Report Ggsipu 1
Report Ggsipu 1
Report Ggsipu 1
ON
This is to certify that I have completed the Summer Training Report “STUDY ON CONSUMER
BEHAVIOR” in DESIGN AND DELIVER under the guidance of DR. ANOOP KR. GUPTA in partial
fulfillment of the requirement for the award of degree of Masters of Business Administration at Maharaja
Agrasen Institute of Technology, Delhi. This is an original piece of work & I have not submitted it earlier
elsewhere.
KANISHA MITTAL
35614803918
Date:
CERTIFICATE FROM COMPANY
CERTIFICATE FROM FACULTY GUIDE
This is to certify that the Summer Training Report titled “STUDY ON CONSUMER BEHAVIOR” is an
academic work done by KANISHA MITTAL submitted in the partial fulfillment of the requirement for the
award of the degree of Masters of Business Administration from Maharaja Agrasen Institute of Technology,
Delhi, under my guidance & direction. To the best of my knowledge and belief the data & information
presented by him/her in the report has not been submitted earlier.
ASSISTANT PROFESSOR
Date:
ACKNOWLEDGEMENT
I take the opportunity to express my gratitude to all of them who in some or other way helped me to
accomplish this challenging report. No amount of written expression is sufficient to show my deepest sense
of gratitude to them.
I am very thankful to Director Prof. (Dr.)Neelam Sharma MAIT, HOD Dr. Amit Gupta MBA MAIT and
my Guide Asst. Prof. Dr. Anoop Dr. Gupta MBA MAIT Maharaja Agrasen Institute Of Technology,
Rohini for their everlasting support and guidance on the ground of which I have acquired a new field of
knowledge. The course structure created for this curriculum has benefited with the inclusion of recent
development in the organizational and managerial aspects.
I express my sincere thanks to all people who participated and helped me in successfully conducting STR. I
am thankful to all the members who gave valuable information in the part of my STR.
Kanisha Mittal
35614803918
Date:
EXECUTIVE SUMMARY
The report aims to capture the changing hues of the off shoring industry and provide critical insight into the
key strategic and operational issues that service- providers are being asked to address. The report contains
best practices with respect to delivery models and implementation plans, reflecting the growing
competitiveness and uniqueness of the sector. With the I.T/TELECOM industry of India entering into a
phase of maturity, a significant change in the nature of opportunities and challenges is being witnessed.
Concerns and solutions are no longer the same as they used to be. So the report aims at highlighting the finer
nuances of the evolution of the VOIP & BANDWIDTH service provider in India; the shift in complexity of
processes and the strategic and operational risks involved. The objective of the report is to illustrate the
emerging issues of the sector from structural changes in the industry to the human resource challenge, from
migration strategies to governance and monitoring. The issues identified reflect the changing concerns of the
global market, from a position of ‘whether to offshore’ a few years ago, to the current perspectives of ‘how
to best manage’ this global inevitability. Firstly, we took two brands of small cars for a comparative study of
small car segment. We got the companies’ broad background; their entry into the segment, their positioning
strategies of cars and other factors affecting the consumer’s buying behavior. Later we went through the
process of filling the questionnaires, to know exactly what the customer’s of small cars perceived about their
cars. A sample size of hundred respondents was taken. Sample unit was a customer who owned a small car.
Secondary data from various sources like magazines, internet etc was also collected. The findings showed
that the consumer’s who owned small cars basically wanted good performance, after sales service and a car
at their budget, a less expensive one. All the cars taken for the sample showed that the consumers perceived
them as almost same in all the attributes like safety, comfort and luxury. Respondents liked cars more for its
looks, after sales service was perceived to be good. But, at the end the research was limited due to small
sample size, small sample area and time constraints. In the modern marketing environment, Internet and
Digitization in India have transformed every industry. The market and store shelves today, are flooded with
n of products and countless brands, giving number of choices for the consumers to buy. Increase in literacy
levels, high increase of women joining the workforce have made people more aware and conscious towards
hygiene and beauty. The growing concern for a perfect skin and a perfect body has become the goldmine for
the skincare industry all over the world. This paper focuses on an effort to determine consumer buying
behavior through the impact of Packaging on the purchase of skincare products by Women living in Delhi
city.
FORMAT FOR CONTENTS
Topic Pg.No
Student Undertaking i)
Acknowledgement iv)
Executive Summary v)
Chapter-1: Introduction 1
Chapter-4: Conclusion
a)Findings
b) conclusion
c) Learning Outcomes
Bibliography
Appendices
a)Attendance sheet
b)Questionnaire(if any)
INTRODUCTION
COMPANY PROFILE
About Us
Established in the year 2014, we, “Design And Deliver”, are counted amongst the leading organizations
engaged in manufacturing and supplying a wide array of Corporate and Promotional Gifts to our esteemed
customers. Our product includes Promotional Gifts, Corporate Gifts, Corporate Trophies and Mementos and
Many more gift items. All products are designed, production Executed only by professionals and quality
checked in harmony with quality standards recommended only by experts.
With the care of skillful professionals, we have made an advanced infrastructure which is empowered with
contemporary facility and modern equipment. Our professionals are highly precious amid clients for their
friendly nature dealing and satisfying their exact need. They specialize in customizing these as per the
specification requirements of the clients. Owing to their high-grade quality, all these products have find their
application at residential as well as commercial sectors.
Headed by our mentor, ‘Mr. Rahul Arora’, the organization has achieved unconquerable heights. His
effective man management skills and motivation has enabled us to offer impeccable products and services to
our clients. In order to achieve complete client satisfaction, all the orders are delivered within the stipulated
time frame.
Our name says it all, "Design and Deliver". We customise quality thing and deliver it in time. We always
try to come up with exclusive items and innovation.
What we do
Design and deliver
DESIGN AND DELIVER is the leading manufacturer of Corporate gifts & Promotional Gifts based in New
Delhi. Whether you need to source gifts for an event, incentives for staff, long service awards, gifts for your
customers or bespoke awards, we have a great range of promotional ideas that can be branded and delivered
quickly backed up by superb service.
Why choose us
Who we are
Our name says it all, "design and deliver". We customise quality thing and deliver it in time. We always try
to come up with exclusive items and innovation. We have always maintained the quality and delivery. It is
our promise of an excellent service and our commitment to making your busy work life as stress-free as
possible.
Established in year 2013, design and deliver is the leading manufacturer of corporate gifts & promotional
gifts based in new Delhi. Our major clients are based in Noida, Gurgaon, Delhi, NCR & India. Our products
include t-shirts, umbrellas, canopy, standees, promo table, bags, wall clocks, table clocks, pen drives, leather
products, backpacks, office and desk items, trophies, awards, mementos, pens, key chains, medals, coffee
mugs, diaries & calendars, gift sets and accessories.
Under the guidance of our owner, Mr. Rahul Arora, we have developed a huge client base. Our team
members are highly experienced in their particular fields and they efficiently manage, design and create
excellent quality gifts items. Our manufacturing unit is outfitted with ultra-modern machines and latest
technologies. Our products are subjected to rigorous testing procedure to offer our precious clients the best
range of quality products.
OUR PRODUCTS
Tshirts
Standees
Key Chains
Digital Clocks
Wall Clocks
Photo Frames
Pen Drives
Caps
Mugs
Umbrellas
TABLE LAMPS
Laptop Bags
Garden Umbrellas
PROMOTIONAL KIT
Bluetooth Speakers
SWEATSHIRT
Our Clients
MISSION:
Customer Satisfaction is our primary objective and we strive for Excellence in it. End user Contact and
Immediate Problem Resolution is our Strength.
VISION
Our vision is to set the high standards for Digital marketing & Technology around the world, across all
industries through hard work, innovation and creativity until the preferred outcome is achieved.
WHAT THEY DO
Odigma’s services entail Facebook brand building suite, Twitter strategy planning and implementation,
social media platform connect, strategy on social media applications and SEO and Google AdWords PPC.
Its clientele spans across sectors and includes companies such as Myntra, Infibeam, Indus League, HI
design, MakeMyTrip and Toyota, to name a few. While 75 per cent of its clients are acquired through
referrals and online marketing.
From optimizing search campaigns to gain maximum leverage on media spends (SEM), to optimizing your
internet property for gaining a better rank in organic search results (SEO), we ensure that you reach your
objectives in the best possible way.
Plan companies social media campaigns to reach your exact target market with the right communication
message.
Understanding brand message and creating interactive videos to showcase your brand presence is our
speciality.
Creating custom mailer designs and execute them to drive your inbound marketing strategy.
Creating brand partnerships by leveraging an ecosystem with over 30,000 active partners.
Designing and developing, visually appealing and functional websites which are accessible to your audience
across multiple platforms. We ensure that whatever we deliver has the highest quality of experience.
Creating integrated campaigns to create brand presence and recall in the mind of your audience.
We help understand the key pain areas of your CRM process and ensure the elimination of negative
impression of your brand across the web.
Specially designed enterprise and retail apps to ensure that your buyers can easily find and purchase
products, leveraging technology in your favour to increase your revenues.
Our visualizers think out of the box every day, thus helping you to leverage on existing content through
innovative concepts to gain revenue.
Apps specifically conceptualized and designed to meet your business objectives. Our team of highly skilled
visualizers, designers and developers, ensure that your users will experience only the best.
Brand campaigns using a mix of media and marketing. We partner with some of the largest music labels
globally.
Distribution of music, videos & other digital content across devices. Our platform and analytics power some
of the largest labels globally.
Want to launch a story telling campaign built around music/videos/films celebrities.
SWOT ANALYSIS
Strengths
A firm’s strengths are its resources and capabilities that provide the firm with a competitive advantage in the
market place, and help the firm achieve its strategic objective. Soft drink industry’s strengths might include:
Loyal customers
Established companies
pesticide issue regarding soft drinks enhanced juice sales and created a shift of preferences
Weaknesses
Weaknesses include the attributes of a business that may prevent the business from achieving its strategic
objective. Coke’s weaknesses might include:
large manufacturing capacity makes it difficult to change production lines in order to respond to
changes in the market.
Changing business conditions may reveal certain new opportunities for profit and growth. Opportunities
might include:
a lack of any strong global fruit juice or other healthy beverage manufacturer leaves a gap in the
market.
Shifting preferences
Threats
Changing business conditions may present certain threats. Threats might include:
OBJECTIVES
The present study of the marketing strategy of the Packet-Shapers industry in India revolves around the
following objectives:
To analytically understanding the concept of packet shaping and its relevance for convergent industrial
scenario of India;
To understand the growth of Packet-Shapers and to critically analyze the marketing strategy followed by
the Packet Shaping industry in India.
CHAPTER -2
RESEARCH METHODOLOGY
Personal Interview has been chosen as the data collection method. This was in accordance with the
nature of the data required and as per the qualitative nature of the study.
Structured but Open-ended interview was adopted as the data collection technique.
Sample Size: - 50 I.e., the officials related to the packet shaping industry who are in the senior and
responsible domain of administration and marketing.
Data collection:
The task of data collection begins after a research problem has been defined and research design has
been chalked out.
While deciding about the method of data collection to be used for the study, the research should keep
in mind two types of data viz. Primary and Secondary.
Sources of data:
a) Primary Data.
b) Secondary Data.
Primary data:
The observation method is the most commonly used method. Data pertaining to digital marketing process
and most of information is collected from project guide in the company. Questionnaire method is also very
widely used in order to give a structure to the entire study.
Secondary data:
Secondary data is collected from already existing sources in various organization broachers & records.
Secondary data for the study were collected from the magazines, websites & other previous studies. To meet
the objectives, the study used qualitative research. The descriptive study was done through review of
existing literature that helped in validation and extraction of the important variables and factors. Data was
collected from secondary sources. Secondary sources were magazines, websites, books, office executives,
and company data.
Sampling Technique Used
The technique of Random Sampling has been used in the analysis of the data. Random sampling from a
finite population refers to that method of sample selection, which gives each possible sample combination an
equal probability of being picked up and each item in the entire population to have an equal chance of being
included in the sample. This sampling is without replacement, i.e. once an item is selected for the sample, it
cannot appear in the sample again.
Research Area: NCR Delhi
Sample Size: 50 (50 Employee and Executive officers)
Statistical Tools Used
The main statistical tools used for the collection and analyses of data in this project are:
Questionnaire, Pie Charts and Tables
REVIEW OF LITERATURE
1. Neelika Arora 32has published research article entitled “Trends in Online Advertising” in advertising
Express, Dec2013.
The global online advertising revenues are expected to touch US $10bn by 2015. In India, the
revenues at present are estimated to be Rs.80 cr. and are expected to increase six times more within
the next five years. In India, Internet as a medium is accepted by a wider industrial segment that
includes automobiles, telecom, education, banking, insurance, credit cards, FMCG (Fast Moving
Consumer Goods), apparel/clothing, durables, media, business services and tourism. Out of these, it
is estimated that the banking, FMCG and insurance sectors together account for 45% of the total
advertising spend. In comparison to this, automotive, travel and retail spend 37% of the total
advertising revenue and financial service companies spend 12% only. Some of the top spenders in
India are automobiles, followed by brands like Pepsodent, Kelloggs, Cadbury, HDFC (Housing
Development Finance Corporation Ltd.) loans and Sunsilk. In addition to these the early adopters in
the field of finance and IT are also increasing their spending. Globally, the trend is that almost 60%
of the revenue goes to five firms- Goggle, Yahoo, Microsoft, AOL(America Online Launchers), and
Overture. Approximately, 90% of the Goggle revenues come from advertising. In India, portals like
indiatimes.com, exchange4media.com, rediffmail.com, agencyfaqs.com etc are attracting major
online spender.
This article explains demographic profile of Indian users. It also gives the comparison between
global trend and Indian trend, which is useful for my research work.
2. Sumanjeet37 has published article on “On Line Banner Advertising” in Indian Journal of Marketing.
Online banner advertising has great potential as an advertising medium. It is easy to create, place and
use. It offers companies targeting well educated, innovative, affluent males/females or students with
great potential for success as their segments are highly represented.
3. Jaffrey Graham45 has published his article entitled “Web advertising’s future e-Marketing strategy”
Morgan Stanley Dean Witter published an equity research report analysing the Internet marketing
and advertising industry. The report studies research from dozens of companies and calculates the
cost and effectiveness of advertising across various media. Branding on the Internet works. For
existing brands, the Internet is more effective in driving recall than television, magazines, and
newspapers and at least as good in generating product interest.
4. Advertising in social media: How consumers act after seeing social ads. Adapted from Nielsen (2012:
10). Social media has not only changed how people communicate online, but it has also changed the
consumption of other media too. Online social connections are used to filter, discuss, disseminate,
and validate news, entertainment, and products for consumption. (Ryan 2011: 15) The next chapters
will explain more about each of the world‘s current most widely used social medias. There are, of
course, many other social networks and applications (apps) available but considering the study, the
focus is on the main Medias.
5. Vikas Bondar has published his article on “sales and marketing strategies” Internet is a really good
thing. The Internet gives people a greater amount of information as we need. It is the best way to get
a comparison of the products that we need. If we are interested in buying, it is best for us to check the
Web sites. Also if we would like to make our own Web page we can do this, without paying a lot of
money. From where do we set all this information? The answer is from advertising, which we see,
everywhere: on TV, on the Internet, in the newspapers and more. Year after year we get more and
more new, interesting information and in the future the Internet use will increase more than now. This
article explains how internet is useful tool for advertisement.
6. According to Garder‘s survey (2013), the top priority in digital marketing investment will be to
improve commerce experiences through social marketing, content creation and management and
mobile marketing. Key findings also revealed that a company’s marketing success relies mostly on
their website, social marketing, and digital advertising, which are all parts of digital marketing. In
addition, savings made by using digital marketing can be reinvested elsewhere. Normally, companies
spend 10 percent of their revenue on marketing and 2.4 percent on digital marketing, which will
increase to 9 percent in the future.
7. J Suresh Reddy26 has published article in Indian Journal of Marketing. Title of article is “Impact of
E-commerce on marketing”. Marketing is one of the business function most dramatically affected by
emerging information technologies. Internet is providing companies new channels of communication
and interaction. It can create closer yet more cost effective relationships with customers in sales,
marketing and customer support. Companies can use web to provide ongoing information, service
and support. It also creates positive interaction with customers that can serve as the foundation for
long term relationships and encourage repeat purchases.
8. Economic times published article on “Indian companies using digital marketing for competitive
advantage” in Oct 2014. According to this article a growing number of marketers in India are
leveraging digital marketing to increase their competitive advantage, a research by Adobe and CMO
Council has revealed. According to the study, India leads in the confidence in digital marketing as a
driver of competitive advantage. Ninety-six per cent of the Indian marketers have high confidence in
the ability of digital marketing to drive competitive advantage. It is among the highest in Asia-Pacific
APAC with only Australia leading with 97 per cent, the research said. However, while Indian
marketers believe that the key driver to adopting digital is a growing internet population (70 per cent
in India against 59 per cent in APAC), their belief that customer preference and digital dependence
drive the adoption of digital, and that digital can engage the audience, is lower than the APAC
averages, it added. The 2014 Adobe APAC Digital Marketing Performance Dashboard was compiled
through quantitative surveys with over 800 marketers across the region.
Marketers from Australia, Korea, China, India, Hong Kong, Singapore and other countries were
covered. "However, while India is an emerging leader in Digital Marketing, it has dipped in its own
performance this year as compared to the previous year. It is important to note that India scored much
higher than the APAC average last year," it said.
Adobe Managing Director South Asia Umang Bedi said that customer preference and digital
dependence would increase along with the increase in penetration of internet in the Indian market.
"Therefore, what would matter is how the Indian marketers are able to increase engagement and
activate audience through digital marketing. This presents challenges in programme planning,
execution and most importantly measurement," he added. The study also revealed that compared to
their APAC counterparts, Indian marketers are receiving lesser support from channel and sales teams
for increasing digital spends. However they are doing better as compared to last year suggesting that
departments that have a customer interface are realising the importance of digital marketing in
augmenting their effort.
9. Andy mallinson in digital marketing magazine on Jan 23 2015 published article titles how social
media engagement will impact the retail space it says, Traditionally, social networks have not been
used as a tool to directly drive e-commerce sales, but as Nielsen reported in its Global ecommerce
report in August 2014, an estimated 61% of people spend a considerable amount of time researching
products through online channels before making a purchase. And interestingly, a significant 43% of
consumers revealed that they specifically browse through outlets such as Facebook, Twitter,
Pinterest, Instagram and Google+ to seek inspiration for the types of products to buy.
This last statistic reveals just how powerful social media can be in terms of enticing shoppers to
make a purchase, both through its use of visual content and product descriptions. But while many
consumers still have reservations about purchasing items through social channels directly, the social
shopping phenomenon is clearly only going to grow and it’s apparent that this growth will eventually
have a positive impact on a retailer’s bottom line.
One retailer which enjoyed success by promoting its products via social media is ASOS. At the start
of 2014, ASOS previewed their summer sale through a Facebook application, allowing fans to play a
series of games to accumulate points, getting them to the front of the virtual shopping queue. The
winners gained first access to the sale, and through the support of sponsored ads ASOS was able to
generate 1 million views through the application, growing their fan base by 32%. This example
shows how much potential there is for brands to drum up organic publicity for their products whilst
engaging through fans across social media channels. Furthermore, it proves that social media outlets
have evolved not only as a tool for driving community growth, but also as a revenue driving
commodity to boost business performance.
Retailers mustn’t underestimate the power of social engagement as a method of generating sales. This
was proved by Wanted Shoes, who recently worked with us to design and integrate a ‘social
catalogue’ onto their site. The social catalogue depicted real-life images of products that customers
had recently purchased. When hovering over a post, users of the site were then directed to a link to
buy the exact shoe displayed in the picture, or alternatively, were able to shop for other shoes from
that designer.
Supporting the concept that that social media engagement can facilitate purchase orders, according to
Nielsen, 77% of shoppers say ‘social exposure’ and validation to a product is the most persuasive
source of information, and does indeed drive them to make more purchases. After all, we mustn’t
forget how powerful the trust of our peers can be, and this has a direct impact of driving revenue.
As Wanted Shoes experienced, by showcasing its products in a customer driven catalogue, they were
able to boost revenue and encourage more people to engage with their brand. Following this example
as well as the other retail giants that have enjoyed impressive results through social channels, the
retailer that ignores the power of social engagement in 2015 could potentially miss out on a
substantial revenue stream – one that could decide the difference between success and failure in an
increasingly competitive retail landscape.
10. Avinash kaushik is an indian entrepreneur published an article in dec 2014 titled digital marketing
and analytics are two ladders of magnificent success.
A marketing strategy is a process that can allow an organization to concentrate its (always limited)
resources on the greatest opportunities to increase sales and achieve a sustainable competitive advantage. A
marketing strategy is most effective when it is an integral component of corporate strategy, defining how the
organization will engage customers, prospects and competitors in the market arena for success. It is partially
derived from broader corporate missions, and corporate goals. They should flow from the firm's mission
statement. They are also influenced by a range of environmental factors. A good marketing strategy should
integrate an organization's marketing goals, policies, and action sequences (tactics) into a cohesive whole.
Many companies cascade a strategy throughout an organization, by creating strategy tactics that then become
strategy goals for the next level or group. Each group is expected to take that strategy goal and develop a set
of tactics to achieve that goal. This is why it is important to make each strategy goal measurable. Every
marketing strategy is unique, but if we abstract from the individualizing details, each can be reduced into a
generic marketing strategy. There are a number of ways of categorizing these generic strategies. A brief
description of the most common categorizing schemes is presented below:
Strategies based on market dominance - In this scheme, firms are classified based on their market share or
dominance of an industry. Typically there are three types of market dominance strategies:
Leader
Challenger
Follower
Porter generic strategies - strategy on the dimensions of strategic scope and strategic strength. Strategic
scope refers to the market penetration while strategic strength refers to the firm’s sustainable competitive
advantage.
Cost leadership
Product differentiation
Market segmentation
Innovation strategies - This deals with the firm's rate of the new product development and business model
innovation. It asks whether the company is on the cutting edge of technology and business innovation. There
are three types:
Pioneers
Close followers
Late followers
Growth strategies - In this scheme we ask the question, “How should the firm grow?”. There are a number of
different ways of answering that question, but the most common gives four answers:
Horizontal integration
Vertical integration
Diversification
Intensification
Prospector
Analyzer
Defender
Reactor
Anticipating competitors’ actions and reactions to your moves may be the key determinant of success for any
marketing strategy. One competitor cuts prices, undermining your pricing strategy. Another may decide to
offer new products and services, possibly over the Internet that has the potential to completely undermine
your existing strategy.
Today we are witnessing a dramatic and sometimes revolutionary change in nearly every aspect of the
traditional outbound/inbound call center, from its mission to its position in the enterprise. A paradigm shift
from a single-function (telephony-only operation) to a multifunctional, multimedia, customer service contact
center and factors like call efficiency, agent retention rate and morale boosting contributing to profitability
craft a Predictive Dialer as a must have tool and technology in laying foundation of the modern contact
center.
Traffic Shaping and Prioritization is becoming more and more common in the market. Most companies with
remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally
hosted at the head office and remote offices are expected to pull data from central databases and server
farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being
relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies
feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-
effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth
while properly managing these resources. Packet-Shaper’s “DialPrix”, corporate is a comprehensive
customer contact product that seamlessly integrates with your existing voice and data systems. “DialPrix”
delivers a world-class application that not only automates not only automates the handling of outbound calls
but also offers: but also offers call blending, campaign development tools, predictive dialing, real-time
statistics and reporting (ASR, ACD and PDD), all designed to maximize agent productivity and in turn
enhance the overall efficiency of your contact center. Packet-Shaper Technologies is a pure IP focused
Telecom Software Products Company with a state of art Development Centre in India and marketing
alliances in Singapore and USA. Our valued product line includes a Soft Switch (VOIP Carriers), Wire line
Calling Card (Basic Telephony Providers), IP-PBX (Corporate Networks), Soft Phone (Subscriber PC
Dialer), Predictive Dialer (Contact Centres) and OSS Billing (Broadband Service Providers). Packet-Shaper
has over 3 years experience in Call Centre operations in India, accredited with a successful set up of the
entire Software Billing Platform for Swissfone India (Our H323 and SIP Billing Platforms cater to more than
50 Call Centre traffic in India). Apart from Swissfone, Primus and Dishnet Wireless also employ our
platform for Switching and Billing for all their respective Call Centre VOIP traffic. VOIP hasn't experienced
many big security vulnerabilities. The public case almost assuredly caught the interest of tech-savvy
criminals looking for new ways to make money. "This was the first major VOIP threat, and it led to a very
large payout," says Dan Ingevaldson, director of technology strategy for vendor Internet Security Systems.
"Because VOIP protocols are very open, there's a lot of potential for mischief." Other threats remain mostly
theoretical. In IP phone environments, an attacker could use the open source Ethereal network protocol
analyzer program to capture tcpdump network output files and then use the open source Vomit (voice over
misconfigured Internet telephones) program to make a .wav file that includes VOIP phone conversations,
NetClarity's Miliefsky contends. In other words, there's an established way for hackers to surreptitiously
capture and listen to private VOIP calls.
Some general network security practices will go a long way toward improving VOIP security, Ingevaldson
says. A company's network can be broken down into virtual LANs, including one for VOIP, so traffic can
more easily be monitored and voice traffic given extra security. Most companies aren't buying VOIP-specific
security. Only 12% of the business VOIP users we surveyed have implemented technologies such as VOIP-
enabled firewalls. Network administrators have for years been battling denial-of-service attacks, spam, and
phishing, and VOIP introduces a whole new target for these and other threats. Imagine fraudsters hacking in
and manipulating the caller-ID phone number that appears on your phone and then calling you, claiming to
be from your bank and needing to confirm account details. Or one of your competitors could do something
similar to your customers, claiming to be from your business. You can see how phishing scams that worked
in e-mail could be applied to VOIP.
VOIP attackers also could flood networks with bogus voice mail messages. Spam sent over an Internet
telephone--"spit" in VOIP parlance--can be sent en masse to every user and shut down the system, much the
way a denial-of-service attack works on data networks. That's not all. Attackers could create fake voice mail
messages and disguise the origin or insert false words into actual voice messages, potentially changing their
meaning.
Many networking vendors offer routers with queuing capabilities, and this can be sufficient for simple
requirements. If an organization has chosen a thin client strategy, the router can take care of prioritization.
However, if there is a need to distinguish different applications within that traffic (e.g., print jobs versus ERP
processing), a router cannot help. An external Packet-Shaper offers better control and reporting, allows quick
configuration changes, and makes it easier to go beyond layer four (ie, to classify traffic at the application
level. Owen says there is a "difference between hype and reality" when it comes to QoS features in routers,
as they do not deal with application-specific problems very well. Both network QoS and application QoS
management is required, he suggests.
Another issue is that as desktop systems become more powerful, servers transmit larger packets of data
across WAN links, and this can conflict with carriers' assumptions that are based on older hardware. All
Nortel products implement eight queues, says Buckton, claiming that others only have two or four queues.
"This is the number of levels of priority you have in Ethernet... IP... and other technologies," he says. If a
network has been built with routers that lack QoS features, it can be more cost-effective to use an external
Packet-Shaper instead of upgrading the routers, says Chia. One customer was getting poor response from
Citrix applications, he says, but when Dimension Data got involved the customer pulled out from a cupboard
a Packet-Shaper purchased by the previous IT manager but never installed. The software was quickly
upgraded to the current version, and the customer saw an instant improvement and acceptable response
times. With data that is especially time critical, such as VOIP, adding packet shaping to aging network
infrastructure may not be enough, says Oliver Descoeudres, marketing manager at NetStar Australia. All the
routers will need QoS features as well, he says: "you've got to get that baseline in place." Chia agrees that
most VOIP rollouts would include a router upgrade for QoS, and suggests there are times when QoS and a
Packet-Shaper would both be needed. "It depends on the situation and actual traffic," says Bjarne Munch,
senior research analyst at META Group. "We do see [packet shaping appliances] having a good space in the
market right now." When it comes to managing priorities, Descoeudres says it is much easier to change the
rules in a Packet-Shaper than in a router. Chia points out that a network with a star topology can be managed
by a single Packet-Shaper at the network core, but more complex arrangements may require a device at each
location, and that can make it harder to establish the business case, he says.
Packet-Shapers "seem very easy to use", says Munch, but he recommends their use on specific links rather
than deploying them in a network cloud. They provide good reporting of the traffic mix--META doesn't
expect routers to catch up in that regard until somewhere between the end of this year and 2005--but
managing a large number of packet shaping appliances can be difficult, he says. With wideband IP
connections now delivering Ethernet to the premises, sites are likely to be equipped with a switch rather than
a router, says Chia. The basic queuing in a switch "just does not cut it", he says, as it does not provide
sufficiently fine control. A Packet-Shaper may therefore be needed, and "I think that's going to become more
prominent," says Chia. This situation may also call for traffic throttling, he says, because some contracts
penalize bursts of traffic. It is important that prioritization is done before throttling, and that can't be done on
a switch. Gabo disagrees, saying that companies such as Cisco and Alcatel are developing traffic
management capabilities for edge switches. The prioritization is "embedded in a much lower cost product"
than an external shaper and they do not need managing, he says. Michael Boland, distinguished engineer at
Cisco, is on Chia's side. Carriers offer four or five classes of service within a contract, he says, and their
routers police your traffic within these classes so you don't mark all your traffic as top priority. You
therefore need to shape your traffic according to the contract. Routers shape by aggregated traffic while
Packet-Shapers shape by application and "the world doesn't need to get down to this level of granularity," he
says. Even with Ethernet to the premises, you should install a router rather than a switch to accumulate
information about your traffic so you can check you are getting what you're paying for. "The faster the pipe,
the deeper the buffers," says Boland, pointing out that buffers equivalent to 2.5 times the round-trip delay
should be maintained. This isn't an issue for short-haul links, but it is significant for fast inter-capital or
international connections.
On the other hand, there are times when external Packet-Shaper is not appropriate, according to Chia, such
as networks that are still using legacy protocols (DECnet, IPX, etc) that are unsupported by such devices, or
where there is branch-branch traffic across a frame relay network and installing a shaper at each location is
uneconomical. "Every technology has its place," says Gabo. Packet shaping is traditionally used in WANs to
reduce charges and by reprioritizing less important traffic on restricted links. "A lot of WAN equipment
provides similar functionality," he says, but configuring a router requires specific skills and a
misconfiguration can being down a network. Foursticks NP attempts to reduce this risk by incorporating
patent pending methods for verifying the correctness of policies. The result is that the product is easier to
use, with quicker troubleshooting, says Noble.
Packet-Shapers are dedicated to the function, so today they do a better job than the embedded equivalent,
"but they will always be a niche product," says Gabo. "To date, the major need for traffic management was
in the WAN. In future, it will be everywhere in the network" because multimedia applications require end-
to-end control. Devices will provide this control from network vendors and soon from “Dick Smith
Electronics and other shops," he says. "Bandwidth management comes into play when there is congestion.
Congestion happens anywhere in the network that there are more than two ports" and it must be dealt with
where it is created, "or the damage is already done." Munch points out that Packet-Shapers are appropriate
when sufficient bandwidth is available but various classes of traffic must be prioritized. If the links aren't
adequate for the amount of traffic, compression (either as a standalone product or as an add-in to a device
such as a router or Packet-Shaper) is more appropriate. "Traffic management is only one part of the game,"
he says, "it's important to identify the actual need." Organizations tell META that compression can add one
or two years to the useful life of an international link before more bandwidth is needed. Similarly, if an
organization is planning to add VOIP to its current network in two or three years, it might be worth installing
Packet-Shapers as a "spot solution" while a converged network is architected. "There's probably more long-
term use for compression" than packet shaping, he suggests. "You can't get quality of service unless it is
embedded in each node in the network."
Cheap routers provide two or four queues, Gabo says, and expensive models eight or 16, but "you probably
won't need more than eight queues in any network--in practical terms, it's just not necessary" and a router or
switch that can do the classification and manage eight queues can provide QoS. Boland agrees. He says it is
enough to specify (for example) top priority for VOIP traffic, medium priority for enterprise applications,
and "best effort" for e-mail. "If you can get down to that level, you can get very fine control over what goes
down a pipe," he says. Munch concurs, saying "you can do very differentiated queuing" with modern
routers. Router vendors tell their customers to use QoS in the routers, says Côté, and "in some cases that's
the best thing that could happen to us" because that doesn't provide enough priority levels, sufficient
granularity, or the ability to limit certain traffic types. Boland suggests organizations should compare the
cost of Packet-Shapers with the benefits they deliver over and above those provided by modern routers.
"You can't put them on every junction on your network," he says, and vendors are increasingly putting
intelligence into the switching fabric. There is usually plenty of bandwidth on a LAN, so the issues occur on
a LAN/WAN boundary, and there's usually a router at that point.
HOW DOES IT WORK?
The primary mechanism used by the Packet-Shaper is TCP rate control, says Packeteer systems engineer
Bede Hackney. Instead of managing queues of packets, a Packet-Shaper manipulates the TCP sliding
window size (the maximum number of bytes that can be sent without receiving an acknowledgement),
effectively controlling the speed at which data is transmitted. This approach provides bi-directional control
with a single device, and it also makes it possible to limit the bandwidth consumed by a device such as a
remote camera even if there isn't a router at the far end of the link.
A Packet-Shaper can track the different sessions passing through it and intelligently delay
acknowledgements to control the flows without causing packets to be retransmitted, as such retransmissions
waste bandwidth. If packets are buffered and queued, they will be dropped at some stage, says Hackney, but
"we're able to achieve a more efficient control." "If we can't do anything smarter, we'll fall back onto
queuing," he says, adding that Packet-Shapers can also mark packets according to a variety of prioritization
standards, including 802.1p, CoS, Diffserv, and MPLS. Foursticks claims its patent-pending algorithm is
more accurate than methods such as TCP rate shaping because it responds more quickly to changes in the
network. It also uniquely allows the definition of the maximum latency for packets moving through the
device. "This is important to delay and jitter sensitive traffic," says Alisdair Faulkner, Foursticks' director of
strategy. The Foursticks algorithm also incorporates finer granularity of policy control through its
configuration verification capability that ensures that policies are valid and supportable by the underlying
network, he says. Boland points out that modern routers do more than just routing packets. Additional
functions such as firewalls are being built in, so routers can understand traffic at the application layer. Packet
shaping either introduces another type of box to the network, or additional software running on the servers--
either way, that means more complexity.
A by-product of packet classification is the collection of detailed data about the traffic flowing across the
network. Packeteer's Report Center software provides consolidated reporting from multiple Packet-Shapers
or Packet Seekers. The software collects 55 variables that are useful for service level management, and it has
"a very robust API", claims Morford, allowing connection to other applications. Owen says work has been
done locally to integrate Packeteer data with Concord's management software for reporting purposes. "It's
the strength of out product," he says. Information collected by Packeteer appliances is a valuable addition to
other management tools. Several local customers are using the API to link to their host accounting systems.
"We've been very successful" as an alternative to messing around with spreadsheets," says Owen. "Most
sophisticated customers are... billing at the application level."
Other vendors support the integration of their products with applications. "Foursticks has an open API which
allows third-party software developers to automate many control and shaping features," says Faulkner.
Performance data collected by Packeteer appliances can also be used for "proactive alerting", says Morford.
Performance degradation can be spotted at an early stage, so technical staff can be alerted before a system
fails or becomes unacceptably slow. It can also locate problems that affect specific clients or servers.
Another issue is granularity of reporting. "Foursticks believes you can only control to the level of detail you
can monitor and report. Only NP has the capability to measure bandwidth and application response time--
round trip time--‘live' at per-second granularity." Averaging the response time of transactions over one
minute rather than one second can give a misleadingly low impression of responsiveness, Faulkner says.
Service providers that use a Packet-Shaper or Packet-Seeker to investigate their client's network do not need
to leave it in place permanently, according to Descoeudres. Putting one on the network for a week or so can
"identify latency issues and qualify the end-user experience", he says. When the provider is responsible for
managing application performance, ongoing data collection will help identify and address the real cause.
"Often the problem may be there is insufficient bandwidth for a particular site," he says. "Packeteer gives
you very effective reports at the application level." "Customers see this as useful technology, but not
essential in the current environment," says Descoeudres, but he expects interest will return as soon as IT
spending picks up.
Before becoming immersed in the organizational and technological minutiae of designing network
intelligence, steps should be taken to ascertain that any solution would in fact address a problem that affects
the organization’s core mission. Although it is almost always advisable for network professionals to have
this knowledge, it may not always mean that a broad-based strategizing exercise needs to be undertaken if
the wider business need is not present. At the same time, recognize that the absence of explicit business need
now in no way suggests that it will not appear later. Any network administrator who, at present, is
comfortable and content with a less-than complete picture of what is passing over the wires must keep in
mind that the rapid growth of Internet use, and the resulting rate of environmental change, guarantee that the
question will be called with some regularity. In view of that fact, benefit could be realized early from
thought experiments regarding the basic focus of future network intelligence, for example collaborative
incident response or auditing.
INTERNAL DRIVERS
Within an organization, users of information resources share a desire for confidentiality and integrity of
various types of information. The organization itself, as an abstraction from individual users, will also have
such a desire, and typically policies will be in place to balance the two. However, it can be difficult to assess
policy compliance without a thorough understanding of how data networks are being used. As Internet usage
grows, it is important to be able to classify and prioritize the traffic on data networks. When a network
administrator faces problems with the performance or reliability of the network, solid network intelligence of
this type is needed to execute an informed response. Increased Internet usage has also typically paralleled
greater organizational dependence on IT as a whole. Forces driving economization of IT operations might
prompt management to investigate network intelligence initiatives with the goal of reducing total operational
cost.
EXTERNAL DRIVERS
Because the Internet is a shared global resource, network administrators are expected to make best efforts
toward good citizenship. Lapses can cause significant reputational damage and embarrassment to the
organization. Having a reputation for poor citizenship can create obstacles to collaborating with other
organizations, and make it difficult to maintain credibility with peers in the security field. High-profile
scandals in recent years have caused regulatory concerns to take center stage with regard to IT governance.
Educational institutions face the Family Educational Rights and Privacy Act (FERPA), publicly-traded
corporations are now subject to the Sarbanes-Oxley Act, and the Health Insurance Portability and
Accountability Act (HIPAA) looms over any organization that touches healthcare. These three examples are
the most widely-recognized and broadly-applicable, but no matter what the core business of a given
organization, it is highly likely that compliance pressure will be present, whether directly or indirectly
through partners or customers. Concerns of citizenship, reputation and compliance all contribute to the case
for attaining a complete view of network activity.
SOURCE OF INITIATIVE
One important aspect to consider when developing a network intelligence strategy is where in the
organization the initiative originated. In most cases, network administrators themselves will be the initiators,
and this is the desired scenario. However in rare instances, the suggestion will filter up from below, or may
be handed down from above. In the case where management at a higher level announces a requirement for
network monitoring, care should be taken to ascertain that such a system will in fact address the perceived
problem. Marketing hype, media sensationalism, inscrutable jargon, and bandwagon forces can sometimes
prompt non-technical managers to dabble in areas where their lack of expertise becomes a liability. It may be
that what upper management really wants is a way to capture usage data for metering and billing, or a
policy-based traffic shaper. Network professionals will need to learn how to “manage up” in these situations
in order to maintain the integrity of IT strategy. If the call for network intelligence originates from below,
network administrators will have to examine why systems already in place are not meeting the informational
needs of lower-level IT staff. The real motivation might be “cool factor” or a desire for newer, better toys to
play with. On the other hand, staffers who perform the daily hands-on tasks related to security or network
operations will often have the best visibility to changes on the horizon, and hence their suggestions should
be given appropriate weight.
THREATS
Ideally, any system for collecting network intelligence will be designed and implemented in response to
some threat or collection of threats, and not merely for its own sake. If the operational purpose of such a
system is not explicitly stated and known, it is more likely to be subverted for other, perhaps inappropriate,
uses. Beyond the initial identification of threats, it is also useful to categorize and examine them at a lower
level. A wide disparity may exist between threat perception and reality. A threat perceived by other groups
within the organization may translate to a distinctly different threat that is real, or may simply not exist at all
in the real scenario. Alternatively, de-prioritizing a perceived threat, which may gain legitimacy over time, in
favor of issues that are immediately critical can lead to unpleasant surprises when the environment merges
perception with reality. Careful triage of asserted threat models can reduce the complexity of system
requirements and build better overall preparedness. In other instances, some threats may be of a mandated
nature. This circumstance essentially conflates the real and perceived classes. Whether due to regulatory
compliance pressure, immutable internal policy, stubborn leadership, or other organizational
dysfunctionality, a mandated threat is best approached as a necessary evil to be included in system design.
As a final note on threats, it should go without saying that network professionals must always design with an
eye toward the future. The nature of threats will always be changing at a faster rate than the set of solutions,
and network administrators are typically called upon to implement technology that is several months old, at
best, in response to problems whose ages range anywhere from minutes to weeks. In recognition of this, an
examination should be made as to whether it is the correct strategy to favor flexibility, extensibility, and
upgradeability in solutions that are evaluated, possibly at the expense of other attributes.
LIABILITY
While working to confirm a business need for network intelligence, it is also prudent to consider the possible
existence of contrary motivations. The example that most immediately manifests is the extent to which
acquiring network intelligence may create liability. Particularly for organizations that could be considered
common carrier service providers, gathering certain types of information can lead to awareness of illegal
activity. Beyond the question of whether or not the organization wishes to dig that deeply, the further
question of whether detected illegal activity should (or must) be proactively reported is of great import.
Depending on the legislative and regulatory environment, failure to make such reports could lead to
undesirable consequences. Careful combing of internal policies or perhaps consultation with legal counsel
will be necessary.
GENERAL CLASSIFICATIONS
At a high level, the realm of devices and applications that can fit into a network intelligence strategy can be
classified as follows:
General-purpose sniffers and monitors. Tools in this category are handy in the small scale of operations,
but lose their effectiveness when the target network achieves a certain critical mass of size and complexity.
Examples include Iptraf, Ntop, and the venerable Tcpdump.
Accounting and auditing tools. These are network capture systems oriented toward output in the middle
range of detail. Some can be used as a basis for metering bandwidth consumption. IPAudit and Argus are
typical examples.
Scanning and discovery tools. In larger networks and environments that are geographically distributed,
there is higher likelihood of unknown devices appearing on the network. Administrators will find it
beneficial to make use of tools like netdisco and SolarWinds Network Discovery. These allow for the
identification of network devices via various methods, and can provide information about topology and
platform constituency.
Network Intrusion Detection Systems (NIDS). NIDS, also known simply as IDS, were the first class of
applications targeted directly at obtaining network security awareness on a large scale. Though they enjoyed
intense popularity for a time, they eventually succumbed to the criticism that they are really Attack
Detection Systems, due to the fact that most of them are unable to distinguish between successful and
unsuccessful intrusion attempts. The result is an extraordinary degree of attention required to avoid an
overwhelming number of false positives. This is especially true in environments without perimeter security,
although an alternate tactic for those cases is to reverse the detection polarity (effectively creating a Network
Extrusion Detection System). The value of a NIDS is further limited by the fact that once an alert is
generated, it must be acted upon
outside of the system. The most notorious NIDS is probably the open-source tool Snort, but many other free
and commercial examples can be found. Nearly all are software-only tools designed to run on commodity
hardware that may or may not be re-branded by the vendor.
Intrusion Prevention Systems (IPS). Over the past few years, attitudes toward IDS caused many players to
respond by evolving their products one step further. The new species includes mechanisms for mitigating
detected intrusions in real time. This capability causes some functional overlap with the new breed of
application-layer firewalls, and indeed some are able to function quite well in that role. Due to the increased
complexity of function and need for wire-speed operation, some vendors have chosen to implement IPS as a
hardware appliance with proprietary Application- Specific Integrated Circuit (ASIC) components. In
general, the ASIC-based solutions are better able to cope with very high traffic loads, and are easily
extensible into multi-function platforms. In service of greater network intelligence, administrators often use
IPS devices to turn down the volume of the most egregious incoming abuses. Certain types of activity, while
malicious in intent, are a simple fact of Internet life, and as such can be safely ignored under low-alert
conditions. Early examples of IPS solutions were the Top-Layer Networks Attack Mitigator and the Tipping
Point Unity One, both of which are being marketed.
Forensics consoles. Capture forensics tools have existed for quite a while as standalone desktop
applications. Recently, however, the market has begun producing more robust tiered-architecture systems
that allow fine-grained analysis on very large traffic volumes. The most mature solutions provide dashboard
views at multiple levels of detail, along with a console for mining deeper into data streams. Ethereal is
perhaps the most popular standalone capture analysis tool. Examples of larger scale solutions include
Sandstorm Net Intercept and NIKSUN Net Detector.
Security Information Management Systems (SIMS). SIMS is an attempt to capitalize on the heavy
fragmentation of the security product space. Their primary function is to aggregate metadata from disparate
systems for a dashboard-like picture. Sites that have invested deeply in emerging technology over the years
find that there are too many reporting streams, in too many different formats, to make ready use of on an
individual basis. Products like Arc-Sight and Guarded- Net neuSECURE can enable recapture of value from
older systems by consolidating a multiplicity of information sources about network events. The major
downside of these products, much like with NIDS, is that the level of customization and tuning required out
of the box is considerable.
Amalgamations. A number of appliances on the market are multi-function systems that perform in more
than one of the above capacities. Some include all features in the base configuration, while some others offer
enhanced functionality as snap-on components, for an enhanced price. Examples are the X-series products
from Crossbeam Systems, Sleuth9 by DeepNines, and to a lesser extent, ISS’ Proventia product line. At this
stage, it is difficult to assess if these attempts toward generalist solutions are viable, or whether feature bloat
is resulting in overall diminished value.
Special Environments. One clever set of methods for catching malicious activity involves deploying
specially-engineered environments such as honeypots, honeynets, and darknets. A honeypot is a system that
is deliberately made vulnerable in order to observe the activities of the attacker who exploits it. A honeynet
is a more complete environment that may provide more targets or a more realistic set of interactions between
sacrificial and normal systems. Unlike honeynets, darknets have no systems to be targeted. A darknet is just
what the name implies - a subset of public, routable network addresses with no host population. The
principle behind their use is simple. Since there are neither sources nor destinations on the darknet, any
traffic that originates from or is directed toward it is probably not legitimate.
Over the last decade, India has developed into a major and credible information technology (IT) outsourcing
centre. The IT sector is one of the fastest growing segments of Indian industry, growing from Rs. 13,200
crore in 1992-93 to Rs. 80,884 crore in 2001-02. Sixty per cent (Rs. 48,134 crore in 2001-02) is accounted
for by software and the remaining 40 per cent (Rs. 32,750 crore) by hardware. The sector has performed
exceedingly well on the export front. Exports grew from Rs. 1,454 crore in 1991-92 to Rs. 42,371 crore in
2001-02. Again software comprises the bulk of the exports. Software exports of Rs. 36,500 crore accounts
for 86 per cent of total IT exports. Hardware exports of Rs. 5,871 crore account for only 14 per cent. The
major achievements of the sector include the development and tremendous success of the software industry,
large-scale computerization and Internet usage, IT-based automation in various industries, development of
supercomputer technology etc.
The major reasons for the stagnant growth in IT hardware production are distorted tariff structure, poor
infrastructure, high cost of finance and stiff competition from multinational corporations (MNCs). This
sector is likely to face even harder competition after 2005 when the zero duty regimes comes into place in
line with the Information Technology Agreement of the World Trade Organization (ITA-WTO). Although
under this regime, import duty on finished products would come down to zero, it is unlikely that duties on
various inputs such as chemicals and metals used in hardware production would also be brought down to
zero. In such a scenario, the viability of domestic manufacturing will be adversely affected. A
comprehensive package of measures, both short term as well as long term, needs to be put in place to ensure
accelerated development of the sector. The most important long-term measure is to evolve a well thought-out
hardware policy suited to our requirements. The highlights of any strategy to promote the hardware sector
should be:
Formulate a national hardware development policy by December 2002 in line with the relevant
recommendations of the second and third reports of the National Task Force on IT and Software
Development.
Raw Materials, to cope with the zero duty regime from 2005.
Identify global hardware majors through trade delegations and encourage them to set up
manufacturing units in India.
Work out a specific action plan to ensure the development of world class products at competitive
prices. This should include promoting international specific alliances, dedicated R&D, targeting
new overseas markets, continuous product improvement etc. Existing Indian companies have to
play a major role in this regard.
Strengthen quality certification programmes and encourage the establishment of test laboratories
for international certification in order to generate greater confidence in suppliers from India.
Promote HRD and skills development in key technologies like embedded systems, VLSI (Very
Large-Scale Integrated Circuit) design, blue tooth technologies etc. The industry needs to set up
contract design centres and spend 5 per cent of revenues on R&D.
SOFTWARE DEVELOPMENT AND MARKETING
The total global software and IT services market is estimated to be about $ 1.2 trillion of which India’s share
is 2 per cent. The Indian software industry is under threat from emerging competitors like China, the
Philippines, countries of the Commonwealth of Independent States (CIS), South Korea etc. Strategies would,
therefore, have to be re-oriented for sustained growth. The domestic market also needs to be developed. The
experience of countries like China which have a very strong and vibrant domestic market needs to be studied
when developing our long term strategy.
Major initiatives that require immediate action in the Software Sector are:
The software industry needs to move up the value chain by developing high value products
through R&D. Software firms need to tie up with the extensive R&D network that exist in the
country.
To ensure long-term sustained domestic growth and exports, the software industry needs to move
from being software solutions providers to manufacturers of packaged products.
Continuous improvement in productivity will hold the key to maintaining our competitive edge in
the global market. Three vital inputs are need for this: sustained improvement in the quality of
products and services, availability of high quality manpower and strong R&D support.
For building brand equity and positioning the India brand abroad, large investments in marketing
and brand building would be required. The United States would continue to receive priority
attention for software exports. Other elements of the marketing strategy should be strengthening
marketing channels globally, expanding the focus to emerging markets in Europe, the United
Kingdom, Asia- Pacific, Japan etc., and entering into agreements with end-user countries for
executing large projects.
Industry associations like the National Association of Software and Service Companies
(NASSCOM), Manufacturers Association of Information Technology (MAIT), Electronics and
Computer Software Exports Promotion Council (ESC) etc., need to assist the small and medium
enterprises (SMEs) in their export efforts through effective networking and one-on-one meetings
with potential customers in developed countries.
Priority attention needs to be given to the development and promotion of software in Indian
languages and meeting local requirements in order to expand the domestic market.
The unprecedented growth of innovative services and technologies are challenging the demarcation of
various services, service providers, users and government regulations in the communication and information
technology industry. The success of the convergence regime would lie in ensuring a seamless transition to
the new services and information delivery systems. The single biggest area of convergence could be the
integration of the Internet with the broadcast sector. The Communication Convergence Bill envisages a
unified regulatory regime to address the convergence of telecommunications, data communications, Internet,
satellite and terrestrial broadcasting, cable television, audio broadcasting, software and content creation.
Innovative and cost-effective solutions have to be found to make the required bandwidth available in remote
and rural areas. Innovations like small electronic devices fitted in a PC having the capacity to disseminate a
bandwidth of about 11 mbps (megabits per second) around a four to ten km radius would need to be
encouraged to make broad-band connectivity available all around in the country. This innovative technology
has tremendous significance in the case of the postal sector. The existing 1.55-lakh post offices can become
radial points for dissemination of bandwidth. Since Internet telephony has now been allowed, the existing
STD/PCOs need to be upgraded with Internet facilities to expand Internet connectivity throughout the
country. Rural post offices should also be modernized this way. The digital divide is one of the major issues
facing the IT sector. The disparities between different sections of the society and different regions must also
to be bridged. Special programmes may have to be designed for IT-enabled services in rural areas.
Panchayati Raj institutions (PRIs) and nongovernmental organizations (NGOs) have to be effectively
involved in this programme.
TRAFFIC SHAPING
Traffic Shaping allows you to discriminate the level of service (i.e. speed) offered to a user or a group of
users at a given point in time for a given application. It is the most intelligent means of controlling traffic,
because you can allow heavy users to “do their thing” when the network capacity is available. You do not
have to “cut them off” when these users do hammer the network as you can reduce the capacity available to
them at peak times without removing it altogether. This throttling can even be done at an application level.
A huge advantage of shaping is that it can differentiate between time sensitive, low volume traffic flows and
“background”, high volume downloads (peer to peer applications in particular). You can configure profiles
that take into account troughs in network utilization and allow you to offer even heavy users unrestricted
access at quieter periods, while controlling how much is used when the network is busiest. Remember, it
doesn’t matter to you if your customers are hammering their connections as long as that traffic doesn’t drive
a higher peak on the network. There is a lot of free capacity particularly at night time and there is a certain
balance in saying to your heaviest users, “Do what you like as long as it doesn’t impact the rest of our
customers.” Traffic Shaping is the gold standard in traffic management because it gives you the ability to
manage traffic for whatever group of users or applications that you consider to be a problem. This means
that the majority of users (especially the 40% that use 3.8% of traffic in Ellacoya’s data) need never know
that you are managing them. Just think of all those asterisks that could be removed from your product
advertising…
The disadvantages of Traffic Shaping are its cost and the fact that the technology is being rapidly overcome
technically by those who wish to continue old behaviour.
The cost issue: Packet Inspection is a very intensive activity and can add latency even if high end silicon is
used. If you are committed to Traffic Shaping, you are committed to throwing ever more resource at the
problem of recognizing the users and applications that you want to shape and to installing enough hardware
to achieve the results you want. A chain is only as strong as its weakest link and Traffic Shapers may well be
your weakest link if you do not properly resource them. One of the major problems with traffic shaping is
that the technology is based on recognizing protocol signatures. Heavy users don’t want to be traffic shaped
of course, so those who wish to do so can stay one step ahead through encryption of their traffic or by
disguising it as HTTP. Such “innovations” are designed to fool the shapers into allowing the files through
unaffected and maintain the user’s download speeds. Like a game of “whack-a-mole” played at ever
increasing speeds it now looks unlikely that Traffic Shaping will ever be able to keep up with such
innovations. The result is likely to be fundamental changes from blacklist-based systems (allow all except
X), to whitelist based ones (only allow Y). If this happens, one of the side effects will be the default shaping
of any new protocols, even those that genuinely do not deserve it.
BANDWIDTH CAPS
Caps have allowed the introduction of ever-cheaper broadband access since BT moved all of its ISP
customers (I’m sorry, encouraged its ISP customers to move) onto Capacity Based Charging. This change in
2005 reduced the cost to the ISP of serving the majority of its customers, while maintaining the overall bill.
Consider median usage around 1GB per month against average usage of 5GB. A customer with a 2GB cap –
more than is used by most – could be charged £18 (or even less) a month with the maximum exposure to the
ISP fixed to around £11.70. Any incremental usage over 2GB is chargeable at rates varying by ISP. Mine
charges me £1.49 per GB, which although it would not cover the full cost to them if I was to use it all at peak
times (£2.34), is enough to make me think very carefully before firing up my Joost application. So, on the
surface, caps work for ISPs – if only they could get all those early adopters onto these not so new capped
products they would be laughing – but there is a serious issue lurking in the shadows. Bandwidth does not
equate to value. People have a strong sense of the physical value of something and find it very hard to relate
to the virtual cost of something like a DVD being 6.7 times (4,700 / 700) more expensive to transport than a
CD. You couldn’t blame a customer for calling your billing department saying “I’m not paying that much! I
don’t have to pay any more to post a DVD than a CD, so why should I pay more to get it over the internet? I
didn’t know it was going to cost that much. I won’t be doing this again, I can assure you…” At current
bandwidth prices, it would be cheaper to pay a taxi driver to pick up your Friday night movie from
Blockbusters that it would to download it over the internet. This dynamic reminds me of the ill-fated ITV
Digital purchase of First Division football rights – it would have been cheaper to pay everyone who ended
up watching the matches to go to the games by taxi than it was to show it to them on TV. That story didn’t
end well either.
This is the oldest and least confrontational of traffic management strategies, but also the least effective.
Every contract has had an acceptable use clause in it, entrenched in the need to avoid legal exposure to
criminal acts being carried out using the service. Over the last few years, these AUPs have morphed into Fair
Use Policies that include some dark words about what will happen if your use of the service negatively
impacts other customers. Such clauses are often broadly written so that ISPs, not wanting to pin down what
actually is a problem, can deal with one when they see it. The clauses don’t have the same deterrent effect as
caps because they are not specific and do not have a price attached to them, but this vagueness is very
marketing-friendly. FUPs have the benefit that they allow the ISP to ignore irrelevant behaviour such as
heavy off-peak usage or infrequent busy months for example, but the flip side is that it takes people-time to
make judgments and enforce them which can be hampered significantly by organizational inertia. The cost
of flexibility is often that nothing gets done. Without a clear line in the sand, there is a risk that FUPs could
lead the ISP into a rat-hole from which they cannot escape, where user expectations grow gradually until it is
eventually impossible to arrest bandwidth growth without losing a large number of customers. Fair Usage
Policies often back up Traffic Shaping activity, so it is true that the above categories overlap but I hope that
this gives a broad outline of what the industry is doing today to manage cost exposure.
EVOLUTION
As stated earlier, such measures are really only in place to deal with the small minority, the top 5% who use
far more than they pay for. Today’s heavy users are a determined bunch. They know the ISPs that will act on
FUP and they avoid capped products. Technology is allowing them to bypass the traffic shapers too, so the
high-tech pirates can do what they do in a game of cat and mouse that probably adds to the fun of it all.
Tomorrow’s heavy users could be just regular customers as adoption grows of online video in particular. It
has appeared for the last year or so that the content industry was going to go ahead regardless of ISPs and
put its content up there, in many cases using peer to peer to avoid incurring any significant costs of their
own. This to me showed a poor understanding of the market, ignoring the basic economics, which said that
this couldn’t be allowed to happen.
Traffic management is a self-fulfilling prophesy to some degree because of the uncertainty and deterrent
effect it causes. The biggest winners are the owners of satellite and cable TV networks, which will continue
to satisfy demand for high definition broadcasts. Traffic Management will prevent the online video market
evolving unless there are major structural changes, something we will begin to discuss next week.
POWER
This is the final feature of Traffic Management. Perhaps the dynamic that will have the most lasting effect,
long after usage caps are assigned to dustbin of history to sit alongside 0845 dial up access. In 10 years time
it is likely that we will look back on Traffic Management as being the first time that ISPs took control of
what their users do with their services. Historically, ISPs have insulated themselves from what people do
with their services by claiming to be “dumb-pipes”.
Now they need to control the traffic for their own financial survival, they will suddenly realise that this
control can allow them to get much more from those who wish to use their distribution network to reach
consumers. We may even see the pendulum swing for a while and find a situation where content owners feel
“blackmailed” into agreeing with an industry that is suddenly vibrant and working together to the same set of
objectives. This control will be integral in solving the big problems on the internet today: I’m not just talking
about video here, but piracy, pornography and criminal activities of all kinds. It is worth considering this can
of worms because with great power comes great responsibility and traffic management does indeed give the
ISPs great power
A common anecdotal thread noted by the author among colleagues has been that security professionals often
come to the business “by accident.” It is an adolescent field, and its practitioners face a daunting set of
challenges. In spite of the circumstances, it is unacceptable to allow security to continue to exist as an
accident in contemporary organizations. The need for strategic rigor in all aspects of security practice is
urgent and paramount. This philosophy is patently applicable to the process by which security professionals
and network administrators arm themselves with information assets. Without critical examination and
planning, these individuals and their teams will squander opportunities to transform voluminous data into
valuable intelligence. The ultimate best-case scenario depends upon the invention and execution of a
complete strategy that surpasses ordinary tactical initiatives. Pursuit of network intelligence as a problem to
be solved at the organizational level, by first making the business case, and next generating strategic options,
will contribute to initial success. Early detection of crucial dealmakers and dealbreakers will ensure that
benefits can continue to be realized. The administrator who achieves network intelligence may one day
discover his organization comfortably positioned in the race against security threat evolution.
Many people have made fortunes in network marketing business opportunities, also called multi-level
marketing / MLM. Usually only a number of people at the top made money, with the majority of the
distributors failing to achieve any measurable level of success! Usually this was the result of compensation
plans that did not reward the average person only those that builds large downline's. Another aspect is all the
free to join opportunities that advertise no selling no recruiting, this gives people the impression it's more of
a hobby then a true business model and requires no skill. Not much has changed over the years, yet this is
still this is one of the most rewarding home business opportunities today. The majority of companies offer
products and services that the average person uses on a daily and consistent basis. Today we have products
like communication services, internet access, nutritional products, water filtration systems, financial
programs this makes choosing a company all the more difficult. This business does have a high failure rate
though; some of this stems from the false representations made on the Internet, TV and by distributors who
just don’t have the necessary skills to be successful. Some of these wildly exaggerated claims include
statements like no sales required, no prospecting our automated web site system will do it all for you. Show
me one business today that requires no sales to be successful!
It takes commitment and determination in both building and marketing your business. Network Marketing
Training is vitally important to insure, success in your business opportunity. You may have a great company
that provides training, great up line support but if you're still not achieving the success you are looking for,
then by all means seek out additional training, possibly even professional coaching. One of the keys to
becoming successful is to provide products and services that the average person will use. The products or
services should be unique or consumable. The power and distribution of the internet has made the stocking
of products obsolete, your customers are just a click away from ordering directly online. Another key to your
success is finding the right sponsor; leader or team to work with this will help insure your success in this
business. A sponsor is someone who will guide and assist you with the necessary support and resources to
help you grow your business. People when prospecting often place too much importance on their company,
the online presentations or their companies pay plan. What they fail to realize is that it is the people within
an organization are what matter most when prospecting. Many companies have come and gone but when
you’ve built a strong organization, have made many close personal friends and business partners will stay
with you always. "Again the most important ingredient" for your ultimate success is network marketing
training. Developing your marketing and sales skills is essential in direct selling; yet this vital component is
missing in most company training programs. I cannot emphasize this enough, "it is essential to building a
successful business."
Traditionally network management services was a space dominated by names like IBM, NCR, Compaq, and
HP. Recently, however, there are several Indian companies that are gradually building their skills in this area
and offering great value to companies wishing to outsource their network management services. Though this
sector is still in it's nascent stages, domestic demand has triggered the entry of local systems integrators,
hosting providers, and facilities management companies into this area. .
Though there are apprehensions about security and loss of control in offshore outsourcing network services,
well-established names like Wipro, Microland, Infosys, Bangalore Labs, and others are creating a path for
others to follow. By setting up world class Network Operations Centers which handle monitoring networks,
analyzing traffic, identifying bottlenecks, alerting and protecting customers from impending problems,
ensuring 99 percent uptime for client networks, and disaster recovery, Indian companies are gradually
convincing international companies that remote management from offshore locations is a great option.
Outsourcing network services to India is a relatively new practice, but there are a growing number of
companies providing quality network management services. Several North American and European firms are
realizing the potential of network outsourcing services in offshore locations like India. Several well
established Indian IT companies have extended their gamut of services to include running networks
operations centers for global customers. These help to not only improve productivity and cut costs on the
infrastructure side, but establish that cost efficiency and quality are not mutually exclusive. Along with the
well-established names, which currently dominate this sector, several other small and medium size
companies are getting into the business. They have good reason to as IDC figures pegged the network
infrastructure services market at Rs 753 crore during 2000-2001, and it is growing at 26 percent annually.
Though there is still a long way to go before Indian companies make a dent in the global market there are
several companies attempting to show global customers the potential of outsourcing network management.
Companies like Bangalore Labs and HCL Comnet have made significant investments in setting up world
class NOC Centers. Others like Wipro, Microland, Satyam Infoway, and Global Telesystems, have added
management services to their existing portfolios. Though there are still not too many international customers,
these companies cater to some of the biggest names in the domestic sphere. Bangalore Labs now provides
network management services to L&T Information Technology; systems & application management services
to Skumars.com; managed security to Hathway and Cyquator. HCL Comnet is providing management
services to Philips, Sanmar, Bajaj, IOCL, SBI, 3M, TVS-Suzuki, HomeTrade, IndiaTimes, CitibankOnline,
HDFC Bank, ICICI Bank, Fabmart, India Cements and others.
Microland manages one of the few NOCs in India that manages the infrastructure for a BPO company. It set
up it's NOC in 1999 and functions 24 hours a day all through the year. Microland handles network
management for customers like Blue Dart, Heinz, IDBI Bank, NetCom Systems, and a Fortune 10 customer.
Around a third of these customers are in India. Ramco Systems has established itself by catering to large
customers like the Bombay Stock Exchange, Indian Oil, Ericsson, Coca Cola, Oil and Natural Gas
Commission, and the Tata Institute of Fundamental Research. Wipro started with domestic customers and
then moved into the global market. Almost 55 percent of the infrastructure management services at Wipro
are carried out offshore.
CHAPTER-3
DATA PRESENTATION AND ANALYSIS
PERSONAL PROFILE:-
26 percent are those who are having technical and professional qualifications
25 percent are those who are in the managerial and administrative posts.
DATA ANALYSIS:-
Note: All the thirty officials of Packet Shaping Industry who were selected on the basis of purposive random
sampling were interviewed by the researcher and the responses collected from them have been together,
subject-wise, and accordingly, each question may reflect the summary of the collective opinion of the
responses on that particular question.
The drivers of the packet/ traffic shaping, as identified by the respondents, are as follows:
the growing number of new users added to networks the popularity of streaming media applications, which
allow users to listen to radio stations or view video clips via the Internet the development of peer-to-peer
Web sites, such as Napster, that allow file-swapping over the Internet and the rise of e-commerce
applications. Above all, the need for the development of convergent technology in the face of denser virtual
traffic and the present telecommunication revolution.
4. How do Packet-Shapers/ traffic shapers help in resolving the problem of denser networking?
Traffic shaping, feels the respondents, provides a mechanism to control the volume of traffic being sent into
a network (bandwidth throttling), and the rate at which the traffic is being sent (rate limiting). For this
reason, traffic shaping schemes are commonly implemented at the network edges to control traffic entering
the network. This control can be accomplished in many ways and for many reasons but traffic shaping
always simply consists in delaying packets. Traffic policing is the related practice of packet dropping and
packet marking. Traffic shaping can be applied by the traffic source (for example, computer or network card)
or by an element in the network. A traffic shaper works by delaying metered traffic such that each packet
complies with the relevant traffic contract. Metering may be implemented with for example the leaky bucket
or token bucket algorithms (the former typically in ATM and the latter in IP networks). Metered packets or
cells are then stored in a buffer until they can be transmitted in compliance with the prevailing traffic
contract. This may occur immediately after some delay (waiting in the buffer until its scheduled release
time) or never (in case of buffer overflow). Traffic Shapers have the ability to better identify application-
specific traffic by reading data higher up the protocol stack from within packet headers, and looking for tell-
tale application signatures. Armed with this additional data, Packet-Shapers provide WAN/LAN
administrators with the ability to control the precise bandwidth percentage used by each respective
application. It would be furthermore possible to set the upload limit for ports that are used by bittorrent or
emule to 0 effectively eliminating all network traffic from one’s computer to the network.
Q1. From how many years you have been working in Design and Deliver?
40%
35%
Less than 2 years
30%
25% 2 to less thhaan 4 years
20%
15% 4 to less than 6 years
10%
More than 6 years
5%
0%
Interpretation
22% respondents replied that they have been working in Design and Deliver from less than 2 years however
29% respondents replied that they have been working in Design and Deliver from 4 to less than 6 years
Q2. Are you involved in the data and information security process at Design and Deliver?
Yes 98%
No 02%
100%
90%
80%
70%
60% Yes
50% No
40%
30%
20%
10%
0%
Interpretation
98% respondents replied yes that they are involved in the data and information security process at Design
and Deliver.
Q3. Effectiveness of End-user computing policy
Effecttive 36%
Neutral 11%
40%
35%
30%
Very Effective
25%
Effecttive
20% Neutral
Not Effective
15%
Not at all Effective
10%
5%
0%
Interpretation
27% respondents replied that end-user computing policy is very effective however 19% respondents replied
that end-user computing policy is not effective
Q4. Effectiveness of Vendor management policy
Effecttive 40%
Neutral 12%
40%
35%
30%
Very Effective
25%
Effecttive
20% Neutral
Not Effective
15%
Not at all Effective
10%
5%
0%
Interpretation
29% respondents replied that Vendor management policy is very effective however 14% respondents replied
that Vendor management policy is not effective
Q5. Effectiveness of team of information security officer
Effecttive 42%
Neutral 09%
45%
40%
35%
10%
5%
0%
Interpretation
33% respondents replied that the team of information security officer is very effective however 12%
respondents replied that the team of information security officer is not effective
Q6. Effectiveness of Data classification policy
Effecttive 30%
Neutral 14%
35%
30%
25%
Very Effective
20% Effecttive
Neutral
15% Not Effective
Not at all Effective
10%
5%
0%
Interpretation
31% respondents replied that data classification policy is very effective however 19% respondents replied
that data classification policy is not effective.
Q7. Effectiveness of Security awareness training program
Effecttive 44%
Neutral 11%
45%
40%
35%
10%
5%
0%
Interpretation
28% respondents replied that Security awareness training program is very effective however 12%
respondents replied that Security awareness training program is not effective
Q8. Effectiveness of automation of user-provisioning
Effecttive 45%
Neutral 13%
45%
40%
35%
10%
5%
0%
Interpretation
26% respondents replied that automation of user-provisioning is very effective however 14% respondents
replied that automation of user-provisioning is not effective.
Q9. Effectiveness of employee screening process
Effecttive 39%
Neutral 12%
40%
35%
30%
Very Effective
25%
Effecttive
20% Neutral
Not Effective
15%
Not at all Effective
10%
5%
0%
Interpretation
34% respondents replied that employee screening process is very effective however 11% respondents replied
that employee screening process is not effective.
Q10. Effectiveness of data disposal procedures
Effecttive 40%
Neutral 15%
40%
35%
30%
Very Effective
25%
Effecttive
20% Neutral
Not Effective
15%
Not at all Effective
10%
5%
0%
Interpretation
32% respondents replied that data disposal procedures is very effective however 8% respondents replied that
data disposal procedures is not effective.
Q11. Effectiveness of clear office policy
Effecttive 42%
Neutral 08%
45%
40%
35%
10%
5%
0%
Interpretation
35% respondents replied that clear office policy is very effective however 9% respondents replied that clear
office policy is not effective.
Q12. Effectiveness of internal vulnerability scanning
Effecttive 48%
Neutral 10%
50%
45%
40%
35%
Very Effective
30% Effecttive
25% Neutral
Interpretation
26% respondents replied that internal vulnerability scanning is very effective however 13% respondents
replied that internal vulnerability scanning is not effective.
Q13. Effectiveness of electronic diary system for compliance checks
Effecttive 46%
Neutral 13%
50%
45%
40%
35%
Very Effective
30% Effecttive
25% Neutral
Interpretation
28% respondents replied that electronic diary system for compliance checks is very effective however 10%
respondents replied that electronic diary system for compliance checks is not effective.
Q14. Overall what will you say about the effectiveness of data and information security system at
Design and Deliver?
Effecttive 37%
Neutral 11%
40%
35%
30%
Very Effective
25%
Effecttive
20% Neutral
Not Effective
15%
Not at all Effective
10%
5%
0%
Interpretation
31% respondents replied that data and information security system is very effective however 16%
respondents replied that data and information security system is not effective.
CHAPTER-4
CONCLUSION
CONCLUSION
The BPO industry is drawing significant attention and India, by virtue of its dominance in this sector is at the
center of this attention. The shift of the Indian economy towards more service- orientation suggests that in
the long term, India will continue to be a major player in the global I.T & I.T.E.S Industry.
With the rapid growth that this industry is witnessing, PACKET-SHAPER Technologies can very well
penetrate in the area of VOIP and Bandwidth Management. Appropriate Marketing Strategies used by
PACKET-SHAPERS can ensure that the industry remains firmly on the growth path. At the end of my
research, I was able to analyze some of the key trends that will drive the future direction of the industry. I
have endeavored to highlight some of the key risks that the industry faces and will face as the industry
evolves. Also some of the corresponding risk-mitigants that service providers and companies are focusing
on; to manage the risks have been drafted. I, hope that this survey provides PACKET-SHAPER
Technologies Pvt. Ltd with a deeper understanding of the industry they operate in and acts as an important
input to potential customers.
In this review we found many examples of good practice with relatively few areas for improvement.
However, data security is a rapidly moving area and demands a process of continuous improvement.
Most employees were formally required to agree their on-going compliance with data security policies, but
several did not share their policies with third-party handlers of customer data.
Company has implemented a wide range of data leakage prevention controls. However, surprisingly few had
an inventory of information assets (i.e. what data is held, its sensitivity, who owns it etc.), and only a small
number had begun to implement data classification and protective markings.
Company has comprehensive employee vetting procedures, usually engaging an external specialist agency to
screen prospective employees. Several used World-check to enhance this process. However, only a few
performed follow-up checks, and none claimed to review social networking sites for employee suitability.
Security awareness training approaches varied greatly but the most effective used a wide variety of training
methods, delivered at regular intervals.
Company has clear desk and some clear office policies, with several performing regular spot checks to
ensure compliance with policy.
HDFC with transactional internet companying services commissioned regular penetration tests. However,
some had read-only services and these had not been tested for security vulnerabilities.
Design and Deliver performed quarterly reviews of user rights. To make the review easier for non-technical
line managers, one company had developed its own application to present the rights assignments in a
meaningful form to the reviewer for recertification.
There appeared to be good controls in place over end-user applications, with many having specific policies
governing their use. One organization had prevented relationship managers from downloading customer data
completely.
Approaches to using live data in test systems varied. One company scrambled and sanitized customer data
before using it for testing, others felt live data could be used provided user rights were equivalent to the live
system, even though test systems are usually more open to developers and third parties. The Commission
would discourage access to live data.
Design and Deliver was subject to a wide range of compliance checks and audits. However, few seemed
proactive in this area, commissioning their own control reviews and risk assessments. Instead they tended to
rely on the work of others, usually external or internal audit, whether or not it provided relevant risk
coverage. One notable exception supplemented these externally driven reviews with additional reviews
driven by the Risk department and individual business units.
Design and Deliver has begun to implement workflow applications for user provisioning. This way they
were able to leverage technology to make the joiner/leaver process more secure.
Procedures for disposal of printed and electronic media were generally good. Many combined on-site
supervision with a certificated audit trail for hardware disposal. Others removed confidential waste from
open office areas on a daily basis.
Design and Deliver performed monthly vulnerability scans on its internal servers.
Design and Deliver has an impressive diary system for driving and documenting periodic compliance
checks. The results from some of these checks, notably clear desk policy, were included in employee
performance appraisals. This was a tough but highly effective policy enforcement tool.
CHAPTER-5
SUGGESTIONS
While corresponding with various employees of the company, it was found that there were some Marketing
Strategies which when applied can help in overall development and effective functioning of the Organization
as a whole. Mainly they were:-
1. There was lack of motivation among employees in the way that there were targets offering sales
incentives which were unreachable/difficult to reach. So there is an instant need to cater to this
deficiency and more initiative should be taken on behalf of the company.
2. More promotional material should be provided for various products & services offered to BPO Industry
to make them more visible in the market, for example, Bandwidth, ISP, Minutes provided, etc.
3. There should be more awareness especially among different segments in wake of increasing competition
in IT/Telecom Industry, with competition from various new companies.
4. A proper time frame should be provided to employees regarding new launches and products, so that hey
can manage their training programs accordingly.
5. Role of sales representatives should be duly recognized and given the due respect as they are the face of
the company in the market. They should be imparted with better training especially in the case of direct
sales, as there is no structured training program for the same.
BIBLIOGRAPHY
1. Bejtlich, Richard. The Tao of Network Security Monitoring: Beyond Intrusion Detection. Addison-
Wesley, 2004.
4. Egan, Mark with Tim Mather. The Executive Guide to Information Security: Threats, Challenges, and
Solutions. Addison-Wesley, 2004.
5. Ridley, Matt. The Red Queen: Sex and the Evolution of Human Nature. Penguin, 1993.
7. Aaker, David A. Managing Brand Equity: Capitalizing on the Value of a Brand Name. New York: Free
Press, 1991.
8. Abdul-Muhmin, A.G. (2002), “Effects of suppliers' marketing program variables on industrial buyers'
relationship satisfaction and commitment”, Journal of Business and Industrial Marketing, Vol. 17 No. 7,
pp. 637-651.
9. Abramson, M. A. / Morin, Th. L. (ED.) (2006). "E-Government 2003", Boulder.
10. Accenture (2008). Customer Relationship Management: Ein Konzept für die offentliche Verwaltung.
11. Achumba, Iheanyi C. (1996). The Dynamics of Consumer Behaviour. Lagos, Nigeria: Mac-Williams
Publishers Limited.
12. Marketing Management Philip Kotler, The Millennium Edition, Prentice Hall Of India Private Limited,
New Delhi.
13. "NBK online banking customers targeted b! Phishing attacks", Arabian Business, 2008. Available at:
http://www.arabianbusiness.coml522781-nbk-onlinebanking-customers-targeted-by-phishing-attack
14. "UAE bank targeted in major phishing attacks", ITP, 2015. Available at: http://www.itp.netl579059-uae-
banktargeted-in-major-phishing-attack.
15. Computer Security Institute. 2000 Computer Crime and Security Survey, 2000 (available from
http://www.gocsi.com; accessed March 2000)
WEBSITE
1. http://designanddeliver.in/
2. http://designdesk.in/about-us/capabilities/
4. http://www.ledgroup.in/
5. www.wikipedia.com
6. www.google.com
APPENDICES
ATTENDANCE FOR STR REPORT
6
7
10
Coordinator
QUESTIONNAIRE
Q1. From how many years you have been working in Design and Deliver?
Less than 2 Years
2 to less than 4 Years
4 to less than 6 Years
More than 6 Years
Q2. Are you involved in the data and information security process at Design and Deliver?
Yes
No
Q14. Overall what will you say about the effectiveness of data and information security system at Design
and Deliver?
Very Effective
Effective
Neutral
Not Effective
Not at all Effective