C&L_December 2017 (1)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Insight:<br />
Wither<br />
Supercomputing? Pg 20<br />
Opinion<br />
How Platform Business Models<br />
Are Transforming... Pg 36<br />
Feature<br />
How Innovation Works<br />
and How To Lead It Pg 38<br />
Volume 06<br />
Issue 09<br />
<strong>December</strong> <strong>2017</strong><br />
150<br />
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF<br />
GDPR: The<br />
Countdown to<br />
New Regime<br />
With less than six months to go before the most<br />
comprehensive personal data protection regime<br />
kicks in, Indian companies rush to comply with the<br />
new provisions. Looks like the IT/ITES and BFSI<br />
segments are way ahead pg. 8<br />
A 9.9 Media Publication
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
1<br />
EDITORIAL<br />
Shyamanuja Das<br />
shyamanuja.das@9dot9.in<br />
The GDPR<br />
Opportunity<br />
I<br />
I am in all my senses when I call GDPR an opportunity,<br />
notwithstanding how ‘stringent’ and ‘suffocating’ it<br />
looks today!<br />
Two trends worldwide are making privacy a big concern—one,<br />
the rise of neo-authoritarian regimes globally<br />
who are using democratic means to rise to power and<br />
two, the increasing entry of technology (and of course,<br />
companies behind them) to our personal space. I will not<br />
be surprised if privacy becomes the biggest political issue<br />
in many democratic countries in the next few years!<br />
As the concerns rise, anything with the potential of<br />
breaking into individual privacy will be seen with suspicion.<br />
Many businesses which have no intention other<br />
than to sell their products and services will be under<br />
scrutiny, impacting their business.<br />
It is better to be over-prepared.<br />
GDPR—and the privacy legislations being enacted<br />
around the world, including in India—give the companies<br />
an excellent opportunity to put transparent processes<br />
in place.<br />
Two trends worldwide<br />
are making privacy a<br />
big concern—one, the<br />
rise of neo-authoritarian<br />
regimes globally who are<br />
using democratic means<br />
to rise to power and two,<br />
the increasing entry of<br />
technology (and of course,<br />
companies behind them) to<br />
our personal space<br />
Complying with<br />
stringent international<br />
regulations are not new to<br />
Indian companies. Being<br />
a hub of services—home<br />
to many global IT, BPO<br />
companies and location<br />
for back-offices of many<br />
large corporations in the<br />
world—Indians have been<br />
used to comply with many<br />
sector-specific as well as<br />
horizontal regulations. It<br />
is not surprising that in<br />
GDPR compliance too, IT/ITES and BFSI companies<br />
are a couple of steps ahead as compared to others.<br />
CISOs and CIOs—the ultimate drivers of most compliance<br />
journeys—have challenging times ahead.<br />
While GDPR will be relevant for only companies<br />
that have something to do with EU citizens data,<br />
India is enacting its own regulation. A committee<br />
appointed by the Government and headed by a former<br />
Supreme Court judge has come up with a comprehensive<br />
discussion paper on the issues at hand. In<br />
this issue, we present you a set of what we think are<br />
the most relevant questions for you—in just 5-6 pages.<br />
The document is 233-pages long.<br />
The pace at which the committee is working, I will<br />
not be surprised if, by next year this time, we would<br />
be discussing the implementation plans for Indian<br />
personal data security legislation.<br />
Yes, one of the new requirements may be the<br />
appointment of a chief data protection officer. And<br />
there may even be provisions that the person should<br />
be exclusively devoted to that.<br />
Security professionals will be the first choice. But do<br />
we have that kind of talent available? That is another<br />
big discussion that we must have.<br />
Hope the year <strong>2017</strong> has been great for you. And<br />
wishing you a happy new year 2018
Insight:<br />
Opinion<br />
Feature Volume 06<br />
Wither How Platform Business Models How Innovation Works Issue 09<br />
<strong>December</strong> <strong>2017</strong><br />
Supercomputing? Pg 20 Are Transforming... Pg 36 and How To Lead It Pg 38<br />
150<br />
TRACK TECHNOLOGY BUILD BUSINESS SHAPE SELF<br />
A 9.9 Media Publication<br />
With less than six months to go before the most<br />
comprehensive personal data protection regime<br />
kicks in, Indian companies rush to comply with the<br />
new provisions. Looks like the IT/ITES and BFSI<br />
segments are way ahead pg. 8<br />
CONTENT<br />
DECEMBER <strong>2017</strong><br />
COVER STORY<br />
08-18| GDPR: The<br />
Countdown to New Regime<br />
With less than six months to go before the most comprehensive<br />
personal data protection regime kicks in, Indian companies rush to<br />
comply with the new provisions. Looks like the IT/ITES and BFSI<br />
segments are way ahead<br />
GDPR: The<br />
Countdown to<br />
New Regime<br />
Cover Design by:<br />
Shokeen Saifi<br />
advertisers ’ index<br />
Seagate<br />
FC<br />
Vodafone BC<br />
Please Recycle<br />
This Magazine<br />
And Remove<br />
Inserts Before<br />
Recycling<br />
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from<br />
Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Vikas Gupta for Nine Dot Nine<br />
Mediaworx Pvt Ltd, 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091. Printed at<br />
Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 2013011<br />
This index is provided as an<br />
additional service.The publisher<br />
does not assume any liabilities<br />
for errors or omissions.<br />
2 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
INTERVIEW<br />
04-06<br />
"Hybrid cloud serves as an<br />
ideal foundation to build a<br />
digital enterprise"<br />
INSIGHT<br />
22-23<br />
Is It Time To Look<br />
Beyond Attended<br />
Payment Solutions?<br />
24-25<br />
CFO and CIOs: The<br />
Old Tiff Continues;<br />
CEOs Agree<br />
28-29<br />
5 Key Data<br />
Predictions For<br />
2018<br />
30-31<br />
2018 Top 10 BI/<br />
Analytics Trends<br />
32-33<br />
Digital Business Is<br />
Making CIOs And Their<br />
IT Organizations More<br />
Change-Ready<br />
OPINION<br />
34-37<br />
Robot Revolution: Which<br />
Sector Will Be The First To<br />
Go 100% Robot?<br />
www.cioandleader.com<br />
MANAGEMENT<br />
Managing Director: Dr Pramath Raj Sinha<br />
Printer & Publisher: Vikas Gupta<br />
EDITORIAL<br />
Managing Editor: Shyamanuja Das<br />
Associate Editor: Shubhra Rishi<br />
Content Executive-Enterprise Technology:<br />
Dipanjan Mitra<br />
DESIGN<br />
Sr Art Director: Anil VK<br />
Art Director: Shokeen Saifi<br />
Visualisers: NV Baiju & Manoj Kumar VP<br />
Lead UI/UX Designer: Shri Hari Tiwari<br />
Sr Designers: Charu Dwivedi, Haridas Balan & Peterson PJ<br />
SALES & MARKETING<br />
Director-Community Engagement<br />
for Enterprise Technology Business:<br />
Sachin Mhashilkar (+91 99203 48755)<br />
Brand Head: Vandana Chauhan (+91 99589 84581)<br />
Assistant Product Manager-Digital: Manan Mushtaq<br />
Community Manager-B2B Tech: Megha Bhardwaj<br />
Community Manager-B2B Tech: Renuka Deopa<br />
Associate-Enterprise Technology: Abhishek Jain<br />
Assistant Brand Manager-B2B Tech: Mallika Khosla<br />
Regional Sales Managers<br />
South: Ashish Kumar (+91 97407 61921)<br />
North: Deepak Sharma (+91 98117 91110)<br />
West: Prashant Amin (+91 98205 75282)<br />
Ad Co-ordination/Scheduling: Kishan Singh<br />
PRODUCTION & LOGISTICS<br />
Manager Operations: Rakesh Upadhyay<br />
Asst. Manager - Logistics: Vijay Menon<br />
Executive Logistics: Nilesh Shiravadekar<br />
Logistics: MP Singh & Mohd. Ansari<br />
OFFICE ADDRESS<br />
Nine Dot Nine Mediaworx Pvt Ltd<br />
121, Patparganj, Mayur Vihar, Phase - I<br />
Near Mandir Masjid, Delhi-110091<br />
Published, Printed and Owned by Nine Dot Nine Mediaworx<br />
Private Ltd. Published and printed on their behalf by<br />
Vikas Gupta. Published at 121, Patparganj,<br />
Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091,<br />
India. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5,<br />
NOIDA (U.P.) 201301.<br />
Editor: Vikas Gupta<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
3
INTERVIEW<br />
"Hybrid cloud serves<br />
as an ideal foundation<br />
to build a digital<br />
enterprise"<br />
From cost containment to hybrid strategies, CIOs are<br />
getting more creative in taking advantage of the cloud’s<br />
economies of scale<br />
I<br />
It is clearly a great time to be a datacenter player<br />
in APAC. There's a surge in local data consumption,<br />
customers are more inclined towards outsourcing<br />
datacenter services and government<br />
regulations are being seen as drivers of Asia<br />
Pacific’s datacenter services market growth. Can<br />
you describe which one of these reasons has been<br />
a guiding force for you to build more datacenters<br />
in India? Is the company planning to come up<br />
with more datacenters?<br />
A datacenter helps keep up with the real-time<br />
demands of an innovative company. It is also<br />
an important building block in the digital journey<br />
of an enterprise. Digital transformation and<br />
innovation are today, extremely important in<br />
winning, serving, and retaining customers. To<br />
meet the growing demand from global cloud,<br />
social media and telecom VAS companies, we<br />
are specifically planning to double our existing<br />
datacenter capacity next year. To this end, we<br />
are already coming up with two new large<br />
datacenters in Mumbai and Bangalore by<br />
April 2018.<br />
Netmagic currently has nine datacenters.<br />
The latest and fifth datacenter in Mumbai<br />
is the biggest facility in India and is spread<br />
over 3,00,000 square feet. With the two new<br />
datacenters, this will expand our overall pan<br />
India capacity to 13,00,000 square feet.<br />
With great opportunity also comes<br />
competition. However, in your<br />
case, bigger players such as Microsoft,<br />
IBM and Amazon, do not have a single<br />
physical building in India. How you are<br />
uniquely positioned to make the most<br />
of this opportunity?<br />
A customer looks for end-to-end managed<br />
services. The fact that we have a physical presence<br />
is an enabler in this direction. It also reflects in the<br />
fact that we are datacenter partners to most of the<br />
cloud service providers. We are uniquely<br />
positioned as we offer multi-cloud orchestration<br />
portal to deploy and manage multiple cloud<br />
platforms. Second aspect that makes us unique<br />
is the range of services that we can offer right<br />
4 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Nitin Mishra, Netmagic Interview<br />
“IT heads should<br />
also invest in skills<br />
for cloud such as<br />
how to configure and<br />
manage hypervisors<br />
and hire people who<br />
have experience in<br />
procuring cloud"<br />
–Nitin Mishra,<br />
Senior Vice President & Chief<br />
Product Officer, Netmagic (an NTT<br />
Communications Company)<br />
from co-location dedicated hosting<br />
services, Cloud to Infrastructure<br />
management and security unlike the<br />
other players who only have cloud or<br />
some of hosting.<br />
It seems as though<br />
enterprise IT managers<br />
have become a lot more<br />
comfortable with the idea of<br />
the hybrid and public cloud.<br />
Are CIOs/customers leaning<br />
towards the hybrid cloud<br />
adoption as the hype<br />
suggests?<br />
Definitely. From cost containment to<br />
hybrid strategies, CIOs are getting<br />
more creative in taking advantage of<br />
the latest offerings and the cloud’s<br />
economies of scale. This is being fuelled<br />
by the need for enterprises to scale their<br />
resources to serve their customers better.<br />
The adoption of hybrid cloud has<br />
multiple benefits and serves as an ideal<br />
foundation to build a digital enterprise.<br />
It provides interoperability and helps<br />
a company’s systems become far more<br />
compatible with other systems.<br />
One of the key benefits of a hybrid<br />
cloud is provisioning at a lower cost<br />
and high speed (as and when required<br />
functionality of the public cloud<br />
component). A properly configured<br />
hybrid cloud solution changes the<br />
conversation between IT and the<br />
business as it shortens timeframes and<br />
expands possibilities. Hybrid cloud<br />
helps companies get a combination of<br />
the private and the public model and<br />
enables them to innovate and iterate<br />
faster at a lower cost.<br />
How according to you will<br />
the hybrid cloud markets<br />
evolve in the next few years?<br />
While companies will take some time<br />
to shift their critical workload to the<br />
hybrid cloud environment, future<br />
trends clearly indicate a preference<br />
for hybrid cloud computing. Gartner<br />
predicts that almost 50% of the larger<br />
organizations will have embraced<br />
hybrid cloud models by the end of<br />
<strong>2017</strong>. Another survey indicates that<br />
IT and business executives about the<br />
importance of digital transformation,<br />
its goals, and how to achieve them, and<br />
found that hybrid cloud computing,<br />
including two or more of a datacenter,<br />
a public cloud, a private cloud and a<br />
managed private cloud, is the future<br />
of enterprise IT. While 83% use or<br />
will use hybrid cloud environments,<br />
88% believe hybrid capabilities are<br />
important or critical to enabling<br />
digital business transformation.<br />
Cloud-dependent technologies, such<br />
as Internet of Things (IoT), real-time<br />
analytics, and collaboration, will<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
5
Interview<br />
Nitin Mishra, Netmagic<br />
continue to evolve the end-customer<br />
relationship, which in turn will<br />
require public cloud solutions to meet<br />
scale and time-to-market-challenges.<br />
The stakes are high, as those who<br />
figure it out first will gain a significant<br />
advantage in agility, efficiency, and<br />
elasticity unshared by their market<br />
rivals. Now is the time to start plotting<br />
the path to the future and to move up<br />
the cloud learning curve.<br />
IT heads should also invest in skills<br />
for cloud computing such as how to<br />
configure and manage hypervisors<br />
and hire people who have experience<br />
in procuring cloud. One challenge<br />
CIOs face is that different cloud<br />
computing companies have different<br />
parameters and models for pricing<br />
cloud resources, so it makes sense<br />
to have technically savvy people<br />
in the infrastructure procurement<br />
or purchase department who can<br />
understand the complexities involved.<br />
“Migration to SAP<br />
HANA from older SAP<br />
ERP deployments could<br />
also fuel a massive<br />
demand for our hybrid<br />
cloud offering of<br />
SimpliVPC and public<br />
cloud, Simplicloud.”<br />
–Nitin Mishra,<br />
Senior Vice President & Chief Product Officer, Netmagic<br />
Flipkart is one of your<br />
largest customers in the<br />
space. Tell us about some of<br />
your other customers.<br />
Netmagic has over 2000 customers<br />
globally. We work with a singleminded<br />
focus on enabling and<br />
providing services that address the<br />
mission-critical IT needs. Growth<br />
usually comes with its own set of<br />
challenges: the problems of scale and<br />
unplanned surges. As its existing<br />
IT ecosystem lacked the agility and<br />
reliability to respond to growth,<br />
The Hindu turned to Netmagic’s<br />
SimpliCloud to future-proof itself<br />
while chartering new heights. For<br />
another customer, CIBIL, Netmagic<br />
constantly coordinated and enabled<br />
the auto shift of primary to DR for<br />
the organization. It also provided<br />
web application firewalls and DDoS<br />
services to boost CIBIL’s security<br />
posture. Consul India hosted India’s<br />
First SAP HANA Implementation on<br />
Netmagic's Data Center.<br />
Is there a reason why you<br />
have consciously stayed<br />
away from the government<br />
vertical?<br />
Earlier we had lesser focus on<br />
Government but that has changed now<br />
and we are actively participating and<br />
also getting success in this vertical.<br />
We are empanelled with MEITY for<br />
cloud offering and also with CERT-IN<br />
for security. We are participating in<br />
smart cities projects and have some<br />
early wins like Thane. We are part of<br />
the ecosystem of System integration<br />
and application vendor partners to bid<br />
jointly in large government contract.<br />
Tell us about your<br />
future plans.<br />
Migration to SAP HANA from older<br />
SAP ERP deployments could also<br />
fuel a massive demand for our hybrid<br />
cloud offering of SimpliVPC and<br />
public cloud, Simplicloud. Currently<br />
almost all the older SAP deployments<br />
are done within enterprise<br />
datacenters. In the next two years,<br />
around 3,000 enterprises will move<br />
to SAP HANA and many of them will<br />
opt for co-location services.<br />
We see a big opportunity in security<br />
and that business is growing fastest<br />
though on lower base. We have a<br />
comprehensive suite of services<br />
backed up by 24*7 operation SOC<br />
(Security Operations Center). We<br />
are expanding our capabilities and<br />
services and have got goo wins in large<br />
SOC requirements.<br />
Netmagic is expanding its service<br />
portfolio with a range of cloud<br />
offerings to position itself as a onestop<br />
cloud solution provider. Noticing<br />
a long period of transition where<br />
customers want hybrid IT solutions<br />
having a combination of bare metalbased<br />
DCs, hosted private clouds,<br />
and multiple public clouds; Netmagic<br />
is positioning itself as a Multi-cloud<br />
provider<br />
6 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
ns'k dk lcls yksdfiz; vkSj fo‚luh; VsDuksykWth osclkbV<br />
fMftV vc fganh esa miyC/k gSaA u;h fganh osclkbV vkidks<br />
VsDuksykWth ls tqMs+ gj NksVh cM+h ?kVukvks ls voxr j[ksxhA lkFk<br />
esa u, fganh osclkbV ij vkidks fMftV VsLV ySc ls foLr`r xStsV<br />
fjO;q ls ysdj Vsd lq>ko feysaxsA fMftV tYn gh vkSj Hkh vU;<br />
Hkkjrh; Hkk"kkvks esa miyC/k gksxkA<br />
www.digit.in/hi<br />
www.facebook.com/digithindi
GDPR: The<br />
Countdown to<br />
New Regime<br />
With less than six months to go before the most<br />
comprehensive personal data protection regime kicks<br />
in, Indian companies rush to comply with the new<br />
provisions. Looks like the IT/ITES and BFSI segments<br />
are way ahead<br />
By Shubhra Rishi
Transparency can never be a bad thing. In fact, it is perhaps the only absolute that<br />
organizations should be able to ensure their customers with certainty.<br />
Unfortunately, that’s not always the case.<br />
Blame it on the massive data growth today. In 2011 when IDC predicted that the<br />
data use was expected to grow by as much as 44 times, it may have surprised some<br />
of us. in a recent IDC Data Age 2025 whitepaper titled 'The Evolution of Data to<br />
Life-Critical' it forecasted that the data use is expected to grow to 163 zettabytes<br />
(approximately a trillion gigabytes), it only made businesses think about the unique<br />
user experiences and a new world of business opportunities that it will unlock.<br />
A lot has changed since 2011 to change the attitude towards how companies want<br />
to use the massive consumer data being generated from a multitude of sources such<br />
as social media, internet of things, mobile and real-time data.<br />
This user-generated information is the truth of our data-driven worlds. There’s<br />
a significant gap between the amount of data being produced today that requires<br />
security and the amount of data that is actually being secured –and this gap will<br />
widen. According to IDC’s recent whitepaper, by 2025, almost 90% of all data created<br />
in the global datasphere will require some level of security, but less than half<br />
will be secured – and that is highly disconcerting.<br />
Statistics reveal that some of the worst security breaches (amounting to 20) have<br />
taken place in the last 5 years; thus pushing the governments to act.<br />
The General Data Protection Regulation (GDPR) is a result of one such implication<br />
imposed by the European Union (EU) for organizations across the globe. The<br />
EU’s GDPR puts the onus of specific privacy requirements in the hands of the entities<br />
collecting, storing, analyzing, and managing personally identifiable information.<br />
Firms subject to the GDPR will have to demonstrate their compliance with the<br />
requirements by May 25, 2018.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER 9
Cover Story<br />
“In India, however, 7 out 10 BFSI<br />
organizations (handling EU customer<br />
data/business) we reached out to did<br />
not want to comment on their GDPR<br />
preparedness”<br />
The ABC of GDPR<br />
The General Data Protection Regulation<br />
(GDPR) is a law or a regulation, which<br />
was adopted by the European Commission<br />
on 27 April 2016. The GDPR<br />
applies to any organization, regardless<br />
of geographic location, which controls<br />
or processes the data of an EU resident<br />
in a proscribed way. It dictates to what<br />
extent personal data may be collected,<br />
the need for explicit consent to gather<br />
such data, requirements to disclose<br />
breaches of data and stronger powers<br />
to substantially fine organizations that<br />
fail to protect the data for which they are<br />
responsible.<br />
Applicability: Applies to entities —<br />
including third parties that are (i) established<br />
in the EU, (ii) providing goods<br />
or services to EU residents or (iii) are<br />
monitoring the behavior of individuals in<br />
the EU<br />
Building: Privacy-by-design principles<br />
must be incorporated into the development<br />
of new processes and technologies<br />
Empowering Consumers: Organizations<br />
Source: EY’s cyber and privacy insights document<br />
will have to facilitate customers’ and<br />
employees’ right to erasure (of data),<br />
right to portability, and an increased right<br />
of access.<br />
Fines: Up to EUR20 million or 4% of<br />
the organization’s total global revenue,<br />
whichever is greater; also provides individuals<br />
new rights to bring class actions<br />
against data controllers or processors,<br />
if represented by not-for profit organizations,<br />
which heightens litigation risk<br />
Reporting: Organizations will have only<br />
72 hours to report data breaches<br />
Employing People: Most organizations<br />
will need to designate a Data Protection<br />
Officer and a Data Controller<br />
Storage: Organizations will have to<br />
maintain records of processing activities<br />
Security: Organizations will need to<br />
scale security measures based on privacy<br />
risks.<br />
Permissions: Explicit and affirmative<br />
consent will be required before processing<br />
personal data.<br />
For long, the fleeting mention of<br />
GDPR in India came up only at the time<br />
of reporting a security breach. Until in<br />
2016, Indian regulators namely The<br />
Reserve Bank of India and Securities<br />
and Exchange Board of India (SEBI)<br />
issued frameworks to strengthen cyber<br />
security in the BFSI sector.<br />
“Banks, as owners of such data,<br />
should take appropriate steps in preserving<br />
the Confidentiality, Integrity<br />
and Availability of the same, irrespective<br />
of whether the data is stored/in<br />
transit within themselves or with customers<br />
or with the third party vendors;<br />
the confidentiality of such custodial<br />
information should not be compromised<br />
at any situation and to this end,<br />
suitable systems and processes across<br />
the data/information lifecycle need to<br />
be put in place by banks,” RBI explicitly<br />
highlighted in the framework under<br />
section subtitled ‘Ensuring Protection<br />
of customer information’.<br />
In September 2016, SEBI also asked<br />
commodity derivatives exchanges to<br />
put in place a framework to safeguard<br />
systems, networks and databases from<br />
cyber attacks. It also announced the<br />
appointment of a new Chief Security<br />
Officer who will be responsible for<br />
strengthening SEBI's regulatory policy<br />
framework in the area of cyber security.<br />
Going a step further in April <strong>2017</strong>, the<br />
Insurance Regulatory and Development<br />
Authority of India (IRDAI) tightened<br />
the noose on CEOs and CMDs<br />
of all insurance firms, giving them a<br />
period of about a year to ensure that<br />
adequate mechanisms are put in place<br />
to address the issues related to information<br />
and cyber security.<br />
The icing on the cake this year was<br />
the Supreme Court's landmark verdict<br />
on the right to privacy. Additionally,<br />
India is now moving towards legislation<br />
on data protection. The central<br />
government had set up an expert committee<br />
to study the different issues<br />
relating to data protection in India and<br />
make specific suggestions on principles<br />
underlying a data protection bill.<br />
10 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Cover Story<br />
These frameworks may not significantly impact GDPR preparedness<br />
of companies in India. However, they will certainly<br />
keep up their customer data and security vigil.<br />
According to Parag Deodhar, Information Security Leader<br />
at a reputed financial services firm, headquartered in EU<br />
with subsidiaries spread across the globe, “We have been<br />
running a global project for GDPR compliance across the<br />
company and are tracking actions across subsidiaries and<br />
shared services.”<br />
The global financial services firm has shared services centres<br />
outside EU where data for EU is processed, and therefore,<br />
has to comply with GDPR.<br />
“We are implementing a data privacy and protection framework<br />
with global standards such as ISO / NIST etc. Our<br />
framework has been reviewed by reputed audit firms as well<br />
as regulators. We have incorporated their recommendations<br />
in our framework as well,” said Deodhar.<br />
In India, however, 7 out 10 BFSI organizations (handling<br />
EU customer data/business) we reached out to did not want<br />
to comment on their GDPR preparedness.<br />
However, all of them had heard of the regulation and its<br />
impact of their business, unlike a quarter (25%) of the 700<br />
European companies surveyed by IDC Research on behalf<br />
of ESET, admitted they were not aware of GDPR and more<br />
than half (52%) of them were unsure of the impact on their<br />
organizations.<br />
Research firm Gartner, in a statement issued in November<br />
<strong>2017</strong>, believes that less than 50% of all organizations impacted<br />
will fully comply by that date.<br />
The IT/ITes sector is the biggest contributor to India’s<br />
economy – with 66.1% contribution of services sector to GDP,<br />
“We have taken<br />
structured approach<br />
and Framework is<br />
in place to address<br />
GDPR needs.”<br />
Harshad Mengle<br />
Director – Cyber Security<br />
Capgemini Sogeti India<br />
“We supply 90% of our<br />
Metformin to European<br />
countries. We have<br />
employees as well as<br />
contractors across<br />
EU –and our Chief<br />
Compliance Officer<br />
in cooperation with IT<br />
security as well as the<br />
board – is creating a<br />
Standard Operating<br />
Procedure (SOP) to<br />
ensure how it is going<br />
to impact our business.”<br />
Jitendra Mishra<br />
VP– CIO, Wanbury<br />
the information technology – business process management<br />
(IT-BPM) sector serves as a major market for IT software<br />
and services exports are the U.S. and the U.K. and Europe,<br />
accounting for about 90% of total IT/ITeS exports. Given the<br />
criticality of IT–BMP services, “India must do all it can to<br />
protect and promote business in this sector. To a large extent,<br />
future of business will depend on how well India responds<br />
to the changing regulatory changes unfolding globally. India<br />
will have to assess her preparedness and make convincing<br />
changes to retain the status as a dependable processing des-<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
11
Cover Story<br />
tination,” - according to a white paper titled GDPR and India,<br />
written by Aditi Chaturvedi for The Centre for Internet and<br />
Society.<br />
Capgemini Sogeti India, a fully-owned subsidiary of the<br />
Capgemini Group, with total revenues of EURO 6,412 million<br />
this year, is a well-known French IT Services and Consulting<br />
Organization and has customer across Europe and USA.<br />
According to Harshad Mengle, Director – Cyber Security at<br />
Capgemini Sogeti, we have taken a structured approach and<br />
the framework is in place to address GDPR needs.”<br />
“It is important to disclose how we are going to protect our<br />
customer’s data, and this in turn, will give more confidence<br />
to our EU customers. Some of the challenges include how we<br />
will alter our entire ecosystem in order to incorporate data<br />
management protection as per GDPR guidelines, how the<br />
“We have been running<br />
a global project for<br />
GDPR compliance<br />
across the company<br />
and are tracking actions<br />
across subsidiaries and<br />
shared services. Being<br />
an EU headquartered<br />
company, we need to<br />
comply with all the<br />
requirements of GDPR.”<br />
Parag Deodhar<br />
Information Security Leader at a<br />
reputed financial services firm<br />
workflow systems need to be changed, and how IT and monitoring<br />
systems need to be aligned with privacy data in order<br />
to be compliant,” said Mengle.<br />
“A good compliance- to- privacy framework will help<br />
C-suite build strong technological and process control framework<br />
which can be also easily integrated with security operation<br />
management for privacy breaches,” he added.<br />
The IT Services player has already employed a data controller,<br />
data processor, and a data protection officer who will take<br />
up responsibility of ensuring compliance.<br />
Evalueserve Inc, a knowledge services provider, with estimated<br />
annual revenues of more than USD 250 million offers<br />
research, analytics, and data management services to Fortune<br />
500 companies in the United States and internationally. The<br />
company has both clients and employees working from EU<br />
and their personally identifiable data will come under the<br />
purview of GDPR.<br />
According to Evalueserve’s Chief Information Officer and<br />
Chief Information Security Officer, Sachin Jain, we comply<br />
with UK/EU data protection act for some of our clients – so it<br />
is not going to be a difficult change for us.<br />
“However, the team involved has started working on it proactively<br />
to be ready to show compliance to GDPR well ahead<br />
of the deadline,” he added.<br />
The GDPR also levies steep penalties of up to EUR 20 million<br />
or 4 % of global annual turnover, whichever is higher, for<br />
non-compliance. The language in the guideline uses the word<br />
“reasonable” to indicate the level of data protection and privacy<br />
that companies should observe towards EU citizens.<br />
Immediate next steps to tackle GDPR<br />
1. Demanding new privacy rights and obligations Educate key<br />
stakeholders, including the board of directors Risk-assess<br />
(including legal applicability) whether the GDPR applies to<br />
your organization<br />
2. Establish cross-function and cross-business governance<br />
structure for assessment of the GDPR’s applicability to<br />
business operations, evaluation of readiness and management<br />
of your overall GDPR remediation efforts<br />
3. Conduct a privacy impact assessment, with a strong focus<br />
on high-risk data flows of business processes<br />
4. Conduct a GDPR gap assessment, with a particular focus<br />
on governance, policies, technology, external dependencies<br />
(e.g., vendors), existing data flows ("high-risk") and<br />
processing operations<br />
5. Design and execute a prioritized implementation plan to<br />
address gaps based upon risk tolerance, risk priority,<br />
resourcing and investment<br />
Source: EY report titled ‘GDPR: demanding new privacy rights and obligations’<br />
12 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Cover Story<br />
“We comply with UK/<br />
EU data protection<br />
act for some of our<br />
clients so it is not<br />
going to be a difficult<br />
change for us. However,<br />
the team involved<br />
started working on it<br />
proactively to be ready<br />
to show compliance to<br />
GDPR well ahead of the<br />
deadline.”<br />
Sachin Jain<br />
CIO & CISO at Evalueserve<br />
Jain said that they take “reasonable” as the baseline protection<br />
layer or controls one has to deploy to ensure privacy and<br />
safety of data.<br />
The concern is natural as the IT/ITes sector in India has<br />
reported the largest increase in data breaches in 2016. The<br />
healthcare industry, comes a close second, accounting for<br />
28% of data breaches, rising 11% last year compared to 2015.<br />
This calls for stringent measures to protect healthcare<br />
records of patients in India. The section 43(a) and section<br />
72 of the IT Act mandates organizations to take reasonable<br />
provisions to protect sensitive information and provides a<br />
broad framework for the collection, storage and protection of<br />
personal information in India – including health conditions,<br />
medical records and biometric records.<br />
Other jurisdictions have already enacted sector-specific<br />
laws to protect medical information. The Health Insurance<br />
Portability and Accountability Act (HIPAA) is the primary<br />
law that establishes the US legal framework for health information<br />
privacy and gives patients substantial control over<br />
their information.<br />
At Alembic Pharmaceuticals, the company has tied with a<br />
leading consulting provider to identify areas where it needs<br />
to make process and data changes which would be in alignment<br />
with GDPR regulations.<br />
According to Gopal Rangaraj, its CIO & Head-IT, GDPR is<br />
an organic extension and is not a completely new framework.<br />
In healthcare, end-patient data safety was always a mandate.<br />
Therefore, we capture patient information including demographic<br />
data, and how we handle customer complaints handling<br />
process in the context of GDPR will be interesting.<br />
Alembic Pharmaceuticals Ltd. is an INR 31.31 billion Indian<br />
multinational pharmaceutical company headquartered in<br />
Gujarat, India. Alembic Pharmaceuticals Europe Limited,<br />
however, is the 100 % subsidiary of the Alembic Global Holding<br />
SA, and is located in Malta, Europe.<br />
Rangaraj said that their Indian business does not handle<br />
any EU datasets – but didn't fail to add that adhering to the<br />
guidelines and making them more bulletproof is how they<br />
see the whole thing.<br />
At Wanbury, Jitendra Mishra, its VP-IT and CIO said that<br />
the GDPR is an extension of an earlier law 1995 data protection<br />
directive. The pharma major is the largest manufacturer<br />
of Metformin in the world and exports to over 50 countries –<br />
65% of which comprises of regulated markets.<br />
“We supply 90% of our Metformin to European countries.<br />
We have employees as well as contractors across EU –and<br />
our chief compliance officer in cooperation with IT security<br />
as well as the board – is creating a Standard Operating Procedure<br />
(SOP) to ensure how the GDPR is going to impact our<br />
business, how we secure personal information of our customers,<br />
and how to map all these scenarios to mitigate risks by<br />
enforcing policies, technology and creating awareness in the<br />
organization.”<br />
Across verticals, businesses in India give an impression<br />
that they are in tune with the implications of GDPR. To an<br />
extent, they see their data privacy law offering assistance<br />
when it comes to tackling GDPR requirements as to how<br />
it will help in demonstrating that India is on par with the<br />
EU in terms of data protection law. However, almost everyone<br />
agrees that it needs careful revision to incorporate few<br />
amendments to align with strong protection regulation.<br />
Additionally, they believe that it will also ensure all companies<br />
in India have reasonable practices in place. This will give<br />
confidence to EU companies with subsidiaries in India or<br />
outsourcing work to India.<br />
It looks like the data privacy law has come at the right time<br />
when some Indian businesses are gearing up for biggest ever<br />
overhaul of data protection regulation<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
13
Cover Story+<br />
Towards an Indian Data<br />
Protection Regime<br />
Extracts from the issues raised for discussion by the expert<br />
committee appointed to create a draft data protection bill for India<br />
By CIO&Leader<br />
On 24 August <strong>2017</strong>, in a historic judgment, a ninejudge<br />
bench of the Supreme Court ruled that<br />
right to privacy is a fundamental right, while<br />
hearing a case on the legality of Aadhaar.<br />
“We are in an information age. With the growth and<br />
development of technology, more information is now<br />
easily available. The information explosion has manifold<br />
advantages but also some disadvantages. The access to<br />
information, which an individual may not want to give,<br />
needs the protection of privacy. The right to privacy is<br />
claimed qua the State and non-State actors. Recognition<br />
and enforcement of claims qua non-state actors may<br />
require legislative intervention by the State,” Justice Sanjay<br />
Kishan Kaul, one of the judges, said in his judgment.<br />
“There is an unprecedented need for regulation<br />
regarding the extent to which such information can be<br />
stored, processed and used by non-State actors. There is<br />
also a need for protection of such information from the<br />
State,” he noted.<br />
“We commend to the Union Government the need<br />
to examine and put into place a robust regime for data<br />
protection. The creation of such a regime requires a careful<br />
and sensitive balance between individual interests and<br />
legitimate concerns of the state,” noted Justice DY Chandrachud’s<br />
judgment, delivered on behalf of four judges<br />
including then then CJI Jagdish Singh Khehar.<br />
Towards a Data<br />
Protection Regime<br />
By that time, the government had already appointed a<br />
committee to look into the issues regarding enacting such<br />
a legislation, under the chairmanship of Justice B N Srikrishna,<br />
former Judge of the Supreme Court. Their brief<br />
was to identify key data protection issues and recommend<br />
methods for addressing them and ultimately come out<br />
with a draft data protection bill. The other members of the<br />
committee are Ajay Bhushan, CEO, Unique Identification<br />
Authority of India; Ajay Kumar, Additional Secretary,<br />
MeitY; Arghya Sengupta, Research Director, Vidhi Center<br />
for Legal Policy; Aruna Sundararajan, Secretary, Department<br />
of Telecom; Gulshan Rai, National Cyber Security<br />
Coordinator; Rajat Moona, Director, lIT, Raipur; Rama<br />
Vedashree, CEO, Data Security Council of India; and<br />
Rishikesha T Krishnan, Director, IIM, Indore.<br />
Four months after it was formed, on 27 November, the<br />
committee released a detailed whitepaper outlining all the<br />
issues that they found to be relevant, seeking responses<br />
from the public on these questions.<br />
The document goes into various issues, discusses how<br />
other such legislation such as EU’s GDPR have handled<br />
it and has listed its views on those issues while raising<br />
explicit questions. The last date for submission for the<br />
responses is 31 <strong>December</strong>, unless it is extended.<br />
14 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Cover Story+<br />
When enacted, it is the businesses—data<br />
controllers and data processors as they are<br />
called—will have to comply with them. And it is a<br />
no-brainer that it is the CISOs and CIOs who will<br />
have a major role to play in that compliance; in<br />
most companies, they will lead the roll out<br />
The whitepaper starts by noting that a data protection<br />
framework in India must be based on the following seven<br />
principles:<br />
1. Technology agnosticism - The law must be technology<br />
agnostic. It must be flexible to take into account<br />
changing technologies and standards of compliance. <br />
2. Holistic application - The law must apply to both<br />
private sector entities and government. Differential<br />
obligations may be carved out in the law for certain<br />
legitimate state aims.<br />
3. Informed consent - Consent is an expression of<br />
human autonomy. For such expression to be genuine,<br />
it must be informed and meaningful. The law must<br />
ensure that consent meets the aforementioned criteria.<br />
4. Data minimization - Data that is processed ought to<br />
be minimal and necessary for the purposes for which<br />
such data is sought and other compatible purposes<br />
beneficial for the data subject.<br />
5. Controller accountability - The data controller shall<br />
be held accountable for any processing of data, whether<br />
by itself or entities with which it may have shared the<br />
data for processing.<br />
6. Structured enforcement - Enforcement of the data<br />
protection framework must be by a high-powered<br />
statutory authority with sufficient capacity. This must<br />
coexist with appropriately decentralised enforcement<br />
mechanisms.<br />
7. Deterrent penalties - Penalties on wrongful processing<br />
must be adequate to ensure deterrence. <br />
When enacted, it is the businesses—data controllers<br />
and data processors as they are called—will have to comply<br />
with them. And it is a no-brainer that it is the CISOs<br />
and CIOs who will have a major role to play in that compliance;<br />
in most companies, they will lead the roll out.<br />
For their benefit, we have gone into the<br />
233-page document and have extracted the most relevant<br />
questions that have a direct bearing on compliance,<br />
though it is recommended that they read the entire document,<br />
which is available at http://www.cioandleader.com/<br />
dataprotectionwp<br />
We have selected only close-ended questions, that are<br />
most relevant. Questions about nuanced of legal approach<br />
too are avoided. To help you directly go to questions<br />
that interest you and the corresponding discussion that<br />
precedes them, we have provided the chapter no, chapter<br />
name, question number and the page number along with<br />
each question.<br />
Here are the selected questions.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
15
Cover Story+<br />
Whitepaper on Data Protection Framework in<br />
India: Relevant Questions for CISO<br />
Should the law be applicable to government/public and<br />
private entities processing data equally? If not, should<br />
there be a separate law to regulate government/public<br />
entities collecting data? Alternatives:<br />
a. Have a common law imposing obligations on Government<br />
and private bodies as is the case in most jurisdictions.<br />
Legitimate interests of the State can be protected<br />
through relevant exemptions and other provisions.<br />
b. Have different laws defining obligations on the government<br />
and the private sector.<br />
[Part II/Ch. 2 (Other Issues of Scope)/Q3/Pg. 33]<br />
What kind of data or information qualifies as personal<br />
data? Should it include any kind of information including<br />
facts, opinions or assessments irrespective of their<br />
accuracy?<br />
[Part II/Ch. 3 (What is personal data)/Q3/Pg. 40]<br />
Should the definition of personal data focus on identifiability<br />
of an individual? If yes, should it be limited to an<br />
‘identified’, ‘identifiable’ or ‘reasonably identifiable’ individual?<br />
[Part II/Ch. 3 (What is personal data)/Q4/Pg. 40]<br />
Should anonymised or pseudonymised data be outside<br />
the purview of personal data? Should the law recommend<br />
either anonymisation or psuedonymisation, for instance<br />
as the EU GDPR does?<br />
[Part II/Ch. 3 (What is personal data)/Q5/Pg. 40]<br />
Should the law define a set of information as sensitive<br />
data? If yes, what category of data should be included in it?<br />
Eg. Financial Information / Health Information / Caste /<br />
Religion / Sexual Orientation. Should any other category<br />
be included?<br />
[Part II/Ch. 4 (Sensitive personal data)/Q2/Pg. 43]<br />
Should the law only define ‘data controller’ or should it<br />
additionally define ‘data processor’? Alternatives<br />
a. Do not use the concept of data controller/processor; all<br />
entities falling within the ambit of the law are equally<br />
accountable.<br />
b Use the concept of ‘data controller’ (entity that determines<br />
the purpose of collection of information) and<br />
attribute primary responsibility for privacy to it.<br />
c. Use the two concepts of ‘data controller’ and ‘data processor’<br />
(entity that receives information) to distribute<br />
primary and secondary responsibility for privacy.<br />
[Part II/Ch.6 (Entities to be defined in the law: data controllers and<br />
processors)/Q2/Pg. 51]<br />
How should responsibility among different entities<br />
involved in the processing of data be distributed?<br />
Alternatives:<br />
a. Making data controllers key owners and making them<br />
accountable.<br />
b. Clear bifurcation of roles and associated expectations<br />
from various entities.<br />
c. Defining liability conditions for primary and secondary<br />
owners of personal data.<br />
d. Dictating terms/clauses for data protection in the contracts<br />
signed between them.<br />
e. Use of contractual law for providing protection to data<br />
subject from data processor.<br />
[Part II/Ch.6 (Entities to be defined in the law: data controllers and<br />
processors)/Q3/Pg. 51]<br />
Should the data protection law have specific provisions<br />
facilitating cross border transfer of data? If yes, what<br />
should the adequacy standard be the threshold test for<br />
transfer of data?<br />
(Part II/Ch.8 (Cross-border flow of data)/Q2/Pg. 68]<br />
Should certain types of sensitive personal information<br />
be prohibited from being transferred outside India even if<br />
it fulfils the test for transfer?<br />
(Part II/Ch.8 (Cross-border flow of data)/Q3/Pg. 68]<br />
Should there be a data localization requirement for the<br />
storage of personal data within the jurisdiction of India?<br />
(Part II/Ch.9 (Data Localization)/Q2/Pg. 75]<br />
If yes, what should be the scope of the localization mandate?<br />
Should it include all personal information or only<br />
sensitive personal information?<br />
[Part II/Ch.9 (Data Localization)/Q3/Pg. 75]<br />
If the data protection law calls for localization, what<br />
would be impact on industry and other sectors?<br />
[Part II/Ch.9 (Data Localization)/Q4/Pg. 75]<br />
On whom should the primary onus of ensuring accuracy<br />
of data lie especially when consent is the basis of collection?<br />
Alternatives:<br />
a. The individual<br />
b. The entity collecting the data<br />
[Part III/Ch.7 (Storage limitation and data quality)/Q2/Pg.121]<br />
How long should an organization be permitted to store<br />
personal data? What happens upon completion of such<br />
time period? Alternatives:<br />
16 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Cover Story+<br />
a. Data should be completely erased<br />
b. Data may be retained in anonymised form<br />
[Part III/Ch.7 (Storage limitation and data quality)/Q3/Pg.121]<br />
Should there be a restriction on the categories of information<br />
that an individual should be entitled to when exercising<br />
their right to access?<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q2/Pg.128]<br />
What should be the scope of the right to rectification?<br />
Should it only extend to having inaccurate date rectified<br />
or should it include the right to move court to get an order<br />
to rectify, block, erase or destroy inaccurate data as is the<br />
case with the UK?<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q3/Pg.128]<br />
Should there be a fee imposed on exercising the right to<br />
access and rectify one‘s personal data? Alternatives:<br />
a. There should be no fee imposed.<br />
b. The data controller should be allowed to impose a reasonable<br />
fee.<br />
c. The data protection authority/sectoral regulators may<br />
prescribe a reasonable fee.<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q4/Pg.128]<br />
Should there be a fixed time period within which organisations<br />
must respond to such requests? If so, what should<br />
these be?<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q5/Pg.128]<br />
Is guaranteeing a right to access the logic behind automated<br />
decisions technically feasible? How should India<br />
approach this issue given the challenges associated with it?<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q6/Pg.128]<br />
What should be the exceptions to individual participation<br />
rights?<br />
[For instance, in the UK, a right to access can be refused<br />
if compliance with such a request will be impossible or<br />
involve a disproportionate effort. In case of South Africa<br />
and Australia, the exceptions vary depending on whether<br />
the organisation is a private body or a public body.]<br />
[Part III/Ch.8 (Individual Participation Rights-1)/Q7/Pg.128]<br />
The EU GDPR introduces the right to restrict processing<br />
and the right to data portability. If India were to adopt<br />
these rights, what should be their scope?<br />
[Part III/Ch.9 (Individual Participation Rights-2)/Q2/Pg.136]<br />
Should there be a prohibition on evaluative decisions<br />
taken on the basis of automated decisions? Alternatives<br />
a. There should be a right to object to automated decisions<br />
as is the case with the UK.<br />
b. There should a prohibition on evaluative decisions<br />
based on automated decision making.<br />
[Part III/Ch.9 (Individual Participation Rights-2)/Q3/Pg.136]<br />
Given the concerns related to automated decision making,<br />
including the feasibility of the right envisioned under<br />
the EU GDPR, how should India approach this issue in<br />
the law?<br />
[Part III/Ch.9 (Individual Participation Rights-2)/Q4/Pg.136]<br />
Should direct marketing be a discrete privacy principle,<br />
or should it be addressed via sector specific regulations?<br />
[Part III/Ch.9 (Individual Participation Rights-2)/Q5/Pg.136]<br />
What are your views on the right to be forgotten having<br />
a place in India‘s data protection law?<br />
[Part III/Ch10 (Individual Participation Rights-3)/Q1/Pg.141]<br />
Should the right to be forgotten be restricted to personal<br />
data that individuals have given out themselves?<br />
[Part III/Ch10 (Individual Participation Rights-3)/Q2/Pg.141<br />
Does a right to be forgotten add any additional protection<br />
to data subjects not already available in other individual<br />
participation rights?<br />
[Part III/Ch10 (Individual Participation Rights-3)/Q3/Pg.141]<br />
Does a right to be forgotten entail prohibition on display/dissemination<br />
or the erasure of the information from<br />
the controller‘s possession?<br />
[Part III/Ch10 (Individual Participation Rights-3)/Q4/Pg.141]<br />
Does co-regulation seem an appropriate approach for a<br />
data protection enforcement mechanism in India?<br />
[Part IV/Ch. 1 (Regulation and enforcement)/Q2/Pg.146]<br />
What are the specific obligations/areas which<br />
may be envisaged under a data protection law in India<br />
for a (i) command and control approach; (ii) selfregulation<br />
approach (if any); and (iii) co-regulation<br />
approach?<br />
[Part IV/Ch. 1 (Regulation and enforcement)/Q3/Pg.146]<br />
What are the organizational measures that should<br />
be adopted and implemented in order to demonstrate<br />
accountability? Who will determine the standards which<br />
such measures have to meet?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.155]<br />
Should the lack of organizational measures be linked to<br />
liability for harm resulting from processing of personal<br />
data?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q3/Pg.155]<br />
Should all data controllers who were involved in the<br />
processing that ultimately caused harm to the individual<br />
be accountable jointly and severally or should they be<br />
allowed mechanisms of indemnity and contractual affixation<br />
of liability inter se?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q4/Pg.155]<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
17
Cover Story+<br />
Should there be strict liability on the data controller,<br />
either generally, or in any specific categories of processing,<br />
when well-defined harms are caused as a result of data<br />
processing?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q5/Pg.155<br />
Should the data controllers be required by law to take<br />
out insurance policies to meet their liability on account<br />
of any processing which results in harm to data subjects?<br />
Should this be limited to certain data controllers or certain<br />
kinds of processing?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q6/Pg.156]<br />
If the data protection law calls for accountability as<br />
a mechanism for protection of privacy, what would be<br />
impact on industry and other sector?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q7/Pg.156]<br />
What are the subject matters for which codes of practice<br />
or conduct may be prepared?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.160<br />
What is the process by which such codes of conduct or<br />
practice may be prepared? Specifically, which stakeholders<br />
should be mandatorily consulted for issuing such a code<br />
of practice?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q3/Pg.160]<br />
Who should issue such codes of conduct or practice?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q4/Pg.160]<br />
How should such codes of conduct or practice be<br />
enforced?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q5/Pg.160]<br />
What should be the consequences for violation of a code<br />
of conduct or practice?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q4/Pg.160]<br />
How should a personal data breach be defined?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.166]<br />
When should personal data breach be notified to the<br />
authority and to the affected individuals?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q3/Pg.166]<br />
What are the circumstances in which data breaches<br />
must be informed to individuals?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q4/Pg.166]<br />
What details should a breach notification addressed to<br />
an individual contain?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q5/Pg.166]<br />
Should a general classification of data controllers be<br />
made for the purposes of certain additional obligations<br />
facilitating compliance while mitigating risk?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q2/Pg.172]<br />
Should data controllers be classified on the basis of the<br />
harm that they are likely to cause individuals through<br />
their data processing activities?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q3/Pg.172]<br />
What are the factors on the basis of which such data<br />
controllers may be categorized?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools)/Q4/Pg.172]<br />
What are the circumstances when Data Protection<br />
Impact Assessments (DPIA) should be made mandatory?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data Protection<br />
Impact Assessment)/Q2/Pg.173]<br />
Who should conduct the DPIA? In which circumstances<br />
should a DPIA be done (i) internally by the data controller;<br />
(ii) by an external professional qualified to do so; and<br />
(iii) by a data protection authority?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data Protection<br />
Impact Assessment)/Q3/Pg.173]<br />
What are the circumstances in which a DPIA report<br />
should be made public?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data Protection<br />
Impact Assessment)/Q4/Pg.173]<br />
Is there a need to make data protection audits mandatory<br />
for certain types of data controllers?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection<br />
Audit)/Q2/Pg.173]<br />
Should data audits be undertaken internally by the data<br />
controller, by a third party (external person/agency), or by<br />
a data protection authority?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection<br />
Audit)/Q4/Pg.173]<br />
Should it be mandatory for certain categories of data<br />
controllers to designate particular officers as DPOs for the<br />
facilitation of compliance and coordination under a data<br />
protection legal framework?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection<br />
officer)/Q2/Pg.174]<br />
What should be the qualifications and expertise of such<br />
a DPO?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection<br />
officer)/Q3/Pg.174]<br />
What should be the functions and duties of a DPO?<br />
[Part IV/Ch. 2 (Accountability and enforcement tools: Data protection<br />
officer)/Q4/Pg.174]<br />
18 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
INSIGHT<br />
Whither<br />
Supercomputing?<br />
The state of global supercomputing in five charts<br />
By CIO&Leader<br />
A<br />
Every six months—in May and November<br />
every year—Top500.org, a site tracking<br />
supercomputers, comes out with the list of the<br />
world’s 500 fastest. The list provides data on<br />
the sites where they are hosted, their theoretical<br />
and achieved performance, their chitecture,<br />
their manufacturers, and a number of<br />
other data points.<br />
Analysis of the Top500.org data provides<br />
excellent insight into the state of supercomputing<br />
globally at any point of time.<br />
The insights presented here are based on the<br />
data presented in the lasts—November <strong>2017</strong>—<br />
list that also happens to be the 50th list since<br />
its beginning.<br />
Our insights are drawn from analysis of<br />
the Top500.org data for last 10 years—From<br />
November 2007 to November <strong>2017</strong>.<br />
20 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
Measuring the Speed of Speed<br />
How fast is today’s fastest supercomputer? According to<br />
November <strong>2017</strong> Top 500 list, it is 93 petaFLOPS—that is 93<br />
million billion floating point operations per second. This is<br />
200 times faster than the fastest supercomputer in November<br />
2007 and 1.6 million times faster than the fastest supercomputer<br />
in June 1993, when the list made its debut.<br />
The Acceleration<br />
How fast have been the fastest (all figures in TFLOPs/second)<br />
33862.7<br />
33862.7<br />
93014.6<br />
478.2<br />
1759 10510<br />
Nov_07 Nov_09 Nov_11 Nov_13 Nov_15 Nov_17<br />
Global Power Shift<br />
Like in many other things in business and economy, in<br />
supercomputing too, the action has shifted from America<br />
and Europe to Asia Pacific.<br />
The Chinese Invasion<br />
Supercomputing is the latest area where China overthrows the US<br />
from top even as India's presence is further marginalized<br />
283<br />
144<br />
10<br />
4<br />
9<br />
Nov_07 Nov_09 Nov_11 Nov_13 Nov_15 Nov_17<br />
China US India<br />
Power of the Cluster<br />
In terms of the architecture, there is a clear shift to clusterbased<br />
supercomputing. Almost nine out of ten Top500<br />
supercomputing sites are cluster-based.<br />
The Definite Shift to Clusters<br />
Cluster<br />
MRP<br />
202<br />
The Asian Edge<br />
Supercomputing power too shifts to Asia, driven by China;<br />
India's rise could push it further<br />
289<br />
287<br />
274<br />
277<br />
212<br />
109<br />
149<br />
93<br />
The Manufacturers’ Story<br />
While Cray still remains the supercomputing company, with<br />
shrinking share of MPP architecture, Cray’s share in Top<br />
500 is coming down, even though it still accounts for more<br />
than one third of Top 50 sites. Lenovo and a host of Chinese<br />
manufacturers show up on the radar, thanks to China’s rise<br />
in supercomputer usage.<br />
103 102<br />
150 152<br />
257<br />
179<br />
122 121<br />
60 60<br />
Manufacturer's Share<br />
Nov_07 Nov_09 Nov_11 Nov_13 Nov_15 Nov_17<br />
Lenovo completes China story<br />
Asia -Oceania Europe Americas<br />
China is the New Supercomputing<br />
Superpower<br />
The big rise of Asia in the supercomputing scene is almost<br />
entirely because of the rise of China—and despite the fall of<br />
other Asian contenders like Japan and India.<br />
In fact, it is a big shift that happened in the latest Top<br />
500 list. For the first time, China replaced the US as the<br />
top supercomputing country accounting for more Top500<br />
supercomputer sites than the US.<br />
India has been reduced to a marginal player with just four<br />
of the Top500 fastest sites present in the country. That is a<br />
drop from 12 such sites that it had just four years back.<br />
2% 9%<br />
2%<br />
24%<br />
3%<br />
14%<br />
3% 20%<br />
4%<br />
4%<br />
4%<br />
4% Top 50<br />
8%<br />
10%<br />
4%<br />
10%<br />
11%<br />
11%<br />
36%<br />
16%<br />
HPE Lenovo Inspur Cray Inc. Sugon<br />
Huawei IBM Bull Dell EMC Fujitsu<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
21
Insight<br />
Is It Time To<br />
Look Beyond<br />
Attended Payment<br />
Solutions?<br />
Unattended payment systems bring in efficiency by<br />
significantly reducing wait time. They could be just the<br />
right solution for smart cities<br />
By Niranj Sangal<br />
22 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
AAutomation and intelligence are being incorporated<br />
in almost any business sector today. This integration<br />
has resulted in more effective business practices, and<br />
presents a new and improved level of productivity,<br />
transparency and reliability. The business of payments<br />
in India has been a witness to digital transformation;<br />
consumers were obligated to look beyond<br />
paper money to plastic cards, pre-paid instruments<br />
like e-wallets, smartcards, etc. On understanding<br />
the landscape of payment trends, businesses and<br />
customers are equally looking out for simple, quick<br />
and economical manners of transacting. It is certain<br />
that PoS and digital wallets are here to stay, however,<br />
introducing mobility within payments has plenty of<br />
scope and possibilities that are beyond these existing<br />
solutions. Unattended payment solutions or selfservice<br />
solutions are known to add more flexibility<br />
and can open new avenues and revenue streams for<br />
existing businesses.<br />
Digital payments have introduced transparency<br />
and automation across businesses, but Indians have<br />
experienced very little in terms of self-check-out<br />
kiosks, ticket vending machines, vending machines,<br />
etc. Western markets have adapted to self-service<br />
payments across businesses like transport, fuel,<br />
retail, hospitality and even car parks since years.<br />
According to Growth Industry Analysts, the US is<br />
currently the largest market for intelligent vending<br />
machines and the global market is expected to reach<br />
approximately 2.7 million unattended terminals by<br />
2020. Additionally, unattended retail is estimated to<br />
reach USD 275 billion globally by 2020, according to<br />
a research by ReportsnReports.com.<br />
Unattended payment terminals and solutions provides<br />
for smooth, safe, secure and convenient mode<br />
of payments across Kiosks for bill payments, movie<br />
tickets, vending machines, etc. and AFC (Automated<br />
Fare Collection) solutions for rail tickets, metros, etc.<br />
It happens to be one of the best systems for managing<br />
parking especially in a country like India, where parking<br />
is scarce and there are losses in revenue.<br />
There are very distinct reasons on why such solutions<br />
gradually become a choice for many. Not only<br />
is it user friendly, it has been known to lower or<br />
even eliminate time wasted in long queues due to its<br />
queue-busting uniqueness and this also channelizes<br />
sales. Similar to PoS, the solution also needs to be<br />
compliant with PCI DSS norms and are hence equally<br />
safe and secure. Integration with existing loyalty<br />
programs and acceptance of cash, cards, wallets and<br />
even NFC and contactless payments make it multifaceted<br />
and acceptable by consumers.<br />
Unattended payment<br />
solutions or self-service<br />
solutions are known to<br />
add more flexibility and<br />
can open new avenues<br />
and revenue streams for<br />
existing businesses<br />
Very recently, Delhi Metro made a bold move by<br />
deciding to install around 400 unattended terminals<br />
across it network which will enable commuters to<br />
recharge smart cards and buy tokens by swiping a<br />
debit or credit cards themselves. Installing such selfservice<br />
terminals in this case can be viewed as an<br />
optimal and a profitable alternative considering ticketing<br />
rush. Our experience with retailers across the<br />
world tells us that it has helped draw more customers<br />
thus increasing sales without the need to increase<br />
staff or offload existing workload on existing staff.<br />
The technology used in such systems allows the solution<br />
to be managed remotely. The solution has visibly<br />
eased operations and challenges associated with payments<br />
at large format outlets.<br />
Such solutions can ease out transactions,<br />
especially in smart city projects across India. Keeping<br />
in mind the potential of such solutions, it is only<br />
about time that the solution is made more readily<br />
available to consumers<br />
–The author is the Group CEO, OMA Emirates Group<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
23
Insight<br />
CFO and CIOs: The<br />
Old Tiff Continues;<br />
CEOs Agree<br />
However, CFOs and COOs blame it on lack of CIOs’ lack of<br />
business expertise, even as 96% senior executives say CIO-<br />
CFO collaboration crucial or very important for success of IT<br />
transformation<br />
By CIO&Leader<br />
24 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
AAs many as 96% of senior executives see close collaboration<br />
between CIO and CFO as critical or very important for<br />
success of IT transformation in an enterprise. However, a<br />
predominant majority (89%) of them acknowledge that significant<br />
barriers exist, at present that prevent the two from<br />
effectively collaborating with each other, says a new report<br />
based on a global study of senior executives conducted by<br />
Forbes Insight, in association with Dell EMC.<br />
Ironically, one of the manifestations of that barrier could<br />
be the difference in perceptions between the two about what<br />
creates that barrier itself. While CFOs blame it on reporting<br />
structure and CIOs’ lack of business expertise, CIOs think<br />
a significant reason could be CFOs ‘outdated attitude’ about<br />
the primary role of the CIO. Interestingly, CEOs seem to<br />
endorse that view—and even more emphatically. While only<br />
30% CIOs point to CFO’s outdated attitude as a big reason<br />
for creating the barrier, as much as 45% CEOs think so.<br />
20%<br />
29%<br />
25%<br />
29%<br />
32%<br />
30%<br />
11%<br />
13%<br />
CIO<br />
What creates the barrier to effective<br />
CIO-CFO collaboration?<br />
20%<br />
20%<br />
30%<br />
35%<br />
18%<br />
30%<br />
16%<br />
13%<br />
CFO<br />
There are no significant barriers<br />
No clear mandate from CEO/<br />
board<br />
CFOs have outdated attitudes<br />
about the primary role of CIO<br />
Lack of incentive to work more<br />
closely together<br />
Conflicts arising over traditional<br />
reporting structure<br />
CIOs' lack of business expertise<br />
CFOs' lack of sufficient technical<br />
expertise<br />
Conflicting responsibilities and<br />
priorities<br />
Source: Forbes Insight/Dell-EMC Study <strong>2017</strong><br />
While only 30% CIOs point<br />
to CFO’s outdated attitude<br />
as a big reason for creating<br />
the barrier, as much as 45%<br />
CEOs think so<br />
However, many (30%) CFOs do admit that it is their community’s<br />
outdated attitude that is the major factor in creating<br />
the barrier. “The finance team becomes a barrier if the<br />
discussions are only about the budget and how to run as<br />
lean as possible. That’s a losing attitude for IT Transformation,”<br />
the report quotes Khozema Shipchandler, Global CFO<br />
of GE Digital as saying.<br />
There’s significant regional variation too. While in the<br />
Americas, the reasons for the barrier are thought to be due<br />
to structural issues—conflicting responsibilities and reporting<br />
structures—in APAC, it is name calling. ‘CIOs lack of<br />
business expertise’ and ‘CFOs’ outdated attitudes about<br />
CIO’s role’ that are identified as the top reasons that contribute<br />
to the barrier.<br />
What are the biggest consequences if CIOs and CFOs<br />
do not work together effectively? As many as two out of<br />
three (63%) think the risk of falling behind competition is<br />
increased significantly.<br />
Another significant finding reinforces that idea. The report<br />
finds that it is not investment but the effective collaboration<br />
between the two that makes a company a leader or a laggard<br />
in IT transformation. “Although leaders and laggards in IT<br />
are seeing different outcomes, the results aren’t a function of<br />
who spends the most for IT Transformation. This year and<br />
in 2018, both groups are devoting significant percentages of<br />
their total budgets in this area,” the report notes.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
25
Insight<br />
On the other hand, ‘being able to react more quickly to<br />
market changes’ is seen as the top benefit accruing from an<br />
effective CIO-CFO collaboration.<br />
An entrepreneurial mindset was identified as the most<br />
important characteristic of a CIO when leading IT transformation<br />
while the impact of IT transformation on a CIO’s role<br />
is seen to be significant. As many as 72% senior executives<br />
said in an organization undertaking IT transformation, the<br />
CIO helps shapes future business models.<br />
How has IT Transformation impacted CIO's role?<br />
Helps shape future<br />
business model<br />
Is becoming a strategic<br />
advisor for helping the<br />
business capitalize on the<br />
latest technology<br />
Is expected to work more<br />
closely with the C-Suite<br />
to develop new business<br />
opportunities<br />
Is a resource for helping<br />
the business deliver new<br />
products and services<br />
faster than competitors<br />
Is a key resource in<br />
supporting the current<br />
business model<br />
Has become a formal<br />
member of the executive<br />
committee/board<br />
No longer focuses<br />
solely on implementing<br />
and managing the IT<br />
infrastructure<br />
Characteristics most important for a CIO when<br />
leading IT transformation<br />
An entrepreneurial<br />
mindset<br />
Ability to bring about<br />
transformation while<br />
simultaneously running the<br />
traditional IT environment<br />
Ability to act as a change<br />
agent acrosss technology<br />
and business disciplines<br />
28%<br />
39%<br />
64%<br />
64%<br />
70%<br />
63%<br />
72%<br />
71%<br />
68%<br />
Source: Forbes Insight/Dell-EMC Study <strong>2017</strong><br />
74%<br />
On being asked about factors driving IT Transformation<br />
strategy, the good old ‘reducing IT cost’ topped the response.<br />
‘Being first to market with new products’ is seen as another<br />
significant driver.<br />
The report, titled "IT Transformation: Success Hinges on<br />
CIO/CFO Collaboration", is based on a global survey of 500<br />
The biggest consequence of CIOs and CFOs not<br />
working together effectively<br />
Our risk of falling behind<br />
competitors increases<br />
Our decisions about technology<br />
investments are not as timely or<br />
accurate as possible<br />
We struggle to scale as<br />
business demands change<br />
We’re slow to capitalize on<br />
technology innovation<br />
We can’t roll out new products<br />
and services fast enough to<br />
satisfy current business demands<br />
We can’t efficiently integrate<br />
acquired business<br />
13%<br />
21%<br />
21%<br />
34%<br />
49%<br />
63%<br />
Source: Forbes Insight/Dell-EMC Study <strong>2017</strong><br />
Biggest benefits from closer<br />
CIO-CFO collaboration<br />
React more quickly to<br />
market changes<br />
Attract new customers in<br />
current markets<br />
More quickly introduce<br />
new products and services<br />
requested by the business<br />
Make better, faster decisions<br />
about investments in<br />
emerging technologies<br />
Successfully enter new markets<br />
Increase sales and profits<br />
Improve and streamline internal<br />
operations and reduce costs<br />
11%<br />
9%<br />
9%<br />
16%<br />
14%<br />
14%<br />
63% 24%<br />
A passion for innovation<br />
63%<br />
Increase shareholder value<br />
5%<br />
Source: Forbes Insight/Dell-EMC Study <strong>2017</strong><br />
Expertise as a<br />
business advisor<br />
Ability to overcome<br />
resistance to change<br />
among end-users<br />
44%<br />
55%<br />
Source: Forbes Insight/Dell-EMC Study <strong>2017</strong><br />
CEOs, COOs, CIOs and CFOs. The survey and a series of<br />
in-depth interviews with global IT and business executives<br />
highlight other underlying frictions that thwart CIOs and<br />
CFOs from forming a united front to capitalize on the benefits<br />
of IT Transformation<br />
26 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
Worldwide<br />
IT Services<br />
Revenue<br />
Rises In<br />
<strong>2017</strong><br />
As per the report, an increase<br />
of 4.0% year-over-year has been<br />
recorded in 1H17<br />
By CIO&Leader<br />
W<br />
Worldwide<br />
revenues for IT Services and Business<br />
Services totaled USD 475 billion in the first<br />
half of <strong>2017</strong> (1H17), an increase of 4.0% year over<br />
year, according to the International Data Corporation<br />
(IDC) Worldwide Semiannual Services<br />
Tracker. IDC expects worldwide services revenues<br />
to surpass USD 1.0 trillion in 2018.<br />
While IT Services delivered more than two<br />
thirds of overall services revenue in 1H17, spending<br />
on Business Services grew faster than the<br />
overall market at 6.0% year over year. IT Services<br />
revenues were largely driven by spending on<br />
technology outsourcing and project-oriented<br />
services, such as application development and<br />
systems and network implementation. Business<br />
Services spending was led by business process<br />
outsourcing and business consulting services.<br />
The largest of the 14 foundation markets IDC<br />
uses to analyze end-user spending and vendor<br />
revenue was business process outsourcing with<br />
1H17 revenues of USD 92.9 billion. Systems integration<br />
was the second largest foundation market<br />
at USD 62.1 billion. Business consulting was the<br />
third largest foundation market in 1H17, followed<br />
by IT outsourcing and software deploy and support<br />
services. The fastest growing markets were<br />
hosting infrastructure services (9.8% growth) and<br />
business consulting (8.2% growth). IT outsourcing<br />
was the only foundation market to experience<br />
declining revenues in 1H17.<br />
On a geographic basis, the United States was<br />
the largest services market with revenues of USD<br />
216.7 billion in 1H17. Western Europe was the<br />
second largest region, followed by Asia/Pacific<br />
(excluding Japan)(APeJ). The markets with the<br />
fastest year-over-year growth in 1H17 were APeJ,<br />
Central and Eastern Europe (CEE), and the United<br />
States. Only two of the eight regions (Japan<br />
and the Middle East & Africa) recorded a decline<br />
in services revenue in 1H17.<br />
"Cloud-related services expected to surpass the<br />
USD 100 billion mark this year," said Lisa Nagamine,<br />
research manager with IDC's Worldwide<br />
Semiannual Services Tracker.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
27
Insight<br />
5 Key Data<br />
Predictions For 2018<br />
Emergence of decentralized immutable mechanisms for<br />
managing data is one of the key predictions highlighted by Mark<br />
Bregman, CTO, NetApp<br />
By Mark Bregman<br />
D<br />
1. Data becomes self-aware<br />
Today, we have processes that act on data and determine<br />
how it’s moved, managed and protected. But<br />
what if the data defined itself instead?<br />
As data becomes self-aware and even more diverse<br />
than it is today, the metadata will make it possible<br />
for the data to proactively transport, categorize,<br />
analyze and protect itself. The flow between data,<br />
applications and storage elements will be mapped in<br />
real time as the data delivers the exact information<br />
a user needs at the exact time they need it. This also<br />
introduces the ability for data to self-govern. The<br />
data itself will determine who has the right to access,<br />
share and use it, which could have wider implications<br />
for external data protection, privacy, governance<br />
and sovereignty.<br />
For ex<strong>amp</strong>le, if you are in a car accident there<br />
may be a number of different groups that want or<br />
demand access to the data from your car. A judge<br />
or insurance company may need it to determine<br />
liability, while an auto manufacturer may want it<br />
to optimize the performance of the brakes or other<br />
28 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
mechanical systems. When data is selfaware,<br />
it can be tagged so it controls<br />
who sees what parts of it and when,<br />
without additional time consuming<br />
and potentially error prone human<br />
intervention to subdivide, approve and<br />
disseminate the valuable data.<br />
2. Virtual machines<br />
become “rideshare”<br />
machines<br />
It will be faster, cheaper and more convenient<br />
to manage increasingly distributed<br />
data using virtual machines, provisioned<br />
on webscale infrastructure,<br />
than it will be on real machines.<br />
This can be thought of in terms of<br />
buying a car versus leasing one or<br />
using a rideshare service like Uber<br />
or Lyft. If you are someone that hauls<br />
heavy loads every day, it would make<br />
sense for you to buy a truck. However,<br />
someone else may only need a certain<br />
kind of vehicle for a set period of time,<br />
making it more practical to lease. And<br />
then, there are those who only need<br />
a vehicle to get them from point A<br />
to point B, one time only: the type of<br />
vehicle doesn’t matter, just speed and<br />
convenience, so a rideshare service the<br />
best option.<br />
This same thinking applies in the<br />
context of virtual versus physical<br />
machine instances. Custom hardware<br />
can be expensive, but for consistent,<br />
intensive workloads, it might make<br />
more sense to invest in the physical<br />
infrastructure. A virtual machine<br />
instance in the cloud supporting variable<br />
workloads would be like leasing:<br />
users can access the virtual machine<br />
without owning it or needing to know<br />
any details about it. And, at the end of<br />
the “lease,” it’s gone. Virtual machines<br />
provisioned on webscale infrastructure<br />
(that is, serverless computing) are<br />
like the rideshare service of computing<br />
where the user simply specifies the<br />
task that needs to be done. They leave<br />
the rest of the details for the cloud<br />
provider to sort out, making it more<br />
convenient and easier to use than traditional<br />
models for certain types<br />
of workloads.<br />
3. Data will grow faster<br />
than the ability to<br />
transport it...and that’s ok!<br />
It’s no secret that data has become<br />
incredibly dynamic and is being generated<br />
at an unprecedented rate that will<br />
greatly exceed the ability to transport<br />
it. However, instead of moving the<br />
data, the applications and resources<br />
needed to process it will be moved to<br />
the data and that has implications for<br />
new architectures like edge, core, and<br />
cloud. In the future, the amount of data<br />
ingested in the core will always be less<br />
than the amount generated at the edge,<br />
but this won’t happen by accident.<br />
It must be enabled very deliberately<br />
to ensure that the right data is being<br />
retained for later decision making.<br />
For ex<strong>amp</strong>le, autonomous car manufacturers<br />
are adding sensors that will<br />
generate so much data that there's no<br />
network fast enough between the car<br />
and data centers to move it. Historically,<br />
devices at the edge haven’t created<br />
a lot of data, but now with sensors<br />
in everything from cars to thermostats<br />
to wearables, edge data is growing<br />
so fast it will exceed the capacity of<br />
the network connections to the core.<br />
Autonomous cars and other edge<br />
devices require real-time analysis at<br />
the edge in order to make critical inthe-moment<br />
decisions. As a result, we<br />
will move the applications to the data.<br />
4. Evolving from “Big<br />
Data” to “Huge Data” will<br />
demand new solid statedriven<br />
architectures<br />
As the demand to analyze enormous<br />
sets of data ever more rapidly increases,<br />
we need to move the data closer<br />
to the compute resource. Persistent<br />
memory is what will allow ultra-low<br />
latency computing without data loss;<br />
and these latency demands will finally<br />
force software architectures to change<br />
and create new data driven opportunities<br />
for businesses. Flash technology<br />
has been a hot topic in the industry,<br />
however, the software being run on it<br />
didn’t really change, it just got faster.<br />
This is being driven by the evolution<br />
of IT’s role in an organization. In the<br />
past, IT’s primary function would have<br />
been to automate and optimize processes<br />
like ordering, billing, accounts<br />
receivable and others. Today, IT is integral<br />
to enriching customer relationships<br />
by offering always-on services,<br />
mobile apps and rich web experiences.<br />
The next step will be to monetize the<br />
data being collected through various<br />
sensors and devices to create new business<br />
opportunities and it’s this step<br />
that will require new application architectures<br />
supported by technology like<br />
persistent memory.<br />
5. Emergence of decentralized<br />
immutable mechanisms<br />
for managing data<br />
Mechanisms to manage data in a trustworthy,<br />
immutable and truly distributed<br />
way (meaning no central authority)<br />
will emerge and have a profound<br />
impact on the datacenter. Blockchain is<br />
a prime ex<strong>amp</strong>le of this.<br />
Decentralized mechanisms like<br />
blockchain challenge the traditional<br />
sense of data protection and management.<br />
Because there is no central point<br />
of control, such as a centralized server,<br />
it is impossible to change or delete<br />
information contained on a blockchain<br />
and all transactions are irreversible.<br />
Current datacenters and applications<br />
operate like commercially managed<br />
farms, with a central point of control<br />
(the farmer) managing the surrounding<br />
environment. The decentralized<br />
immutable mechanisms for managing<br />
data will offer microservices that<br />
the data can use to perform necessary<br />
functions. The microservices and data<br />
will work cooperatively, without overall<br />
centrally managed control<br />
–Mark Bregman, CTO, NetApp outlines 5 key<br />
CTO predictions for 2018.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
29
Insight<br />
2018 Top 10 BI/<br />
Analytics Trends<br />
BI software maker Tableau presents top 10 BI trends for<br />
the new year<br />
By CIO&Leader<br />
30 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
D<br />
Don’t Fear AI<br />
Machine learning can make the data<br />
analytics process more efficient, leaving<br />
the analysts with more time to<br />
think about business implications and<br />
the next logical steps. It also helps the<br />
analyst explore and stay in the flow<br />
of their data analysis because they no<br />
longer have to stop and crunch the<br />
numbers. Instead, the analyst is asking<br />
the next question.<br />
The human impact of liberal arts<br />
As analytics evolves to be more art<br />
and less science, the focus has shifted<br />
from simply delivering the data to<br />
crafting data-driven stories that inevitably<br />
lead to decisions.<br />
The Promise of NLP<br />
The rising popularity of Amazon<br />
Alexa, Google Home, and Microsoft<br />
Cortana have nurtured people’s expectations<br />
that they can speak to their<br />
software and it will understand what<br />
to do. This same concept is also being<br />
applied to data, making it easier for<br />
everyone to ask questions and analyze<br />
the data they have at hand.<br />
The Debate for Multi-cloud<br />
Rages On<br />
As multi-cloud adoption rises, organizations<br />
will have to manoeuvre<br />
through the nuance of assessing<br />
whether their strategy measures how<br />
much of each cloud platform was<br />
adopted, internal usage, and the workload<br />
demands and implementation<br />
costs.<br />
Rise of the Chief Data<br />
Officer<br />
To derive actionable insights from data<br />
through analytics investments, organizations<br />
are increasingly realizing the<br />
need for accountability in the C-Suite<br />
to create a culture of analytics. For a<br />
growing number of organizations, the<br />
answer is appointing a Chief Data Officer<br />
(CDO) or Chief Analytics Officer<br />
(CAO) to lead business process change,<br />
overcome cultural barriers, and communicate<br />
the value of analytics at all<br />
levels of the organization. This allows<br />
the CIO to have a more strategic focus<br />
on things such as data security.<br />
The Future of Data<br />
Governance is<br />
Crowdsourced<br />
BI and analytics strategies will<br />
embrace the modern governance<br />
model: IT departments and data engineers<br />
will curate and prepare trusted<br />
data sources, and as self-service is<br />
mainstreamed, end users will have the<br />
freedom to explore data that is trusted<br />
and secure. Top-down processes that<br />
only address IT control will be discarded<br />
in favor of a collaborative development<br />
process combining the talents of<br />
IT and end users.<br />
Vulnerability Leads to a<br />
Rise in Data Insurance<br />
Cyber and privacy insurance covers<br />
a business’ liability for a data breach<br />
in which the customer’s personal<br />
information is exposed or stolen by a<br />
hacker. As data’s value increases and<br />
Top-down<br />
processes that<br />
only address IT<br />
control will be<br />
discarded in favor<br />
of a collaborative<br />
development<br />
process combining<br />
the talents of IT<br />
and end users<br />
so do the threats, companies will look<br />
for an option Z—the last option.<br />
Increased Prominence of<br />
the Data Engineer Role<br />
Data engineers are responsible for<br />
extracting data from the foundational<br />
systems of the business in a way that<br />
can be used and leveraged to make<br />
insights and decisions. As the rate of<br />
data and storage capacity increases,<br />
someone with deep technical knowledge<br />
of the different systems, architecture,<br />
and the ability to understand<br />
what the business wants or needs<br />
starts to become ever more crucial.<br />
The Location of Things will<br />
Drive IoT Innovation<br />
One positive trend that is being seen<br />
is the usage and benefits of leveraging<br />
location-based data with IoT devices.<br />
This subcategory, termed “location<br />
of things,” provides IoT devices with<br />
sensing and communicates their geographic<br />
position. By knowing where<br />
an IoT device is located, it allows us to<br />
add context, better understand what<br />
is happening and what we predict will<br />
happen in a specific location.<br />
As it relates to analyzing the data,<br />
location-based figures can be viewed<br />
as an input versus an output of results.<br />
If the data is available, analysts can<br />
incorporate this information with their<br />
analysis to better understand what is<br />
happening, where it is happening, and<br />
what they should expect to happen in a<br />
contextual area.<br />
Universities Double Down<br />
on Data Science and<br />
Analytics Programs<br />
The hard skills of analytics are no<br />
longer an elective; they are a mandate.<br />
2018 will begin to see a more rigorous<br />
approach to making sure students<br />
possess the skills to join the modern<br />
workforce. And as companies continue<br />
to refine their data to extract the<br />
most value, the demand for a highly<br />
data-savvy workforce will exist —<br />
and grow<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
31
Insight<br />
Digital Business Is<br />
Making CIOs And<br />
Their IT Organizations<br />
More Change-Ready<br />
It is known that digitalization and technological evolution<br />
has transformed the role of the CIO<br />
By CIO&Leader<br />
32 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Insight<br />
AAccording to 2018 Gartner CIO Agenda Survey, 51%<br />
of CIOs surveyed in India reported that they are taking<br />
charge of innovation and 49% have indicated that<br />
they are heading up digital transformation.<br />
The survey results show that, overall 95% of CIOs<br />
expect their jobs to change or be remixed due to digitalization.<br />
IT delivery management is taking up less and<br />
less of the CIO's time. Respondents believe that the two<br />
biggest transformations in the CIO role will be becoming<br />
a change leader, followed by assuming increased<br />
and broader responsibilities and capabilities.<br />
Globally growth is the No. 1 CIO<br />
priority for 2018<br />
However in India, CIOs reported optimizing enterprise<br />
operational excellence (66%), tracking business<br />
value of IT (64%) and business cost optimization<br />
(62%) as their top priorities. The good news for CIOs<br />
in India is that more money will be available to support<br />
these priorities. IT budgets in India are expected<br />
to increase by 7.4% in 2018. This compares to an<br />
expected 3% IT budget increase globally.<br />
Define the role – focus attention<br />
beyond IT<br />
At least 84% of all top CIOs surveyed have responsibility<br />
for areas of the business outside traditional IT.<br />
The most common are innovation and transformation.<br />
51% of respondents in India said that the CIO<br />
in their organization is in charge of innovation while<br />
49% said the CIO heads up digital transformation<br />
and 30% said the CIO leads enterprise change. The<br />
survey found that CIOs are spending more time on<br />
the business executive elements of their jobs compared<br />
with three years ago. In fact, CIOs from top<br />
performing organizations are spending up to four<br />
days more on executive leadership. The more mature<br />
an enterprise's digital business is, the more likely the<br />
CIO will report to the CEO.<br />
In a change from previous surveys, respondents<br />
were asked to name the top differentiating technologies<br />
(in previous years they were asked about investment<br />
levels). Business intelligence (BI) and analytics<br />
still retain the No. 1 spot, with top performers most<br />
likely to consider them strategic.<br />
Implement the new role<br />
79% of CIOs report that digital business is making<br />
their IT organizations more "change-ready," which<br />
suggests that now is a good time to implement change<br />
to the IT organizations, and, in turn, should make the<br />
transition to the new job of the CIO easier.<br />
The first part of the new job of the CIO is to build<br />
the required bench strength to scale the enterprise's<br />
digital business through support for the digital ecosystem.<br />
This means hiring new resources to put in<br />
place the right digital team structures. Some CIOs<br />
favor a separate digital team while others make digitalization<br />
part of the day job of IT and the enterprise.<br />
However, 71% of the top performers have a separate<br />
digital team to help them scale their digitalization<br />
efforts. The most common structure for these teams<br />
is to report to the CIO, although the biggest difference<br />
between the top performers and their peers is in the<br />
CEO reporting relationship of these teams.<br />
"The effects of digitalization are profound. The<br />
impact on the job of CIO and on the IT organization<br />
itself should not be underestimated," said Mr.<br />
Rowsell-Jones. "In this new world, CIO success is not<br />
based on what they build, but the services that they<br />
integrate. The IT organization will move from manufacturer<br />
to buyer, and the CIO will become an expert<br />
orchestrator of services. The real finding though is<br />
that this is happening now, today. CIOs must start<br />
scaling their digital business and changing their own<br />
jobs with it now."<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
33
OPINION<br />
"Robot Revolution:<br />
Which Sector Will<br />
Be The First To Go<br />
100% Robot?"<br />
Dr Antonio Espingarderio reveals that we are<br />
going to see more of merging between human<br />
intelligence and machine learning<br />
By Dr Antonio Espingarderio<br />
34 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Opinion<br />
WWe<br />
live in a time where technology is<br />
the driving force of the constant evolution<br />
of the world we know. Society has<br />
advanced at a much faster rate in the<br />
past century than any other known<br />
point in time, and it seems to be only<br />
gathering pace. Robotics will accelerate<br />
this change, altering the workplace<br />
we see now by taking over tasks traditionally<br />
handled by humans and<br />
completing them at a much faster and<br />
more efficient rate. We are likely only<br />
decades away from seeing some industries<br />
dominated by robots, but which<br />
sector will be first?<br />
Industry has undergone huge<br />
changes continuously since the days of<br />
the industrial revolution. It continues<br />
to do so, with the International Federation<br />
of Robotics (IFR) stating "by 2019<br />
more than 1.4 million new industrial<br />
robots will be installed in factories<br />
around the world". Considering the<br />
IFR projections and the constant need<br />
for producing more goods faster and<br />
cheaper for an increasingly connected<br />
and growing population, then it is<br />
most likely that this is the first sector<br />
that will see complete automation over<br />
the next few decades. But is this so<br />
surprising? Automation in factories<br />
has been on the increase for a number<br />
of years. How automation integrates<br />
factories in the wider supply is an<br />
interesting concept.<br />
The concept of industry 4.0 involves<br />
having automation, internet of things,<br />
cloud computing, interoperability and<br />
decentralised decision making. In other<br />
words, the factory becomes 'smarter'<br />
and efficient. Nevertheless, it is not only<br />
the integration of robots in factories<br />
that will change, but the whole notion<br />
of logistics. Today after ordering goods<br />
it takes a long time for them to arrive to<br />
their final destination. This is essentially<br />
because the production chain is disconnected<br />
from the distribution chain<br />
as goods are produced in disparate<br />
locations. However, with high levels of<br />
automation, production isn't an issue.<br />
The main question is how to distribute<br />
goods as quickly as possible. It is likely<br />
that either factories will have to move<br />
within closer proximity of their customers<br />
thus decentralising their branches<br />
or distribution will be made autonomous<br />
in order to make it a more efficient<br />
process. Overall this will shorten the<br />
time between the ordering stage and<br />
delivering stage, which will represent<br />
big changes in economic terms.<br />
Secondly, autonomous driving<br />
vehicles are already revolutionising<br />
our concept of transportation. One of<br />
the main reason for their development<br />
is safety. According to the Association<br />
for Safe International Road Travel, 1.3<br />
million people die in road accidents<br />
every year. The phenomenon means<br />
a complete rearrangement in the way<br />
transportation takes place with the<br />
"road travel" time gaining new meaning<br />
in terms of global management and<br />
productivity. Tasks that are repetitive<br />
and dangerous are likely to resemble<br />
the three Ds of robotics: dirty, dangerous<br />
and dull. However, this is like to<br />
be more evolution than revolution and<br />
an iterative process that takes time. It<br />
will mean a progressive introduction<br />
of autonomy features in road vehicles<br />
through the forms of autonomous parking,<br />
braking assistance, pedestrians'<br />
awareness, night vision, heat detection,<br />
lane detection, road signs detection and<br />
wheel and seats alarms, among others.<br />
This is what you are going to see over<br />
the next decades when buying or renting<br />
cars, but don't expect driving autonomously<br />
to arise suddenly. There is still<br />
a long way to go in terms of vehicles,<br />
infrastructures and maps. The phenomenon<br />
is likely to open a set of new<br />
opportunities in terms of car services<br />
and geographical information systems<br />
such as map purchases and updates.<br />
Similarly, the notion of time management<br />
is likely to change. We can use our<br />
time to do other things while in autonomy<br />
modes. Advertising and ecommerce<br />
on vehicles is likely to take new routes<br />
in terms of human productivity, leisure<br />
or education.<br />
In both ex<strong>amp</strong>les, automation will be<br />
using machine learning. The advantages<br />
of processing high volumes of<br />
information, finding patterns and<br />
highlight flaws or new ways of thinking<br />
are vast, especially in supervised<br />
learning. The use of these systems<br />
will mean "smarter business", more<br />
competitiveness and better outcomes<br />
for all stakeholders. However, because<br />
the rooting of these systems is largely<br />
dependent on "human common sense",<br />
their adoption is likely to result in a<br />
merger. Humans are tremendously<br />
good at common sense and pondering;<br />
computers are extremely good in<br />
presenting facts, patterns, source data,<br />
numbers, graphs, tables, metrics and<br />
so on. So, what you are going to see is<br />
not "robots taking over", but instead<br />
the merging between human intelligence<br />
and machine learning.<br />
Lastly, areas such as critical thinking,<br />
advising, customisations, arts, design,<br />
dedicated customer service, empathy<br />
and sympathy are not likely to be fully<br />
integrated into robotics anytime soon.<br />
In other words, robots can't takeover<br />
where there is creativity, emotions,<br />
social intelligence and human contact<br />
involved. These are all human traits<br />
difficult to generate and translate<br />
through machines so roles and sectors<br />
reliant on these skills are likely to be<br />
safe from to robotic revolution for the<br />
foreseeable future.<br />
Interestingly the rise of robotics has<br />
led to a new set of jobs that are safe from<br />
robotic revolution for the foreseeable<br />
future. As Voltaire said "work saves<br />
us from three great evils: vice, boredom<br />
and need". Despite the imminent<br />
robotic revolution, it seems "work" will<br />
continue, it is only the nature of "work"<br />
that will change<br />
–The author is member of IEEE Robotics<br />
& Automation Society<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
35
Opinion<br />
How Platform<br />
Business Models<br />
Are Transforming<br />
Insurance…<br />
Insurance players have started collecting and<br />
leveraging customer data in newer ways, creating<br />
completely new opportunities for themselves<br />
By Sangeet Paul Choudary<br />
36 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Opinion<br />
TTesla<br />
has already changed the rules of<br />
the transportation and energy industries.<br />
Up next might be insurance.<br />
Earlier this year, Tesla announced that<br />
it would offer lifetime auto insurance<br />
bundled with the cost of the car. The<br />
company is betting that its improved<br />
machine learning will bring down the<br />
risk profile of its entire fleet of connected<br />
cars.<br />
Tesla’s announcement is only one of<br />
the many ex<strong>amp</strong>les of how the traditional<br />
insurance model is poised for<br />
change. Traditional insurers have long<br />
relied on two customer touchpoints:<br />
at the time of sale and at the time<br />
of claim. As the world gets increasingly<br />
connected, the current data void<br />
between these two touchpoints is<br />
about to be filled.<br />
Insurance firms are already shifting<br />
in this direction. In the past, they captured<br />
data as a one-time event, using it<br />
to statically determine customers’ risk<br />
profiles and premiums. Today, they<br />
are embracing connected technologies,<br />
especially in the auto and health<br />
sectors, to offer personalised and<br />
dynamic insurance premiums to their<br />
customers.<br />
Connected Data Paving<br />
the Way to Innovation<br />
Some insurers, like Progressive and<br />
Insure The Box, got a head start by<br />
retrofitting cars with data-capturing<br />
devices, while others are relying on<br />
partnerships with original equipment<br />
manufacturers. Greater market intelligence<br />
gathered via these sensors and<br />
connected products allows insurance<br />
firms to offer personalised premiums.<br />
This new source of data can also<br />
inform product innovation. Bought<br />
By Many, a UK-based insurtech firm,<br />
has successfully intermediated such<br />
opportunities by aggregating users<br />
with special insurance needs – a rare<br />
illness or a unique occupational hazard<br />
– and allowing insurers to serve<br />
them at scale.<br />
This connected model is also seeing<br />
early signs of uptake in the commercial<br />
insurance world. Logistics firms<br />
managing large shipments can gather<br />
sensor data to inform insurers on the<br />
status of shipments. Even business<br />
insurance can look at data patterns<br />
captured by cloud-based invoicing<br />
and accounting applications to determine<br />
the liquidity and credit-worthiness<br />
of parties.<br />
But connected insurance and personalised<br />
premiums are only the first<br />
steps towards a much larger potential<br />
for value creation. The insurance<br />
industry has long monetised the<br />
promise to protect customers should<br />
an extreme event take place. With<br />
constant data capture, they can now<br />
promise avoidance of such extreme<br />
events in the first place.<br />
New Monetisation<br />
Opportunities<br />
Value creation will begin with a feedback<br />
loop training insured parties to<br />
change behaviours based on the data<br />
captured about them. Auto insurers<br />
have started experimenting with such<br />
feedback. In the UK, Marmalade fits a<br />
black box behind the car dashboard of<br />
young drivers, providing them with<br />
feedback and education to improve<br />
their driving habits over time. This<br />
unlocks new monetisation opportunities<br />
for the insurer, in the form of<br />
value-added services ranging from<br />
education on better driving to tracking<br />
a stolen vehicle or a possible break-in.<br />
In doing so, insurers will increasingly<br />
compete with non-traditional insurance<br />
players.<br />
As insurers move down this path,<br />
they will realise that ownership of<br />
consumer data can give them a great<br />
competitive edge. They will also reckon<br />
that one firm alone cannot manage<br />
all possible value creation for the end<br />
consumer. This is all the more true of<br />
insurers whose processes have been<br />
geared towards risk assessment and<br />
claim management rather than product<br />
innovation.<br />
To exploit their data advantage while<br />
also scaling value creation, insurers<br />
will have to explore ecosystem-based<br />
approaches. In such ecosystems, the<br />
insurer will work with a range of third<br />
parties willing to offer relevant value<br />
to end customers based on their data<br />
profile. Some insurers have partnered<br />
with external platforms like Nest to<br />
track home safety indicators. However,<br />
the data ownership may still lie<br />
with the external platform. The real<br />
opportunity for insurers is in owning<br />
these data and creating their own<br />
ecosystem instead of relying on thirdparty<br />
ones.<br />
Regulators Will Have a<br />
Role to Play<br />
The transformation of insurance firms<br />
into insurer ecosystems presents a<br />
large opportunity. Unlike traditional<br />
insurance whose moat and scalability<br />
ride on a comprehensive network of<br />
agents, insurer ecosystems will be<br />
easier to defend because of network<br />
effects. The more data they will capture<br />
about customers, the more third<br />
parties will partner with them. In<br />
turn, the more third parties that offer<br />
value, the stronger the value proposition<br />
will be for the end customer.<br />
Eventually, a few large ecosystems<br />
may own the market.<br />
Regulators will also need to understand<br />
the ecosystem opportunity if<br />
they are to enable this shift. While<br />
traditional insurance data are heavily<br />
regulated, much of the data that supports<br />
new value creation is less clearly<br />
regulated at present. For ex<strong>amp</strong>le, data<br />
on active care and cure are heavily<br />
regulated in the healthcare sector but<br />
wellness and fitness data live in greyer<br />
zones. Regulators will need to draft<br />
policies that balance user privacy<br />
and innovation<br />
–The writer is co-author of Platform Revolution<br />
and author of Platform Scale.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
37
FEATURE<br />
How Innovation<br />
Works And How<br />
To Lead It<br />
Anand P Gaikwad, Senior Manager, ITSP2 Global Program<br />
Management at Volkswagen IT Services India NEXT100<br />
Winner <strong>2017</strong>, talks about how leadership is an art of<br />
shaping people and transforming each team member to<br />
become the future leader<br />
By Anand P Gaikwad<br />
38 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
Feature<br />
IIn 1978, Transformational Leadership<br />
was introduced by expert, James Mc-<br />
Gregor Burns, in his book “Leadership”.<br />
He explained it as a process where<br />
followers of a leader are developed to<br />
the higher levels of morality and motivation.<br />
In the same context, I would like<br />
to submit my perspective about leadership<br />
and opportunities for innovation.<br />
What is Leadership?<br />
“Leadership is a combination of art and<br />
science; it is an attitude to make people<br />
work better than they would have been,<br />
without you,” - this certainly does not<br />
mean that you perform micro-management<br />
or sit on someone’s head to make<br />
them work better rather to build an<br />
attitude to deliver their best. If you are<br />
a leader with power, you can easily control<br />
people but this will lead to failure.<br />
Leadership is not about controlling<br />
people but inspiring them to perform<br />
well and encourage them to think out of<br />
the box, make mistakes, and learn from<br />
them. Delegation is one of the most<br />
important aspects of leadership. If true<br />
leaders think in terms of developing the<br />
people they are leading, they delegate.<br />
This also helps discover new perspectives<br />
of a team member and motivate<br />
him/her to hone their potential.<br />
The Inside Out Approach<br />
I would like to give a reference of the<br />
“Golden Circle” explained by Simon<br />
Sinek in one of his TEDx talks in September<br />
2009 at Washington D.C in the<br />
United States of America.<br />
He gave an apt ex<strong>amp</strong>le to explain<br />
how big companies and their exclusive<br />
products become successful - just by<br />
changing the way they think, and market<br />
their products better. In a similar<br />
way, leaders can change their approach<br />
and adapt the ‘Inside Out Approach’ to<br />
be successful in his/her role.<br />
The leaders are influencers but not<br />
many of them actually think of why<br />
they want to influence people; Do they<br />
influence to control, motivate, or lead?<br />
By knowing the current issues in the<br />
team and identifying the opportunities,<br />
he/she can very well define “WHY”.<br />
WHY: Very few people or companies<br />
can clearly articulate WHY they do<br />
what they do. This isn’t about making<br />
money – that’s a result. WHY is all<br />
about your purpose, cause or belief.<br />
WHY does your company exist? WHY<br />
do you get out of bed in the morning?<br />
And WHY should anyone care?<br />
“If the leader knows the objective of<br />
his actions, he/she can be a positive<br />
leader.”<br />
As a leader, one should always look<br />
for the opportunities to develop the<br />
team and self to strengthen the delivery<br />
and keep the team spirit up. There<br />
is always a scope for the leader to<br />
improve; it is just a matter to understand<br />
why there is an opportunity and<br />
what needs to be changed.<br />
Once the leader knows why, the next<br />
thing is to delimit “HOW”, once the<br />
problems are known and the opportunities<br />
are identified, then leaders must<br />
outline how to tie the loose ends and<br />
handle the situation.<br />
HOW: Some companies and people<br />
know HOW they do what they do.<br />
Whether you call them a ‘’differentiating<br />
value proposition’’ or ‘’unique selling<br />
proposition,’’ HOWs are often given<br />
to explain how something is different<br />
or better. Not as obvious as WHATs ,<br />
Leadership is not<br />
about controlling<br />
people but inspiring<br />
them to do well and<br />
encourage them to<br />
think out of the box,<br />
make mistakes, and<br />
learn from them<br />
and many think these are the differentiating<br />
or motivating factors in a decision.<br />
It would be false to assume that’s<br />
all that is required.<br />
This could be another important factor<br />
of situational leadership where the<br />
leader has to show the dynamics of his/<br />
her skills and solve the problem without<br />
hurting the moral, sentiments, and<br />
motivation of the team.<br />
A proven ex<strong>amp</strong>le of this is the<br />
‘Gamification’ concept that I introduced<br />
in one of the organizations I worked to<br />
handle a similar situation. It is crucial<br />
to identify the loose ends and the corresponding<br />
opportunities and then<br />
define the HOW, so the sentiments of<br />
the team are skillfully handled. Do<br />
not touch the moral aspect and keep<br />
your team motivated just by allowing<br />
healthy competition in the team.<br />
Now the WHY and HOW is distinct,<br />
it’s a time to do the marketing for your<br />
WHAT. It is simply about educating<br />
the team on your strategies, purposes<br />
and deliverables.<br />
WHAT: Every single company and<br />
organization on the planet knows<br />
WHAT they do. This is true no matter<br />
how big or small, no matter what<br />
industry. Everyone is easily able to<br />
describe the products or services a<br />
company sells or the job function they<br />
have within the system. WHATs are<br />
easy to identify.<br />
The strategy is to have the synergy<br />
between you and the team. The purpose<br />
is to align them and yourself to the<br />
organizational goal and altogether create<br />
an inspiring vision for the future.<br />
Innovation in Leadership<br />
Using innovation in leadership can<br />
positively improve the perception of<br />
the leader and it improves the collaboration<br />
and the efficiency, I believe this<br />
is the best way to state the thin line<br />
between efficiency and effectiveness.<br />
It is not only to improve the results<br />
but also to build the design thinking<br />
culture in the organization. Getting the<br />
team united with your inspiring vision<br />
is essential for future viability.<br />
<strong>December</strong> <strong>2017</strong> | CIO&LEADER<br />
39
Feature<br />
The hardest skills to find are those that can’t be performed by machines<br />
Q: How difficult, if at all, is it for your organisation to recruit people with these skills or characteristics?<br />
Q: In addition to technical business expertise, how important are the following skills to your organisation?<br />
Difficulty in recruiting people with skill<br />
Respondents who answered somewhat<br />
difficult or very difficult<br />
Importance of skill<br />
Respondents who answered somewhat<br />
important or very important<br />
Creativity and<br />
Innovation<br />
77% 1<br />
Leadership<br />
75%<br />
2<br />
Emotional<br />
intelligence<br />
64%<br />
4<br />
Adaptability<br />
61%<br />
5<br />
Problem solving<br />
61%<br />
6<br />
Source: PwC’s 20th Annual CEO Survey on the impact of innovation & technology on business growth<br />
Develop Innovative<br />
Behavior to Lead &<br />
Personalize<br />
Sometimes the job gets boring and it<br />
can lead to demotivation. Personalizing<br />
is one of the aspects to keep the<br />
teams motivated. For ex<strong>amp</strong>le, the<br />
quarterly leadership meet is planned<br />
in the boardroom for two days. Instead,<br />
move this meeting to a beach and spend<br />
quality time with your team in an open<br />
environment where all the participants<br />
can rejuvenate and have fun. It<br />
is extremely crucial to allow your team<br />
to unwind and put their mind off the<br />
work. This quality time can help them<br />
come back to their respective jobs with<br />
positive force. This will also elevate<br />
the human experience and broaden<br />
the scope of the knowledge and understanding<br />
in the team.<br />
Transformative Play<br />
(Gamification)<br />
Routine work such as day-to-day<br />
operations is a very inflexible process.<br />
Playing a game associated with your<br />
objective and well-defined rules always<br />
improvises the perfection and unquestionably,<br />
your business delivery. This<br />
concept certainly has power to deliver<br />
the quality service to our customers<br />
and build a healthy competition within<br />
the team.<br />
Collaborative Thinking<br />
An innovative leader always collaborates.<br />
It does not matter if the idea<br />
shared is impossible or unrealistic but<br />
it creates the opportunity for others to<br />
think and come up with possible and<br />
realistic ideas. For ex<strong>amp</strong>le, setting<br />
up a “Thinkers Club” (The concept of<br />
Thinkers Club was in place since 1819<br />
and it was popularized throughout the<br />
German Confederation). As an activity,<br />
the club members will meet every week<br />
on any day for an hour just to “think”,<br />
discuss, talk and present the ideas that<br />
they think are helpful to build a strong<br />
organization and justify the core value<br />
of “Innovation”.<br />
Experimentation<br />
Innovative thinking leads to redefine<br />
the problem or reframe it. Looking at<br />
the problem in a different way gets the<br />
required insight. An innovative leader<br />
always looks at the issues in a unique<br />
way to uncover the hidden sights and<br />
experiment on finding possible solutions.<br />
It is simply not experimenting<br />
but checking how it has yielded the<br />
results he/she desired<br />
40 CIO&LEADER | <strong>December</strong> <strong>2017</strong>
100<br />
Finance decision-makers<br />
of India’s top companies<br />
will be getting together<br />
in March 2018<br />
Are you there?<br />
(WATCH THIS SPACE FOR MORE DETAILS)<br />
For engagement opportunities, please contact<br />
Seema Menon<br />
seema.menon@9dot9.in, +919740394000<br />
Mahantesh<br />
mahantesh.g@9dot9.in, +919880436623