Tuesday, October 19, 2010

The Forrester Wave™: Information Security And Risk Consulting Services, Q3 2010 - excerpt




The Forrester Wave™: Information Security And Risk Consulting Services, Q3 2010


EXECUTIVE SUMMARY
In Forrester's 75-criteria evaluation of information security and risk consulting service providers, we found that Deloitte led the pack because of its maniacal customer focus and deep technical expertise. PricewaterhouseCoopers (PwC), Ernst & Young, and Accenture are market leaders due to their security expertise, breadth of services, and global reach. KPMG provides excellent strategic work and boasts great client feedback. Verizon Business has been quickly catching up to the Leaders due to its focused strategy around security services and flawless execution. Wipro now offers a viable offshore alternative, while HP and IBM have renewed their focus on security consulting services by integrating security competencies from different parts of their business into a coherent unit. BT Global Services continues to provide pragmatic risk-focused consulting services across the globe, and AT&T's recent acquisition of VeriSign's security consulting practice will make it a formidable competitor in this space. Protiviti may not have the same breadth of services, but it delivers excellent customer-focused risk- and compliance-driven services.
The above is an excerpt quoted from the Forrester website. 



Thursday, August 12, 2010

Dangerous corporate relationships

To all you guys ... be careful in how you interact with your female co-worker(s) when you : 


 - forward an email or an SMS to a female co-worker, or, 
 - you tell a joke in her presence which may be saucy / adult / plain xxx, or,
 - you crack a joke about her, or, 
 - you compliment her on her looks / dress or you do not notice her
 - you ignore her at the project party and dance with someone else
 - you do not make a graceful exit from a relationship 
 - you touch her in a friendly manner like slapping her back etc

and so many other things one will normally do with a co-worker who becomes a friend after working day and late evenings on projects, sharing the joys and pains of deliveries, client relations, bad appraisals, un-approved expense statements, birthdays, resignations ... so much and more. 
Oh yes make sure she is not three rungs below you in seniority (according to Idea Cellular it is inappropriate to get into a relationship with someone who is your junior .... ROTFL)  - one or two may be okay ;-) else try another department at the same level and on the same floor. 
This is what I know - women are stronger than men and men had better believe this and make life easier for themselves. So stop getting drunk or bashing them just to prove your masculinity. At the end you are the one who says sorry and cuddles up to her. 

What I fail to understand - women are screaming for equality. They want to wear pants and walk with the guys. You can see liberated and empowered women everywhere - standing with their male friends (or alone) smoking outside buildings, leading presentations, rubbing shoulders in pubs and restaurants. Of course then they also head large corporations and fly planes and spaceships. Oh yes, I forgot the mixed parties at strip clubs - the guys and gals really bond there. 

Any of the above mentioned scenarios is a potential 'sexual harassment' situation and if a woman cries wolf the man has no chance. 

Why do women expect special treatment when there is the eternal quest to be considered equal. 

Over the past few weeks we have seen a few high profile cases 
- Mark Hurd resigned as CEO at HP
- Pradeep Shrivastava resigned as Chief Marketing Officer at idea Cellular
- David Davidoff resigned as CEO at Penguin International
And this blog came about inspired by the incident at Idea Cellular.

Yes there are lots of bad men and they do bad things, but then bad men and bad women do bad things to men too. How many men can claim sexual harassment and how many have done this. Harassment happens in the workplace and at home too... and we have wife beaters and husband-beaters too, except that there is no law to protect the men. 

Let me clarify - I do not want to be considered or to sound sexist or attract the ire of womenfolk. My family has always had more women than men and I love them and have seen them cry, laugh and conquer.  

And there are a number of women I have had the privilege of working with - women of substance and some without (just like the male co-workers). We have partied together, shared jokes, exchanged emails, shared happiness and sorrow, bitched about the boss and the appraisals and the expenses and more. When you spend 10 plus hours with a group of people for so many days of your life you are bound to bond. It happens everywhere !

So when should a woman say harassment and when not ? Maybe that is what we must see in the context of our ambitions to be men and then act like women. Maybe the parent at home must trust the daughter as much as the son and pass on that same thought process to the female. 

What I have to say is that back slapping or a hug and a peck on the cheek among friends is not harassment. Forwarding SMSes or emails to friends is not harassment when you are friends, whether the forwards are tame or of the saucy or adult variety - it has to be taken in the spirit of camaraderie and if any one does not like such communications one can ask the sender to desist. 

Of course if the sender continues to be a pest then the harassment claim will be valid and this can be man to man or man to woman or woman to man.  

So where does one have to draw the line and why - if the workplace is equal opportunity then everyone is equal. Men and women. If so then why does the woman have the right to "claim" harassment and score on a man so easily - I mean she can get a summary judgement against a man just by crying out loud. And be sure that that man / officer will be ostracized in the office right away. 

Another clarification - I do not condone the behavior of people like Rathore or Gill. They have no business touching the ladies inappropriately, gloating over their behavior and then using their powerful connections to browbeat their victims. Even with a man they have no right touching anyone inappropriately. 

See - this is what I mean - what is wrong is wrong. And if you are going up to the moon in a spaceship how do live with three co-workers in a cramped spaceship. Or if you are on a sales trip with a couple of men co-workers how do you avoid the after hours bonding when you are all staying at the same hotel... how will you work together if you are not social with your co-workers. 

Women are all over - one sees more women than men in jobs and it is great. They are a treat to the eyes and no disrespect here. So will I be hauled up for harassment if I look at you - i mean an approving eye is good but a roving eye is evil so how do you tell this apart.

What I do know is that from a man's perspective there may be a lot of potentially situations and one has to have a perspective on this. In any case, to go back to my first statement - women are strong and women want to be empowered so why not take the opportunity and stand tall. Why do u want harassment laws and if they are enacted why have you not asked for gender equality with the same fervor !

Dangerous corporate relationships - what an idea sirji...

Note .. this has been re-posted from my blog infosecgallery.blogspot.com


Update: Aug 14, 2010
People just don't have the patience to read and are getting personal. So I have removed names involved... infer what you may! 


I woke today to see headlines about the newest victim of sexual harassment in the workplace... 

http://www.mumbaimirror.com/article/15/2010081220100812025557903a5a89ba8/Top-idea-executive-charged-with-sex-harassment-quits.html

Reading through the article I could not help but feel sorry for [a] CMO and his family; [b] Chairman and the Company; [c] the telecom industry and [c] the lady who has charged misconduct and her family. 

My opinion - Shooting straight from the hip (as usual) is based on this one article in the Mumbai Mirror, and I will refer to it extensively because I am going to read between the lines and you may find my digressions interspersed in italics - 

[a] The accused - he is called one of the 'brightest sparks' and has been with the group for over 8 years. Inspite of the 'brightness' with reputed institutions behind him, he chose quit and not make a statement before the committee that was investigating the charges. And that too when he could have easily shot down the charges.

Why quit for something that is not proven and not fight back for your honor - get them to fire you ! Then he could have claimed wrongful dismissal !!

That he lived with the charges for two years is another black spot - why did he not actively pursue  for closure when the first charges were leveled two years earlier. Obviously a lot of legal advice has been provided and this formed the basis of action (or lack of it)  - so now he will be pronounced anecdotally guilty ! 

Read the report of the investigating committee and you find that it has gone to great lengths to state he is not guilty so why quit so why did he not lodge a complaint and allow the cops to take this incident to a logical conclusion.

It is always tough on the family and this one will be no different, and neither will life be different for him. 

[My opinion] The newspaper report does not mention any closure. No complaint has been filed; no settlement is made. Nothing at all to suggest that animosities have been locked up and the keys are at the bottom of the sea. Of course both parties must have had to sign a hundred pages of legal documents and I am doubly sure they may not have read it.  

[b] The firer  - the investigation committee seems to have been constituted to fulfill a policy requirement but the decision seems to have been based on PR considerations. "Out dammed spot !" - is the only dialog I remember from Lady Macbeth but I also remember that dammed spots do not go away easily.  

The committee accepted printouts of the SMS messages but did they get cellphone records too. Since they are a telecom provider themselves it is easy to access the records of their own people. Their findings are :

- the harassment charge and non-promotion are not linked so they do not accept her argument here! 
- they cannot establish if the evidence (SMS messages) was genuine since she has submitted printouts. 
- late night messages between someone your junior is inappropriate ! (hello ! So do u have a policy which says that you should be attracted only to people who are three rungs your senior or three places removed. A new fatwa on appropriate corporate behavior) 

The harassment charge was leveled first two years earlier and that was not closed, and now again last year - so why did the company sleep on a potential workplace conflict situation ? If only a shareholder can file an RTI request there will be a lot of interesting papers to read. One more question that comes to my mind is that if there was this two year old charge why was the accused on the team that carried out her appraisal... how come she continued on his team and HR did not do anything to change her reporting authority. 

Whoops .. sorry Idea ... ek aur question - are the SMSes one year old or two years old or fresh ? Obviously if the SMS is like two years old, we have a different motive to look at now. If they are new then I am sorry to say that he did not learn his lesson when trouble brushed past him during the first instance. I shall never know but may be some newshound will sniff out more information and share. 

My curiosity is only to add to my learning and this is not a gossip or I-wat-to-gloat-on-your-misfortune request. 

Finally there is an "overwhelming feeling in the company" that his "conduct did not amount to sexual harassment" - time for another hello ! are you being contrite just to assuage your guilt ! If this was NOT sexual harassment then why is the newspaper screaming SH ?? who is responsible for this ??
[My opinion] The company seem to have a weak incident response,  incident management and remediation process. They have not resolved potential conflicts leading to the loss of a high performer. If there is truth in the charges and this had been closed two years earlier there may have been more "bright" ideas sirji in time to come! Now they have to search for a successor and this has to be done pronto since the CMO seat is now vacant. 
Eight years is a long time and I am sure many other seniors/peers in the organization felt very bad about letting him go but that does not absolve them of the error of inaction or early action. 
Surprisingly, when the investigation committee has given a clean chit the press is talking about sexual harassment - so who has created this PR bungle ? 
On July 22, MediaNama reported that he is leaving the company to pursue personal interests and on Aug 12 Mumbai Mirror is screaming sexual harassment ! There is an obvious leak somewhere or is there more here than can be seen... rivalry, revenge etc
I don't think this is going to go easy - I am sure a non-poaching clause was inserted it the F & F with him but is there an I-will-not-leave clause with the people whom he mentored or worked with ? And there will be a date when the  non-poaching clause will die - besides, how does one prove that some who joined him was poached and in any case there are a zillion ways to get around this. 
"Employee Churn", "Attrition", "Head Hunting", "Poachers"...  combine these words with morale et al and a picture emerges which may not be very pleasant. 
In any case,sir this is your baby and my purpose is to comment on incidents and I am going to also write about sexual harassment so you may want to keep a watch on my blog.


[c] The accuser - about two years earlier she wrote to HR accusing him of sexual harassment but did not provide any evidence to substantiate her charges. HR withheld his increment based on the accusation. 

Last year she accused him again and wrote to the chairman asking him to intervene and a committee was set up which I have written about. Now she has provided evidence in the form of printouts of SMS messages. The committee says that they cannot infer whether these are genuine and that there is no case for harassment and the company says that this was not a case of SH ... whatever ....  he resigns and she has conveyed her "delight" to the senior management at Idea.    

End of story.

However, my point of view must be made since this is my blog and I want to have the last word - 

[My opinion] It is not easy to live in a man's world and to carry on a fight for sexual harassment for a woman. And when the woman is in sales it will be a bigger challenge because you are constantly engaged in inter-personal professional relationships. 
You have to admire her confidence in her case because she withheld her mobile (prime evidence) and presented hard copies of the SMS messages and got the committee to accept this - now that is good legal advice and negotiating skills which seem to be missing elsewhere. 
And I am curious to know why did she not present any evidence when she first reported the harassment by registered mail maybe someone will enlighten me someday ! If she continued in the company for a year after the first compliant she must be interacting with him all along so how come no one knows about the relationship ... good, close, only friends, enemies, hate etc. Certainly HR needs to come up with some sort of explanation.        
And if this did not affect the work it is awesome !  Then what will ? 

Finally a tongue in the cheek comment - is this the reason why we see Abhishek Bachhan morphed into a tree with wiry branches in the later day ads after the hugely successful Sirji campaign. The one where he whacks someone for cracking a sick one... 
post pedh or pre  .. whats up sirji. (for the non-Hindi speakers - this is a take on the words post-paid and pre-paid as used in cellular phone schemes ask me to explain a sick joke and i wont like it)

Mark Hurd from HP, David Davidar from Penguin, Phaneesh Murthy from Infosys were achievers and lost a lot when they were ousted on charges of sexual harassment. A lot of money and more - so stay clued in for my next blog on women :) I surely have developed a new point of view.  


Tuesday, July 27, 2010

Security Experts and more...bloopers !

Our world is so dependent on technology that we are unable to close security holes as we strain at the boundaries of our imagination to build new concepts hitherto unknown. 


So we have painted our world gray and recently we have moved into the cloud which has created orgiastic excitement among the techie mortals globally. Experts abound in this world and salary payouts are the stuff dreams are made of. 


There are experts who provide newsbytes basking in the media glare using FUD as a vehicle of self promotion, and then there are also those who provide knowledge who prefer their low key life and are recognized in their professional circles.  


And among the many bloopers that are contributed the newest one from an Information Security expert is 


"You must do a background check when accepting a friend on any social network or taking a friendship further"
Another blooper that comes to my mind is about wifi networks, when Mumbai and Pune experts were obsessed with doing war driving to get information about open wifi networks. 


"An open wifi connection is like showing an open door to terrorists to come into the country !"
I do not want to name names as I do not want to be party to their fame which is widespread. These experts are all over except in circles where one finds some genuine knowledgeable professionals. Mind you I am not one and nor do I claim to be one - I work in Information Security and spend every moment of my waking time trying to learn what my peers know. 
What riles me is the way mediapersons fall over each other to get to the same people to provide (h)expert comments about any incident without even trying to understand it themselves. 

For example - when this guy said that you should do background checks before befriending someone on social networks he was commenting on an incident about a girl falling into trouble with a f'book friend. She is about 17 and here this guy is asking her to do background checks on people who send friend requests. She would have checked the guy's profile before saying yes to accept him and I bet she does not know the meaning of "background checks". Mr Expert don' t you think it;s time you stopped !

  

Friday, July 9, 2010

Risks - known and unknown, new or old.. bad stuff happens

Risks,.. they may be old or new, known or unknown, systemic or operational or financial, technology or enterprise. As life moves on and technology becomes all pervasive threats and risks take on new forms and mankind keeps learning to survive and live. 


However this post is not about mankind and I would like to stay within the limits of my knowledge and professional domain. 


New risks were exposed with "we-never-thought-this-could-happen events" like New York 9/11; Hurricane Katrina; Bhopal; Barings Bank; San Francisco Sys Admin Lockout; Mumbai 26/11; Icelandic Volcanic Ash; Swine and other types of Flu and so many such incidents.


People risks include many factors and a new risk that has come up is drunkenness. Getting high on alcohol while on the job is no doubt a risk and every manager has to call upon his/her best person-management skills to take care of the alcoholic colleague. Drunk at the office party and everyone knows you cannot hold your liquor and you have to hide yourself in a hole for the next week. 


However, technology brings news risks and if you can remember [1] your way to office, [2] your password, [3] how to start your system - then you can do what you like and blow hole in your company's finances. Like this gent ... 



City ban for £6m drunk rogue trader
30/06/2010
An alcoholic rogue trader who cost his oil firm £6million was yesterday fined £72,000 and banned from working in the City for five years.      Read more...

So here you go and add this new threat into your risk registers - TUI (Trading Under Influence) Make sure you keep a close watch on the boss and the traders, especially those who have had a good time over the weekend !

And then there are other risks too but we shall wait for them to be exposed. Bad stuff happens. move over DUI we have TUI in the workplace !









  

Thursday, April 29, 2010

The mighty also do stumble.. learn when the earth shakes

Giants in their own right .. McAfee and Microsoft had a bad hair day.

First it was McAfee - on or around 4/22 they erred and sent out a defective update that disabled systems running Windows XP (SP3). This is your worst nightmare - the system you purchased to protect yourself itself brings you down ! Now how do you look at risk !

Then it was Microsoft ! They released an update which is supposed to be critical for Windows 2000 systems but was incomplete at the time of release. The update took care of a reported vulnerability but missed out on addressing a second and the update went out in the form where the user would still be vulnerable to attack (even after applying the patch).
Computerworld covers this incident here

Process failure,
process failure and
process failure. No one is perfect and neither do I profess perfection. It is a state which is extremely difficult to achieve and then more difficult to maintain.. all because perfection is a utopian state which exists as much as zero risk !

Having said this, what surprises me is the gap in the process where these incidents fell through. While Microsoft has not had anyone reporting losses due to the incomplete update patch, McAfee has to pay for their gaffe.

McAfee has admitted to a problem in the quality process. They say they made changes in the QA system and as a result a faulty DAT file went through ! Nice ! Changes are being made to ensure this does not happen again.

They have issued an apology to their customers and offered to compensate those who have been affected by the bad update.

The lesson is clear - ensure process compliance and make sure Change Management is a serious process and there are no exceptions. If the mighty can stumble, the small and medium (meek) business do not have a hope to survive.

What I like is the quick proactive stance of McAfee - they went into damage control immediately and apologized. This was followed up quickly with the compensation offer which may not help much but is an offer nonetheless. It also reminds me of Toyota and the various other car companies that have recalled their cars to fix faults. Unfortunately you cannot do a recall in this scenario - the arrow is out in flight and will either hit or miss ! no way you can stop or recall it !





Saturday, April 24, 2010

Converged Best Practices and Standards Provide Assured and Hard ROI..

one only needs to think ‘inclusively’

We grew up seeing mountains of files in the backrooms of our parents offices – an age when we cut trees to make paper and created filing systems that could occupy buildings. Then came the digital age and we continue to fell trees and create complex filing / storage systems in servers which are housed in huge data centers.

The digital age promised savings in space, storage efficiency, lightning fast data access and retrieval, remote access… in short, information at your fingertips for a wired you !

Notwithstanding these claims, we continue to struggle to find “that” file, as much as we struggled in the Paper Age. And, if, in that age, we needed warehouses to store files such that they were safe from the weather and were findable, we are no better today when we need large data centers with backup facilities in addition to the huge back-office and front office data processing facilities.

Fundamentally, the technology is right and so is the process which is where we placed our bets. We forgot the people and this is what is making us lose out. There are smart companies who have not overlooked the people factor and are enjoying the fruits of the digital age, but a majority continue to live with the mirage of digital efficiency.

It is payback time and it is time analysts and architects working in the technology domain in data centers, infrastructure, security, governance et al remove their blinkers if they want to survive in the years to come. Else, we may as well prepare for the dark ages.

Data Centers are growing organically and their rate of reproduction would put a rat to shame. Unfortunately the executive measures his efficiency with the size of the data center or the number of computers in the hands of users, and considers security is in place with devices like firewalls, IDS/IPS or, lately, the UTM.

The truth cannot be further away and few farsighted and visionary companies have read between the lines and through the paper to enable people with the right mix of process and technology. This is done by simply following any best practice or standard in the spirit. Any best practice or standard, say an ISO 9001 or an ISO 27001 or a BS 25999 or a CobiT® can bring high ROI and provide clearer vision to management.

The CIO/ CTO/ CEO have to expand their vision… the IO and TO have to stop being IT centric and think enterprise and the EO has to include IT in the vision process, and maybe everyone has to learn about each other’s business. So the technology people must go to management school to learn financial statements and what makes the company tick and the executives should learn the essentials of systems in terms of how and what they can do. It will open up empathy across business lines since people will start thinking in terms of business and not just about how tough it is to get the executive to understand a simple thing like TCP/IP !

It is surprising that the technology executives have yet to think in terms of building-in security or process best practices when they conceptualize enterprise IT architecture. While they are quick to embrace new technologies like cloud, virtualization, SaaS etc they are scared to “experiment” (? This is the wrong word but I shall use it for the sake of generalization) with Open Source. Simply put innovation is not in place because the technology executive is not sure about technology and the benefits it is providing. They race to provide facilities and do not pause to measure; nor do they manage the race since they are driven by the geeky impulse to tinker with new technology, just to ensure high visibility optics.

Starting with data processing facilities, the technology office will do well with a general house inventory. The industry best practices have defined information assets but no one wants to classify digital information and sensitive repositories overlap general storage space. Apples and oranges are stored and handled in similar fashion and disasters will always be waiting to happen.

All practices lead into each other or provide supplementary and supporting value. To illustrate .. classification of information leads to the creation of a risk based inventory. This will help determine the server and storage location for the digital asset, it’s owner, backup, continuity and disaster recovery plans. In turn now one can provision resources for protection, availability and safeguarding to focus on assets that are critical, sensitive or important for business.

Industry figures say that organizations can save up to 30% of asset and resource investment just by having a risk based asset management that talks to change management, incident management and other processes in the organization.

Moving on, environment issues are being discussed fiercely over the past few years but inclusion of Green IT practices in organizations has been surprisingly slow. And that too in the face of the fact that green practices can provide immediate savings in the data center.

Including green practices is simply an activity that extends the best practice processes that may already be in place. The asset inventory done earlier has provided the organization with a map of the information store and the next step is to move non-sensitive information in to virtual data stores and free up server / rack space. Any organization (small, medium, large) will usually save upto 30% of their hardware utilization if information (data) is managed in a structured manner. The fallout is pleasantly evident in immediate returns by way of reduced power consumption and freeing of hardware assets and rackspace (real estate). The power savings accrue due to the reduced number of servers, lowered air-conditioning and lighting requirements.

Similarly managing paper and toner consumption on printers and running awareness programs to reduce unnecessary printing lead to substantial cost savings.

End point security is a big issue and every sysadmin wanting to demonstrate diligence will spend hours looking for exceptions, using state-of-the-art network monitoring tools. Unfortunately he/she is not guided to extend the monitoring to switching off unmanned machines. This is a security best practice and leads to energy efficiency which means immediate hard savings in energy bills.

Intelligent compliance provides overlap points and easy extensibility of best practices for the CIO/CTO/CSO to extract savings in hard cash or intangibles. Green initiatives include virtualization, switching off devices and lights, lowering energy consumption through alternative cooling efficiency systems in data centers, managing server load processing, optimizing network bandwidth use (for example managing spam or unnecessary exchange of files as attachment), introduction of automation and workgroup / file sharing tools, monitoring energy usage with remote shutdown and management, adopting energy and money friendly lighting systems.

Loosely this translates into uncommon common sensical initiatives. Every technology and security manager is exposed to new initiatives in the world of innovation and has to start looking at innovation that will provide value to the enterprise in terms of savings, income, efficiency or productivity. The answer is at hand and only needs the CxO to extend the line from vanilla best practices and standards to thinking of compliance convergence and then to garnish this mixture with a dash of innovation ! It is easy and the benefits are quick to come by.

Friday, April 23, 2010

New disaster scenarios....

Life, nature and things super-natural never cease to surprise. The BCP/DR domain came face to face with a new scenario - Volcanic ash !

Just goes to show how incidents can be man-made or natural and may or may not be in our backyard but still the kick in the butt is as strong as being in the epicenter of a10 Richter strong earthquake.

Over the past few weeks a volcano in Iceland with a difficult name has made life difficult miserable for airlines and travelers worldwide. Ash from the volcano has been carried over Europe making it dangerous for aircraft to fly resulting in the closure of airports across UK and Europe. Due to this closure, thousands of passengers have been stranded at airports and cities across the world.

The financial losses are tremendous and mount by the day ! Airline companies had to provide layover facilities to stranded passengers and this has burnt a big hole in the operational budgets. Aircraft are idling, parked at the airport(s) and unable to move, so there is the additional fees payable every day. Companies selling fuel, services, food etc are also losing money - if the aircraft do not fly who is buying ! Tour operators have to deal with extended stays since they are unable to get their clients back home and then are unable to send out the new.

The British Government sent out naval frigates to bring back their citizens but how much of a difference will this make. According to reports, about 30,000 or more people are waiting in India to fly out.

While planning Continuity or Disaster Recovery this is a new phenomenon to be added to the list of disruptive incidents. Earthquakes, tsunamis, pandemics, wars, terrorist acts etc have already shown their ability to disrupt business across borders, but now we have volcanic output.

And how does one assess the risk of disruption when the volcano is on another continent. I mean should I factor the risk of a volcanic eruption in Japan when planning in India ? It seems that (now) this is necessary - even if I am not doing business with Japan. And for a US corporation it will be important to factor this risk if they are doing business in India.

To recap, we visit a few 'new age' disasters where boundaries are meaningless...

- Terrorist attack : 9/11 changed the world and the aftershocks continue till date. Closer home in Mumbai 26/11 brought about a sea change here in India. Then there are numerous threats and warnings everyday at airports and installations across the world that keep security agencies on their toes, and continuously disrupt life and business.

- Tsunami: the big one in South Asia brought about enough havoc that the reverberations were felt worldwide.

- Earthquakes: These keep happening and data center planners talk loudly about fault lines and the risk of siting in so called 'zones of potential disaster'. While I do not profess building in such areas I do want to raise my voice against doomsday pundits. Earthquakes may happen far away but can affect the well being of the country as a whole and result in a lot of hardship for the company - foreign exchange value higher prices etc

- Volcanic eruptions - the new babe on the block. I have see if anyone had identified such an event as a major global disaster.

- Pandemic: bird flu or avian flu, swine flu H1N1 and even things like heat-stroke !

- Many other scenarios emerge when one thinks ... fire, floods, rain, outages, cyberattacks etc etc.

The world is shrinking - this is for sure. And we thought it was just the digital world but even the real world has become smaller.


Monday, February 22, 2010

PwC .. unethical bids based on lies

PwC is lying again. They bid for an eGovernance contract with the Central Public Works Department (CPWD) and submitted that they were a CMMi level 5 company. Turns out their certification expired in 2008 !

Now they show their lack of respect for the system and any sense of honor - they say that since the contract is for "software consulting" and not for 'development" CMMi is not required ! And that currently they have an ongoing appraisal for their CMMi certification. Additionally that they have obtained other similar contracts without any issue so why is this an issue here.

Hello ! wake up !! CPWD asked that qualified bidders must be CMMI Level 5 certified and you are not. If you had these explanations, you should have put them up in the proposal or in the pre-bid meetings.

Why did you lie. OK you did not lie, you just did not tell the truth since your document did not disclose the expiration date and the whistle was blown on you by one of the competitors. So why are you crying like a spoilt brat (which you are). And why did you not just say that it was an error instead of covering the lie with more untruth.

Clearly shows lack of ethics and sense of fairplay. First you cheat and then you cry foul when caught.


My take on the fallout - someone at PwC will get a big kick on his / her backside and rightfully deserves more. Even the company deserves more considering their role in Satyam !
And of course, someone at at competitor company (Wipro or VAM) will get a promotion and a big fat bonus (rightfully so !).

PS: if any of the persons from Wipro/VAM/Pwc read this i shall be very happy to get a communication from you .. tell me about the pain and the gain ;-)