5 Steps to Enterprise Cloud
Why Data Is the “Next
Your Driver’s License
3D Printing and the
Intermountain’s Marc Probst, CIO
The old “do it yourself” approach to cybersecurity leaves you vulnerable to today’s sophisticated attacks.
Attacks that can come from anywhere in the world and at any time day or night. Attacks that make you
focus less on your business strategy and more on getting your reputation back. What you need is a
partner that monitors the globe day and night looking out for you — armed with advanced abilities that
can recognize a dangerous threat in the midst of the white noise. And, the capability to protect you
before the attack gets to your doorstep.
Change the model and run your business on your terms. Get CyberconfidenceTM
, with integrated global
cybersecurity solutions from CSC.
Learn more at CSC.COM/CYBERSECURITY.
2 CSC WORLD | SPRING/SUMMER 2013
CSC WORLD | spring/summer 2013 | VOLUME 12 | NUMBER 2
CSC partners with SAP to offer next-gen banking
solutions; Maruf Majed is named vice president and
general manager for Asia, Middle East and Africa; and
CSC agrees to sell its Applied Technology Division.
6 heard on csc.com
Experts are coming to CSC.com to make their voices
heard, in CSC Town Halls, online communities and
Ingenious Minds blogs.
8 Catering to a Connected World
Mary Jo Morris, vice president and general manager of
Diversified Industries at CSC, shares thoughts on the
importance and prevalence of connectedness.
9 Exploring the Nordic and Baltic Regions
John Walsh, vice president and general manager of
the Baltic and Nordic regions at CSC, discusses the
opportunities and challenges facing business leaders.
The healthcare industry is entering a world of great
opportunity and tremendous risk. Intermountain, a
22-hospital health system, is using innovative technology
to improve care and secure systems.
14 Kaiser Permanente CIO: ‘The Consumer
Is in Charge’
There’s a revolution brewing in healthcare, and one of its
chief insurrectionists is Phil Fasano. The executive VP and
CIO of Kaiser Permanente discusses his new book.
17 A New Model for Medicine
The practice of medicine is changing. Lisa Pettigrew,
industry general manager for Global Healthcare
at CSC, unveils three new models for care.
18 Medical Device Firm Grows Better Data With
Biomet Microfixation, an innovator in the medical industry,
chooses enterprise cloud applications by Salesforce.com to
improve its ability to generate real-time, accurate data.
3SPRING/SUMMER 2013 | CSC WORLD
36 Automotive Industry Goes Driving
in the Cloud
While flying cars may still be out of reach, cloud
computing, mobile broadband, location-awareness and
big data technologies are bringing the car of the future
to market today.
40 How 3D Printing Will Turn Manufacturing
on Its Head
3D printing sounds like something straight out of science
fiction, but the idea that you can use a computer to quickly
create complex objects seemingly out of thin air is a reality.
42 Your Driver’s License Is Obsolete
The Internet and mobile devices have brought us wonderful
conveniences but also significant challenges. Paper-based
IDs are no longer suited for this world.
43 Could a Smartphone Solve Immigration Reform?
Many people dream of visiting the U.S. But new rules
have made the travel visa process too difficult for some.
Smartphone biometrics could help.
44 Four Waves to the Cloud
At H. D. Smith, a pharmaceutical distributor, the cloud is not a
choice, but an imperative. CIO David Guzman, discusses why
cloud computing offers compelling economics and capabilities.
20 Financial Regulations Sweep the Globe
The U.S. government continues to look for ways to prevent
anyone from not paying their fair share of taxes. A new law
designed to improve reporting will affect everyone.
21 How Cloud Is Disrupting Financial Services
Cloud-driven change is affecting how processes are
managed, how IT investment is handled, and how costs are
allocated. But the biggest changes are not related to IT.
22 5 ‘Must Haves’ for Every BI Dashboard
The effective use of business intelligence gives companies a
competitive advantage. Delivering timely information to decision
makers can be accomplished with a well-designed BI dashboard.
24 Putting the ‘I’ Back in IT
The growth of the IT industry has been driven by the “T”
in IT. New technologies have captured most of the public’s
imagination. That dynamic is changing.
26 The Case for Managed Security Services
Organizations face a dilemma: the number of cyberattacks
continues to grow, while budgets continue to remain flat.
Managed security services are often the best option.
28 Decoding the President’s Cybersecurity Mandate
The growing frequency of cybercrime is top-of-mind for
U.S. officials. Samuel Visner, executive vice president and
general manager of cybersecurity at CSC, explains why.
30 3 Reasons to Believe in Hybrid Clouds
Cloud services come in different shapes and sizes. Lately,
many organizations are turning to hybrid solutions and
infrastructure models that can be tailored to specific needs.
32 Why Enterprise Clouds Rule
Cloud computing has become a key part of an IT leader’s
toolkit. Many organizations use cloud for various reasons.
It’s critical to select the appropriate cloud model.
34 5 Steps to Enterprise Cloud
Will the consumer cloud — the popular, low-cost service
offered by Amazon and others — be to cloud what the
iPhone was to mobile? Siki Giunta, vice president and
general manager of cloud services at CSC, says no.
New ON CSC.COM
Infographics Central: Explore key trends and data in
visual and interactive ways with a collection of CSC
infographics on emerging technologies such as cloud
computing, big data and mobile banking.
CSC Town Halls: Join a continuing series of online
conferences on IT topics that matter to you, featuring
CSC experts and special guest speakers ready to answer
your questions. csc.com/TownHall
Success Story Briefing Center: View video success
stories featuring CSC subject matter experts, clients and
global partners or search hundreds of stories that cover
a wide range of solution areas.
4 CSC WORLD | SPRING/SUMMER 2013
CSC has reached a definitive agreement with PAE for the sale
of its base operations, aviation and range services business unit,
Applied Technology Division (ATD), for $175 million in cash. CSC
acquired ATD with the 2003 purchase of DynCorp.
Announced on May 29, this agreement is CSC’s sixth divestiture
in seven months, furthering CSC’s transformation strategy
to rebalance its portfolio of services by focusing on its core
strength in next-generation technology solutions and services.
CSC will sell the aviation maintenance, base operations
and maintenance, test and training range, and space range
businesses of ATD, while retaining the division’s training and
simulation business. ATD currently performs work at more than
20 client locations in the continental United States.
“The sale of ATD supports our realignment of company
assets with our strategy of leading in the next generation of
technology solutions and services, including cybersecurity,
big data and cloud computing,” said CSC President and CEO
PAE’s dedicated focus providing mission-critical services to the
U.S. government and its allied partners will ease the transition
for clients and employees. ATD’s senior management team and
its approximately 5,400 employees will transfer to PAE as part
of the agreement.
In fiscal year 2013, ATD revenue was approximately $760 million
with low-to-mid single-digit operating margins. ATD revenue
has been reported within CSC’s North American Public Sector
(NPS) and will be recast as discontinued operations.
The transaction is subject to customary closing conditions,
including the receipt of various consents and an anti-trust
clearance under the Hart-Scott-Rodino Act. CSC expects to
close the transaction in the summer of 2013.
Get the latest CSC news at
CSC Agrees to Sell Its Applied
5SPRING/SUMMER 2013 | CSC WORLD
In May, CSC announced an expanded partnership with SAP
designed to accelerate the banking industry’s move to
next-generation technology platforms. CSC and SAP have
cooperated to define a new global go-to-market strategy for
their banking software and services offerings to help reduce
the risk, implementation time, and cost of modernizing business
processes and IT environments.
Under the expanded alliance, CSC will be an SAP global services
partner for the banking industry and is expected to provide
systems integration services for banks using SAP solutions. CSC
is also now a global value-added reseller of SAP, authorized to
resell SAP products, services and support. In addition, SAP and
CSC will co-sell their banking software and solutions.
The companies’ software and services address a wide spectrum
of enterprise technology and business needs to help banks keep
pace with evolving customer, market and regulatory demands.
Banks that have delayed upgrading their infrastructure and
applications can modernize them incrementally, which can help
lead to both lower costs and risk. The companies can unify
for customers a set of next-generation consulting, software,
enterprise services and testing technology platforms that
are designed to leverage both companies’ banking industry
expertise and extensive offerings.
“Modernization is both a costly and complex undertaking for
banks around the globe,” said Robert Hunt, senior research
director, CEB TowerGroup. “Because of this, many banks continue
to operate on legacy systems developed decades ago. Choosing
services and software from CSC and SAP makes perfect sense
and offers a compelling proposition to banks that have pushed
out or barely started their modernization projects to help meet
customer demands or improve operating efficiency.”
“Our vision for this software partnership is to help enable
large global and mid-sized regional banks to drive profitable
growth through cost savings, greater agility, more innovation
and a superior customer experience,” added Thomas E. Hogan,
executive vice president and general manager, CSC Global
Business Services. “Banks will now have more choice when
modernizing their technology systems.”
“CSC and SAP have been partnering for 30 years, helping to
bring value to customers around the world,” said Robert Enslin,
president of Global Customer Operations and a member of
Global Managing Board, SAP. “With this expanded relationship,
we look forward to further accelerating our efforts in the
As a long-time SAP global services partner, CSC implements
and delivers SAP solutions to customers across many industries
and is an SAP-certified provider of cloud services, hosting
services and application management services. In addition, CSC
has a successful practice in Central Europe focused on SAP
solutions used in the banking industry and has collaborated
with SAP on many complex implementation projects.
Learn more at csc.com/SAP.
In April, CSC named Maruf
Majed, vice president and general
manager for Asia, Middle East and
Africa. As the regional managing
director, Majed will drive and
coordinate all CSC operations
across the region.
“Asia, the Middle East and
Africa represent an enormous
opportunity for growth,” said
Thomas E. Hogan, executive vice
president and general manager for CSC’s Global Business
Services & Regions. “CSC is committed to establishing a
leadership position in these important regions, and we are
delighted to add an executive with Maruf’s credentials to
“I am thrilled to join CSC and look forward to leveraging
CSC’s strengths in next-generation solutions, such as cloud
computing, cybersecurity and big data, to enable improved
business outcomes for our clients,” said Majed.
Majed has a rich background in technology leadership roles,
including senior assignments at IBM, Gulf Business Machines,
Siebel Systems, webMethods, and, most recently, Misys. He
holds a Bachelor of Science from the University of North Dakota
and a Master of Business Administration from the University
Learn more about CSC at
Maruf Majed Named Head of Asia, Middle East and Africa
Changing the Way Banks Do Business
CSC and SAP Align Banking Portfolios to Deliver Advanced Solutions
6 CSC WORLD | SPRING/SUMMER 2013
Some will argue that telecommuting hurts productivity, but
studies have shown that the opposite is true. With modest
investments in technology, you can have the best of both
worlds. Employees can see each other’s faces in meetings,
and they can collaborate in ways that are both productive
and creative. Telecommuting doesn’t have to be sacrificed,
and we couldn’t go back if we wanted to.
One of CSC’s Ingenious Minds
CSC.comExperts inside and outside of CSC are coming to CSC.com to make their
voices heard, in CSC Town Hall webcasts, our online communities and our
Ingenious Minds blogs. Here are some highlights.
The promise of
3D printing can make objects with
a complex internal structure that
would be almost impossible using
traditional methods. There’s no
large factory and no retooling of
an entire assembly line. The same
printer that creates a piece of art can be used next to
print a bike part. And that printer can be kept close to the
point of consumption, which has implications for logistics.
Regional Manager, Executive Programme, Leading Edge Forum
Town Hall, “How 3D Printing Will Turn Manufacturing on Its Head”
6 CSC WORLD | SPRING/SUMMER 2013
7SPRING/SUMMER 2013 | CSC WORLD
Sure, you still see them around the
office, but make no mistake: Desktop
computers are the equivalent of
dinosaurs in the days after Earth
was struck by a large meteor. They were still there, but they
were the walking dead, doomed to eventually vanish. The
desktop’s meteor is mobile computing.
CIO Engage blog post, “The desktop is (pretty much) dead”
Is the typical CIO’s performance
rated on the effectiveness of the IT
security and risk management pro-
gram? Not really. They’re focused
on keeping new IT running on time,
keeping IT costs low, and getting
new IT initiatives out quickly. In an effective security orga-
nization, everyone is responsible for IT security, and they’re
held to it. Whoever is reporting directly to corporate
leadership, such as the chief executive or operating officer,
needs be held accountable.
CIO Engage blog post, “The 5 Keys of Effective Security Management”
Taking stock of
Not only is the National Climate
Assessment a huge undertaking,
the subject is a dynamic system
that is changing while we study it.
It’s like trying to give someone an
exam while they’re running a marathon. We discover new
variables, inputs, influencers and rhythms to our climate
on a regular basis. But are those observations — say, for
example, the recent spate of extreme weather events
in the U.S. — an isolated incident? Part of a long cycle
repeating pattern? Or representative of a genuinely
new trend? Accurately characterizing such an intricate
system takes a lot of thought and discussion.
One of CSC’s Ingenious Minds
There were a lot of automobile renters who were never
engaged in any kind of campaign, communication, survey
— anything except the rental. The name of the game these
days is ‘engagement.’ You hear that over and over with
mobile and social and everything out there now. It led to
some thinking about the best way to engage with those
Senior partner in CSC’s Big Data & Analytics group.
Town Hall, “How Avis Budget Uses Big Data in Marketing”
7SPRING/SUMMER 2013 | CSC WORLD
8 CSC WORLD | SPRING/SUMMER 2013
Getting connected has never been more important, or more
valuable. That’s true whether you work in private industry or
the public sector. It’s also true whether you’re connecting with
co-workers, customers, partners or suppliers. The need to
connect is the new requirement.
Fortunately, today’s technologies can connect us as never
before. Social media changes communications between
suppliers and customers from monologues to conversations.
Smart grids connect utilities with consumers by adding
intelligence, smart metering and more. Cloud computing
connects technology providers with users to enable new forms
of IT as a service.
CSC’s Diversified Industries group is making connections
in three main sectors: Energy and Natural Resources;
Communications and High-Tech; and Consumer and
Transportation. While there is great diversity among these
sectors, they are bound together by common market drivers,
including aging infrastructure in need of modernization,
increased security and intelligence, real-time information
demands, and a growing velocity and volume of data.
In Energy and Natural Resources, there’s a new focus on
smart energy. These industries have, over time, built large
infrastructures composed of heavy plant
and equipment. Now they want
to get more intelligence out of
that infrastructure. They want
to operate more efficiently
from remote locations,
with more safety, better
security, fewer people and
greater precision. Their
goal is to build so-called
smart grids: networks
that connect providers
and suppliers in
an intelligent and
automated way and
provide access to
by Mary Jo Morris
data at the point of production. These smart grids empower
energy providers to gather and act on information in new ways.
In the Consumer and Transportation sector, we’ve seen
entire companies transformed by the rise of the Constantly
Connected Consumer and passenger. This new level of
connectivity has inspired many consumer companies to rethink
the very nature of how they go to market, and with whom.
What’s considered “good service” has been transformed, too;
by harvesting data from social media and customer databases,
manufacturers and retailers can offer customized products
based on predictive analytics.
Similarly, in Transportation, we have solutions that extend
the Connected Consumer to another client base — the
Smart Traveler. By using data and analytics to detect traveler
preferences, we can “automate the journey” for transportation
companies that serve the traveler. We also enable those
companies, through automation and modernization, to provide
a more secure, reliable, efficient, and pleasant experience for
Finally, in Communications and High-Tech, it’s these
companies that provide the enabling infrastructures and
products that connect us all. Mobility, cloud, social media,
dynamic storage, virtual networks — are all technologies that
underpin our solutions.
In addition to wanting greater connectivity, most of our
clients share another desire, namely, to expand into Asia. Here
especially, getting connected is vital. Social media, mobile
technology, cloud and other IT innovations will be key enablers
for these companies to do business globally. Application
modernization is also important, as many expand geographically
by offering cloud-based applications as a service.
Agility is increasingly important, too. In today’s business
environment, innovations appear at an ever-faster rate, and
they are increasingly disruptive. Consider, for example, how the
rise of mobility has transformed the entire telecom industry.
Again, the cloud is helping, this time by allowing companies to
dynamically allocate infrastructure resources.
Security and privacy are important elements of these new ways
of connecting. One unfortunate side effect of offering greater
connectivity is that organizations also connect hackers, criminals
and other “bad guys” with their systems. So as they extend their
connections, they must also strengthen their protections.
The ability to connect with suppliers, partners and customers
— and to do so with high levels of privacy and security — will
define the leaders of tomorrow. But the time to build the IT
infrastructures that enable greater connectivity is today.
Mary Jo Morris is VP and general manager of Diversified
Industries at CSC.
Catering to a
9SPRING/SUMMER 2013 | CSC WORLD
As an American working in the Nordic region, I’ve been
impressed by the happiness. If you look at the latest worldwide
indices, Norway ranks first, making it the happiest country
on Earth. Right behind is Denmark at number two, Sweden
at number three, and Finland, a close number seven. Perhaps
they’re so happy about their countries’ strong social-welfare
states. For example, Norway distributes all the profits from its
oil business into a national pension plan, now worth more than
$710 billion, that benefits every citizen in the country.
I’m happy to be here, too, but for a different reason: for the
opportunity to help local businesses and public sector agencies
dramatically improve their competitiveness. That’s a top goal
right now for many of the region’s enterprises, which — despite
the region’s small population — include such large, well-known
brands as Ikea, Lego, Maersk, Nokia and Saab. While their
region’s citizens may be protected by the state, these Nordic
businesses must compete in tough, fast-moving international
markets, where it’s every company for itself.
Fortunately, CSC has been able to help with a range of
IT-powered business solutions. When Nordic businesses and
government agencies need help with cybersecurity, cloud
computing, data analytics, or utility-based computing and
storage models, they know they can turn to CSC for solutions.
Take cybersecurity, a major concern in the Nordic region. When
one of our clients was recently attacked by hackers affiliated
with Russian organized crime, we helped the client identify the
details of the attack, eliminate it, repair the damage, and bolster
protections for future prevention. Other local enterprises face
serious threats from rogue nations, organized criminals, spies
and others, and we’re helping them detect attempted attacks
and deter them.
Another important tool for the region is cloud computing, and
the related ability to offer IT capabilities as a service. The cloud
helps enterprises gain agility, increase cycle times, improve
service quality, mitigate risk, innovate, reduce waste and lower
their costs. We recently implemented BizCloudTM
, our private-
cloud solution, for Telenor Group, a Norway-based mobile
operator. Telenor, with 148 million subscribers in 11 national
markets, is one of the largest telcos in the world, and it’s using
ExposureCSC sees big opportunities in the Nordic and Baltic regions.
our service to gain high levels of both scalability and flexibility.
Similarly, the cloud lets us offer Storage as a Service, a utility-
model solution that lets our clients pay for only the storage
capacity they actually need.
Data analytics is another huge and growing opportunity.
Companies with large amounts of data, such as insurers, are
looking to transform those files into actionable information.
To do this, they will need new tools and techniques that not
only solve business problems, but also improve the customer
experience and boost profitability. They will also need new data
tools that can handle new forms of information — much of it
unstructured — now being collected from social media, online
videos and industry researchers.
With Nordic governments playing such a large role in their
economies, you may not be surprised to hear that we also
work extensively with the local public sector organizations.
For example, we’re helping the Danish government undertake
an innovative e-business transformation. The project involves
registering property, vehicles and other assets; operating
major tax systems; and running significant components of the
government’s IT infrastructure.
The countries of the Nordic region, while sharing many cultural
commonalities, also differ from one another in important ways.
They speak different languages, take different approaches
to decision making, and specialize in different industries. Yet
they all share a large and growing business environment, a
willingness to invest in IT and automation, and an intense desire
to work faster, cheaper and simpler.
John Walsh is VP and general
manager of the Baltic and Nordic
Regions at CSC.
Exploring the Nordic and Baltic Regions
Hear more from John in the video: Applying
Next-Gen Technology in the Nordic and Baltic
Regions at csc.com/nordics
by John Walsh
10 CSC WORLD | SPRING/SUMMER 2013
While attacks on the healthcare industry aren’t as high-profile
as those experienced by the financial services and energy
sectors, security experts say cybercriminals have increased
their assaults on critical medical systems to steal valuable
Surveys show that most health organizations have
suffered some kind of data breach or security incident.
For example, Ponemon Institute’s Third Annual Study
on Patient Privacy reveals 94% of the healthcare
organizations it interviewed reported at least one data
breach in the past two years, and 45% said they had more
than five breaches during that time.
With risks continuing to escalate, some organizations are
taking a proactive approach, working to better protect
patients’ data and fortify their systems before an attack or
One organization keen on building greater resiliency and
security is Intermountain Healthcare, a health system
repeatedly honored for excellence and innovation both in
healthcare and its use of technology. Last year, CSC began
working with Intermountain to help strengthen its security.
Along the way, the team has applied innovative approaches to
better secure Intermountain’s network of systems and data.
Managing risk with innovation
Intermountain Healthcare is a nonprofit health system based
in Salt Lake City, Utah, consisting of 22 hospitals, 185 physician
clinics, an affiliated health insurance company and 33,000
employees that serve the state of Utah and southeastern Idaho.
“Intermountain Healthcare has a long legacy of very high
quality in healthcare and, from a cost perspective, we are one
of the lowest-cost providers of healthcare in the country,”
says Marc Probst, chief information officer and vice president
of Information Systems at Intermountain Healthcare. “That
comes from a focus on using systems and really smart
people taking the data from these systems and making good
decisions. In areas like privacy and security, though, we are
looking to other industries.”
by Jenny Mangelsdorf
The healthcare industry is venturing into a
world of tremendous opportunity — and
tremendous risk. By linking systems and
medical devices to the Internet, adopting
electronic health records and implementing
regulatory reforms, the industry is drastically
improving healthcare for all of us. But
the changes are also creating a health IT
landscape fraught with security challenges.
10 CSC WORLD | SPRING/SUMMER 2013
11SPRING/SUMMER 2013 | CSC WORLD
Client: Intermountain Healthcare
• Growing use of vulnerable, complex medical
technologies, mobile devices and medical
diagnostic devices with IP addresses
• Escalating healthcare focus by cybercriminals,
partially due to increased black-market value of
patient medical records
• Evolving regulations carrying both legal and
• Data classification, identification, encryption and
• Audit preparedness
• Revised security policies, procedures, guidelines
• An innovative scalable, self-healing, controlled
and managed network infrastructure design that
protects data, applications and systems
• Greater resiliency and security to protect patients
and thwart current and emerging cyberthreats
• Creative information security awareness, training
content and delivery
Read more CSC client success stories
Information systems security and privacy ranks a close second
in the top challenges facing healthcare CIOs after attaining
effective meaningful use of electronic medical records, adds
Probst. “Regulation changes and the complex nature of
medical services create a huge security and privacy challenge.”
Cybercriminals’ increased focus on healthcare data compounds
that challenge. Intermountain wanted to ensure that it was
reducing the risk to its organization and that it stays current
with the latest security controls.
“The dynamic has changed substantially,” says Ashif Jiwani,
CSC Global Cybersecurity partner, Healthcare. “A year ago, the
financial services industry was attacked from everywhere in
the world; now the healthcare industry has become the easiest
target for commercial hackers.”
For cybercriminals, stealing identities from sick people is fairly
easy since they’re focused on getting well and many times let
other responsibilities slip, such as ensuring that their identities
haven’t been stolen. Healthcare records, which contain megabytes
of valuable personal data ranging from Social Security numbers
to blood types, have also become more valuable than simple
credit card numbers, which financial industries have worked hard
to protect with antifraud capabilities.
“Through CSC’s global threat intelligence, we are constantly
watching the black-market exchange boards to see what’s
happening on behalf of our clients,” says Tom Patterson, CSC
Global Cybersecurity Consulting general manager. “Currently,
criminals are getting an average of $2 for a credit card record,
whereas a medical record brings about $20.”
An issue of reputation and regulation
At $20 a record, criminals can quickly make a lot of money
and simultaneously damage an organization’s reputation
and budget. Take last year’s attack on the state of Utah’s
Department of Technology Services computer server, which
stores Medicaid and Children’s Health Insurance Program claims
data. Cybercriminals stole 280,000 Social Security numbers and
“less sensitive” personal information of another 500,000 people.
The Utah department is still dealing with the fallout.
11SPRING/SUMMER 2013 | CSC WORLD
12 CSC WORLD | SPRING/SUMMER 2013
“Until a breach occurs, security usually tends to be an
afterthought,” says Jiwani. “Intermountain has decided that’s
not where it wants to be. The system has made security a
priority because it feels that the protection of its patients’
information and privacy as well as its reputation is as
important as any of its other prime strategies.”
State and federal regulators also have strong feelings about
securing patient data and have set penalties, both penal and
financial, for noncompliance and breaches. For example, under
the U.S. Health Information Technology for Economic and
Clinical Health Act, hospitals and other organizations can be
fined up to $1.5 million per year for serious security incidents.
Corporate officers can also go to jail for negligence.
Intermountain, because of its scope, must follow health-
related, banking and insurance regulations, all of which
continue to evolve as cybersecurity gains importance.
Evidence of this evolution can be seen in last year’s audits by
the U.S. Department of Health and Human Services’ Office
for Civil Rights (OCR). The OCR, which audits and enforces
regulations from HIPAA and the HITECH Act, randomly
audited 20 healthcare organizations; 19 failed, says Jiwani.
“We’re finding the OCR has interpreted the regulations
differently [from] industry,” says Karl West, Intermountain
Healthcare chief information security officer. “Because of this,
we decided to innovate and partner with someone who could
help us move into a new paradigm and a new interpretation
of the regulations, and help us create a leadership position in
the protection of patient information. That’s how we came to
work with CSC.”
Segmenting networks and data encryption
A key area where CSC and Intermountain have teamed to
set new benchmarks in the healthcare industry is a network
approach that classifies data, encrypts data at rest and in
transit, and then segments, or enclaves, data and systems
— an approach that simultaneously protects data if stolen
and protects data from being stolen. This approach, which
CSC mainly uses in its public sector work, is a first for the
healthcare industry, says Jiwani.
“Few organizations have looked at developing a strategy
where they can encrypt and enclave their enterprise storage
networks,” he says. “We essentially took defense-level security
and applied it to healthcare.”
Under CSC’s security work with Intermountain, CSC is helping
the healthcare organization apply cutting-edge technologies
and equipment from leading vendors that is mapped and
embedded into these network design solutions.
Addressing BYOD, mobility and telemedicine
The network design principles encompass separation
of duties and separation of data access. The design allows
for managed and controlled access to containerized data
based on need-to-know and access rights. They also include
the use of approaches that support the confidentiality,
integrity and availability of data through controls, and
management around data access, data at rest and data
transport across the network.
The end result provides Intermountain with a sound,
scalable, self-healing, controlled and managed network
infrastructure design that protects data, applications and
systems containing electronic health information.
“This innovative approach, which balances a ‘security
everywhere’ focus with one of ‘security only where it’s
required,’ allows us to be very agile and focus on those
priorities that have the highest risk,” says Jiwani. “We can
dynamically change the areas where we want the most
impact and resources, and use tools in a much more
efficient way. It also allows us to determine the right level of
risk versus cost.”
Marc Probst, CIO and VP
of Information Systems,
13SPRING/SUMMER 2013 | CSC WORLD
New Data Breach Rules
Have Big Impact
by Richard Staynings
This January, the Department of Health and Human Services’
Office of Civil Rights published the Omnibus Final Rule
on amendments to the Health Insurance Portability and
Accountability Act’s Security Rule and the Health Information
Technology for Economic and Clinical Health Act.
The rule makes significant changes to requirements
involving security incident response and the notification
of data breaches for HIPAA “covered entities,” “business
associates” and their subcontractors. Essentially it reverses
the existing process, removes the “no harm, no foul” rule
and requires CEs and BAs to conduct a comprehensive
risk assessment to prove that no personal health information
is compromised when a possible incident occurs. CEs
and BAs are thus assumed guilty until they can prove
themselves innocent — a fairly significant change in the
fundamentals of U.S. law.
What’s more notable is that the rule presumes that any
unreasonable access, impermissible use or disclosure of
PHI is a breach, irrespective of whether this caused, or was
even likely to have caused, harm or damage to anyone. Thus
if a nurse inadvertently sees the record of a patient not in
her care, under the new rule, that action would constitute a
breach and, at the very least, would require that a risk
assessment be conducted.
These changes place a heavy burden on CEs and BAs’ risk
assessment resources and incident response teams, which
need to rapidly investigate, document and report incidents
as possible breaches to meet the new rule’s requirements.
Other changes involve encryption, notices of privacy
practices and breaches — even by organizations that do
not have direct relationships with patients. The presumption
is that organizations “know” collectively what their agents
know and are liable for that knowledge as well as liable for
acts or omissions of its business associates.
Jenny Mangelsdorf is a writer for CSC’s digital
Richard Staynings is a global cybersecurity and
privacy officer, Healthcare, CSC.
Learn more at csc.com/cybersecurity.
While increasing security was already in Intermountain’s
five-year plan, because of rapidly escalating cyberthreats
and evolving regulations, Intermountain decided to
accelerate its security work. CSC helped the company
leverage its discovery and monitoring tools to quickly and
efficiently discover sensitive information without buying new
technology. This effort, in turn, enabled the team to more
quickly begin securing Intermountain’s data.
“We normally see a program like this take three to four years
to fully complete,” says Jiwani. “Through some innovative
approaches to programs, and using a new and differentiating
approach to setting up this program, we have accelerated
our timetable by 50 percent with less than half the budget
we’d normally [devote] to this kind of project.”
This kind of speed and network approach becomes
increasingly critical, especially as physicians, patients,
staff and visitors want to use their own devices to access
“Every physician, every clinician has a favorite device, a
favorite phone, a favorite mobile technology, and for us to
keep ahead of those devices is challenging,” says West. “We
are working to develop strategies and technologies that
enable them to safely and securely use these devices in their
workflow and environment.”
CSC is also helping the healthcare organization strengthen
its administrative security controls, including updating
existing policies, procedures and guidelines. With its
extensive security training expertise, CSC is helping
Intermountain develop a long-term training strategy and
educational content that can be delivered through different
forms of media to help its workforce better understand their
“Our ability to help Intermountain Healthcare spans three
key areas: people, processes and technology,” says Jiwani.
“We are bringing Intermountain an understanding of an
industry-wide paradigm for security relevant to healthcare,
while helping them understand the technology landscape
and develop processes that are innovative and unique.”
“I believe CSC is going to help us become
a model healthcare system in the area
of IS security,” adds Probst. “We’re not
there today, but we have ground to
move forward on. I’m very bullish on
what we’re creating together.”
Watch our Intermountain Healthcare Success
Story Videos at csc.com/intermountain.
Ashif Jiwani, Partner,
Healthcare Group, CSC
14 CSC WORLD | SPRING/SUMMER 2013
In an interview, Phil Fasano,
executive VP and CIO of
Kaiser Permanente and
the author of a new book,
explains how technology-
enabled care can make
patients — and the
industry — healthier.
Kaiser Permanente CIO:
Is in Charge”
There’s a revolution
brewing in healthcare,
and one of its chief
Phil Fasano. In his role
as executive VP and
CIO of CSC client Kaiser
Permanente, an integrated healthcare
provider and not-for-profit health plan that
serves more than 9 million patients, he
oversees IT for one of the largest healthcare
organizations in the United States. Fasano
is also the author of a recent book,
Transforming Health Care: The Financial
Impact of Technology, Electronic Tools and
Data Mining (Wiley, 2013). To learn more, I
spoke recently with Fasano. The following is
an edited version of our conversation.
by Patricia Brown
15SPRING/SUMMER 2013 | CSC WORLD
Your job as a CIO must keep you extremely busy. So why
also take the time to write a book?
Because it seemed to me that the healthcare and information
technology industries were coming together. And although
the ability to leverage information technology in healthcare
and transform the industry was beginning to happen, the
pace wasn’t — and still isn’t — sufficiently fast. One reason I
wrote the book was to instigate a conversation between the
healthcare and IT industries.
I also wanted to bring some of the venture community along.
I wanted to present venture firms with new opportunities for
investing in both health IT and other technologies that support
the healthcare industry. I saw an opportunity to show them
that they could truly make a difference in people’s lives. And
to persuade them that transforming healthcare was where
they should be spending their time and energy, and investing
Finally, it became clear to me that IT holds enormous promise
for the future of healthcare in the United States. When you
look at healthcare around the world, you realize that the United
States is not first in quality. We do not have the best healthcare
system in the world. In fact, we are No. 1 only in terms of having
the highest cost. So, there is no greater opportunity in the
world right now than being an American focused on improving
healthcare with IT.
In the foreword to your book, Dr. Jack Cochran writes that
“the power has moved to the patient.” What does that
mean for IT? And how has it affected your work at
As health IT begins to alter the healthcare landscape, the
consumer is increasingly in charge. Consumers have the
ability to do everything — from deciding which health plans
and systems they want to be part of, to making it clear to the
health system and their physicians and other clinicians how
they want to be interacted with.
We already see this in other industries. For example, your bank
lets you set your personal preferences for online banking.
Elsewhere, you can indicate whether you’d like people to reach
you by phone or by email. But in healthcare, if you want your
physician to email you, that’s still seen as innovative.
At Kaiser Permanente, that’s become a foundational part of
how we operate. The power is tremendous, mainly because so
many of our members are taking advantage of it.
I also see this on the more individual level. Just the other night,
I met a doctor who is a user of Fitbit [an app that tracks the
user’s steps and calories burned], and he proudly told me that
he had recently walked more than 20,000 steps in a single day.
He was really proud of himself. So technology can also be a
motivating factor, enhancing people’s ability to stay healthy.
Before coming to healthcare, you worked in financial
services. What are some of the key differences between
these two industries?
In healthcare, the stakes are so much higher. We’re talking
about people’s lives, whether it’s a life-critical event or
simply improving people’s lives. When I worked in financial
services, everything was focused on improving the bottom
line and increasing our profit. Whether it was making a
process more efficient or enhancing a service, that’s what
it all came down to. But in healthcare, we’re here to make
people’s lives better.
Kaiser Permanente is a not-for-profit organization. So while
we do make money, we reinvest it, largely in capabilities
that better serve our members. It gives us the freedom to
invest for the long term, and to do the right thing for our
patients and members. It’s a wonderful thing, and I say
The U.S. government is mandating compliance with
electronic health records (EHRs) by next year. But in your
book, you point out that many healthcare organizations
are also moving toward electronic medical records (EMRs).
What’s the difference, and why does it matter?
EMR is a record of a patient’s basic medical reports. It’s
essentially a foundational tool that will help us to reach the
next level of healthcare.
EHR, by contrast, is a more comprehensive record of your
health; it includes EMR, but also more. If you had a lab test
this afternoon, that’s in your EHR. If you ever visited a hospital
emergency room, that’s in your EHR, too.
Through several initiatives, the U.S. government is supporting
the implementation of EMRs across the country. The next
step will be expanding them into fully functional EHRs. But
in my opinion, even that will not go far enough. To produce
the outcomes our country can be proud of, we in the United
States should have the best health system in the world. To
achieve that, we will need to connect the EMR and the EHR
systems across the country, much as the banking system
was connected years ago. Today, you can use your bank
card to withdraw cash from nearly any bank. Similarly, if I’m
with my physician, having my EMR should be my right, not
just a privilege.
To get there, we’re going to have to implement EMRs, expand
their use until they are EHRs, and then connect them nationally
so that all EHRs in the country are seamlessly connected for the
benefit of our citizens.
16 CSC WORLD | SPRING/SUMMER 2013
But what about industry resistance? Some physicians,
healthcare providers, insurers and others are opposed to
these and other IT enhancements.
Well, if it were easy, everybody would have done it already!
Seriously, about half the physicians in the country already have
EMRs, and a smaller share of hospitals do, too. So everyone
is moving in this direction; most of the industry is now
implementing these systems.
That said, no matter the industry, any disruption involves a
change, and any change is challenging. Change requires people
to relearn how they do things. Some physicians view change as
lost productivity, so it becomes a barrier to progress. To these
doctors I would say, the payoff will greatly outweigh the loss in
productivity. As for that productivity loss, it is only temporary.
At Kaiser Permanente, we’ve had to go through this, too. For
example, we had to help some of our physicians with additional
training. But now, some 17,000 of our physicians have made
the transition to electronic records. I’m sure that if you got any
of them on the phone, they’d tell you that they’re never going
back. The benefits are that remarkable. Now they have a full
view of their patients’ histories, they are completely informed,
and they can practice medicine to the best of their abilities.
How about security? What’s being done to protect our
healthcare information from thieves and other bad guys?
Healthcare systems are life-critical, so that means two things.
One, they have to be always on, always available. And two,
there’s an embedded promise to our patients that we’re going
to protect their personal information.
If someone steals your credit card information, you just get
a new card with a new number. But if someone steals your
healthcare information, that’s forever.
Of course, there are legal reasons for protecting security,
such as HIPAA and other state and national laws. But there
are ethical reasons, too. You want to do the right thing. So to
fulfill both needs, the industry needs to invest in a security
infrastructure that will make sure our data at rest is protected,
and our data in motion is encrypted.
How about healthcare and social media? How can Facebook,
Twitter and other related services help?
The healthcare industry is only beginning its adventure into
social media. People are starting to create self-selected social
networks of people who have the same disease. For example,
you might have a group of cancer patients, or a group of those
with heart conditions. These people can form social circles
that reinforce the positive things they can do to enhance their
health and wellness. The industry is just starting to embrace
those capabilities, but the potential is quite significant.
Patricia Brown is director of digital content strategy
Learn more at
16 CSC WORLD | SPRING/SUMMER 2013
17SPRING/SUMMER 2013 | CSC WORLD
The practice of medicine is changing, propelled largely
by new models of care. These models replace the
age-old practice of “going to the doctor” by bringing the
doctor — and other healthcare providers — to the
patient. And they do so with IT networks and systems.
Several factors are driving this transformation.
For one, the nature of disease has changed in the
Western world; many people now suffer from chronic
diseases. Fortunately, most chronic diseases are not
life-threatening, but we have to live with them every
day. For another, we’re seeing profound demographic
changes as life spans increase. As a result, we’re living
with diseases longer, and we’re vulnerable to a new
range of neurodegenerative ailments that didn’t affect
our shorter-lived ancestors.
Another factor is patient preference. People have grown
tired of the long waits common today, and they’re ready
to try new forms of interacting with medics. Yet another
factor is economics. In nearly every Western country, no
matter its healthcare economic model, costs are rising
so fast, they’re becoming unsustainable.
Taken together, these factors have created a moment
that’s ripe for change. And change is upon us, in the
form of three new models of care:
Telemedicine connects physicians and patients with
high-speed videoconferencing. This is especially helpful
for patients who live in remote areas, far from major
healthcare centers. It’s also useful for patients for whom
public transport or driving would be difficult or dangerous.
Telehealth equips patients with portable devices that
monitor their vital signs, then streams that information to
healthcare providers for monitoring. This service can be
supplemented by telephone coaching and support, and
by clinician visits to the patient’s home.
Telecare uses assisted-living technologies that alert
care-givers when there may be a patient issue. For
example, digital sensors could alert family members
whenever the patient’s house lights have been off for
by Lisa Pettigrew Blended models
These three new models of care are often
blended. This lets patients receive care from not
only their physicians, but also nurses, therapists
and other healthcare clinicians. Using these new
teleservices, patients can better understand their
treatments, monitor their medication use, get
answers to questions, and receive assistance in
navigating the system.
These new models of care deliver other benefits,
too. They help people living with chronic diseases
stay on the favorable end of the wellness–sickness
spectrum. IT-powered healthcare means more
illnesses can be managed and treated while the
patient remains at home. This also can prevent
patients from ending up in the hospital, where
they could be exposed to infections, viruses and
The new healthcare models also improve quality
of life. Those with the appropriate capabilities,
interest and social conditions can be helped to
take greater control of their medical conditions,
save time and, in many instances, stay employed
and in their communities.
CSC’s solutions empower healthcare organizations
to offer their services in new ways — and they do
so cost-effectively through innovative commercial
models that are attractive to both payers and
providers. Our 8,000 healthcare executives
work across 30 countries, managing solutions
that support more than 100 million electronic
health records. We create solutions that help
healthcare organizations mature from point-to-
point telemedicine to networked models; these
incorporate information from all consultations
into the patient’s healthcare record, making it
accessible to other clinicians.
Also, CSC’s cloud and enterprise architecture
capabilities underpin our solutions. And
our analytics capabilities enable healthcare
organizations to analyze trends for individuals and
populations, learning which services are needed,
where and when.
Lisa Pettigrew is the industry general manager for
Global Healthcare at CSC.
and Telecare: Delivering
Healthcare Directly to
Learn more at
18 CSC WORLD | SPRING/SUMMER 2013
Medical Device Firm
Grows Better Data With
Data is the lifeblood of any business. In sales, access to high-quality information is crucial to
closing deals. For global enterprises, however, the challenges of providing consistent data and
real-time access to it can be daunting.
by Jenny Mangelsdorf
In the biotech field, innovative companies that use technology
to create life-saving medical implants and devices also need
constant innovation for their critical back-end sales and
marketing processes to stay competitive.
That’s why Biomet Microfixation, an innovator in the medical
industry, chose enterprise cloud applications by Salesforce.com.
Since 2011, Microfixation has used the applications to power its
service and marketing organization. Recently, the company wanted
to improve its ability to generate real-time, accurate data and build
a stronger Salesforce foundation that it can leverage in the future.
Real-time data and analytics
CSC provided consulting, systems integration, and data
architecture and modeling services. A key goal was to give
Microfixation’s sales organization and upper management real-
time data and analytics, such as sales trends related to budgets,
forecasts and quotas.
“Our sales force was consistently requesting real-time data,” says
Kirk Brennan, Biomet Microfixation controller. “That fundamental
information wasn’t available in our existing reporting structure.
Today, users know they can rely on the accuracy of the data
being presented whenever they log in to the system.”
To ensure that Microfixation would have the talent it needed for
the Salesforce.com project, the medical innovator first looked at
“We actually interviewed several consultants for a partnership to
implement Salesforce and selected CSC because of the depth of its
technical talent — both the scope of team members the company
has globally and its technical competency,” Brennan says.
CSC has deep Salesforce.com expertise, including with the
application’s foundational aspects, overall architecture and the
operation of its data model. These skills were essential when
helping Microfixation improve its data integration processes.
For example, in the past, making minor changes to the integration
process between Salesforce and Microfixation’s back-office
system took a great deal of work. Now, adding fields and
migrating new data takes only a few minutes.
“A lot of the integration we performed was very complex,” says Jeff
Selander, CSC’s North American Salesforce.com Practice director.
“Through the integration and data model work we did, we’ve now
positioned Microfixation in a place where they can begin to realize
the real return on investment that’s embedded in Saleforce.com.”
Before CSC began the
Salesforce project, when the
sales team needed data, the
team members would have to scroll
through page after page of numbers, with
subjects such as accounts, territory and region
each having more than 150 fields. CSC has created
custom visual pages that collapse lengthy data into a
single view that shows salespeople the financial details they
need. Because of custom visualization work like this, 90% of
Microfixation’s salespeople now report that the system is easy
to use — compared to 30% who thought so earlier.
“They really like this capability, because instead of scrolling
and scrolling through numbers, they can open an account and
instantly see sales numbers in a way they want to see them,”
says Selander. “It also performs a lot of the calculations they
want that the standard Salesforce.com application wouldn’t
let them do.”
Automating data entry
CSC also provided systems integration services — transforming,
for example, what was previously a manual process to upload
data. Now Microfixation can automatically upload data covering
the complete sales cycle, from the moment contact is made to
the time a product is delivered to a customer.
18 CSC WORLD | SPRING/SUMMER 2013
19SPRING/SUMMER 2013 | CSC WORLD
Before the process was automated, data was uploaded daily.
Today incremental data loads run hourly, with full loads consisting
of a million rows of data running every three hours. By automating
the data-transfer processes, Microfixation has been able to reduce
the opportunity for potential errors and reassign IT staff to
strategic projects. The sales team’s Salesforce adoption rate has
also increased from 40% to 85%.
In the past, Microfixation had to wait and process its full data
loads during the weekend. Now, the medical innovator can
process data whenever it wants without affecting user groups; if
needed, it can even speed the hourly load processing to run every
Salesforce.com has also enabled Microfixation’s sales to become
more mobile. Previously, the sales team, which serves clients
throughout the world, had to rely on PC-based email for data.
With Salesforce, Microfixation’s staff can access data on tablets
Microfixation aims to drive innovation in the medical industry,
and is committed to its customers — a trait shared by CSC. “We
want to make sure our customers have a solid understanding
of the systems we’ve worked on before we leave so they can
continue to excel going forward,” says Selander. “When
a customer wants to take on the next set of complicated,
intricate issues that require multiple disciplines,
CSC will be ready to assist again.”
“CSC very explicitly stated when we started this project that they
prided themselves on transferring that knowledge,” says Brennan.
“Our IT department has shown a significant increase in its ability
to support our users’ needs.”
Besides transferring technical knowledge and developing a stable,
custom Salesforce.com foundation, Microfixation also looked to
CSC to provide consulting services and build a roadmap that the
company could follow beyond the current project.
“That vision that CSC helped provide was a big reason why we
partnered with the company,” says Brennan.
Through laying this new foundation and building a roadmap,
Microfixation can take Saleforce.com to the next level, and
gain an even greater return on its investment by leveraging
capabilities embedded in the application, such as opportunity
management, campaigning, marketing and inventory control.
“This foundation will allow Microfixation
[to accomplish] really game-changing
sales and marketing innovations in the
future,” says Selander. “Already they can do
a whole lot more, and later they’ll be able to
leverage this platform for advances they’re not
even contemplating yet.”
Jenny Mangelsdorf is a writer for CSC’s digital
Client: Biomet Microfixation
• Provide sales team with convenient and current data
• Give upper management and key stakeholders accurate
• Offer international sales team a real-time mobile
• Deep Salesforce.com expertise
• Dedicated systems integration and consulting experts
• Proven data modeling and architecture services
• A stable Salesforce.com foundation and roadmap
for future innovation
• System scalability increased from 40% to 80%
• User adoption increased from 40% to 85%
• Real-time accurate sales data available on PCs
and mobile devices
• Automated data transfer, reducing potential errors
and relieving personnel for strategic activities
Learn more at
20 CSC WORLD | SPRING/SUMMER 2013
What’s more, FATCA — the Foreign Account Tax Compliance
Act — may be just the tip of the iceberg. Governments around
the world recognize the opportunity to secure tax revenue, and
we could see FATCA-like legislation on a global scale. Financial
institutions must be ready for a wave of regulations, and that
requires having the systems and processes in place to deal
FATCA does have a tax withholding component, but it’s all
about transparency, said Rob Limerick, managing director
for global information reporting at PricewaterhouseCoopers,
in a recent online CSC Town Hall. “Its real goal is to generate
reportable information to the IRS, so that they can track U.S.
taxpayers that may have accounts overseas.”
“FATCA is really setting the trend for transparency in
global tax reporting,” said Claudia Haberland, global FATCA
program manager for financial services governance, risk and
compliance at CSC. In the Town Hall, she pointed out that
there are hundreds of related initiatives around the world. The
efforts could lead to a multinational platform where different
countries can exchange tax information.
In fact, many countries want to take a step further: to not only
exchange information, but also to help collect unpaid taxes —
which means we could see a global enforcement regime. “That
[possibility] should not be underestimated, as many countries
are in need of tax money, as we know,” Haberland said.
The U.S. government continues to look for
ways to prevent anyone from not paying
their fair share of taxes. A big piece of this
effort is FATCA, a law designed to improve
tax reporting on foreign financial assets
and offshore accounts — and the burden of
these regulations will affect every financial
by Jeff Caruso
How to respond
Financial institutions, already under pressure to comply with
recent regulations, will have to look at systems to cope with
FATCA — but will also have to look beyond.
“Don’t just look at FATCA, but look at all of the things that
are going to happen over the next couple of months,” said
Christophe Lesieur, global practice lead for financial services
governance, risk and compliance at CSC. “Anticipate those
market moves coming up on you. You can define a target
operating model — looking at business lines, looking at
business structure and so on, and then elaborate a kind of
One approach would be to use a service provider in an as-a-
service model. “For small companies to spend a whole lot of
money, time and resources and build the functionality in their
own environment may not actually be the best way,” said
Shyamal Sen, partner and global lead for financial services
consulting solutions and technologies at CSC. Meanwhile, large
companies may have the resources, but “it is about cost and it
is about time to market,” he said.
Certainly, financial institutions that can stay on top of the
regulations will have an edge — and they have to act fast, as
FATCA goes into effect on Jan. 1, 2014.
JEFF CARUSO is senior managing editor for CSC’s digital
Listen to the full 60-minute recorded
Town Hall and a 5-minute sound bites
The GATE Way
To help financial institutions deal with FATCA in a way
that minimizes disruptions and costs, CSC offers a
comprehensive, long-term strategy through its Global
Administration of Tax Enquiries (GATE) software and
CSC GATE’s scalable enterprise tax compliance framework
provides a cost-effective way to meet FATCA regulations
and rapidly adapt to future tax requirements. Compatible
with major financial reporting platforms, the CSC GATE
rule- and process-driven software bridges silos in your
legacy estate to categorize affected customer accounts,
both existing and new, and calculate the appropriate
potential tax withholding.
It also generates reporting for governmental, internal and
customer stakeholders and is prepopulated with the rules
for FATCA compliance. Additional countries’ reciprocal
tax information exchange agreements can be added
Get more information on CSC’s FATCA-related
IT offerings: csc.com/csc_gate.
21SPRING/SUMMER 2013 | CSC WORLD
Cloud-driven change is affecting how processes are managed,
how IT investment is handled, and how costs are allocated. The
biggest changes are not those related to IT but to mind-set and
behavior. The journey to an entirely virtualized, cloud-delivered
IT environment may be long and complex, but it is possible to
monetize benefits if a cloud strategy is executed with care.
A new world of customer service
First, the cloud enables new approaches to customer service.
Banks and insurers need to become much more responsive.
The key factor is building closer customer relationships,
understanding customers more deeply and achieving maximum
value from each relationship.
Cloud is also changing the way financial services companies
approach risk management. It is no longer appropriate to
make complex risk calculations about future big bets when it
is becoming easier to try new ideas in real time, and simply go
with those that work.
Cloud can help the most in these areas:
• Rapid product development: Cloud-based test environments
can be set up in minutes, making it possible to try out
concepts at high speeds and low cost.
• Mobile and multichannel
services: Complex and real-time
services can flourish in the cloud, such as
transforming customer service environments to
• Apps stores: In a world of customer mobility, once a
virtualized service layer is embraced, it is much
easier to add components.
• Social media: This can include a peer
group review of services, leading to better-
informed customers and more proactive
relationships with them.
Banks and insurers have a wide range of
operational issues to deal with, from
capital adequacy to business continuity,
and the cloud enables a new world of
operational efficiency. By creating a
cloud-based layer on top of the
existing core infrastructure, it is
possible to move faster in creating and
implementing services, while continuing
to push down costs.
After five years of crisis, financial services
companies have become used to dealing
with a new operational reality. Major
changes are happening in client-supplier
relationships, and traditional business
models are under intense pressure as a
result of cloud-related strategies.
by Brian Wallace
Services on demand
The move to purchasing services on demand represents one
of the most important strategic changes the financial service
industry has ever seen. Yet there is one more element of change
that also plays its part in making cloud a practical tool for
achieving performance breakthroughs in banking and insurance:
Cloud can drive innovation by enabling:
• Global delivery models: Virtualized environments can be
moved quickly to delivery centers around the world, making it
easier to centralize business and gain access to the lower cost
that offshoring offers.
• Business-focused SLAs: The ability to flex and scale services
to reflect user demand enables more accurate contractual
arrangements, based on measurable results.
• Flexible payment methods: It is natural for costs to reflect
usage, leading to a move away from traditional, license fee
payments for software, as well as standard maintenance costs
• Commoditization: Profit margins are thin in many key product
areas, making it essential to find ways to reduce development
and delivery costs.
The ability to develop and deliver simple — yet
targeted — products and services to
millions of people on a semi-
automated basis is a
to a large-scale
move to the cloud
are significant and
must be dealt with in a
systematic way, but the
business advantages to
banks and insurers of embracing cloud are
HOW CLOUD IS DISRUPTING
Brian Wallace is a principal technologist in CSC’s
Financial Services group.
Learn more at
22 CSC WORLD | SPRING/SUMMER 2013
5The effective use of business intelligence (BI) can give
companies a distinct advantage over their competitors.
Delivering timely information to key decision makers can be
accomplished via the deployment of a well-designed and well-
maintained BI dashboard.
BI dashboards deliver numerous benefits to enterprises.
Companies can achieve significant cost savings by adopting
performance dashboards, because they allow for better
decision making by giving management recent or even live
information. Additionally, by consolidating disparate reports
via a BI dashboard, companies save money by reducing or
by Sanjiv Koshal
1. Customer Value
This dashboard displays the results
of data ingested by an analytic
model that assesses the value of the
customer to the company, ranked
against other customers. On this
dashboard, customers are grouped
based on income, age, product and
other segments. The analytic model
estimates a customer’s expected
value in dollars over a period of time.
2. Churn Analysis
This dashboard uses information
about customers who have already
left the company or who have
dropped services. The underlying
correlation model estimates the
probability that a customer will
churn or defect, using terms such as
attrition (leaving), renewal (staying)
and retention (retaining). Scores are
attributed to customers to rank the
need of business intervention.
3. Buying Analysis
With this analysis companies can
be guided about what products to
offer to their prospective or existing
clients, depending on the customer’s
demographics and/or existing
products owned. This dashboard’s
results are driven by a model that
features a data mining algorithm
that provides association rules to
estimate which products a customer
may purchase, given past purchases.
3 Types of BI Dashboards
23SPRING/SUMMER 2013 | CSC WORLD
Key performance indicators (KPIs) displayed on the
dashboard need to reflect strategic and tactical value
drivers. KPI selection is probably one of the most important
aspects of a dashboard build-out. KPIs should reflect the
strategic value drivers defined by the executives of the
company and should be based on corporate standards,
backed by valid, easy-to-comprehend data. KPIs are the
link between strategy, its execution and performance
management. CSC is convinced that an integrated
enterprise intelligence framework should be supported
by a well-defined set of KPIs.
An enterprise BI platform should be established
that integrates disparate data sources to achieve
consistent information. Those charged with maintaining
the dashboard should streamline the processes for
gathering and processing the data to ensure the timely
display of critical information.
Dashboards should employ a consistent user interface,
with matching color schemes and summary information
that is standardized across the enterprise. Standardization
and consistency are important for user acceptance and
the long-term sustainability of performance dashboards.
Dashboards should also be interactive and designed to
give users the ability to drill up and down, filter data and
take a guided analysis path to access detailed reports.
Dashboard designers should provide a rich visual interface
and use proper design paradigms that enhance the end-user
experience. In designing the dashboard, following the “rule
of 7” for visualization is important. Cognitive research has
shown that the average human can keep seven objects in
memory at once, so no more than seven objects should be
present on a single dashboard screen.
5Know Your Audience
The typical audience for dashboards ranges from C-level
executives to vice presidents of finance, human resources
managers, and directors in compliance and supply chain
departments. Constantly get feedback from your audience to
keep improving the quality of metrics and the presentation of
Common uses of dashboards are to manage exceptions, reduce
manual administration work, improve organizational alignment,
respond to business changes faster, and enable rapid problem
detection and escalation. A top priority is to build a dashboard
that can be leveraged by executives so they can take quick
action to achieve specific strategic goals.
Additionally, with dashboards available on mobile devices,
business executive and operations teams can improve their
decision making and productivity when working remotely, by
accessing strategic and operational information about financial
figures, customer orders and product performance, etc.
SANJIV KOSHAL is practice lead, Financial Services Big Data
and Analytics at CSC.
Learn more at
Gaining competitive advantage
Decision makers within an organization rely on BI dashboards
to make strategic and tactical decisions. Above all, it is
imperative that these dashboards provide them with timely and
reliable information. Maintaining and enhancing a BI dashboard
ensures that the decision makers can use them to make
effective decisions that translate to a company’s competitive
advantage in the marketplace.
BI dashboards have been in existence for decades, and the
recent explosion of big data and analytics has made them
more indispensable than ever. Performance dashboards are
used to synthesize information and present it in a way that
is easy to digest. When deployed properly, BI dashboards
can gauge a company’s performance and measure it against
For organizations to maximize their usefulness, BI dashboards
should include the following:
24 CSC WORLD | SPRING/SUMMER 2013
by David Moschella
Over the past 50 years, the growth of the IT industry has
been driven by the relentless rise of the “next big thing” —
mainframes, minis, PCs, LANs, Web, mobile, social, Software as
a Service, cloud and so on.
Each era has successfully established a new platform — a
combination of hardware, software and communications
that expands the foundations upon which useful information
systems can be built.
But curiously, in each era it has been the “T” in IT that has
received top billing. New technologies and the suppliers behind
them have captured most of the public’s imagination, with the
implicit assumption that the “I” would eventually come along for
the ride. It usually has.
25SPRING/SUMMER 2013 | CSC WORLD
Today, this dynamic is changing. The next big thing is now
information itself. Whether we are talking about big data,
unstructured data, open data, user-generated content, data
sciences, data at the edge, or the data-driven corporation, the
emphasis is shifting to the “I” in IT.
This isn’t just happening in business, but in areas of high societal
interest, such as the use of analytics in sports and last year’s
U.S. presidential election; the computer models that accurately
forecast Superstorm Sandy; and the role of Google in trying to
track the spread of the flu and other epidemics.
Our ability to use data to better see and understand the outside
world is now improving rapidly.
The future of data
However, in the Leading Edge Forum’s latest report, on the
evolving future of data, we found that while there is clearly
great promise in being able to use technology to identify
patterns in vast databases, track real-time conversations and
trends, deploy smart devices, and develop new data-driven
business models, not everyone is fully on board. We were struck
by the schism within today’s IT community.
The big data, open data and data science communities speak
in revolutionary — even utopian — terms about the power of
new and better information and algorithms to answer previously
unanswerable questions. Companies such as Google, Amazon,
Facebook, Netflix, Twitter, LinkedIn, Bitly, Intuit, Zillow, Kaggle
and many others have access to unprecedented amounts and
types of data that they will surely turn into important new
forms of value.
But many CIOs, well-versed in the history and challenges of
customer relationship management (CRM), data warehouses
and other business intelligence systems, tell us that long-
standing information management concerns such as integration,
architecture, governance, security and the high costs of
enterprise resource planning (ERP) are still dominant in their
firms. Interest in new data uses is typically of secondary
importance, and these areas are often led by other parts
of the firm.
Developing a balanced data perspective
Clearly, data is not the only path to business success. While
Google — with PageRank, AdWords and Trends — is a great
example of the power of new data-driven business approaches,
Apple has flourished by eschewing traditional information-
gathering practices, and relying on its own instincts, know-how
Less obviously, there are two additional patterns.
First, while there are a great many interesting new data uses
in the market, there seems to be a shortage of low-hanging
fruit — the obvious early adoption examples. Previous eras of IT
have all had core, driving applications, such as word processing,
spreadsheets, email or search. The lack of these cross-industry
applications in big data means that every firm will have to
find its own way forward. This suggests steady, but less than
Second, perhaps because of the extraordinary progress in the
Hadoop community, the IT industry may be confusing big data
with the idea that data is big. In other words, the size of the
database is often less important than the novelty of the use.
Many advanced data applications — such as location-aware
smartphone apps, linked and open data, specialized edge
devices and the “Internet of Things” — do not necessarily rely on
petabyte databases; they simply leverage data in innovative and
useful ways. Such “small data” uses typically affect customers
directly, and thus often have powerful market implications.
Organizations should seek a balanced data strategy,
experimenting with the potential of new big data systems, while
realizing that novel uses of data at the edge — what we call
small data — will often prove equally or even more important.
By taking such an approach, firms can seek to put the “I” back
into IT, and be leaders not just in technology deployment, but
in using data — big and small — to make their firm both more
competitive and better prepared for the data-driven customers,
marketplaces and organizations of the future.
David Moschella is global research director for CSC’s
Leading Edge Forum, a global research and thought leadership
This story was originally published by ComputerWeekly, on
April 22, 2013.
The IT industry may be confusing
big data with the idea that data is
big. In other words, the size of the
database is often less important
than the novelty of the use.
Download the executive summary
from our Future of Data report at
26 CSC WORLD | SPRING/SUMMER 2013
Many organizations face a dilemma: The number of cyberattacks against their IT
assets continues to grow, while their IT budgets continue to remain flat. Unable to
add significant resources to combat the attacks, they’re looking to managed security
services as a way to get more bang for their buck.
Companies in the United States lose about $114 billion a year from cybercrime — and that
number is more like $338 billion when you factor in the costs of downtime caused by
cybercrime, according to Gen. Keith Alexander, director of the National Security Agency
and commander of the U.S. Cyber Command. As reported by Foreign Policy magazine
last year, Alexander called the losses “the greatest transfer of wealth in history.”
The incidents at U.S. federal agencies are staggering. The latest figures from the U.S.
Government Accountability Office show that the number of cyber incidents reported
by those agencies has swelled from 5,503 in fiscal year 2006 to 48,562 in fiscal year
2012, a 783% increase. Of the incidents reported in 2012, 20% were related to improper
usage, 18% were malicious code, 17% involved unauthorized access, 7% consisted of
scans and probes, and the remainder were still under investigation at the time of the
March 2013 report.
Meanwhile, organizations of all kinds are facing a range of security challenges. In
a recent survey by IDG Research, 57% of IT executives named mobile clients and
unmanaged devices as one of their top security challenges for the next 12 months.
While that was the most common concern, other commonly cited challenges included
the increasing sophistication of attacks, controlling access to end-user data, and
securing virtual environments.
The Case for
by Jeff Caruso
27SPRING/SUMMER 2013 | CSC WORLD
2100%increase in reported cyberattacks
from 2009 to 2011 on companies
that manage critical infrastructure.
Those same IT executives cited budget as a key concern, with
40% saying that controlling IT security costs would be a challenge
for them over the next year. At the same time, 32% said that
their organization didn’t have the security experts or skill sets
necessary to handle security effectively.
CIOs’ IT budgets have been flat to negative since 2002,
according to Gartner. After a recent study of more than 2,000
CIOs, the research firm determined that CIO IT budgets will
likely decline slightly in 2013, with a weighted global average
decline of 0.5%.
This has forced many organizations to get creative with their
IT dollars, and in the realm of cybersecurity, this increasingly
means looking at managed security services. Providers of these
services are able to attain economies of scale and provide
better security for the same cost.
In the IDG Research survey, 67% of the IT executives cited cost
reduction as a “critical” or “very important” benefit of using a
managed security service provider (MSSP), and another 66%
said the provider could drive operational efficiency.
Interestingly, however, cost reduction wasn’t the most-cited
benefit. Instead, a full 76% thought that such a provider could
offer improved security effectiveness, and 70% cited enhanced
knowledge sharing as a critical or very important benefit.
Another 68% said the providers would give them access
to specialized skills, and 66% said they expected enhanced
In other words, the bang is at least as important as
the buck. And respondents to the IDG Research survey
acknowledged that managed security service providers
can do a lot of things better than internal security
professionals. Three-quarters of the respondents rated
their IT security organizations’ ability to secure the
perimeter as excellent or good, but only about half
would say the same about their ability to maintain
real-time awareness of the changing threat landscape
or to correlate security events in real time to
As a result, about 30% of the respondents said
they would be likely to start using a managed
security provider within the next year. About
9% already do. As IT security continues to be a
high priority for all organizations, the appeal of
managed security services is bound to remain
high as well.
JEFF CARUSO is senior managing editor
for CSC’s digital marketing team.
OF RESPONDENTS CITED
57%MOBILE CLIENTS AND UNMANAGED DEVICES
AS THE TOP I.T. SECURITY CHALLENGE.
1/3OF RESPONDENTS THINK THEY ARE
LIKELY TO START USING AN MSSP
E MSSPS PROVIDE THESE VERY IMPORTANT OR CR
REspondents believe managed security
services providers provide these very
important or Critical benefits:
Learn more at
28 CSC WORLD | SPRING/SUMMER 2013
Until recently, when thinking about cybersecurity, nations primarily worried
about theft — of data, identities and knowledge. Today, official concern has
broadened as hackers increasingly attempt to disrupt and destroy critical
infrastructure and foreign governments consider how cyberattacks can
be used as part of their integrated approach to exercising power.
In February, President Barack Obama issued an Executive Order and
Presidential Policy Directive aimed at reducing the risk of cyberattacks
on U.S. critical infrastructure. Although the public and private sectors
have been working in recent years to strengthen cybersecurity, protecting
today’s Internet-enabled and increasingly connected infrastructure and IT
systems involves more than one entity, agency or organization.
The President’s Order and Directive, which aim to improve system and network
security and resiliency, encourages greater public-private collaboration. They also
include deliverables and possible regulatory actions that, most importantly,
apply to numerous private industry sectors that own and operate critical
While the Order and Directive are linked in goals, each
is different, and it’s important to understand how each
affects owners and operators of critical infrastructure, as
well as federal agencies.
The Order directs increased federal distribution of
cyberthreat information and the development of a
Cybersecurity Framework that can be used to reduce
cyber risks to critical infrastructure. The Order
also mandates a review of existing regulation to
determine what gaps, if any, exist, and what must
be done to create useful standards to safeguard
the cybersecurity of critical infrastructure.
The Directive, which updates the previous
Directive issued in 2003, establishes national
policy on critical infrastructure security,
expanding the previous policy’s definition
of threats from solely physical to include
Mandateby Samuel Visner
29SPRING/SUMMER 2013 | CSC WORLD
Identifying critical sectors
Because the Directive expands the definition of hazards, a
number of initiatives will be updated. For example, the National
Infrastructure Protection Plan Partnership Model, which
describes critical infrastructure sectors and accompanying
federal sector-specific agencies, is evaluating the existing
partnership model to determine if it needs to be changed.
The Directive has already identified 16 critical sectors and
designated associated federal sector specific agencies for each
of the sectors. These sectors themselves are broad and include:
Chemical, Communications, Critical Manufacturing, Dams,
Defense Industrial Base, Emergency Services, Energy, Financial
Services, Food and Agriculture, Human Services, Healthcare
and Public Health, Information Technology, Nuclear Reactors,
Materials and Waste, Transportation Systems, and Water and
Wastewater Systems. Owners and operators will be notified if
they have been designated as part of the critical list and, for
the first time, will have an opportunity to say if they think that
decision is incorrect.
Under the Directive, the Secretary of Homeland Security will lead
the identification effort and work with owners and operators
in regards to significant cyber or physical incidents. The
Directive has three strategic goals aimed at improving functional
relationships, information exchange and operations decisions.
A guide to managing risk
As the Secretary of Homeland Security focuses on the
Directive, through the Executive Order, the National Institute
of Standards and Technology is coordinating development of
the Cybersecurity Framework. The final product, which is due
no later than Feb. 12, 2014, will include a collection of standards
and processes, and advice on how to use them in different
circumstances, to help operators and owners better manage risk.
Building secure ecosystems that go all the way from the mobile
device in someone’s pocket to the programmable logical device
that’s embedded in a power plant turbine, pipeline or air traffic
control system is the next big challenge. The Cybersecurity
Framework may be the launching point for meeting that
challenge and the development of really secure architectures.
Besides the Framework, the Order and Directive’s deliverables
range from instructions to produce timely cyberthreat reports
to reports on whether agencies have the authority to establish
requirements based on the Framework. As CSC leaders
provide input to the Framework’s development, we expect to
understand who will be impacted, and how, so we can help our
clients apply cybersecurity requirements that flow to them.
Incentives and mandates
Under the Order, the Secretary of Homeland Security, along
with sector-specific agencies, will establish a voluntary
program for critical infrastructure owners and operators to
adopt the Framework. The Secretary will also coordinate the
establishment of a set of incentives to promote participation.
Agencies clearly anticipate wide adoption of the Framework
and, as the Order talks about the possibility of further
regulatory actions, the various critical infrastructure sectors are
For owners and operators of critical infrastructure, and the
organizations that work with them, the Executive Order and
Presidential Policy Directive’s deliverables may affect their
industry or organization’s operations.
The clock has started; agencies are already engaged, working with
their sectors, and some deliverables will be due soon. The preliminary
version of the Cybersecurity Framework is due by October; the list of
“Critical Infrastructure at Greatest Risk” is due by July.
Organizations should pay attention to these deadlines so they
can prepare for new requirements and potential associated
adoption costs, and can take advantage of more accessible
threat information and new tools in the Framework to
strengthen their infrastructure.
They should also look for advice from cyber experts, like
CSC, that have deep legacies in public-private partnerships
and are involved in helping develop the new Cybersecurity
Framework. Organizations should look closely at the various
industrial control and related systems used to manage the
infrastructures they own and operate; some of these are
legacy systems designed before today’s more challenging
cybersecurity environment. They should consider what
enterprise-level strategies and approaches they need to meet
these cybersecurity challenges.
Through our long history of securing many of the world’s most
important systems, we have insight into what works and what
doesn’t. We have devoted our own R&D resources to deal
with weapons-grade threats against which most commercial
cybersecurity technology is largely ineffective. We also know
more than most about the IT that’s used in public and private
sectors, ranging all the way into industrial control and SCADA
systems, and the threats to both.
Just as NIST is looking to the private sector to help develop
the new Framework, organizations are increasingly turning
to trusted partners for cybersecurity support, evidenced
by surveys, such as ASDReports, which says the global
cybersecurity market will be worth more than $68 billion this
year. Today, no one can safeguard their operations entirely on
their own and organizations need to begin aligning themselves
with partners who can help address current and future
challenges and build resiliency.
Samuel Visner is vice president and general manager,
cybersecurity, at CSC.
Download the Executive Order and Presidential Policy
Directive white paper at csc.com/executive_order.
Learn more about cyber threats and protection at
30 CSC WORLD | SPRING/SUMMER 2013
From public to private to community,
clouds come in different shapes and sizes.
Lately, many organizations are turning to
hybrid solutions that can be tailored to
meet the needs of any enterprise.
Hybrid clouds give organizations the
opportunity to meet unique requirements.
Start with the privacy and security of a
private cloud, which offers a dedicated
compute environment for a single
organization. Next, add the massive
scalability of a public cloud, where the
infrastructure is leveraged across many
TO BELIEVE IN
3by Jim Battey