Suncorp shifts all staff to virtual desktops

 
Page 1 of 2 | Single page

Security the top priority.

Banking and insurance group Suncorp intends to have all staff working on virtual desktops by the end of next year to secure access to enterprise applications.

The company has tempered the ‘BYO Device’ strategy announced last year, offering three levels of client access to its corporate IT environment: the provision of virtual desktops, provision of corporate-issued mobile devices to select staff and conditional access to enterprise resources from devices staff bring into the organisation.

While the group will phase out traditional fat-client desktops, it has not opted to stop provisioning devices altogether.

The bank is replacing PCs on failure and repurposing existing PCs with thin-client technology running Windows Thin PC– a customisable, thin, locked-down version of Windows 7.

Application delivery is virtualised using Citrix tools via a virtual desktop.

Some one-third of Suncorp staff – the majority in its Brisbane Business Services office and another division in Sydney - are already using the virtual desktop solution, and the company expects the remainder in its Sydney and Melbourne offices to be provisioned during 2013.

Suncorp chief technology architect Ross Windsor told the iTnews Executive Summit in Sydney that organisations need to first set out a device access strategy and invest in robust IT infrastructure before turning client computing on its head.

BYOD

Suncorp’s IT team has adopted a tiered approach to securing mobile access.

The company is using  mobile device management tools to control configuration on mobile devices connecting to its network – enabling administrators to push out authorisation for Wi-Fi network access, push out digital certificate renewal for authentication and set policy around emails and document sharing, among other smarts.

There are two tiers of access aside from virtual desktops.

Staff connecting from corporate-owned mobile devices are offered a ‘standard’ corporate package with native email built-in. Suncorp runs an application blacklist on these devices to ensure that applications like Dropbox, a personal cloud storage application hosted in the United States, cannot put corporate data at risk.

Those staff working in collaborative workspaces that wish to bring their own device are offered a locked down or “sand-boxed” package. To gain access to corporate systems from these devices, staff must download a custom sandbox application that offers secure email plus a suite of additional security tools. This level of access limits users to a secure email service (akin to Blackberry Enterprise Server), secure file sharing service (akin to DropBox) and integration with Sharepoint – the data from which resides in Suncorp’s data centre rather than on the device.

The BYOD client package has been configured for Windows and Apple devices. Windsor notes that Suncorp’s staff use nearly 2500 iOS devices (iPhones and iPads). The bank is still working on a secure Android client.

Suncorp opted against giving out stipends (cash allowances) to staff to bring their own device into the network.

“What happens if they don’t have maintenance on it?” Windsor asked the audience. “If it was the only form of device they had access to in the organisation and it was lost, stolen or damaged, then they would no longer be productive. Are we going to have a store of devices in the cupboard that we can give them?

“There are all these kinds of management aspects to why [stipends] are not a good idea. Our strategy is we will provide you a device. You are welcome to bring your own device but that is not a replacement for the corporate device.”

 

The magic under the covers

Windsor told the iTnews Executive Summit that there was a “long journey” required in terms of IT infrastructure before Suncorp could proceed with either of its virtual desktop or BYOD programs.

“You can’t do BYO without first getting a handle on virtualisation,” he said.

Suncorp’s expertise in virtualisation began when it took over the Promina group in 2007 and found itself with six major data centres spread across country.

This was “a management issue and cost burden we didn’t need,” Windsor said. “The easiest and most effective method to consolidate that was to virtualise down to a single [production] data centre [plus DR facility], which we achieved in little over ten months.

“In doing so we understood the strength and weaknesses of virtualisation in the server space before considering desktop devices.”

The company has developed its own private cloud and service catalogue using open source technologies. Everything in this stack was built in-house – the orchestration layers, scripting, and the web services interface to provision servers.

Whilst it wasn’t a trivial task, Suncorp’s team built the private cloud in under nine months. “The other option might be to spend the same time configuring an off-the-shelf product.  We had looked at all the tools in the market, but none of them were true cross-platform,” Windsor told iTnews.

“What we built was completely flexible and generic – we could provision an Oracle database on a midrange AIX server, a SQL database on virtualised Windows instance, it didn’t matter.”

Provisioning of new servers and applications went from weeks to days, aiding Suncorp’s stated commitment to Agile software development.

But more significantly, the private cloud became the platform from which Suncorp could manage application delivery and mobile access.

“The private cloud is the orchestration engine and services bus,” Windsor told iTnews. “We can use that to automate virtually anything that we want to do in the organisation and provide a self-service interface for that automation. That’s what we’ve bolted on the front of the mobile device management, which in turn allows you to control what applications can be loaded on a mobile device.

“You also have to build your own internal equivalent of an iTunes application store for both apps and also for clients – if, for example if I needed a client on my new device to connect to my virtual desktop. What we’re creating is an automated self-service environment. The user simply clicks a URL, and it automatically pulls the sandbox application down onto the device.”

Read on for a look at the IT infrastructure that underpins Suncorp's strategy...

Copyright © iTnews.com.au . All rights reserved.


Suncorp shifts all staff to virtual desktops
Suncorp chief technology architect Ross Windsor.
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Suncorp chief technology architect Ross Windsor.
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1516

Vote