Naureen Aqueel

Archive for the ‘CIO Pakistan’ Category

Published in CIO Pakistan, August 2009.

Technology continues to permeate every aspect of our lives, transforming them in previously unimaginable ways. Gone are the days when things like sports and technology were considered two different worlds poles apart. Today, technology has been used to aid in sports training, including equipments like heart rate monitors, wattmeters etc. It has also been used to enhance sporting equipment and improve the field of play. The latest kid on the block however is more revolutionary than any of its predecessors—technology has now taken over the role of the officiator, aiding and at times being accused of replacing, traditional umpires.

With the advent of innovations like Hawk-eye and other visual analysis tools, the world of sports has become so embedded with technology that now, one cannot even imagine accurate judgment without the help of these computerized systems. With the kind of competition that defines sports today, it has become essential for judges to employ accurate assessment when taking vital decisions about the outcome of actions in various tournaments and matches. Missing a slight swing, the bouncing of the ball slightly off the line, or a slight movement of the player can gravely distort an officiator’s decision-making power. Even a split second’s negligence can be fatal here. Many a time, things like the tinniest touch of the ball, movement of the foot etc are invisible to the naked eye of the umpire.

It goes without saying then that assistance technologies prove to be of immense help in such situations. Often called the “Electronic Umpire”, such analysis tools as computerized cameras recording the intricate details of the game, add a whole new dimension to accuracy in the sports. Sports decisions in today’s techno-age are no longer just accurate, they are highly accurate! Once you have the Electronic Umpire scrutinizing the actions and the audience themselves seeing the most discrete moves of the players and the ball in slow motion on their TV screens, the game has now become as fair as possible, eliminating the chance of human error or biases.

One of the most popular technologies and one that has become almost synonymous with sports technologies is the Hawk-Eye innovations. Hawk-Eye first hit the sporting arena in 2001, when it was invented by Dr. Paul Hawkins in Hampshire, UK. Dr. Hawkins who was a former Buckinghamshire player and also a PhD in artificial intelligence was the perfect person to have developed such a technology.

Known to have 99.99% accuracy, this technology can help track any kind of bounce, spin, swing and seam. Roughly half of the LBW dismissals in cricket matches of the previous year reviewed by Hawk-eye when it was first introduced were found to be faulty because in most of those, the ball was seen to have been traveling over the stumps.

How it works?
Hawk-Eye computerized systems operate on the principles of triangulation making use of visual images and timing data provided by six high-speed video cameras located at different angles around the area of play. This innovation uses technology originally used for brain surgery and missile tracking. The cameras placed at various locations throughout the area of play track the path of the ball, from the point it was released to the point where it comes to a stop.

It uses special image-processing systems, incorporating both image analysis and radar technology. Six fixed JAI monochrome cameras, with a 120 MHz frame rate are placed around the playing field and are able to track the ball’s entire trajectory.

This is updated hundred times each second and the images are then processed by software to produce a 3-D image. The system is also able to predict the future path using a parametric mode by locating the ball in 3-D and predicting the motion with a claimed accuracy of 5 mm. In addition to aiding the umpire in his decisions, Hawk-eye is also used to give a more enhanced feed to TV viewers so they can watch replays from various angles on their screens.


Hawk-Eye in Cricket
Initially beginning from Cricket, Hawk-Eye has now diversified into other sports as well. In the cricket arena, Hawk-Eye has been used in the ICC Champions Trophy in 2006 , 2007 World Cup in West Indies among others. It has successfully been implemented in countries including UK, Australia, India, South Africa, West Indies, Pakistan and Sri Lanka.

In the field of cricket, Hawk-eye has helped identify LBWs; determine whether a player is ‘in’ or ‘out’ by predicting the path of the ball and hence determining whether it would have hit the stumps. The technology also helps in generating statistics that can enhance viewers’ experiences.

Hawk-Eye in Tennis
Another popular area in which Hawk-Eye has been implemented is that of Tennis. Having been used recently in the Wimbledon finals, the U.S. and the Australian Open, and the Dubai Tennis Championships, Hawk-Eye’s officiating system again is another example of reliable and accurate decision-making in tennis.

Once again, here Hawk-Eye also uses six high-speed video cameras placed high above the court to measure the trajectory of every ball in a rally. By pinpointing the bounce of a ball to within three millimeters, the technology can measure the skid and distortion of the ball as it hits. It also helps to generate easy-to-understand statistics as in cricket in addition.

Hawk-Eye in Football
Hawk-eye’s Football system is yet another implementation of this technological innovation. In this game, the system is used to determine whether the ball has crossed the goal-line. The technology is even able to capture the ball crossing the goal line for a fraction of a second. By utilizing cameras that can operate at up to 500 frames per second, it is able to capture a ball moving at 60 mph with utmost accuracy.

Hawk-Eye in Snooker
The Hawk-Eye innovators have now developed Snooker Software which provides for accurate judgment in the game. It can show what is in a player’s line of vision when they are taking a shot as well as showing how a shot would have gone had it been played as intended. Once again, the technology provides viewers with an enhanced experience and it allows them to appreciate how difficult a shot is.

Aide or replacement?
There is an interesting theory about technology being extensions of man in that each new technological innovation extends human capabilities in some way or the other. Popular communications theorist Marshal McLuhan propounded this theory in which he emphasized that technology helps overcome human weaknesses and helps man do things that are beyond his capabilities. However, McLuhan cautioned that along with these extensions come the negative effects of technology leading to amputations in that it reduces some human functions.

Strangely, this theory stands very relevant in the context of debates in the sports arena about assistance technologies like Hawk-eye and other analysis platforms diminishing the role of the umpire and in fact making him redundant.

Where on the one hand assistance technology in sports has acted to help umpires in making troublesome decisions quickly and with complete accuracy, it has also reduced the role of the umpire who has traditionally enjoyed much power and prestige in the profession.

Studies in the UK have shown that for difficult decisions umpires have been accurate only 60% of the time, which is a very low percentage itself. Technologies like Hawk-Eye have helped in overcoming these human weaknesses that arise from the umpire not being able to notice discrete moves like a the bounce of a ball off line or the movement of a players’ foot with their naked eye.

Some umpires however have seen the advent of such technologies as leading to a reduced status of the umpire community. Assistance technologies like Hawk-Eye have been called nightmares for umpires and dreams for commentators, since they shift power, attention and focus onto the commentator.

However, this debate does not seem to lead one anywhere as these technologies are now here to stay! Seeing them as reducing the role of the traditional umpire and making them redundant may in fact be an unjust assessment as these technologies essentially ease the task of the umpires, helping them avoid major errors of judgment that come as human weaknesses. Technologies in sports have helped to make the games less dependent on human subjective judgment and have thus lowered chances of unfair results.

An edited version of this article was published in CIO Pakistan, July 2009.

The current humanitarian crisis in Swat has given the online community another chance to rise up to another round of digital activism to mobilize support for a cause. The current campaign of the Pakistani blogging community to mobilize support for the Internally Displaced Persons (IDPs) has earned accolades in the international media.

The Pakistani blogging community in the past few months joined hands to spread awareness about the plight of the IDPs and to call for action to mobilize monetary support for the refugees. Popular Pakistani blog Teeth Maestro has like always been playing a prominent role in the campaign. These bloggers or citizen journalists aim to make a difference by appealing to the national and international community for support.

The blogs have featured posts highlighting the conditions of the IDPs and those providing updates about relief operations in IDP camps. Teeth Maestro, for example, also posted links to real-time Twitter updates on the issue.

The campaign to mobilize support for the IDPs is thus not only limited to bloggers. In fact, including the new media into the picture, one can see social networking communities like Facebook, Orkut and Twitter also playing a commendable role in the campaign. Furthermore, mobile social networking platforms like Chopaal, an initiative by students of LUMS university to provide a web-based SMS service that brings together people of similar interests and keeps them updated on each others activities, is another player in the field. Chopaal set up a group called “IDP” in an effort to quicken the notification process for volunteer opportunities for its members. So, now volunteer opportunities and efforts to mobilize support for the affected citizens of Swat were there right at your finger tips. In this day and age, this leaves no chance for anyone to plead ignorance—it’s time to get out and act!

An edited version of this article was published in CSO Pakistan, July 2009.

The hi-tech digital era has opened the door to a range of possibilities and risks. Where on the one hand we have access to connectivity and easy access and management of information, the risks involved have also increased. Information is now more vulnerable to misuse as more and more of our storage systems become digitalized. In fact, most companies, bodies and institutions now store, collect and process their sensitive and confidential information on computers. The need to protect this sensitive information therefore becomes ever more important in a world where risks to information security are evolving with the same speed and frequency at which the cyberspace advances.

While Information Security (IS) is getting an increased amount of attention lately, the field is still new in Pakistan. Qazi Ahmed, founder of PakCERT is one individual working to secure the Information landscape of the country. Speaking about the awareness about Information Security among Pakistan’s enterprise community, Ahmed recounts, “When I started PakCERT back in February 2000, most organizations had no clue about security. This was mainly because most companies were not relying much on technology and so there were hardly any businesses that could understand the risk of a security breach or downtime. During 2004-2006, security became a buzzword but there was a lack of security awareness and workforce to understand and show the importance of security to the organization. Luckily, during the past two years there is an increase in people taking security as a profession and these professionals are going for industry leading certifications and trainings and thus bringing back security knowledge and showing its importance to their organizations. Security awareness now is far better than what we had back in those years but the enterprise community still needs to adopt a more practical approach leading into the right direction.”

PakCERT Security Services is an organization aiming to provide anyone the means to protect their valuable information assets by giving organizations and individuals direct access to hackers and other IT professionals not usually available for hire. The organization employs the latest exploit codes and techniques the underground has been using for years to exploit networks. It uses the same techniques to harden networks from intruder attacks.

Ahmed is the Pakistani who discovered a critical security flaw in MSN’s Hotmail/.NET Passport services in 2003. “It was April 2003 when while helping my brother reset his hotmail account, I found the hotmail password process a bit insecure and decided to test it since such vulnerability research was never made from Pakistan,” narrates Ahmed. “It took me only a couple of hours and some test email addresses along with HTTP protocol testing tools to discover two serious security vulnerabilities. First vulnerability allowed me to bypass the data of birth verification process and the second vulnerability allowed me to reset any hotmail/msn account and receive the password reset link on my own email address. I made it public in May 2003 during a press conference in Karachi and it was covered by major online and print media. It was very surprising for the rest of the world to know that a Pakistani discovered such a critical security flaw in Hotmail/.NET Passport services.”

Institutions ranging from private businesses, corporations, government bodies and the military all use computers to collect, store and process their sensitive information. Keeping in view the damage that could be incurred on the breach of any of their confidential information systems, it is vital for these intuitions to realize the importance of a proper system of information security for the protection of their valuable information assets. Information security therefore becomes vital for everyday transaction as well as to protect stored information.

With respect to the corporate enterprise, Ahmed sees many loopholes in the security landscape. He attributes this to a lack of training and a lack of awareness among IT professionals and programmers. “Organizations are relying greatly on technology solutions to run their businesses with a keen interest to adopt the latest technology trends,” says Ahmed. “Customized web applications and databases are getting common and so are interactive websites to connect employees, partners and customers and this introduces one big problem; complicated code. Programmers are not properly trained for secure programming and often leave the web application vulnerable to different attacks. At the same time, IT and IS professionals are only trained on vendor products and cannot understand the risks associated with such customized code. Organizations have focused only on external attacks but due to increase in malware, phishing scams and internal threats as well as end user mistakes companies are now trying to focus on internal security as well. Traditional security products and standards which are usually implemented as a silver bullet are failing and companies are now looking for more rigorous solutions like Vulnerability Assessment and Penetration Testing to get a feel of real attacks and see how traditional security controls can be thwarted by hackers and how such vulnerabilities can be fixed for good.”

Ahmed points out that in most local companies security often comes as an after thought and is not given the attention it deserves right from the beginning.  “Even though most companies have traditional security measures in place like antivirus, firewalls and access controls but without proper information security management and auditing, such traditional security measures do not give expected results,” he says. “Most of the time good security practice is an afterthought and sometimes good security practice is taken as a temporary attempt to patch a vulnerability till they get hit by the next one. There are organizations which are very serious about protecting their information assets but are lost in the technology jargons, standards and vendor products. Organizations need to understand that products and standards provide a minimum baseline and not a fool proof security environment. I have worked with many clients some of which had a good layered approach in terms of security with antivirus, firewalls, IDS, VPN, and different IS standards in place to protect their information assets but they lacked proper understanding of technical attacks and were still vulnerable. It is indeed scary but I would share that I still boast of a 100% penetration rate and yes, this means that every organization for which I performed a Penetration Test had a critical security vulnerability leading to a compromise!”

In such an alarming scenario, Ahmed quite rightly stresses the need for proper and separate arrangement for IS in local companies. Most organizations in the country tend to couple budgets together and work for both IT and IS departments. Ahmed strongly disagrees to such practices. “Coupling budgets and work for IT and IS departments would hamper the functionality and priorities of IS department,” he explains. “Just like CFI/CIO/CTO, the IS department should be headed by a CSO/CISO aligning the scope of Information Security with the rest of the business functions with separate budget and work force.”

One of the most common mistakes that organizations make in terms of their security policy and execution according to Ahmed is neglecting the importance of end users. “Organizations neglect the importance of end user when creating security policies,” he points out. “Often it’s the weakest link which breaks the overall information security chain. End user education regarding security awareness is very important. End user is bound to make the same or new mistake again unless the organization regularly conducts security awareness programs to show the role and responsibilities of end users. The security policy is not much of use if it is not aligned with organization’s business practices or if end users are not included as part of the overall security program. At the same time IT and IS professionals must also be properly trained to understand and safeguard against latest attacks. All security controls need customization and fine tuning but are usually implemented out of the box which leaves the organization vulnerable to attacks. I have witnessed organizations having security policies which are only there to get in compliance with some standard and the end users are not even aware about the existence of such policies.”

Yet, the IS scenario in the country is not as bleak as it appears. Describing some noteworthy trends in the field Ahmed shares, “Antivirus and firewalls are a default now and organizations are now moving to IDS/IPS with antivirus engines and spam filters all as a single box solution. Use of NAC (Network Access Control) is also on the rise. The latest trends include compliance with different standards including ISO27001, COBIT, ITIL and even PCI-DSS. Most of the companies are now encouraging their IT and IS staff to enroll in vendor neutral security trainings and write industry leading certification exams like CISSP, CISM and CEH to name a few. Penetration Testing is the new buzzword and companies are realizing its importance and making it mandatory to have their information systems tested at least once a year.”

Cloud computing is a new trend gaining sway in the IT scenario of the country. The great deal of hype about this new technology has caught many Pakistani enterprises in its midst. Shedding light on this new trend Ahmed cautions, “Organizations need to decide how much data they are ready to share with a third party and how much control they would have on the shared data. Economic aspects might make sense but what if the remote server crashes without a backup or the service provider simply bankrupts. These problems are not fiction but several companies have been through such issues with even a greater financial loss as compared to hosting their own applications. A cost benefit analysis is a good area to begin with.”

Ahmed describes the main difference between traditional networks and cloud computing in terms of security issues when using services and applications as the fact that businesses using cloud computing share data with a third party and have to rely on their security controls. “Every time your employees initiate a connection, they are transferring authentication information as well as company data on the internet. During normal circumstances, companies are in charge of their own security but in cloud computing, you need to rely on your vendor. Moving your business to cloud computing means relying and trusting on the whole communication link starting from your employee on the terminal to your vendor hosting applications”

Cloud computing changes the traditional definition of “sharing resources” as it no longer allows as much control of where and with whom the platform of the resource may be shared. This is because the entire foundation of Cloud computing is on the economics of where an app resides and how many other people share the app location with you when it is requested by you. According to Ahmed this involves fundamental security risks. However, he points out that organizations are already sharing their data with third parties by using Google Apps/Gmail for their corporate emails, third party hosting providers for websites, ISPs for internet access and VPNs, different companies for managed services. “You can take certain steps before selecting a vendor,” he advises. “Make sure the vendor is financially strong, already have some good customers, performs regular backups and provides enough resources (bandwidth, processing power, disk space). Vendor should have good security controls in place because as a client you will not be in charge of security on the remote server and you need to rely and trust the security controls put in place by your vendor. Another important point is to make sure that the application and database are portable. What if you lost network access and want to use the backup locally? or what if you decide to change the vendor altogether? You should know how much you are ready to risk, just in case.”

Ahmed is however quick to point out that despite all the advancements in terms of IS, security is not a product but an ongoing process. As new methods to breach security come up each day, there is also a need to develop new methods to combat them. “Despite all the good marketing by every vendor claiming to produce the next big thing, organizations must understand that there is no silver bullet when it comes to security,” he says. “Organizations need a continuous plan to monitor, secure and control their information assets. Having all the standards, security software and hardware in place, the internet is still witnessing worms like Confiker. It is time we realize the importance of security awareness for end users and hands-on vendor neutral trainings for IT and IS professionals so they understand the threats before evaluation a solution.”

With new IS threats evolving each day, it is vital that institutions realize the importance of protecting their information systems and take appropriate measures in time to prevent their information from falling into the wrong hands. For this, IS should be given the attention it deserves by aligning this system with a separate budget and workforce with the needed training, awareness and innovation skill.

An edited version of this article was published in CIO Pakistan

Pakistan recently made the headlines when Google recently made it known to the public that Pakistan had topped its Google Map’s experiment evident in the speed with which it had populated itself on Google’s Map Maker. Among the 160 countries simultaneously availing the global search leader’s experiment that started in June 2008, Pakistanis were able to post the greatest amount of localized information about their country.

Google maps is a Google service that was launched on 23rd June, 2008 aiming to provide powerful, user-friendly mapping technology and local business information for various countries. Speaking to CIO Pakistan, Creator of Google Map Maker, Lalit Katragadda outlines the basic idea behind Google Map Maker: “The greatest need for people coming online was for local information, and the biggest shortfall that Google or any other online information systems had was the lack of local data that obviously requires great map data. The idea behind Map Maker was to meet this need. We thought that if people know where they live and we provide them with the right tools, they could make maps out of it.”

Katragadda shares that Google Map Maker launched with some countries that were completely blank and had no information about them. Pakistan was one of them, yet it made the most “astonishing progress among all other countries”. He says that they were pleasantly surprised to see that within a month that Lahore, Karachi and Islamabad were mapped to the extent that you could recognize the cities, see the major neghbourhoods and major points of interest and so on.

“People are now putting in much richer quality of data so that you can now get directions to places in Pakistan and to various points of interest and also search for businesses etc,” says Katragadda. The quantity and quality of mapping information provided by Pakistani users enabled Google to post Pakistan on the Google maps early this week. Users have not only mapped the major cities but also the smaller cities in Pakistan.

When this experiment waslaunched however, Google did very little publicity. The launch of Google Map Maker was posted only on one blog post, the rest of the spread of the news among Pakistani web users was made through the viral buzz. “In three to four days, there were posts about this on Pakistani blogs and then the community took over,” recounts Katragadda.

Behind Map Maker is the idea that the community would take ownership not only for mapping out its country on the service, but also for moderating the other information that was being made available through the service. “The responsibility part is almost natural because you have sense of ownership of the city you are in.

“Google’s mission is to organize all the world’s information and make it universally accessible and useful, explains Katragadda. “It aims to make the information useful not just for the big businesses but also for the small businesses, not just for people who are internet savvy but for everyone. One of the goals of Map Maker is to actually democratize this information. For example, one of our engineers noticed that there is this pan shop in Karachi that one of the Pakistani users had added. The person whose shop has been added does not know about the internet or what Google is, but they have benefited from it because users can now discover them through Google and on the web.”

Google has released API’s (Application Programming Interface) which allow users to develop new content on the maps and to develop intelligent applications to benefit the community at large. “People have made amazing applications from it, everything from water sources–NGOs have mapped water sources where there is water scarcity—to mapping out which area has how many schools and how many teachers etc.”

Having put up the maps, Katragadda voices his anticipation to see what kind of interesting applications local developers can now come up with to take it to the next level.

An edited version of this article was published in CIO Pakistan magazine, July 2009.

Companies in our country face a dearth of information resources to form the base for effective decision-making concerning business issues. Few, if any, companies exist that provide such services to businesses. Those that do, however, either charge exorbitant fees for such services or conduct them on such large scales that do not apply to small businesses.

Instead of getting this done by other companies, it is much more cost-effective and efficient if companies conduct such surveys themselves. With the advent of web 2.0 technologies and the introduction of SAAS (Software as a Service) and other online survey services, surveys are no longer as difficult as they used to be.

Before these services were made available, surveys had to be typed, printed, dispatched and the results manually fed into the computer for it to be tabulated on Excel or other softwares. However, with the advent of services like Google docs forms and websites offering online survey facilities, research has become very easy. These websites enable anyone to create professsional surveys quickly and easily.

Gone are the days when questions had to be typed and printed with hundreds of questionnaires being manually administered to respondents across the population, now all you need to do is create a survey on google docs or an online survey website, submit the link to a website, social network etc or mail it to your respondents and have the responses coming in to you with basic compilation and tabulations done for you by the softwares. Online survey websites similarly compile the results for you and show you the percentage of responses against each item in the questionnaire.

Most websites also give you the option of selecting from a number of different types of questions.  You can select from multiple choice questions, ranking scales etc. This gives respondents the ease of answering questions quickly and conveniently and increases the response rate.

Many websites allow users to avail online survey facilities for free, the need being only to create an account on the website Once registered on the website, you can then go on to design your survey. Some websites also offer the option of customizing the creative style element of your survey by uploading your logo, using themes etc. You can then send your survey via e-mail or post it on your blog or any social networking websites. Analysis tools including graphs, charts, spreadsheets etc can then be used to analyze the results of the survey.

Small businesses, including for example eateries and restaurants across the city can benefit from such services by providing their customers with the link to their online surveys in the receipts instead of having them fill feedback forms. This can provide a steady flow of feedback allowing companies to align their services in accordance with customer demand.

However, these services do not come without their limitations. In online surveys, the respondents are limited to those customers who use the internet and actually go through the trouble of responding to such surveys online. Thus, these services are more useful to companies whose customers are regular netizens and therefore would be able to respond to such surveys.

Nonetheless, with the internet population growing day by day, online surveys have become effective medium of companies obtaining the much needed feedback from customers to form the basis of corporate plans and decision-making. They are not only cheap; but quick as well and provide the user with data in its complete form, compiled and tabulated, saving users the hassle of having to compile and tabulate information from hundreds of printed forms.

Some websites that offer free online surveys include:


Other websites that offer these services for a fee include:


An edited version of this article was published in CIO Pakistan magazine, July 2009.

With cellular subscribers increasing in number by leaps and bounds, it appears we are entering a new age. Cellular phones which were once a luxury that were out of the reach of many, have now become a necessity with the result that today just about everyone, be it the carpenter or the bus conductor, has a cellphone serving as a vital tool helping them in their business.

Pakistan’s cellular subscriber base has increased by over one million customers in the month of May alone. Cellphone subscribers have grown by 1.16 million within May 2009, adding to the overall users’ base by 1.3 percent. The growth has resulted from the ferocious sales campaigns launched by cellular companies in the country.

According to figures released by Pakistan Telecommunication Authority (PTA), this a rise in total subscribers is for the fifth consecutive month, with the subscriber base having risen to 93.1 million now.

Mobilink has shown the greatest rise in subscribers base in the month of May rising by an impressive 0.43 million additions. Mobilink is followed closely by Telenor which also added an impressive 0.374 million. Warid, Ufone and Zong come after that. 

Today, Mobilink has the largest subscriber base in the country with 28.81 million subscribers, after that come Telenor with 20.48 million users and Ufone with 19.85 million. Warid and Zong have17.65 million and 6.263 million connections respectively.

Mobile phone penetration has increased rapidly in the country over the years. According to World Bank reports half of Pakistanis including women have access to a cell phone together with rural areas (two-thirds in urban areas). WB reports that while more than 86 percent of men have their own cell phone, 40 percent of women do.

Pakistan had aimed to achieve 110 million subscribers  by the year 2010, however, in May 2009, PTA chairman had revealed that the overall slowdown in economic progress around the globe has affected the achievement of this target so far. Recent successes may however create hope for meeting the target if things go the same way.

An edited version of this article was published in CIO Pakistan magazine, July 2009.

Just how important SMS (Short Messaging Service) is to our youth was revealed when the government announced 20-paisa tax per SMS in the budget for the new financial year 2009-2010. There was an uproar among the youth of the country when the government announced its decision to levy a tax on SMS, responding to which cellular companies said they would have to withdraw their discount packages from July 1. 

SMS is one of the most popular past times among the youth, not to mention an integral means of remaining in touch and communicating with peers, fellow students and work colleagues. It is no surprise then that our youth was outraged when the government announced 20-paisa tax per SMS. Youth took to the streets in Lahore to protest against the decision, and cellular companies also registered their concern with the respective quarters through the PTA. Protests were also doing the rounds in chain SMS messages and in cyberspace. The protests proved successful when the government announced that it was withdrawing the decision to tax SMS due to the huge demand from the youth. Hats off to the youth!

An edited version of this article was published in CIO Pakistan magazine, July 2009.

Competition between brands can take to wars in ad campaigns, with each company coming up with ads to counter and hit back at the other. Almost every reader who is even a minimal netizen will understand what is being referred to in the context of the recent ad war between two of Pakistan’s top telecom companies.

Termed as ‘Ufone and Zong’s Cold War’ across forums in cyberspace, this counter ad campaign at first by Ufone, and then Zong, employed viral marketing techniques, spreading like wildfire through social networks like Facebook, Digg and Twitter.

Originally posted on YouTube, the Ufone reply to Zong’s ad campaign proved very popular with people enjoying a good laugh as it was posted across profiles on Facebook and through Twitter, Digg and various other blogs. No sooner did the popularity of that ad increase, did Zong come up with its own response and that too a viral one, originally posted on YouTube.

If anything, this campaign added a new dimension to advertising—all you need is creativity (though some may differ) and you can have a low cost ad spread through the cyberdom, reaching and entertaining audiences, without ever having to air it on mainstream TV channels.

Published in CIO Pakistan magazine July 2009.

With the ongoing global financial crisis reducing investor confidence in the capital markets, the need for secure depository services that can support an effective capital market system becomes ever more pronounced. Such services play a role in attracting institutional and retail level investors from within the country as well as abroad by ensuring confidence in the country’s ability to support an effective capital market system.

Central Depository Company (CDC) plays this role within Pakistan. Being Pakistan’s only depository company, CDC is the sole entity handling the paperless electronic settlement of transactions carried out at all three stock exchanges of the country. CDC provides services to a wide range of capital market participants in the country including Brokers, Asset Management Companies, Banks, Corporate and General RetailInvestors. It also provides the service of linking up the Issuers and Registrars of Securities for the purpose of executing corporate actions such as the disbursement of bonuses, dividends, new issues and right shares and carrying out mergers and splits.

The CIO of CDC Pakistan, Syed Asif  Shah, who has been working with the company in various capacities for the last 12 years, describes CDC as a technology-driven business. “The very idea of CDC is based on technology,” says Asif. “It runs an electronic book entry service to facilitate the conversion of paper shares into electronic entries, recording of ownership, transfers, pledge and various corporate actions. Of course, without an electronic depository, the phenomenal growth of the Pakistani capital market in the last decade simply would not have been possible.” A process of shares transfer which used to take up to 45 days, has been brought down to a matter of seconds by the CDC, not only increasing efficiency, but also the volume of shares that can be traded on the stock exchanges across the country.

The very nature of the CDC perhaps makes it a strong technology company sitting at the heart of Pakistan’s financial ecosystem.

Enabling the efficient transaction of a commodity which eventually fuels the economic progress, the CDC has a critical role to play in the speed at which it works. After all, settling 98% of all trade transactions across the three main stock exchanges of Pakistan is a serious business!

“There was a time when trading in the stock market had to be closed for days because of settlement of a few million shares. With the depository in place, we have seen settlement of over a billion shares in a single day without affecting trading at all. The risk management system of stock exchanges heavily utilizes the instant transfer of shares in the depository from brokers to exchanges to serve as collateral for trading thus allowing huge volumes to be traded on a daily basis. The corporate action benefits such as bonus etc are passed on to the investors instantly. There is no longer the issue of fake or duplicate shares for all those securities which are now in book entry form.”

With the implementation of the Central Depository System (CDS), all issues relating to the physical handling of the securities were successfully eliminated. These included delays in transfer, capacity issues, forgeries and other discrepancies.

Track Back
CDC initiated its operations in 1997 when the then parliament passed the CDC Act. The Board of Directors and the management of the CDC working along with an IBM-led consortium successfully managed to develop the CDS. “We started with just one security right in the beginning. Over the period, with the increased confidence of the users and the management, we kept on adding securities to the system and today, 98% of all the settlements of the Stock Exchanges in Karachi, Lahore and Islamabad, take place through the depository system. The technology they used initially was based on a third generation relational database management system and application server. Later, the CDC in-house rewrote and transformed the entire system into a more broad-based technology.” The CDC project was part of an overall capital market reform program funded by the Asian Development Bank.

The capital markets in Pakistan have seen both good and bad days, like anywhere else in the world. Today, according to Asif Shah, world stock markets, with a few notable exceptions, are down by average 30% or more as compared to the previous year. “In Pakistan, we have seen the worst situation, perhaps after May 1998 nuclear tests where the KSE-100 index was as  low as 880 in June  1998; and the best in April 2008, where the KSE-100 index was at 15,676 points.

Now as of March 30, 2009 the market capitalization at KSE stood at 26.04 billion USDs while a little over a year back on Feb 29, 2008 it was 73.9 billion USDs. The good news is that in 2009 MSCI Emerging Markets indexes Pakistan is on top of the list of Best Performing Markets as of Feb 27, 2009.”

Asif Shah is of the opinion that the last decade has been the best in the country in terms of capital market institutional development. Referring to various developments taken at the SECP, CDC, NCC and the Mutual Fund Industry, he talks about human and technological capabilities which have advanced enormously leading to much mature systems with a high degree of Straight Through Processing. The CDC has helped not only protect, but also improve the performance of Pakistan’s capital markets. The computerization of the system with the set up of the CDC helped to improve the integrity of stock trading by reducing forgeries, duplicate shares and other pitfalls of a manual system.

“Prior to CDC, there was only a paper-shares settlement system which, besides having various risks including fake and duplicate shares, was also inefficient as a manual system catering to large volumes could be. Today, a safe and secure transfer takes place at a mouse click. The concept of an electronic depository was nothing new in the world but having it implemented in an environment where physical possession means a lot, was a great achievement. With complete transparency, the initiative has been a major success not only in terms of an innovative business model, but it has also established a great deal of trust in technology itself.” Besides a depository system, the CDC was also very instrumental in establishing the National Clearing & Settlement system as it not only developed it but also ran it successfully for seven years when it was smoothly transferred to a separate entity called National Clearing Company.

It goes without saying that technology would be the lifeline of any such depository company. CDC’s very existence is based on technology. It has been there from the very beginning and has been steadily advancing in its operations, both driving and being driven by the company. “Over the years CDC has invested heavily in various different technology areas be it security, application server platforms, RDBMS, servers, storage, two factor authentication, enterprise IT management system and above all in its staff skill development,” informs Asif Shah. “CDC is among the very few companies in Pakistan to invest very early in establishing a complete DR facility which has progressively been transformed into a very mature Business Continuity Program. CDC is no longer a depository only company rather its one of the largest private sector Trustee & Custodial Services provider to the Mutual Fund industry of Pakistan.

It has recently started the Shares Registrar & Transfer Agent Services and is attracting prestigious clients.”

Driving Innovation

So how has CDC been a driver of technological advancements? Experience and consistency. It has not only been a customer to large IT companies for hardware and infrastructure software, but it has also been using its own in-house software team, who have been instrumental in developing its core business  applications right from the scratch. “CDC has 30+ people in its software team which is the average size of a typical software house in Pakistan,” says Asif Shah. “I think it is a very big achievement that we are keeping that aspect of IT along with the IT Operations and Information Security functions. We are also one of the largest customers of two-factor authentication in Pakistan. As we always take security very seriously.”

“The core systems used by CDC have all been developed in house. Among the major milestones are very early full-fledged DR facility initiative and its transformation into a formal business continuity program, complete platform migration of CDS, development &  implementation of NCSS and successful execution of its IT operations for seven years, setup of information security program, implementation of enterprise IT management system etc.”

If you want to bring about a real change, you have to alter the core operation. Just talking about change will not allow your organization to experience any tangible progress. But if you introduce a practice or efficiency at the core, it is possible to have the practice replicated throughout the vertical. The only way to bring in efficiency in the economy, is to ensure that there transfer of funds is fluid enough to match the pace of advancing businesses. And where you have operational efficiency, you also need to have adequate system of checks-and-balances is also in place, which ultimately yields transparency and accountability.

Ensuring the integrity of shares is a top concern of any depository company. The CDC tries to ensure this integrity by means of a variety of security measures. “CDC has taken a variety of different measures to ensure maximum security and stringent verification steps,” says the CIO.

“Besides various technology and physical security elements including encryption, firewall, intrusion prevention, two factor authentication, surveillance, fire suppression, access control systems; special attention has also been paid to segregation of duties and logging & review of administrative activities, a strong and continuous IT audit program, a dedicated information security team, staff trainings, replica DR setup and a very strong Business Continuity Program.”  So not only is the CDC taking measures any other financial institution takes, it also makes special effort to ensure maximum security of financial assets.

Elaborating on this Asif Shah says, “What we are doing over and above what other good companies are doing is that we have a continuous IT audit program which is run independently by the audit department, and the chief internal auditor as part of good governance, reports directly to the audit committee of the board. Besides penetration tests etc, there is an annual systems review done by a reputed third part audit firm and the complete report is presented to the SECP. The board of directors thru the audit committee keeps a strict watch over us, and the audit department has IT trained people to help them do that. Additionally, we have an Information Security program that is separate from the core IT Operations and Application Development functions. This function is headed by a CISO who along with his team works hand in hand to improve the overall Information Security posture. We have implemented a very strong Business Continuity Program. I must say that we were one of the few companies who have established a complete DR capacity that is regularly tested for its effectiveness.”

With the implementation of an enterprise IT management system especially the Security Operations Centre which has helped the collection, correlation and review of the various administrative activity logs at a single location without any tempering CDC has been able to automate a system that would have otherwise been impossible to review manually.

As CIO at CDC, Asif Shah has a range of responsibilities. “The CIO title is a recent phenomenon in Pakistan,” he comments. “Earlier in a lot of places a somewhat similar role was performed by Head of IT which you can now call a CTO. So, for all practical purposes, CDC always had a CIO. One of the biggest advantages in working for CDC is that under the guidance of its board of directors the entire senior management including CEO and other executives are very much IT savvy and they take active part in all major decision-making affecting the business. I have never had to face a situation that is typically witnessed in other places in the financial industry where business and IT appear to be overshadowing each other resulting in the overall loss to the institution itself.”
Aligning the goals of the department to the larger picture is critical to the success of any organization. Asif Shah reiterates this. “We are a very small company with coherent teams working side by side with the business.” The buy in, as so many CIOs share, is critical to the momentum and long term sustainability of the business.

Speaking about the challenges he and his company have faced, Asif Shah says, “One of the challenges has been to ensure the successful continuation of CDC operations while we continue to lose some of the best IT talent to global markets, even in the periods of economic recession. However, I believe the biggest challenge is to ensure that we continue to maintain the trust of business by proving that the sole purpose of technology is to create more value to them and to build a strong IT team that takes pride in this value creation process. Speaking about the progress in technology Asif was of the view that “As such, the fundamentals don’t change; it’s the means that keep on improving. With each technology improvement there must be more business value for its stake holders. As long as the technology business value relationship remains at par, I see progress.”

Regarding the role of a CIO, Asif Shah was of the opinion that a CIO should be a strategic business leader, with outstanding working relationships, accountability and authority over all aspects of IT within the company. He/she should have a technology background along with business experience and he/she should be measured according to the contribution that IT makes towards achieving the company’s strategic goals. Though he also pointed that to some extent being a CIO continues to be a hands-on job.

And that one should be ready to roll up his sleeves and dig into problems.

On innovation, he was of view that though it is a pretty subjective word and can be twisted to any shape or form, broadly speaking, any improvement that delivers a business benefit fits its definition. He strongly pointed that, “Nothing ruins your credibility faster than a business idea full of holes.” So always do your homework. Get some feedback before you start shopping your innovative ideas around.

Value Add
Every CIO has a collection of advice and tips that he has saved in the reservoir of his experience. Here is Asif’s list of thoughts on innovation based on his own experience and practices being prevalent at some of the most successful companies:

˜Innovation has less to do with the latest technology and more with those capabilities of the IT  organization that makes it agile  enough to respond to changing  business needs quickly and efficiently.

˜Most innovation begin not start by  asking “Here’s a technology, what we can do with it?” Rather it should  say, I’ve got a big problem I have to solve it.”

˜Innovation should be small, manageable  and a core part of the IT  organization.

˜Innovation should be outside-in  as they say “You can’t read the label when you are sitting inside the jar.” Go out with your customers and parallel industry to seek new andbetter ways of doing things.

˜Rather than depending only on the  corporate R&D function, small but cross functional teams are  becoming key to driving industry- changing products and services.

˜Social Media is increasingly rising  as an effective innovation tool. So there is much more than just collecting friends on Facebook or  followers on Twitter as online  communities can often act as a  perfect place to find and test new ideas.

˜Trust breeds innovation and communication breeds trust. So  establishing a formal     communication program to build credibility helps a lot.

˜Constraint is also a very good catalyst for innovation. So when money and resources are constrained, new and creative ideas to solve problems start flowing.

An edited version of this article was published in CIO Pakistan magazine, July 2009.

Twitter has provided a new forum in cyberspace to draw attention to a cause or event. The most recent case in point relating to Pakistan was the Twenty20 World Cup Finals when Pakistan Cricket made it to the trending topics on Twitter, the term used to describe the ten most talked about topics on the network.

In a patriotic attempt to draw attention to Pakistan to uplift the morale of Pakistanis and make a global impact, a group of digital activists launched an e-rally to support their national team in the Twenty20 finals. To make a topic a trending topic enough people must mention a certain keyword in their tweets enough times for it to feature on the Twitter home page trending topics.

By launching an e-rally across cyberspace motivating people to include the hashtag “#PakCricket” in their tweets, this community of digital activists was able to bring Pakistan Cricket on the list of the 10 most discussed topics on Twitter. Pakistan Cricket drew the attention of millions of people across the world by reaching their Twitter home pages. It was truly a reflection of the power of online activism.

Twitter has become a forum for cyber activism of sorts. Not only does it help draw attention to a certain issue, it also helps keep people informed about happenings within their own city and on their own streets! Examples of live twitter updates at times of crisis and violence in the city abound. Twitter has also become one of the most popular mediums for distributing information about protests. Iran is a particular case in point. When US State Department asked Twitter to delay a scheduled maintenance so that the line of communication between Iran and the rest of the world would remain open and the State Department could follow Iran election news, the world saw how much power a social network like Twitter could wield.

Twitter has also become a vital source for information on trends, happenings and opinions for the mainstream news media. In fact, courtesy its speed and always-on nature, Twitter has become a tool for reporters to source breaking news. One example of Twitter breaking news is when Twitter broke the news of a small earthquake in Mexico in 2007. Besides that, Twitter has been the basis of a steady stream of breaking news on Iran in present times, as netizens try to waiver the strict media restrictions in the country.

Twitter has pretty much become a revolution in communication as it steps up to fill gaps where the traditional media is unable to function.

My portfolio

This website is a collection of my published and unpublished articles.

Blog Stats

  • 19,691 hits

Twitter Updates

  • RT @hidrees: Pakistan’s handling of the pandemic is remarkable and the fact that we don’t talk about it is puzzling. 🇵🇰 ~200M is at 10k dea… 1 week ago
  • RT @balkissoon: Never forget that 2020 was the year that Black, Indigenous and otherwise racialized journalists in Canada stopped whisperin… 2 weeks ago
  • RT @fatimabsyed: Lately I've been fielding one question repeatedly from student/emerging journalists: "How do you stay motivated to keep… 1 year ago
  • RT @jwsthomson: @fatimabsyed You get to ask anyone anything. The world is your library. 1 year ago
  • RT @cailynnk: @fatimabsyed As someone who has recently returned to full-time freelancing from a non-journalism job, I have many thoughts.… 1 year ago
January 2021