Thursday, January 8, 2015

Musing on Corporate Data and trust!

The report in WSJ today "Puzzle Forms in Morgan Stanley Data Breach" made me reflect on corporate data. The article describes
“Morgan Stanley fired one of its financial advisers after it accused him of stealing account data on about 350,000 clients and posting some of that information for sale online, in potentially the largest data theft at a wealth-management firm.”
Many of us in the corporate world realize the value of “data” and information, especially corporate data. Securing and protecting the data is an entire industry in itself, and incidents like the recent Sony hacking saga highlight how vulnerable corporations are when it comes to protecting data and information.

The Morgan Stanley incident was clearly a case of an insider with access to data either acting with malicious intent or erring big time
“Robert Gottlieb, Mr. Marsh’s attorney, said his client had acknowledged obtaining the account information and confirmed that he was fired. But Mr. Gottlieb said Mr. Marsh didn’t post the data online, and wasn’t seeking to sell it.”
The article adds
“Already, the episode is having ramifications within Morgan Stanley: On Tuesday, people familiar with the matter said the firm has tightened access to its client database so that individual advisers no longer have access to such wide swaths of account data.”
Employees and Information workers need access to critical, sometimes sensitive corporate data to do their job. Athough the jury is still out on whether Mr. Marsh acted with malicious intent, it brings up a question information security experts, business and technology leaders continually grapple with: in an age of big data, where access to information, including corporate data is required to make information workers productive, how to add the right level of checks and balances to avoid such incidents!
Preventing workers from misusing data goes beyond codifying policies. Additional security, access control restrictions, monitoring data access etc comes with additional cost, effort and overhead that may be justified for some data types – PII, Social Security numbers etc. Additional requirements may also be dictated by industry or corporate requirements (account information of financial institution’s customers as in this example). However, additional restrictions may not be practical for all or “routine” information shared across a company.

At the end of the day, it comes down to a balancing act between:
  • Human intelligence: The ability to identify the odd rogue employee/contractor/third party who has access to your data and may be inclined to act with malicious intent and
  • Trust: The need to continue to trust those who legitimately need access to corporate data do their job
Not easy to balance the two!

Sunday, January 4, 2015

Book reviw: "Family Life" by Akhil Sharma

I decided to read Akhil Sharma's Family Life after I came upon his essay in Sunday NYT (essay: “The Trickof Life”). The book is semi-biographical and expands on Mr. Sharma's essay  so I was prepared for a sorrowful narrative of the Sharma family saga. In the NYT essay, Akhil highlights the crux of his story:

“When I was 10 and he was 14, my older brother, Anup, dived into a swimming pool, struck his head on its bottom and remained underwater for three minutes. When he was pulled out, he could no longer walk or talk, could no longer feed himself, could no longer even roll over in his sleep. Only a few months before, he was heading to the Bronx High School of Science.

My parents are deeply pious Hindus. We had been in America for two years when the accident occurred, in 1981. And of course when tragedy occurs, even nonimmigrants and nonpious people find themselves turning to their most atavistic selves. My parents took Anup out of the hospital and brought him to our house. For the next 28 years, until he died, they tried to fix him through faith healing. Strange men — not priests or gurus, but engineers, accountants, candy shop owners — would come to the house and perform bizarre rituals, claiming that God had visited them in a dream and told them of a magical cure that would fix Anup.”

These two paragraphs are perhaps a summary of the book “Family Life.” If this was it, would the book have become a NYT bestseller? To continue to engage readers through descriptions of tormented youth is a skill in itself, and in this respect Akhil does not disappoint.

Much of the book focuses on the travails and tribulations of immigrant Sharma family seen through the eyes of the protagonist, Akhil. He wallows in self-pity while taking us through experiences of an Indian immigrant family in New York. And despite all odds, does well academically and is accepted into Princeton. The rest – a well paying job in investment banking etc follow.

No doubt Akhil and family were dealt a lemon, but as the adage goes ‘We cannot change the cards we are dealt, just how we play the hand.’ It is admirable that Akhil turned his lemon into a story, a bestseller at that!

Bottomline: “Family Life” is neither a must-read nor everyone's cup of tea. However, it is well written, fast paced read if you are in for it.

Note to self: If life gives you a lemon …. write a story about it. (My review on

Wednesday, December 31, 2014

RIP AirAsia Flight 8501 passengers and crew!

Three major airline incidents involving south Asian airlines starting with the disappearance of MH370 earlier this year, downing of another Malaysia Airlines Flight MH17 in Ukraine and now the news of AirAsia Flight 8501. In case of this latest incident involving AirAsia flight, we have received news of bodies being recovered: What a way to end the year!

As a frequent air traveler, I take solace in the high level of safety and professionalism of  the commercial airline industry around the globe. However, as a parent who lost a child on an international flight  (link) I am also highly cognizant of risks of air-travel.
I know how hard it was for us to accept the reality of the abrupt loss of our child on board Jet Airways Flt 229 on 17th June 2008; the memory of which occasionally haunts us. And just as my wife, Sujatha and I learnt to cope with the reality and move forward, I pray that survivors of this tragedy move forward too.

My prayers and sympathies are with the surviving families of AirAsia Flight 8501 passengers and crew! 

Thursday, December 11, 2014

Musing on Uber incient in Delhi : When digital sharing economy meets real world

Airbnb and Uber stand out as pioneers in discussions of cyber sharing economy (aka peer-to-peer economy - wikipedia). New businesses models go through growing pains that include regulatory hurdles and acceptance by society at large. Airbnb that created a market for individuals to share spare rooms/property/living space has continually faced regulatory hurdles. For a while, it was even ruled Illegal in New York City (Huffington post). Uber is a cyber sharing economy darling, that is shaking up taxi cab and personal transportation business

This week, it is Uber's turn to be under the gun. There is a lot of chatter in media - traditional and digital - following the reported rape of a female passenger by driver of a cab requested from her Uber app (Indian Express).

Indian digirati has learnt to take on an activist stance using social media by highlighting incidents of rapes and sexual violence on women, especially after the brutal incident in December of 2012. Twitter flooded with angry messages against Uber (link). Interestingly, some of the very same digirati in India are also consumers and proponents of peer-to-peer services. They are waking up to its limitations, especially to fast paced commercialization of digital services that can negatively impact lives in real world.

One is left wondering if services like Uber designed for sharing economy in the west can (or should) be transplanted to other geographies like India. Uber in the US targets non-commercial drivers -  the average Joe or Jane -  to partake in sharing economy by running his/her car like a "virtual" taxi. The peer-to-peer model relies on a strong foundation of credit, background and criminal checks, and an educated consumer aware of peer-rating system. In India, on the other hand, Uber seems to be merely extending a broken taxi service without fixing the fundamental flaw: non-existent system of credit and background checks. Even criminal checks on Taxi Drivers are spotty as the Delhi incident has glaringly highlighted. (link)

The case brings to fore questions that corporate leaders will also have to address, especially around liability, legal and regulatory policies on use of peer-to-peer services for businesses travel. Interestingly, just last week, a friend was excitedly describing his experience with Uber during a recent trip to Phoenix. We began discussing the lack of corporate policies of managing "liability" when employees use such service for a business trip. A case like the one in Delhi is bound to give corporate executives and lawyers around the globe pause for thought.

It will be interesting to see how Uber rides through this incident. (link:NPR's Marketplace). But it is not a question of whether Uber survives: Taking on risks of creating a new market comes with its rewards [Just recently, Uber was valued at an astounding $40 billion!  (CNN Money).

Cross post on linkedin Pulse

Sunday, November 16, 2014

Amazon's re:invent - A cloud roadmap for the Enterprise

I was at the AWS re:invent this week in sunny Las Vegas. It was an opportunity to observe and learn from experiences of other large enterprises starting on their cloud journey. A few observations that I plan to share with fellow Enterprise Architects and IS executives.

Putting together a show for a large gathering of nearly 13500+ participants is by itself a testament to the seriousness of the cloud strategy. As expected, the Amazon team put together an A-game to demonstrate their cloud roadmaps, but what was more impressive was the large contingent of product vendors and System Integrator partners joining to showcase their capabilities.

The keynote sessions were designed to drive home the point that "The cloud is the new normal," and that AWS is a significant player here. Large customers РCoke America, MLB Advanced Media, Cond̩ Nast were out there to highlight their seriousness in the cloud journey.
Some of the deep-dive sessions highlighted the following
  • Amazon’s AWS is a large, serious public cloud platform that can enable Virtual private clouds (VPC) for enterprises looking to minimize/eliminate their hosted data center footprint.
  • Vendor ecosystem is maturing and working hard to keep up with updates on AWS offerings.
    • For instance many SI partners have ‘cloud service management’ portals and frameworks to address configuration and license key management and service catalogs – services that AWS also announced at re:invent.
  • Prepare adequately while planning a larger scale migration of a portfolio of applications.
    • Lift-and-shift may be a misnomer – legacy applications will have to be lifted-considerably-refactored before ‘shifted’ to the cloud.
  • Virtual private cloud (VPC) holds promise for enterprises looking to “shut” or minimize IS application footprint in their data centers.
    • Configuration, setup and ongoing maintenance of VPC from one’s data center is a complex and highly technical endeavor.
  • Large enterprises may not have the luxury of learning on the job.
    • Design and integrating a VPC with one’s hosted data center is not a walk in the park.
    • Rather than DIY panning to the cloud, selecting the right SI partner is a key to enable the cloud journey.
Also unsaid in the sessions
  • AWS is not the only game in town: the other software giant from Seattle has a serious proposition too.
    • As of 2014, Most large enterprises are ‘wetting their toes in the cloud’ and few are willing or able to bet the farm on a single vendor’s cloud
  • CIO’s Organizations aspire to “shut their datacenters” and move to the cloud
    • Many case studies highlighted the aspiration but only the new-startup’s highlighted operations without traditional data centers. Perhaps the reality of legacy weighs too heavily?
  • Large enterprises may opt for hybrid model
    • The future for large enterprises may well be an ecosystem of VPC’s on AWS and other cloud providers, in addition to their on-premise data centers for critical workloads
  • Architects and engineers at large enterprises need to prepare for the alphabet soup.
    • In addition to existing products, AWS announced a slew of new technologies at the conference - EC2 container, AWS Lambda, Aurora DB, Code deploy, Key management, Config etc. Other cloud vendors have other acronyms for their technologies.
    • Other vendors have other naming, branding and versioning. And it is not just keeping up with branding but versioning and capabilities
  • Cloud is yet another component, albeit a significant component, in the IS technology management mix.
    • For instance, moving 100 ‘legacy’ corporate applications to a VPC on AWS will not minimize the inherent design complexity.
    • The move may reduce cost of infrastructure hosting but not necessarily the cost and complexity of ongoing maintenance and support.
Although these notes are from the AWS re:invent this week, I am sure the other cloud guys down the road in Seattle throw an equally exiting conference to showcase their partner ecosystem, replete with vendor presentations and parties.

(stating the obvious: while thankful to my employer for the trip, and to an SI partner for a ‘free’ event pass, these views are mine alone and not an endorsement of my employer’s cloud strategy) repost from linkedin

Sunday, November 2, 2014

Book review: Rogue Elephant: Harnessing the Power of India’s Unruly Democracy by Simon Denyer

Book Review

My Book review of "Rogue Elephant: Harnessing the Power of India’s Unruly Democracy" by Simon Denyer. Cross posted from

Rogue Elephant is an interesting analysis of some aspects of India's democracy. The author, who has spent the past decade or so reporting on India draws from his notes while highlighting observations.

The book begins and concludes with an analysis of the infamous gang-rape in Delhi that shocked the conscience of the nation. The author devotes several chapters to money and corruption with a brief review of the political players including Rahul Gandhi and Narendra Modi. Simon was rightly betting on one of them ascending to the role of India's Prime Minister. This ensures the book continues to be relevant in 2014 when published.

As with any political narrative, the views of the author and his biases are bound to creep in. This book is no exception. The author focuses on politics in the book while skimming economic reality of life and society. In reality both are intertwined and an analysis of one should include the other. Information Technology and Business Process outsourcing and globalization of Indian manufacturing get only a passing mention. Even the Telecommunication revolution that helped India leapfrog from obsolete land-lines to the information age gets only a passing mention. Instead, Simon focuses on corruption of telcom spectrum handouts. The fact that politicians skimmed billions from the deals is not debatable. However, the benefits of wireless revolution, getting rural Indians access to basic communication and on to information age is downplayed in the narrative.

Understanding the intricacies of India's democracy is hard, even for Indians living through the changes and more so for Non Resident Indians like self, who keep abreast of happenings digitally. Simon's readable book is sure to add to the knowledge base, and will be especially useful for those looking for a “political history” of India in the past decade.

Thursday, October 30, 2014

Musing on globalization - Apple CEO Tim Cook is gay : and other sides to the story

Apple's Tim Cook made headlines today by announcing to the world that he was Gay (Tim Cook Speaks Up - surprising announcement in an opinion piece on Bloomberg BusinessWeek)

This announcement coming from a tech executive and CEO of a Fortune 500 giant made huge ripples in the business and tech media.  It is interesting to see western society not only embracing rights of LGBT but applauding outright while another leader comes "out."  Nothing surprising here, especially given how leaders in other sphere - political leader, Hollywood stars and sports stars - have been regularly making such "announcements."

The same "rights" seem to be non existent in other parts of the world. The reasons are obvious: even a decade after Tom Friedman famously proclaimed the "world is flat" in his book, historic cultural, linguistic and social variances continue to persist and thrive around the world. For instance, on the same topic of LGBT rights, there was a  news item just yesterday, from another "westernizing" country that is benefiting from offshoring and flattening world. A techie working for the offshoring giant Infosys, in Bangalore, was "slapped with Sec 377" by the Indian police after his wife caught his gay acts on spycam. Per Wikipedia "Section 377 of the Indian Penal Code dating back to 1860,[1] introduced during the British rule of India, criminalizes sexual activities "against the order of nature", arguably including homosexual acts."

One can argue whether westernization only goes so far. Countries and societies continue to selectively globalize, and only for aspects that suits them - especially when there are economic gains.

Bottomline: Societies may embrace western 'values' that are required for economic integration with global markets but will zealously continue to guard their cultural, linguistic, political and social identities.