Managing more with less – allocating your IT portfolio intelligently to remain resilient in the current business environment, was the theme of the IT Showcase Asia 2009 event organised by business performance enhancement company, the JFPS Group at the Berjaya Times Square Hotel & Convention Centre in Kuala Lumpur on 6 & 7 October.

The topics covered included issues such as virtualisation, cloud computing, security, information technology (IT) service management, outsourcing, open source software, shared services and so on, their benefits in terms of greater efficiency of IT and human resource use and the risks involved if not handled correctly.

“Given that many organisations have limited or reduced budgets, yet they still strive to achieve performance excellence but given the current state of the economy, companies are trying hard to curb unnecessary spending, while ensuring their objectives will still be met,” said Dato’ Dr. Sharifah Zarah Syed Ahmad, Deputy Secretary-General (Policy), Ministry of Science, Technology and Innovation (MOSTI).

“With the amount of support that is expected from IT, businesses will continue to invest, be it in the area of network, storage, hardware, software, servers, operating systems, portals, data warehouses, etc. and as IT forms the operations framework of the business, it pays to manage the allocation of resources wisely, especially at this point of time.

“I am made to understand that you will be deliberating during this two-day conference whether to invest in new systems or just maintain systems you currently have in place.

“In a 2006 survey of company spending on IT in the USA, more than three in four senior executives say their company's technology spending has had a positive business impact in recent years, but there appears to be much room for improvement--particularly in the areas of return on IT spending, reduction of waste and increased effectiveness of the IT function.

“Many top executives say their company has achieved a positive business impact from its IT investments over the past three years. By aligning IT and overall business objectives more closely, CIOs can show how investments are helping the business to succeed.

“The majority of senior executives agree that visibility and transparency of IT spending, IT integration into risk compliance programs, IT governance, and business-driven measurements are 'very important' to the effectiveness of their company's IT function.

“I have no doubt that as the ICT sector continues to develop, new challenges will emerge to take the place of the ones met and dealt with over the course of 2009. That is in the nature of this industry. ICT should not daunt us. I am confident that all of you will benefit from IT Showcase Asia which emphasizes on the right way to manage your scarce IT resources,” Dr. Zarah added.

Handling new developments properly

“The wave of new developments in IT can be punishing for organisations which don't handle them properly,” said Tarry Singh, founder of Avastu Blog, www.ideationcloud.com, which features  real-time market analysis & research on cloud computing, financial markets, virtualisation, global sourcing, emerging trends and business strategies.

A nautical engineering graduate from India, Tarry worked in the shipping and oil & gas industries before he shifted into IT in the late 1990s and he now is a strategic executive with Atos Origin, an international IT services provider headquartered in France. He now resides in the Netherlands and also was the conference chairperson at IT Showcase Asia 2009.

The term “cloud computing” is very much of a buzzword these days, though the concept of distributed users of desktop PCs, notebook PCs, handheld devices or even dumb terminals making use of centralised computing resources remotely over a local or wide area network through a local thin client such as a Web browser is not new and has been known by different terms such as “software-as-a-service” (SaaS), “application service provider (ASP) model,” “Service-Oriented Architecture” (SOA) and so on in the past.

However, there are two basic types of cloud computing – one being public cloud, whereby users make use of common applications such as Google Mail, Hotmail, Yahoo! Mail web-mail services, Google Apps applications, various instant messaging services and so on.

The second type are private clouds – namely, cloud computing systems with unique functions and applications which have been especially built for and operated by a particular company, enterprise or organisation, and these are what Tarry focuses on.

“Security and privacy are big concerns with cloud computing and the consequences could be very damaging if it's not implemented correctly with the right protections, rules of use and best practices in place,” said Tarry.

Whilst an organisation, such as a bank may adopt cloud computing for greater efficiency and reduced cost, as it basically lets its customers serve themselves but by doing so the bank has effectively opened up its internal IT operations, which have hitherto been only accessible to authorised staff, and exposed it to the outside world, hence much greater risk of remote attacks, identity theft and so on, with the risk of losing millions of euros, dollars, ringgit and so on.

“For example, in the old days, a disgruntled employee had to enter the secured area where the computer system is stored to inflict physically damage to the equipment or he would have to plant a malicious piece of script on the system which would activate some time after he had left the company,” said Tarry.

This writer has heard of an instance where a disgruntled employee at a hosting company in the United States sabotaged its system by throwing a Molotov cocktail (a petrol bomb) into the server room, which disrupted its operations for several days. His friend who had his web and mail servers hosted there had to use a public Web mail account whilst the data centre was being restored.

“However now with remote access to provisioning via the Web, a disgruntled employee can wreck the whole system from outside,” said Tarry.

In the old days, applications, databases and so on were maintained on separate servers but nowadays, the tendency is to have stateless servers on standby and the physical servers share a common software layer called a common virtualisation layer called a hyper visor which hosts many virtual machines, each running different operating systems and applications on the same piece of hardware.

Whilst this is gives agility to organisations in how they allocate their physical IT resources, it also opens up the whole system to remote attach via a malicious script sent by a disgruntled employee or ex-employee and strong security measures are required to to protect against them and to find out who was responsible.

Alarms are also required to alert the operator of any abnormal activity or condition, and the company should backup its data on separate areas with different passwords.

“When companies do more with less, they have fewer people to handle and are more prone to malicious disruption and with more adoption of cloud computing, the greater will be their exposure to risk,” said Tarry.

So companies should regularly audit their domains as a comprehensive security health check of their internal and external portals, as well as regular comprehensive penetration testing for vulnerability, security and so on by a trusted security consultant to ensure the security of their IT infrastructure as it moves from physical to virtual, as portals are entry points for hackers.

Players within the IT industry also have their dirty practices where mainframe computer companies which face competition from cloud computing and pay hackers to subscribe to virtual machines and create multiple accounts and bring the cloud down.

There are three layers of cloud computing – namely Software as a Service (SaaS) such as that provided by the customer relationship management provider Salesforce.com, Portal as a Service (Paas) operators such as Google Apps and Microsoft Windows Azure, and Infrastructure as a Service (Iaas) providers such as VMware, Oracle, Cap Gemini and telcos which provide managed network services and managed services.

“Security should be strongest with IaaS since it is the closest to the infrastructure,” said Tarry.

Among emerging technologies are human technology where people look at technology as something required to build business and this is enabling youth in the Netherlands to be sufficiently tech-savvy to be able to tackle business problems.

Other areas are creative design, art, architecture, bio-technology, fish farming and green technology – such as sensors which sense human presence and turn the lamps on or off as appropriate.

He urged Malaysia to look beyond relatively low-skilled, low-tech call centre jobs.

More with less with OSS

Open source software (OSS) enables Malaysian government agencies to do more with less, according to Tan King Ing, deputy director, ICT Planning and Policy Division, Malaysian Administrative Management and Planning Unit (MAMPU)

“Malaysia does not want to buy a package and use only a few modules but we'd rather develop our own software for our own use and OSS lets us build the software once and use it on many platforms without having to pay license fees,” said Tan.

For example, OSS has enabled the government to provide computer-based learning to about 10 million students which would have otherwise costs a bomb and it's enabled the government to save 30% in terms of license and development costs over proprietary software.

The state government agencies of Perak, Pahang, Sarawak and Sabah have been mandated to use the open source OpenOffice productivity suite which can be downloaded and installed on Windows or Linux machines free of charge.

On 16 July, 2004, the cabinet of the Malaysian government decided to use OSS in the public sector and  assigned MAMPU as a central agency within the Prime Minister's Department to lead the country's OSS initiative in collaboration with other government agencies, institutions of higher learning, the private sector, industry associations, government regulators and members of the OSS community.

The aim of the Malaysian Public Sector Open Source Software Master Plan is to establish strategic direction and framework, to develop an  implementation plan and   roadmap, to establish an Open Source Competency Centre (OSCC) to support OSS  implementation in the Public Sector, to formulate policies, standards and guidelines, and to accelerate OSS adoption in the public sector.

It's objectives are to reduce total cost of ownership, increase freedom of choice in software usage, increase interoperability among systems, increase growth in the ICT industry, growth of the OSS industry, growth in the number of OSS users and the developer community, growth in the knowledge-based society and to reduce the digital divide.

At the same time, OSS applications and systems should fit the purpose, coexist with legacy proprietary systems, take advantage of existing facilities, hardware, software and expertise, and above all be free of hardware and software vendor lock in.

The mission of the OSCC is to be a one-stop, national reference centre to lead, guide and support public sector implementation of OSS Master Plan by leveraging OSS community efforts to develop OSCC products.

Its achievements include:-

• MySpamGuard – anti-spam solution to scan and block spam and viruses in incoming and outgoing emails
• MyNetWatch – network monitoring & management solution to identify service outages and alert network administrators
• MyMeeting – online paperless meeting management application for Public Sector agencies
• MySurfGuard – integrated web content filtering suite to curb unproductive web browsing activity
• MyWorkSpace – email collaboration suite with integrated email, calendar, address book, task management and notes features

To promote OSS adoption it provides readily available kits and services available to ALL Public Sector agencies, with comprehensive training courses, such as the OSS Development Toolkit, Advanced Virtualisation Facility and OpenOffice.org Migration Pack.

Its pilot projects rolled out include Ministry of Woman, Family & Community Development –  NurITA, Public Services Department (JPA) – eSILA, Ministry of Education Learning Management System, Ministry of Finance Treasury Portal Upgrade, and Ministry of Finance Economic Intelligence Database System.

Results of the pilot projects include significant savings through reduced use of proprietary software -- namely 88% savings in overall licensing cost of about RM120,000, 58% reduction in development and consultancy costs of about RM2.53million, 7% savings in software support services costs of about RM10,000 and 30.5% savings in overall cost of about RM2.65million. As of 2008, 540 Malaysian government agencies use OSS compared to 25 in 2003.

“If anyone is still not convinced of OSS, come visit the upcoming Malaysian Government Open Source Software Conference (MyGOSSCON) on 4 – 6 November at the Putrajaya International Convention Centre (PICC). For details visit http://mygosscon.oscc.org.my,” said Tan.

The MTR approach to ICT

“Many organisations regard IT as costly and of little of no value to organisations in terms of return on investment (ROI),” said  Daniel Lai, head of information technology, MTR Corporation.

IT department tend to be seen a black box or black hole, IT groups seem to have their own interests, objectives and priorities, IT Services were not available when needed and solutions delivered do not meet business needs. According to Gartner Group -- 70% of IT projects failed because they did not deliver the required values or functions, were delayed, overran their budget and provide little values

“So we should ask ourselves whether we understand our customers’ requirements and expectations, are we doing the right projects, do we understand our stakeholders and their objectives, interests & agenda, what ROIs are we getting from IT investments, and what values IT are delivering,” said Lai

“At MTR Corporation, our IT projects success rate has been 94%, IT initiatives also have to deliver values, benefits, and ROI to the Corporation, IT Services achieve high satisfaction which meet or exceed expectations.

It's not so much a matter of how much or how little we should invest in IT but it's rather a question of the value or benefits generated or delivered which count and besides financial returns, the ROI should be seen in terms of tangible or intangible returns such as statutory reporting & compliance, customer services and company image.

The challenges in making IT Investments include increasing labour costs in terms of software development and maintenance, systems implementation, the balancing of innovation with routine operations, more complex systems architecture, increasing software license and maintenance & support fees, more demanding users, increased demand on systems performance, capacity and
storage, resource constraints and contention, setting priorities – business critical, safety, statutory
requirements, urgent, service, company image.

Consideration in making IT investment decisions, include business operations, business enablement, revenue generation, costs reduction, productivity improvement, customers service improvements, compliance and governance including fulfilment of statutory requirements and reporting, efficiency, faster reporting, business continuity, safety, quality improvements, integration, standardisation and consolidation, whilst delivering greater ROI is a matter of sound IT governance and business-IT alignment.

“Our experience is based on effective demand and portfolio management, sound information systems and IT planning, enterprise architecture and programme management. Making the right decision & investments involve doing the right projects, doing the project right, the right levels of investment, use of the right technology, use of the right partners, the adoption of the right processes, making appropriate choices and consideration of scope in terms of time and sophistication,

MTR Corporation uses annual planning, project management, resource management and other dashboards to enable a quick view of the operation and health of the organisation.
“In conclusion – most enterprises demand for IT solutions and services exceed supply and resources, so the IT group should not be an order taker but to deliver values and benefits, it is necessary to prioritise IT project initiatives and consider ROI and to critically examine costs, resources, priorities, technologies, risks, and to determine benefits and values,” said Lai.

To achieve ROI on IT, the IT group must be innovative and creative, be able to prioritise and be able to say no to certain demands, collaborate with the organisation's business,  understand and manage costs, be able to manage multiple projects,  simplify, rationalise, consolidate, take and manage risks and be ready to transform and change.

The groups’ attention should be on the organisations’ vision, mission, objectives & strategy, be business and market driven, be effectiveness and results, rather than activities and tasks-oriented, provide the appropriate service, adopt the appropriate technology, use the appropriate resources, the appropriate sources, and incur appropriate costs.

Successful IT deployment and effective IT services requires business - IT alignment, clear roles and responsibilities, management commitment and attention, user commitment and participation, sound justification and business case, appropriate resources, priorities and schedules, appropriate methodologies and standards, structured and effective processes, clear and defined service levels, alignment with corporate and business vision, objectives and strategy, IT Governance, business like service and operations, appropriate stakeholders and business relationship management, sound financial, resources and services management, running IT as a business, quantifiable and measurable benefits, a benefits realisation plan, sound management practices, and effective monitoring and reporting.

“As Charles Darwin wrote: It is not the strongest of all the species that survives, nor the most intelligent. Instead, it's the one which is most adaptable to change which survives,” said Lai.“Well, I say: There are so many frameworks, practices and processes we can adopt but it's mind set and attitude that count !,” Lai added.

MTR Corporation is the most prominent public transport provider in the Hong Kong Special  Administrative Region of the People's Republic of China, which carries 3.8 million passengers daily with a public transport market share of 41.6%.

It began operation as the Mass Transit Railway (MTR) in Hong Kong in 1979, was listed on the Hong Kong Stock Exchange in 2000, merged with Kowloon-Canton Railway Corporation to become the present MTR Corporation in December 2007.

Its routes include many urban lines in Hong Kong, the Ngong Ping 360 cable car service, inter-city services between Hong Kong and Beijing, Hong Kong and Shanghai, Hong Kong and Guangzhou, the   Beijing Metro Line 4 which began operation on 28 September, 2009, the Shenzhen Metro Line 4 due to start operation in Mid-2011, the Shenyang joint-venture due to begin operations in 2010, consultancy services in Chengdu, Tianjin, Taiwan and other places, whilst other projects are in negotiation.

Its international business includes the London Overground Rail Operations (LOROL) which operates five existing railways in Greater London, operations in Stockholm, Sweden, Melbourne, Australia and Delhi Airport Project Management in India.

Besides rail services, MTR Corporations core business includes property development and management, station commercial and railway related services such as advertising and shops, telecommunication services, whilst its subsidiary Octopus provides electronic payment services.

There were many other speakers which we have not covered here, including Yajnish Malik, Citrix Systems Area vice-president for ASEAN who spoke on virtualisation from the desktop to the data centre; Andy Tan Eng Teik, senior general manager and chief information officer with the Employees Provident Fund who spoke on achieving IT service excellence through IT service management implementation (ITIL), Tam Kok Yan, head of planning and policy, Defense Service & Technology Agency, Republic of Singapore who spoke about IT disaster recovery management and its key challenges; Morad Rahmani Team Quest Corporation regional sales director (APAC) who spoke on optimising virtualisation; Mark Lloyd, vice-president of the Australian Computer Society who spoke on ICT resource leadership; Kenneth Goh, Rhodia Asia Pacific director of information systems and shared services who spoke on the value and relevance of IT governance; Mani Mulki, executive vice-president for information systems, Godredge Industries who spoke on whether IT outsourcing makes sense during lean times; Abdul Rahman Mohamed, AGM IT Strategy and Governance Group, Malaysia Airlines who spoke about he airline's approach to IT Governance, Risk and Compliance; Cheah Kok Hoong, general manager of the Sunway Group who spoke on how his company did more with less via shared services; Rajiv Yadav, chief operating officer & chief information officer of AIG Retail Bank spoke on the impact of mergers & acquisition; whilst Rodney Lee, head of information technology, Time Quantum Technology spoke on the prevention of data centre leakage.

There also were panel discussions and an exhibition of related IT solutions and services.

In conclusion

Concluding the event Tarry Singh said, “Drive down operational expenditure and increase productivity with ICT. Don't hesitate to ask vendors for value for money, and don't buy toxic software with modules you won't use.

Our print publications, Mobile World and SURF! magazines were the official publication of IT Showcase Asia 2009.