1. DIGEST
CIOCIOSTRATEGIES AND ANALYSIS FROM SYMANTEC
APRIL 2013
LAYING
TRACKS OF
PROTECTIONTim McIver, Christina Stallings, and Dan Parks
CSX Technology I Page 20
BUSINESS CONTINUITY AND DISASTER RECOVERY IN THE WAKE OF SANDY I PAGE 14
Integrated
Data Protection
Appliances:
6 Use Cases
Page 28
Big Data Without
Big Headaches
Page 36
2. Press Play to Innovate
Introducing SymantecTV
Press Play – Go Ahead.
One simple gesture will give you instant access to 100’s of titles
giving you insight and innovation from industry experts on how
to solve some of the toughest problems facing IT today.
Press play at symantec.com/tv
3. FEATURES
CASE STUDIES
3
26
SPECIAL FEATURE
[ COVER STORY ]
Laying the Tracks of Protection
Crisscrossing IT and the business is propelling
CSX Transportation into the Digital Age. Protecting
information is a top priority for CSX—from the
trains, to the data center, to the endpoint.
By Patrick E. Spencer
14
In the Wake of
Superstorm Sandy
Business continuity and
disaster recovery assume
new meaning.
By Patrick E. Spencer
Big Data Without
Big Headaches
Three strategies that take
advantage of big data to ensure
successful decision making.
By Mark Mullins
28
The Integrated
Swiss Army Knife
Six use cases that capitalize
on the next wave of data
protection: integrated
backup, storage, and recovery
capabilities in one appliance.
By Patrick E. Spencer
36
[ From the CEO ]
The New Symantec 4.0
A revolution has arrived;
what this means for Symantec.
By Steve Bennett
[ Upload ]
> Trends
> Symantec Chronicles
> Book Reviews
[ THINK TANK ]
Take a Little, Leave a Little
Moon Lim Lee demonstrated
that leaders are not defined
by their work but rather
define their work.
By Patrick E. Spencer
20
48
IT Speed Wagon
Citizen-focused alignment
delivers sustained results
for the City of Lansing.
By Patrick E. Spencer
4
10
CONTENTS
APRIL 2013
IN EVERY ISSUE
42
Employing IT
Infrastructure foundation
becomes value proposition
for Spanish Public
Employment Agency.
By Patrick E. Spencer
Cover Photo by Michael Brunetto
4. Visit us online at www.symantec.com/business and take
advantage of a world of resources to help you have confidence
in your connected world.
About Us
Corporate profiles, management team, investor
relations, careers. It all starts right here
www.symantec.com/about
Partners
Find the perfect partner to help you manage
your IT needs
www.symantec.com/partners
Enterprise Solutions
Software, services, and solutions to manage
your most valuable assets: your information
www.symantec.com/solutions
Internet Security Threat Report
In-depth analysis and information on the
latest vulnerabilities and threat vectors
www.symantec.com/threatreport
Symantec Connect
A technical community to help your IT
team keep your systems up and running,
no matter what
www.symantec.com/connect
Symantec.cloud
The world’s best security and management
solutions are now available in the cloud
www.symantec.com/saas
Podcasts
For people on the go, podcasts deliver news,
product information, and strategies you can
use www.symantec.com/podcast
Book Smart
Symantec Press offers a variety of executive,
enterprise, and consumer titles
www.symantec.com/symantecpress
Information Unleashed
Perspectives on protecting information
www.symantec.com/social/pr-blog
Customer Success
See how others in your industry
succeed with Symantec
www.symantec.com/customersuccess
Events
Our events calendar
www.symantec.com/events
Education Sevices
Maximize your IT investment with
a skilled, educated workforce
www.symantec.com/education
Managed Security Services
Complete, cost-effective security
managed response services
go.symantec.com/managedservices
DeepSight Security Intelligence
Prevent attacks before they occur with
timely and relevant threat, vulnerability, and
reputation intelligence
go.symantec.com/deepsight
Webcasts
From endpoint security to information
management, storage to security, and
everything in between
www.symantec.com/webcasts
2 CIO Digest April 2013
CIO Digest Facebook Page
Readers with Facebook accounts
can now connect and share ideas
with the CIO Digest editorial
team, receive notification of each
new issue, and more. Sign up as
a Facebook friend of CIO Digest
today at go.symantec.
com/ciodigest_facebook.
CIO Digest Goes Mobile
Download the FREE CIO
Digest apps from the
Apple iTunes, Google
Play, and Amazon Kindle
stores at go.symantec.com/
ciodigest-itunes, go.symantec.
com/ciodigest-android, and
go.symantec.com/ciodigest-
kindle.
CIO Digest Wikipedia Entry
Check us out at en.wikipedia.org/
wiki/CIO_Digest.
Twitter
Tweeting on everything from
new CIO Digest articles, research
reports, podcasts, webcasts, white
papers, customer successes, user
groups, and more, the Symantec
Publishing Twitter account
keeps Symantec customers and
partners up to date. Follow the
tweets at http://twitter.com/
SymPublishing.
LINKEDIN
Exchange tips and strategies
with peers by joining the
CIO Digest group on LinkedIn
at go.symantec.com/ciodigest_
linkedin.
Social Network
CIO
RESOURCESSYMANTEC
5. Publisher and Editor in Chief Patrick E. Spencer, Ph.D.
Managing Editors Alan Drummer, Ken Downie,
Mark Mullins, Courtenay Troxel
Managing Editor, Book Reviews Patrick E. Spencer
Design Director Joy Jacob
Contributing Writers Mark Mullins, Patrick E. Spencer
Circulation Manager Bharti Aggarwal
Web Producer Laurel Bresaz
Podcast Producer Jon Eyre, Stacia Madsen
Subscription Information Online subscriptions are free to indi-
viduals who complete a subscription form at www.symantec.com/
ciodigest/subscribe.
Magazine Subscription Customer Service For change of email
address, please email us at ciodigest_editor@symantec.com. To
unsubscribe, please visit go.symantec.com/ciodigest-unsubscribe.
After the CEO change occuredhere at
Symantec last July, we needed to start with a clean
slate and create a brand new strategy for the company
that made sure we’re delivering value to our customers,
partners, employees, and investors. I went on a listening
tour around the world, meeting with many of our
customers, partners, and investors,
as well as analysts and government
officials. In January, we announced our
new strategy—Symantec 4.0.
As we move forward on execution,
we’ll focus more resources on research
and development. We’ll make sure
that our products offer best-of-breed
protection and are tailored to each
customer’s specific needs. Our new
offerings will be broader in scale and
better integrated, targeting the highest-value needs of
our customers and partners. We’ll also streamline and
simplify our internal processes so that our employees
can do their jobs more efficiently and effectively.
The world is changing too quickly for us to take
incremental steps toward meeting our customers’
needs. That’s why we said during our January 23rd
announcement that Symantec 4.0 is a revolution, not
an evolution.
The New Symantec 4.0
Symantec Marketing
Chief Communications Officer Harry Pforzheimer
Vice President James Rose
Privacy Policy Symantec allows sharing of our mail list in accordance with our corporate privacy policies and applicable laws. Please visit
www.symantec.com/about/profile/policies/privacy.jsp.
CEOFROM THE STEVE BENNETT
As the digital landscape expands and the line between
consumers and businesses blurs, the information
security battleground expands too. Symantec has always
been driven by a mission to protect people’s information.
We play an important role in the world, and our company
is all about coming to work every day, enabling people,
businesses of all sizes, and countries to protect and
manage their digital information so they can spend their
time and energy achieving their aspirations.
Origination of the railway era in the United States—
a major force behind the Industrial Revolution and the
country’s westward expansion—can be traced to CSX
Transportation. This issue’s cover story explores some
of the ways CSX is barreling down the tracks into the
Digital Age with the help of technology. The issue also
includes some timely features on topics that include
business continuity and disaster recovery in the wake
of Superstorm Sandy, six use cases for data protection
appliances, and three strategies on how to protect your
big data. It is truly an exciting time—for Symantec and
our customers and partners—and we welcome what the
future holds.
Regards,
Steve Bennett
CEO and Chairman of the Board
Symantec Corporation
6. 4 CIO Digest April 2013
[ Algorithm Agility
Announcement ]
New updates to Symantec’s
Website Security Solutions
portfolio were announced
in February. The updates
focus on protecting compa-
nies, meeting compliance
requirements, improving
performance, and reduc-
ing infrastructure costs.
Included in the announce-
ment are the first-available
multi-algorithm SSL certifi-
cates with new ECC and DSA
options. For more informa-
tion, visit go.symantec.com/
wss-algorithm.
[ Information Retention
and eDiscovery Survey ]
The findings of a “2012 Infor-
mation Retention and eDis-
covery Survey” by Symantec
found that the percentage
of organizations without
a formal information and
retention plan dropped by
half from the previous year.
However, despite this positive
news, only one-third report
their plans are fully opera-
tional. More concerning is the
fact that discovery requests
for information go unfulfilled
31 percent of the time (with
an average of 17 requests
received per organization in
2012)—and this increased
from the 20 percent reported
in 2011. For more informa-
tion on the findings of the
survey, visit go.symantec.
com/retention-survey-2012.
UPLOADTRENDS I SYMANTEC CHRONICLES I BOOK REVIEWS
Symantec CHRONICLES
I
t is difficult to fathom the full extent of the Internet.
Recent data indicates that today there are more than
five billion Internet-enabled devices that access or
serve up 500 billion gigabytes of information and trans-
mit 2 trillion emails per day.
But along with the huge successes wrought by the
Internet has come an explosion in threats. Seventy-five
percent of email traffic is spam, an equivalent of 1.5
trillion messages per day. An average of 8,600 new web-
sites with malicious code are created daily, and every
minute produces 42 new strains of malware.
To address these trends, Tim Laseter and Eric
Johnson argue in a strategy+business article that the
best way to drive improvement in information security
is to use lessons of manufacturing quality from the late 20th
century.* Just as quality control emerged as a boardroom-
level discussion, information security
must come out from the back office and
become a boardroom issue. The two
authors simultaneously point out that
most IT leaders implement piecemeal
information security solutions that,
individually, provide little protection.
Because of Six Sigma, expectations regarding product
quality have dramatically shifted over the past 40 years; con-
sumers and organizations expect products to work flawlessly
today. Laseter and Johnson contend that the same expecta-
tions should exist for information security, revolving around
confidentiality, integrity, and availability of information.
To attain this objective, the authors posit that the
same concepts that drove quality control should apply
to information security. Namely, just as quality control is
free because the time and budget that goes into delivering
a flawless product offset the costs of failing to do so, the
investment in ensuring information security offsets the
time and budget needed to protect information.
And as with quality control, information security is no
longer simply the responsibility of a small group of highly
specialized security technicians, but the entire organi-
zation. Further, just as a common, rigorous framework
plays a critical role in quality control, the same should be
employed for information security. The resulting quanti-
fication of risk will enable IT leaders to move information
security from the back office to the boardroom.
* “A Better Way to Battle Malware,” strategy+business (Winter 2011),
reprint 11403.
Every minute
produces 42
new strains
of malware
Six Sigma and
Information Security
7. [ Mobile Innovation
and the Business ]
A study published by the
Economist Intelligence Unit
and sponsored by Symantec,
“Fonts of Innovation –
Mobile Development in the
Business,” focuses on the
Europe, Middle East, and
Africa (EMEA) geography
and identifies a number of
areas of conflict between
IT and the business when
it comes to mobility. Fewer
than 10 percent of non-IT
respondents believe their
IT colleagues are highly
innovative. Half think IT
departments are resistant
to new mobile ideas. Get
the study at go.symantec.
com/eiu-mobile.
[ Vendor Risk Manager ]
To help customers better
assess their third-party risk
and protect their reputa-
tion and sensitive data,
Symantec released Control
Compliance Suite Vendor
Risk Manager. With it, cus-
tomers have visibility into
their organization’s vendor
risk exposure and the abil-
ity to automate ongoing
assessments of vendors’
IT security readiness. For
more information, visit
go.symantec.com/ccs-vrm.
[ Employee IP Theft ]
Half of employees who left
their jobs in the past year
kept confidential corporate
data, according to a survey
conducted by Ponemon In-
stitute on behalf of Syman-
tec (“What’s Yours Is Mine:
How Employees Are Putting
Your Intellectual Property
at Risk”). And more than 40
percent of them plan to use
it in their new jobs. What’s
symantec.com/ciodigest 5
W
ith globalization, new op-
portunities for leveraging
human capital have arisen.
Outsourcing has taken on new
meaning for many organizations as
they are able to tap into a virtual, on-
demand workforce. And with certain
IT skill sets in high demand and a
growing focus on cost, IT leaders are
increasingly looking to the human
cloud. The authors of a recent study
in MIT Sloan Management Review
identify four different types of hu-
man cloud platforms:*
1. Facilitator Model—Supplier
Transparency: Successor to micro-
sourcing whereby the buyer has
substantial information about the
supplier. Elance and oDesk are
examples. This platform includes
workflows that provide buyers with
visibility into project milestones and
regular status reporting.
2. Arbitrator Model—Supplier
Redundancy: This occurs when
an organization needs to source
work that is highly unstructured
and difficult to evaluate or requires
special expertise. Organizations
can leverage a diverse talent pool
possessing specialized skill sets. An
example is crowdSPRING that runs
a wide range of projects such as
copywriting and website design.
3. Aggregator Model—Task
Aggregation: Some organizations
have work that does not require
coordination between the different
workers; often the work entails a
large number of simple, repetitive
tasks. These are normally small
projects. An example is Amazon
Mechanical Turk.
4. Governor Model—Project
Governance: This is used for more
complex projects. These employ a
combination of project managers
working while on staff and a
sophisticated software framework
for monitoring and managing
individual tasks. This often includes
a thick layer of governance. This
new model shifts responsibility from
individual suppliers to the cloud.
The authors also overlay a series
of initiatives or steps that need to
be followed—from engagement
and design to monitoring and
management—to ensure success.
* Evgeny Kaganer, Erran Carmel, Rudy
Hirschheim, and Timothy Olsen, “Managing
the Human Cloud,” MIT Sloan Management
Review (Winter 2013): 23-32.
The Human Cloud
With certain IT
skill sets in high demand
and growing focus on
cost, IT leaders are
increasingly looking
to the human cloud.
The First 100 Days
F
or a CIO, how you get out of the gate and
lay the groundwork plays a critical role
in initial and long-term success. Michael
Bloch and Paul Willmott delineate nine steps
that an incoming CIO should take to ensure her
or his success.
1. Start the first 100 days before your first day.
This includes conducting substantial research and
data collection.
2. Clarify and strengthen your mandate.
Understand what is expected of you and set
expectations, including with the CEO.
3. Build relationships with business unit
executives and agree upon priorities. You have
only one opportunity to make a strong first
impression, so make sure it counts.
4. Understand the upside and the downside.
Understand the specific role of technology in the
industry and how it creates value.
5. Develop the plan. Create transparency on IT
performance and health. This should include
benchmarking.
6. Build your team. Start with organizational
design. Incumbent team members may be effective
in their current role but not the new one. This is an
instance where some risks should be taken.
7. Rally the IT organization. Formulate a vision for
IT and communicate it early to foster trust.
8. Demonstrate leadership through visible results
and actions. Find quick wins and kill off ineffective
sacred cows. Prioritize projects—which ones need
additional resources and which ones need to be
postponed or cancelled.
9. Continue your personal journey. Invest in
yourself by recognizing that the new role requires
new skills and behaviors. This might include
attaching yourself to a new mentor.
* “The first 100 days of a new CIO: Nine steps for wiring in
success,” McKinsey Quarterly (December 2012).
8. 6 CIO Digest April 2013
the cause? The survey
found that only 47 per-
cent of organizations took
action when employees
took sensitive information
in violation of corporate
policies. Further, 68 percent
indicate their organizations
fail to adequately monitor
employees to prevent this
from happening. Get the full
report at go.symantec.com/
ip-theft-survey.
[ STEM Contribution ]
Symantec celebrated
International Corporate
Philanthropy Day by an-
nouncing over $1 million in
STEM (science, technology,
engineering, and math) and
literary education grants
to non-profit organizations
around the world. Organi-
zations included Teach for
America, Science Buddies,
NPower, Room to Read,
and the World Associa-
tion of Girl Guides and Girl
Scouts. For details, visit
go.symantec.com/stem.
UPLOADTRENDS I SYMANTEC CHRONICLES I BOOK REVIEWS
SYMANTEC CHRONICLES
Protecting Information in the Cloud
C
louds—public, private, and hybrid—are growing
by leaps and bounds. IDC reports that corporate
spending on public cloud or third-party managed
offerings will grow from $28 billion in 2012 to more than
$70 billion by 2015. Refusing to leverage the capabilities
of the cloud or blocking the business from doing so is no
longer an option for most institutions. Ease of use, cost,
flexibility, and other benefits are simply too compelling to
ignore for the majority of organizations.
But with the cloud comes challenges. Protecting in-
formation is a critical concern when information moves
outside of the parameters of the corporate
firewall. However, if managed correctly,
McKinsey & Company asserts that
cloud solutions—both public and
private—can provide data-pro-
tection advantages compared to
traditional, insular technology en-
vironments.* For example, log and
event management are simplified
in virtualized, centralized cloud
configurations, allowing IT
professionals to identify
emerging threats ear-
lier than would have
been possible.
To facilitate move-
ment to the cloud and
to help ensure the pro-
tection of information, the
authors of the McKinsey study contend that
information security must move from a control function
whereby policies are used to limit access to a risk-manage-
ment approach, one in which IT engages business leaders
in making trade-offs between the business value that cloud
solutions promise and the potential risks they entail.
The authors put forward several recommendations that
organizations should consider when adopting or building
cloud solutions:
1. Consider the full range of cloud contracting models.
Private and public cloud nomenclatures are general cate-
gories. The cloud can be broken down into a more granular
grouping of services such as on-premises managed cloud
services or vir-
tual and community
clouds.
2. Pursue a mixed-
cloud strategy.
Different workloads
and data sets ne-
cessitate different
considerations. For
example, a develop-
ment and test en-
vironment has less
risk than a production environment since it
does not include confidential business information in
most instances.
3. Implement a business-focused approach. Companies
or organizations with a mature risk management func-
tion should establish a comprehensive risk management
strategy and involve the broader business in defining the
requirements. This concurrently means that specific IT
functions such as backup specialist or network administra-
tor must evolve to become broader business functions.
* James Kaplan, Chris Rezek, and Kara Sprague, “Protecting Information in
the Cloud,” McKinsey Quarterly (December 2012).
If managed correctly,
McKinsey & Company asserts
that cloud solutions—both
public and private—can
provide data-protection
advantages compared
to traditional, insular
technology environments.
9. symantec.com/ciodigest 7
What type of mobility mover do you want to be? That is
the question based on the outcome of Symantec’s “2013
State of Mobility Survey” that was released in February.
The results indicate a tale of two types of companies:
“Innovators,” those who believe mobility offers exciting new
advantages and are rapidly adopting mobility solutions,
and “Traditionalists,” those that are cautious and slower
to move, giving more weight to the risks associated with
mobility than the opportunities.
Eighty-four percent of innovators
are moving forward with mobility
initiatives, seeking to capitalize
on potential business value. Tradi-
tionalists adopt mobility solutions
because of end user demand. The
survey uncovered an interesting
dichotomy on risk between the
two groups: two-thirds of inno-
vators say the benefits of mobility
outweigh the risks, while three-
quarters of traditionalists say the
reverse is true. Almost half of enterprises are innovators;
slightly fewer SMBs fall into that category (41 percent).
Innovators are rapidly evolving their use of mobility. Consider
these statistics: innovators have 50 percent more employees
using smartphones than traditional businesses. They are
more likely to use mobile devices for running business apps,
and 83 percent are discussing deploying private app stores
for employees (compared to 55 percent for traditionalists).
Ironically, though traditionalists are more concerned
about the risks of mobility, innovators are more active in
implementing policies to manage mobile use, including
extending them to employee-owned devices.
Cost of mobility isn’t a deterrent for innovators. It is offset
by returns in greater productivity, efficiency, and business
agility. Not only that, mobile adoption results in more satisfied
employees and better retention. And it counts on the bottom
line; innovators are seeing higher revenue growth and profits
than traditionalists are, by nearly 50 percent.
For the entire “2013 State of Mobility Survey,” visit
go.symantec.com/mobile-2013-report.
Innovators are
moving forward with
mobility because
of the potential
business value;
traditionalists are
doing so because of
end user demand.
Hidden Costs in the Cloud
M
ore than 90 percent of organizations are discuss-
ing cloud options today, up from 75 percent a
year ago, according to a recent Symantec survey.
Rogue clouds, or instances where business groups imple-
ment public cloud solutions that are not managed by or
integrated into the organization’s IT infrastructure, are
becoming a growing problem and incurring unnecessary
costs, with 77 percent of organizations reporting issues
in this area. But the implications are broader: 40 percent
experienced exposure of confidential information and 25
percent had account takeover issues, defacement of Web
properties, or stolen goods or services.
Results from the “Avoiding the Hidden Costs of Cloud 2013
Survey” from Symantec highlight other areas where adoption
of cloud services is creating issues. More than 40 percent of
responding organizations have lost data in the cloud and had
to revert to recovering the data via backup. However, when
doing so, two-thirds of these organizations had backup opera-
tions fail. Yet, even when recovery from the cloud is success-
ful, it is slow: in excess of one-fifth of respondents indicate the
process took three days or longer.
In recent years, poor storage utilization is something en-
terprises have struggled to overcome, using approaches such
as virtualization and thin provisioning. This challenge doesn’t
go away with the cloud, but is
exacerbated, according to the
survey. The average storage
utilization rate in the cloud is
just 17 percent.
Compliance is a problem
as well. Many organizations
assume compliance is a
second-order issue in their
adoption of cloud services.
But 23 percent of cloud adopters were fined for privacy viola-
tions in the past 12 months. Discovery requirements don’t go
away with the cloud either; one-third of survey respondents
received discovery requests for data in their cloud environ-
ment in the past 12 months.
SSL certificates are required for the cloud, too. Only 27
percent of respondents felt this task is easy, and less than half
are confident that their cloud partner’s SSL certificates com-
ply with their own organization’s internal standards, let alone
external requirements.
To avoid the hidden costs of the cloud, Symantec proposes
four steps that IT organizations should take:
1. Focus policies on information and people and not
technologies or platforms
2. Educate employees on policies, and monitor and
enforce them
3. Embrace tools that are platform agnostic
4. Deduplicate data in the cloud
For the entire report, visit go.symantec.com/cloud-costs-2013.
Twenty-three
percent of cloud
adopters were
fined for privacy
violations in the
past 12 months.
Innovators Leverage Mobility
10. Does history make leaders, or do leaders make history? Separat-
ing the impact of a specific leader from the particular situation
the leader has to confront has long been a looming question
surrounding the nature of leadership. By focusing on individual leaders
who were outliers in the qualities for which they were selected, Gautam
Mukunda examines those instances in history when leaders, through
their distinctive personal qualities, made enormous differences. His
deeply researched and closely argued book is dedicated to “figuring out
which leaders matter, and when and why, and what lessons we can take
from those who do.”
Mukunda’s research indicates that most leaders have little impact
on the organizations they lead. The structured processes most
organizations use to select their leaders ensure that the organization
has made—and continues to make—the leader. Given the value these
processes place on experience and status quo, the outcome is the el-
evation of leaders who are ultimately not
responsible for the end result.
This is all well and good when an
organization does not need radical change
to be successful. When a company is in
trouble, however, an outlier CEO who did
not come up through the system (whether
at the same company or at another) can be
the best bet for turning around the com-
pany. When someone who is inexperienced
or is appointed in an unusual way is chosen, an unconventional, game-
changing leader may result (Hitler and Churchill are at opposite ends of
the spectrum in this case). These are the kinds of leaders who have made
the biggest difference, good and bad, throughout history.
Using historical examples, Mukunda presents what he calls a Leader
Filtration Process (LFP), a model which reveals how a single leader in a
pivotal place and time can either save or bring down an organization, cre-
ating lasting influence far greater than anticipated. This model is useful
today in helping us to select leaders, whether CEOs, politicians, or other
types of executives. Indispensable is a book that a wide audience will find
both interesting and useful.
Rebecca Ranninger previously served as the executive vice president and
chief human resources officer at Symantec.
Gautam Mukunda
Indispensable: When
Leaders Really Matter
Boston, MA: Harvard Business Review Press
ISBN: 978-1422186701
Price: $28.00
When I was first presented with a list of potential books to review
for this edition of CIO Digest, I immediately gravitated to Into
the Storm, not only because it is based on the true story of the
1998 Sydney to Hobart sailing competition, but because it weaves in real-
world lessons that can be applied by any leader.
Imagine that you are Ed Psaltis, captain of the 36-foot AFR Mid-
night Rambler with six souls on board and competing on a 628-mile
course known as the “Mount Everest of sailing races.” A sudden and
violent storm strikes with 100 mph gusts and 80-foot waves. Do you
proceed into adversity or do you retreat hoping your boat is not over-
taken by waves? Six people have already died and another 55 have
been rescued; many of the other sailboats have floundered or sunk,
and your leadership is the difference between success and abject
failure for your team.
The team has trained and raced together for years, and they made
the daring decision to proceed. Will they finish the race? Will they perish
trying to do so? What were their secrets to the success they achieved?
There are two key themes presented by Into the Storm: (1) the
importance of exceptional teamwork in overcoming challenges, and (2)
development of a team culture where
leadership is distributed, allowing every
person to provide direction based on his or
her expertise. The book didactically shares
10 key strategies to support both of these
themes. For example:
> Make the entire team a “rock star”
rather than hiring external talent
that basks in the limelight.
> One can never be too prepared;
never overestimate the importance
of what we call at Symantec,
“Learn, Teach, Learn.”
> Take calculated risks after careful analysis
and be willing to stare up at that 80-foot wave with a strategy of
tackling it at a 60-degree angle from head-on.
> When the wind is blowing so hard you can’t even hear, find ways
to cut through the noise to really understand the dynamics of
the challenge.
> Finally, never give up: there is always a creative move to tackle the
next challenge that will inevitably come your way.
I highly recommend Into the Storm; it contains a lot of valuable
insights applicable, irrespective of your level and role within the
larger organization.
Mark L. Olsen is a senior product marketing manager in Symantec’s
Information Intelligence Group and a former CIO of a 3,000-person
organization.
Dennis N.T. Perkins with Jillian B. Murphy
Into the Storm: Lessons in
Teamwork from the Treacherous
Sydney to Hobart Ocean Race
New York, NY: American Management Association, 2013
ISBN: 978-0-8144-3198-6
Price: $24.95
BOOK REVIEWS
8 CIO Digest April 2013
11. Identity
protection
Intel®
IPT
with OTP
Intel®
IPT
with PKI • PTD
When two respected industry leaders – one in hardware and one in software – closely collaborate on solutions
to protect identities, manage the enterprise, and backup and restore valuable data, you know you’re in
good hands. The alliance of Intel and Symantec directly addresses dramatic changes in today’s computing
environment by embedding security and manageability into Intel silicon hardware, powering computing devices
to protect users, their employers, and their data. This approach assures IT executives and front line staff an
extra measure of built in security and protection that they don’t have to think about, manage separately, and
don’t have to worry about negatively impacting their user’s experience.
Visit the Intel – Symantec alliance website for
more detail about the collaboration.
Intel.Symantec.com
symantecTM
VIP Service
symantecTM
managed PKI
Service
Intel®
vProTM
AltirisTM
client
mangement
suite
Intel®
servers
Intel®
servers
symantec
netbackupTM
appliance
symantec
backup ExecTM
appliance
Intelligent
Management
information
protection
12. 10 CIO Digest April 2013
L
eadership strong enough to leave a lasting
legacy assumes many different forms and
does not always come from the most ex-
pected places. Consider Moon Lim Lee. Born
into anonymity in 1903 to Chinese immigrant parents
seeking to strike it rich in the gold fields of Northern
California, Lee and his legacy garner not only un-
wavering respect from his hometown of
Weaverville, but the grateful admiration of
the State of California and the President of
the United States.
In the late 1800s, Lee’s parents and grand-
parents came to Trinity County—situated in the
coastal mountains of Northern California—to
find gold, strike it rich, and return to China.
After a few futile years of mining, his grand-
parents gave up and returned to China. But
his father chose to stay. And though unsuc-
cessful at mining, he achieved success in business as a
baker and grocer.
Moon Lim Lee began his business career at the
age of seven, peddling vegetables out of his father’s
horse-drawn cart. The business grew over time, evolv-
ing into a produce stand and eventually a grocery in
1938. A decade later, Lee sold the grocery to open a
hardware store.
Across the street from Lee’s new hardware store sat
the Joss House, a Taoist Temple with roots that extend
to the earliest history of Weaverville in the 1850s.
With the discovery of gold, the Chinese population in
Weaverville surged to more than 2,500 in the 1850s
and was still around 2,000 in the 1880s, comprising
half the town’s residents. But as the gold gave out and
economic opportunities arose elsewhere, including
the construction of the transcontinental railway, the
Chinese residents slowly departed. By 1933, when the
caretaker of the Joss House died, the Chinese popula-
tion of Weaverville had dwindled to 16 and the future
of the Joss House hung in the balance.
After a nighttime burglary that resulted in the theft of
many of the Joss House’s historical artifacts in early 1934,
the Weaverville community recognized that something
needed to be done. In September of that same year, the
Weaverville Chamber of Commerce took up the cause to
make the temple a California State Park.
And when the Chamber of Commerce went in
search for a new caretaker, it didn’t look very far;
he was simply across the street. In 1938, Lee was
appointed trustee of the property for the people of
Weaverville by the California Superior Court. But get-
ting the Joss House designated as a state park wasn’t
easy. For nearly 20 years, Lee tirelessly lobbied the
state to take over the Joss House. Finally, after many
years, he won the authorities over; the Joss House
(“The Temple of the Forest Beneath the Clouds”) was
designated as a California State Park in 1956.
Throughout his lifetime, Lee served on a number
of community boards and councils in Weaverville and
Trinity County. Indeed, anyone who travels I-5 can
thank him for his insistence when the interstate was
being built in the 1950s that rest stops be no more
than 40 miles apart. In the late 1960s, he was ap-
pointed by then-Governor Ronald Reagan as the first
minority California State Commissioner of Highways.
And a few years following his time as commissioner,
he was named California Citizen of the Year in recog-
Take a Little, Leave a Little
Moon Lim Lee: “A Good Man and Great Friend”
THINK TANK BY PATRICK E. SPENCER
Organizations that fail to
“leave a little” are often hollow,
lacking in values and ideals, and
flounder in today’s economic
environment that is increasingly
dominated by Millennials.
13. symantec.com/ciodigest 11
nition of his many years of commu-
nity and state service.
When Lee passed away in 1985,
his family and friends noted that he
believed in doing what was good for
the community—“to take a little and
leave a little.” Let’s take a look at a
few examples.
1. Embracing social responsibility.
Running a successful business was
more than simply making money
for Lee. Rather, in accordance with
his philosophy of “taking a little
and leaving a little,” Lee understood
how his business fit into the larger
fabric of the local community. A
former hardware store employee
of Lee’s remembered delivering a
refrigerator to a local family. When
he asked Lee about collecting the
payment, Lee simply told him the
family needed a refrigerator and
couldn’t afford one.
Meeting the needs of the busi-
ness can often become overwhelm-
ing to IT organizations, and little
time or thought is available at the
end of the day to “leave a little.”
Most vibrant, growing organizations
embody core values and ideals; the
behaviors of organizations align
with these values and ideals, and
corporate responsibility is one of
the outcomes. Organizations that
fail to “leave a little,” are often
hollow, lacking in values and ideals,
and flounder in today’s economic
environment that is increasingly
dominated by Millennials. IT orga-
nizations seeking opportunities to
increase social responsibility can
find many out there (e.g., “IT Social
Togetherness: An Interview with
NPower’s CEO Stephanie Cuskley”
CIO Digest [July 2012]: 22-25).
2. Sustaining legacy. Scattered
along the roadsides throughout
northern California are highway
placards honoring Lee for his
involvement in the construc-
tion of the California highway
system. His sustaining legacy
takes other forms as well. For
example, despite more than 30
years since their deaths, Lee
and his wife, Dorothy, continue
to give back to the Weaverville
and Trinity County communi-
ties via the Moon and Dorothy
Lee Scholarship Fund that was
established in 1986. Each year,
the scholarship is awarded to a
high school senior who needs
financial assistance to attend col-
lege; more than $250,000 has been
awarded to date.
Legacy—both personal and or-
ganizational—is something most of
us simply don’t think about. Lee’s
values and ideals are exemplified in
what he left after his death. Without
staying true to those values and
ideals, his legacy would look much
different. Leaders should take pause
and consider their legacies and the
legacies of their organizations: for
what will they be remembered?
An unwavering commitment to
customers? A genuine dedication
to employee development and em-
powerment? A culture of sustained
technological innovation?
3. Finding time for fun. Lee’s life was
much more than running a success-
ful business. Finding time for fun
and adventure was important to
him. In 1928, he was the first person
to land a plane in Trinity County.
He also loved fast cars and touted
that he had raced up the mountains
from Redding to Weaverville in 41
minutes in one of his big Buicks.
One story, which likely was not re-
counted to Governor Reagan when
he was interviewed for California
State Commissioner of Highways,
tells how three highway patrol of-
ficers spotted him speeding up the
mountain passes. They took pursuit
but were unable to catch him.
Leaders are not defined by their
work but rather define their work.
The values and ideals that Lee held
most dear shaped his life—and ul-
timately his work: the Joss House,
respect for religious practices and
beliefs, and service to his commu-
nity. This entailed taking time for
Leaders are not defined by their work but
rather define their work.
15. They worked with Fujitsu to deliver real business outcomes.
At Fujitsu, we understand that each cloud journey is as unique as the business outcomes you desire.
And that transitioning to the cloud is a complex process.
Building on our 30-year heritage in robust IT hardware and services, the strongest cloud portfolio in the
industry and the experience we have gained delivering over 2000 cloud projects worldwide, we can bring
you the right cloud solution bundled with the right supporting services and legacy integration strategy.
It’s time for a new approach. It’s time for Fujitsu Cloud.
How have
thousands of
companies
handled the
complexity
of cloud?
Find out what Fujitsu Cloud can do for you at:
http://www.fujitsu.com/global/solutions/cloud/
Symantec Global Strategic Partner
Fujitsu_Cloud_CIO_Digest_FullPage.indd 1 12.12.12 11:54
16. IntheWake
ofSuperstorm
SandyBusiness continuity and disaster
recovery assume new meaning
Two days before Halloween last year, the sec-
ond costliest hurricane in the history of the
United States—and the largest Atlantic hur-
ricane on record (as measured in diameter)—
made landfall just to the northeast of Atlantic City,
New Jersey. When Superstorm Sandy finished wreak-
ing her havoc, she left a path of destruction across the
Caribbean and 24 states, including the entire eastern
seaboard from Florida to Maine and west across the
Appalachian Mountains. Sandy’s storm surge poured
into New York City and the surrounding area, flooding
streets, tunnels, and subway lines and cutting power in
and around the city. When the waters and winds finally
subsided, the tally of destruction was devastating:
more than $65 billion in damages, 250 people killed,
and 7.4 million homes and businesses without power.
Sandy isn’t the first or will be the last natural disas-
ter to underscore the importance of having the right
business continuity and disaster recovery solutions
in place. However, because of the extent of its dam-
age, Sandy served as a wakeup call for many. Orga-
nizations—large and small, public sector and private
businesses—experienced devastating system outages
and lost data that directly affected their businesses.
The impact varied depending on the location, critical
systems went down anywhere from hours to weeks.
The consequence to employees was bad enough; the
repercussion to customers was worse.
IT organizations need the right strategies, tech-
nologies, and processes in place to ensure that their
operations remain unaffected when disasters such as
Sandy strike. Louis Modano, senior vice president of
Infrastructure Services at NASDAQ OMX Group, Inc.,
notes the starting point is recognition that business
continuity and disaster recovery are not merely an
activity but “an engrained behavior, something that is
part of an organization’s production environment and
day-to-day operations.”
Wakeup call: Irene
Hurricane Irene served as a wakeup call for Lord Abbett
& Co. LLC. While not as destructive as Sandy, Irene
caused widespread damage, including major power out-
ages. Nathan Boylan, the head of IT Operations, notes:
“We took away a number of lessons such as building a
more mobile workforce and regionally redundant infra-
structure that gives us more resiliency and flexibility
when dealing with events such as Sandy.”
SPECIAL
FEATURE
Business
Continuity
and Disaster
Recovery
14 CIO Digest April 2013
JohnMinchillo/AP/CORBIS
BY PATRICK E. SPENCER
Sea water floods the entrance to
the Brooklyn Battery Tunnel in
New York during Superstorm Sandy.
17. symantec.com/ciodigest 15
A number of the small and medium businesses
served by Symantec Partner Zaphyr Technologies LLC
saw Irene as a wakeup call as well. “Many of our custom-
ers are in areas notorious for power failures,” notes
Shawn Butt, chief IT architect at Zaphyr Technologies.
“And while their offices went unscathed when it came
to the flooding from Irene, they were unable to run
their business and serve their customers because they
could not access their applications or data. On-premises
business continuity and disaster recovery solutions only
work if you have power at that location.”
Plan beforehand
Success in business continuity and disaster recovery is
achieved with pre-planning. And this in turn has a direct
correlation to risk management, according to Modano.
“Risk management covers all aspects of the business,” he
notes. “It spans not only how we’re backing up our data
to where it’s stored and where and how we’re configuring
our disaster recovery sites, but it also addresses our com-
munication plans, our vendor and
partner relationships, and all of the
associated processes.”
Risk management
NASDAQ OMX takes business con-
tinuity and disaster recovery very
seriously, to the point that nearly
every division has one team mem-
ber appointed as a risk manage-
ment officer. In the case of Modano’s organization, he has
a primary and a secondary person. “They interact with my
line managers to understand how business or technology
changes in the IT environment impact business continuity
and disaster recovery,” Modano says.
Risk management is a critical requirement for
NASDAQ OMX and its efforts around business conti-
nuity and disaster recovery. So much so that last year
it acquired BWise, a company specializing in enter-
prise governance, risk management, and compliance
video
The right strategy and
execution around business
continuity and disaster
recovery helped Lord
Abbett avoid any disruption
to its business and
customers at go.symantec.
com/lordabbett-video.
18. software solutions. “The BWise
software platform is used to de-
liver risk management solutions to
NASDAQ OMX customers as well
as internally,” Modano reports. “IT
professionals sometimes embrace
the newest technologies without
connecting the dots back to the
business and its requirements
around business continuity. It is
critical that the potential impact
of these additions to business con-
tinuity be understood before they
are integrated.”
NASDAQ OMX’s business
continuity and disaster recovery
strategy is a “stepped” function,
according to Modano. “This means
we follow a series of steps when
executing it,” he says. He proceeds
to explain that a comprehensive
business continuity and disaster
recovery approach requires a
fundamental strategy as well as
tactical execution—essentially the
what and how.
So what does this mean for the
company? It means that every
division has a requirement to test
out its business continuity and di-
saster recovery plans. These tests
are typically done in concert with
the IT organization, though the
IT group does their own tests, too.
NASDAQ OMX also complies with
industry-specific testing coordi-
nated with the Securities Industry
and Financial Markets Association.
Business leadership
Boylan came to Lord Abbett in 2009
after working for a larger finan-
cial services firm. Among other
initiatives, he identified business
continuity and disaster recovery
as a key focus. It had already been
designated a priority when he
joined the firm.
“Our leadership team is very ag-
gressive in putting forward ideas,
plans, and processes to tighten
and enhance our business continu-
ity and disaster recovery plan,”
Boylan comments. “Because of the
work that has been done, we now
have a highly strategic framework
whereby we aren’t simply reacting to
events after the fact but proactively
positioning assets and people
before they occur.”
Fundamentals: virtualization,
data protection, replication
Virtualization was an area of focus
for Boylan and his team upon
his arrival. “We’ve virtualized up
to 90 percent of our data center
infrastructure,” he says. “We’re
realizing lower costs and improved
efficiencies. It also supports busi-
ness continuity and disaster recov-
ery much better than our previous
physical environment.”
He and his team also elected to
overhaul the firm’s data protection
infrastructure. “We had a very tradi-
tional environment that backed up
data to tapes that were taken offsite,”
he remembers. “This approach was
time-consuming to manage and
didn’t support our disaster recovery
requirements. It simply took too long
to recover our data.”
Boylan and his team looked
at different options and elected
to move to a distributed storage
solution that included Symantec
NetBackup. “Based on business
requirements, we now back up
to disk and then move it to tape,
after 30 days,” he explains. “Our
recovery time is much faster. And
16 CIO Digest April 2013
CHRISTOPHERLANE/GETTYIMAGES
“Everything that we do today from a
business continuity and disaster recovery
standpoint is global in nature.”
– Louis Modano, SVP, Infrastructure Services, NASDAQ OMX
Louis Modano, SVP,
Infrastructure Services,
NASDAQ OMX
SPECIAL FEATURE
Business Continuity and Disaster Recovery
19. symantec.com/ciodigest 17
while we did not need to enact any
data recovery, we are much more
confident with this solution in place
in the event that we need to do so.”
Boylan continues: “NetBackup gives
us the ability to have one consoli-
dated tool and view across all of our
different environments, whether
physical, virtual, or cloud. This is
really important for us—both today
and as we plan for the future.”
Boylan asserts that the business
and not just the IT team must be
engaged in developing a business
continuity and disaster recovery
plan and then made part of the test-
ing process to ensure that it works
beforehand. “We continually practice
for scenarios like Sandy,” Boylan
says. “All of the business groups at
the firm fully participate when we
test different situations. It is a busi-
ness priority; not just an IT one.”
One of the ways in which
NASDAQ OMX’s approach to busi-
ness continuity and disaster recov-
ery has changed in recent years is
the expansion of its business. The
company operates globally and
has data centers in the Americas,
Europe, and the Asia Pacific
regions. “Everything that we do
today from a business continuity
and disaster recovery standpoint
is global in nature,” Modano says.
“We have the ability to fail over
to our disaster recovery location
within each region and between
regions where applicable by prod-
uct. The architecture is designed
so that we have full replication
between each of the sites.”
Symantec NetBackup and Veritas
Replicator from Symantec are part
of this broader strategy. NASDAQ
OMX has relied on NetBackup for
data protection for a number of
years. “Protecting our data is core
to our business,” Modano says.
“We need to back it up but then,
as needed, recover it.” To replicate
data between data centers,
NASDAQ OMX uses Veritas
Replicator. “Both NetBackup and
Veritas Replicator lay the ground-
work for recovering the data in the
event of a disaster,” Modano says.
“This is very important to us.”
The deduplication technology in
NetBackup, including NetBackup
Accelerator, enables Modano’s team
to control their backup windows
and reduce the amount of data
replicated between sites. “We’ve
also been able to evolve our server
and storage architectures over time
without changing out our data
protection infrastructure and pro-
cesses,” Modano notes. And with
their adoption of virtualization
and a new push toward the cloud,
Modano’s team has a seamless view
across physical,
virtual, and cloud
environments us-
ing NetBackup and
Symantec OpsCen-
ter Analytics. They
also employ Veritas
Storage Foundation
from Symantec to
manage file systems
and have found it
useful in migrating data between
different storage tiers, a task that
could be critically important during
a disaster.
Sandy surges ashore
As soon as Lord Abbett recognized
the potential breadth and threat of
Sandy, the leadership team began
preparing for disaster recovery and
reconfirming processes. One of the
“We took away a number of lessons
such as building a more mobile workforce
and regionally redundant infrastructure that
gives us more resiliency and flexibility when
dealing with events such as Sandy.”
– Nathan Boylan, Head of IT Operations, Lord Abbett
PATRICKSPENCER
Nathan Boylan,
Head of IT Operations,
Lord Abbett
Nathan Boylan discusses
Lord Abbett’s business
continuity and disaster
recovery plan and how it
helped the firm to sustain
services to customers
without any interruption
in this Executive Spotlight
Podcast at go.symantec.
com/lordabbett-podcast.
Podcast
20. 18 CIO Digest April 2013
steps the firm took was to instruct
its employees to work remotely
on Monday and Tuesday. “This
helped position the firm for rapid
response and success in Sandy’s
wake,” Boylan says.
And disaster did strike Lord
Abbett. Its headquarters in Jersey
City, located on the west side of the
Hudson River, was inundated with a
foot and a half of water with Sandy’s
surge. The area surrounding the
building was actually hit harder and
under more water, as the Lord Ab-
bett building sits on higher ground
than most of the area around it,
and this impacted everything from
transportation services to power.
“Electrical service to the building
and virtually the entire area was
lost,” Boylan reports. “It effec-
tively became a disaster zone.” The
Federal Emergency Management
Administration ruled the area inac-
cessible and wouldn’t allow anyone
back into the buildings until they
were confirmed to be safe. Indeed, it
would be another week before Lord
Abbett could reoccupy its headquar-
ters.
“It was at this point that we
decided to execute the business
continuity and disaster recovery
plan and bring our remote locations
online,” Boylan recalls. “Because of
the work that we had done before,
in terms of technology infrastruc-
ture, planning, and communica-
tions, the effects of Sandy had zero
impact to our customers through-
out the ordeal. That is really what
counts at the end of the day.”
Remote management is also
something NASDAQ OMX embrac-
es. The decision was brought on
several years ago during the H1N1
pandemic flu outbreak, when the
NASDAQ OMX team rethought the
issue of being onsite and offsite
and developed the need to man-
age systems remotely in the event
staff could not reach their offices.
“We’ve really seen an evolution
and maturation in our business
continuity approach over the
past several years,” Modano says.
“Remote access is one of the pieces
that came to the forefront.”
NASDAQ OMX’s business con-
tinuity and disaster recovery plan
proved its mettle during Sandy. The
company’s headquarters in down-
town Manhattan were deemed unin-
habitable, and the company had to
fail over to remote systems. “Every-
thing worked to plan,” Modano
reports. “Had the markets decided to
open the day after Sandy, we would
have been ready to go.”
Cloud advantages
A couple years ago, Lord Abbett
began integrating public cloud ser-
vices in instances where it made
sense to the business. The firm has
moved HR systems and IT service
management systems into the
cloud. “For a midsize firm like Lord
Abbett, building out all of those
different options is simply not
feasible,” says Boylan. “The ability
to leverage cloud services enables
us to close the gap between us and
larger financial services firms that
have the resources and geographi-
cal footprint to build out those
solutions themselves.”
Beyond the competitive ad-
vantages and reduced cost and
“On-premises business continuity and
disaster recovery solutions only work if you
have power at that location.”
– Shawn Butt, Chief IT Architect, Zaphyr Technologies
Shawn Butt,
Chief IT Architect,
Zaphyr Technologies
PATRICKSPENCER
SPECIAL FEATURE
Business Continuity and Disaster Recovery
21. symantec.com/ciodigest 19
complexity, the cloud offerings
enhance Lord Abbett’s business
continuity capabilities. “Our cloud
services performed extremely well
during Sandy,” Boylan reports. “In
addition to its many other benefits,
the cloud gives us a very attractive
business continuity option.”
With the move toward cloud
services, Boylan and his team
worked with groups across the
company to create a governance
model used to vet each cloud
offering. “The model includes
evaluations of everything from
security and compliance standards
to business continuity and disaster
recovery,” Boylan notes.
Modano also sees significant
potential around cloud services.
NASDAQ OMX is currently evaluating
the use of public cloud storage as part
of its business continuity and disaster
recovery plan. Modano envisions
using tertiary storage in the cloud
as part of NASDAQ OMX’s broader
disaster recovery strategy. Last year,
NASDAQ OMX and Amazon.com,
Inc. signed an agreement to allow
brokers to store their trading and
other types of information in the
Amazon.com cloud; access and
encryption is provided by NASDAQ
OMX. Symantec NetBackup is used
for backup and recovery as well as en-
cryption into the Amazon.com cloud.
The cloud is proving to be a criti-
cal business continuity and disaster
recovery solution for the small
and medium customers of Zaphyr
Technologies. “Many of our custom-
ers lost power during Sandy, in many
instances for one or two weeks,” Butt
says. “But they were able to continue
running their businesses because
many of their critical applications are
in the cloud.”
For data protection, in addition
to on-premises solutions, Zaphyr
Technologies deploys Symantec
Backup Exec.cloud as either second-
ary storage or tertiary storage for
its customers. “This gives them a
means of accessing their business’
data in the event that on-premises
data protection is damaged or as a
result of the loss of power, which is
exactly what happened in the case
of Sandy,” he sums up.
In the wake
As technology continues to perme-
ate business and personal lives, it
creates immeasurable opportuni-
ties. But it simultaneously, as we
have seen with cyber threats and
natural disasters, engenders im-
mense challenges. Organizations
that continue to deliver services to
their customers, despite the adver-
sities wrought during an event such
as Sandy, are true leaders.
But the ability to sustain busi-
ness operations and recover data
in the event of disaster is not
something that happens over-
night. It takes significant strategic
planning and preparation. Indeed,
it was only because of their efforts
beforehand that organizations like
Lord Abbett, NASDAQ OMX, or
even the small and medium busi-
nesses that Zaphyr Technologies
serves were successful. ■
Patrick E. Spencer (Ph.D.) is the editor
in chief and publisher for CIO Digest.
The street behind Lord Abbett’s
headquarters alongside the
Hudson River was under
several feet of water during
Sandy’s storm surge.
CoURTESEyoFLoRdaBBETT
LORD ABBETT
Headquarters: Jersey City, new Jersey
Founded: 1929
Focus: Investment management
(mutual funds, institutional assets, and
separately managed accounts)
Assets Managed: $126.1 billion
Website: www.lordabbett.com
NASDAQ OMX GROUP, INC.
Headquarters: new york City
Founded: 1971
Markets: 24
Exchanges Powered by NASDAQ
Technology: 72 in 50 countries
Indices: almost 2,000
Website: www.nasdaqomx.com
ZAPHYR TECHNOLOGIES LLC
Headquarters: Whippany, new Jersey
Founded: 2003
Key Service Offerings: Managed IT
services to SMBs in new york City and
new Jersey areas
Website: www.zaphyr.net
CoMPany PROFILES
22. 20 CIO Digest April 2013
COVERSTORYCSX Transportation BY PATRICK E. SPENCER
Railroads are at the crux of what powered
the Industrial Revolution. Without them,
the speed at which the world changed—
through mining and transportation of
coal, manufacturing and delivery of goods, and the
ability to travel across large land masses in a matter
of days—would not have been possible.
Just as the railway was the fulcrum for the Industrial
Revolution, technology is the lever behind the Digital
Revolution. Advances in and proliferation of the
personal computer, coupled with the advent of the
Internet, radically transformed nearly every aspect of
society over the past three decades.
Very few businesses can lay claim to both the
Industrial Revolution and the Digital Revolution. One
that can is CSX Transportation. The company’s roots date
back to the charter of the Baltimore and Ohio Railroad
Company—the first commercial line in the United States
and one of the first in the world—in 1828. Barrel down
the tracks 180 years, and one finds that technology is
an essential truss for the company today. Indeed, CSX
Technology, the technology arm of the company, is
embedded within most aspects of the business—not to
mention being a critical enabler.
“That is really the order of the day,” comments
Tim McIver, assistant vice president of Information
CSXTRANSPORTATION
Laying the
Tracks of
Protection
Crisscrossing business and IT at CSX Transportation, Inc.
delivers results in the Digital Age
Laying the
Tracks of
Protection
23. symantec.com/ciodigest 21
Technology Operations. “We must be a business
enabler, helping our different businesses to adapt
and react to market changes.”
This is something that CSX takes seriously, ac-
cording to McIver, who manages IT infrastructure
and operations for the company. As an example,
he notes that the Application Development team is
organized with direct alignment to each business
department. For governance and oversight, CSX
maintains an IT steering committee consisting of de-
partmental business owners and IT leaders who meet
regularly, prioritizing IT projects based on business
requirements, tracking them to completion, and then
measuring the results.
“At the end of the day,
if we’re not aligned to the
business, we’re not doing
the right things,” McIver
says. “It’s absolutely
essential that we not only understand the goals and
strategies of the business but that we develop IT
strategies that have a direct line to them.”
IT and business legacy
McIver didn’t start in IT when he joined CSX 34
years ago. He actually began on the business
side and over the years worked in about every
function possible—from rail operations, to terminal
Portions of the interview with
CSX Technology’s Information
Technology Operations team are
available as an Executive Spotlight
Podcast at go.symantec.com/
csx-podcast.
Podcast
24. 22 CIO Digest April 2013
COVER STORY
CSX Transportation
management, to intermodal
operations and support. “I’m not
an IT professional by trade,” he
states. “My career path didn’t
bring me to IT until about a dozen
years ago. The IT support team
for the company’s intermodal
group elected to separate from the
company rather than relocate to
our headquarters in Jacksonville
during a period of consolidation,
and I was given a charter to
reconstitute that group.”
While McIver didn’t have a
professional background and
training in IT, he did understand
its correlation to the business
and possessed a network of IT
colleagues. “I surrounded myself
with the right people, and we
were successful at the end of
the day,” he comments. Since
his entrée into IT, McIver has
served in several different IT
roles encompassing application
development and sales and
marketing before moving to his
current assignment four years
ago.
At the time, CSX was in the
early phases of embarking on a
program of standardization and
consolidation. “Over the years,
we had built a very complex IT
environment,” he says. “Our
legacy applications were at the
very core. We had bolted on
Internet-based products, and the
environment had become complex
to manage and it was difficult for
us to respond quickly to changing
business needs.”
The effort was comprehen-
sive. “We were just kicking off
our adoption of ITIL standards
with particular focus on service
management, architecture, and
portfolio management,” McIver
says. “The end result is a much
smaller IT portfolio to manage.”
Virtualized transport
Virtualizing servers and storage
is a critical part of consolidating
the IT infrastructure at CSX.
Leading the charge for McIver is
Dan Parks, technology director,
Infrastructure Provisioning. “We
started with a virtualization-
first strategy,” he relates. “This
evolved into a virtualization-only
approach.
“CSX has virtualized the
majority of its servers,” Parks
continues. CSX’s main hypervisor
technology is VMware vSphere.
Parks reports that server
virtualization produced several
million dollars in savings
while generating a significant
improvement in reliability.
After beginning to virtualize
the servers in 2009, Parks and
his team adopted a virtual stor-
age strategy in 2011. Storage no
longer resides in silos dedicated
to specific applications or servers
“We started with a virtualization-first strategy.
This evolved into a virtualization-only approach.”
– Dan Parks, Technology Director, Infrastructure Provisioning, CSX Technology
Dan Parks (left), Technology Director, Infrastructure Provisioning;
Tim McIver, AVP, Information Technology Operations, CSX Technology
MICHAELBRUNETTO
25. symantec.com/ciodigest 23
but rather in virtual pools ready
for provisioning. “While we’re not
as far down the virtualization path
with our storage infrastructure
as we are with our server envi-
ronment, we have seen concrete
results,” Parks relates. In addition
to added efficiencies and reliability,
he notes that storage utilization
rates average around 80 percent.
Data protection:
heavy freight
Data is at the core of CSX’s busi-
ness. The tiered storage infrastruc-
ture consists of several petabytes
stored on many different disk ar-
rays. The importance of backing all
Earliest evidence of a railway dates back to the
6th
century CE, when a nearly four mile track was constructed
across the Corinthian isthmus in Greece to transport boats.
Consisting of trucks that ran in grooves in limestone, the
wagons were pushed by slaves; the manual-powered railway
ran for over 600 years. Following the Middle Ages, various
forms of railways began to appear. One of the notable efforts is
the Reisszug, a funicular railway—built in 1504 and powered
by humans and animals—used to transport goods to the
Hohensalzburg Castle in Salzburg, Austria. Though in an
updated form, it is still in operation today.
Narrow gauge railways with wooden rails were common by
the mid-16th
century in European mines. To transport
coal from mines to canal wharfs, where it was offloaded to
boats, wooden wagonways were developed in 17th
-century
United Kingdom. The Surrey Iron Railway opened for business
in south London in 1803, likely the first horse-drawn public
railway. Patents for the first steam engine were submitted in
1769 by James Watts. But it took more than half a century
before the first public steam railway opened for business,
when the Locomotion debuted in 1829 for the Stockton and
darlington Railway, northeast of London. By the 1850s, the
United Kingdom had over 7,000 miles of railway.
Origination of the railway era in the United States can
be traced to CSX, an eventual derivation—through merger
and consolidation—of the Baltimore and Ohio Railroad. The
Tom Thumb first steamed along 13 miles of track of the B&O
Railroad in 1830. The B&O Railroad was the first railway to
evolve from a single line to a network later that year.
direct current, and eventually alternating current, began
to supplant steam locomotives in the late 19th
century, as
labor costs made operation of steam locomotives increasingly
expensive. It would not be until after World War II when
internal combustion engines became more efficient that
diesel locomotives emerged as a viable alternative. They
were more affordable, more powerful, and easier to operate.
Passenger transportation was revolutionized in 1964 with the
introduction of electrified high-speed railway systems such as
the Shinkansen “Bullet Train” in Japan.
Over the past several decades, intermodal freight
transportation has become increasingly prevalent. Freight
is packed within large metal containers that can be double-
stacked on trains and easily pulled by trucks or loaded onto
ships. Re-packing and cargo handling are eliminated, and
damage and loss are minimized.
of this data up and then being able
to recover it cannot be overempha-
sized. Around 2000, CSX elected to
move its data protection infra-
structure to Symantec NetBackup.
“Our previous solution didn’t have
the scalability that we needed,”
Parks recalls. “We also wanted to
consolidate our backup operations
onto one platform, and the legacy
solution proved to be inadequate.”
NetBackup stood the test of
time for Parks and his team. “It’s
evolved with our business and
infrastructure,” he says. “Think
of the changes that we’ve gone
through over the years. Since
we first deployed NetBackup,
we have used
four different
operating
platforms
either through
replacement
or migration.
And this doesn’t
include our move
to virtualization and all of the
other changes that have occurred
with our storage infrastructure.”
Yet despite all of these chang-
es, NetBackup has remained a
constant for CSX. “Because of its
support for all types of server con-
figurations and storage platforms,
NetBackup gives us the flexibility
CSX takes technology seri-
ously and uses Symantec
to help protect its infra-
structure and information
at go.symantec.com/
csx-video.
VIdEO
RAILWAYS—STILL VERY RELEVANT
26. to change out other components in
the data center without replacing
our backup and recovery infra-
structure,” Parks states. Just as
impressive is NetBackup’s scal-
ability. “We had three full-time
staff managing our data protection
infrastructure 12 years ago,” Parks
quips. “Today, we still have three
full-time staff managing it, even
though the amount of data that
we’re backing up has grown four or
five fold.”
Since selecting NetBackup as
its data protection standard, CSX
has relied on Symantec Platinum
Partner Datalink. “The Datalink
team has proven very reliable,”
Parks says. “Drawing upon their
knowledge of our IT environ-
ment and business requirements
along with their understanding of
NetBackup, the Datalink engineers
helped us design and then, over
the years, fine-tune our NetBackup
architecture, as well as train our
administrators and provide ongo-
ing support when problems are
encountered.”
The amount of data CSX backs
up daily and weekly is immense.
“We conduct full backups every
week and daily incrementals,” Parks
says. “The deduplication capabili-
ties we realized when upgrading
to NetBackup 7.0 a couple years
ago made a real difference in the
amount of time we spend running
backups as well as the amount of
storage we consume.”
Parks’ team is in the final
stages of consolidating and
centralizing backups for CSX’s
remote offices using NetBackup.
“These previously required
dedicated servers and storage, not
to mention someone to run them,”
he says. “We’ve significantly
reduced the number of required
locations and plan to continue our
consolidation efforts. In addition
to the cost savings, we have
reduced risk.”
And though Parks’ team is look-
ing at options to replace the virtual
tape library infrastructure with
a disk-based solution, they don’t
anticipate making changes to their
NetBackup deployment. Parks
comments: “Just as NetBackup
supported our move to virtualiza-
tion, we expect it to support us on
our journey to the cloud.”
Tight integration between
NetBackup and VMware provides
CSX with tangible advantages. “As
we virtualized our server environ-
ment, we found that instituting
standard backup policies and
procedures was essential,” Parks
reports. “As a result, we adopted
VADP (vStorage APIs for Data Pro-
tection), which integrates seam-
lessly with NetBackup, to ensure
that we don’t provision a new
virtual server infrastructure with-
out tying it back into our backup
infrastructure and processes.”
In mid-2012, Parks’ team
upgraded to NetBackup 7.5, a
decision that delivered immediate
value. By eliminating the need
to copy data again and again,
the Accelerator technology in
NetBackup 7.5 enabled Parks’
team to shrink the backup window
for their full weekly backups.
“Unless the data changes, we
don’t need to back it up again,”
he notes. “The enhanced search
capability with Symantec
OpsCenter Analytics, which we
added several years ago, also
provides us with the ability to
24 CIO Digest April 2013
The three IT leaders from CSX Technology who were interviewed for this
article have each spent more than 20 years with the company. Tim McIver, the AVP
of Information Technology Operations, is a 34-year veteran, having started in the
business and then only recently—about 12 years ago—joined the IT group. dan Parks,
the technology director, Infrastructure Provisioning, came to CSX 31 years ago and has
spent all of that time in IT. Christina Stallings, technical director, Windows Application
delivery, is a newbie, having been at CSX for only 20 years.
In a field where four or five years with one company is considered a significant
amount of time, the résumés of the CSX team are a rare exception. What are some of
the reasons that have kept them with the same company for a sustained timeframe?
First, they’ve had a chance to work in a number of different capacities—in both
the business and IT. Second, they value the fact that CSX, through its corporate
responsibility programs, is embedded as part of the social fabric of the local
Jacksonville community and in other communities where the company operates.
Third, CSX is an innovator and leader, often embracing leading-edge technologies
before other players in the transportation industry as well as other companies based
in Jacksonville. Finally, alignment between the business and IT affords a unique line of
sight and understanding of end-user requirements. As a result, the business impact of
IT initiatives is more transparent and visible.
EMPLOYEES FOR THE LONG HAUL
COVER STORY
CSX TrAnSporTATion
“If we’re not aligned to the business,
we’re not doing the right things.”
– Tim McIver, AVP, Information Technology Operations,
CSX Technology
27. symantec.com/ciodigest 25
conduct more granular searches
and restores. When we do need to
perform a restore, we are able to
do so with greater efficiency.”
Network flyover
maps to appliance
In 2010, CSX undertook an
initiative to map its entire railway
network, including facilities.
The survey included gathering
geographic information system
(GIS) data compiled on aerial
maps. “We have 21,000 miles
of track,” McIver says. “So the
amount of flymap data that we
must store and manage is huge.”
CSX had recently acquired
a Symantec NetBackup 5200
Appliance and determined that
it was a good fit to protect this
new data. “With the NetBackup
appliance, we have an integrated
solution,” Parks explains. “All
of our backup, software, server,
and storage requirements are
contained in one box. We don’t
need to put any pieces together.
And it has the scalability that
we needed: we have a significant
amount of terabytes stored within
it right now.”
With the deduplication
technology that is built into the
NetBackup appliance, backups
are much easier, Parks adds. “Our
flymap data doesn’t change very
often, so only new data—or that
which has changed—is included in
the incremental and full backups,”
Parks notes. This dramatically
reduces the size of CSX’s backups
and the time they take to run.
First archiving station
Unstructured data—its archival,
storage, and discovery—is a project
McIver and his team chose to
tackle in late 2008. “We had nearly
40 terabytes of unstructured
data stored on expensive tier-
one storage, and the number was
growing annually,” he
says. “Beyond the lower
cost and improved
efficiencies, we needed
a solution that would
streamline the discovery
process for our legal and
HR departments.”
Christina Stallings,
technical director,
Windows Application
Delivery at CSX
Technology and a
member of McIver’s
Information Technology
Operations team, was
selected to oversee
the initiative. The CSX
Technology Applications
team and Christina’s
team evaluated several
different solutions and
eventually selected
Symantec Enterprise
Vault. “We had
pinpointed a number
of requirements and it
met every one of them,”
she remembers. “While
we started with our
Exchange environment,
it was not the only
unstructured data area
we wanted to address.”
Over time, the
Microsoft Exchange
environment had
become a growing
problem for CSX. “Our
Exchange footprint
had grown, and we
had reached a point
where we would have
needed to acquire
additional servers to sustain
acceptable levels of performance,”
Stallings says. “We also had a
voluminous amount of Exchange
data. Beyond the cost of storing
this data, the ongoing creep on our
backup windows was becoming a
problem.”
CSX saw an impact on employee
productivity as well. “Enterprise
Vault proactively assists users
with mailbox size quotas by
automatically archiving email
and leaving small pointers in the
mailbox,” Stallings notes. “These
pointers take up small amounts of
space. This automated archiving
Christina Stallings, Technical
Director, Windows Application
Delivery, CSX Technology
“While we started with our
Exchange environment, it was not
the only unstructured data area we
wanted to address.”
– Christina Stallings, Technical Director,
Windows Application Delivery, CSX Technology
28. 26 CIO Digest April 2013
process reduces the amount of
mailbox management that end
users must perform, thereby
increasing their productivity.”
Stallings also explains that
before implementing Enterprise
Vault, CSX’s help desk expended
substantial time working with end
users to retrieve “lost” emails and
to resolve quota-related issues.
For support in deploying the
Enterprise Vault solution, CSX
turned to Datalink. The rollout
occurred over a period of three
months and included the Microsoft
Exchange Journaling option, which
allows CSX to make copies of all
incoming and outgoing messages
in real time. Over a period of 18
months, the team worked with
Datalink to ingest all of its PST
files from end user mailboxes us-
ing the Microsoft Exchange PST
Migrator option. The deployment
includes more than 15,000 seats and
consisted—until the recent virtu-
alization migration (see below)—of
multiple dedicated Enterprise Vault
servers and one server for Enterprise
Vault Discovery Accelerator.
Because of the importance
of the solution to the business,
Stallings included a three-year
agreement for Symantec Business
Critical Services. “Our Symantec
Remote Product Specialist is like
a virtual member of my team
and works with us to proactively
identify problems before they
occur,” she says. “And when
we do have an issue, Business
Critical Services is there to help us
both identify the root cause and
implement a resolution.”
Discovery was addressed with
the initial implementation. “We
needed to have a means of man-
aging legal holds and discovery
requests for email,” Stallings
explains. “Previously, certain dis-
covery requests would involve be-
tween 8 and 10 IT staff and could
take weeks to complete. With Dis-
covery Accelerator, some requests
are conducted by the Information
Management and/or Information
Security teams in a matter of min-
utes or hours.” The time and cost
savings are substantial.
With the deduplication and
compression technology that
is part of Enterprise Vault, the
CSX team was able to slash
its Exchange data archive in
half. “Our Exchange archive is
several terabytes today, and this
is with an annual growth rate
of approximately six percent,”
Stallings says. “With this dramatic
reduction, we cut the backup
windows for Exchange while
decreasing storage cost.” CSX also
achieved additional savings by
moving its Exchange data archive
from expensive tier-one storage to
less expensive tier-three storage.
“The cost difference is at least
three-to-one,” Stallings states.
Second and third
archiving stations
After implementing EV for
Exchange, Stallings and her
team started working with other
CSX Technology Applications
teams to leverage additional
features of Enterprise Vault.
They collaborated to leverage File
System Archiving for CSX’s Event
Recorder Automated Download
(ERAD) system. Similar to a
“black box” on an airplane, ERAD
monitors and records actual train
operations and is used to provide
feedback to the engineers on how
to improve fuel efficiency.
Specifically, the CSX team
sought to archive the unstructured
data generated by ERAD. “There
are compliance requirements for
the archiving and retrieval of
ERAD data, and we determined
that Enterprise Vault File System
Archiving was the right solu-
tion,” Stallings explains. “We have
multiple terabytes of ERAD data in
Enterprise Vault that is archived
on tier-two storage today.” The
solution utilizes a CSX-developed
Web-based front end to recover
information and has proven to
be very effective, according to
Stallings. Plans later this year also
include leveraging File System
Archiving on one server that con-
tains exited employee data.
Fourth archiving
station and beyond
In early 2013, Stallings’
team started working with a
Technology Applications team
to test the Virtual Vault option
in an Enterprise Vault 10.0.1 test
environment. If successful and all
approvals are obtained, they will
begin to roll Virtual Vault out to
COVER STORY
CSX Transportation
“NetBackup gives us the flexibility to
change out other components in the data
center without replacing our backup and
recovery software infrastructure.”
– Dan Parks, Technology Director, Infrastructure Provisioning,
CSX Technology
CSX Transportation
Headquarters: Jacksonville, Florida
Founded: 1821 (under name of B&O
Railroad)
Miles of Track: 21,000
Access Points: 70+ ocean, river, and
lake port terminals
Intermodal Terminals: 40+
Website: www.csx.com
29. symantec.com/ciodigest 27
the broader CSX user community.
“The amount of Exchange data for
individual users varies, with some
needing very little and others
needing much more,” Stallings
notes. “With Virtual Vault, we will
empower users to take control
and move files from their primary
mailbox archive to their Virtual
Vault.” This will improve user
productivity while decreasing the
number of help desk calls.
The underlying infrastructure
for Enterprise Vault is something
CSX has even transformed. In
January 2013, Stallings and Parks,
looking for greater flexibility and
lower cost and complexity, part-
nered to migrate CSX’s Enterprise
Vault infrastructure from physical
boxes to a virtual environment.
The effort retired about 20 physi-
cal servers, a substantial cost and
maintenance savings.
The next initiative on the
Enterprise Vault roadmap for
Stallings and her team is the integra-
tion of retention and expiration
policies. “The amount of time that we
need to retain data varies based on
data type as determined by the busi-
ness,” she explains. “For example, we
must retain ERAD system informa-
tion for six years. But other types of
data can be expired after less time.
We’re working with our Information
Management group, a newly formed
team, and legal staff to refine these
policies.” Stallings expects to begin
incorporating these policies later in
the year and anticipates reclaiming
another five terabytes of storage once
they are fully deployed.
Upgrading to Enterprise Vault
10.0.1 is also one of the milestones
on Stallings’ roadmap. Among other
benefits, CSX is looking forward to
leveraging 64-bit indexes to improve
Discovery Accelerator searches.
CSX is quite pleased with the
results of its Enterprise Vault de-
ployment and sustained evolution
over the years. “Our Enterprise
Vault implementation has been
very successful,” Stallings sums
up. “The company has accrued
considerable cost savings, and the
solution continues to generate
ongoing benefits.”
Endpoint security track bed
In 2007, CSX began looking at secu-
rity providers such as Symantec for
its desktops and laptops. While Mc-
Iver’s team is not directly respon-
sible for managing the security
infrastructure for CSX, they are
heavily involved.
McIver recalls CSX’s reasons
for selecting Symantec. “First and
foremost, security is paramount
for CSX—whether in the railway or
in our IT environment,” he relates.
“Second, because of our experience
with Symantec over the years with
our NetBackup deployment and
then more recently with Enterprise
Vault, ease of doing business was
a factor. We knew that Symantec
and Datalink would help ensure a
seamless transition. Finally, as we
do with all of our other IT solutions,
we demanded performance, and we
got exactly that.”
“To the cloud”
When asked where IT at CSX will
go from here, McIver responds,
“to the cloud.” He explains: “The
private cloud such as Infrastruc-
ture as a Service and Platform
as a Service is our initial focus.”
Indeed, the team’s work around
virtualization and move to open
systems over the past several years
provides a rock-solid track bed, one
on which CSX can build.
“But we will be looking at the
public cloud as well,” McIver adds.
“We currently are using some
Software as a Service solutions,
and we want to ensure that the
right governance controls and poli-
cies are in place. Offering public
cloud solutions ourselves isn’t
something outside the equation
either. The groundwork already
exists for us to offer public cloud
solutions via CoLoCSX, our co-
location service provider.”
All of this makes sense. Just
consider. Within just a few years
of the locomotive’s invention,
railway networks crisscrossed
six continents—ascending from
the shores of oceans to mountain
passes often cloaked in clouds.
Perhaps given McIver’s vision, CSX
will be crisscrossing the clouds in
just a few years, making tracks in
the new Digital Age. ■
Patrick E. Spencer (Ph.D.) is the editor
in chief and publisher for CIO Digest.
> Symantec NetBackup
> Symantec NetBackup 5220
Appliance
> Symantec Enterprise Vault
> Symantec OpsCenter Analytics
> Symantec Business Critical
Services – Remote Product Specialist
> Symantec Platinum Partner Datalink
SYMANTEC “RAILS”
“Beyond the lower cost and improved
efficiencies, we needed a solution that would
streamline the discovery process for our legal
and HR departments.”
– Tim McIver, AVP, Information Technology Operations,
CSX Technology
30. 28 CIO Digest April 2013
APPLIANCES USE CASESFEATURE By PATRICK E. SPENCER
Integrated
Swiss Army Knife
keeps getting more difficult.
Data volumes are exploding, backup policies must
be customizable to application and data layers,
and recovery point objectives need to be aligned
with disaster recovery targets and regulations. In
addition, data centers are changing quickly. The
rapid adoption of virtualization and moves to the
cloud make it hard for organizations to maintain a
single data protection solution.
Data protection
Six use cases for data protection appliances
31. symantec.com/ciodigest 29
SteveWisbauer/GETTYIMAGES
One way IT organizations are address-
ing these challenges is through the use of
integrated appliance solutions that com-
bine backup, deduplication, and recovery.
“There’s something to be said for more than
just ease of acquisition and deployment,
as right-sizing equates to better perfor-
mance,” observes data protection expert
Jason Buffington, a senior analyst from
Enterprise Strategy Group (ESG), a research
and analyst firm that helps organizations
understand technology trends, capital-
ize on market dynamics, and position
themselves to capture emerging business
opportunities.
And IT organizations are embracing
data protection appliances in increasing
numbers. A recent research study by ESG1
found that 27 percent of IT shops rely on
appliances in some form for backup and
recovery. Future trends show continued
adoption of appliances. “Less than half of
IT organizations indicate a preference for
traditional software-based data protec-
tion solutions,” Buffington notes. Survey
respondents expressed a preference for
either virtualized backup servers (31 per-
cent) or data protection technology built
into storage arrays (18 percent); when the
latter is combined with the current adop-
tion rate, this comes to more than half of
IT organizations.
Yet mapping out the reasons why IT
shops are moving to appliances for data pro-
tection is not a one-size-fits-all delineation.
IT leaders are turning to solutions such as
Symantec NetBackup appliances for varying
reasons. In many ways, data protection ap-
pliances are the Swiss Army Knife of storage
solutions, an all-in-one tool that can be used
to address a number of different technology
and business requirements. “The complexity
of technology in today’s data centers makes
it increasingly difficult for IT organizations
32. 30 CIO Digest April 2013
PATRICKE.SPENCER
to piece together and build a data
protection solution on their own,”
Buffington observes. “Appliances
present a very attrac-
tive alternative.”
So what are the key
use-case scenarios
that are driving IT
leaders to select and
deploy integrated data
protection appliances?
Based on conversa-
tions with Buffington and several
IT leaders, this article pinpoints six
primary scenarios.
#1: Virtualization
tipping point
Buffington asserts that mainstream
adoption of virtualization is prompt-
data protection infrastructures and
processes, the more complex the
environment is to manage.
But with the requirement to
manage data protection from one
consolidated infrastructure comes
a growing interest in appliances.
Buffington notes that the discussion
around “how” quickly becomes a
question of “what type of solution
to select.” Virtualization is not the
primary reason for appliances;
rather, it opens up a broader con-
versation around the data protec-
tion infrastructure that often leads
to appliances.
One benefit is the ability to man-
age all backups and restores centrally
and to have one single view across the
entire IT environment. “Managing
backup and recovery for our physical
and virtual environments from one
tool certainly provides us with a num-
ber of efficiencies,” states Lynn
Draschil, the director of customer
service for the Department of Tech-
nology, Management, and Budget
at the State of Michigan. Her team
is responsible for managing the
state’s 3,500-plus servers running
multiple operating systems sitting in
three different data center locations.
“We’re about 50 percent virtualized
today,” she says. “Having a single tool
for managing data protection across
both physical and virtual environ-
ments is very important.”
#2: Stepping into the cloud
Many organizations are discover-
ing that virtualization is simply a
ing IT organizations to re-evaluate
their data protection strategies and
infrastructures as well as turn toward
appliances. He believes that last year
was the tipping point, a claim that he
backs up with data.
“Virtualization and data protec-
tion tied as the number one area for
investment in our 2012 survey on IT
spend,” he says. “As IT organizations
virtualize more and more of their
data center environments, they see
more and more chinks in the armor
of their legacy data protection solu-
tions.” And while more than one-
half of IT organizations use separate
data protection strategies for their
physical and virtual environments,
more than two-thirds would prefer
to use one.2
The takeaway: the more
“business was running wild. while this
was a nice problem to have, we needed to get
our arms around the growth before we ex-
ceeded our data center capacity.”
– Olof Sandstrom, COO, Arsys
Arsys’ COO Olof Sandstrom
speaks about the company’s
data center transformation
and how it is able to serve
its customers better at
go.symantec.com/
arsys-podcast.
POdCAST
VIDEO
Arsys embraced
virtualization and
pioneered cloud
services in Europe with
the help of Symantec
Netbackup appliances
at go.symantec.com/
arsys-video.
Olof Sandstrom, COO, Arsys
APPLIANCES USE CASES
FEATURE
33. symantec.com/ciodigest 31
stepping stone on their journey
to the cloud. This is the case with
Arsys, a leading European provider
of information communications
technology services. The company,
which has more than 280,000
customers and delivers in excess
of 1.5 million services, was run-
ning out of data center space in
2008. “We were growing at a rate
of something like one-and-a-half
racks per month,” remembers Olof
Sandstrom, the company’s chief
operating officer. “Business was
running wild. While this was a
nice problem to have, we needed
to get our arms around the growth
before we exceeded our data center
capacity.”
Sandstrom and his team looked
at virtualization as a potential
solution. Using VMware vSphere,
they started by moving 75 servers
into a virtual state and slashing
the number of physical hosts to
10. “The results were quite good,
so we consolidated another 700
servers running various appli-
cations and services as virtual
machines on less than 100 hosts,”
he notes. Soon, within a year,
Arsys had moved almost entirely
to a virtualized data center. “We’ve
virtualized more than 99 percent
of our environment and currently
run about 3,000 virtual machines
from about 250 physical hosts,”
Sandstrom states.
In 2009, recognizing the
potential of having a fully virtual-
ized data center platform, Arsys
embarked on an effort to deliver
one of the first public clouds in
the European market. Sandstrom
relates, “We started with Infra-
structure as a Service and Platform
as a Service and then moved into
other areas such as Software as a
Service.” These successes quickly
evolved into a formal cloud
offering branded Cloudbuilder. An
Infrastructure as a Service solu-
tion, Cloudbuilder has seen rapid
adoption with 300 percent growth
over the past year. “We don’t have
philosophical discussions about
the cloud,” he says. “Rather, we
can speak about real-life examples
and tangible results going back
three or four years.”
Backup and recovery for
Cloudbuilder are managed by two
Symantec NetBackup 5220 appli-
ances. The control panel in Cloud-
builder includes an option for
customers to conduct automatic
restores directly from the appli-
ances for data that hasn’t been
moved. “This saves our team time
and is seen as an added value by
our customers,” Sandstrom says.
Rodney Davenport, the chief tech-
nology officer for the Department
of Technology, Management, and
Budget at the State of Michigan,
sees the state’s embrace of virtual-
ization as a springboard leading to
a series of cloud offerings. “We’re
still building out
our broader cloud
strategy,” he says.
“However, our
appliance-based
data protection
approach will be a
critical part of the
agile data center in-
frastructure that will facilitate our
build out of cloud services—both
public and private.”
#3: Alternative to
virtual tape libraries
In late 2009, at about the same
time that Arsys embarked on its
cloud strategy, Sandstrom made
a decision to re-architect the
company’s storage environment.
“We had a lot of tape and a one-
dimensional storage approach
and wanted to create a much more
dynamic storage infrastructure,”
he says.
Sandstrom and his team
designed a storage architecture con-
sisting of three tiers with thin stor-
Several IT leaders from
Michigan’s Department of
Technology, Management,
and Budget discuss their
customer-centric approach
and how technology is
helping them to transform
the way the state conducts
business at go.symantec.
com/michigan-podcast.
POdCAST
Software Application
Installed on a
Physical Server
Physical Appliance
Deployed on Network
Virtual Appliance
Installed on
Virtualized Server
Integrated onto
Storage System
61%
28%
27%
24%
8%
31%
3%
18%
Most Common Deployment Model for
On-Premises Data Protection: Current and Preferred
Source: Jason Buffington and Bill Lundell, “Trends in Data Protection Modernization,”
Enterprise Strategy Group, April 2012, p. 15.
Current
Preferred