Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
IT Next March 2010 Issue
1. MARCH 2010 / Rs. 150
VoluMe 01 / Issue 03
WE
JUST
LOST
OUR
EDIT
TEAM!
A 9.9 Media Publication
2. MARCH 2010 / Rs. 150
VoluMe 01 / Issue 03
SO WHY
ARE WE
HAvIng
SO MUcH
FUn?
A 9.9 Media Publication
3. Because
We got
you!
The IT Next team was overwhelmed —and overjoyed—by
the deluge of interesting stuff you sent in. Our thanks to everyone
who made this special edition happen.
4. 40 IT
practical
10
influencers
10
IT decision
managers on on Best makers
Tech Trends Practices as Editors
5. 15,000+ 300+
passionate & the
subscribers members Journey
on LinkedIn has just
begun...
7. Editorial
The power of
collective
It was in 2001 that Jimmy Wales and
Larry Sanger decided to harness the
power of the collective and launched an “This issue is based
online encyclopaedia called Wikipedia. on the Wiki model—
The collaborative model would let any netizen contribute
and edit articles put up on the Web.
ideated, shaped,
The whole idea seemed preposterous at the start. Why would people
driven and created by
attempt writing pieces on wide ranging topics, and even if they did, how the community of IT
would the write-ups match up to the standards of encyclopaedias like
Britannica and Coliers? (Britannica has around 100 full-time editors on managers”
its rolls and over 4,000 expert contributors, with a history that dates back S h u b h e n d u Pa r T h
to the 18th century.)
Today, Wikipedia is one of the leading reference sites, with over three
million pages and over 11 million registered users. So far, there have been
over 372 million page edits done by users themselves. Available in 262
languages, 24 of these editions have more than 100,000 articles and 81
have over 1,000 articles.
If anyone ever doubted the power of collective, Wikipedia has put them
to rest.
As for the quality of content, according to a survey done by Nature there
were 162 mistakes in Wikipedia versus 123 in Britannica on 42 randomly
selected general science articles. This, by all means, is comparable.
This issue of IT Next is based on the same Wiki model—ideated, shaped,
driven and created by the community of IT managers.
Here are some stats: around 40 IT managers shaped the Tech Trend
pieces, 10 managers wrote the Best Practices, and there was an edit panel Blogs To Watch!
of 10 senior IT experts who helped select and shape the content. The end Knowledge sharing communities
http://www.toolbox.com
result has been astounding.
Martin McKea’s blog
I am genuinely surprised and humbled by the response that we received http://www.mckeay.net
after we invited you to create this special issue. And I believe, you too will
Your views and opinion matter
appreciate and savour this Wikified issue. to us. Send your feedback
This experiment has worked, just like the Wikipedia experiment did at on stories and the magazine
at shubhendu.parth@9dot9.
the beginning of the decade, where the reader of the content is also its creator. in or SMS us at 567678 (type
Let me know what you will like to create next! ITNEXT<space>your feedback)
m a r c h 2 0 1 0 | it next 1
8. Content
Facebook:
http://www.facebook.
com/home.php#/group.
php?gid=195675030582
Twitter:
http://t witter.com/itnext
linked in
http://www.linkedin.com/
groups?gid=2261770&trk=myg_
For the l atest technology uPDates go to itnext.in march 2010 V o l u m e 0 1 | I s s u e 0 3 ugrp_ovr
SOCIAL
BI & BA MEDIA XaaS
Page Page Page
16 48 44
SECURITY
Page
12
P E O P L E
W H O
DATA CENTRE
TRANSFORMATION
Page
20
VIRTUALISATION
Page
24
M A D E I T
H A P P E N
UNIFIED GREEN PRIVATE
ENTERPRISE
COMMUNICATIONS IT CLOUD
MOBILITY
Page
Page Page Page
Page
28 32 36 40
10 IT NEXT | M A R C H 2 0 1 0
10 M A R C H 2 0 1 0 | IT NEXT 11
insights 15-Minute regulars
Manager Editorial _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 01
10 Technology Trends 53 Dare to lead? | In these Inbox _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 04
From the myriad and complex technology landscape, here is a days of cut-throat competi- Industry update _ _ _ _ _ _ _ _ _ _ 06
selection of ten technologies that are not only seeing traction tion, it is tough to become a
Open debate _ _ _ _ _ _ _ _ _ _ _ _ _75
in the enterprise space, but will also possibly dominate in the leader. Here is a primer for the
My log _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _76
years to come. These technologies have been assiduously cho- aspirants
sen by a select panel and subsequently evaluated by a panel of
c ov er des ign: anil T and Bi nesh sre edharan
40 IT managers, who have also crafted and shaped the content 54 Office Yoga | Meditate for advertiser index
for the same. success iBM reverse gate fold
eMC iFC
59 Best Practices 55 team Management | The
Wipro 13-50
None knows the pain of a shoe better than who wears it. Similarly, traditional ways of leadership
the challenges, the consequences, the headaches, the pitfalls of will not work with techies who Consumer Mate 52
different technologies can only be known by the IT manager who are talented, hands-on and re- industry 2.0 58
has been involved in either seting it up or managing it. Insights and spect doers, not preachers sigma Byte 60-71
experiences of 10 IT managers on different technologies—articles Quest iBC
that not only provide tips on troubleshooting, but also on how to 56 Manage it | 5 simple steps to
Wipro BC
avoid implementation challenges. going open
2 it next | m a r c h 2 0 1 0
10. INBoX
SPINE
COVER STORY | TECH TRENDS TECH TRENDS | COVER STORY It is comprehensive and has
IT NEXT
FEBRUARY / RS. 150
VOLUME 01 / ISSUE 02
27 30 52 THE BIG Q
covered most of the IT challenges
SECURITY: Is your GREEN IT: Can you STRATEGY: How do
enterprise ready for cut the power cost you define IT project How to ensure adequate
mobile devices? in the data centre? requirements? bandwidth? Page 55
The robust performance of the Indian of IT managers evaluate and rank them on
and pain points. Keep up the good
economy over the past few months has rein- four dimensions:.
forced the belief that downturn, at least in 1. Leverage of existing IT assets: With
India, is well and truly behind us. IT bud- increased organisational emphasis on cost
TEN HOT TECHNOLOGIES
gets that were hurriedly slashed a few quar- control, the ability to reuse and leverage exist-
ters ago are being slowly reinstated. Shelved ing technology and infrastructure is a huge
project plans are being revived, and IT man-
agers are once again being tasked to iden-
tify and evaluate technologies that can help
plus since it not only helps optimise capital
expenditure but also reduces the difficulty of
transitioning to a new paradigm.
YOU work!
VOTED!
their organisations capture and monetise 2. Maturity of technology: Technology
new opportunities, and improve operational maturity often has a direct correlation to ease
efficiencies. of installation, deployment and management. IT MANAGERS IDENTIFY
rahUL mEhEr
TEN HOT
The beginning of a new year is also the IT managers responsible for ensuring appli- TECHNOLOGIES
10
time when industry experts and vendors cation and infrastructure reliability tend to
VOLUME 01 | ISSUE 02
A 9.9 Media Publication
managing Director | LEON computers
INDIA’S IT MANAGERS REVIEW, ANALYSE
ITNext Cover with Spine.indd 1 2/10/2010 7:06:27 PM
february 2010
AND REFLECT ON THE LATEST TECHNOLOGY
TECHNOLOGIES TRENDS—AND VOTE ON THE ONES THAT Congratulations! The maga-
THAT WILL MAKE THE CUT THIS YEAR.
BY DEEPAK KUMAR IT NEXT ThaNKS zine has a lot of interesting arti-
MATTER I L LU ST R AT I O N : A N I L T
identify the latest technology
trends and make predictions for
value technology maturity over
novelty.
ITS ReadeRS
for The warm cles and good coverage.
the year. This is also the time when
IT managers responsible for creating,
3. Potential benefits and utility:
Evaluating a trend or technology on this param- respoNse
SUrENDra rEDDY
maintaining and operating corporate eter helps organisations sift hype from reality.
infrastructure and services recommend Issues like return-on-investment and time-to-
and select the technologies and solutions market are important considerations here.
for their organisations. A big challenge for 4. Cost of implementation: Superior or
IT managers making these decisions is to new technologies often come at a significant
Founder | Bluekaw, cloud Open Innova-
www.linkedin.com/
cut through the hype and hyperbole—and cost, or can become expensive to deploy. A dis-
tion Labs
identify the ideas that will matter. crete assessment (of the technology) on cost
The IT Next team identified a range of considerations ensures its relevance.
groups?gid=
technologies that have the potential to make We now present the Top 10 Technologies
a mark in 2010—and asked the community that will matter this year.
2261770&trk=
myg_ugrp_ovr
12 IT NEXT | F E B R U A R Y 2 0 1 0 F E B R U A R Y 2 0 1 0 | IT NEXT 13
Congratulations on the
300 members
IT NEXT VaLUES YOUr FEEDBacK launch of IT Next magazine. I
We want to know what you think about the magazine, and how we can make it liked going through it and would
www.scribd.com/
a better read. Your comments will go a long way in making IT NEXT the pre- doc/27254589/ say that you have picked a very
IT-Next-Vol-1-
ferred publication for the community. Send your comments, compliments, Issue-2-
good target audience, which is
complaints or questions about the magazine to editor@itnext.in. february-2010 the IT manager and CIO frater-
518 views nity. The choice of articles is very
apt—cloud, enterprise mobility,
virtualisation, etc. I also liked the
I must say that you guys have done a fantastic job. Read ThIs layout of the magazine, which is
Issue oNlINe
Sections like Insight, Indulge, and Cube Chat appealed me easy to read and catches attention.
However, on the mobility
the most. I suggest you also do some stories on management http://www.itnext.
in/resources/ front, I think one of the top
issues that IT managers are facing. Best wishes! magazine enterprise mobile applications
raNJaN JUNEJa today is the one for mobile sales
Engineering manager | Persistent Systems force, which probably got missed
out in the article “Top 5 Mobile
Applications”.
Is India CaaS ready? I am impressed by both the content and the Besides, since the magazine is
design of the magazine. The story on communication as a service meant for IT managers, and one
(CaaS) is noteworthy. However, I doubt if Indian enterprises are ready of the rightly identified areas is
to adopt it in a big way. If I have got it right, CaaS translates into renting how they can progress in career,
or leasing out of software / communication / IT services. In a layman’s it may be a good idea to provide
terminology, I will probably not be required to maintain a server, or some IT manager and CIO-
a dedicated bandwidth. Can one (ITNext) talk about the security chal- related job sections.
lenges that will arise in such a scenario, and are we ready to deal with Also, information on
those? To draw an example scenario, Chunghwa Telecom is all set to movement of CIOs across the
launch a cloud-based CaaS for enterprise users in April 2010 as a first industry and IT spending across
step to tapping the Taiwan cloud computing market. industry verticals, will add to the
LaVaNYa KUmar overall impact.
Editorial assistant | The Economist Group VaDIraJ araLaPPaNaVar
head-mobile applications | mindTree
Well done ITNext. The magazine looks awesome in terms of the con-
tent and its relevance, but it was the visual appeal that struck me first... I enjoyed reading the inaugu-
your design team has done a fantastic job. ral issue of IT Next. It has a good
maNISh JaIN interview and some very infor-
head communication | Dell Perot mative articles.
itnext<space>
<your feedback> aBhIJIT SINha
IT Next is the best KISS—knowledge and information sharing suite! and send it to advisor--communications | TErI
raTNaKar NEmaNI
cIO & head of IT Projects Wing | VST Industries Limited
56 78
76 *special rates apply
(Note: Letters have been edited mini-
mally, for brevity and clarity.)
4 it next | m a r c h 2 0 1 0
12. update
Update
i n d u s t r y
trends
deals
Products
services
PeoPle
asset/liability management
forecasts with annual budgets and
rolling forecasts. They provide
the capability to go beyond
measuring bottoms up historical
performance to actively managing
future risks and results.
Oracle Financial Services
Balance Sheet Planning is
a budgeting solution made
specifically for bank planning,
budgeting and forecasting.
This application leverages
Oracle’s Hyperion Planning
as a foundation to allow banks
to plan future profitability
and risk adjusted returns. The
solution captures instrument
characteristics and nuances of
each customer relationship, to
Oracle extends The solution
makes best
accurately model balance sheet
behaviour and provide the most
EPM capabilities
use of the accurate net interest margin and
divergent earnings forecasts possible.
capabilities The solution makes best use
TEch TIDINGS | Oracle has refurbished its suite of financial services of OFSA, of the divergent capabilities that
and analytical applications for the enterprise performance manage- Hyperion, it has acquired over the past
ment (EPM) space. The new solution is based on the merged capa- Reveleus and few years—Hyperion, Reveleus
bilities of Oracle Financial Services Applications (OFSA), Hyperion, PeopleSoft and PeopleSoft. Meanwhile,
Reveleus and PeopleSoft Enterprise Performance Management. the Oracle Financial Services
The EPM Suite is designed to help institutions in planning future Asset Liability Management
performance and lowering anticipated risk. It also assists in planning Analytics is an updated
net interest margin, anticipate liquidity contingencies and reconcile version of the Oracle Asset
Liability Management business
intelligence application. It
emphasises upon the critical
teCh Global PC shipment is slated to touch US $223 billion by 2010, need to measure and manage
ket
mar a 2.6% rise from the 2009 market value interest-rate and liquidity
(fIGUrES arE IN US $ bIllIoN) risk. Building on the existing
majority of all 250 functionally-rich interest rate
new purchases $238 risk content, new metrics,
were driven by 200
$217 $223
reports and dashboards
Photo graPhy: Photo s.c om
introduction of
150
Windows 7 provide additional management
100 insight into “stressed” results,
including liquidity gaps,
50
funding concentrations, deposit
2008
2009
2010
0 distribution profiles, marketable
assets and liquidity ratios.
source: gartner
6 it next | m a r c h 2 0 1 0
13. Green mOtherBOard seCure remOte FiLes triPLe yOur memOry
aSUS has launched Protect 3.0 mother- Symantec has launched the all new Norton Transcend’s new rDP7 multi-card reader
board that lowers emission and transmis- 360 suite that combines is a high-speed three-slot
sion of harmful radiation by 50%, security with remote reader. It can accommodate
minimising the negative impact access to safely backed- up to three USb peripherals
on users’ health. It also claims up data. It also includes and can read most memory
to deliver more stable features that helps card formats that are avail-
system operations. reduces boot-up time. able in the market.
Salesforce unveils visual compliance.
Being part of the Force.com
platform, enterprises can create
process manager dynamic and sophisticated
business processes within their
current sales cloud2 and Service
Cloud2 deployments, or in their
TEch TIDINGS | Salesforce.com custom Force.com applications.
has unveiled a new visual process The platform also aims to
manager—Force.com—a platform provide tools such as process
to help companies to rapidly designer, process stimulator and
automate any business pro- process wizard builder, which
cess. According to the company, may be added to a visual process
the platform enables custom- design diagram through a simple
ers to design complex business drag-and-drop action.
processes such as sales, service, Moreover, the engine boasts
finance, HR, legal and operations, of the capability to run all
with an intuitive visual-design sophisticated processes of a
tool. It allows processes to be run company, and automatically
instantly on the cloud. scale up to meet the needs of
The solution combines the any business size. Force.com
elegance of visual process Enables enter- platform enabling customers to Visual Process Manager will
design with the simplicity, low prises design continuously refine and enhance be available to Enterprise and
cost, and quick results of the complex busi- processes to improve operational Unlimited Edition subscribers
Force.com cloud computing ness processes efficiency or fulfill regulatory for $50 per user per month.
around the World quick Byte
Mobile, wireless industry
to touch $89 billion by 2015
The mobile and wireless industry in South Asia,
Middle East and North Africa is estimated to
cross the $89 billion mark by 2015. According to a
Frost & Sullivan report, India showed the highest microsoft ceo steve Ballmer on the
comPany’s alliance With yahoo!
subscription growth rate in South Asia, followed “i BeLieve that tOGether
by Sri Lanka, Bangladesh and Pakistan. The miCrOsOFt and yahOO! wiLL
PrOmOte ChOiCe, vaLue and
report suggests that the low penetration levels in Greater innOvatiOn FOr
South Asian countries indicate a large untapped Our CustOmers, as weLL
market that may translate into a high subscriber as, FOr Our advertisers
and PuBLishers.”
growth rate between 2009 and 2015.
m a r c h 2 0 1 0 | it next 7
14. update
Demand for identity, access
management to grow by 20%
TEch TrENDS | A recent Gartner sur- adds that the IAM products will
vey projects that audit and analytics, continue to attract investment during
global identity and access management coming years, because it remains
(IAM) revenue is expected to reach the a critical technological area for
US $9.9 billion mark by 2010, bank- enabling businesses to improve and
ing on the rapidly-growing enterprise automate processes relating to access
requirement for compliance market. management. interview
The figure would be an 8% rise from It further mentions factors such marK rEGISTEr
the 2009 revenue of US $9.2 billion. It as merger and acquisition, economic VP—Information Management
asia Pacific, Ibm
is expected to rise further to US $11.9 downturn and consequent tightening
billion by 2013. of IT budgets as key bottlenecks in
According to the report, suite-based market evaluation. IT NEXT: what exactly is the iBm’s
IAM is the most preferred technology The report also predicts that public information agenda campaign?
by enterprises. Almost 40% cloud computing is expected
mark: We believe that an enterprise
of respondents indicated Global IaM to drive IAM standards.
Market to needs to adopt a holistic approach for
this preference, which is Gartner reasons that cloud-
9.9
touch managing its structured and unstructured
slated to continue for the next computing “construction” for
data. IT departments and managers can
couple of years, together with
an increasing reliance on
$ “private” clouds will require
specific IAM-as-a-service
best leverage existing information within
their systems by looking beyond just data
managed security services and functionality, to accommodate
IAM consulting services. by 2010 bn scale-and-standardised management or business analytics.
source: gartner
The research firm delivery needs. how big is the challenge of managing
unstructured data?
It is a huge puzzle that we are trying to
Dell unveils zero-client
solve. according to an estimate, there is
998 exabyte of data across the world, and
I am sure the number must have already
hardware for enterprises grown, considering the staggering pace at
which data is growing. close to 80% of this
data is unstructured in nature. You have
TEch TIDINGS | Jumping on the
the e-mails, blogs, tweets, videos, audio,
virtual desktop infrastructure
etc... and the stack is piling up.
(VDI) bandwagon, Dell has
launched its first zero-client what should the it manager do to
device for enterprises. Accord- cope with this challenge?
ing to the company, its existing
There are a few things that IT managers
FX100 will support the new
must do. first, put a data management
VMware View 4.0 app and PC-
policy in place. This would help decide how
over-IP streaming technology
to classify and store data. Second, there is
through a firmware upgrade.
a need for improvement in the data quality,
According to the company, the
Photo graPhy: Jaya n k narayanan
so that it can be meaningfully used. finally,
device that is expected to hit the It offers rich evolutionary successor
they can choose a solution that lets them
Indian markets by end of May multimedia sup- to thin clients with even
deal with such issues. for instance, Ibm
will minimise the chances of port and faster fewer chips inside. The
recently released cognos content analyt-
hardware failure, as compared to response as com- company expects it will
ics that brings the world of analytics to
the more traditional thin- or fat- pared to standard be able to penetrate the
unstructured data.
client desktop PCs that have been virtualisation and market with its attractive
converted for VDI use. streaming codecs cost option beginning US
Zero clients are the $500 (per device). by Jatinder Singh
8 it next | m a r c h 2 0 1 0
15. update
Indian enterprises too
tech alliance
emC, intel
risk-averse, says ISACA to secure
Lack of
cloud
engagement rSa, the security division of Emc,
and budget is teaming up with Intel and
limiting Vmware to build a transparent
enterprises’ infrastructure for business-critical
ability to take cloud services. The partnership in-
IT-related tends to chart a way for technolo-
business risks gies to combine and boost security
in the cloud networks.
The proof of concept will be
used by service providers to help
customers build private clouds
within firewalls, or build cloud-like
services. It will combine authen-
tication technology inside Intel
processors with Vmware technol-
ogy that will collect data from
physical and virtual infrastructure
TEch TrENDS | One in three IT profes- management, 30% stressed that and then feed it to rSa’s security
sionals in India believe that companies business lines were not willing to fully platform, which, in turn, will iden-
should take bigger risks with IT busi- engage in risk management. tify potential threats.
ness projects. According to a recent The survey also revealed that lack The information will then be
ISACA survey, 34.4% of India’s IT pro- of engagement was the top hurdle handed to governance, risk and
fessionals believe that organisations while addressing IT-related business compliance software that have been
are too risk-averse and may be missing risks, followed by budget limits (29.6%) created by archer Technologies—a
out on opportunities to increase value. and uncertainty of how to tailor best company recently acquired by the
The global association of IT practices to the environment (18.1%). Emc. These controls will help com-
governance, security and assurance Interestingly, compliance with panies enforce differentiated policies
professionals, with over 5,000 government regulation did not emerge in private clouds such as formulate
members in India alone, recently as the top driver for organisations’ physical hardware types that may
conducted a survey of 463 IT risk management activities. Instead, help run virtual machines.
professionals. While more than 85% 41.1% respondents said that aligning according to the companies,
of these respondents indicated that current functionalities with business third-party vendors are expected to
their organisations were effectively needs was the primary reason for risk start offering services based on the
integrating IT risks into overall risk management programmes. proof of concept within six months.
News @ GooGleCHIEF EXECUTIVE CAROL BARTZ it be believed. She took a potshot at War?
Vs China: Was is to just a Word Google
bloG YES, IF YAHOO’S
while talking to the media at the company’s birthday bash | Miguel Helft in his blog <http://bits.blogs.nytimes.
com/2010/03/02/a-yahoo-birthday-party-with-carol-bartz>
Bartz suggested that Google flip-flopped on whether it would stay in China,
or not. “It looked to me like it was more of a statement than an action,” she
said commenting on Google’s January 12th threat to pull out of China. “If they
wanted to pull out, they should have pulled out,” she said categorically.
m a r c h 2 0 1 0 | it next 9
16. insight | technology trends
bi & ba
Page
16
security
Page
12
data centre
transforMation
Page
20
Virtualisation
Page
24
enterprise unified
coMMunications
Mobility
Page
Page
28 32
10 it next | m a r c h 2 0 1 0
17. social
Media xaas
Page Page
48 44
p e o p l e
w h o
M a d e i t
h a p p e n
Green priVate
it cloud
Page Page
36 40
m a r c h 2 0 1 0 | it next 11
18. Security
Policy
revisited
A successful security implementation
must rest on the foundation of a sound
security policy, which in turn should not
just address the potential threats, but also
the compliance requirements
jo Jose, GM—Syste
Jo ms Un
,G
n
tN
in
Gr
air
oup
,M
anag
er—it, Ara
me
x
sing, Manager v sub
nt ram
wa —i
an
B al t,
i i
an
nd
,c
oA
SO
s ia
& DG
n Fu
segear
M, iDBi B
ank
12 it next | m a r c h 2 0 1 0
19. Security | insight
Security has remained among the most challenging and perennial con-
editor’s cerns of IT managers for the last few years, increasingly so because of the
note
dynamically changing computing and communication paradigms, largely
initiated by the Internet and accelerated by a host of newer platforms and
devices.
As long as computing was largely desktop-dependent and notebook users were few, information
security concerns were limited too, until first the Internet and later the USB drives arrived to give
information portability disruptively new meanings. Ever since, security has been a nightmare for IT
managers. The surge in notebook adoption and the associated growth of wireless networks has add-
ed to the woes of IT managers, while the advent of smart phones has further complicated matters.
and just when IT managers were beginning to arm their enterprises with new security arsenals, the
mother of all breaches—the social networking sites and the ilk—surfaced, and then grew at a colossal
pace, making all ‘security controls’ go flying in the wild.
That’s right! Security controls don’t seem to work anymore in traditional ways! The answer to the
problem lies, to a large extent, in setting up a policy-based security infrastructure.
75
over
in today’s 2.0 world, how does one protect an
organisation’s information assets that are poten-
tially exposed to a cross-continent Facebook user
policy continue to be plagued with the
problem of its ineffectiveness.
In this background, let’s look at organisations globally
%
base of 400 million? some of the essential objectives that a experienced cyber attacks
A sound stepping stone to the answer, no security policy must be able to achieve. in 2009
doubt, will begin with a security policy that is Regulatory and legal compliance:
Source: STaTe of enTerprISe
thorough and relevant in today’s context. The IT (Amendment) Act 2008, which SecurITy 2010, SymanTec
But, a ‘security policy’ itself is no new got notified in November 2009, requires that
a concept and its importance has not been organisations must put due mechanisms in place
emphasised any less any time. Yet, a large to ensure information security and privacy. A
number of organisations still don’t have the new entry in the Act in the form of Section 43A
policy in place. In fact, many of them are yet reads: “Where a body corporate, possessing,
to fully grasp the seriousness and relevance of dealing or handling any sensitive personal data
having such a policy in the first place. or information in a computer resource which
Also, many organisations that do have a it owns, controls or operates is negligent in
m a r c h 2 0 1 0 | it next 13
20. insight | Security
red Per-record cost of data breach
t
Aler (average coST per-record of a daTa breach, 2005-2009 In $)
$250
$200
$150 182 197 202 204
$100 138
fy 2005
fy 2009
fy 2006
fy 2008
fy 2007
$50
$0
SOurce: PONeMON iNStitute/PGP
A security implementing and maintaining reasonable
security practices and procedures and
accepted and acknowledged security
framework as a benchmark that is best
policy thereby causes wrongful loss or wrongful in sync with your organisation’s and
document gain to any person, such body corporate industry’s characteristics.
should cleArly shall be liable to pay damages by way of
compensation to the person so affected.”
ISO 27001 provides a standard security
framework that has been implemented
stAte the Effective communication of objectives: by a large body of organisations. The
response For the policy to be effective, it should be Data Security Council of India (DSCI),
process to able to unambiguously define the security
objectives of the organisation and ensure
set up by Nasscom in August 2008, has
formed a framework for data security and
be followed that they are easy to read and understood privacy, listing 16 best practices that are an
in cAse of An by all employees. extension of the ISO 27001 standard.
incident Moreover, a process has to be put in
place to ensure that any changes in policy
The DSCI framework aims to address
needs of IT BPOs, service providers,
have not just been mailed to employees banking and financial services,
but also that the changes have been read manufacturing, e-Governance, telecom,
13
and understood by employees with a fair PSUs and e-commerce organisations,
amount of clarity. especially those dealing with overseas
Clear statement of responsibilities: clients. DSCI is also said to be planning
The policy should be able to clearly development of an implementation
state and define the m e t h o do l o g y t h at
various information addresses technical and
million
users in 190 countries and
security roles. Roles and
responsibilities could
operational information
needs.
range from preparing Risk assessment and
31,901 cities affected by security policy and response mechanism:
the mariposa botnet this making necessar y It is an important role
year changes, communicating of the security policy
and enforcing those document to state how
Source: panda SecurITy
changes, measuring risk assessments are to
the effectiveness of the be performed. Realistic
communication and the risk assessments
impact of any changes, are key to successful
response mechanism to be employed in information security implementations, as
case of a security incident, and even the the right assessment also sets the basis for
escalation procedure to be used by an establishing an effective control point in
employee in case a security incident is not the security infrastructure.
attended to within a stipulated timeframe. The policy document should also be
Adherence to security framework: able to clearly state the exceptions to be
It’s always a good idea to select a generally observed and the response process to be
14 it next | m a r c h 2 0 1 0