depth of knowledge and digital
expertise required for various roles. Additionally the
academy provides the capability to customize the curriculum
for specific verticals
10 CIO&LEADER | May 2018

A PEER-POWERED,
KNOWLEDGE - BASED AND
COMMUNITY-LED INITIATIVE
FOR CFOS

Cover Story
12 CIO&LEADER | May 2018

Cover Story
Why the
new policy
matters…
Despite a narrower positioning by Department
of Telecommunications, the new digital communication
policy is a statement of intent to
improve the digital environment holistically
By CIO&Leader
On 1 May 2018, the Department
of Telecommunications (DoT)
released the draft, National
Digital Communication Policy
2018 for public consultation. The
latest national communication policy is the fifth
overall communication policy document from
the government. For long, communication in the
country was governed by the Indian Telegraph
Act 1885. It took 109 years to get the first national
telecom policy of India, in 1994. Since then, this is
the third policy statement, the other two having
been released in 1999 and 2012.
The significant ways in which it differs from
the other three in recent times (1994, 1999 and
2012 versions) is that while all of them were called
National Telecom Policy, the current draft replaces
‘telecom’ with broader and more contemporary
‘communication’, while ‘digital’ has been inserted.
The policy is available on the DoT website
and is open for public comments, at the time of
writing this.
According to the policy document, the policy
aims to accomplish the following strategic objectives
by 2022:
1. Provisioning of broadband for all
2. Creating 4 million additional jobs in the Digital
Communications sector
3. Enhancing the contribution of the Digital
Communications sector to 8% of India’s GDP
from ~ 6% in 2017
4. Propelling India to the top 50 nations in the ICT
Development Index of ITU from 134 in 2017
5. Enhancing India’s contribution to global
value chains
6. Ensuring digital sovereignty
While the first five objectives have traditionally
guided policymaking in all sectors, the last two—
that deal with India’s position in the world—are
new additions to this policy statement.
Beyond Telecom
When we asked about the policy to CIOs and some
senior IT managers, few had any knowledge about
May 2018 | CIO&LEADER
13

Cover Story
By its content, specific
goals and possible
implications, the policy
goes well beyond
telecom sector. Yet, both
its stated objective and
the channel through
which it was released
(the administrative
department DoT rather
than a NITI Aayog or
PMO), tends to indicate it
is a sectoral policy.
what it contains, other than the fact that such a policy has
been announced. The only respondent who seemed to be
familiar with the policy was from the telecom industry!
While we are not defending the lack of awareness by the
IT managers’ community, part of the blame should go to the
government. Despite being fairly holistic, it has been positioned
as just the latest ‘telecom’ policy.
By its content, specific goals and possible implications,
the policy goes well beyond telecom sector. Yet, both its
stated objectives—enable creation of a vibrant competitive
telecom market to strengthen India’s long-term competitiveness—and
the channel through which it was released
(the administrative department DoT rather than a NITI
Aayog or PMO), tends to indicate that it is a sectoral policy.
Take for example, the specific goal, ‘establish a strong,
robust and flexible’ data protection regime, on which the
Government has already acted by establishing a committee
headed by Justice B.N Srikrishna.
What is ‘telecom’ about it?
There are three mission statements mentioned in the
policy—Connect India (creating robust infrastructure),
Propel India (promoting innovation and tech ecosystem
and leverage emerging technologies) and Secure India
(ensuring privacy, security and digital sovereignty). Only
the first part is a logical sequel to previous telecom policies
in its scope. The rest two are completely new additions.
In that sense, it is a digitech policy, rather than a telecom
policy.
Not too surprisingly, one of the areas for which the
provisions have direct implications, is enterprise IT,
including information security.
While almost the entire policy has implications for IT, there
are several provisions and objectives that will have direct
impact on enterprise IT operations (including information
security). We have identified 18 such specific points from the
draft policy text. You are advised to go through the entire policy
at the DoT’s website though by the time the issue reaches you,
the time for registering your comments would have elapsed.
Here are the 18 points we strongly suggest you need to
go through, and take them as inputs while working out
your long-term plans. Most of them have positive implications
but nevertheless, if you miss them, in a highly competitive
market, you may just incur an opportunity cost!
We have indicated the specific clause in the policy within
parentheses () against each of the points. This will help you
locate them within policy text easily in case you need to
understand the context, know specific actions points, etc.
Here we go…
1
Ensuring inclusion of uncovered
areas and digitally deprived segments
of society (1.4)
Possible impact: Expansion of access today means
expansion of the market. For many products and services,
this will give access to new market segments, some of
which are at the ‘bottom of the pyramid’. That itself may
foster further innovation!
This is also the only point from the first section of the
policy (Connect India) that finds a place in this listing.
2
Deployment and adoption of new
and emerging technologies (2.2.a)
The policy talks about creating a roadmap for emerging
technologies, such as 5G, Artificial Intelligence, Robotics,
Internet of Things, Cloud Computing and M2M by simplifying
licensing and regulatory frameworks whilst ensuring
appropriate security frameworks for IoT/ M2M.
It also explicitly mentions another emerging challenge—earmarking
adequate licensed and unlicensed
spectrum for IoT/M2M service.
Encouraging use of Open APIs for emerging technologies
is another progressive stance that the policy envisages.
Possible impact: Today, most of the experimentations
with new technologies like IoT and M2M do not scale up
because businesses are unwilling to take the investment
risks, because the regulatory directions in a lot of issues
including spectrum availability are still unknown. A proactive
policy stance like this will open up investments and
accelerate the deployment of new technologies.
14 CIO&LEADER | May 2018

Cover Story
The Policy at a Glance
Vision
To fulfil the information and communication needs of citizens and enterprises by establishment of a ubiquitous,
resilient, secure and affordable Digital Communications Infrastructure and Services; and in the process,
support India’s transition to a digitally empowered economy and society
Mission Description Objective 2022 Goals
Points in
our Story
pertaining
to the
mission
Connect
India
Creating Robust
Digital Communications
Infrastructure
To promote Broadband
for All as a tool for
socio-economic development,
while ensuring
service quality and
environmental sustainability
a. Provide Universal broadband coverage at 50 Mbps to
every citizen
b. Provide 1 Gbps connectivity to all Gram Panchayats of
India by 2020 and 10 Gbps by 2022
c. Enable 100 Mbps broadband on demand to all key development
institutions; including all educational institutions
d. Enable fixed line broadband access to 50% of households
e. Achieve ‘unique mobile subscriber density’ of 55 by 2020
and 65 by 2022
f. Enable deployment of public Wi-Fi Hotspots; to reach 5
million by 2020 and 10 million by 2022
g. Ensure connectivity to all uncovered areas
a. Attract investments of USD 100 Billion in the Digital
Communications Sector
b. Increase India’s contribution to Global Value Chains
c. Creation of innovation led Start-ups in Digital Communications
sector
d. Creation of Globally recognized IPRs in India
e. Development of Standard Essential Patents (SEPs) in the
field of digital communication technologies
f. Train/ Re-skill 1 Million manpower for building New Age
Skills
g. Expand IoT ecosystem to 5 Billion connected devices
h. Accelerate transition to Industry 4.0
a. Establish a comprehensive data protection regime for
digital communications that safeguards the privacy,
autonomy and choice of individuals and facilitates India’s
effective participation in the global digital economy
b. Ensure that net neutrality principles are upheld and
aligned with service requirements, bandwidth availability
and network capabilities including next generation access
technologies
c. Develop and deploy robust digital communication network
security frameworks
d. Build capacity for security testing and establish appropriate
security standards
e. Address security issues relating to encryption and security
clearances
f. Enforce accountability through appropriate institutional
mechanisms to assure citizens of safe and secure digital
communications infrastructure and services
#1
Propel
India
Enabling Next
Generation Technologies
and
Services through
Investments,
Innovation and
IPR generation
To harness the power of
emerging digital technologies,
including 5G,
AI, IoT, Cloud and Big
Data to enable provision
of future ready products
and services; and
to catalyse the fourth
industrial revolution
(Industry 4.0) by promoting
Investments,
Innovation and IPR
#2 through
#9
Secure
India
Ensuring Sovereignty,
Safety and
Security of Digital
Communications
To secure the interests
of citizens and safeguard
the digital sovereignty
of India with a
focus on ensuring individual
autonomy and
choice, data ownership,
privacy and security;
while recognizing data
as a crucial economic
resource.
#10 through
#18
May 2018 | CIO&LEADER
15

Cover Story
3
Transition to IPv6 for all existing
communications systems,
equipment, networks and devices (2.2.c)
Possible impact: For network managers, especially those
managing large and complex networks, everything changes.
4
Enabling hi-speed Internet, IoT and
M2M by 5G rollout (2.2.d)
Possible impact: As sensor technologies become mainstream,
the demand for speed will go up exponentially. And
most of that speed has to be on wireless networks. So, 5G is
a natural evolution. Just that a proactive stance like a policy
statement makes the evolution a bit faster and seamless.
5
Establishing India as a global hub
for cloud computing, content hosting
and delivery, and data communication
systems and services (2.2.f)
The policy promises regulatory frameworks for promoting
international data centers, content delivery networks
and independent in exchanges in India, while promising
a light-touch regulation.
Possible impact: Lower latency, drop in prices and
more choice
6
Leveraging AI and Big Data to
enhance the overall quality of
service, spectrum management, network
security and reliability (2.2.g)
Possible impact: Though it is targeted at the telecom sector,
a large and mature sector like telecom can drive down
the price as well as help grow skills.
7
Recognizing Digital Communications
as the core of Smart Cities (2.2.h)
The policy proposes developing, in collaboration with
Ministry of Urban Development (MOUD), a Common Service
Framework and Standards for Smart Cities. There are
similar initiatives globally. The government needs to evaluate
whether it makes sense to adapt one of these to India or
start working on it from scratch, though.
Possible impact: Accelerated smart city rollout will
directly impact the volume of sales of many technologies
like IoT/M2M, Big Data, leading to more use cases, availability
of skills and lower cost of these technologies.
8
Promoting Start-ups (2.4)
One of the important objectives and 2022 goals is
supporting start-ups through various fiscal and nonfiscal
benefits, such as academic collaboration, promoting
start-ups in government procurements, measures for
application service providers.
Possible impact: A vibrant start-up environment
leads to better innovation and flexibility of deploying
technologies for enterprises.
9
Accelerating Industry 4.0 (2.8)
The policy lists, among its objectives, creation of a
roadmap for transition to Industry 4.0 by 2020 taking
a sectoral approach. It explicitly mentions development
of markets for IoT/ M2M connectivity services in sectors
including agriculture and smart cities components. It
also talks of establishing a multi-stakeholder led collaborative
mechanism for this purpose.
Possible impact: Faster deployment of robotics, IoT
and other similar technologies leading to not just huge
efficiency gains but also better decision making through
data analytics.
10
Today, most of the
experimentations with
new technologies like IoT
and M2M do not scale
up because businesses
are unwilling to take the
investment risks, thanks
to unclear regulatory
direction. A proactive
policy stance will open
up investments and
accelerate the deployment
of new technologies.
Establish a strong, flexible and
robust Data Protection Regime
(3.1)
While the Government has already taken measures on
this regard, like the appointment of an expert committee
under the chairmanship of Justice Srikrishna, which has
already issued a draft stance document and has taken
feedback from public, it is probably incorporated in the
communication policy document to show its importance
in the overall policy making.
Possible impact: This has major implications for enter-
16 CIO&LEADER | May 2018

Cover Story
prise IT and compliance teams. Compliance with newer
provisions like right to forget may need significant efforts
including investment.
11
Assure Security of Digital
Communications (3.3.a)
The policy talks of infrastructure security (physical
infrastructure, cyber-physical infrastructure, hardware
and network elements), systems security (equipment,
devices, distributed systems, virtual servers) as well as
application and platform security (web, mobile, device
and software security).
Possible impact: One more layer of security at the service
provider level is good news for enterprises, especially
small and medium businesses.
12
Participating in global standard
setting organisations (3.3.c)
The policy talks about establishing comprehensive security
certification regime based on global standards
Possible impact: It was a long-desired requirement. A
country of over a billion people should have a say in what
direction the standards should go.
13
While the Government
has already taken
measures on data
protection legislation,
its incorporation in
the communication
policy document shows
the importance it is
accorded in the overall
policy making.
Formulating a policy on
encryption and data retention
(3.3.e)
This is a hotly debated issue globally. While the government
has made a mention of it in the policy, its exact
stance is not known.
Possible impact: A policy with clear guidelines is
always better than a vague and ad-hoc approach. But keep
your fingers crossed.
14
Facilitating lawful interception
agencies with state-of-art lawful
intercepts (3.3.f.ii)
Mentioned as a sub-point of a clause, this one is tricky. The challenge
is not technology always, though it is also becoming one.
It is how robust is the process and what real powers do the service
providers enjoy to say no to a request that is not mandated
by policy bought sought by the enforcement agencies.
Possible impact: Depends on how the policy making
proceeds, it may make things easier or far more difficult.
15
Establishing a Security Incident
Management and Response System
for communications (3.3.g)
Since communication industry is the basic foundation of
a digital ecosystem, it has to be made thoroughly secure.
Instituting a sectoral CERT that works in tandem with
CERT-in is a welcome step.
Possible impact: More secure infrastructure; also lessons
for other sectors
16
Enforcing obligations on service
providers to report data breaches
(3.3.g.iii)
Part of the requirements is to report data breaches, not just
to authorities but also to affected users. The breach of data
at a major telco in India reported in media sometimes back
was a major cause of concern.
Possible impact: A lot but we have to see how much
teeth the legislation will have.
17
Developing a comprehensive plan
for network preparedness
Targeted at improving network resilience and disaster
response, this will surely help all those who depend on
these networks; i.e., all of us.
Possible impact: More resilient infrastructure is good
news for all users, be it business users or common citizens.
18
Developing a Unified Emergency
Response mechanism
In a natural disaster-prone country like India, creating a permanent
mechanism for emergency response is a welcome step.
While many a times it happens because of alert officials, the
approach is always ad-hoc. An institutional framework with
clearly defined roles and responsibilities, standard operating
procedures and technical guidelines will surely go a long way
in making disaster response far more effective.
One welcome approach is to force service providers
share infrastructure in emergency situations.
Possible impact: Many of the other disaster management
mechanisms can be effective if the basic connectivity
is available
May 2018 | CIO&LEADER
17

COLUMN
How to build better
data protection and
steering clear of
GDPR violations
Enforcement means that organizations should already be
processing personal data in accordance with the GDPR —
including provisions for data subject rights
By Nilesh Jain
T
he General Data Protection Regulation (GDPR),
adopted in April 2016 after four years of
deliberations, is now in force. The regulation
made headlines around the globe with its stricter
data protection standards, substantial fines, and
most of all, extensive reach. The GDPR affects any
organization that holds an EU citizen’s personal
data, no matter the size or location. A company
based in Asia is as accountable as a multinational
enterprise with offices across Europe — as long as
it collects and processes the data of EU citizens.
The regulation also delineated the data
protection obligations of affected organizations
— from adopting state-of-the-art security
methods to providing people more access to
and control of their data. Recognizing the
sweeping changes required for compliance,
the EU authorities granted member states
18 CIO&LEADER | May 2018

Column
and organizations two years to get ready and
prepare. And today, the transition stage is over
— the GDPR will now be enforced.
What happens now?
Enforcement means that organizations
should already be processing personal data
in accordance with the GDPR — including
provisions for data subject rights. Data Protection
Authorities (DPAs) of EU member states will also
already be able to penalize organizations that are
not compliant. Depending on the member state,
it is possible that regulators will immediately
take action to address any noncompliance.
Some regulatory bodies, however, plan on being
more lenient with businesses and organizations
that have started but not yet completed their
compliance efforts.
What is the worst-case scenario? An
organization is liable for damages caused by
noncompliance and is subject to corresponding
administrative fines. The heftiest fine is
20,000,000 euros or up to 4% of annual
turnover, whichever is higher.
What is the best-case scenario? If an
organization is fully compliant with the GDPR,
or uses the regulation as a starting-off point
and goes beyond the minimum standards, then
there are significant advantages. Some benefits
would be: Secured valuable information, more
efficient operations with proper archiving and
data management, and increased trust from
customers and users.
While the GDPR applies to personal data of
EU citizens, the GDPR has sparked a change in
privacy regulations across the world. The 2018
enforcement allowed several countries to make
their own legislative improvements — the UK
and Australia are just two of a number of regions
that have also updated their data protection laws.
This only indicates that GDPR compliance is a
good opportunity — not just for multinational
enterprises but smaller organizations as well — to
keep up with global advances in data privacy and
state-of-the-art security.
What should organizations be doing?
Ideally, all the groundwork for compliance
should have been finished by now, and items on
the compliance checklist should have been ticked.
Organizations should already be able to provide
products or services that address their customers’
rights as outlined in the GDPR. Those using
third-party applications or suppliers should
watch for updates concerning issues like the
“right to be forgotten” and stricter user consent
standards and make sure they are working
properly. Several laws as well as software changes
are also expected to be in effect starting today or
in the coming months, and organizations should
be ready for any necessary changes.
For those not yet fully compliant, some member
state DPAs have reassured companies “acting in
An organization is liable for
damages caused by noncompliance
and is subject to
corresponding admin fines
good faith” or on the way to compliance that they
will initially be treated with consideration. It’s
crucial to document steps being taken as well as
to prioritize addressing potential security risks.
Ready or not, the road to GDPR compliance
does not end on enforcement day — assessments
and audits should be regular moving forward.
Building better data protection
The GDPR was enforced to set a new standard
for data privacy and protection. One key
element to this is building in privacy measures
from the first stages of development — not
patching up problems after they occur. As
organizations create new products and
applications post-implementation day, privacy
by design must be kept in mind.
Through its new rules and standards, the GDPR
encourages organizations to rethink existing
data management policies and invest in state-ofthe-art
security for data protection. To reiterate,
compliance efforts should be constant after GDPR
implementation day; staying up to date with
cybersecurity developments plays a major part.
We created an infographic to demonstrate the
path well-protected personal data takes — leaving
the data subject’s hands and on to an organization
for secure processing. It also shows what happens
if something goes wrong and what happens if
everything goes right.
The author is Vice President – South East Asia and
India, Trend Micro
May 2018 | CIO&LEADER
19

Column
Understanding APIs
for private cloud
implementations
Three tips to minimize the development hassles in
your cloud hybridization journey...
By Abhinav Asthana
G
iven the ecosystem complexities of hybrid cloud
deployments, API management can be tough.
While addressing Inspire Partner Conference
in 2017, Microsoft CEO Satya Nadella made an
interesting observation when he opined that in
the fight between public and private cloud, it's
the hybrid cloud that has emerged the winner.
Nadella's statement gets validated when one
views the rise of hybrid cloud as part of the overall
cloud market. According to Markets and Markets,
the global hybrid cloud market is forecast to be
valued at USD 91.74 billion by 2021, growing by
22.5% CAGR. Compare this with the overall cloud
computing revenues of USD162 billion in 2020
(growing from USD 67 billion in 2015).
A highly sought after model by CIOs, hybrid
cloud offers organizations a flexibility to use costeffective
resources and innovative features from
public cloud vendors as and when required while
retaining the advantages of tight management
controls that their private cloud deployments
assure. The hybrid model, however, can be a
challenge to the backend API developer who has
to ensure that users can move from one model
to another seamlessly without compromising
on the organization’s security and compliance
mandates. Let’s explore three API management
good practices companies may follow to get the
best out of their API programmes for hybrid
cloud implementations.
20 CIO&LEADER | May 2018

Column
Streamline the database access needs of
individual components
Generally, a hybrid cloud set-up presents a
complex ecosystem of applications, business
processes, and infrastructure components.
Given this complex environment, when multiple
components spread across business and
application process flows are accessing database,
it may impact performance of the whole system.
In any case when components are moving into the
cloud, performance gets affected further. An aspect
to consider, here is the type of data–whether it is
persistent or non-persistent.
The API management exercise should therefore,
begin with mapping the database access needs of
various application components with the linked
business processes, and application workflows
besides the user access levels. Ensuring that the
database access function is carried out by one or
only a few components may be a good approach
to follow. Creating controlled interface(s) for
public cloud-components to access applications
and data from your private cloud may also be
deemed useful.
Do not ignore security and support
In a hybrid cloud set-up APIs work as the pipe that
provides access to enterprise resources to users
internal as well as external. Safeguarding sensitive
business information is, therefore, an important
task APIs must perform. A combination of security
provisions including basic authentication via API
keys, the advanced authorization model by using
OAuth 2.0, and JSON Web Tokens (JWT) along with
encryption may be considered a reasonable solution
stack to secure API framework for a hybrid cloud
implementation.
In a hybrid cloud environment, requests
continuously flow back and forth between
public cloud and the data center or private cloud.
Therefore, in addition to the standard functions
of visibility, availability, and monitoring, your
APIs, while acting as gatekeepers, also need
to support features such as throttling. When
designed with adequate provisioning for caching
and fair-use as the guiding principle, throttling
can help private cloud administrators achieve
performance optimization while measuring
resource requests on the business criticality
parameters. Allowing developers to request
access to a predefined data-set through a
developer-portal can also build efficiency into
support operations.
In a hybrid cloud set-up
APIs work as the pipe
that provides access to
enterprise resources to
users internal as well
as external
Know your organization’s hybrid cloud
priorities
Hybrid cloud has various usage-driven models.
Some organisations build strong data center
capabilities and a private cloud relying on public
cloud resources only for analytics especially
when big data is involved. In fact, this method
is similar to the model traditionally followed
in third party business intelligence system
deployments wherein data fetched from multiple
enterprise source systems and ETL is fed into a
data warehouse and then to a BI system. In this
method, replace BI system with public cloud.
The public cloud's access is thus limited to the
EDW layer only. The enterprise systems are kept
oblivious and out of reach for the public cloud.
Another practice followed by organizations is
limiting the scope of public cloud to spike-based
provisioning while majority of provisioning
being done by the private cloud. Popularly
termed as cloud-bursting, the public cloud’s role
is of augmentative nature only. Through this
method, CIOs try to keep their risks and costs
under control while ensuring uninterrupted
performance at all times.
Lastly, some organizations take a different
view of public cloud adoption. By breaking down
their applications into back-end and front-end
components, the web-based front-end portions
are moved to the public cloud while retaining the
transaction data processing and analysis at the
private cloud level only. An API developer should
therefore thoroughly review the practices and
risk-return priorities of the organization before
creating a suitable API architecture.
The author is CEO & Co-founder, Postman
May 2018 | CIO&LEADER
21

Column
Five questions post
Pichai’s impressive
duplex demo…
And why we must ask them now?
By Shyamanuja Das
22 CIO&LEADER | May 2018

Column
T
how will it feel to
be served by virtual
beings? What
impact could it
make on the way
societies work?
raditionally, people have been trained to talk
to technology. For some time now, research is
directed towards making technology talk to
human beings.
Google CEO Sundar Pichai just showed what
you could possibly see in near future – natural
conversation by an automated assistant over
phone to do specific tasks. He demonstrated
recordings of calls made by Google Duplex,
a new technology for conducting natural
conversations, leaving those who watched it live
thoroughly impressed.
Google Duplex is a new technology for
conducting natural conversations to carry
out “real world” tasks over the phone. The
technology is directed towards completing
specific tasks, such as scheduling certain types
of appointments.
“For such tasks, the system makes the
conversational experience as natural as possible,
allowing people to speak normally, like they would
to another person, without having to adapt to a
machine,” Google said in a blog post.
Here are five questions you could try
answering—or
questioning others. But
please…see the demo
once before trying out.
1. Do you still have
doubts on what is
possible?
Natural language
processing has a long
history—right from
translating “spirit is
willing, flesh is weak”
in English to “vodka is good, meat is rotten” in
Russian…A lot of what Pichai demonstrated on
stage looked like what we have watched so far in
sci-fi movies.
While Pichai himself admitted it is a work in
progress, does anyone have any doubt on the limits?
2. Will the labor displacement happen sooner
than you think?
Unlike many other talks on how it could change
human civilization, Pichai kept talking about how
the technology can change business. And that is
pretty clear. The question is not if, but when, will
start replacing human beings at a scale that will
impact employment—and economies of nations?
For countries like India, celebrating their young
population ‘resource’ in a service centric economy,
what could it mean?
3. How will ‘automated beings’ change society
and culture?
How will it feel to be served by virtual beings?
What impact could it make on the way societies
work? Will humans too be dehumanized?
4. What if it is misused?
Already, people have started discussing its
wrongful application. With every new capability,
a new set of alarming possibilities are presented.
Duplex and its genre are no exception. Imagine
what is possible…
5. Is it time for some regulation?
The ultimate question. Should it be regulated?
(That is a no-brainer) Is it time to start the
debate now? What should be regulated and with
what objective(s)?
May 2018 | CIO&LEADER
23

Column
Bringing IoT
sensors to the farm
The sensors we have today (whether video,
hyperspectral or infrared) allow us to understand
many of the conditions of plants in the field
By Adam Drobot
24 CIO&LEADER | May 2018

Column
It all depends on how
the cost can be reduced
enough to match the
economics of farming
There’s a common misconception that
farms are simple places. While that’s
never particularly been the case,
modern agriculture is impressively
complex and technologically
sophisticated, and is becoming more
so with the introduction of a wide
array of sensors.
The sensors we have today (whether
video, hyperspectral or infrared)
allow us to understand many of the
conditions of plants in the field. The
sensors can be based on different
platforms, from satellites and high
altitude aircraft to smaller drones
that are flown and controlled locally,
to permanent sensors mounted on
structures that overlook the field.
The data from these sensors is used
to understand the spatially-resolved
field conditions and how the crop
is progressing. Interpreting sensor
data and the spatial distribution can
be used to determine how the field
should be managed to achieve the
best yields, and where and when to
harvest the crops. In terms of plants,
miniaturized integrated sensors that
are low-cost and can be placed on
individual plants is one direction we
could see. It all depends on how the
cost can be reduced enough to match
the economics of farming.
Also, if we talk of the key
technological advancements that
would allow for the creation of
cheap, miniature sensors, we need to
mention the use of basic components
from consumer electronics where
large markets drive economies of
scale. The best examples are cheap
cameras that now cost a few dollars
because of smartphone production
volumes, accelerometers from
MEMS technologies, and other
developments that come from
system-on-a-chip (SOC) design
and manufacturing techniques.
Satellites also play a huge role in
assessing the condition of plants.
Firstly, an increasing number of
satellites use high resolution sensors
– both optical and hyperspectral
– to improve techniques for
interpreting sounding data. There
are also many more low Earth
orbit (LOE) satellites, whose arrays
provide much better coverage,
both geographically and in field
re-visit rates. The second role is as
communications relays for ground
sensors in sparsely-populated and
under-resourced areas.
Drones also have great potential –
they’re just getting started. Because
they can get right to where the
action is, drones can be used to fly
instruments that would not fit or
work on satellites. An example is
acoustic sensors used to identify
pests and animals, data that’s not
possible to gather from satellites. A
drone can also pick up a soil or plant
sample that a satellite cannot.
The author is IEEE senior member
and Chair of the IEEE Internet of
Things Activities Board
May 2018 | CIO&LEADER
25

FACE OFF
// SHOULD CIOs BE HIRED
FROM BUSINESS?
There are two kinds of organizations.
One is where a user applies IT for
business and the other where the user
becomes the producer of IT products
or services. In the case of former, the
degree of business knowledge and
technology knowledge is 70:30 whereas
in the case of latter, the ratio of business
acumen to technology is 40:60.
Nevertheless, business knowledge is
dominant in both the cases.
Take for instance, in the
manufacturing industry, IT is the
tool to enable business processes
and drive business targets. IT should
align with business strategies and
provide solutions to do business
better and smarter.
This thorough knowledge of
business is only possible if the IT
head is from the business side.
Understanding organization culture,
Quick View
T G Dhandapani, says,
thorough knowledge of business
is only possible if IT head is hired
from business
user behavior, business
requirements and
effective solutioning
for an IT deployment is
possible if he/she is from
business. Today it is not
adequate if the CIO just
responds to business
requirements. He/she
has to be at least six
months ahead of his CXO
peers when it comes to
T G DHANDAPANI
Advisor – Digital
Transformation and
Former Group CIO, TVS
Motor and Sundaram
Clayton Group
planning and executing
digital projects. He/she should be in a
position to predict what they want six
months later. Any requirements of
a CXO that were required yesterday
or they planned for solutions after
they ask for isn't sufficient. They
should be in a position to do shelf
engineering and keep the solution
ready before the business asks for it.
CIOs, if from business can implement
this successfully. Today IT is not
confined to datacenters. The IT folk
should rub shoulders with CXOs and
dirty their palms in the shop floor.
Vanilla CIOs, purely with technology
backgrounds, will take more time to
understand and implement solutions
for business
Understanding
org culture,
user behavior,
biz requirements
is only
possible if he/
she is from
business
26 CIO&LEADER | May 2018

Face Off
ARINDAM
SINGHA ROY
CIO,
East India Udyog
"A CIO should
come from
the heart
of the IT
community
but must be
business
focused
Any CXO position is a combination
of expertise and added layers of
“big picture thinking” ability and
leadership. A CIO/CISO without a
strong IT background is a COO, or
a CEO maybe. The balanced C-level
team requires various perspectives.
For instance, possessing a technical
perspective for a CIO/CISO is paramount.
He/she should be able to
articulate the IT position and vision.
Strategic and business thinking
is one side of the coin for a CIO/
CISO. However, in IT, he/she will
serve as a ‘building with roof’ but
without an IT base.
If you hire a CIO/CISO without
the requisite technical experience in
critical and multi-headed responsibilities,
IT is then managed by someone
who isn't technology oriented,
who then proves ineffective, open
to vendor manipulation, and staff
disrespect. He/she steadily starts
acquiring a ‘herding cats' mentality
on technology matters.
I think what makes it complicated
is the fact that IT is the only department
that is both staff and line. For
Quick View
Arindam Singha Roy, says,
IT experience is , sometimes,
just enough
instance, Finance is staff only while
Sales is line only. But, the leader of IT
is both a staff person (support) and
often a line person (e.g. runs the bit
factory). It is because of this unique
role that he or she needs dual experience.
The CIO/ needs to know what
is right and wrong on projects, what
works and doesn’t. In the end, it is the
CIO that has to buy off on the recommendations
of their reports.
In conclusion, a CIO must come from
the heart of the IT community, but must
be business focused
May 2018 | CIO&LEADER
27

SECURITY
Information
sharing is key
to ward off
cyber threats
As per reports, a layered security
approach involves gathering various
security solutions to collectively
protect an organization’s data
By CIO&Leader
S
haring information is an important factor in
helping to defend against cyber threats, according
to Akamai Technologies’ State of the Internet/Security:
Carrier Insights Report for Spring
2018. The report analyzes data from more than
14 trillion DNS queries collected by Akamai
between September 2017 and February 2018
from communications service provider (CSP)
networks around the world.
For more than 19 years, Nominum, acquired by
Akamai in 2017, has leveraged in-depth DNS data
to improve overall protection against sophisti-
cated cyberattacks, such as distributed denial of
service (DDoS), ransomware, trojans, and botnets.
Akamai’s Carrier Insight Report builds upon the
Nominum expertise and highlights the effectiveness
of DNS-based security that is enriched with
data coming from other security layers. This layered
security approach involves gathering various
security solutions to collectively protect an organization’s
data.
“Siloed understanding of attacks against individual
systems isn’t enough for defenders to prepare
for today’s complicated threat landscape,”
28 CIO&LEADER | May 2018

Insight
said Yuriy Yuzifovich, Director of Data Science,
Threat Intelligence, Akamai. “Communicating
with varying platforms is critical when acquiring
knowledge across teams, systems and data sets.
We believe that the DNS queries that our service
provides act as a strategic component to arming
security teams with the proper data necessary for
that big picture view of the threat landscape.”
Tackling the Mirai Botnet:
Collaboration in Action
Collaboration between teams within Akamai
played a crucial role in discovering Mirai command
and control (C&C) domains to make future
Mirai detection more comprehensive. The Akamai
Security Intelligence and Response Team (SIRT)
has been following Mirai since its inception, using
honeypots to detect Mirai communications and
identify its C&C servers.
In late January 2018, Akamai’s SIRT and
Nominum teams shared a list of over 500 suspicious
Mirai C&C domains. The goal of this was
to understand whether, if by using DNS data
and artificial intelligence, this list of C&C could
be augmented, and make future Mirai detection
more comprehensive. Through several layers of
analysis, the combined Akamai teams were able
to augment the Mirai C&C dataset to discover a
connection between Mirai botnets and distributors
of the Petya ransomware.
This collaborative analysis suggested an evolution
of IoT botnets, from a nearly exclusive use
case of launching DDoS attacks to more sophisticated
activities such as ransomware distribution
and crypto-mining. IoT botnets are difficult to
detect because there are very few indicators of
compromise for most users—and yet, the collaborative
research by these teams created the
Siloed understanding of
attacks against individual
systems isn't enough
for defenders to prepare
for today's complicated
threat landscape
chance to find and block dozens of new C&C
domains to control the activity of the botnet.
Javascript Cryptominers: A Shady
Business Model
The exponential rise in public consumption of
cryptocurrency adoption has been reflected in
a sharp, observable increase in the number of
crypto-mining malware strains, and the number
of devices infected with them.
Akamai observed two distinct business models
for large-scale crypto-mining. The first model
uses infected devices’ processing power to mine
cryptocurrency tokens. The second model uses
code embedded into content sites that make
devices that visit the site work for the cryptominer.
Akamai conducted extensive analysis
on this second business model, as it poses a new
security challenge for users and website owners
alike. After analyzing the cryptominer domains,
Akamai was able to estimate the cost, in terms of
both computer power and monetary gains, from
this activity. An interesting implication of this
research shows that cryptomining could become a
viable alternative to ad revenue to fund websites.
Changing Threats: Malware and
Exploits Repurposed
Cybersecurity is not a static industry. Researchers
have observed hackers leveraging old techniques
to reuse in today’s current digital landscape. Over
the six months that Akamai collected this data, a
few prominent malware campaigns and exploits
show notable changes in their operating procedure,
including:
The Web Proxy Auto-Discovery (WPAD) protocol
was discovered in use to expose Windows
systems to Man-in-the-Middle attacks between
November 24 and December 14, 2017. WPAD
is meant to be used on protected networks (i.e.
LANs) and leaves computers open to significant
attacks when exposed to the Internet.
Malware authors are branching out to the collection
of social media logins in addition to financial
information. Terdot, a branch of the Zeus botnet,
creates a local proxy and enables attackers to perform
cyber-espionage and promote fake news in
the victim’s browser.
The Lopai botnet is an example of how botnet
authors are creating more flexible tools. This
mobile malware mainly targets Android devices
and uses a modular approach that allows owners
to create updates with new capabilities.
May 2018 | CIO&LEADER
29

INSIGHT
Mixing digital
technologies
A new World Economic Forum (WEF) research finds
new technologies, deployed in combination, contribute
to significantly higher productivity gains, when deployed
individually. The research also identifies key enablers of
maximizing return on digital investments
By CIO&Leader
he productivity increase due to investments in
new digital technologies is significantly more
when technologies are deployed in combination,
finds a new research by the World Economic
Forum (WEF). The finding is part of a broader
project—Maximizing Returns on Digital Invest-
Tments—by WEF’s Digital Transformation Initiative
(DTI) to understand the relationship between
new technology investment and productivity.
The research found four key trends:
The return on investment in new technologies
is positive overall. The productivity increase
is three times higher when technologies are
deployed in combination.
30 CIO&LEADER | May 2018

Insight
The return on digital investments varies by
industry, and industry leaders achieve a greater
productivity increase from investments in
new technology than followers. The leaders in
a majority of industries tend to be larger companies
by revenue.
Asset-heavy industries realize more value
from robotics; asset-light industries realize
greater value from mobile/social media.
While industry leaders realize higher overall
return from robotics and mobile/social investments,
followers have gained more from IoT
and cognitive technologies.
The WEF research identified three key drivers
of digital investments: new efficiencies, enhanced
customer experience and new business models.
It concluded that new efficiencies are still the
primary driver for large companies to invest in
new technologies while investing in new business
models is the most difficult and least frequently
targeted of the three drivers.
To read our report on the key imperatives, drivers
and major trends in digital transformation in India,
read Decoding Digital Transformation in India
The research also identified five key enablers
to maximize the return on digital investments
emerged from the discussions with industry
leaders. They are:
Agile and digital-savvy leadership: Maintaining
a strategic vision, purpose, skills, intent and
alignment across management levels to ensure a
nimble decision-making process on innovation
Forward-looking skills agenda: Infusing a
digital mindset in the workforce by making innovation
the focus of training and hiring programs
Ecosystem thinking: Collaborating within the
value chain (e.g. with suppliers, distributors, customers)
and outside (e.g. start-ups, academia)
Data access and management: Driving competitiveness
through strong data infrastructure and
warehouse capability combined with the right
analytics and communication tools
Technology infrastructure readiness: Building
the required technology infrastructure to
WEF research has
identified three key
drivers: new efficiencies,
enhanced customer
experience and new
business models
ensure strong capabilities on cloud, cybersecurity
and interoperability
The project was launched to address the understanding
gap that exists in new technologies’
impact on productivity.
Some of the questions that it addressed are:
How much value are companies getting from
digital investments?
How do returns on digital investments vary by
company, industry and technology?
How can companies maximize return from
their digital investments?
How can companies successfully execute on
digital investment projects?
The research considered four new technology
areas: cognitive technologies including AI and Big
Data; IoT/connected devices; Robotics encompassing
design, construction, implementation and
operation of robots; and Mobile/social media.
The research combined quantitative and qualitative
analyses of new technology investments.
data from over 16,000 public companies across 14
industries to estimate the productivity impact of
investments in new technologies. The industries
were automotive, aviation and travel, chemistry
and advanced materials, consumer, electricity,
financial services, healthcare, logistics, media,
mining and metals, oil and gas, professional services,
retail and telecommunications
May 2018 | CIO&LEADER
31

Insight
CEOs priorities
shifting to embrace
digital business
As per Gartner, growth, corporate strategies, IT and
workforce issues continue to top CEO priorities in 2018
By CIO&Leader
Growth is amongst the top CEO business priorities
in 2018 and 2019, according to a recent survey of
CEOs and senior executives by Gartner. However,
the survey revealed as simple, implemental
growth becomes harder to achieve, CEOs
are focusing on changing and upgrading the
structure of their companies, including a deeper
understanding of digital business.
The Gartner 2018 CEO and Senior Business Executive
Survey of 460 CEO and senior business executives
in Q4, 2017 examined their business issues, as
well as some areas of technology agenda impact. In
total, 460 business leaders in organizations with
more than USD 50 million in annual revenue were
qualified and surveyed.
IT remains a high priority coming in at the third
position, and CEOs mention digital transformation,
in particular (see Figure 1). Workforce has risen
rapidly this year to become the fourth-biggest
priority, up from seventh in 2017. The number of
32 CIO&LEADER | May 2018

Insight
CEO Top Business Priorities for 2018 and 2019
Percentage of respondents, ranked by summary top three mentions
(Simple)
Growth
40%
33%
Corporate
(Structural Development)
31%
IT Related
28% 23%
Financial
15% 15%
Workforce
Customer
Product
Improvements
13% 10%
Management
Sales
Cost
Management
9%
9%
Efficiency
and
Productivity
Degree of
increase from
previous year
Degree of
decrease from
previous year
Source: Gartner 2018
CEOs mentioning workforce in their top three
priorities rose from 16% to 28%. When asked about
the most significant internal constraints to growth,
employee and talent issues were at the top. CEOs
said a lack of talent and workforce capability is the
biggest inhibitor of digital business progress.
CEOs recognize the need for
cultural change
Culture change is a key aspect of digital
transformation. The 2018 Gartner CIO Survey found
CIOs agreed it was a very high-priority concern,
but only 37% of CEOs said a significant or deep
culture change is needed by 2020. However, when
companies that have a digital initiative underway
are compared with those that don’t, the proportion
in need of culture change rose to 42%.
Digital business matters to CEOs
Survey respondents were asked whether they
have a management initiative or transformation
program to make their business more digital. The
majority (62%) said they did. Of those organizations,
54% said that their digital business objective is
transformational while 46% said the objective of the
initiative is optimization.
In the background, CEOs’ use of the word “digital”
has been steadily rising. When asked to describe
their top five business priorities, the number of
CEOs in the survey
believe that a lack of
talent and workforce
capability is the biggest
inhibitor of digital
business progress
respondents mentioning the word digital at least once
has risen from 2.1% in the 2012 survey to 13.4% in
2018. This positive attitude toward digital business
is backed up by CEOs’ continuing intent to invest in
IT. 61% of respondents intend to increase spending
on IT in 2018, while 32% plan to make no changes to
spending and only 7% foresee spending cuts.
More CEOs see their companies as
innovation pioneers
The 2018 CEO survey showed that the percentage
of respondents who think their company is an
innovation pioneer has reached a high of 41%
(up from 27% in 2013), with fast followers not far
behind at 37%
May 2018 | CIO&LEADER
33

Insight
Artificial intelligence
sees big business
As per Gartner, the growth will be 70% from 2017,
totalling USD 1.2 trillion in 2018
By CIO&Leader
Global business value derived from artificial
intelligence (AI) will total USD 1.2 trillion in 2018,
a rise of 70% from 2017, according to Gartner.
AI-derived business value will reach USD 3.9
trillion in 2022.
The three different sources of AI business value are:
Customer experience: The positive or negative
effects on indirect cost. Customer experience is a
necessary precondition for widespread adoption
of AI technology to both unlock its full potential
and enable value.
New revenue: Increasing sales of existing products
and services, and/or creating new product or
service opportunity beyond the existing situation.
Cost reduction: Reduced costs incurred in producing
and delivering those new or existing
products and services.
“AI promises to be the most disruptive class of
34 CIO&LEADER | May 2018

Insight
Forecast of Global AI-Derived Business Value (Billions of U.S. Dollars)
2017 2018 2019 2020 2021 2022
Business Value 692 1,175 1,901 2,649 3,346 3,923
Growth (%) 70 62 39 26 17
Source: Gartner (April 2018)
technologies during the next 10 years
due to advances in computational
power, volume, velocity and variety of
data, as well as advances in deep neural
networks (DNNs),” said John-David
Lovelock, research vice president at
Gartner. “One of the biggest aggregate
sources for AI-enhanced products
and services acquired by enterprises
between 2017 and 2022 will be niche
solutions that address one need very
well. Business executives will drive
investment in these products, sourced
from thousands of narrowly focused,
specialist suppliers with specific
AI-enhanced applications.”
As per Gartner, the AI business value
growth rate will be 70%, but it will
slow down through 2022 (see Table 1).
“In the early years of AI, customer
experience (CX) is the primary
source of derived business value, as
organizations see value in using AI
techniques to improve every customer
interaction, with the goal of increasing
customer growth and retention. CX is
followed closely by cost reduction, as
organizations look for ways to use AI to
increase process efficiency to improve
decision making and automate more
tasks,” said Lovelock. “However,
in 2021, new revenue will become
the dominant source, as companies
uncover business value in using AI
to increase sales of existing products
and services, as well as to discover
opportunities for new products and
services. Thus, in the long run, the
business value of AI will be about new
revenue possibilities.”
Breaking out the global business
value derived by AI type, decision
support/augmentation (such as DNNs)
will represent 36% of the global
AI-derived business value in 2018. By
2022, decision support/augmentation
will have surpassed all other types of
AI initiatives to account for 44% of
global AI-derived business value.
“DNNs allow organizations to
perform data mining and pattern
recognition across huge datasets
not otherwise readily quantified
or classified, creating tools that
classify complex inputs that then
feed traditional programming
systems. This enables algorithms for
decision support/augmentation to
work directly with information that
formerly required a human classifier,”
said Lovelock. “Such capabilities
have a huge impact on the ability of
organizations to automate decision
and interaction processes. This new
level of automation reduces costs
and risks, and enables, for example,
increased revenue through better
microtargeting, segmentation,
marketing and selling.”
Virtual agents allow corporate
organizations to reduce labor costs
as they take over simple requests
and tasks from a call center, help
desk and other service human
agents, while handing over the more
complex questions to their human
counterparts. They can also provide
uplift to revenue, as in the case of
roboadvisors in financial services or
upselling in call centers. As virtual
employee assistants, virtual agents can
help with calendaring, scheduling and
other administrative tasks, freeing up
employees’ time for higher value-add
work and/or reducing the need for
human assistants. Agents account
for 46% of the global AI-derived
business value in 2018 and 26% by
2022, as other AI types mature and
contribute to business value.
Decision automation systems use
AI to automate tasks or optimize
business processes. They are
particularly helpful in tasks such
as translating voice to text and vice
versa, processing handwritten
forms or images, and classifying
other rich data content not readily
accessible to conventional systems.
As unstructured data and ambiguity
are the staple of the corporate
world, decision automation — as it
matures — will bring tremendous
business value to organizations. For
now, decision automation accounts
for just 2% of the global AI-derived
business value in 2018, but it will
grow to 16% by 2022.
Smart products account for 18%
of global AI-derived business value
in 2018, but will shrink to 14% by
2022 as other DNN-based system
types mature and overtake smart
products in their contribution to
business value. Smart products
have AI embedded in them, usually
in the form of cloud systems that
can integrate data about the user's
preferences from multiple systems
and interactions. They learn about
their users and their preferences
to hyperpersonalize the experience
and drive engagement
May 2018 | CIO&LEADER
35

Insight
Facebook seeks a
'friend' in blockchain;
will it succeed?
Facebook creates a dedicated team to explore blockchain
potential and appoints Facebook Messenger head to lead
the initiative
By Shubhra Rishi
ccording to news reports, Facebook executive David
Marcus, who has been responsible for managing the
company's standalone messaging app, Messenger,
will head a new team dedicated to exploring the
potential of blockchain technology. This team will
comprise instagram executives including Insta-
Agram's VP of Engineering, James Everingham and
Instagram's VP of Product, Kevin Weil. Prior to joining
Facebook, Marcus was CEO at PayPal.
In lieu of the latest Cambridge Analytica controversy
where the social network was in the line of
fire for endangering data and privacy of its large
user base, the company's move to explore blockchain
has its pros and cons.
36 CIO&LEADER | May 2018

Insight
The Pros
Firstly, a blockchain-based social media platform
will provide a high degree of privacy and
security for its users. Users will have more control
over their information and say Facebook,
will no longer be responsible for managing
this data. There are a number of blockchainbased
platformes such as, Steemit, Numa, Sola,
Indorse, which are experimenting with blockchains
and cryptocurrencies.
Take for instance, Numa, which is like Twitter
– "but with cutting edge distributed technologies,
so no central entity owns your data," it says
on its homepage.
On Numa, you can create an account, message,
follow, or favorite a piece of information, and this
data gets stored on a distributed file sharing protocol
(IPFS). On Numa, all your data is stored in a
public, distributed way, unlike on a central entity
such as Facebook, which makes it impossible for
any entity to revoke your access to your data.
Steemit, on the other hand, is a decentralized
reward platform (a social network built on the
Steem blockchain) meant for publishers/users
to monetize content and grow their community.
Steemit users can earn token-based compensation
(cryptocurrencies) for their posts, pictures, music,
and videos. Steemit is powered by Ethereum, a
decentralized platform that runs smart contracts
or "applications that run exactly as programmed
without any possibility of downtime, censorship,
fraud or third-party interference."
Akasha is another decentralized platform
built by Mihai Alisie, founder of Ethereum and
Bitcoin Magazine. The platform has an interface
like Twitter, can be used to can publish, share
and vote for entries, similar to Medium and
other modern publishing platforms -- with a
marked difference that your content is actually
published over a decentralized network rather
than on Akasha's servers. Subscribes on Akasha
can up-vote your content, where votes are
bundled with micro transactions.
There are several other social media platforms,
such as onG.social, Indorse, The Merkle, and
Sapien, among others, built on blockchain. All
A blockchainbased
social
media platform
will provide a high
degree of privacy
and security for its
users
the above blockchain-based social media platforms
offer use cases in the following areas:
Data integrity and security
Better content control
Earn money in the form of crypto currencies
Freedom of speech
Cons
However, there are also cons that might serve as
barriers to the above advantages the technology has
to offer in ‘regulating’ social media in a way:
The problem of fake news
Crypto currency is still not an accepted form of
payment in many countries
Blockchain technology is still not scalable
With Facebook announcing a new team now, the
ground work for exploring blockchain for future
use, must have began a long time ago. Even if it is
on damage-control mode, it is a step in the right
direction – targeted at improving data integrity
and security of its users’ information. Moreover, it
will be interesting to observe how the blockchain
will combat the above-mentioned cons, which
stand in the way of success of any blockchainbased
social network
May 2018 | CIO&LEADER
37

Insight
The dirty secrets of
network firewalls
As per a network study, 61% would like to see better
perimeter security in their organization’s network firewall
along with better threat visibility and better protection
By CIO&Leader
38 CIO&LEADER | May 2018

Insight
M
ajority of Indian IT managers have legal liabilities
when it comes to unidentified traffic in their organizations,
according to India findings of Sophos
survey, The Dirty Secrets of Network Firewalls.
In fact, nearly one in four globally cannot identify
70% of their network traffic. The lack of visibility
creates significant security challenges for today’s
businesses and impacts effective network management.
The survey polled more than 2,700 IT
decision makers across mid-sized businesses in
10 countries worldwide, including the US, Canada,
Mexico, France, Germany, the UK, Australia,
Japan, South Africa and India.
Considering the debilitating impact cyberattacks
can have on a business, it’s unsurprising
that 90% of respondents agree that a lack of
application visibility is a serious security concern.
Without the ability to identify what’s running
on their network, IT managers are blind to
ransomware, unknown malware, data breaches
and other advanced threats, as well as potentially
malicious applications and rogue users. Network
firewalls with signature-based detection are
unable to provide adequate visibility into application
traffic due to a variety of factors such as
the increasing use of encryption, browser emulation,
and advanced evasion techniques.
“Controlling network traffic is an essential role
of every firewall yet 61% IT managers can’t tell
you how their bandwidth is being consumed,”
said Sunil Sharma, Managing Director Sales at
Sophos India & SAARC. “If you can’t see everything
on your network, you can’t ever be confident
that your organization is protected from threats.
IT professionals have been ‘flying blind’ for too
long and cybercriminals take advantage of this.”
As per the survey, 61% would like to see better
perimeter security in their organization’s network
firewall along with better threat visibility
and better protection.
Network firewalls
with signature-based
detection are unable
to provide adequate
visibility into app
traffic due to a
number of factors
May 2018 | CIO&LEADER
39

Insight
Organization’s firewall is the gateway between
network and internet. Together with endpoint
protection, it’s an integral pillar of security infrastructure.
Despite the importance of its role in
defenses, the survey revealed that firewalls are
failing organizations when it comes to delivering
the protection they need. On an average, Indian
organizations face 26 infected machines a month;
approximately 60% higher infected devices in
comparison to the global average.
“Ineffective firewalls are costing you time
and money. On an average, organizations are
spending 7 working days to remediate infected
machines,” said Sharma.
“A single network breach often leads to the compromise
of multiple computers, so the faster you
can stop the infection from spreading the more
you limit the damage and time needed to clean it
up,” Sharma further added. “Companies are looking
for the kind of next-generation, integrated
network and endpoint protection that can stop
advanced threats and prevent an isolated incident
from turning into a widespread outbreak. Sophisticated
exploits, such as MimiKatz and Eternal-
Blue reminded everyone that network protection
is critical to endpoint security and vice versa.
Only direct intelligence sharing between these
two can reveal the true nature of who and what is
operating on your network.”
Sharma went onto explain that the findings highlighted
the importance of ‘simplicity’ in all aspects of
the security process; network, endpoint or server.
“Reducing complexity is absolutely fundamental
to ensuring data and device security; a fact reflected
in the research. According to the data, 79% respondents
have security risks from unwanted or unnecessary
apps, and a further 60% are concerned by
productivity loss due to unwanted ones. Unnecessary
complexity compromises transparency for a
network manager and the end user, and can lead to
– not merely security concerns – but, even, liability
and compliance issues. The concept of simplicity
is central to Sophos, in the way our products are
designed and in the counsel we provide. We believe
that the simpler the security protocols are to implement,
the more likely they are to be effective.”
Organizations acknowledge the need for better
protection, visibility and response. The survey
revealed that 84% of IT managers polled want
better protection from their current firewall. 99%
want their firewall technology to automatically
isolate infected computers, and 96% want endpoint
and firewall protection from the same vendor if it
improves detection rates and incident response.
Security is Not the Only Risk to
Businesses
Following security risks, 60% organizations
are concerned about loss of productivity from
unproductive apps. Business productivity can be
negatively impacted if IT is unable to prioritize
bandwidth for critical applications.
For industries that rely on custom software
to meet specific business needs, an inability to
prioritize these mission critical applications
over less important traffic could be costly. 69%
of IT professionals who had invested in custom
applications admitted that their firewall could
not identify the traffic and therefore were unable
to maximize their return on investment. Lack of
visibility also creates a blind spot for the potential
transfer of illegal or inappropriate content
on corporate networks, making companies vulnerable
to litigation and compliance issues.
“Organizations need a firewall that protects
their investment in business-critical and custom
applications by allowing employees to
have prioritized access to the applications they
need,” said Sharma. “Increasing network visibility
requires a radically different approach.
By enabling the firewall to receive information
directly from the endpoint security, it can
now positively identify all applications – even
obscure or custom applications.”
40 CIO&LEADER | May 2018

ns'k dk lcls yksdfiz; vkSj fo‚luh; VsDuksykWth osclkbV
fMftV vc fganh esa miyC/k gSaA u;h fganh osclkbV vkidks
VsDuksykWth ls tqMs+ gj NksVh cM+h ?kVukvks ls voxr j[ksxhA lkFk
esa u, fganh osclkbV ij vkidks fMftV VsLV ySc ls foLr`r xStsV
fjO;q ls ysdj Vsd lq>ko feysaxsA fMftV tYn gh vkSj Hkh vU;
Hkkjrh; Hkk"kkvks esa miyC/k gksxkA
www.digit.in/hi
www.facebook.com/digithindi