Q&A: CSC CTIO, Bob Hayward

CSC’s chief technology information officer, Bob Hayward, talks mobility, BYOD, virtual desktops, enterprise app stores and project management

what’s your approach to enterprise mobility? Globally we have been and still are big RIM users. That was the corporate standard for a lot of the people who required mobile devices for their work and certainly our executives across the world. IT’s something that’s fine and continues to work well.

But, within the last two-two-and-a-half years it was obvious more and more CSC people were clamouring to get the same Blackberry experience on smartphones — Android devices but particularly the iPhone and increasingly the iPad as well.

We started looking around [for a way to do that] with pretty rudimentary stuff like ActiveSync, but it wasn’t what we were looking for. When you look at why Blackberry was the chosen provider for a lot of corporates – particularly American ones – was that it just ticked a lot of the boxes that the enterprise IT people wanted so they had some control over these devices: encryption, security, wipe clean, password authentication and all that stuff.

So, we looked for something that gave us as much as possible the same capabilities but on Androids and iPhones and that lead us to look at Good. We’re using it on about 5000 devices globally at the moment… and between 200-500 locally.

We allow employees the choice — they can either continues to use Blackberry or if they want to use their own devices they sign a policy agreement with us that lays out what their obligations are and what our obligations are with the use of that device and we then support it through Good.

What attracted us to Good was that globally we are big users of Lotus Notes and some of us use Exchange as well and out of the box the Good approach was to recreate the Blackberry experience with pushing out Lotus and Exchange emails, but in an encrypted way. [Good’s] approach is very much around containerising applications so rather than manage the whole device — this is an employees’ private device — it only manages those sanctioned corporate applications. For example, if a device is misplaced then you can set up protocols so that only those corporate applications are wiped.

It does it all through pseudo-virtualisation. In fact through Good Dynamics you can build your own apps which take advantage of that. We’re not doing it for ourselves yet — maybe for our customers — but it could be things like SalesForce automation, CRM-type applications and those sorts of things.

Can you detail CSC’s mobility policy and how it works? When you are in a bring your own device environment the company is no longer the owner of that device, so you then have to respect employee privacy as much as corporate security. There is also more responsibility by the employee: they should not expect CSC to manage all the problems on that device. We don’t own it, we didn’t buy it, it’s not selected from a pre-approved list — it is the employee’s own device and they have chosen to use a portion of it for business work.

There has to be a responsibility on the employee that they will conform to safe practices, and use the policies we provide for the use of corporate data, and will use the Good interface for accessing data as it is secure. If they have a problem with the device they will go to where they brought it from or some other community source for help. The policy we have lists all those sorts of things. Whereas, in the Blackberry world there is the assumption that it is company owned so the company will take care of it. That’s not the case in the BYOD world so you have to have clear polices and clear lines of responsibility in that area.

What are the big issues that come to mind when you think about mobility management? Most of these devices, frankly, don’t need a lot of support — that is one of the beauties of the consumer world. They have to be pretty cheap, pretty intuitive, and they just kind-of work. If they stop working most of the companies are pretty good about taking them back.

The main things to look out for are making sure that the employee isn’t introducing new risks to the enterprise —viruses, malware, hacking and so forth. You need to have more porous firewalls than you had he past — de-perimeterisation — which means you are not relying on physical, hard-coded hard-wired firewall. You have to be smarter about it through having polices and have security products which allow the employees to be productive, but in a secure way.

Now you have the end-user side sorted out what’s happening on the back-end to allow you to push out applications to employees? We are looking at quite a few [private cloud-like] things for ourselves and our customers as well. We have our own private cloud we use inside CSC. We are moving more of our internal systems to become more cloud-like and we are building a sort of enterprise apps store concept through ha service catalogue.

It is still early days, and our first priority was the BYOD thing we have made big strides on. IT’s also not the only BYOD initiative we have as we are also doing virtual desktops as well for people who have laptops as well — a whole other technology around VMware and Citrix. We have a whole lot of options for people depending on their role and the type of work they are doing. It’s two tiers. We’d have a couple hundred virtual desktops and that project has been running for about a year now.

Over the page: virtual desktops, app stores, collaboration and project management

Page Break

What have you discovered during that first year of running virtual desktops? It has been working well, but we discovered like a lot of people, that your networks have to be up for the job and that performance is an issue. There are differences in the products in the market and some are suited to certain types of works than others. It all comes down to what types of roles people are doing and what their consumption of content is. Are they content consumers or creators? You need to be very granular in your examination of what is the best device for the type of work an employee does.

As an IT provider [CSC] is being asked to provide that kind of service to more and more of our customers so we have to drink our own champagne, as we like to say, through testing and using these products ourselves. We also a have a large number of employees who are mobile, but still require the rich interface and power that laptops provide and which tablets don’t provide just yet.

Defence is also planning an app store; can you expand on why you’re looking at one? It’s another example of something we want to look at ourselves as it is something our bigger customers are beginning to look at as well. Just as you would look at using the Android app store of the Apple app store we would have a list of pre-approved enterprise applications. It would be a catalogue or list of apps, with information about what they do, how much you might get charged for them — through some kind of internal cross-charge mechanism — as well as pre-approved codes so that employees of certain divisions can download certain apps, then away you go.

[software vendors won’t become redundant] as some of these apps are provided by software vendors —they are not all internally developed at CSC. In fact, most would be commercial packaged software as such. It is just that they are delivered and disseminated in a different model than has usually been.

However, it does require that existing software providers to change their existing licencing models. Some of them are gradually doing that but a lot of the newer software companies only offer software as a service. If you were to call them up and say, ‘can I license your software and pay you a maintenance fee and you send me the software on physical media’ they wouldn’t know what you were talking about. Software as a service is gradually becoming the default way things are done.

Could you give an update on CSC’s in-house collaboration tool, C3? That has been a big success for us. It is going from strength to strength and pretty much baked-in to what we do a s company. It is going beyond social networking and blogging and moving into our processes. If there are any announcements from management, or any video interviews from our new CEO or town-hall meetings it is all done through that medium.

Also, our brand new integrated sales catalogue —which defines all our offerings, the codes you need to enter into our sales system, details of the offering, where they are supported, who the contacts are, case studies, references, reference architectures, price guides — all of these different things are all delivered through this mechanism [C3].

What’s the end-state you’re working towards with your IT? I think we still have a lot of work to do around identifying better shared services across our company. We probably have too many different parts of CSC across too many geographies doing their own thing. That is one area that we have some work to do. As with a lot of companies we also have a lot of applications which have been with us a long time. We need to look at how we might modernise them, or make the m more contemporary or re-platform them and make them if the cost is justified.

It is always a risk that when you move from a highly specific, highly customised system which has been made exactly for what you want to a system which you have to share with others that you have to make accommodations. But we recognise that 80 per cent of where you want to be is good enough. It is just too hard to get to 100 per cent. It takes too long and is too expensive.

The days of when you had the luxury of the time and the money to make everything perfect are gone. Things move too quickly. The more you customise the more you lock yourself in and the more you make things difficult for yourself later on. The more vanilla, the more generic the better and you just have to accept that 80 per cent of what you want is good enough and it is a philosophy which will serve you well.

It’s a pity the National Health Service didn’t take that approach with its e-health project...