5 Steps to Enterprise Cloud
Why Data Is the “Next
Your Driver’s License
3D Printing and the
Intermountain’s Marc Probst, CIO
The old “do it yourself” approach to cybersecurity leaves you vulnerable to today’s sophisticated attacks.
Attacks that can come from anywhere in the world and at any time day or night. Attacks that make you
focus less on your business strategy and more on getting your reputation back. What you need is a
partner that monitors the globe day and night looking out for you — armed with advanced abilities that
can recognize a dangerous threat in the midst of the white noise. And, the capability to protect you
before the attack gets to your doorstep.
Change the model and run your business on your terms. Get CyberconfidenceTM
, with integrated global
cybersecurity solutions from CSC.
Learn more at CSC.COM/CYBERSECURITY.
2 CSC WORLD | SPRING/SUMMER 2013
CSC WORLD | spring/summer 2013 | VOLUME 12 | NUMBER 2
CSC partners with SAP to offer next-gen banking
solutions; Maruf Majed is named vice president and
general manager for Asia, Middle East and Africa; and
CSC agrees to sell its Applied Technology Division.
6 heard on csc.com
Experts are coming to CSC.com to make their voices
heard, in CSC Town Halls, online communities and
Ingenious Minds blogs.
8 Catering to a Connected World
Mary Jo Morris, vice president and general manager of
Diversified Industries at CSC, shares thoughts on the
importance and prevalence of connectedness.
9 Exploring the Nordic and Baltic Regions
John Walsh, vice president and general manager of
the Baltic and Nordic regions at CSC, discusses the
opportunities and challenges facing business leaders.
The healthcare industry is entering a world of great
opportunity and tremendous risk. Intermountain, a
22-hospital health system, is using innovative technology
to improve care and secure systems.
14 Kaiser Permanente CIO: ‘The Consumer
Is in Charge’
There’s a revolution brewing in healthcare, and one of its
chief insurrectionists is Phil Fasano. The executive VP and
CIO of Kaiser Permanente discusses his new book.
17 A New Model for Medicine
The practice of medicine is changing. Lisa Pettigrew,
industry general manager for Global Healthcare
at CSC, unveils three new models for care.
18 Medical Device Firm Grows Better Data With
Biomet Microfixation, an innovator in the medical industry,
chooses enterprise cloud applications by Salesforce.com to
improve its ability to generate real-time, accurate data.
3SPRING/SUMMER 2013 | CSC WORLD
36 Automotive Industry Goes Driving
in the Cloud
While flying cars may still be out of reach, cloud
computing, mobile broadband, location-awareness and
big data technologies are bringing the car of the future
to market today.
40 How 3D Printing Will Turn Manufacturing
on Its Head
3D printing sounds like something straight out of science
fiction, but the idea that you can use a computer to quickly
create complex objects seemingly out of thin air is a reality.
42 Your Driver’s License Is Obsolete
The Internet and mobile devices have brought us wonderful
conveniences but also significant challenges. Paper-based
IDs are no longer suited for this world.
43 Could a Smartphone Solve Immigration Reform?
Many people dream of visiting the U.S. But new rules
have made the travel visa process too difficult for some.
Smartphone biometrics could help.
44 Four Waves to the Cloud
At H. D. Smith, a pharmaceutical distributor, the cloud is not a
choice, but an imperative. CIO David Guzman, discusses why
cloud computing offers compelling economics and capabilities.
20 Financial Regulations Sweep the Globe
The U.S. government continues to look for ways to prevent
anyone from not paying their fair share of taxes. A new law
designed to improve reporting will affect everyone.
21 How Cloud Is Disrupting Financial Services
Cloud-driven change is affecting how processes are
managed, how IT investment is handled, and how costs are
allocated. But the biggest changes are not related to IT.
22 5 ‘Must Haves’ for Every BI Dashboard
The effective use of business intelligence gives companies a
competitive advantage. Delivering timely information to decision
makers can be accomplished with a well-designed BI dashboard.
24 Putting the ‘I’ Back in IT
The growth of the IT industry has been driven by the “T”
in IT. New technologies have captured most of the public’s
imagination. That dynamic is changing.
26 The Case for Managed Security Services
Organizations face a dilemma: the number of cyberattacks
continues to grow, while budgets continue to remain flat.
Managed security services are often the best option.
28 Decoding the President’s Cybersecurity Mandate
The growing frequency of cybercrime is top-of-mind for
U.S. officials. Samuel Visner, executive vice president and
general manager of cybersecurity at CSC, explains why.
30 3 Reasons to Believe in Hybrid Clouds
Cloud services come in different shapes and sizes. Lately,
many organizations are turning to hybrid solutions and
infrastructure models that can be tailored to specific needs.
32 Why Enterprise Clouds Rule
Cloud computing has become a key part of an IT leader’s
toolkit. Many organizations use cloud for various reasons.
It’s critical to select the appropriate cloud model.
34 5 Steps to Enterprise Cloud
Will the consumer cloud — the popular, low-cost service
offered by Amazon and others — be to cloud what the
iPhone was to mobile? Siki Giunta, vice president and
general manager of cloud services at CSC, says no.
New ON CSC.COM
Infographics Central: Explore key trends and data in
visual and interactive ways with a collection of CSC
infographics on emerging technologies such as cloud
computing, big data and mobile banking.
CSC Town Halls: Join a continuing series of online
conferences on IT topics that matter to you, featuring
CSC experts and special guest speakers ready to answer
your questions. csc.com/TownHall
Success Story Briefing Center: View video success
stories featuring CSC subject matter experts, clients and
global partners or search hundreds of stories that cover
a wide range of solution areas.
4 CSC WORLD | SPRING/SUMMER 2013
CSC has reached a definitive agreement with PAE for the sale
of its base operations, aviation and range services business unit,
Applied Technology Division (ATD), for $175 million in cash. CSC
acquired ATD with the 2003 purchase of DynCorp.
Announced on May 29, this agreement is CSC’s sixth divestiture
in seven months, furthering CSC’s transformation strategy
to rebalance its portfolio of services by focusing on its core
strength in next-generation technology solutions and services.
CSC will sell the aviation maintenance, base operations
and maintenance, test and training range, and space range
businesses of ATD, while retaining the division’s training and
simulation business. ATD currently performs work at more than
20 client locations in the continental United States.
“The sale of ATD supports our realignment of company
assets with our strategy of leading in the next generation of
technology solutions and services, including cybersecurity,
big data and cloud computing,” said CSC President and CEO
PAE’s dedicated focus providing mission-critical services to the
U.S. government and its allied partners will ease the transition
for clients and employees. ATD’s senior management team and
its approximately 5,400 employees will transfer to PAE as part
of the agreement.
In fiscal year 2013, ATD revenue was approximately $760 million
with low-to-mid single-digit operating margins. ATD revenue
has been reported within CSC’s North American Public Sector
(NPS) and will be recast as discontinued operations.
The transaction is subject to customary closing conditions,
including the receipt of various consents and an anti-trust
clearance under the Hart-Scott-Rodino Act. CSC expects to
close the transaction in the summer of 2013.
Get the latest CSC news at
CSC Agrees to Sell Its Applied
5SPRING/SUMMER 2013 | CSC WORLD
In May, CSC announced an expanded partnership with SAP
designed to accelerate the banking industry’s move to
next-generation technology platforms. CSC and SAP have
cooperated to define a new global go-to-market strategy for
their banking software and services offerings to help reduce
the risk, implementation time, and cost of modernizing business
processes and IT environments.
Under the expanded alliance, CSC will be an SAP global services
partner for the banking industry and is expected to provide
systems integration services for banks using SAP solutions. CSC
is also now a global value-added reseller of SAP, authorized to
resell SAP products, services and support. In addition, SAP and
CSC will co-sell their banking software and solutions.
The companies’ software and services address a wide spectrum
of enterprise technology and business needs to help banks keep
pace with evolving customer, market and regulatory demands.
Banks that have delayed upgrading their infrastructure and
applications can modernize them incrementally, which can help
lead to both lower costs and risk. The companies can unify
for customers a set of next-generation consulting, software,
enterprise services and testing technology platforms that
are designed to leverage both companies’ banking industry
expertise and extensive offerings.
“Modernization is both a costly and complex undertaking for
banks around the globe,” said Robert Hunt, senior research
director, CEB TowerGroup. “Because of this, many banks continue
to operate on legacy systems developed decades ago. Choosing
services and software from CSC and SAP makes perfect sense
and offers a compelling proposition to banks that have pushed
out or barely started their modernization projects to help meet
customer demands or improve operating efficiency.”
“Our vision for this software partnership is to help enable
large global and mid-sized regional banks to drive profitable
growth through cost savings, greater agility, more innovation
and a superior customer experience,” added Thomas E. Hogan,
executive vice president and general manager, CSC Global
Business Services. “Banks will now have more choice when
modernizing their technology systems.”
“CSC and SAP have been partnering for 30 years, helping to
bring value to customers around the world,” said Robert Enslin,
president of Global Customer Operations and a member of
Global Managing Board, SAP. “With this expanded relationship,
we look forward to further accelerating our efforts in the
As a long-time SAP global services partner, CSC implements
and delivers SAP solutions to customers across many industries
and is an SAP-certified provider of cloud services, hosting
services and application management services. In addition, CSC
has a successful practice in Central Europe focused on SAP
solutions used in the banking industry and has collaborated
with SAP on many complex implementation projects.
Learn more at csc.com/SAP.
In April, CSC named Maruf
Majed, vice president and general
manager for Asia, Middle East and
Africa. As the regional managing
director, Majed will drive and
coordinate all CSC operations
across the region.
“Asia, the Middle East and
Africa represent an enormous
opportunity for growth,” said
Thomas E. Hogan, executive vice
president and general manager for CSC’s Global Business
Services & Regions. “CSC is committed to establishing a
leadership position in these important regions, and we are
delighted to add an executive with Maruf’s credentials to
“I am thrilled to join CSC and look forward to leveraging
CSC’s strengths in next-generation solutions, such as cloud
computing, cybersecurity and big data, to enable improved
business outcomes for our clients,” said Majed.
Majed has a rich background in technology leadership roles,
including senior assignments at IBM, Gulf Business Machines,
Siebel Systems, webMethods, and, most recently, Misys. He
holds a Bachelor of Science from the University of North Dakota
and a Master of Business Administration from the University
Learn more about CSC at
Maruf Majed Named Head of Asia, Middle East and Africa
Changing the Way Banks Do Business
CSC and SAP Align Banking Portfolios to Deliver Advanced Solutions
6 CSC WORLD | SPRING/SUMMER 2013
Some will argue that telecommuting hurts productivity, but
studies have shown that the opposite is true. With modest
investments in technology, you can have the best of both
worlds. Employees can see each other’s faces in meetings,
and they can collaborate in ways that are both productive
and creative. Telecommuting doesn’t have to be sacrificed,
and we couldn’t go back if we wanted to.
One of CSC’s Ingenious Minds
CSC.comExperts inside and outside of CSC are coming to CSC.com to make their
voices heard, in CSC Town Hall webcasts, our online communities and our
Ingenious Minds blogs. Here are some highlights.
The promise of
3D printing can make objects with
a complex internal structure that
would be almost impossible using
traditional methods. There’s no
large factory and no retooling of
an entire assembly line. The same
printer that creates a piece of art can be used next to
print a bike part. And that printer can be kept close to the
point of consumption, which has implications for logistics.
Regional Manager, Executive Programme, Leading Edge Forum
Town Hall, “How 3D Printing Will Turn Manufacturing on Its Head”
6 CSC WORLD | SPRING/SUMMER 2013
7SPRING/SUMMER 2013 | CSC WORLD
Sure, you still see them around the
office, but make no mistake: Desktop
computers are the equivalent of
dinosaurs in the days after Earth
was struck by a large meteor. They were still there, but they
were the walking dead, doomed to eventually vanish. The
desktop’s meteor is mobile computing.
CIO Engage blog post, “The desktop is (pretty much) dead”
Is the typical CIO’s performance
rated on the effectiveness of the IT
security and risk management pro-
gram? Not really. They’re focused
on keeping new IT running on time,
keeping IT costs low, and getting
new IT initiatives out quickly. In an effective security orga-
nization, everyone is responsible for IT security, and they’re
held to it. Whoever is reporting directly to corporate
leadership, such as the chief executive or operating officer,
needs be held accountable.
CIO Engage blog post, “The 5 Keys of Effective Security Management”
Taking stock of
Not only is the National Climate
Assessment a huge undertaking,
the subject is a dynamic system
that is changing while we study it.
It’s like trying to give someone an
exam while they’re running a marathon. We discover new
variables, inputs, influencers and rhythms to our climate
on a regular basis. But are those observations — say, for
example, the recent spate of extreme weather events
in the U.S. — an isolated incident? Part of a long cycle
repeating pattern? Or representative of a genuinely
new trend? Accurately characterizing such an intricate
system takes a lot of thought and discussion.
One of CSC’s Ingenious Minds
There were a lot of automobile renters who were never
engaged in any kind of campaign, communication, survey
— anything except the rental. The name of the game these
days is ‘engagement.’ You hear that over and over with
mobile and social and everything out there now. It led to
some thinking about the best way to engage with those
Senior partner in CSC’s Big Data & Analytics group.
Town Hall, “How Avis Budget Uses Big Data in Marketing”
7SPRING/SUMMER 2013 | CSC WORLD
8 CSC WORLD | SPRING/SUMMER 2013
Getting connected has never been more important, or more
valuable. That’s true whether you work in private industry or
the public sector. It’s also true whether you’re connecting with
co-workers, customers, partners or suppliers. The need to
connect is the new requirement.
Fortunately, today’s technologies can connect us as never
before. Social media changes communications between
suppliers and customers from monologues to conversations.
Smart grids connect utilities with consumers by adding
intelligence, smart metering and more. Cloud computing
connects technology providers with users to enable new forms
of IT as a service.
CSC’s Diversified Industries group is making connections
in three main sectors: Energy and Natural Resources;
Communications and High-Tech; and Consumer and
Transportation. While there is great diversity among these
sectors, they are bound together by common market drivers,
including aging infrastructure in need of modernization,
increased security and intelligence, real-time information
demands, and a growing velocity and volume of data.
In Energy and Natural Resources, there’s a new focus on
smart energy. These industries have, over time, built large
infrastructures composed of heavy plant
and equipment. Now they want
to get more intelligence out of
that infrastructure. They want
to operate more efficiently
from remote locations,
with more safety, better
security, fewer people and
greater precision. Their
goal is to build so-called
smart grids: networks
that connect providers
and suppliers in
an intelligent and
automated way and
provide access to
by Mary Jo Morris
data at the point of production. These smart grids empower
energy providers to gather and act on information in new ways.
In the Consumer and Transportation sector, we’ve seen
entire companies transformed by the rise of the Constantly
Connected Consumer and passenger. This new level of
connectivity has inspired many consumer companies to rethink
the very nature of how they go to market, and with whom.
What’s considered “good service” has been transformed, too;
by harvesting data from social media and customer databases,
manufacturers and retailers can offer customized products
based on predictive analytics.
Similarly, in Transportation, we have solutions that extend
the Connected Consumer to another client base — the
Smart Traveler. By using data and analytics to detect traveler
preferences, we can “automate the journey” for transportation
companies that serve the traveler. We also enable those
companies, through automation and modernization, to provide
a more secure, reliable, efficient, and pleasant experience for
Finally, in Communications and High-Tech, it’s these
companies that provide the enabling infrastructures and
products that connect us all. Mobility, cloud, social media,
dynamic storage, virtual networks — are all technologies that
underpin our solutions.
In addition to wanting greater connectivity, most of our
clients share another desire, namely, to expand into Asia. Here
especially, getting connected is vital. Social media, mobile
technology, cloud and other IT innovations will be key enablers
for these companies to do business globally. Application
modernization is also important, as many expand geographically
by offering cloud-based applications as a service.
Agility is increasingly important, too. In today’s business
environment, innovations appear at an ever-faster rate, and
they are increasingly disruptive. Consider, for example, how the
rise of mobility has transformed the entire telecom industry.
Again, the cloud is helping, this time by allowing companies to
dynamically allocate infrastructure resources.
Security and privacy are important elements of these new ways
of connecting. One unfortunate side effect of offering greater
connectivity is that organizations also connect hackers, criminals
and other “bad guys” with their systems. So as they extend their
connections, they must also strengthen their protections.
The ability to connect with suppliers, partners and customers
— and to do so with high levels of privacy and security — will
define the leaders of tomorrow. But the time to build the IT
infrastructures that enable greater connectivity is today.
Mary Jo Morris is VP and general manager of Diversified
Industries at CSC.
Catering to a
9SPRING/SUMMER 2013 | CSC WORLD
As an American working in the Nordic region, I’ve been
impressed by the happiness. If you look at the latest worldwide
indices, Norway ranks first, making it the happiest country
on Earth. Right behind is Denmark at number two, Sweden
at number three, and Finland, a close number seven. Perhaps
they’re so happy about their countries’ strong social-welfare
states. For example, Norway distributes all the profits from its
oil business into a national pension plan, now worth more than
$710 billion, that benefits every citizen in the country.
I’m happy to be here, too, but for a different reason: for the
opportunity to help local businesses and public sector agencies
dramatically improve their competitiveness. That’s a top goal
right now for many of the region’s enterprises, which — despite
the region’s small population — include such large, well-known
brands as Ikea, Lego, Maersk, Nokia and Saab. While their
region’s citizens may be protected by the state, these Nordic
businesses must compete in tough, fast-moving international
markets, where it’s every company for itself.
Fortunately, CSC has been able to help with a range of
IT-powered business solutions. When Nordic businesses and
government agencies need help with cybersecurity, cloud
computing, data analytics, or utility-based computing and
storage models, they know they can turn to CSC for solutions.
Take cybersecurity, a major concern in the Nordic region. When
one of our clients was recently attacked by hackers affiliated
with Russian organized crime, we helped the client identify the
details of the attack, eliminate it, repair the damage, and bolster
protections for future prevention. Other local enterprises face
serious threats from rogue nations, organized criminals, spies
and others, and we’re helping them detect attempted attacks
and deter them.
Another important tool for the region is cloud computing, and
the related ability to offer IT capabilities as a service. The cloud
helps enterprises gain agility, increase cycle times, improve
service quality, mitigate risk, innovate, reduce waste and lower
their costs. We recently implemented BizCloudTM
, our private-
cloud solution, for Telenor Group, a Norway-based mobile
operator. Telenor, with 148 million subscribers in 11 national
markets, is one of the largest telcos in the world, and it’s using
ExposureCSC sees big opportunities in the Nordic and Baltic regions.
our service to gain high levels of both scalability and flexibility.
Similarly, the cloud lets us offer Storage as a Service, a utility-
model solution that lets our clients pay for only the storage
capacity they actually need.
Data analytics is another huge and growing opportunity.
Companies with large amounts of data, such as insurers, are
looking to transform those files into actionable information.
To do this, they will need new tools and techniques that not
only solve business problems, but also improve the customer
experience and boost profitability. They will also need new data
tools that can handle new forms of information — much of it
unstructured — now being collected from social media, online
videos and industry researchers.
With Nordic governments playing such a large role in their
economies, you may not be surprised to hear that we also
work extensively with the local public sector organizations.
For example, we’re helping the Danish government undertake
an innovative e-business transformation. The project involves
registering property, vehicles and other assets; operating
major tax systems; and running significant components of the
government’s IT infrastructure.
The countries of the Nordic region, while sharing many cultural
commonalities, also differ from one another in important ways.
They speak different languages, take different approaches
to decision making, and specialize in different industries. Yet
they all share a large and growing business environment, a
willingness to invest in IT and automation, and an intense desire
to work faster, cheaper and simpler.
John Walsh is VP and general
manager of the Baltic and Nordic
Regions at CSC.
Exploring the Nordic and Baltic Regions
Hear more from John in the video: Applying
Next-Gen Technology in the Nordic and Baltic
Regions at csc.com/nordics
by John Walsh
10 CSC WORLD | SPRING/SUMMER 2013
While attacks on the healthcare industry aren’t as high-profile
as those experienced by the financial services and energy
sectors, security experts say cybercriminals have increased
their assaults on critical medical systems to steal valuable
Surveys show that most health organizations have
suffered some kind of data breach or security incident.
For example, Ponemon Institute’s Third Annual Study
on Patient Privacy reveals 94% of the healthcare
organizations it interviewed reported at least one data
breach in the past two years, and 45% said they had more
than five breaches during that time.
With risks continuing to escalate, some organizations are
taking a proactive approach, working to better protect
patients’ data and fortify their systems before an attack or
One organization keen on building greater resiliency and
security is Intermountain Healthcare, a health system
repeatedly honored for excellence and innovation both in
healthcare and its use of technology. Last year, CSC began
working with Intermountain to help strengthen its security.
Along the way, the team has applied innovative approaches to
better secure Intermountain’s network of systems and data.
Managing risk with innovation
Intermountain Healthcare is a nonprofit health system based
in Salt Lake City, Utah, consisting of 22 hospitals, 185 physician
clinics, an affiliated health insurance company and 33,000
employees that serve the state of Utah and southeastern Idaho.
“Intermountain Healthcare has a long legacy of very high
quality in healthcare and, from a cost perspective, we are one
of the lowest-cost providers of healthcare in the country,”
says Marc Probst, chief information officer and vice president
of Information Systems at Intermountain Healthcare. “That
comes from a focus on using systems and really smart
people taking the data from these systems and making good
decisions. In areas like privacy and security, though, we are
looking to other industries.”
by Jenny Mangelsdorf
The healthcare industry is venturing into a
world of tremendous opportunity — and
tremendous risk. By linking systems and
medical devices to the Internet, adopting
electronic health records and implementing
regulatory reforms, the industry is drastically
improving healthcare for all of us. But
the changes are also creating a health IT
landscape fraught with security challenges.
10 CSC WORLD | SPRING/SUMMER 2013
11SPRING/SUMMER 2013 | CSC WORLD
Client: Intermountain Healthcare
• Growing use of vulnerable, complex medical
technologies, mobile devices and medical
diagnostic devices with IP addresses
• Escalating healthcare focus by cybercriminals,
partially due to increased black-market value of
patient medical records
• Evolving regulations carrying both legal and
• Data classification, identification, encryption and
• Audit preparedness
• Revised security policies, procedures, guidelines
• An innovative scalable, self-healing, controlled
and managed network infrastructure design that
protects data, applications and systems
• Greater resiliency and security to protect patients
and thwart current and emerging cyberthreats
• Creative information security awareness, training
content and delivery
Read more CSC client success stories
Information systems security and privacy ranks a close second
in the top challenges facing healthcare CIOs after attaining
effective meaningful use of electronic medical records, adds
Probst. “Regulation changes and the complex nature of
medical services create a huge security and privacy challenge.”
Cybercriminals’ increased focus on healthcare data compounds
that challenge. Intermountain wanted to ensure that it was
reducing the risk to its organization and that it stays current
with the latest security controls.
“The dynamic has changed substantially,” says Ashif Jiwani,
CSC Global Cybersecurity partner, Healthcare. “A year ago, the
financial services industry was attacked from everywhere in
the world; now the healthcare industry has become the easiest
target for commercial hackers.”
For cybercriminals, stealing identities from sick people is fairly
easy since they’re focused on getting well and many times let
other responsibilities slip, such as ensuring that their identities
haven’t been stolen. Healthcare records, which contain megabytes
of valuable personal data ranging from Social Security numbers
to blood types, have also become more valuable than simple
credit card numbers, which financial industries have worked hard
to protect with antifraud capabilities.
“Through CSC’s global threat intelligence, we are constantly
watching the black-market exchange boards to see what’s
happening on behalf of our clients,” says Tom Patterson, CSC
Global Cybersecurity Consulting general manager. “Currently,
criminals are getting an average of $2 for a credit card record,
whereas a medical record brings about $20.”
An issue of reputation and regulation
At $20 a record, criminals can quickly make a lot of money
and simultaneously damage an organization’s reputation
and budget. Take last year’s attack on the state of Utah’s
Department of Technology Services computer server, which
stores Medicaid and Children’s Health Insurance Program claims
data. Cybercriminals stole 280,000 Social Security numbers and
“less sensitive” personal information of another 500,000 people.
The Utah department is still dealing with the fallout.
11SPRING/SUMMER 2013 | CSC WORLD
12 CSC WORLD | SPRING/SUMMER 2013
“Until a breach occurs, security usually tends to be an
afterthought,” says Jiwani. “Intermountain has decided that’s
not where it wants to be. The system has made security a
priority because it feels that the protection of its patients’
information and privacy as well as its reputation is as
important as any of its other prime strategies.”
State and federal regulators also have strong feelings about
securing patient data and have set penalties, both penal and
financial, for noncompliance and breaches. For example, under
the U.S. Health Information Technology for Economic and
Clinical Health Act, hospitals and other organizations can be
fined up to $1.5 million per year for serious security incidents.
Corporate officers can also go to jail for negligence.
Intermountain, because of its scope, must follow health-
related, banking and insurance regulations, all of which
continue to evolve as cybersecurity gains importance.
Evidence of this evolution can be seen in last year’s audits by
the U.S. Department of Health and Human Services’ Office
for Civil Rights (OCR). The OCR, which audits and enforces
regulations from HIPAA and the HITECH Act, randomly
audited 20 healthcare organizations; 19 failed, says Jiwani.
“We’re finding the OCR has interpreted the regulations
differently [from] industry,” says Karl West, Intermountain
Healthcare chief information security officer. “Because of this,
we decided to innovate and partner with someone who could
help us move into a new paradigm and a new interpretation
of the regulations, and help us create a leadership position in
the protection of patient information. That’s how we came to
work with CSC.”
Segmenting networks and data encryption
A key area where CSC and Intermountain have teamed to
set new benchmarks in the healthcare industry is a network
approach that classifies data, encrypts data at rest and in
transit, and then segments, or enclaves, data and systems
— an approach that simultaneously protects data if stolen
and protects data from being stolen. This approach, which
CSC mainly uses in its public sector work, is a first for the
healthcare industry, says Jiwani.
“Few organizations have looked at developing a strategy
where they can encrypt and enclave their enterprise storage
networks,” he says. “We essentially took defense-level security
and applied it to healthcare.”
Under CSC’s security work with Intermountain, CSC is helping
the healthcare organization apply cutting-edge technologies
and equipment from leading vendors that is mapped and
embedded into these network design solutions.
Addressing BYOD, mobility and telemedicine
The network design principles encompass separation
of duties and separation of data access. The design allows
for managed and controlled access to containerized data
based on need-to-know and access rights. They also include
the use of approaches that support the confidentiality,
integrity and availability of data through controls, and
management around data access, data at rest and data
transport across the network.
The end result provides Intermountain with a sound,
scalable, self-healing, controlled and managed network
infrastructure design that protects data, applications and
systems containing electronic health information.
“This innovative approach, which balances a ‘security
everywhere’ focus with one of ‘security only where it’s
required,’ allows us to be very agile and focus on those
priorities that have the highest risk,” says Jiwani. “We can
dynamically change the areas where we want the most
impact and resources, and use tools in a much more
efficient way. It also allows us to determine the right level of
risk versus cost.”
Marc Probst, CIO and VP
of Information Systems,
13SPRING/SUMMER 2013 | CSC WORLD
New Data Breach Rules
Have Big Impact
by Richard Staynings
This January, the Department of Health and Human Services’
Office of Civil Rights published the Omnibus Final Rule
on amendments to the Health Insurance Portability and
Accountability Act’s Security Rule and the Health Information
Technology for Economic and Clinical Health Act.
The rule makes significant changes to requirements
involving security incident response and the notification
of data breaches for HIPAA “covered entities,” “business
associates” and their subcontractors. Essentially it reverses
the existing process, removes the “no harm, no foul” rule
and requires CEs and BAs to conduct a comprehensive
risk assessment to prove that no personal health information
is compromised when a possible incident occurs. CEs
and BAs are thus assumed guilty until they can prove
themselves innocent — a fairly significant change in the
fundamentals of U.S. law.
What’s more notable is that the rule presumes that any
unreasonable access, impermissible use or disclosure of
PHI is a breach, irrespective of whether this caused, or was
even likely to have caused, harm or damage to anyone. Thus
if a nurse inadvertently sees the record of a patient not in
her care, under the new rule, that action would constitute a
breach and, at the very least, would require that a risk
assessment be conducted.
These changes place a heavy burden on CEs and BAs’ risk
assessment resources and incident response teams, which
need to rapidly investigate, document and report incidents
as possible breaches to meet the new rule’s requirements.
Other changes involve encryption, notices of privacy
practices and breaches — even by organizations that do
not have direct relationships with patients. The presumption
is that organizations “know” collectively what their agents
know and are liable for that knowledge as well as liable for
acts or omissions of its business associates.
Jenny Mangelsdorf is a writer for CSC’s digital
Richard Staynings is a global cybersecurity and
privacy officer, Healthcare, CSC.
Learn more at csc.com/cybersecurity.
While increasing security was already in Intermountain’s
five-year plan, because of rapidly escalating cyberthreats
and evolving regulations, Intermountain decided to
accelerate its security work. CSC helped the company
leverage its discovery and monitoring tools to quickly and
efficiently discover sensitive information without buying new
technology. This effort, in turn, enabled the team to more
quickly begin securing Intermountain’s data.
“We normally see a program like this take three to four years
to fully complete,” says Jiwani. “Through some innovative
approaches to programs, and using a new and differentiating
approach to setting up this program, we have accelerated
our timetable by 50 percent with less than half the budget
we’d normally [devote] to this kind of project.”
This kind of speed and network approach becomes
increasingly critical, especially as physicians, patients,
staff and visitors want to use their own devices to access
“Every physician, every clinician has a favorite device, a
favorite phone, a favorite mobile technology, and for us to
keep ahead of those devices is challenging,” says West. “We
are working to develop strategies and technologies that
enable them to safely and securely use these devices in their
workflow and environment.”
CSC is also helping the healthcare organization strengthen
its administrative security controls, including updating
existing policies, procedures and guidelines. With its
extensive security training expertise, CSC is helping
Intermountain develop a long-term training strategy and
educational content that can be delivered through different
forms of media to help its workforce better understand their
“Our ability to help Intermountain Healthcare spans three
key areas: people, processes and technology,” says Jiwani.
“We are bringing Intermountain an understanding of an
industry-wide paradigm for security relevant to healthcare,
while helping them understand the technology landscape
and develop processes that are innovative and unique.”
“I believe CSC is going to help us become
a model healthcare system in the area
of IS security,” adds Probst. “We’re not
there today, but we have ground to
move forward on. I’m very bullish on
what we’re creating together.”
Watch our Intermountain Healthcare Success
Story Videos at csc.com/intermountain.
Ashif Jiwani, Partner,
Healthcare Group, CSC
14 CSC WORLD | SPRING/SUMMER 2013
In an interview, Phil Fasano,
executive VP and CIO of
Kaiser Permanente and
the author of a new book,
explains how technology-
enabled care can make
patients — and the
industry — healthier.
Kaiser Permanente CIO:
Is in Charge”
There’s a revolution
brewing in healthcare,
and one of its chief
Phil Fasano. In his role
as executive VP and
CIO of CSC client Kaiser
Permanente, an integrated healthcare
provider and not-for-profit health plan that
serves more than 9 million patients, he
oversees IT for one of the largest healthcare
organizations in the United States. Fasano
is also the author of a recent book,
Transforming Health Care: The Financial
Impact of Technology, Electronic Tools and
Data Mining (Wiley, 2013). To learn more, I
spoke recently with Fasano. The following is
an edited version of our conversation.
by Patricia Brown
15SPRING/SUMMER 2013 | CSC WORLD
Your job as a CIO must keep you extremely busy. So why
also take the time to write a book?
Because it seemed to me that the healthcare and information
technology industries were coming together. And although
the ability to leverage information technology in healthcare
and transform the industry was beginning to happen, the
pace wasn’t — and still isn’t — sufficiently fast. One reason I
wrote the book was to instigate a conversation between the
healthcare and IT industries.
I also wanted to bring some of the venture community along.
I wanted to present venture firms with new opportunities for
investing in both health IT and other technologies that support
the healthcare industry. I saw an opportunity to show them
that they could truly make a difference in people’s lives. And
to persuade them that transforming healthcare was where
they should be spending their time and energy, and investing
Finally, it became clear to me that IT holds enormous promise
for the future of healthcare in the United States. When you
look at healthcare around the world, you realize that the United
States is not first in quality. We do not have the best healthcare
system in the world. In fact, we are No. 1 only in terms of having
the highest cost. So, there is no greater opportunity in the
world right now than being an American focused on improving
healthcare with IT.
In the foreword to your book, Dr. Jack Cochran writes that
“the power has moved to the patient.” What does that
mean for IT? And how has it affected your work at
As health IT begins to alter the healthcare landscape, the
consumer is increasingly in charge. Consumers have the
ability to do everything — from deciding which health plans
and systems they want to be part of, to making it clear to the
health system and their physicians and other clinicians how
they want to be interacted with.
We already see this in other industries. For example, your bank
lets you set your personal preferences for online banking.
Elsewhere, you can indicate whether you’d like people to reach
you by phone or by email. But in healthcare, if you want your
physician to email you, that’s still seen as innovative.
At Kaiser Permanente, that’s become a foundational part of
how we operate. The power is tremendous, mainly because so
many of our members are taking advantage of it.
I also see this on the more individual level. Just the other night,
I met a doctor who is a user of Fitbit [an app that tracks the
user’s steps and calories burned], and he proudly told me that
he had recently walked more than 20,000 steps in a single day.
He was really proud of himself. So technology can also be a
motivating factor, enhancing people’s ability to stay healthy.
Before coming to healthcare, you worked in financial
services. What are some of the key differences between
these two industries?
In healthcare, the stakes are so much higher. We’re talking
about people’s lives, whether it’s a life-critical event or
simply improving people’s lives. When I worked in financial
services, everything was focused on improving the bottom
line and increasing our profit. Whether it was making a
process more efficient or enhancing a service, that’s what
it all came down to. But in healthcare, we’re here to make
people’s lives better.
Kaiser Permanente is a not-for-profit organization. So while
we do make money, we reinvest it, largely in capabilities
that better serve our members. It gives us the freedom to
invest for the long term, and to do the right thing for our
patients and members. It’s a wonderful thing, and I say
The U.S. government is mandating compliance with
electronic health records (EHRs) by next year. But in your
book, you point out that many healthcare organizations
are also moving toward electronic medical records (EMRs).
What’s the difference, and why does it matter?
EMR is a record of a patient’s basic medical reports. It’s
essentially a foundational tool that will help us to reach the
next level of healthcare.
EHR, by contrast, is a more comprehensive record of your
health; it includes EMR, but also more. If you had a lab test
this afternoon, that’s in your EHR. If you ever visited a hospital
emergency room, that’s in your EHR, too.
Through several initiatives, the U.S. government is supporting
the implementation of EMRs across the country. The next
step will be expanding them into fully functional EHRs. But
in my opinion, even that will not go far enough. To produce
the outcomes our country can be proud of, we in the United
States should have the best health system in the world. To
achieve that, we will need to connect the EMR and the EHR
systems across the country, much as the banking system
was connected years ago. Today, you can use your bank
card to withdraw cash from nearly any bank. Similarly, if I’m
with my physician, having my EMR should be my right, not
just a privilege.
To get there, we’re going to have to implement EMRs, expand
their use until they are EHRs, and then connect them nationally
so that all EHRs in the country are seamlessly connected for the
benefit of our citizens.
16 CSC WORLD | SPRING/SUMMER 2013
But what about industry resistance? Some physicians,
healthcare providers, insurers and others are opposed to
these and other IT enhancements.
Well, if it were easy, everybody would have done it already!
Seriously, about half the physicians in the country already have
EMRs, and a smaller share of hospitals do, too. So everyone
is moving in this direction; most of the industry is now
implementing these systems.
That said, no matter the industry, any disruption involves a
change, and any change is challenging. Change requires people
to relearn how they do things. Some physicians view change as
lost productivity, so it becomes a barrier to progress. To these
doctors I would say, the payoff will greatly outweigh the loss in
productivity. As for that productivity loss, it is only temporary.
At Kaiser Permanente, we’ve had to go through this, too. For
example, we had to help some of our physicians with additional
training. But now, some 17,000 of our physicians have made
the transition to electronic records. I’m sure that if you got any
of them on the phone, they’d tell you that they’re never going
back. The benefits are that remarkable. Now they have a full
view of their patients’ histories, they are completely informed,
and they can practice medicine to the best of their abilities.
How about security? What’s being done to protect our
healthcare information from thieves and other bad guys?
Healthcare systems are life-critical, so that means two things.
One, they have to be always on, always available. And two,
there’s an embedded promise to our patients that we’re going
to protect their personal information.
If someone steals your credit card information, you just get
a new card with a new number. But if someone steals your
healthcare information, that’s forever.
Of course, there are legal reasons for protecting security,
such as HIPAA and other state and national laws. But there
are ethical reasons, too. You want to do the right thing. So to
fulfill both needs, the industry needs to invest in a security
infrastructure that will make sure our data at rest is protected,
and our data in motion is encrypted.
How about healthcare and social media? How can Facebook,
Twitter and other related services help?
The healthcare industry is only beginning its adventure into
social media. People are starting to create self-selected social
networks of people who have the same disease. For example,
you might have a group of cancer patients, or a group of those
with heart conditions. These people can form social circles
that reinforce the positive things they can do to enhance their
health and wellness. The industry is just starting to embrace
those capabilities, but the potential is quite significant.
Patricia Brown is director of digital content strategy
Learn more at
16 CSC WORLD | SPRING/SUMMER 2013
17SPRING/SUMMER 2013 | CSC WORLD
The practice of medicine is changing, propelled largely
by new models of care. These models replace the
age-old practice of “going to the doctor” by bringing the
doctor — and other healthcare providers — to the
patient. And they do so with IT networks and systems.
Several factors are driving this transformation.
For one, the nature of disease has changed in the
Western world; many people now suffer from chronic
diseases. Fortunately, most chronic diseases are not
life-threatening, but we have to live with them every
day. For another, we’re seeing profound demographic
changes as life spans increase. As a result, we’re living
with diseases longer, and we’re vulnerable to a new
range of neurodegenerative ailments that didn’t affect
our shorter-lived ancestors.
Another factor is patient preference. People have grown
tired of the long waits common today, and they’re ready
to try new forms of interacting with medics. Yet another
factor is economics. In nearly every Western country, no
matter its healthcare economic model, costs are rising
so fast, they’re becoming unsustainable.
Taken together, these factors have created a moment
that’s ripe for change. And change is upon us, in the
form of three new models of care:
Telemedicine connects physicians and patients with
high-speed videoconferencing. This is especially helpful
for patients who live in remote areas, far from major
healthcare centers. It’s also useful for patients for whom
public transport or driving would be difficult or dangerous.
Telehealth equips patients with portable devices that
monitor their vital signs, then streams that information to
healthcare providers for monitoring. This service can be
supplemented by telephone coaching and support, and
by clinician visits to the patient’s home.
Telecare uses assisted-living technologies that alert
care-givers when there may be a patient issue. For
example, digital sensors could alert family members
whenever the patient’s house lights have been off for
by Lisa Pettigrew Blended models
These three new models of care are often
blended. This lets patients receive care from not
only their physicians, but also nurses, therapists
and other healthcare clinicians. Using these new
teleservices, patients can better understand their
treatments, monitor their medication use, get
answers to questions, and receive assistance in
navigating the system.
These new models of care deliver other benefits,
too. They help people living with chronic diseases
stay on the favorable end of the wellness–sickness
spectrum. IT-powered healthcare means more
illnesses can be managed and treated while the
patient remains at home. This also can prevent
patients from ending up in the hospital, where
they could be exposed to infections, viruses and
The new healthcare models also improve quality
of life. Those with the appropriate capabilities,
interest and social conditions can be helped to
take greater control of their medical conditions,
save time and, in many instances, stay employed
and in their communities.
CSC’s solutions empower healthcare organizations
to offer their services in new ways — and they do
so cost-effectively through innovative commercial
models that are attractive to both payers and
providers. Our 8,000 healthcare executives
work across 30 countries, managing solutions
that support more than 100 million electronic
health records. We create solutions that help
healthcare organizations mature from point-to-
point telemedicine to networked models; these
incorporate information from all consultations
into the patient’s healthcare record, making it
accessible to other clinicians.
Also, CSC’s cloud and enterprise architecture
capabilities underpin our solutions. And
our analytics capabilities enable healthcare
organizations to analyze trends for individuals and
populations, learning which services are needed,
where and when.
Lisa Pettigrew is the industry general manager for
Global Healthcare at CSC.
and Telecare: Delivering
Healthcare Directly to
Learn more at
18 CSC WORLD | SPRING/SUMMER 2013
Medical Device Firm
Grows Better Data With
Data is the lifeblood of any business. In sales, access to high-quality information is crucial to
closing deals. For global enterprises, however, the challenges of providing consistent data and
real-time access to it can be daunting.
by Jenny Mangelsdorf
In the biotech field, innovative companies that use technology
to create life-saving medical implants and devices also need
constant innovation for their critical back-end sales and
marketing processes to stay competitive.
That’s why Biomet Microfixation, an innovator in the medical
industry, chose enterprise cloud applications by Salesforce.com.
Since 2011, Microfixation has used the applications to power its
service and marketing organization. Recently, the company wanted
to improve its ability to generate real-time, accurate data and build
a stronger Salesforce foundation that it can leverage in the future.
Real-time data and analytics
CSC provided consulting, systems integration, and data
architecture and modeling services. A key goal was to give
Microfixation’s sales organization and upper management real-
time data and analytics, such as sales trends related to budgets,
forecasts and quotas.
“Our sales force was consistently requesting real-time data,” says
Kirk Brennan, Biomet Microfixation controller. “That fundamental
information wasn’t available in our existing reporting structure.
Today, users know they can rely on the accuracy of the data
being presented whenever they log in to the system.”
To ensure that Microfixation would have the talent it needed for
the Salesforce.com project, the medical innovator first looked at
“We actually interviewed several consultants for a partnership to
implement Salesforce and selected CSC because of the depth of its
technical talent — both the scope of team members the company
has globally and its technical competency,” Brennan says.
CSC has deep Salesforce.com expertise, including with the
application’s foundational aspects, overall architecture and the
operation of its data model. These skills were essential when
helping Microfixation improve its data integration processes.
For example, in the past, making minor changes to the integration
process between Salesforce and Microfixation’s back-office
system took a great deal of work. Now, adding fields and
migrating new data takes only a few minutes.
“A lot of the integration we performed was very complex,” says Jeff
Selander, CSC’s North American Salesforce.com Practice director.
“Through the integration and data model work we did, we’ve now
positioned Microfixation in a place where they can begin to realize
the real return on investment that’s embedded in Saleforce.com.”
Before CSC began the
Salesforce project, when the
sales team needed data, the
team members would have to scroll
through page after page of numbers, with
subjects such as accounts, territory and region
each having more than 150 fields. CSC has created
custom visual pages that collapse lengthy data into a
single view that shows salespeople the financial details they
need. Because of custom visualization work like this, 90% of
Microfixation’s salespeople now report that the system is easy
to use — compared to 30% who thought so earlier.
“They really like this capability, because instead of scrolling
and scrolling through numbers, they can open an account and
instantly see sales numbers in a way they want to see them,”
says Selander. “It also performs a lot of the calculations they
want that the standard Salesforce.com application wouldn’t
let them do.”
Automating data entry
CSC also provided systems integration services — transforming,
for example, what was previously a manual process to upload
data. Now Microfixation can automatically upload data covering
the complete sales cycle, from the moment contact is made to
the time a product is delivered to a customer.
18 CSC WORLD | SPRING/SUMMER 2013
19SPRING/SUMMER 2013 | CSC WORLD
Before the process was automated, data was uploaded daily.
Today incremental data loads run hourly, with full loads consisting
of a million rows of data running every three hours. By automating
the data-transfer processes, Microfixation has been able to reduce
the opportunity for potential errors and reassign IT staff to
strategic projects. The sales team’s Salesforce adoption rate has
also increased from 40% to 85%.
In the past, Microfixation had to wait and process its full data
loads during the weekend. Now, the medical innovator can
process data whenever it wants without affecting user groups; if
needed, it can even speed the hourly load processing to run every
Salesforce.com has also enabled Microfixation’s sales to become
more mobile. Previously, the sales team, which serves clients
throughout the world, had to rely on PC-based email for data.
With Salesforce, Microfixation’s staff can access data on tablets
Microfixation aims to drive innovation in the medical industry,
and is committed to its customers — a trait shared by CSC. “We
want to make sure our customers have a solid understanding
of the systems we’ve worked on before we leave so they can
continue to excel going forward,” says Selander. “When
a customer wants to take on the next set of complicated,
intricate issues that require multiple disciplines,
CSC will be ready to assist again.”
“CSC very explicitly stated when we started this project that they
prided themselves on transferring that knowledge,” says Brennan.
“Our IT department has shown a significant increase in its ability
to support our users’ needs.”
Besides transferring technical knowledge and developing a stable,
custom Salesforce.com foundation, Microfixation also looked to
CSC to provide consulting services and build a roadmap that the
company could follow beyond the current project.
“That vision that CSC helped provide was a big reason why we
partnered with the company,” says Brennan.
Through laying this new foundation and building a roadmap,
Microfixation can take Saleforce.com to the next level, and
gain an even greater return on its investment by leveraging
capabilities embedded in the application, such as opportunity
management, campaigning, marketing and inventory control.
“This foundation will allow Microfixation
[to accomplish] really game-changing
sales and marketing innovations in the
future,” says Selander. “Already they can do
a whole lot more, and later they’ll be able to
leverage this platform for advances they’re not
even contemplating yet.”
Jenny Mangelsdorf is a writer for CSC’s digital
Client: Biomet Microfixation
• Provide sales team with convenient and current data
• Give upper management and key stakeholders accurate
• Offer international sales team a real-time mobile
• Deep Salesforce.com expertise
• Dedicated systems integration and consulting experts
• Proven data modeling and architecture services
• A stable Salesforce.com foundation and roadmap
for future innovation
• System scalability increased from 40% to 80%
• User adoption increased from 40% to 85%
• Real-time accurate sales data available on PCs
and mobile devices
• Automated data transfer, reducing potential errors
and relieving personnel for strategic activities
Learn more at
20 CSC WORLD | SPRING/SUMMER 2013
What’s more, FATCA — the Foreign Account Tax Compliance
Act — may be just the tip of the iceberg. Governments around
the world recognize the opportunity to secure tax revenue, and
we could see FATCA-like legislation on a global scale. Financial
institutions must be ready for a wave of regulations, and that
requires having the systems and processes in place to deal
FATCA does have a tax withholding component, but it’s all
about transparency, said Rob Limerick, managing director
for global information reporting at PricewaterhouseCoopers,
in a recent online CSC Town Hall. “Its real goal is to generate
reportable information to the IRS, so that they can track U.S.
taxpayers that may have accounts overseas.”
“FATCA is really setting the trend for transparency in
global tax reporting,” said Claudia Haberland, global FATCA
program manager for financial services governance, risk and
compliance at CSC. In the Town Hall, she pointed out that
there are hundreds of related initiatives around the world. The
efforts could lead to a multinational platform where different
countries can exchange tax information.
In fact, many countries want to take a step further: to not only
exchange information, but also to help collect unpaid taxes —
which means we could see a global enforcement regime. “That
[possibility] should not be underestimated, as many countries
are in need of tax money, as we know,” Haberland said.
The U.S. government continues to look for
ways to prevent anyone from not paying
their fair share of taxes. A big piece of this
effort is FATCA, a law designed to improve
tax reporting on foreign financial assets
and offshore accounts — and the burden of
these regulations will affect every financial
by Jeff Caruso
How to respond
Financial institutions, already under pressure to comply with
recent regulations, will have to look at systems to cope with
FATCA — but will also have to look beyond.
“Don’t just look at FATCA, but look at all of the things that
are going to happen over the next couple of months,” said
Christophe Lesieur, global practice lead for financial services
governance, risk and compliance at CSC. “Anticipate those
market moves coming up on you. You can define a target
operating model — looking at business lines, looking at
business structure and so on, and then elaborate a kind of
One approach would be to use a service provider in an as-a-
service model. “For small companies to spend a whole lot of
money, time and resources and build the functionality in their
own environment may not actually be the best way,” said
Shyamal Sen, partner and global lead for financial services
consulting solutions and technologies at CSC. Meanwhile, large
companies may have the resources, but “it is about cost and it
is about time to market,” he said.
Certainly, financial institutions that can stay on top of the
regulations will have an edge — and they have to act fast, as
FATCA goes into effect on Jan. 1, 2014.
JEFF CARUSO is senior managing editor for CSC’s digital
Listen to the full 60-minute recorded
Town Hall and a 5-minute sound bites
The GATE Way
To help financial institutions deal with FATCA in a way
that minimizes disruptions and costs, CSC offers a
comprehensive, long-term strategy through its Global
Administration of Tax Enquiries (GATE) software and
CSC GATE’s scalable enterprise tax compliance framework
provides a cost-effective way to meet FATCA regulations
and rapidly adapt to future tax requirements. Compatible
with major financial reporting platforms, the CSC GATE
rule- and process-driven software bridges silos in your
legacy estate to categorize affected customer accounts,
both existing and new, and calculate the appropriate
potential tax withholding.
It also generates reporting for governmental, internal and
customer stakeholders and is prepopulated with the rules
for FATCA compliance. Additional countries’ reciprocal
tax information exchange agreements can be added
Get more information on CSC’s FATCA-related
IT offerings: csc.com/csc_gate.
21SPRING/SUMMER 2013 | CSC WORLD
Cloud-driven change is affecting how processes are managed,
how IT investment is handled, and how costs are allocated. The
biggest changes are not those related to IT but to mind-set and
behavior. The journey to an entirely virtualized, cloud-delivered
IT environment may be long and complex, but it is possible to
monetize benefits if a cloud strategy is executed with care.
A new world of customer service
First, the cloud enables new approaches to customer service.
Banks and insurers need to become much more responsive.
The key factor is building closer customer relationships,
understanding customers more deeply and achieving maximum
value from each relationship.
Cloud is also changing the way financial services companies
approach risk management. It is no longer appropriate to
make complex risk calculations about future big bets when it
is becoming easier to try new ideas in real time, and simply go
with those that work.
Cloud can help the most in these areas:
• Rapid product development: Cloud-based test environments
can be set up in minutes, making it possible to try out
concepts at high speeds and low cost.
• Mobile and multichannel
services: Complex and real-time
services can flourish in the cloud, such as
transforming customer service environments to
• Apps stores: In a world of customer mobility, once a
virtualized service layer is embraced, it is much
easier to add components.
• Social media: This can include a peer
group review of services, leading to better-
informed customers and more proactive
relationships with them.
Banks and insurers have a wide range of
operational issues to deal with, from
capital adequacy to business continuity,
and the cloud enables a new world of
operational efficiency. By creating a
cloud-based layer on top of the
existing core infrastructure, it is
possible to move faster in creating and
implementing services, while continuing
to push down costs.
After five years of crisis, financial services
companies have become used to dealing
with a new operational reality. Major
changes are happening in client-supplier
relationships, and traditional business
models are under intense pressure as a
result of cloud-related strategies.
by Brian Wallace
Services on demand
The move to purchasing services on demand represents one
of the most important strategic changes the financial service
industry has ever seen. Yet there is one more element of change
that also plays its part in making cloud a practical tool for
achieving performance breakthroughs in banking and insurance:
Cloud can drive innovation by enabling:
• Global delivery models: Virtualized environments can be
moved quickly to delivery centers around the world, making it
easier to centralize business and gain access to the lower cost
that offshoring offers.
• Business-focused SLAs: The ability to flex and scale services
to reflect user demand enables more accurate contractual
arrangements, based on measurable results.
• Flexible payment methods: It is natural for costs to reflect
usage, leading to a move away from traditional, license fee
payments for software, as well as standard maintenance costs
• Commoditization: Profit margins are thin in many key product
areas, making it essential to find ways to reduce development
and delivery costs.
The ability to develop and deliver simple — yet
targeted — products and services to
millions of people on a semi-
automated basis is a
to a large-scale
move to the cloud
are significant and
must be dealt with in a
systematic way, but the
business advantages to
banks and insurers of embracing cloud are
HOW CLOUD IS DISRUPTING
Brian Wallace is a principal technologist in CSC’s
Financial Services group.
Learn more at
22 CSC WORLD | SPRING/SUMMER 2013
5The effective use of business intelligence (BI) can give
companies a distinct advantage over their competitors.
Delivering timely information to key decision makers can be
accomplished via the deployment of a well-designed and well-
maintained BI dashboard.
BI dashboards deliver numerous benefits to enterprises.
Companies can achieve significant cost savings by adopting
performance dashboards, because they allow for better
decision making by giving management recent or even live
information. Additionally, by consolidating disparate reports
via a BI dashboard, companies save money by reducing or
by Sanjiv Koshal
1. Customer Value
This dashboard displays the results
of data ingested by an analytic
model that assesses the value of the
customer to the company, ranked
against other customers. On this
dashboard, customers are grouped
based on income, age, product and
other segments. The analytic model
estimates a customer’s expected
value in dollars over a period of time.
2. Churn Analysis
This dashboard uses information
about customers who have already
left the company or who have
dropped services. The underlying
correlation model estimates the
probability that a customer will
churn or defect, using terms such as
attrition (leaving), renewal (staying)
and retention (retaining). Scores are
attributed to customers to rank the
need of business intervention.
3. Buying Analysis
With this analysis companies can
be guided about what products to
offer to their prospective or existing
clients, depending on the customer’s
demographics and/or existing
products owned. This dashboard’s
results are driven by a model that
features a data mining algorithm
that provides association rules to
estimate which products a customer
may purchase, given past purchases.
3 Types of BI Dashboards
23SPRING/SUMMER 2013 | CSC WORLD
Key performance indicators (KPIs) displayed on the
dashboard need to reflect strategic and tactical value
drivers. KPI selection is probably one of the most important
aspects of a dashboard build-out. KPIs should reflect the
strategic value drivers defined by the executives of the
company and should be based on corporate standards,
backed by valid, easy-to-comprehend data. KPIs are the
link between strategy, its execution and performance
management. CSC is convinced that an integrated
enterprise intelligence framework should be supported
by a well-defined set of KPIs.
An enterprise BI platform should be established
that integrates disparate data sources to achieve
consistent information. Those charged with maintaining
the dashboard should streamline the processes for
gathering and processing the data to ensure the timely
display of critical information.
Dashboards should employ a consistent user interface,
with matching color schemes and summary information
that is standardized across the enterprise. Standardization
and consistency are important for user acceptance and
the long-term sustainability of performance dashboards.
Dashboards should also be interactive and designed to
give users the ability to drill up and down, filter data and
take a guided analysis path to access detailed reports.
Dashboard designers should provide a rich visual interface
and use proper design paradigms that enhance the end-user
experience. In designing the dashboard, following the “rule
of 7” for visualization is important. Cognitive research has
shown that the average human can keep seven objects in
memory at once, so no more than seven objects should be
present on a single dashboard screen.
5Know Your Audience
The typical audience for dashboards ranges from C-level
executives to vice presidents of finance, human resources
managers, and directors in compliance and supply chain
departments. Constantly get feedback from your audience to
keep improving the quality of metrics and the presentation of
Common uses of dashboards are to manage exceptions, reduce
manual administration work, improve organizational alignment,
respond to business changes faster, and enable rapid problem
detection and escalation. A top priority is to build a dashboard
that can be leveraged by executives so they can take quick
action to achieve specific strategic goals.
Additionally, with dashboards available on mobile devices,
business executive and operations teams can improve their
decision making and productivity when working remotely, by
accessing strategic and operational information about financial
figures, customer orders and product performance, etc.
SANJIV KOSHAL is practice lead, Financial Services Big Data
and Analytics at CSC.
Learn more at
Gaining competitive advantage
Decision makers within an organization rely on BI dashboards
to make strategic and tactical decisions. Above all, it is
imperative that these dashboards provide them with timely and
reliable information. Maintaining and enhancing a BI dashboard
ensures that the decision makers can use them to make
effective decisions that translate to a company’s competitive
advantage in the marketplace.
BI dashboards have been in existence for decades, and the
recent explosion of big data and analytics has made them
more indispensable than ever. Performance dashboards are
used to synthesize information and present it in a way that
is easy to digest. When deployed properly, BI dashboards
can gauge a company’s performance and measure it against
For organizations to maximize their usefulness, BI dashboards
should include the following:
24 CSC WORLD | SPRING/SUMMER 2013
by David Moschella
Over the past 50 years, the growth of the IT industry has
been driven by the relentless rise of the “next big thing” —
mainframes, minis, PCs, LANs, Web, mobile, social, Software as
a Service, cloud and so on.
Each era has successfully established a new platform — a
combination of hardware, software and communications
that expands the foundations upon which useful information
systems can be built.
But curiously, in each era it has been the “T” in IT that has
received top billing. New technologies and the suppliers behind
them have captured most of the public’s imagination, with the
implicit assumption that the “I” would eventually come along for
the ride. It usually has.
25SPRING/SUMMER 2013 | CSC WORLD
Today, this dynamic is changing. The next big thing is now
information itself. Whether we are talking about big data,
unstructured data, open data, user-generated content, data
sciences, data at the edge, or the data-driven corporation, the
emphasis is shifting to the “I” in IT.
This isn’t just happening in business, but in areas of high societal
interest, such as the use of analytics in sports and last year’s
U.S. presidential election; the computer models that accurately
forecast Superstorm Sandy; and the role of Google in trying to
track the spread of the flu and other epidemics.
Our ability to use data to better see and understand the outside
world is now improving rapidly.
The future of data
However, in the Leading Edge Forum’s latest report, on the
evolving future of data, we found that while there is clearly
great promise in being able to use technology to identify
patterns in vast databases, track real-time conversations and
trends, deploy smart devices, and develop new data-driven
business models, not everyone is fully on board. We were struck
by the schism within today’s IT community.
The big data, open data and data science communities speak
in revolutionary — even utopian — terms about the power of
new and better information and algorithms to answer previously
unanswerable questions. Companies such as Google, Amazon,
Facebook, Netflix, Twitter, LinkedIn, Bitly, Intuit, Zillow, Kaggle
and many others have access to unprecedented amounts and
types of data that they will surely turn into important new
forms of value.
But many CIOs, well-versed in the history and challenges of
customer relationship management (CRM), data warehouses
and other business intelligence systems, tell us that long-
standing information management concerns such as integration,
architecture, governance, security and the high costs of
enterprise resource planning (ERP) are still dominant in their
firms. Interest in new data uses is typically of secondary
importance, and these areas are often led by other parts
of the firm.
Developing a balanced data perspective
Clearly, data is not the only path to business success. While
Google — with PageRank, AdWords and Trends — is a great
example of the power of new data-driven business approaches,
Apple has flourished by eschewing traditional information-
gathering practices, and relying on its own instincts, know-how
Less obviously, there are two additional patterns.
First, while there are a great many interesting new data uses
in the market, there seems to be a shortage of low-hanging
fruit — the obvious early adoption examples. Previous eras of IT
have all had core, driving applications, such as word processing,
spreadsheets, email or search. The lack of these cross-industry
applications in big data means that every firm will have to
find its own way forward. This suggests steady, but less than
Second, perhaps because of the extraordinary progress in the
Hadoop community, the IT industry may be confusing big data
with the idea that data is big. In other words, the size of the
database is often less important than the novelty of the use.
Many advanced data applications — such as location-aware
smartphone apps, linked and open data, specialized edge
devices and the “Internet of Things” — do not necessarily rely on
petabyte databases; they simply leverage data in innovative and
useful ways. Such “small data” uses typically affect customers
directly, and thus often have powerful market implications.
Organizations should seek a balanced data strategy,
experimenting with the potential of new big data systems, while
realizing that novel uses of data at the edge — what we call
small data — will often prove equally or even more important.
By taking such an approach, firms can seek to put the “I” back
into IT, and be leaders not just in technology deployment, but
in using data — big and small — to make their firm both more
competitive and better prepared for the data-driven customers,
marketplaces and organizations of the future.
David Moschella is global research director for CSC’s
Leading Edge Forum, a global research and thought leadership
This story was originally published by ComputerWeekly, on
April 22, 2013.
The IT industry may be confusing
big data with the idea that data is
big. In other words, the size of the
database is often less important
than the novelty of the use.
Download the executive summary
from our Future of Data report at
26 CSC WORLD | SPRING/SUMMER 2013
Many organizations face a dilemma: The number of cyberattacks against their IT
assets continues to grow, while their IT budgets continue to remain flat. Unable to
add significant resources to combat the attacks, they’re looking to managed security
services as a way to get more bang for their buck.
Companies in the United States lose about $114 billion a year from cybercrime — and that
number is more like $338 billion when you factor in the costs of downtime caused by
cybercrime, according to Gen. Keith Alexander, director of the National Security Agency
and commander of the U.S. Cyber Command. As reported by Foreign Policy magazine
last year, Alexander called the losses “the greatest transfer of wealth in history.”
The incidents at U.S. federal agencies are staggering. The latest figures from the U.S.
Government Accountability Office show that the number of cyber incidents reported
by those agencies has swelled from 5,503 in fiscal year 2006 to 48,562 in fiscal year
2012, a 783% increase. Of the incidents reported in 2012, 20% were related to improper
usage, 18% were malicious code, 17% involved unauthorized access, 7% consisted of
scans and probes, and the remainder were still under investigation at the time of the
March 2013 report.
Meanwhile, organizations of all kinds are facing a range of security challenges. In
a recent survey by IDG Research, 57% of IT executives named mobile clients and
unmanaged devices as one of their top security challenges for the next 12 months.
While that was the most common concern, other commonly cited challenges included
the increasing sophistication of attacks, controlling access to end-user data, and
securing virtual environments.
The Case for
by Jeff Caruso
27SPRING/SUMMER 2013 | CSC WORLD
2100%increase in reported cyberattacks
from 2009 to 2011 on companies
that manage critical infrastructure.
Those same IT executives cited budget as a key concern, with
40% saying that controlling IT security costs would be a challenge
for them over the next year. At the same time, 32% said that
their organization didn’t have the security experts or skill sets
necessary to handle security effectively.
CIOs’ IT budgets have been flat to negative since 2002,
according to Gartner. After a recent study of more than 2,000
CIOs, the research firm determined that CIO IT budgets will
likely decline slightly in 2013, with a weighted global average
decline of 0.5%.
This has forced many organizations to get creative with their
IT dollars, and in the realm of cybersecurity, this increasingly
means looking at managed security services. Providers of these
services are able to attain economies of scale and provide
better security for the same cost.
In the IDG Research survey, 67% of the IT executives cited cost
reduction as a “critical” or “very important” benefit of using a
managed security service provider (MSSP), and another 66%
said the provider could drive operational efficiency.
Interestingly, however, cost reduction wasn’t the most-cited
benefit. Instead, a full 76% thought that such a provider could
offer improved security effectiveness, and 70% cited enhanced
knowledge sharing as a critical or very important benefit.
Another 68% said the providers would give them access
to specialized skills, and 66% said they expected enhanced
In other words, the bang is at least as important as
the buck. And respondents to the IDG Research survey
acknowledged that managed security service providers
can do a lot of things better than internal security
professionals. Three-quarters of the respondents rated
their IT security organizations’ ability to secure the
perimeter as excellent or good, but only about half
would say the same about their ability to maintain
real-time awareness of the changing threat landscape
or to correlate security events in real time to
As a result, about 30% of the respondents said
they would be likely to start using a managed
security provider within the next year. About
9% already do. As IT security continues to be a
high priority for all organizations, the appeal of
managed security services is bound to remain
high as well.
JEFF CARUSO is senior managing editor
for CSC’s digital marketing team.
OF RESPONDENTS CITED
57%MOBILE CLIENTS AND UNMANAGED DEVICES
AS THE TOP I.T. SECURITY CHALLENGE.
1/3OF RESPONDENTS THINK THEY ARE
LIKELY TO START USING AN MSSP
E MSSPS PROVIDE THESE VERY IMPORTANT OR CR
REspondents believe managed security
services providers provide these very
important or Critical benefits:
Learn more at
28 CSC WORLD | SPRING/SUMMER 2013
Until recently, when thinking about cybersecurity, nations primarily worried
about theft — of data, identities and knowledge. Today, official concern has
broadened as hackers increasingly attempt to disrupt and destroy critical
infrastructure and foreign governments consider how cyberattacks can
be used as part of their integrated approach to exercising power.
In February, President Barack Obama issued an Executive Order and
Presidential Policy Directive aimed at reducing the risk of cyberattacks
on U.S. critical infrastructure. Although the public and private sectors
have been working in recent years to strengthen cybersecurity, protecting
today’s Internet-enabled and increasingly connected infrastructure and IT
systems involves more than one entity, agency or organization.
The President’s Order and Directive, which aim to improve system and network
security and resiliency, encourages greater public-private collaboration. They also
include deliverables and possible regulatory actions that, most importantly,
apply to numerous private industry sectors that own and operate critical
While the Order and Directive are linked in goals, each
is different, and it’s important to understand how each
affects owners and operators of critical infrastructure, as
well as federal agencies.
The Order directs increased federal distribution of
cyberthreat information and the development of a
Cybersecurity Framework that can be used to reduce
cyber risks to critical infrastructure. The Order
also mandates a review of existing regulation to
determine what gaps, if any, exist, and what must
be done to create useful standards to safeguard
the cybersecurity of critical infrastructure.
The Directive, which updates the previous
Directive issued in 2003, establishes national
policy on critical infrastructure security,
expanding the previous policy’s definition
of threats from solely physical to include
Mandateby Samuel Visner
29SPRING/SUMMER 2013 | CSC WORLD
Identifying critical sectors
Because the Directive expands the definition of hazards, a
number of initiatives will be updated. For example, the National
Infrastructure Protection Plan Partnership Model, which
describes critical infrastructure sectors and accompanying
federal sector-specific agencies, is evaluating the existing
partnership model to determine if it needs to be changed.
The Directive has already identified 16 critical sectors and
designated associated federal sector specific agencies for each
of the sectors. These sectors themselves are broad and include:
Chemical, Communications, Critical Manufacturing, Dams,
Defense Industrial Base, Emergency Services, Energy, Financial
Services, Food and Agriculture, Human Services, Healthcare
and Public Health, Information Technology, Nuclear Reactors,
Materials and Waste, Transportation Systems, and Water and
Wastewater Systems. Owners and operators will be notified if
they have been designated as part of the critical list and, for
the first time, will have an opportunity to say if they think that
decision is incorrect.
Under the Directive, the Secretary of Homeland Security will lead
the identification effort and work with owners and operators
in regards to significant cyber or physical incidents. The
Directive has three strategic goals aimed at improving functional
relationships, information exchange and operations decisions.
A guide to managing risk
As the Secretary of Homeland Security focuses on the
Directive, through the Executive Order, the National Institute
of Standards and Technology is coordinating development of
the Cybersecurity Framework. The final product, which is due
no later than Feb. 12, 2014, will include a collection of standards
and processes, and advice on how to use them in different
circumstances, to help operators and owners better manage risk.
Building secure ecosystems that go all the way from the mobile
device in someone’s pocket to the programmable logical device
that’s embedded in a power plant turbine, pipeline or air traffic
control system is the next big challenge. The Cybersecurity
Framework may be the launching point for meeting that
challenge and the development of really secure architectures.
Besides the Framework, the Order and Directive’s deliverables
range from instructions to produce timely cyberthreat reports
to reports on whether agencies have the authority to establish
requirements based on the Framework. As CSC leaders
provide input to the Framework’s development, we expect to
understand who will be impacted, and how, so we can help our
clients apply cybersecurity requirements that flow to them.
Incentives and mandates
Under the Order, the Secretary of Homeland Security, along
with sector-specific agencies, will establish a voluntary
program for critical infrastructure owners and operators to
adopt the Framework. The Secretary will also coordinate the
establishment of a set of incentives to promote participation.
Agencies clearly anticipate wide adoption of the Framework
and, as the Order talks about the possibility of further
regulatory actions, the various critical infrastructure sectors are
For owners and operators of critical infrastructure, and the
organizations that work with them, the Executive Order and
Presidential Policy Directive’s deliverables may affect their
industry or organization’s operations.
The clock has started; agencies are already engaged, working with
their sectors, and some deliverables will be due soon. The preliminary
version of the Cybersecurity Framework is due by October; the list of
“Critical Infrastructure at Greatest Risk” is due by July.
Organizations should pay attention to these deadlines so they
can prepare for new requirements and potential associated
adoption costs, and can take advantage of more accessible
threat information and new tools in the Framework to
strengthen their infrastructure.
They should also look for advice from cyber experts, like
CSC, that have deep legacies in public-private partnerships
and are involved in helping develop the new Cybersecurity
Framework. Organizations should look closely at the various
industrial control and related systems used to manage the
infrastructures they own and operate; some of these are
legacy systems designed before today’s more challenging
cybersecurity environment. They should consider what
enterprise-level strategies and approaches they need to meet
these cybersecurity challenges.
Through our long history of securing many of the world’s most
important systems, we have insight into what works and what
doesn’t. We have devoted our own R&D resources to deal
with weapons-grade threats against which most commercial
cybersecurity technology is largely ineffective. We also know
more than most about the IT that’s used in public and private
sectors, ranging all the way into industrial control and SCADA
systems, and the threats to both.
Just as NIST is looking to the private sector to help develop
the new Framework, organizations are increasingly turning
to trusted partners for cybersecurity support, evidenced
by surveys, such as ASDReports, which says the global
cybersecurity market will be worth more than $68 billion this
year. Today, no one can safeguard their operations entirely on
their own and organizations need to begin aligning themselves
with partners who can help address current and future
challenges and build resiliency.
Samuel Visner is vice president and general manager,
cybersecurity, at CSC.
Download the Executive Order and Presidential Policy
Directive white paper at csc.com/executive_order.
Learn more about cyber threats and protection at
30 CSC WORLD | SPRING/SUMMER 2013
From public to private to community,
clouds come in different shapes and sizes.
Lately, many organizations are turning to
hybrid solutions that can be tailored to
meet the needs of any enterprise.
Hybrid clouds give organizations the
opportunity to meet unique requirements.
Start with the privacy and security of a
private cloud, which offers a dedicated
compute environment for a single
organization. Next, add the massive
scalability of a public cloud, where the
infrastructure is leveraged across many
TO BELIEVE IN
3by Jim Battey
31SPRING/SUMMER 2013 | CSC WORLD
The resulting mixture gives you a hybrid solution that is quickly
becoming the most popular cloud option among enterprises.
Recently added to the mix is the hybrid infrastructure model, in
which organizations can integrate legacy infrastructure with a
Without question, use of a hybrid cloud approach is growing.
As enterprises rapidly move to cloud-based delivery, they are
seeing success with integrated cloud services arrangements.
“Most of our customers are using either a hybrid cloud
deployment or a hybrid infrastructure deployment,” says Hugh
Brooks, director of cloud product development at CSC.
Brooks cautions that when adopting a hybrid solution, one of
the most critical concerns is to ensure smooth interoperability
among cloud models. “CSC uses the same architecture, offers
the same management services and rate-card structure across
our public, virtual private and private cloud deployment
models, which simplifies the management of a hybrid cloud
infrastructure,” he says. “You have consistency across the
public and private clouds, and the two clouds work in tandem
with each other.”
The hybrid model lets enterprises keep highly sensitive
information in an environment totally dedicated to their
use while allowing them to take advantage of the flexibility
and scalability of the public cloud. Here are three reasons
enterprises should consider deploying a hybrid model:
Increased Flexibility. Companies are using hybrid
models to meet application needs and provide flexibility
in a cost-effective manner.
For example, an enterprise may have a database that
needs to stay on a physical server, either because the database
itself cannot be virtualized or due to privacy/security concerns.
A hybrid approach lets the enterprise keep the database in a
private or virtual private cloud, while the external-facing Web-
tier applications exist in a public cloud environment.
Greater Scalability. If enterprises have assets in
the private cloud, they want to be able to extend,
or “burst,” capacity when they have very high
demand or need larger compute capability to take
advantage of big data analytics.
Gabe Kazarian, global product manager for CSC, explains,
“When you have workloads that are very volatile, meaning
that you have spikes and demands and the spikes may not be
forecast readily, you want to make sure you have access to
additional compute resources and the ability to burst into a
Multiple Environments. A hybrid cloud environment
allows enterprises to use a public cloud for tasks
such as development, testing and staging, and then
once applications are ready to go into production,
they can move their highly sensitive production applications to
a private or virtual private cloud environment.
“For security and privacy reasons, some enterprises want
to retain their mission-critical production application in a
private cloud environment. But they may choose to do their
development, quality assurance testing and their staging in a
public cloud,” Kazarian says.
One of the biggest benefits of an effective hybrid cloud service
model is that companies pay only for the compute resources
they need. Through flexible offerings such as CSC’s BizCloudTM
enterprises can gain access to the performance, reliability and
cost benefits of private cloud services without the associated
risk, expense and time to build their own private cloud solution.
Riding the hybrid WAVETM
A good example of a company deploying a hybrid solution
is H. D. Smith, a leading distributor of healthcare products
(see column on p. 44). The Springfield, Ill.-based company
wanted to transform its data center to support its larger
growth strategy, so it turned to CSC to help move its IT
infrastructure into the cloud.
David Guzmán, H. D. Smith’s CIO, says, “If some of your
applications are not cloud-ready, then you need a provider that
can do both the traditional kind of outsourcing, the dedicated
environment, and has the cloud environment and the ability to
migrate between the two.”
H. D. Smith is deploying an off-premises cloud and hosting
managed service that can support the migration of email,
e-commerce and other x86 workloads and applications, as well as
SAP from an AS/400 platform to an enterprise cloud. “Running
a data center is not really our core business, and when you look
at the cloud technologies that are out there, there are compelling
economics around [them], but also compelling capabilities,”
By going hybrid, H. D. Smith is refreshing its aging infrastructure
while moving to an OPEX-based IT service-delivery model. The
migration is taking place in phases, using the WAVE approach
offered as part of the CSC Enterprise Cloud. CSC is providing
hosting for the company’s legacy applications that will not be
migrated to the cloud in the first wave.
“With cloud and CSC, we will have the scale and agility to
support thousands, maybe tens of thousands, of customers
and suppliers,” Guzmán adds. “Cloud gives us this perfect
scalability to add resources when we need them.”
Jim Battey is a writer for CSC’s digital marketing team.
Learn more at
32 CSC WORLD | SPRING/SUMMER 2013
Cloud computing has become a key
part of an IT leader’s toolkit. Many
organizations use cloud as their
deployment and management platform
of choice for managing the challenges of
growth or consolidation, implementing
business process and application
modernization, launching initiatives to
improve workplace productivity and
gaining operational efficiencies.
Clouds Ruleby Hugh Brooks
33SPRING/SUMMER 2013 | CSC WORLD
Get Started with Cloud
CSC has a large, active network of cloud data centers around
the world. We work with companies and agencies to assess and
prioritize workloads and applications that can be transformed
and modernized for the cloud. Enhancing CSC Cloud Services
is a very complete service offering for refactoring, rewriting and
developing new applications for cloud. CSC offers organizations
a simple way to visualize and organize their move to the cloud.
These business goals present a diverse set of challenges, and
organizations need to identify and align the best cloud model for
their workloads and applications — especially if they intend to
move mission-critical infrastructure and applications to the cloud.
Security, data protection and governance are critical factors in
selecting a cloud provider, and they are also the most often-cited
barriers to cloud adoption. The risk profile of the applications
and workloads moving to cloud must be considered when
selecting the right cloud deployment model and cloud provider.
Low-cost public clouds might be the right choice for the short
term or temporary use of IT resources, where uptime and security
are of lesser concern, but the workloads and applications of most
organizations require an enterprise-class cloud.
As a result, many organizations — from global enterprises to
small businesses — are now deploying and running production
applications, and in some cases their entire business, on
Research firm Gartner reports that cost reductions in IT, the out-
sourcing of capabilities, and a push for more efficiency and agility
have led IT organizations to seek options to supplement current
legacy deployments. Gartner reports that IT organizations will
be using cloud as a means to essentially replicate or replace their
data center. 1
The business case for cloud
As part of this strategic move to enterprise-grade cloud
architectures, IT organizations are building their business
case both to justify the cost of such a move and highlight the
model’s recurring and long-term business value. Building such
a case involves four dimensions:
• Economic and financial validation. Enterprise-grade cloud
computing shifts the financial model from capital expenses
to operating expenses, dramatically reducing in-house
infrastructure spending. It may also save on maintenance
costs, while providing a predictable cost structure. Cloud
economics shouldn’t be reserved for public cloud — look
for cloud providers that bring cloud economics to private
cloud as well.
• Risk mitigation. Working with a proven service provider
of enterprise-grade cloud solutions allows an organization
to leverage the provider’s deep experience and expertise,
and ensures ongoing security and compliance. Competitive
threats, shifting economic climates and unpredictable market
opportunities present challenges. The best way to mitigate the
risk associated with these challenges is to have the ability to
act and respond quickly.
• Staff resource utilization. Working with an enterprise-grade
cloud service provider essentially frees internal IT staff
members from routine, day-to-day management, monitoring
and problem remediation so they can focus on enabling
new applications and strategic initiatives. Reduction in cycle
time for IT resource deployment and provisioning should be
recognized as both a cost savings and an opportunity with an
implementation of an enterprise cloud infrastructure.
• End-user experience. Swift, expert onboarding of new users
is critical to helping an organization become more efficient
and better leverage its existing IT resources. Robust, high-
performance and resilient enterprise-grade clouds ensure
that end users can access data, applications and services in
a timely manner. Many users are no longer tethered to the
enterprise — they are remote and moving. The enterprise
cloud provides safe and secure access to enterprise data for
such a dynamic group of mobile workers.
Smart organizations plan their migration to the cloud based
on factors such as workloads, governance policies, legacy
system complexity, the ability to integrate with enterprise
service management, and financial considerations.
With budgets and other internal resources tight, many
organizations are taking a deliberate, iterative approach to
cloud migration, beginning with relatively simple deployments
to gain cloud experience and then using their cost savings to
fund more ambitious programs.
An experienced enterprise-grade cloud service provider can
help organizations visualize the staging of their workloads
to the cloud. While few debate the cloud alternative, there is
much to consider when deciding which applications are “born
for the cloud,” which are “fit for the cloud,” and how migrating
workloads and applications will create top-line and bottom-
“Predicts 2013: Cloud Computing Becomes an Integral Part of IT,”
Gartner, December 2012
Hugh Brooks is director of cloud offerings and
management at CSC.
Learn more at
34 CSC WORLD | SPRING/SUMMER 2013
Now it’s widely assumed that the next technology to be
“consumerized” will be cloud services. Many industry analysts
now forecast that the consumer cloud — the kind of popular,
low-cost service offered by Amazon, Rackspace and others —
will be to cloud services what the iPhone was to mobile devices.
I disagree. Instead, I believe that the preferred option for many
businesses will be what we at CSC call the “enterprise cloud.”
Why? Five main reasons:
1. Tailoring: While approximately 80% of all customer solutions
in the cloud are fairly standard in terms of their infrastructures,
rate cards and the like, about 20% are not. For these nonstandard
workloads and applications, tailoring is needed — a kind of
tailoring that consumer cloud services simply don’t offer. This
tailoring includes security and data protection, regulatory
compliance, even the ability to optimize applications for the cloud.
2. Cloud access: Today’s consumer cloud services connect
with customers using the most common method, namely,
the public Internet. For workloads and applications that are
neither critical nor sensitive, that’s usually fine. But what if
a company has workloads and applications that are critical,
sensitive or some combination of both? What’s needed
then is an approach that both insulates and manages
access to the cloud, much like the current management
of enterprise networks.
3. Service availability: Not every workload or application
requires the same level of service. A highly critical application
might require recovery after a power outage or natural
disaster in just minutes or hours. Yet for other, less-critical
applications, it might suffice to recover in a matter of days.
Today, consumer cloud services do not allow customers to
make this type of application-by-application, or workload-
by-workload, distinction. Instead, it’s one size fits all. But the
enterprise cloud does let IT managers select the best service
for a particular application. In the process, the enterprise cloud
also helps CIOs control costs. IT managers can balance their
need for high levels of service availability (which are naturally
more expensive) against their desire for cost control.
4. OS and application consolidation: As a result of mergers and
acquisitions, many enterprises now run some applications, such
as ERP and email, in multiple versions, often on multiple operating
systems — including legacy systems that are both outdated and
unsupported. Managing this technology mélange is not only
complicated, but also expensive. Ideally, before an enterprise
moves such applications to the cloud, it will consolidate the
multiple versions into just one that runs on an OS that is current
and cloud-supported. Consumer cloud services do not help with
this important migration; enterprise cloud services do.
5. Partner benefits: As no cloud is an island, all cloud providers
must partner with hardware, software and network providers. But
while consumer cloud providers compete largely by offering the
lowest possible price, enterprise cloud providers do so by offering
the best possible service. Which would you guess offers the latest,
best-of-breed technology? For consumer cloud providers, that
approach simply doesn’t pay. Meanwhile, in the enterprise cloud,
many providers refresh technology on a 24-month cycle. Given
today’s five- and seven-year depreciation schedules, that’s far
quicker than the typical enterprise can manage on its own.
To be clear, consumer cloud services from Amazon, Rackspace
and the like are not going away anytime soon. But neither are
these services poised to become the enterprise’s next iPhone.
The consumerization of IT has its limits. Where the consumer
cloud ends, the enterprise cloud is just getting started.
Siki Giunta is vice president and general manager of
cloud computing at CSC.
Consumerization of IT is sweeping the enterprise. Personal smartphones, tablets,
laptops, social media and more are stealthily infiltrating companies worldwide.
Learn more at csc.com/cloud.
by Siki Giunta
The biggest returns come from an enterprise
cloud. A cloud that’s always on. A cloud where
you feel safe and secure. A cloud that’s easy to
manage, with total transparency into performance,
availability and usage.
What are you waiting for?
Your private cloud is ready to deliver.
Learn more at csc.com/enterprise_cloud.
CSC Enterprise Cloud:
Simple to Start, Easy to Grow
36 CSC WORLD | SPRING/SUMMER 2013
The car of the future depicted in the cartoon series “The Jetsons”
was a levitating capsule that flitted through the air, dropped
George Jetson at the office and folded up into a briefcase.
While flying cars may still be out of reach, the adoption of cloud
computing, mobile broadband, location-awareness and big data
technologies is bringing the Jetsonian view of the automobile
closer to reality.
Automotive firms worldwide will roll out more than 80 million
vehicles in 2013. And they’re already gearing up for the day in
the not-too-distant future when vehicles will access numerous
external, largely cloud-based services.
Future innovations include location-based services (your car
warns you that your fuel is low and finds the nearest service
station with the lowest prices), as well as urban-area wireless
traffic networks (external controls regulate your car’s speed and
distance between vehicles to avoid accidents and traffic jams).
“Automotive companies have to meet customers’ needs before
they even know they have those needs,” says Eileen Sweeney,
vice president and general manager of CSC’s Manufacturing
group. “They’re doing this with sensors, embedded software
and integrated networks to improve safety and the overall
driving experience. Cloud computing will play a key role in every
aspect of the industry — from collaborative design tools, to
supply chain systems, to sales and service programs.”
There are many good reasons for the automotive industry to go
driving in the cloud. Automakers are looking for ways to drive
down costs, and IT applications and infrastructure costs are
prime targets as companies compete in a rapidly globalizing
market (car and truck sales in China surpassed U.S. sales in
2009; Chinese production is expected to eclipse European and
Russian totals in 2013).
Mobile, location-aware hardware and embedded software are
part of the rolling showcase of technologies available in new
vehicles, called Car IT.
Car IT and cybersecurity
Car IT includes all of the embedded systems that control the
engine, drivetrain, climate control, mobile communication,
entertainment systems, diagnostics, locking and security. It also
includes the electronic devices brought to the vehicle by its
driver and passengers.
All of these software-based systems require the same type
of support and raise the same issues as an IT infrastructure —
adherence to development and testing standards, updates and
patches, security and privacy issues.
In this environment, the security of a car’s IT systems is critical.
Think of the potential impact on an automaker’s brand if car thieves
or other malicious individuals hacked into car systems to defeat
alarm systems and unlock doors or steal personal information.
by Berthold Puchta
in the Cloud
37SPRING/SUMMER 2013 | CSC WORLD
“When you’re designing systems for a vehicle, you’re outside
of your company’s firewall and infrastructure, so you’ve got to
treat those systems like a mobile network and make them self-
defendable,” says Jeff Fawcett, a lead cybersecurity consultant
for CSC. “It really begins with a security framework that’s
trusted, integrated and efficient — then you can add all of the
gadgets you want.”
A brave new (location-aware) world
Emerging location-based services enable drivers to share their
location with preferred companies in exchange for discounts (as
you drive into the mall parking lot, your favorite shoe boutique gives
you an electronic coupon valid for 50% off for the next 2 hours).
“It adds a new level of convenience,” notes Christian Kloeppel,
head of CSC’s Mobile Business Center of Excellence. “If my car
breaks down and I need a ride, all I have to do is call my friend
and his car would choose the fastest route to my phone.”
Such services also raise questions about information privacy.
Who has access to that information? How is it being used?
Apple Computer, for example, recently disclosed that it archives
the millions of recorded requests for directions and phone
numbers made to its Siri voice-activated iPhone assistant. Apple
keeps the digitized recordings for 2 years but said it has no
plans to use or sell them.
“Many people spend more time with their mobile devices and
cars than with their families,” Kloeppel jokes. “A smartphone
is often someone’s most personal possession, and now we’ve
combined it with the car.”
Safety and autonomous driving
Technology is transforming the car into an aware, actively
engaged peer in the driving process. For example, Google’s
fleet of experimental driverless cars, fitted with costly range-
finding lasers, has already covered more than 300,000 miles
(500,000 km) without an accident.
While Google has no immediate plans to commercialize its
driverless car, automakers are already introducing drive-assist
technologies into the safety systems of luxury-class models
to monitor driver attentiveness, lane control and potential
collisions. Hands-free parking assistance is helping owners save
lives and avoid fender benders.
What’s the next step in autonomous driving? Cars may relay
information about road conditions to the vehicles behind them.
A skid on icy pavement or sudden braking ahead could warn
other motorists — even those driving other vehicle models.
Social media and sales acceleration
When it comes to selling vehicles, automakers rely on thousands
of dealerships around the world to be the brand’s face to the
customer. It’s worked that way for more than a century (the
first independent car dealer opened in Detroit in 1896), but car
manufacturers are now focusing on ways to get closer to the
consumer to drive sales of vehicles, parts and services.
Tour the new lifecycle
of the automobile at
38 CSC WORLD | SPRING/SUMMER 2013
BMW Goes From
Keyless to Hands-Free
During the 2013 Super Bowl, a 30-second commercial
focused on BMW’s new hands-free trunk opening feature:
The owner of a red 328i, carrying two large travel bags,
opens the trunk (or boot, as it’s called in Europe) with a
wave of her foot under the bumper. As she turns away, her
mischievous dog pops the lid with the wag of his tail — and
retrieves the bag with his play toy.
BMW’s remote trunk release feature is a function of an
integrated system beginning with sensors in the bumper
that detect the movement of the foot and then connecting
with systems for the car’s body, remote key and locking
mechanism. It’s part of a package of embedded software
from CSC that also controls the car’s sunroof, washer/wipers
and power seats with a pneumatic massage feature.
“We have received a great deal of positive customer
feedback about our new hands-free feature,” says Dr. Pia
Mondal, head of E/E Systems Engineering and Processes
for BMW Body and Interior Trim. “If you have ever had your
hands full and needed to open the boot, you can see how it
enhances the overall experience of owning a BMW.”
Automakers are constantly looking for ways to add safety
features and cockpit technology that truly differentiate their
brand with car buyers, according to Tom Salva, director
of Automotive Product Life-Cycle Management at CSC.
“They’re under a lot of pressure to get features to market
faster and get started on the next phase,” he says. “These
embedded systems are getting increasingly complex to
integrate, and everything takes up space and adds weight,
which could potentially affect handling and fuel efficiency.”
“Today’s car buyers are tech-savvy, and they’re looking for a
pain-free experience,” says Paul Scott, automotive industry
executive at CSC. “For buyers under 30, it’s less about fuel
consumption, comfort and performance, and more about the
overall shopping experience and the cockpit technology.”
CSC is working with leading automakers on analytics
technology that will unlock customer and prospect data from a
variety of sources — online vehicle configurators that customers
use to pick out the model, color and options; social media
mentions on Facebook and automotive blogs; and dealership
sales and maintenance records.
Customer analytics, in the hands of sales teams connected by
cloud-based tools such as saleforce.com, can result in higher
sales of cars and more visits to the service department by
Combined with vehicle-derived performance data collected
throughout the life cycle of the vehicle, these analytics can
help automotive design and development teams deliver what
customers want. In the future, a growing number of sensors in
the vehicle will generate real-time analytics that could open the
door to unprecedented levels of service.
“Imagine your dealership showing up at your house with a
loaner vehicle before your car actually breaks down,” Scott says.
39SPRING/SUMMER 2013 | CSC WORLD
Today’s manufacturing operations and supply chains
stretch around the world. A highly complex web of
systems manages and collects data about a wide range of
processes including production, plant robotics, suppliers,
distribution, workplace safety and risk.
CSC is helping manufacturers solve those challenges
with machine-to-machine (M2M) factory automation that
integrates physical assets in any location with modern
sensors, networks and middleware over secure wireless
networks. In fact, CSC helped one global automaker
consolidate 150 instances of SAP software.
“It’s like social networking with the company’s machines,”
says Paul Scott, automotive industry executive at CSC.
“Managers only need to make decisions when the
M2M, delivered wirelessly with low-cost cloud-based data
storage, helps operations managers gain a host of insights
from their data. For example, analytics from sensors in
the equipment and throughout the factory predict future
maintenance schedules — and avoid downtime.
Learn more at
Volkswagen: on the road to big data
Volkswagen is already using big data to increase aftermarket
service revenues and build brand loyalty in France.
The company developed a campaign management solution to
entice Volkswagen owners to its service centers. Working with
CSC, Volkswagen was able to combine customer data with
vehicle data and qualitative notes written by the technicians at
the service centers.
As a result, the company was able to use targeted
communications to specific drivers about upcoming
maintenance needs. “Our partners really appreciate the fact
that we’re helping car owners get ahead of service issues and
that we’re driving this business to their service centers,” said
Christophe Droux, Communication & Sales Promotion Manager,
Volkswagen Group France. “It’s not just about making the next
sale. It’s about making a customer for life.”
The convergence of cloud, big data and mobility is putting the
automotive industry in the forefront of technology innovation,
notes CSC’s Sweeney.
“It’s a very exciting time for the industry. We’re doing things
that weren’t possible 10 years ago,” she says. “The challenge for
manufacturers is implementing these technologies in a planned
and integrated way and listening to customers about what they
want from the car of the future.”
Berthold Puchta is general manager, Global Automotive,
Industrial & Chemical Industries for CSC.
Take a Deeper Drive
Find related videos, download our iPad
app or discover other automotive content at
Automotive Industry Goes
Driving in the Cloud
Watch the Video: How Technology
Powers the Vehicle of the Future at
40 CSC WORLD | SPRING/SUMMER 2013
3D printing sounds like something straight out of science
fiction, but the idea that you can use a computer to quickly
create complex objects seemingly out of thin air is a reality.
With prices of 3D printers dropping, it’s a technology that’s
becoming more widespread.
If making an object becomes as easy as downloading a file
and clicking a “Print” button, what does that mean for the
manufacturing industry? That and other implications of 3D
printing were a topic in a recent CSC Town Hall meeting and
report, “3D Printing and the Future of Manufacturing.”
“The term ‘3D printing’ has been broadly adopted, but what
we’re talking about is additive manufacturing,” says Vivek
Srinivasan, one of the researchers of the report and regional
manager of the Executive Programme for CSC’s Leading
Edge Forum. “For example, in traditional manufacturing,
creating a tool like a wrench involves forging, grinding, milling
and assembly, not to mention the molds, jigs and fixtures
needed in the process. By contrast, 3D printing can create
an adjustable wrench in a single operation, layer by layer. The
wrench comes out fully assembled and ready to be used with
all of its moving parts.”
3D printing is evolving rapidly, Srinivasan says. It won’t replace
all forms of manufacturing, but for the right applications, 3D
printing offers compelling benefits. “3D printing can make
objects with a complex internal structure that would be almost
impossible using traditional methods. There’s no large factory
and no retooling of an entire assembly line. The same printer
that creates a piece of art can be used next to print a bike part.
And that printer can be kept close to the point of consumption,
which has implications for logistics,” he says.
3D printing has been popular for creating prototypes and
small sample parts for a few years now. Jarrod Bassan, another
researcher who worked on the report and a CSC senior
consultant in Melbourne, Australia, offered examples of the
way 3D printing is being used to create finished products. One
example demonstrated the use of a laser scanner to make an
exact model of an athlete’s foot, building a 3D-printed shoe
around that model. “It’s molded exactly to that foot using the
minimum amount of material and is about 30% lighter than any
other commercially made product,” Bassan says. “It’s designed
to give a 3.5% performance improvement to the athlete.”
3D PrintingWill Turn Manufacturing on Its Head
by Dale Coyner
Image courtesy of MakerBot Industries
41SPRING/SUMMER 2013 | CSC WORLD
Bassan says that 3D printing is driving innovation in more
ways than uniquely made printed objects. Business models
are evolving as well. “There are a number of companies today
that enable you to upload a design to a website and press the
‘Print’ button. They will print it and ship it to you. Companies like
Sculpteo take it one step further. They help offer your product
in a 3D marketplace. They will take the orders, print it and send
it to the buyer. You collect the profit from the end of it.”
Gordon Fuller, a principal at CSC, says 3D printing creates
unique opportunities and threats for a broad range of industries.
“Companies have the ability to update their supply chains to take
advantage of the local printing and use it as a cheaper supply chain,
a more responsive supply chain. Of course, they have competitors
doing the same thing, so they have to be aware that they need to be
more nimble in moving forward with this,” Fuller says.
“When making decisions about new facilities or longer-term
contracts, companies must decide how vulnerable their product
lines and their supply chains are to 3D printing,” Fuller says.
“Even for a facility that might have a payback period of five
years or seven years, that’s starting to be in the range of time
that companies have to examine seriously how 3D printing will
improve or threaten their activities.”
NASA and 3D printing
Organizations with existing prototyping capabilities are already
experiencing change with the introduction of 3D printing. NASA
and the Jet Propulsion Laboratory have a long history of building
one-of-a-kind vehicles that have relied extensively on intricate,
custom-made parts, crafted by experienced machinists.
3D printing has allowed mechanical engineers to improve
designs rapidly, but the group still relies on machinists for
many of its finished products, says Gabriel Rangel, emerging IT
specialist at the Office of the CIO, NASA/JPL.
“Our expert machinists with decades of experience in building
one-of-a-kind space parts are looking at this capability and
asking ‘Why do we need this plastic? We should put our
resources together so that we can get even finer quality,’”
Rangel says. “They were absolutely right, which is why we’ve
adopted an approach of ‘innovating together.’ Our mechanical
engineers need 3D printing to accelerate prototyping. And
the process that we have to get a high-quality machined part
doesn’t go away with 3D printing. In fact, it widens the audience
and the need to get higher quality.”
NASA/JPL says 3D printing has driven down the cost of prototyping
and helped develop a crowdsourcing aspect to innovation.
“We come up with designs for things that have never been done
before to go to a different planet. We make a lot of different
prototypes, and it takes a long time to select them,” says Tomas
Soderstrom, CTO in the Office of the CIO, NASA/JPL. “Now we
print them all out for 50 cents apiece, then select the right ones
to go after in detail. That’s a huge advancement for us. That’s
New kinds of objects
Bassan says advances in material science will allow 3D printers to
create objects that can’t be made by traditional manufacturing
methods. “If we can control the crystalline structure of metals,
just imagine some of the properties we could imbue to a metal
part that’s hard and brittle at one end but the same piece of
metal is springy and soft at the other end.”
Paul Gustafson, director of CSCs Leading Edge Forum, says
some aspects of 3D printing will require companies to rethink
business models or how they protect their intellectual property.
“We’ve seen the bumps along the way in the media world
with DVDs. We have to look at leadership coming out of the
media industry to drive some of the standards we need to help
manage these bits and the rights so you can ‘print once,’ versus
copy and replace. There are a lot of things in motion that need
to be worked out,” he says.
Fuller says the impact of 3D printing will be felt more acutely in
some industries than others. “The retail area will be completely
revamped. What happens when you can scan something in
a store and print it out at home?” he says. “Eyeglasses, for
example. Currently $250 a pair. I can print them out on a 3D
printer for 25 cents in materials… Large assembly industries,
automotive, industrial machines, those are still going to be made
as they have been. But beyond that — wow.”
Dale Coyner is a writer for CSC’s digital marketing team.
Download 3D Printing and the Future
of Manufacturing at csc.com/LEF.
This e-reader stand
was 3D–printed by our
researcher in less than
an hour. The design is
available on Thingiverse
by designer Billy
Carr (“uni stand” by
How 3-D Printing Will Turn
Manufacturing on its Head
Hear from CSC and NASA experts in this
special Town Hall discussion on 3D printing
42 CSC WORLD | SPRING/SUMMER 2013
Fast-changing, disruptive technologies such as the Internet
and mobile devices have brought us wonderful conveniences
— banking without boundaries, limitless entertainment and
countless productivity apps, to name just a few.
Those innovations have also created significant challenges —
that threaten our personal security, privacy, financial welfare
and in some cases, our liberty. It’s natural to expect some
disruption when rapid change collides with institutional inertia,
but the current state of personal identification, and the risks
and bottlenecks it creates, has become untenable.
What functioned in a paper-based world was never suited
to today’s commerce, nor was it designed to establish our
identity in the absence of meeting face to face. As our online
persona expands with the accounts we create, we release more
information than necessary to “prove” our identity. This creates
a multitude of companies engaged in a business (identity
verification, identity authentication) for which they are poorly
suited and distracts from their core objectives.
That was okay in a world where commerce wasn’t conducted
globally. Information that was stolen couldn’t be used as widely
or as rapidly as it can today. Yesterday’s credentialing processes
operating in today’s system create a target-rich environment
for cybercriminals. After all, the Internet that enables app
companies to control your garage door can equally enable
cybercriminals to remotely operate your bank account.
Replacing plastic IDs
It’s time to reinvent the process of identification. Many attempts
have been made to tackle the problem. (Remember the push for
a National ID card? You’ll be excused if you don’t. The idea faded
fast.) None of the ideas presented to date have succeeded because
they don’t address the fundamental flaws in today’s system.
A better approach to identification has some critical
differences from the way we do things, but it’s important
to realize that the technology is largely available today.
The problem is that unwinding decades of dependence on
current methods is complex.
The traditional method of establishing an identity, such as
issuing a birth certificate, remains a government-controlled
process. After that, verification or authentication of our
identity doesn’t need to rely on the government.
by Chris Wiesinger
Identity verification and management are best managed by a
company whose responsibility is to you, and helps put you in
control of who receives your identifying information.
This separation of identity and entitlement is a critical aspect
of the system and a big part of what’s wrong now. Your driver’s
license entitles you to drive. Your Social Security card entitles
you to benefits. Neither of them actually proves your identity.
Once your identity is established, companies (“relying parties”)
that require identifying information about you could obtain
it from your trusted ID provider (TIP), requesting only the
information necessary to entitle you to a service. If a service
required that you be 21 years of age, your TIP could confirm
your eligibility without sharing your age or actual birth date.
On subsequent visits, the relying party will check with your TIP
to authenticate you. This should be welcomed by millions of
businesses today that must maintain more information about
you than they want, face the cost and pain of password resets,
and deal with data and account breaches.
A modern ID system
A modern ID system would incorporate biometrics, location and
other modalities to establish high degrees of confidence about
your identity. Biometric authentication methods far surpass the
average human’s ability to accurately verify your identity.
Your smartphone is already capable of these functions, acting
as your mobile biometric verification device, which means
that this approach would meet a third, critical test. It would be
easy and convenient to use. Other challenges and hurdles to
developing a secure, robust system remain, but we deserve an
identity system suited to the needs of 21st century businesses,
governments and citizens.
Learn more at csc.com/ID.
Chris Wiesinger is a principal business architect for CSC’s
Border and Immigration Solutions Center of Excellence.
43SPRING/SUMMER 2013 | CSC WORLD
The United States remains a country that many people dream of
visiting. But for a sizable percentage, it remains just that — a dream.
Visiting the United States today has become an inconvenient
journey for many potential travelers because of changes made to
the travel visa process following September 11, 2001.
Securing the visa process was necessary after 9/11, but the
new rules turned an ordinary process into an onerous one.
The current process includes an in-person interview at a U.S.
consulate for most potential travelers, requiring many to make
a long and expensive journey to the closest U.S. consulate to be
granted permission to travel to the United States.
As a result, many have chosen to travel elsewhere. The impact
on U.S. tourism and related businesses has been significant.
The U.S. Travel Association reports that since 9/11, international
travel grew by 40% overall. Travel to the United States grew
by just 2%. The U.S. market share of the global travel market
dropped from 17 to 12.4% by 2010.
The bad news is: The United States has lost billions of tourism,
conference and business dollars to other countries during the
past decade. The good news is: This is an issue that can be fixed,
and the opportunity to do so may be at hand.
New conversations about immigration reform in
Congress have opened a once-in-a-generation
opportunity for the U.S. government to make
substantive changes to our immigration and
Improving the visa and travel process requires
moving beyond a traditional view of security
that involves actual in-person interviews and
repeated fingerprint collection. Rather, the
process should evolve to one that uses the
digital platform we all live on to create a
positive customer experience.
Could a Smartphone Solve
by Lora Ries
Consular officials must be able to answer two questions about
you when adjudicating a visa application: Who are you? and,
Are you eligible for the visa? Answering the visa-eligibility
question is an inherently government function that consular
officials must perform. But the identity determination is
common to any application or benefits process.
Realizing this, both U.S. and foreign consular agencies have
outsourced biometric collection and other administrative
activities to contractors such as CSC, who perform the
functions at visa application centers (VACs) offsite from
embassies and consulates to reduce costs and embassy
Why not use this growing global VAC network, as well as other
ubiquitous brick-and-mortar storefronts, to interview visa
and trusted traveler applicants via secure videoconferencing
with consular and border officials located elsewhere in their
Some adjudicators resist the idea of video visa interviews. They
have greater confidence in seeing the person in the flesh. But
when visa interviews last only a few minutes to keep the wait
times down, remote video interviewing seems like a valuable
tool to use in addition to in-person interviews as necessary.
Many would-be travelers are holding the other half of the
answer: a smartphone. Using current mobile applications,
individuals can biometrically authenticate their identity and
link it to their visa application on their mobile device. Biometric
identity verification performed by a device that a traveler
already owns is a cost-effective strategy that improves integrity
in the visa system, while offering customers a great experience
and faster processing.
It isn’t necessary to relax our visa requirements to maintain our
national security. A visa application process that maximizes
use of proven technologies can improve security, cut costs and
facilitate travel to the U.S. When world travelers commonly use
Skype and smartphones/tablets to communicate, the U.S. can
regain its competitive edge in world tourism by speaking their
Learn more at
Lora Ries is senior principal of immigration reform strategy at CSC.
44 CSC WORLD | SPRING/SUMMER 2013
by David Guzmán
At H. D. Smith, the cloud is not a choice, but an imperative.
That may not be true for every company in every industry. But
for us, the cloud delivers compelling economics and equally
Like many organizations, we realized that running a data
center is not our core business. Focusing on our customers
and bringing great solutions to market, is. What’s more, we in
IT at H. D. Smith were recently asked to help our organization,
which focuses on distribution of healthcare products, overcome
a serious challenge: Our core business, which involves buying
products from suppliers and then reselling them to our
customers, is one of low margins. So how can we grow our
company to not only deliver new sources of revenue, but also
fulfill our strategic intent, which is to become the leader in
controlling healthcare costs and improving patient outcomes?
Within IT, we naturally did all that we could. We implemented
SAP, added automated tools to our warehouses, and did much
more. But our Achilles’ heel was the data center. It simply
couldn’t help us fulfill our vision.
We did look into building an entirely new data center, but found
the costs would reach into the nine figures. So we sought
instead to work with a partner who could help us build the data
center. I also wanted a partner who could help us achieve my
own vision for IT at H. D. Smith. That is, to become a revenue-
generating part of the business by building IT-driven business
solutions and services that serve our customers and industry.
Ultimately, we decided to migrate our data center to the cloud,
and to do so with help from CSC.
Our vision for the cloud will take us through four distinct waves.
The first wave is all about getting there. That means moving our
existing data center and legacy applications. We chose a world-
class provider with world-class processes that will improve
our ability to keep the lights on today with process excellence,
disaster recovery and security. Also during this first wave, we
migrated selected IT systems to the cloud — including email,
ordering and e-commerce — all of which are compatible with
the x86 architecture.
Our second wave involved completing that process by moving
the applications themselves, the platforms they run on, all
applications and systems software (and the management they
run on) to the cloud. With this second wave, H. D. Smith has
completed its cloud journey. But that’s not to say we’re done.
In our third wave, now under way, we’re building solutions,
business services and applications that will take us beyond
our four walls and start transforming us into a true services
provider. In this wave, our partnership with CSC has been
elevated to a new and higher level, as it now provides the
ground services, IT infrastructure and support for these
applications. We, meanwhile, provide the solutions and services
to our customers.
Now, about a year into the process, we’re in position to ride our
fourth wave. At the risk of sounding bold, even audacious, our
goal is to make H. D. Smith the leader in controlling healthcare
costs and improving patient outcomes. Now, you may ask,
“If you’re going to really support thousands, maybe tens of
thousands, of customers and suppliers, how are you going to
scale to support that level of service?” My answer is: with the
cloud. It will give us the perfect amount of scalability. That
way, as we grow, we’ll be able to add the resources we need,
whether computing power, staff, support resources or anything
else. That’s the wave I’m most eager to ride.
David Guzmán is CIO of H. D. Smith, a Springfield, Ill.-based
pharmaceutical distributor that serves hospitals, community
pharmacies and medical suppliers.
Four Waves to the Cloud
Watch our H. D. Smith Success Story Video at
45SPRING/SUMMER 2013 | CSC WORLD
CSC WAS THERE
The world’s LARGEST
CSC built and manages state-of-the-art
flight simulators that mimic real-world flying
conditions for training U.S. Army helicopter
pilots at Fort Rucker, Alabama.