CIOs cautious on cloud

Cloud computing and BYOD technology may be set to change the way we work, but CIOs are still expressing doubts about their rollout in the workplace.

There are quite a few tech trends doing the rounds across every boardroom in Australia right now, but ask any CIO what’s got them talking and they will tell you the same magic buzzwords - bring your own device (BYOD) and cloud computing. It’s not just the corporate heavyweights that are holding the conversation but small to medium businesses (SMB) also getting involved. 

 This year’s Cisco Live! Conference, held in Melbourne last week, featured a CIO panel which brought together executives from a number of sectors. On the panel, there was Bendigo Health’s CIO, Bruce Winzar, Westfield Australia’s CIO Peter Bourke and Tatts Corp’s CIO Matthew Maw. 

Dark clouds on the horizon

Earlier this month, the CIO’s at the Open Data Centre Alliance Forum in Melbourne were keen to talk about the possibilities of cloud computing and how to best roll it out to maximise their business.

Overall, they had nothing negative to say about the new technology, however, the CIOs at the Cisco conference had a somewhat different take.

As far as they are concerned, cloud technology has created nothing but problems and despite the sales pitch by cloud providers, true ‘solutions’ were few and far between.

Tatt’s Corp’s Matthew Maw labels cloud computing a “convenient marketing name” and adds that it is still too risky to put all of Tatts’ systems onto a cloud.

Maw says his company relies heavily on the revenue of particular gambling events such as the Melbourne Cup, and if the system were to crash on such a day it would be catastrophic.

Westfield’s Bourke says that other executives see it as a “panacea for IT cost savings” when it in fact locks them into an ongoing agreement with a cloud provider.

“The integration side of it is actually quite challenging,” Bourke says.

“And what happens when you want to get out of the cloud?” 

Bendigo Health’s Winzar has concerns about where the data is being held and backed up to.

He says that while most cloud providers store the initial copy of the cloud data locally, they often keep a back-up of it overseas.

Winzar adds that because the medical data he is charged with protecting is confidental, he would need to ensure that that the cloud provider stores none of the data – or any back-ups of it – overseas.

The CIOs agree that cloud technology needs to continue to be rolled out and evolve before any of their organisations will adopt it.

“Personally, I’m not prepared to be an early adopter,” Maw says.

Managing the BYOD revolution

The mobility message is hard to ignore and with more workers opting to bring their devices with them to work, integrating an array of smartphones and tablets to the core IT architecture of the organisation can cause plenty of headaches.

Cisco says it has seen an exponential increase in the amount of employees bringing their own devices to work ever since the networking giant decided to press go on its BYOD strategy.

If Cisco’s example is anything to go by, CIO’s may be at the brink of a BYOD revolution.

Bendigo Health’s Winzar agrees with the numbers, he’s witnessed a noticeable difference in the number of employees bringing their own devices and they are divided among two distinct groups - older doctors looking to show off their new device, or younger professionals looking to change the way they work.

While Winzar concedes that it was only a matter of time before the BYOD revolution is hit his neck of the woods, he is concerned about the risks it poses to data and network security. 

While BYOD has its obvious benefits to the workplace, it can heighten the chance of malware spreading across an internal network. As more devices plug in and out of the workplace’s network, the risk increases. To mitigate this risk, he proposes the implementation of what he calls a “risk matrix”.

This entails mapping out where every employee within the company stands in relation to network security. Those who are competent with internet security would gain greater access to their workplace’s networks, while those who are clueless would have their access restricted to the bare essentials required for their work.

It seems like a wise move - a study published last month by data security firm The Ponemon Institute found that around 53 per cent of the employees they surveyed disengaged passwords or other data lock features on their own devices, making them ripe targets for cybercriminals.

The prospect of cybercriminals tapping into the potential of BYOD is also front and centre in the mind of Westfield Australia’s Peter Bourke. He says that staff could download malicious software at home and then accidentally spread it to the workplace’s network. Bourke’s key concern is that “you can’t control what people do with their own devices at home”.

According to Bourke, BYOD gives cybercriminals the ability to leap over a company’s cyber defences and instead piggyback malware into a network through an unsuspecting employee.

Bourke also sees another problem relating to data and BYOD. “What happens to the data on someone’s device after termination?” Bourke asks.

A system administrator can’t wipe someone’s device like they would a work computer. BYOD has the potential to see confidential documents and information walk out the door with staff.

That’s why Tatts CIO, Matthew Maw says that any move on the BYOD front ultimately boils down to how much a company’s management are willing to trust employees.