CIO gets busy as Qantas embraces BYO

Status
Not open for further replies.
Very interesting overall article actually - I am keen to see where BYO tech will go - if I could provide my own laptop I would and would be more efficient...
 
Very interesting article. I can see this working for Qantas, I've seen a lot of workplaces that now fully support BYO device, including my own workplace.

We have just rolled out on demand cloud computing. Anybody can remotely connect in, and have full access to the required programs and network access. This includes access from iPhones and iPads.

This makes working on the go, especially form low powered devices, much easier.
 
How do you manage security concerns? That is our biggest issue - being able to get info onto a device but being able to control that info if the device is lost...
 
BYO tech is an interesting idea, but from a support and licensing point of view I'm not sold on the idea...
The savings made in the IT budget by not providing everyone with their own IT hardware and (licensed) software could easily equate to far more helpdesk time for staff.

Plus considering that a good proportion of software on personal machines is pirate, how will that translate when using the machine for business purposes? Software vendors don't tend to go after software pirates using illegal software for personal use, if however the software is used for business purposes (or if the illegal software is installed on a machine used for business purposes) it's a whole new ball game.

(As a side note, I'm working on a project which is moving people from BYO hardware back to corporate issued hardware as the support costs where just too high under the BYO model)
 
Score 10,000 Bonus PayRewards Points on your business spend!*
Elevate your business spending to first-class rewards! Sign up today with code AFF10 and process over $10,000 in business expenses within your first 30 days to unlock 10,000 Bonus PayRewards Points.
Join 30,000+ savvy business owners who:

✅ Pay suppliers who don’t accept Amex
✅ Max out credit card rewards—even on government payments
✅ Earn & transfer PayRewards Points to 10+ airline & hotel partners

Start earning today!
- Pay suppliers who don’t take Amex
- Max out credit card rewards—even on government payments
- Earn & Transfer PayRewards Points to 8+ top airline & hotel partners

AFF Supporters can remove this and all advertisements

simongr said:
How do you manage security concerns? That is our biggest issue - being able to get info onto a device but being able to control that info if the device is lost...
Click to expand...

There are ways to deal with security, including using a citrix or terminal server setup, so the data never really leaves the server, just screenshots go across. There is also encryption options available which can encrypt and decrypt data on the fly, as well as Virtual Machine options to separate the work environment from the personal device.

Of course a spyware type application can bypass some of those security measures.
 
harvyk said:
Plus considering that a good proportion of software on personal machines is pirate, how will that translate when using the machine for business purposes? Software vendors don't tend to go after software pirates using illegal software for personal use, if however the software is used for business purposes (or if the illegal software is installed on a machine used for business purposes) it's a whole new ball game.
Click to expand...

Wouldnt you just install a separate Corporate partition with your own environment set up so that essentially all the person is bringing is some hard drive space and processing power?
 
harvyk said:
There are ways to deal with security, including using a citrix or terminal server setup, so the data never really leaves the server, just screenshots go across. There is also encryption options available which can encrypt and decrypt data on the fly, as well as Virtual Machine options to separate the work environment from the personal device.

Of course a spyware type application can bypass some of those security measures.
Click to expand...

That's exactley how we do it, virtual boxes that you remoteley connect to. Works well, and from a sercurity point of view. It's sound.

On top of this, laptops have to have passwords on them.

iOS devices are great to work with, from an IT perspective. We have our own profile that needs to be installed on an iOS device before it can connect to the network. This sets up, Exchange E-Mail, Calendar & Contact Access, as well as WPA Enterprise wireless settings. All the user needs to do is enter their Username and Password once and the rest is all set up.

Exchange allows us to remotley wipe iOS devices, as well as using locatoin services to find them. We make it an exchagne policy that passwords are mandatory for access to the network.
 
LiamR said:
On top of this, laptops have to have passwords on them.
Click to expand...

Do the laptops have any additional encryption with that password or just windows passwords?


LiamR said:
iOS devices are great to work with, from an IT perspective. We have our own profile that needs to be installed on an iOS device before it can connect to the network. This sets up, Exchange E-Mail, Calendar & Contact Access, as well as WPA Enterprise wireless settings. All the user needs to do is enter their Username and Password once and the rest is all set up.

Exchange allows us to remotley wipe iOS devices, as well as using locatoin services to find them. We make it an exchagne policy that passwords are mandatory for access to the network.
Click to expand...

iOS is a pain to write and release software for, but fairly secure as a corp OS...
 
simongr said:
Wouldnt you just install a separate Corporate partition with your own environment set up so that essentially all the person is bringing is some hard drive space and processing power?
Click to expand...

The more common way if not going to use the machine directly is by installing a virtual machine on top. It does create it's own environment which is entirely contained in a couple of files sitting on the host computer.

The issue however is around software licensing which is based on physical machine if it's being breached and virtual machine when it comes to purchasing licenses. Using a machine for work purposes which has illegal software could open a legal minefield for companies as the company would have to prove that at no point in time where they aware that there was illegal software installed on the machine, and at no point in time did any work created on that machine use the illegal software.

Whilst one could argue that the employee previously took work home on a USB key and then used say an illegal copy of word to modify that document, without the companies knowledge, the employee was not using a company sanctioned machine.
 
harvyk said:
The more common way if not going to use the machine directly is by installing a virtual machine on top. It does create it's own environment which is entirely contained in a couple of files sitting on the host computer.

The issue however is around software licensing which is based on physical machine if it's being breached and virtual machine when it comes to purchasing licenses. Using a machine for work purposes which has illegal software could open a legal minefield for companies as the company would have to prove that at no point in time where they aware that there was illegal software installed on the machine, and at no point in time did any work created on that machine use the illegal software.

Whilst one could argue that the employee previously took work home on a USB key and then used say an illegal copy of word to modify that document, without the companies knowledge, the employee was not using a company sanctioned machine.
Click to expand...
harvyk said:
Do the laptops have any additional encryption with that password or just windows passwords?




iOS is a pain to write and release software for, but fairly secure as a corp OS...
Click to expand...


Yes - Just windows password. For personal computers, it can be any sort of personal account. For work machines it's standard windows domain login procedures.

We use remote desktop connection, so works on any modern windows computer all we send out is a configuration file, which they open. Pop in their username and password. This will remotely connect to their virtual box in the cloud, hosted by our servers. Think of it as your own computer. You can change your desktop picture re-arrange your icons ect ect.

You need very little power to do use this, as all the processing is on demand. This has the added benefit of being very secure. As no data is stores on the device, as an extra level we keep a record of mac addresses so if somebody does loose their laptop we add that mac address to out 'no incoming connections list'

The favourite feature by our road warriors, is the fact you don't need your own laptop. If remote desktop connection is installed, they can open it, type in the connection address, credentials and you have access to your personal computer in the cloud.

This is particularly useful, if say, you are travelling and your laptop dies. You can jump onto a computer in an airport lounge, or hotel business room and in less than 30 seconds you are into your personal computer in the sky. All your applications are accessible from anywhere, no new software needs to be installed.

We have token authentication for non-network computers logging in for the first time, users recover a text with a code and insert the code before access is granted.

Any problems with their virtual box? Tap a button and restore it to the original state.

Only downside is you need decent bandwidth to get it to work. Wifi in the virgin lounges and 3G signal is fine. But bad coverage or the Qantas Club Wifi? Forget it.
 
Byo hardware is a nightmare. I bet qf don't implement it.

And ipads are not ready as a corporate device. They are an exec toy. The number of cludgy workarounds you have to put in place are ridiculous. Apple doesn't care... in fact the techs laugh when u point out the issues.
 
Mal - how exactly are they executive toys any more than a blackberry with more functionality?

You can do pretty much everything you need to do as a manager/exec given senior management don't access core operating system generally. You can check email, review reports, give presentations - all the same as a laptop pretty much.

iPads are easier to connect when travelling as you can get a 3G card rather than having to rely on a local ethernet connection. They require virtually no maintenance. Compare two set ups

Traditional - Exec has desktop and laptop - laptop rarely connected to the network so doesnt get updates etc and is expensive for a decent portable laptop. Laptop may have had drive encryption but if lost data can be stolen.

Ipad - Exec has desktop and iPad for when travelling - no updates/management required to iPad, remot ekill enabled lets you delete all data remotely.

Why is the ipad worse? Probably because you want to do things to it to make it more "secure" when it is already more secure than the brief case full of board papers that could be left on the plane that the iPad replaces...
 
simongr said:
Why is the ipad worse? Probably because you want to do things to it to make it more "secure" when it is already more secure than the brief case full of board papers that could be left on the plane that the iPad replaces...
Click to expand...

Ipads pose different issues and challenges to Blackberry. A lot of this is due to the screen size and what you can do with an ipad vs a BB. Yes Ipads are executive toys. (So are Blackberrys imho), and it's often a matter of "Oooh. Look at me. Look at what I have". And ipad users expect everything to work the same as their desktop and anything that is inconvenient to them switched off. It takes time to develop a "good" ipad implementation, yet people want it NOW (And use their management power over others to ensure it happens). I am yet to see a good (or secure) iPad implementation in an environment... The number of holes opened up for ipads is astronomical. It will be the source of a major corporate hack.

Here is a good article on the topic: WA Parliament iPad trial exposes IT headaches - Hardware - Technology - News - iTnews.com.au

Now, why is the ipad worse than the BB? Quite simply it is a consumer level device (not enterprise device) that people want to use as a consumer device. They want to download their own apps (and scream when told "Angry Birds" is not an appropriate app). Then, they want IT support for some bizarre app they downloaded. They want unfiltered internet with no restrictions (against corporate policies) - and the ipad is horrible with caching proxy credentials anyway. Apps also aren't always proxy aware and don't work at all.

I know you think that ipads are update/management free - No they are not. New iOS versions come out to fix security bugs that need resolving. They often also completely break something else in your environment as part of the fixes... And you still need to have a "Mobile Device Management" solution controlling your fleet of devices, and ensuring that you can lock the profiles down, restrict apps etc.

Ipads require you to register with iTunes to download apps. So the internal user requires Itunes to be installed so they can sync their data. More security vulnerabilities introduced into the environment, more help desk time needed to assist when Itunes plays up.
There are no corporate discounts for apps. Everyone needs to buy them as a single user. Some corporate cards cannot be used to buy items on the Itunes store. So then you have to buy an itunes gift card on the corporate card to use. This wouldn't be accepted if the person was buying a Coles gift card (for example)

Apple is moving towards data in the cloud. Not good for corporate data.

There are compatibility issues between various presentation layer programs and the ones installed on corporate machines. So you might edit a powerpoint on your desktop, and then have to re-edit it to display correctly through the Apple Office programs.

There is no way to manage your fleet of ipads and the apps through Apple. You need to invest in a Mobile Device Management solution.

Laptops do come with mobile sim slots and can be used in that way (or add dongle .. simple enough - corporates have been doing this for years).

And more secure than a briefcase full of documents? Perhaps - if the right security is applied to the device. But I'm pretty sure that with the right forensics equipment an ipad is no more secure than your briefcase if lost.

Ipads are at least 2-3 years away from being corporate ready. In the meantime, IT people are being told "I don't care. Make it work now" by the upper echelons of organisations. As soon as they hit a hurdle (eg wanting to access an internal website), they want the problem resolved "Now". Many websites are and commercial apps are not Safari friendly, and when you can't even set a home page on an Ipad through policy management ...
 
I agree and disagree with iPads. They certainly can be used as a corp device, it's just apple needs to do some serious work to make it easier for companies to roll them out.

Most of the problems I've experienced thus far have been due to apple's tight control than actual issues. I personally do think they are good for business as the device operates the apps in very tight "silos" where it's near impossible for one app to interfere with another. Thus loading "angry birds" is unlikely to stop a corp app from running.

Of course you do have the problem that the "user" is an administrator, whilst not such a problem for exec's who just want a device to work, the real problem comes in when you get a "power user"... Those are the guys who with little real knowledge have the ability to screw up everything and complain the loudest about IT restrictions, and they are the guys who will cause most IT headaches for a BYO IT type arrangement.
 
There would be some irony if this got implemented before the fix the wifi in the QPs......:evil:
 
I guess my approach to iPads is very much from a BYO perspective rather than an enterprise wide roll out. Taking that approach changes the nature of of the issues that the IT function would face. What I see below is a lot of issues with making an iPad work like a PC rather than making the user use the device as it is intended.

Mal said:
Ipads pose different issues and challenges to Blackberry. A lot of this is due to the screen size and what you can do with an ipad vs a BB. Yes Ipads are executive toys. (So are Blackberrys imho), and it's often a matter of "Oooh. Look at me. Look at what I have". And ipad users expect everything to work the same as their desktop and anything that is inconvenient to them switched off. It takes time to develop a "good" ipad implementation, yet people want it NOW (And use their management power over others to ensure it happens). I am yet to see a good (or secure) iPad implementation in an environment... The number of holes opened up for ipads is astronomical. It will be the source of a major corporate hack.
Click to expand...

We will have to agree to disagree about the "ooh look at me" comments - on a purely simplistic level we distribute Board papers to Board members, management and attendees (people like me) - with six board meetings and five audit committees per year that could be 200 - 300 lever arch files of papers that could be on the iPads - that is a cost saving and an environmental saving.


Mal said:
Here is a good article on the topic: WA Parliament iPad trial exposes IT headaches - Hardware - Technology - News - iTnews.com.au
Click to expand...

I think it is a good article on the disconnect between providers of IT services and consumers of IT services. I think that there can be a middle ground.

Mal said:
Now, why is the ipad worse than the BB? Quite simply it is a consumer level device (not enterprise device) that people want to use as a consumer device. They want to download their own apps (and scream when told "Angry Birds" is not an appropriate app). Then, they want IT support for some bizarre app they downloaded. They want unfiltered internet with no restrictions (against corporate policies) - and the ipad is horrible with caching proxy credentials anyway. Apps also aren't always proxy aware and don't work at all.

I know you think that ipads are update/management free - No they are not. New iOS versions come out to fix security bugs that need resolving. They often also completely break something else in your environment as part of the fixes... And you still need to have a "Mobile Device Management" solution controlling your fleet of devices, and ensuring that you can lock the profiles down, restrict apps etc.
Click to expand...

If you refer above on a user provides basis why worry if they have Angry birds installed - how on earth is that going to impact their use of DocsToGo? I have had no issues installing all iOS upgrades with no impacts to the apps I am using.


Mal said:
Ipads require you to register with iTunes to download apps. So the internal user requires Itunes to be installed so they can sync their data. More security vulnerabilities introduced into the environment, more help desk time needed to assist when Itunes plays up.

There are no corporate discounts for apps. Everyone needs to buy them as a single user. Some corporate cards cannot be used to buy items on the Itunes store. So then you have to buy an itunes gift card on the corporate card to use. This wouldn't be accepted if the person was buying a Coles gift card (for example)
Click to expand...

I have never had an issue with iTunes playing up and again if this is a BYO service then iTunes can sit on their own home computer.
I agree on the lack of corporate discounts but the cost of apps is so small relative to similar desk top apps I dont see this as an issue. Also I expect you can get redemption codes for people which you could negotiate through a corporate account to make the app free to certain people. In terms of buying apps these could be bought on a normal personal credit card and claimed through a standard expense claims process.

Mal said:
Apple is moving towards data in the cloud. Not good for corporate data.
Click to expand...

We can agree to disagree again.

Mal said:
There are compatibility issues between various presentation layer programs and the ones installed on corporate machines. So you might edit a powerpoint on your desktop, and then have to re-edit it to display correctly through the Apple Office programs.
Click to expand...

In real practical terms this hasnt been an issue on my presentations. Mind you I don't bloat my presentations with animations...

Mal said:
There is no way to manage your fleet of ipads and the apps through Apple. You need to invest in a Mobile Device Management solution.
Click to expand...

How many iPads are you managing? We don't have a direct way of managing mobile devices through Telstra for 1000+ phones/blackberries. I wouldnt see the need for that many iPads.

Mal said:
Laptops do come with mobile sim slots and can be used in that way (or add dongle .. simple enough - corporates have been doing this for years).
Click to expand...

Sim slots I will concede. Dongles don't work as when you go to other countries you need a local dongle installed which requires admin access locally - not an option for corporates I have worked with. Believe me I have tried to get this to work and have it fail miserably...

Mal said:
And more secure than a briefcase full of documents? Perhaps - if the right security is applied to the device. But I'm pretty sure that with the right forensics equipment an ipad is no more secure than your briefcase if lost.

Ipads are at least 2-3 years away from being corporate ready. In the meantime, IT people are being told "I don't care. Make it work now" by the upper echelons of organisations. As soon as they hit a hurdle (eg wanting to access an internal website), they want the problem resolved "Now". Many websites are and commercial apps are not Safari friendly, and when you can't even set a home page on an Ipad through policy management ...
Click to expand...

I actually think some of the frustration and demand for things to happen is because of the disconnect between user wants and IT services supply. I think that there is a middle ground - if companies could enable email, calendars and some exchange of data but then say that is as far as we go then that will satiate the users to some extent - blocking one avenue because there might be an issue if we opened up another avenue is very closed minded.
 
Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 37 more.
Total: 836 (members: 87, guests: 749)
Back
Top