Listening to customers for real -- and reaping the rewards
Irfan Khan
CTO, Sybase
All C-level officers like to say they listen to their customers. But Irfan Khan, CTO of Sybase -- just acquired by enterprise software giant SAP -- makes an occupation of it.
A 15-year veteran of the company, Khan oversees all technology offices for Sybase, including the mobile technology the company has become known for. But his most impressive recent achievements have centered on his work with a select group of 15 customers who regularly convene as the Sybase Financial Advisory Client Team, also known as the FACT Committee.
It's an elite group. While conventional wisdom says that Oracle owns the enterprise database market, a sizable chunk of Wall Street has stuck with Sybase, thanks mainly to continued technology development that specifically targets the high-end needs of financial services. And in the wake of the financial meltdown, Khan has been a busy man, because the demands of that market have grown exponentially.
"There is a humongous amount of change taking place, be it in the risk management space or even in the core infrastructure side," says Khan. Two areas where Khan has been intimately involved have been complex event processing and the evolution of extreme transactional platforms, where a sliver of time is money and the drive toward zero latency never ceases.
The FACT Committee is "a principal vehicle for driving feedback into our core engineering and R&D efforts," says Khan. "Some of the longer-term bets that we place are given a razor-sharp vision through the experience of these financial services customers." And you can be reasonably certain that close relations with top-end customers was a key part of Sybase's appeal to SAP.
--Eric Knorr
Fixing security flaws in vendor applications and browsers
Amit Klein
CTO, Trusteer
Amit Klein and his research team at secure browsing service provider Trusteer have made several groundbreaking security discoveries in the past 18 months, including the identification and deconstruction of in-session phishing attacks. This attack method bypasses strong authentication systems to steal users' login credentials after they have signed on to an online banking application or other secure Website.
Klein has worked with affected software vendors so that they could develop fixes for vulnerabilities before making the information public. In one instance, following the release by Klein's research team of a report on Adobe security flaws, Adobe changed its patching policy and mechanism to address security vulnerabilities in a timely fashion rather than waiting to include them in routine product update patches.
This development, which was the direct result of Klein's research, has tremendously benefited the industry. He and his team also work with the financial services industry to track and help shut down criminal Websites used to commit online fraud and perpetuate identity theft.
As part of that effort, Klein has developed a browser security plug-in plus service that is used by more than 50 banks, financial institutions, and other organizations to protect their customers and employees when they conduct business online. It also provides Klein and his research team with invaluable data about zero-day attacks, new malware variants and how they behave, and surgical strikes against specific financial institutions.
Solving the single sign-on challenge
Marc B. Manza
CTO, Passlogix
As Passlogix CTO, Manza has been the chief architect and implementer of the major design approaches to solve the single sign-on problem from Windows desktops to Windows, Web, Java, and mainframe applications. Manza was able to integrate C++, .Net, and Java across multiple generations of Windows to develop single sign-on technology, as well as provide an architecture for feature extension, ensure security of stored passwords, and use an infrastructure that minimizes deployment costs.
Manza has led the technical organization at Passlogix from having one application to today having seven applications, three of which came to market in the last 18 months.
Making the Internet more secure for everyone
Ram Mohan
CTO, Afilias
In 2008, the "Kaminsky bug" was highly publicized as a critical flaw (the largest security vulnerability) to the Internet's Domain Name System. Also know as cache poisoning, it allows malicious third parties to get control of the DNS communication channel between users and the Websites they are trying to reach, allowing them to redirect Web traffic to wherever they choose. Only one technology can solve the Kaminsky bug: Domain Name Security Extensions (DNSSec), which attaches cryptographic signatures to each DNS query and response. Although DNSSec is an Internet standard developed more than 15 years ago, its implementation was stalled until Public Interest Registry, a large domain registry, requested to sign the top-level .org domain it manages via DNSSec.
Ram Mohan, CTO of Afilias (PIR's technical services provider), set the strategy and architected the deployment of DNSSec at PIR allowing for all 7.5 million .org domain names to be accessed without being hijacked on the Internet. Mohan has also established a technology strategy to support the rollout of DNSSec for the other top-level domains in 10 countries, and for the global top-level domain registries that Afilias supports, which together account for more than 15 million domains. This has set a standard for DNSSec deployment worldwide. As a result, the root zone will be signed this year, and the .com and .net registries will be signed in 2011.
During the .org deployment, Mohan faced several technical hurdles. One of these has been the use of NextSecure (NSec) parameters. NSec proves nonexistence of a valid signature by responding with listings of the surrounding records. This technique allowed a privacy leak, which could have sunk the implementation of DNSSec. A revision, NSec3, avoids this by using hashes to affirm that a record does not exist, but this requires computational overhead.
Still, more than a year of internal and external testing revealed that NSec3 is a better option for top-level domain registries, where the entire zone of domains is not already publicly accessible and thus queried less frequently than the root zone. Under Mohan's leadership, Afilias rewrote technical protocols to enable the switch from the less secure NSec to the very secure NSec3 system. When Afilias signed .org, it became the first large zone to ever be signed using this technology.
Automating language localization to increase business reach
Paresh Nagda
CTO, Navman Wireless
Until 2009, Navman Wireless's OnlineAVL2 fleet tracking system was sold on three continents but only in English-speaking countries. None of the major competitors had a truly global presence, and Navman Wireless executives wanted to beat them to overseas markets with localized versions. To do that, CTO Paresh Nagda led an initiative to build a translation framework that would chop the time required to produce each localized edition from the typical four months to just two or three weeks.
By early 2010, thanks to the company's new rapid localization capabilities, 10 percent of the installed base for the company's technology was in non-English-speaking markets such as Chile, Denmark, Italy, Mexico, Taiwan, and Thailand. Key to the faster localization is that the translation framework eliminates the need to submit translation work to a development team for the build, QA for quality control, and IT staff for deployment. Instead, all these steps are automated with no need for development or IT staff involvement.
Now, translators use a Web-based tool that allows them to see all elements that need to be translated on one side and enter translated text on the other; the automation system takes it from there, creating a new build of the OnlineAVL2 software and automatically deploying it on a target test environment. The primary technical challenge was to automate the build and deployment processes.
In less than two years at Navman Wireless, Nagda has initiated and managed a number of major IT projects that have been instrumental in driving new business. In addition to the new translation system, those projects have included building tools to enable remote provisioning and troubleshooting of the in-vehicle GPS tracking device that feeds data to the Navman Wireless application.
Also, Nagda's team improved the GPS data that helps drive the company's software application; it's now possible to switch the underlying geographic information service (GIS) system depending on customer location, thus taking advantage of the strengths of various systems in assorted geographies. In the process, Nagda's team made scaling more efficient and extended the market to large enterprise customers.