Attack: denied

Faced with a distributed enterprise, EMKE Group needed a foolproof way of securing sensitive data flowing over internet links. NME reports.

  • E-Mail
By  Sathya Mithra Ashok Published  January 6, 2008

In front of the desk of Madhava Rao, group IT manager for retail giant EMKE is a huge screen that provides him with nearly real time information on the multiple networks that connect the group's various stores. The picture on the screen flickers between shots of the datacentre in the building, to an illustration of the connectivity status between the different network nodes and images of the status of power provision to the diverse IT systems.

He needs only to raise his head to have a thorough update on the different elements of the organisation's network and if he detects anything amiss he raises the alarm.

A CIO is not just a CIO today, he is basically more of a business executive. If you don’t know the business processes of the organisation then what is the point of working?

Rao's office is just one indication of the two very important roles that he straddles within the organisation - that of the head of a team of people who run the everyday operations of information technology for the expanding organisation and that of a management representative who is constantly trying to improve business operations with the help of IT systems.

"A CIO is not just a CIO today, he is basically more of a business executive. If you don't know the business processes then what is the point of working? There is no chance of you being anything. I have been here from day one and I and my team understand the complete business processes," says Rao.

Words well said from the IT head of a group that has established itself as a retail presence to contend with in the UAE and elsewhere in the region. Most often connected to its chain of Lulu hypermarkets and supermarkets, the EMKE group has several other businesses under its belt including food processing and manufacturing.

In keeping with the size and stature of the organisation, every IT project within the group, including the network infrastructure, has been chosen and deployed driven by the need to tie it to business processes as finely and as seamlessly as possible. The group's infrastructure has been developed over a few years and is built largely on a Sun platform for the base servers and storage. Foundry has provided the switching elements and Juniper has come in with routers and firewalls.

"We have outsourced almost all of our onsite hardware maintenance to Sun. This is a direct relationship and Sun has somebody onsite to provide 24/7 support through the year. Network monitoring and maintenance itself is a much more complex and difficult task and is done in house," explains Rao.

The main headquarters building of the group in Abu Dhabi hosts its primary datacentre. The datacentre hosts more than 50 WAN connections from the different supermarkets and hypermarkets run by the group in the GCC and lower Gulf, apart from other countries around the region.

"High availability to our stores is the biggest challenge, and they require the availability of this datcentre 24/7. Especially now since we are operating in different time zones," points out Rao.

After considering the high costs of connectivity in the Middle East region in general, the firm opted to use the internet as the main medium of connection.

"Internet connectivity is mixed - depending upon the country, the size of the store and the number of users involved. If the bandwidth requirement is quite high then we have gone for a leased line. We also have fixed lines with ADSL backup lines to provide continuous connectivity," explains Rao.

The combination of a need for high-availability and the high dependence on the internet has necessitated that the firm pay extra attention to securing its network, much as a financial organisation would, and always with the business in mind.

Locking down

"We started working with Juniper for our entire security infrastructure. The company has this blade concept, especially for IDS. Though the firewalls and anti-virus systems provide good security, we felt the need for something extra. We also felt that we should have an IPS in place. We required a completely independent technology which could give us a different perspective and also provide leverage in monitoring traffic. That is how Tipping Point came into the picture," states Rao.

The firm felt the need for a solution that would monitor the immense amount of traffic that it was receiving everyday from its different stores. Not only did it need something to alert it to any malicious intent it also felt that a continuous report on traffic flow in the VPN tunnels would help in bandwidth management.

"We did market research and we also did a pilot. This was done three months before the implementation. We work very closely with our reseller and integrator, Seven Seas - there is a lot of exchange between us. They recommended Tipping Point as the right technology. And I did my own research in the market, I saw its demos, waited almost six months for the next set of products, studied its roadmap and how the firm is going to support for the next six years. It was a perfect fit for us," says Rao.

After piloting the system in log mode and having a taste of the kind of reports it was likely to produce, the company implemented the system at the primary datacentre.

"You need to understand the criticality of the datacentre. Downtime will prove to be a huge issue for the entire supply chain for such a big operation. So we did not want to take any chance, from anywhere, any angle. That was the fundamental thought behind putting in a device like Tipping Point's, for using a technology like this," states Rao.

"You have to plug all the holes in the system: that is the first move. Since we depend so much on the internet for connectivity we wanted to make sure that traffic from all our locations was clean. We wanted to understand how this traffic was hitting us. There are ISPs in some countries which are completely open. We wanted to know how secure we are to begin with. When the device is monitoring traffic without the need for manual interference and gives us a report on what is happening on the network it is good for us," he adds.

Beyond the datacentre

With Tipping Point successfully in place, Rao is considering taking the implementation through to the firm's disaster recovery site as well. EMKE started its disaster recovery operations only in the last quarter of 2007 and has situated it within the UAE though it considered an out-of-country option to begin with. According to Rao, connectivity costs forced them to change plans.

The datacentre itself, which has been around since 1994, was recently moved from a Tier I structure to Tier II. The firm is not planning a further move to Tier III or IV in the near future.

"In this part of the world, there is a lot of good technology solutions available. But how they are represented, how they are supported - that's another big question. There are big multinational companies which have set up shop here but who is locally representing them? How they are addressing your needs?" says Rao.

The IT team numbers around 25 at the main headquarters with a total of 130 spread across the group's stores. The team is constantly involved in developing applications from a base platform or from scratch for the group's various new projects at its headquarters in Abu Dhabi as well as elsewhere. These often involve integrating or adding new intelligence to the building management systems (IBMS).

Apart from this, the team is also actively involved in planning for a brand-new datacentre to be built in the company's new headquarters scheduled to come up over the next couple of years. According to Rao, they are considering moving to a blade infrastructure for the new datacentre with the eventual idea of virtualisation which, he believes, "is the future and the necessity for any CIO of an organisation this size".

On the path of success

EMKE's IT team works as a cohesive whole to support the business, to aid its expansion of borders as well as add to the bottom line at every location. All this of course, has been done over a period of time, with a lot of effort.

"IT budgets in the organisation are assigned on a project-by-project basis. I have been with the company from day one, for around 15 years now. Being a part of the company's management my access to the decision makers for project consideration and project approval is much better compared to many others in the region. I have a good relationship; everybody in the group knows me, from the financial department to my MD or CEO or whoever it is. We are like a family in the organisation; it's not just employee and management - we work together for the betterment of the company and for the resolution of any problems that come up," says Rao.

When Rao or any member of the IT team comes up with a project, they first work out the business case for the initiative, how far the project will help the firm and how well aligned it can be to the organisational goals. In other words, they work out the methodology of understanding the business process behind the IT project. That is the first step.

"The second is evaluating the cost and time that would be involved. Once I am convinced and have a clear concept of the project, I will mention this at one of our regular management meetings. During the discussion more ideas and options will come up, we will choose the ones that are priority and go ahead and implement the same," he explains.

The IT team has also paid a lot of attention to best practices and standards for the firm's implementation choices.

"If you look at our best practices, this has been fine-tuned over a period of time, keeping in mind our organisational requirements. This fine-tuning involves looking at what administrative ability is locally available and what we can allocate," says Rao.

The team is actively moving towards the implementation of IT infrastructure library (ITIL) in the organisation and has started the due process of documentation, process formation and auditing which needs to precede the implementation of any actual product or solution.

"The entire operation of the firm relies on IT today. We tell them what to do and how to go about it. All my IT staff know that their role is becoming a function of business processes. That is the transformation we have had. Consider project implementations in the firm; there will be a technical person along with a business person. With a business person involved, we are able to plan and carry through deployments in optimal timelines with minimal or no disturbance to operations. We do our homework. That is the biggest advantage we have compared to many other organisations," states Rao.

Certainly an advantage difficult to beat in the competitive scene of the Middle East today.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code