ORLANDO – When Michael Murphy left his vice president position at Symantec in 2011, he thought moving from a security-focused software company to one that is known for its server, application and desktop virtualization services would be a big leap. But as he’s come to know during his five years (and counting) as vice president and country manager, Citrix Systems Inc. is also a security company.
“Without being called a security vendor or categorized as a security company, we manage and solve a lot of security challenges because it’s embedded in everything we do and offer,” he tells IT World Canada at Citrix’s 2017 Synergy conference in Orlando. “Citrix enables people and organizations to work the way they want to work, and provides platforms, applications, and desktop management tools in a straightforward and secure way. Our consistent approach in the last 28 years has really positioned us to help people with that security conversation.”
He says that while Canadians have generally been more conservative and reserved when it comes to adopting and implementing new technologies, such as the cloud, because of their security concerns, this has transformed in recent years.
“There’s a good reason for this mentality: we were never the single greatest target for cyber threats, but that’s changing,” Murphy explains. “We always think it’ll happen to someone else, but the digital landscape has changed and Canadian companies need to stop sitting back on our heels and lean forward into being proactive about security.”
Moving to the cloud – securely
The cloud has presented a prime opportunity for Canadian organizations to do this, he continues. With Microsoft Azure and Amazon Web Services both recently opening data centres in Canada, companies can now offer cloud storage solutions that meet the country’s rigorous data residency and privacy regulations, which require data to be stored in Canada.
“Now that the big providers have cloud presences in Canada, its jumpstarted deeper conversations about what our customers want, how we can move their Citrix workloads to the cloud, and how we can protect that information,” Murphy says. “The data sovereignty issue is a legitimate concern but now I think all those traditional barriers are gone.”
However, he highlights some hypocritical activity by the federal government – for which Citrix provides secure email and web services – that is sending mixed messages to other organizations.
“[The government] wants data to stay local, which is somewhat ironic because there are some federal agencies that talk about how they’ll never go to the cloud if it’s not in Canada because of privacy concerns, but in the background they’re using US-based cloud services and enterprise file sharing or synching solutions,” he points out.
And while Murphy agrees that they are saying the right things, seeing them not walk the walk can be frustrating. But on the other hand, it’s not necessarily the government doing this purposely.
“If government staff aren’t getting the right technology that’s easy to use and provides a good end user experience, that end user will go around the rules and find a better solution on their own and bring it to work,” he explains.
This shadow IT has created “a back door” around policy that can undermine security measures. Murphy uses a recent meeting with a Member of Parliament (MP) as an example.
“We’ve set up a secure email server in Parliament that doesn’t allow cutting or pasting from emails to any other app, which is a great security feature we talk about all the time. I shouldn’t be able to read an important email and decide to copy and paste its contents to Twitter or Facebook, but this MP wants to do exactly that so they can share with their constituents,” he says.
But as Murphy tells IT World Canada, this MP has gotten around the security rule by forwarding the email to their Gmail account so that when they log in from another location, they can copy and paste from there.
Murphy stresses that he’s not picking on the government, but is using this as an example to show how difficult it is to make security a priority when MPs must answer to both their political party and the constituents that voted them in, as well as balance both government and parliamentary business.
“All of these ‘personas’ should be kept separate, but when they do need to connect, the end user will find the lowest common denominator – like Dropbox for easy file sharing or Gmail for avoiding email restrictions – to get around policies and guidelines in place,” he adds. “Citrix can help them manage those personas and provide infrastructure to help keep them separate, as well as provide additional security for when they do need to connect.”
Looking ahead
When asked what Citrix is hoping to achieve in the next few years in Canada, Murphy says that the company is planning to stay its course. Citrix recently opened a new modern and collaborative-oriented office in Markham, just north of Toronto, and is looking to continue being a pragmatic, secure provider of technology for its customers.
“I don’t think now is the time to throw caution to the wind and start something new. I think if you agree that the path you’re on is the right path, you need to stick with that path for a period of time, and that’s what we’re going to do in Canada,” he concludes. “We’re going to keep offering simple and secure products to our customers, and help them use technology in their workspaces.”