Shell is undertaking a huge bring your own device (BYOD) project which will see it supporting around 135,000 devices picked by users rather than dictated by the IT department.
At the CA World show in Las Vegas on Monday, Ken Mann, enterprise information security architect at the oil and gas firm, outlined Shell’s shift to become a cloud-first and BYOD outfit.
Shell had already undertaken a project to centralise all its IT, and has outsourced its infrastructure to three main suppliers – AT&T, EDS – since purchased by HP –and T-Systems. Two years ago, the firm adopted a cloud-first policy, which means that any new applications have to be in the cloud unless there is a business case for them to be on-premise.
The next project for Mann’s department was BYOD – which Mann’s boss defines as buy rather than bring your own device.
The BYOD scheme is a major undertaking. Shell has 90,000 permanent employees, and an additional 60,000 on a contract basis so the company is managing 150,000 clients, from desktops to portables to tablets.
Of those users, 10,000 are already on a BYOD scheme, but Mann said Shell expects that in a few years, less than 10 percent of its users will be using company-provided IT equipment. Or taken another way, Shell will soon have 135,000 BYOD users to support.
“We’re looking at true BYOD, not just for mobile, but bring in your own laptop,” he said.
“Windows, iOS and Android are key operating systems for us, but if Windows Phone 8 becomes popular, we’ll look into using that.”
Part of the decision for the BYOD drive is around recruitment and staffing.
“In about five to 10 years, 50 percent of our staff worldwide will retire,” Mann explained.
“We’re going to have a lot of people turning over, and we want to be able to attract and retain talented and young staff. They don’t want to come into a locked corporate environment.”
To support this major BYOD drive, Mann’s job was to secure the different devices accessing the corporate network.
“We had two-factor authentication using smartcards and one time passwords (OTP) as default. But we started to look at how we could do two-factor authentication in the cloud. We wanted a solution for single sign-on from any device, whether in the cloud or an in-house app, and we wanted to support authentication standards like SAML and OAuth and translate between these,” he explained.
“We also wanted device authentication – is it from a Shell device or a kiosk in an airport?”
Mann said that four IT companies were in the running to provide Shell with its desired cloud authentication system, and each was visited to carry out an on-site proof of concept, with CA being one of the four.
“We didn’t find one company that could do everything we wanted to do. CA showed us the guts and development code, but they didn’t have a solution ready at the time,” he noted.
“Based on the four firms, we ended up selecting CA CloudMinder – it didn’t have a name at the time – as it was highly focused on cloud apps, and we’re already using SiteMinder, which focuses on in-house authentication, so there was a good bridge to link cloud and on-premise apps.”
CA CloudMinder was released in February, and is designed to offer enterprises key security capabilities including advanced authentication, identity management, and federated single sign-on as cloud services.
CA also unveiled a partnership with SAP at the Las Vegas show, to license the latter's Afaria software for mobile device management.
Madeline Bennett is editor of V3 and The INQUIRER. Previously, she was editor of IT Week. Prior to becoming a journalist, Madeline was an English teacher at a London secondary school. Madeline is a regular technology commentator on TV and radio, including Sky, BBC and CNN.