BYO computer at Suncorp

Discussion in 'Business & Enterprise Computing' started by WRC, Mar 29, 2011.

  1. Shizznack

    Shizznack Member

    Joined:
    Jun 5, 2007
    Messages:
    162
    I work as tech support and I could not imagine anything worse than supporting my 200 staff using their own equipment...

    For starters users never have up to date antivirus. It would make it impossible to manage network shares and resources.. I would be forever installing printers and mapping server shares. not to mention no standard SOE so I would have to spend time investigating fixes for issues that have not been seen before. in short if i worked at that company i would want a significant raise or be looking for a new job.

    How manny people would be taking home company data working on it all night and then the computer dies / stolen / coffee into the system.
     
  2. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,112
    Location:
    Brisbane
    I decided to do some e-stalking of Jeff Smith last night, and no surprises that his buddies at ZDNet have the lion's share of information on him.

    Back in 2008 he did some videos where he talked about Suncorp's security standards. He was adamant that desktop-level security was a non-issue at Suncorp thanks to their highly standardised operating environment.

    Now that there is zero standardisation, does that mean it's a huge issue? Or just that it's totally ignored?
     
  3. one4spl

    one4spl Member

    Joined:
    Dec 9, 2005
    Messages:
    428
    Location:
    Jamboree Hts, Brisbane
    It's called Private VLANs. You don't need one for each PC - the switch basically only allows communication from each user port to the router/firewall and from the router/firewall to each user port. Decent wireless systems can do similar things.

    Yup... the details and facts are sure to be much more mundane.

    Really this stuff is going to be more and more common - and there's plenty of it already out there.

    As someone already said you just treat the clients as toxic. Separate the soft squishy bits from the dirty filthy clients as if they were on the Internet an then make your user LAN basically like an ISP that provides Internet connectivity.

    It's not rocket surgery, and its certainly not the end of the world. There will be plenty of managed desktops out there for the foreseeable future but I think they will thin out a bit in the coming years.

    As mentioned plenty of schools are already doing this in a few different ways. The ones I'm involved with are selling the students a standard laptop with support from the vendor covering the unit until the student leaves. The school has a standard image for them (available in a recovery partition or installable from USB). Software problem on your PC? Restore the image. Hardware problem? Call the vendor.

    Backups, system security and all the other responsibilities of owning a computer are a part of the students education.

    All the students work is stored in Live@Edu.

    I think this pretty freakin' awesome and see no reason why businesses can't pick and choose the bits of this that suit them.
     
  4. Simwah

    Simwah Member

    Joined:
    Aug 6, 2005
    Messages:
    1,998
    Location:
    Brisbane
  5. GaryD

    GaryD Member

    Joined:
    Apr 6, 2005
    Messages:
    84
    More likely they are allowed to connect their iphones to the wifi network for web access and email. Can anyone imagine a bank actually doing this? The level of support would be a killer, not to mention security concerns.
     
  6. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,112
    Location:
    Brisbane
    Student laptops and the upper end of the finance industry (banking/insurance) are worlds apart. Not only for complexity, but for reputation risk as well as federal government compliance.
     
  7. Iceman

    Iceman Member

    Joined:
    Jun 27, 2001
    Messages:
    6,647
    Location:
    Brisbane (nth), Australia
    It was myself who suggested treating the clients as toxic. However I highlighted once case where it fails to protect the data between the client and the server.

    While it's great for students, because nobody cares if a students essay is leaked to the world, I didn't mean to suggest this was appropriate for all environments at this time.

    As Elvis points out many sectors finance, medical, research to name the obvious, this isn't going to work. You can't just leak secure information onto non trusted systems - and some of these industries have legal standards with penalties to enforce that (see EPHI, PCI DSS, SECRET/TOP SECRET etc).

    Someone else pointed out that suncorp, being a financial institute, would be subject to many of these standards that require information to be kept confidential. Queue press release of unencrypted, private information of 10,000 insurance clients being lost on an ipad ...
     
  8. Merudo

    Merudo Member

    Joined:
    Jun 26, 2007
    Messages:
    5,437
    You're missing the point though, the data would never be ON the ipad...
     
  9. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,112
    Location:
    Brisbane
    I think this is one aspect where the US are years ahead of us with compliance and legislation.

    ALL industries are forced to do full disclosure when it comes to private information being lost. Even if there's a potential that it's lost (someone's laptop has a bunch of customer data with Social Security Numbers on it, etc).

    http://datalossdb.org/

    Websites like Data Loss DB document these leaks, and cache any news articles about them. They then track over time the trends based on time of year, type of industry, etc.

    When you look at the stats, you realise just how scary it is. We live in a world where identity theft is now one of the most profitable passtimes for certain groups (and I'm not going to be all emotional and label them "terrorists" or some such crap - some of these people are just regular people living in places of the world that make earning an honest living very hard, so earning a "dishonest" living simply becomes a guaranteed way to feed your family).

    Australia has no such legislation. I WISH they did. Having spent a fair chunk of my career now dealing with information security, and having seen some of the most corrupt examples of information loss cover up I've ever witnessed, I'm utterly disgusted (not to mention quite scared) at just how blasé corporate Australia is about the idea of exposing private and confidential customer information with the rest of the world is.

    Most companies care far more about their reputation in the market than their actual customers, but even then have an extremely talented (at talking shit) layer of middle management that can argue away risk and likelihood to trivial values (particularly true when it comes to spending money on preventative measures).

    But anyways... I digress. I do sincerely hope the Australian Federal Government takes a good hard look at privacy legislation in the coming years, and makes moves to keep the private sector in check when it comes to actually putting effort into the privacy of their customers. Generally I don't like governments interfering in private sector matters, but this isn't your typical case of "buyer beware" (because you can't be aware if there's no information available), nor "take your money elsewhere" (because you're stuffed when your identity ends up on some Russian server).
     
  10. Phido

    Phido Member

    Joined:
    Jun 20, 2003
    Messages:
    7,377
    Location:
    Dark City
    I don't know if schools and finance is all that far a part.

    Schools have databases too, Student wealfare, banking, DOCS, employment, staffing, results are also confidental, banking details of parents and staff not just class tests, spelling quiz's etc.

    Except the DET has 1000 sites each with nearly 1000 unscreened people would many would get a kick at getting information out.

    I would say the IT in education is way more complicated than any thing in Finace or Banking. Atleast they have money to throw at the problems.

    However like those, they are moving to webbased interfaces, because they can generally be locked down much better. While it is possible to extract some information from a session etc, its less likely to result in complete access. Very little gain for a lot of work.

    Obviously security would have to be very tight at the inner most layer, but thats true of most systems, police, legal, etc.
     
  11. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,112
    Location:
    Brisbane
    You should probably try working in both before making blanket statements like that. ;)
     
  12. dave_dave_dave

    dave_dave_dave Member

    Joined:
    Mar 17, 2004
    Messages:
    2,867
    Location:
    Gold Coast
    My little brother works in network transport / network security at Suncorp, i should just ask him whats going on....
     
  13. bainer

    bainer Member

    Joined:
    Jun 15, 2009
    Messages:
    58
    Can't carry your awesome Pentium D powered Dell on a plane with you either.

    Even if it wouldn't save any money, they're anticipating gains in productivity and staff satisfaction (and thus retention) from employees being able to use tech they're comfortable with (and that has better than a 1280x1024 screen, etc).
     
  14. Phido

    Phido Member

    Joined:
    Jun 20, 2003
    Messages:
    7,377
    Location:
    Dark City
    Define difficult. I suppose if you just run two completely seperate networks, but I do know education needs to get better, where as finance generally can buy things off the rack or shelf that are suitable. Most finance (eg Bank west) seem to have gone web interface entirely. Privately owned banks proberly create a headache too, as the potential is there to hook anything up and have lax policies, but your still not at the complete mess some other networks are.

    I don't know if school security is not important. Im pretty sure a fabricated story about you/family/boss doing something inappropriate at school leaking out would be bad. These databases are linked to other academic and policing organisations. GIGO.. Some areas cover legal and finance grounds so having the bank billing details of 1000 parents isn't sensitive? It is, maybe not billion $ sensitive, but legally certainly millions of dollar sensitive.

    From an IT perspective, you guys should be all against this. Nightmare to administrate. The question has to be asked, why have they decided to go down this way? Maybe they only work on fixing issues with the server not the actual PC. Maybe thats outsourced, maybe its just onsite network connectivity.

    From the end power user, you can't stop me. I haven't had a problem because I know more about our networks than any one onsite and most people off it. Bitch about it to the boss, I will bitch about the crappy IT to the boss. My function is far more important. If I am bigger than you I will win. It not always about individuals buying PC's, a manager may decide for his team he needs XyZ, now he can without some IT tight arse or accountant getting up about it.

    Our last onsite IT guy (TSO) was an 18 yo nobody. He was actually pretty good, now he works at a TV station. Soon all the DER TSO will be network admins, all over the place thats scarey. That guy still couldn't install office from the DET VB script they gave him. Its a new world.
     
  15. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,004
    Location:
    Brisbane
    I think this will turn out OK ... I mean .. it's just like their workers working from home ... go to https://citrix.suncorp.com.au type in user pass and PIN or whatever 2 form auth they use and you run the whole shebang from a browser

    what they do is provide a wifi or wired lan that only allows users to connect to the citrix gateway and users can't communicate with each other as in user A PC can't talk to user B pc so if one has a virus or whatever it will not harm anyone

    so as far as i see they will actually save a lot of time and money with this, end users will be happy as they can buy laptops and write some off in tax as well

    as for support ... what support? it's your own laptop! you get support once you can see the citrix login page, if you can't get there then not their problem pending network is OK

    TBH I like it! and from admin point of view it's so much easier to admin as there is not much to it
     
    Last edited: Mar 31, 2011
  16. GiantGuineaPig

    GiantGuineaPig Member

    Joined:
    Oct 23, 2006
    Messages:
    4,027
    Location:
    Adelaide
    As some else already stated, that has nothing at all to do with Citrix. The fact that you think Citrix sucks, yet you've completely explain why it isn't Citrix at all means you should also have nothing to with implementing anything to get around the issue :)

    Yep that's pretty much fits what I was thinking - thanks for the info. So is this a good option for someone like Suncorp?

    Oh come on :) How many times have you ever heard of someone bringing in something foreign, IT being told that they just want to do X and they won't need IT at all, and then IT getting called saying something doesn't work? "The projector doesn't work" "I can't get on the internet with this 3G dongle" "Why doesn't this monitor have a DVI plug" "We need to get the data off this standalone laptop brought in" "Client needs to access a website for a presentation they're showing us" and so on. It would be many times worse with BYO PC for actual staff members!
     
    Last edited: Mar 31, 2011
  17. gregzeng

    gregzeng Member

    Joined:
    Apr 25, 2002
    Messages:
    1,104
    Location:
    ACT
    AGREE. Iphone, Ipod, I-idiot. Software is hard to generate there. So stick with Linux & Android.

    Met an Insurance broker in Hong Kong 15 years ago. Covered every large truck in Hong Kong with his smartphone, linked to his home computer. Now it would be an Android phone. Lots of Android security apps ... linked with face recognition, SMS security codes, GPS coordinates, anti-,malware, alarms of every kind, etc.

    Free, numerous and low cost.

    My netbooks and smartphones can link to my 1080 TV/ monitor. Used with my computers, the monitor is easily & quickly swivelled into portrait position. Others might use their 52 inch TV monitor. All wireless, of course.

    So last century. My financial transactions often require several "passwords" - all very user friendly. If I forget my user name or password, there may be reminder clues, or email or random code test(s) to prove that I'm not a robot. If I get the mail, it offers me a link to their special site. Again more tests to prove I'm human, time limited to just a few minutes. Because I seem to be who I claim to be, then it asks if it is ok to send me a new user-name or password as a SMS to my nominated or other mobile phone. All time limited to a few minutes.

    When I get the new codes, I'm time-limited to enter them, and them time-limited to immediately change them to my preferences. One good thing about the USA - they have more cyber-criminals, more cyber-smarts, so use better security stuff than us silly Skippies.

    I laugh at my daily local paper, the Canberra Times. Many long vacant jobs very loudly & predominately advertised for the government security agencies. Even had a 3 hour interrogation by the local (badly disguised) ASIO agent (he freaked when I told him that I've posted his "interview with me on the internet). Security in the Australian governments is so poorly paid & so lowly regarded.

    Now the Federal government is forcing all government and associated agencies into making Bill Gates richer. The Israeli, Chinese & Muslim governments can very easily crack idiot Australia now. My great, great grandparents made a bad mistake migrating here. So I'm stuck in this silly place till I enjoys all those virgins in heaven in the next few years that I still have to live.

    Retired (mod. TBI) IT Consultant, Australian Capital Territory
     
    Last edited by a moderator: Apr 1, 2011
  18. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,112
    Location:
    Brisbane
    You've obviously missed some of the gold he's drivelled over in the "Other Operating Systems" thread.

    Coherent, he is not.
     
  19. Iceman

    Iceman Member

    Joined:
    Jun 27, 2001
    Messages:
    6,647
    Location:
    Brisbane (nth), Australia
    Never engage the Greg, he's a human thread derailer. He can spout more crazy than you can sane :)
     
  20. bsbozzy

    bsbozzy Member

    Joined:
    Nov 11, 2003
    Messages:
    3,925
    Location:
    Sydney
    I would have expected an article like this to appear today...
     

Share This Page

Advertisement: