CIO&Leader_July 2017 (1)

EVENT REPORT 

Meet this year's 24 brightest 

security professionals Pg 08 

INTERVIEW 

Mandar Marulkar on the CDO Role 

Pg 38 

Volume 06 

Issue 04 

July 2017 

150 

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF 

SPECIAL AWARDS COVERAGE ISSUE 

Featuring the finest moments from the two-day 

security conference and awards ceremony 

that felicitated India's future CSOs 

A 9.9 Media Publication

EDITORIAL 

Shyamanuja Das 

shyamanuja.das@9dot9.in 

Whither 

Security 

Leadership? 

T 

Security is getting 

aligned more and 

more with the 

organizational 

risk management 

even though in 

some cases older 

structures have 

not changed 

he issue that you are holding in your 

hand carries the report on our recent security 

conference where, along with some 

really compelling content, we felicitated 

the winners of our NEXTCSO award winners. 

NEXTCSO, to the uninitiated, is our 

small contribution to identify and honor 

the security professionals who have it in 

them to become the next chief information 

security officers. 

As we present the highlights of the event 

in this issue, I would like to bring out a 

couple of observations during the event 

and while analyzing the data pertaining to 

demographic and professional profiles of 

the winners and other applicants. 

First, security is becoming more interesting. 

In the conference, speaker after 

speaker spoke about security threats, 

future challenges, and risks to business 

in a language and with examples that all 

of us can relate to. There was very little of 

those highly technical schematic diagrams 

that were the mainstay of any security 

presentation earlier. The bad news is, if 

we can so closely identify with the threats, 

they are so much more real than they used 

to be—and for most of us. 

The second—not entirely isolated from the 

first—is the emergence of ‘leaders’ rather 

than techies or even managers who are now 

required to lead this war against the big, 

bad world of cyber criminals. It was quite 

evident from the data that I analyzed. There 

is little difference between the hard skills of 

the winners and the non-winners. The differences 

are all primarily about soft skills 

like innovation, entrepreneurial skills and 

people skills. That is a definite change. 

This time, I got a chance to get into deeper 

conversations with a lot more CISOs. That 

gave me a good idea of what is going on in 

their minds. While the space is too short 

to get into that, we will carry some of those 

videos in our website. One thing is clear 

–Security is getting aligned more and more 

with the organizational risk management 

even though in some cases older structures 

have not changed. 

More about that later—especially as we 

have done a survey around this very phenomenon. 

July 2017 | CIO&LEADER 

1

A 9.9 Media Publication 

EVENT REPORT 

Meet this year's 24 brightest 

security professionals Pg 08 

INTERVIEW Volume 06 

Issue 04 

Mandar Marulkar on the CDO Role 

July 2017 

Pg 38 

150 

TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF 

SPECIAL AWARDS COVERAGE ISSUE 




CONTENT 

JULY 2017 

EVENT REPORT 

08-29| NEXTCSO 

Awards 2017 




advertisers ’ index 

Infocom 

Airtel 

Cover Design by: 

Manoj Kumar VP 

IFC 

BC 

Please Recycle 

This Magazine 

And Remove 

Inserts Before 

Recycling 

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from 

Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine 

Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at 

Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 

This index is provided as an 

additional service.The publisher 

does not assume any liabilities 

for errors or omissions. 

2 CIO&LEADER | July 2017

CASE STUDY 

04-06 

Intelenet Global Services' 

CIO 'taps' into AI 

www.cioandleader.com 

INSIGHT 

30-31 

The new workplace 

mojo 

32-33 

How to identify 

early AI adopters 

34-35 

Mind the fence 

36-37 

The glitch that 

brought down NSE 

INTERVIEW 

38-39 

The 'safa' wearing safe 

brigade 

MANAGEMENT 

Managing Director: Dr Pramath Raj Sinha 

Printer & Publisher: Anuradha Das Mathur 

EDITORIAL 

Managing Editor: Shyamanuja Das 

Associate Editor: Shubhra Rishi 

Content Executive-Enterprise Technology: 

Dipanjan Mitra 

DESIGN 

Sr Art Director: Anil VK 

Associate Art Director: Shokeen Saifi 

Visualiser: NV Baiju 

Lead UI/UX Designer: Shri Hari Tiwari 

Sr Designers: Charu Dwivedi, Haridas Balan, 

Manoj Kumar VP & Peterson PJ 

Sr Photographer: Jiten Gandhi 

SALES & MARKETING 

Director-Community Engagement 

for Enterprise Technology Business: 

Sachin Mhashilkar (+91 99203 48755) 

Brand Head: Vandana Chauhan (+91 99589 84581) 

Assistant Product Manager-Digital: Manan Mushtaq 

Community Manager-B2B Tech: Megha Bhardwaj 

Community Manager-B2B Tech: Renuka Deopa 

Assistant Manager Community: Mirzanoor Rahman 

Associate-Enterprise Technology: Abhishek Jain 

Assistant Brand Manager-B2B Tech: Mallika Khosla 

Regional Sales Managers 

South: Ashish Kumar (+91 97407 61921) 

North: Deepak Sharma (+91 98117 91110) 

West: Prashant Amin (+91 98205 75282) 

Ad Co-ordination/Scheduling: Kishan Singh 

Assistant Manager - Events: Naveen Kumar 

Assistant Manager - Events: Himanshu Kumar 

PRODUCTION & LOGISTICS 

Manager Operations: Rakesh Upadhyay 

Asst. Manager - Logistics: Vijay Menon 

Executive Logistics: Nilesh Shiravadekar 

Logistics: MP Singh & Mohd. Ansari 

OFFICE ADDRESS 

Nine Dot Nine Mediaworx Pvt Ltd 

121, Patparganj, Mayur Vihar, Phase - I 

Near Mandir Masjid, Delhi-110091 

Published, Printed and Owned by Nine Dot Nine Mediaworx 

Private Ltd. Published and printed on their behalf by 

Anuradha Das Mathur. Published at 121, Patparganj, 

Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091, India. 

Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, 

NOIDA (U.P.) 201301. 

Editor: Anuradha Das Mathur 


3

CASE STUDY 

Intelenet Global 

Services' CIO 'taps' 

into AI 

The IT leader is using a design thinking approach to 

nurture a new level of cross-departmental proximity 

with the help of T.A.P framework 

By Shubhra Rishi 


Case Study 

The T.A.P team contributed to the 

success of the AI tool, with the help 

of which the company was able to 

cut down 10-11% in operational cost 

Ask a CIO about business alignment 

and he/she will emphasize on the 

need of it but do very little for it. 

Not Rajendra Deshpande; the Chief 

Information Officer at Intelenet 

Global Services (formerly Serco) has 

adopted a design thinking approach 

to "business alignment" into a new 

avatar: T.A.P. 

Deshpande’s role isn’t just limited 

to providing IT solutions for business. 

Instead he has a customer-facing 

role and is expected to constantly 

create business value for his organization 

as well as customers. 

Attuned to the role, two years ago, 

Deshpande came up with an innovative 

idea to create the T.A.P framework 

in order to build the capability 

to align IT activities to business strategy 

and performance goals. The T.A.P 

framework comprises teams from 

three functions namely Technology, 

Analytics and Process Excellence. 

Deshpande followed a creative process 

when it comes to harnessing the 

IT team’s potential. "Conventionally 

The Creative CIO 

Rajendra Deshpande is combining the power of creativity 

and technical expertise at his workplace. The T.A.P framework 

is a result of this genius. He is a doodler, photographer 

and a traveler. He possesses many diverse talents and that’s 

what keeps him inspired at work. He is a mentor for many of 

his team members. Sometimes in his rare free time, Deshpande 

sketches infographics; his most recent on Conference 

Call – A Reality Show. He works collaboratively, has great 

client focus, and brings a real depth of technical expertise 

across a number of IT disciplines 


5

Case Study 

"Adopting a design 

thinking approach and 

ensuring cross training 

of team members has 

helped us create a strong 

value proposition for 

business as well as 

customers" 

- Rajendra Deshpande 

CIO, Intelenet Global Services 

IT is always seen as a hindrance for 

implementing business initiatives. 

Not anymore. 

"With T.A.P, a new business initiative 

involves inputs from tech, business 

and process excellence champions, 

where we identify all new ideas, 

understand the priorities, and collect 

the few ideas that are most compelling 

for business," says Deshpande. 

One such idea was the in-house 

implementation of an artificial intelligence 

(AI) tool to allow retrieving 

airline ticketing fare rules across 

multiple time zones and websites. 

Deshpande says that there was a 

need for a system that is capable 

of communicating with the client 

systems and Global Distribution 

Systems (GDS) in order to simplify 

the fare rules. 

The company wanted to build this 

tool to serve all different time zones 

in the most efficient manner in order 

to serve their customers in the travel 

or tourism industry. 

“Companies across the globe are 

willing to invest millions in developing 

a product which can talk to multiple 

GDS’ across multiple time zones 

and POS,” says Deshpande. 

The T.A.P team closely worked with 

the development team to design the 

AI tool that communicates with the 

GDS and retrieves the PNR details, 

reads through the fare rules and 

check the applicable conditions, 

thereby calculating the applicable 

charge or refund due post an amendment 

or a cancellation. 

“Adopting a design thinking 

approach and ensuring cross training 

of team members has helped us 

create a strong value proposition for 

business as well as customers,” says 

Deshpande. 

The T.A.P team contributed to the 

success of the AI tool, with the help 

of which the company was able to cut 

down 10-11% in operational cost – the 

processing time required to process 

a request using the tool and improve 

their first call resolutions. 

“The AI tool was among the several 

projects that the T.A.P team 

undertook and effectively delivered,” 

says Deshpande 

Moreover, the team now works 

with different customers instead of 

working for them. 

Currently, there are 150 people in 

the T.A.P framework who are allocated 

to different projects. For each 

project, Deshpande says, while the 

core T.A.P team remains the same, 

different resources – based on their 

domain expertise— are allocated to 

different projects. 

As a result, Deshpande has also 

been able to address the talent gap in 

the organization. “We have been able 

to create positive synergies within the 

teams and improve the overall organizational 

culture,” he says. 

Deshpande’s goal has been to 

keep IT aligned with shifting business 

priorities. In a way, he has set 

an example for other CIO peers by 

constantly reinventing the wheel; 

taking business and customer-facing 

responsibilities; addressing the skill 

gap; recognizing talent. 

But above all, Deshpande is transforming 

organizational culture, 

thereby fostering a new level of 

cross-departmental proximity; not 

just alignment 


#TheBigPicture 

Applicants from 

companies with over 

48% 2500 employees 

Applicants handling 

IT budgets of more than 

53% 5cr each 

Come and establish 

camaraderie with the 

IT giants of tomorrow 

For engagement opportunities, please contact 

Sachin Mhashilkar 

sachin.m@9dot9.in, +919920348755 

Vandana Chauhan 

vandana.chauhan@9dot9.in, +9199589 84581

NEXTCSO Event Coverage 






T 

he worst thing about a security breach is 

neither reputation risk nor the data theft 

that compromises the privacy of an individual. 

The worse is the inability to learn 

from them - to turn the reactive approach 

to a strategic one. 

In the last one year, an average of 36.6M 

records has been stolen in India - a 14% 

increase from 2015. WannaCry and Petya 

are recent ransomware attacks that have 

yet again, raised questions about enterprises' 

security preparedness. 

Unfortunately, the cyber security professionals 

haven't been able to keep up. Apex 

body NASSCOM claims that India has a 

50,000 cyber security workforce; however, 

it predicts that we will need at least one 

million skilled people by 2020. 

According to ISACA’s State of Cyber Security 

2017, 37% of respondents say fewer 

than 1 in 4 candidates have the qualifications 

employers need to keep companies 

secure. The survey also reveals that almost 

27% of respondents state that they are 

unable to fill open cyber security positions 

in their enterprises—with another 14% of 

respondents unaware as to whether their 

enterprises could fill these positions or not. 

This leaves a quarter of cyber security 

positions unfilled, the survey reports. 

In the wake of mounting security incidents 

– over 27,482 reported in 2017— 

the government is taking some concrete 

steps to appraise the role of the Chief 

Information Security Officer (CISO). 

Indian-Computer Emergency Response 

Team (CERT-In) mandates all ministries, 

departments and organisations to 

appoint a CISO and have strengthened 

the role to implement the right security 

controls while promoting a culture of 

defense. Banks and insurance companies 

have also been mandated by regulatory 

bodies such as RBI and IRDAI to appoint 

a full-time CISO by April 30 and to formulate 

an effective cyber crisis management 

plan by June 30 of this year. 

While the basic expectations from the 

CISO will continue to remain the same: 

information security (IS), information risk 

management (IRM), data protection, and 

oversight of audits, governance and compliance, 

as well as technical, operational, 

legal and regulatory risks. 

But the basics won’t be enough. 

With the business and threat landscape 

changing rapidly, CISOs will have to 

upgrade their skills and ensure that any 

cyber security strategy contributes to 

financial stability and growth, and embeds 

security in all of the organization’s plans. 

This means that organizations need to 

appoint someone on your board who’s not 

only dedicated to cyber security but also 

understands regulatory requirements and 

overall business strategy. 

Perhaps that’s what will make a nextgeneration 

CISO? 

The aim of NextCSO Awards 2017 is 

just that: To find exceptional individuals 

who have the ability to take on the top job. 

They are selected through a rigorous and 

comprehensive process that will evaluate 

professional achievements, management 

and leadership skills that are essential to 

the making of a next-gen CISO. 

Here’s a glimpse into the NEXTCSO 

Conference that celebrated the triumph 

and victory of 24 next-gen CISOs and 20 

NEXTCSO jury who handpicked them. 


9


Next-Gen Security For 

The New Age CISO 

The theme of the mid year conference was to discuss the changing 

role of the CSO in the enterprise and how it will be influenced by a 

number of factors including new business models and business 

channels, new threats, new skills, training and education that will be 

needed for both security specialists and leaders 



Security is approaching the realm of the sacred in the corporate 

world -- and the CISO is its protector. How to safeguard 

your assets? - is a question troubling security leaders and 

organizations alike. At the NEXTCSO mid-year conference this 

year, our goal was simple: To give the security leaders a glimpse 

into the future, new opportunities and new possibilities 

Vikas Gupta, Publisher & Director, 9.9 Media welcoming delegates at the NEXTCSO Midyear 

Conference at Crowne Plaza, Jaipur 

R Giridhar, Group Editor, CIO&Leader and CSO Forum introducing the first speaker of the 

NEXTCSO Mid-year Conference 


11


Sunil Varkey, VP & CISO, Wipro Technologies kicked off the conference with the title session on 'NextGen Cyber Security: Re-thinking 

Strategies & Processes' 

The first session set the context for the day 1 of the conference where Sunil Varkey presented a CSO's 

perspective on the past, present and future of security, its changing landscape and juxtapositioned it with 

lessons from Wannacry and Petya. He also discussed the need for creating adaptive architecture and 

effective governance as a strategic measure to prepare for the future 

Sapan Talwar, Founder & CEO, Aristi 

Ninja, delivering a session on 'SecDevOps: 

Integrating Security into the Application 

Development Process' 

InfoSec missteps are becoming extremely 

costly, and billions of dollars Enterprises 

spend far less on software supply chain 

security. Sapan said that SDO best practices 

will help organizations implant secure coding 

deep in the heart during development. 

Automation in coding and workflow security 

tests will make secure software an inherent 

outcome in today’s agile environment 



CISOs listening attentively to the ongoing sessions at the CISO conference 

Sanjivan S Shirke, Senior VP - IT & Head - 

Information Security, UTI Asset Management 

Co enchanted the audience with an interesting 

session on 'Handling Ransomware Threats & 

Zero Day Attacks' 

Ransomware is a threat not in the distant 

future, said Sanjivan Shirke at UTI Asset 

Management Co. Ransomware is the fastest 

growing malware threat, targeting users of 

all types—from the ... average, more than 

4,000 ransomware attacks have occurred 

daily. He also stressed on the need for 

security teams to stay current on threat 

vectors, and keep operating systems and 

applications up to date with current patches. 

User education, he said, is the starting 

point for enterprise security and is even 

more important now 


13


"Organizations have improved 

their abilities to resist attacks, 

but attacks take different and 

increasingly complex forms," 

said Raddad Ayoub at Ernst & 

Young. He talked about the executing 

control measures in the 

corporate shield and how they 

work against DDoS or virus 

attacks, but not against sophisticated, 

persistent attacks that 

dedicated and organized cyber 

criminals are launching every 

day. 

He advised that the CIO and 

CISO need to fully understand 

the organization’s strategic 

direction, risk appetite and 

operations to support the adapt 

and reshape phases. 

The session on 'Cyber Resilience: Sense, Resist & React' was conducted by Raddad Ayoub, 

Partner, EMEIA Advisory Center for Cyber & Governance Risk and Compliance, Ernst & Young 

NEXTCSO Winners and CISOs attentively listening to the ongoing sessions at the CISO conference 



IT operations in many organisations 

lack process capabilities 

for comprehending realtime 

intelligence and taking 

timely action to safeguard the 

assets. Shree Parthasarathy 

at Deloitte Touche Tohmatsu 

said that threat Intelligence 

services enables organisations 

to proactively manage technology 

resources more effectively 

by providing alerts and 

advisory related information 

on the latest vulnerabilities to 

different IT resources. 

Shree Parthasarathy, Partner & National Leader - Cyber Risk Services, Deloitte Touche 

Tohmatsu India addressed the CSO community on 'Threat Intelligence: The New Frontier' 

Cyber-attackers are leveraging 

automation technology to 

launch strikes today. WannaCry 

is not a one-off event. Manish 

Tewari at Microsoft said 

that they has been committed 

to ensuring our customers are 

protected against these potential 

attacks.They recommend 

those on older platforms, such 

as Windows XP, to upgrade to 

the latest platforms. The best 

protection is to be on a modern, 

up-to-date system that incorporates 

the latest defense-indepth 

innovations. Older systems, 

even if fully up-to-date, 

lack the latest security features 

and advancements. 

The hot topic of 'Protecting Your Critical Information Infrastructure' was delivered by 

Manish Tiwari, CISO, Microsoft India 


15


LUNCH 

During the Security Cafe, our partners and CISOs grouped for a discussion on a wide range of security topics 

The aim of the 'Security Cafe' was to embark on a fresh dialogue on next-gen security. In their effort to launch 

new digital initiatives, security is the latest conundrum that's troubling leaders today. Is there a way organizations 

can protect their critical assets on cloud? What would be the role of the CISO if they were to embrace 

digital? Security leaders were divided into different groups where they engaged with our partners on the 

various security challenges and opportunities in the future 

9.9 Media conducted a lucky draw and gave away prizes to 10 winners 



The NEXTCSO mid-year conference drew a full house comprising an attendee 

list of top security delegates from some of the largest companies in India. The 

rich content delivery and an elite speaker panel gathered accolades from jury, 

winners and speakers alike. 

Delegates, CISOs and our 

partners networking between 

speaker sessions 


17


At the NEXTCSO Conference, 

Shivakumar Sriraman at VISA, 

spoke about the future of payments.Today 

there are more 

technology players in the market; 

hence, there's even more 

disruption. When it comes to 

payment security,companies 

are in a constant dilemma: 

convenience or security? Fraud 

remains near historic lows, but 

data losses continue to accelerate.Companies 

need to constantly 

think beyong cards and 

passwords. The key to securing 

the future of payments lies 

with tokenization; expanding 

from device-based to card-notpresent 

applications. 

An impactful session on 'Securing the Future of Payments' was delivered by Shivakumar 

Sriraman, Chief Risk Officer – India & South Asia, VISA 

Maneesh Dube, Executive Director, Russell Reynolds Associates - India & Tim Cook, Managing Director, Wychwood Partners - UK jointly 

delivered a session on 'Keeping Pace with the Evolving Role of the CISO' 

While all this is happening globally, only a handful of CISOs get more than INR 1 Cr. in India. So 

the big question is: what differentiates the heavy hitters? Tim and Maneesh talked about the five 

top capabilities that include experience, intellectual horsepower, vision, leadership and the ability 

to collaborate.They also discussed the top job requirements such as application security, product 

security, security architects, forensic investigation and behavioral analytics, required to secure a 

high-paying CISO role. 



As organizations increasingly embrace IoT into 

mainstream operations, the onboarding and management 

of IoT devices becomes critical to success., 

said Santanu Ghose at HPE Aruba. He said 

that companies need a strategy to securely connect 

mobile and IoT devices at the edge, to extract the 

value associated with smart buildings 

Santanu Ghose, Director, HPE Aruba and Arpit Bhatt, Consulting Systems Engineer - Security and IoT, 

HPE Aruba delivered a session on 'Smarter Security Across the Intelligent Edge' 

CISOs and NextCSOs attending Wine and Cheese session 

conducted by Microsoft 

Jatinder Singh Pabla, Lead - Office 365 Business, 

Microsoft India, spoke to CISOs on 'How to build 

a Secure Productive Enterprise'. The session was 

moderated by Sachin Mhashilkar, Director-Community 

Engagement, 9.9 Media 


19


Rajiv Nandwani at Innodata 

discussed the Bimodal 

approach in IT- the practice 

of managing two separate but 

coherent styles of work; one 

that is focused on predictability 

and the other focused on 

exploration. Nandwani said 

that both modes are essential 

to create substantial value and 

drive significant organizational 

change, and neither is static. 

Marrying a more predictable 

evolution of products and 

technologies with the new and 

innovative is the essence of an 

enterprise bimodal capability. 

Both play an essential role in 

digital transformation 

An interesting session on Aligning Security & Risk Management with Bimodal IT was 

conducted by Rajiv Nandwani, Director & VP - Global Information Security & CISO, Innodata 

Anuj Tewari at HCL Technologies 

discussed the growing 

dependency of CISOs on third 

parties due to globalization 

and expanded use to support 

core products, economic pressure 

– need for efficiencies 

and cost savings as well as 

growing threats. Today the 

third parties are expected to 

deliver critical specialized services 

and there is a growing 

need to maximise value and 

deliver great commercial outcomes 

through relationships. 

He recommended creation of 

assess controls based on risk 

of product or service. 

The highly engaging topic of 'Beyond the Enterprise: Securing the Third Party Ecosystem' 

was delivered by Anuj Tewari, CISO, HCL Technologies 



Welcome to NextCSO Awards 2017 - The 

inaugural speech and presentation was given 

by Group Editor, R Giridhar 

The NEXTCSO winners were decked in a formal attire along 

with the traditional 'safa' at the NextCSO Awards 2017 - 

awaiting their turn at the ceremony 

The stage was set at The 

Crowne Plaza, Jaipur for the 

NEXTCSO Awards 2017. The 

award winners were selected 

through a rigorous and comprehensive 

process that will 

evaluate professional achievements, 

management and leadership 

skills that are essential 

to fulfilling the challenging 

role of a CISO 

An interesting panel discussion on Making the Leap to NextGen Cyber Security Moderated by Faraz Ahmed, CISO, Morgan Stanley 

Panelists: Bharat Gautam, CISO, Hero FinCorp, Murli Menon, Director & CSO, Atos and Milind G. Mungale, SVP & CISO, NSDL 

e-Governance Infrastructure 


21


Felicitation of NextCSO Awards Winners 

The 24 next-gen security leaders receiving the NEXTCSO Awards in a grand ceremony at The 

Crowne Plaza, Jaipur on 7-8th July 2017 



The awards program draws on the support and involvement of India’s top executives and leaders to 

select 24 exceptional individuals who have skills, talent and motivation to take on the top job 


23


NextCSO Awards Jury Felicitation 

The NEXTCSO jury being felicitated at the awards ceremony. The final selection was made by a prestigious 

committee of top 20 information security leaders 

From L to R: Manoj Nayak, SBI Life Insurance, Thiyagarajan Saravanan, 

HPCL, Indrajit Saha, Indian Oil Corporation, Sanjivan S Shirke, 

UTI Asset Co, Faraz Ahmed, Morgan Stanley, Sunil Varkey, Wipro 

Technologies, Burgess Cooper, Ernst & Young, Milind Mungale NSDL 

e-Governance Infrastructure Ltd, Anuj Tewari, HCL Technologies, Uday 

Deshpande, Tata Motors 



Entertainment 

At the NEXTCSO Awards, Rajasthani artists lit up the stage 

with folk music and dance performances. In Matka Bhavai 

dance, the number of vessels gradually increase and the dancer 

balances up to seven or more on her head. The folk singer 

sang traditional songs from Bikaner among other places, as 

the audience matched their steps with the dancers 


25


As the awards night came to 

a close, Sachin Nandkishor 

Mhashilkar, Director - Community 

Engagement, at 9.9 

Media, looked back at the 

event that it had been. He 

thanked the winners, jury, 

and partners, HPE Aruba, 

Microsoft, Sophos, Juniper 

and InstaSafe, for their support 

and encouragement, 

in helping CSO Forum put 

together a fantastic NEXTC- 

SO conference and awards 

ceremony 

Vote of thanks by Sachin Nandkishor Mhashilkar, Director-Community Engagement, 9.9 Media 

Felicitation of Partners at the NEXTCSO 2017 



CSO Mid-year Conference - Day 2 

The Day 2 of the NEXTCSO 

Conference had an interesting 

line up of speakers discussing 

a wide range of topics such as 

artificial intelligence in security, 

IoT intelligence and testing, 

connected cars and the 

cybersecurity threat - all relevant 

and crucial to the future 

of enterprise security 

In today's unpredictable 

times, information security 

and cyber security must 

co-exist and be balanced 

such that the former continues 

to strengthen the 

foundations,and the latter 

becomes a visible business 

enabler, based on customer 

confidence. He proposed a 

framework that should provide 

a broad guideline on 

Information & cyber security 

for insurance industry. 

It should be flexible, leverage 

existing international 

approaches, standards, practices, 

focus on risk management 

and total compliance 

and enable effective understanding 

of response recovery 

versus prevention 

Meeting the Regulatory Bar: Information Security & Regulators by Manoj Nayak, CISO, SBI 

Life Insurance Co 


27


Using AI & Machine Learning for Cyber Security 

by Venkatsubramanian Ramakrishnan, Head - Information Risk Management, Cognizant 

Security professionals are 

hesitant to use quantitative 

methods because of the following 

common misconceptions 

that include cyber security is 

too complex to model quantitatively. 

Venkatakrishnan 

Subramanian at Cognizant 

says that we have to ask ourselves 

exactly how the existing 

risk matrices and risk scores 

alleviate these issues. Are 

they really helping us to make 

decisions? The answer is that 

quantitative, probabilistic 

methods must be used specifically 

because of lack of perfect 

information, not in spite of 

it. If perfect information was 

available, probabilistic models 

would not be required at all. 

Bringing connectivity to 

the car has enabled vehicle 

manufacturers to offer an 

increasing range of services. 

This allows users to access 

information on the move and 

fulfil the promise of seamless 

connectivity. Uday Deshpande 

at Tata Motors discussed 

the transformation of cars 

from mechanical systems to 

mobile computer networks 

has opened up an array of 

new attack points. and invited 

the attention of hackers to 

unleash more organised criminal 

activity 

Securing the Connected Automotive Ecosystem by Uday Deshpande, CISO, Tata Motors 



Towards the end of the NEXTCSO 

mid-year conference, Sophos 

conducted a lucky draw and gave 

away prizes to one lucky winner 

IoT will offer opportunities 

for companies which are manufacturing 

IoT goods, and also 

for those companies which 

are providing services related 

to IoT. Pratiksha Doshi at 

E&Y demonstrated different 

use cases of IoT across 

verticals. The manufacturers 

of smart devices, sensors or 

actuators, and the application 

developers, marketing strategists, 

analytic companies and 

internet service providers 

(ISPs) will all profit from 

the evolution of IoT. 

The session on IoT Security and Testing was delivered by Burgess Cooper, Partner - 

Information & Cyber Security, Ernst & Young and Pratiksha Doshi, Director, E&Y 


29

INSIGHT 

The new 

workplace mojo 

The study highlights that success lies in the effective 

implementation of a digital workplace strategy capable of 

driving true cultural change that accelerates business 

By CIO&Leader 


Insight 

W 

Smarter workspaces don’t just 

create happier employees – they also 

help in creating newer and authentic 

relationships with customers and 

the ecosystem as a whole 

orkspace is no longer seen as a 

physical environment as the disruptive 

impact of digital transformation 

spreads across organizations 

and industries, according to a latest 

IDC study. As per the study, entitled 

“Workspace Transformation: The Key 

to Tomorrow’s Digital Enterprise,” success 

lies in the effective implementation 

of a digital workplace strategy capable 

of driving true cultural change that 

accelerates business. 

The detailed IDC study outlined 

current enterprise trends along with 

appropriate use cases to support 

informed decision making about 

market offerings. It also assessed 

a real-world solution – Dimension 

Data’s Workspaces for Tomorrow on 

Microsoft Office 365 – which aims to 

address enterprise needs for a reliable, 

mobile, flexible, secure, and costeffective 

solution. 

“Can business leaders, CIOs, and IT 

leaders today claim to have enabled 

truly digital workspaces – where 

employees and the overall ecosystem 

can share knowledge and forge more 

productive business relationships 

beyond natural work groups? The 

answer more often than not will be 

"No." Should they be worried? The 

answer is a resounding "Yes." The Digital 

Workspace is no longer an option 

– it is an imperative,” said Arjun 

Vishwanathan, Associate Director – 

Emerging Technologies, IDC India. 

According to Vishwanathan, smarter 

workspaces don’t just create happier 

employees – they also help in creating 

newer and authentic relationships 

with customers and the ecosystem as a 

whole. “Although newer technologies 

and increased training are the standard 

go-to models, it is becoming clear 

that perhaps the most effective strategy 

is in creating an enhanced and 

adaptive workspace through improving 

the workspace itself,” he said. 

The report notes that Dimension 

Data is uniquely poised to enable 

solutions around this with its Enduser 

Computing Development Model 

(EUCDM), which allows organisations 

to identify not only the current 

state, but also define the future road 

map and requirements. As well as 

assessing the way employees meet, 

work, and collaborate, the Dimension 

Data solution also offers the 

implementation and management of 

user-aligned technologies via planning, 

deployment, integration, and 

managed services. 

A critical part of the picture is the 

global partnership between Dimension 

Data and Microsoft; which aims 

to drive value for organisations. As 

a key alliance partner to Microsoft, 

Dimension Data brings enhanced 

access to early adopter programs, 

technical support, and Microsoft’s 

future direction. 

The study indicates that digital 

transformation efforts are going to 

continue to dramatically change the 

workspace landscape – particularly 

at the edge. An explosion of new 

device types and applications are 

being fueled by trends, such as 

Internet of Things (IoT), augmented 

reality/virtual reality (AR/VR), and 

cognitive computing. 

“The ability of our Workspaces 

for Tomorrow solution to support a 

variety of services, including advisory 

and management and to be an allaround 

partner in progress is symbolized 

by the tangible business value on 

offer. That includes cost savings, business 

and operational efficiencies, security, 

and enhanced user experience 

and satisfaction,” said Kiran Bhagwanani, 

CEO, Dimension Data India. 

“When viewed from the perspective 

of an organisation that is traversing 

its own DX journey, these attributes 

have the potential to deliver seamless 

transformation and outcomes that are 

predictable, and place the enterprise 

on a forward- looking growth trajectory,” 

said Bhagwanani 


31

Insight 

How to identify 

early AI adopters 

In a new research paper, McKinsey & Company aims to 

explore the potential of artificial intelligence (AI) to become 

a major business disrupter 


A 

rtificial Intelligence creates news almost 

every day. In the last year, tech giants, such as 

Google and Baidu invested between USD 26B 

to USD 39B in artificial intelligence. However, 

according to a research paper titled Artificial 

Intelligence: The Next Digital Frontier?’ published 

by Mckinsey & Company, the adoption 

of AI in 2017 has remained low - with 41% of 

enterprises said that they are still uncertain 

about the benefits of the technology. 

The survey that gathered responses from 

3,000 businesses around the world also 


Insight 

How companies are adopting AI 

AI adoption is greatest in sectors that are already strong digital adopters 

High AI 

adoption 

Medium 

AI 

adoption 

Low AI 

adoption 

• 

• 

• 

• 

found that many business leaders 

are uncertain about what exactly 

AI can do for them, where to obtain 

How AI-aware are you? 

20% they are adopters 

3+ technologies 

3% 

2 technologies 7% 

1 technology 

41% 

say they are uncertain 

of AI 

Retail 

Media / entertainment 

CPG 

Assets 

Usage 

Digital Maturity 

Six characteristics of early AI adopters 

Digitally mature 

Adopt multiple 

technologies 

31% 

10% 

Partial adopters 

Larger 

businesses 

Focus on growth 

over savings 

10% 

40% 

Experimenters 

Contemplators 

Adopt AI in 

core activities 

C-level 

support for AI 

Source: McKinsey Global Institute, McKinsey&Company 

AI-powered applications, how to 

integrate them into their companies, 

and how to assess the return on an 

Labor 

investment in the technology. 

For the rest, Mckinsey & Company 

defines six characteristics of early 

AI adopters that differentiates them 

from late bloomers: 

The first feature is that early AI 

adopters are from verticals already 

investing at scale in related technologies, 

such as cloud services and big 

data. Those sectors are also at the frontier 

of digital assets and usage. This 

is critical, as it suggests that there is 

limited evidence of sectors and firms 

catching up when it comes to digitization, 

as each new generation of tech 

builds on the previous one. 

Second, independently of sectors, large 

companies tend to invest in AI faster 

at scale. This again is typical of digital 

adoption, in which, for instance, small 

and midsized businesses have typically 

lagged behind in their decision to invest 

in new technologies. 

Third, early adopters are not specializing 

in one type of technology. They 

go broader as they adopt multiple AI 

tools addressing a number of different 

use cases at the same time. 

Fourth, companies investing at 

scale do it close to their core business. 

Fifth, early adopters that adopt at 

scale tend to be motivated as much 

by the upside growth potential of AI 

as they are by cutting costs. AI is not 

only about process automation, but 

is also used by companies as part of 

major product and service innovation. 

This has been the case for early 

adopters of digital technologies and 

suggests that AI-driven innovation 

will be a new source of productivity 

and may further expand the growing 

productivity and income gap 

between high-performing firms and 

those left behind. 

Finally, strong executive leadership 

goes hand in hand with stronger AI 

adoption. Respondents from firms 

that have successfully deployed an 

AI technology at scale tended to rate 

C-suite support nearly twice as high 

as those from companies that had not 

adopted any AI technology 


33

Insight 

Mind the fence 

Perimeter security may be important, but understanding 

of technology and data security is imperative 


Despite the increasing number of data breaches 

and nearly 36.6 million data records being 

lost or stolen in India in 2016, the vast majority 

of IT professionals still believe perimeter 

security is effective at keeping unauthorized 

users out of their networks, as per Breach 

Level Index. However, companies are under 

investing in technology that adequately protects 

their business, according to the findings 

of the fourth-annual Data Security Confidence 

Index released recently by Gemalto. 

Surveying 1,050 IT decision makers worldwide, 

businesses feel that perimeter security is 

keeping them safe. Out of the 100 IT decision 

makers from India, most (98%) believe that it is 

quite effective at keeping unauthorized users 

out of their network. However, 49% are not 

extremely confident their data would be protected, 

should their perimeter be breached, a slight 

decrease on last year (58%). Despite this, nearly 

seven in 10 (69%) organizations report that they 

believe all their sensitive data is secure. 

Are you protecting your data? 

Many businesses are continuing to prioritize 

perimeter security without realizing it 


Insight 

Job descriptions of the five CDO archetypes 

Progressive 

Thinker 

Creative 

Disruptor 

Customer 

Advocate 

Innovative 

Technologist 

Universalist 

Promotes open, 

dialogue-oriented 

culture 

Industry-wide 

reputation 

as thought leader 

Early adopter 

Change agent 

Promotes open 

culture: innovative, 

agile, 

experimental 

Young, softwareoriented 

culture 

Promotes open 

culture: responsive, 

adaptive, customercentric 

Client advocate 

Promotes open, 

agile culture 

Change agent 

Promotes open 

culture, dialogueoriented 

and flexible 

Industry-wide 

reputation as 

throught leader 

Leading 

ambassador for 

change 

Source: Strategy& analysis, PwC 

is largely ineffective against sophisticated 

cyber attacks. According to the research findings, 

93% of Indian respondents said their 

organization had increased investment in 

perimeter security technologies such as firewalls, 

IDPS, antivirus, content filtering and 

anomaly detection to protect against external 

attackers. Despite this investment, two thirds 

(66%) believe that unauthorized users could 

access their network, rendering their perimeter 

security ineffective. 

These findings suggest that there is a lack 

of confidence in the solutions used, especially 

as over a third (38%) of organizations 

have seen their perimeter security breached 

in the past 12 months. The reality of the situation 

is worsened when considering that, 

on average, less than 10% of data breached 

(11%) was encrypted. 

Businesses’ confidence is further undermined 

by over half of respondents (45%) not 

knowing where [all] their sensitive data is 

stored. In addition, over a third of businesses 

do not encrypt valuable information, such as 

payment (33%) or customer (39%) data. This 

means that, should the data be stolen, a hacker 

would have full access to this information, 

and can use it for crimes including identify 

theft, financial fraud or ransomware. 

As many believe that unauthorised users 

could access their organization’s data if 

they penetrated the network, the worry 

of future breaches is a justified ongoing 

concern. According to respondents from 

organizations that have suffered a perimeter 

security breach, only 8% of breached data 

was encrypted, on average. If unauthorised 

users access the network and access the data 

within it, it is more likely than not that they 

have full visibility of that data as well. 

Security practices and the link 

to data regulations 

Over nine in ten (94%) surveyed IT decision 

makers believe that two-factor authentication 

can help their organization comply with 

data protection regulations and pass security 

audits. The majority think the same for 

encryption of PII (88%) and key management 

(84%). However, many organizations do not 

even have these measures in place when it 

comes to stakeholders accessing company 

data (Fig 10). This suggests that there is a 

divide between what IT decision makers 

believe is best and what organizations currently 

have been able to implement 


35

Insight 

The glitch that 

brought down NSE 

The recent NSE outage was caused by a software error, says 

a preliminary SEBI investigation—a reminder that we may be 

taking basic availability for granted 



Insight 

Atechnical glitch shut down India’s 

largest stock exchange, the National 

Stock Exchange, for more than three 

hours on June 10, 2017 as the system 

failed to boot in its opening time: 9 

am. The cash and derivative transactions 

were held up, though NSE 

halted the futures and options (F&O) 

operations too at around 10 am. 

After two failed attempts at 10.45 

am and 11.15 am, normal trading 

could only be resumed at 12.30 pm. 

This happened in a day where BSE 

Sensex saw a record high and also 

gained in volumes because many 

traders switched to BSE because of 

the NSE glitch. 

This outage comes exactly three 

years after the July 2014 outage 

at Bombay Stock Exchange (BSE) 

which had lasted for three hours. 

The NSE outage impacted trading 

for a longer period. 

Two previous cases of trading 

halts at BSE have been because of 

connectivity issues. NSE too had 

experienced a glitch in October 2012 

but trading was impacted for less 

than fifteen minutes. 

In August 2013, the US bourse 

NASDAQ, on which the NSE is 

modeled, had stopped functioning 

for more than three hours, 

due to a glitch. Even the New York 

Stock Exchange (NYSE), the largest 

exchange in the world, had stopped 

trading for almost four hours exactly 

two years back, on 9 July 2015. 

“The matter is being examined by 

the internal technical team and external 

vendors, to analyze and identify 

the cause which led to the issue and 

to suggest solutions to prevent recurrence,” 

NSE said in a press statement. 

Lack of Backup? 

Three hours is a very long time from 

trading point of view and many traders 

were unhappy that NSE did not 

switch to a backup system. 

NSE has been quoted as saying that 

it did not invoke its Business Continuity 

Plan (BCP) because the plan 

was meant to provide continuity in 

case of natural disasters, hardware 

failures and connectivity-related 

issues only. 

The stock exchange regulator, Securities 

and Exchange Board of India 

(SEBI), which was directed by the 

Indian Ministry of Finance to investigate 

the issue and submit a report by 

the day end, clarified that the glitch 

was a software issue. 

This outage comes exactly three 

years after the July 2014 outage 

at Bombay Stock Exchange (BSE) 

which had lasted for three hours. 

The NSE outage impacted 

trading for a longer period 

“On preliminary analysis, the technical 

problem apparently is related to 

software,” SEBI said in a statement. 

The regulator also ruled out the possibility 

of cyber attacks. “It does not 

seem to be related to any cyber security 

related compromise,” it clarified 

in the same statement. 

SEBI has directed NSE to submit 

a detailed report on the matter. The 

regulator has also asked NSE to have 

a review of their Business Continuity 

Plans and to submit a detailed plan 

as to what measures are going to be 

taken to avoid such recurrences. 

What to make out of the 

glitch? 

At the lack of any detailed public 

report, it is difficult to analyze what 

caused the delay. However, based on 

the information known so far, certain 

things are clear. 

1. It was not a cyber attack; it was a 

system error 

2. NSE did not switch to its BCP 

because that was reserved for 

natural disasters or hardware failures, 

meaning it has not taken into 

account situations like this where 

the business continuity was severely 

compromised, for its BCP 

This just means that even for mission 

critical applications such as stock 

market trading, there is serious gap in 

business continuity planning. In the 

last few months, a series of outages in 

airlines, such as Delta, United and British 

Airways had brought into limelight 

the gaps that remain in the resilience 

plans of these airlines, the NSE outage 

has once again highlighted that issue. 

In none of these cases, any external 

attack was involved. 

While a stock market outage may 

not have seen as much social media 

outrage as an Airlines outage, the 

potential impact in business terms 

could be much bigger. 

Are we ignoring the basic reliability 

and resilience plans while readying 

ourselves for tackling possible 

external actors? 


37

INTERVIEW 

“I want to foster a 

digital culture in the 

organization” 

Mandar Marulkar, CIO & CDO, KPIT Technologies, talks 

to Sachin Nandkishor Mhashilkar on his new digital role 

and what it entails 


Mandar Marulkar, KPIT Technologies 

Interview 

‘‘With the pace at which 

digitization is taking place, it 

is important to ensure all your 

employees are enabled - both 

from a cultural and skill-set 

point of view’’ 

–Mandar Marulkar 

CIO & CDO, KPIT Technologies 

According to you, what are some 

of the scenarios that are likely to 

impact your industry by 2020? 

Companies are upgrading their IT infrastructure 

to support IoT in the future. When we 

talk about 20 billion devices in 2020, they will 

generate a huge amount of data and that’s where 

professional services will be expected to churn 

out data and come up with relevant business 

use cases. In such a scenario, creating a platform 

that will enable interactions between producers 

and consumers and monetizing the data will be 

extremely important. 

What are some of your key priorities 

for 2020? 

From an automation perspective, embedding 

programmability into the infrastructure and 

integrating the software-defined with your core 

IT infrastructure will give birth to a true DevOps 

culture. The next priority will be moving on 

from the monolithic application stack and the 

waterfall methodology to application development. 

It is also important to understand the next 

generation threats and build the overall holistic 

cyber security platform, not only to protect your 

business applications and typical IT stack but 

to secure the OT infrastructure, especially as 

billions of devices now generate data from an 

OT perspective and that needs to be integrated 

with IT. The other area will be to build a digital 

culture in your organization. With the pace at 

which digitization is taking place, it is important 

to ensure all your employees are enabled -both 

from a cultural and skill-set point of view - in 

order to grab the challenge of 2020 and provide 

innovative solutions to the industry. 

How will the rapid evolution of 

technology impact your industry 

in the year 2020? 

It is very difficult for any organization to cope 

up with the rapid pace of innovation happening 

around the world. Lot of disruption is 

taking place in start-ups and companies you 

didn't know about or didn't exist until today. 

So we need to ensure that workload migration 

from on-premise to public cloud is secure and 

cost-effective. 

What are your personal goals for 

the year 2020? 

I’m getting into a new role of a Chief Digital 

Officer (CDO) and I’m expected to showcase 

our internal innovations to customers. Also, I 

want to create a digital culture in our organization, 

for the leadership as well as millennials, 

who join the company. 


39

NEW CHALLENGES 

NEWER POSSIBILITIES 

Come contribute to 

CIO Agenda 2020 

To know more about the event, log on to 

#CIO2020 

#Agenda2020

CIO&amp;Leader_July 2017 (1)

Create successful ePaper yourself

Delete template?

Save as template?

CIO&Leader_July 2017 (1)