Author: Matthew O’Neill VMware’s Financial Services Industry Managing Director in the Office of the CTO
Public health and transportation, food distribution, security services, and financial services are among the critical infrastructure essential to a functioning society and economy.
In times of uncertainty such as the current crisis, financial institutions have to remain available to securely serve customers. That puts pressure on financial services IT professionals to not only keep services operational but workforces productive, too.
Revenue and customer service are depending on IT. So are the bankers and insurers that continue to be working to bring customers appropriate and reliable services which in almost every case, requires access to financial services IT systems.
Although this event is unprecedented in its scope and expected duration, financial services IT teams worldwide have weathered emergencies before—from H1N1 to earthquakes, hurricanes, and bushfires. And every institution has both a business continuity and disaster recovery plan in preparation for these types of scenarios. The questions on everyone’s mind now is did these plans think big enough and then just how robust was the preparation and how well tested was the plan? And if the answer is you’re not sure, keep reading.
We checked in with a former executive at one of the world’s largest banks Matthew O’Neill who has been advising customers on response efforts to get his perspective on the current situation. To understand what steps IT organizations can take today to continue to support customer experiences, in-person and online, while keeping workers safe and productive. All without compromising data privacy and compliance. Matthew is VMware’s Financial Services Industry Managing Director in the Office of the CTO.
The Q&A below is edited from an interview for clarity and flow.
Q: Matthew, thank you for taking time to discuss financial services’ emergency response. Can you describe some of the challenges you’re currently hearing from customers?
A: Depending on their operations, IT leaders have shared these concerns:
- Business Continuity– The stage of this emergency is already greater than anything IT had previously planned to address, and it’s expected to get worse. IT is concerned about quickly ramping up existing digital workspace and virtual desktop capabilities for more employees in positions used to having them, such as financial advisors and head office employees working remotely, while also rapidly deploying new ones so more staff can safely and securely work from home.
- Operational Resilience– Teams have mobilized to better understand, secure, and protect the integrity of end-to-end services beyond their traditional experiences. They want to assess more resiliency options, as well changes to organizations and processes while mitigating risk.
- Optimizing performance– With many more customers and employees remotely accessing bank applications, there are more questions about reliability, remote connections, and last-mile networking constraints.
- Bursting capacity– IT is looking at hybrid and public cloud solutions as ways to potentially handle changing capacity demands of their existing applications due to increased digital volumes, contact center demands, increased automation, and the rapid onboarding of additional remote workers including financial advisors.
- Elevated risk– Some are concerned about new threats and a potential rise in fraud, not just from increased endpoints but from an uptick in illegal transactions should criminals find a way to take advantage of nervous or more vulnerable customers. This is what I have been calling,“Tech for Bad”.
- Operating the business as usual– Even routine tasks such as keeping the lights on and staying on top of change programs can be challenging with so much of the workforce at home. Many are interested in talking about new ways to work and collaborate across more teams, including those working to modernize application development and delivery.
- Blockchain– As expected, there are very few inquiries about blockchain now, but digital payments, touch payments, and to an extent, crypto currency, are all being mentioned in virtual watercooler “is this the end of cash”
Q: Everyone is talking about business continuity. How does a secure digital workspace benefit financial services?
A: Financial services firms have been planning for plausible, yet unlikely scenarios because of prior incidents. However, the scale and speed of this emergency—along with the actions being taken to try to tackle it—are beyond many of the plans. Typically, a bigger national, international, or global organization will have anticipated and made allowances for activity to continue from another geographical location for business continuity in the event of a localized disaster. But in this case, everywhere is, or could be, impacted. That’s unprecedented.
When the only real solution is to have as much of the workforce as possible work remotely, IT is challenged. Technologies cannot perform every role a human performs when it comes to financial interactions. Nor can technology alone assess the highly sensitive nature and risk of data loss, reputational risk policies, and regulatory/legal obligations.
The digital workspace empowers staff at financial firms to overcome remote working changes and challenges, providing an optimal user experience. Yet financial organizations are still conflicted when it comes to increasing their risk appetites, which happens when teams loosen their device and data security obligations. The digital workspace doesn’t make them sacrifice security. And they can use it to introduce or scale existing application portfolio reach, providing full remote access connectivity to corporate devices, and increasingly, providing virtual desktop capabilities to employees’ home computers.
Institutions can rely on the digital workspace as part of business continuity strategies. To power their remote workforces with an exceptional digital employee experience. One that ensures access to any app, on any device without compromising security.
Today, institutions are enabling remote workers with flexible device choice and delivering business critical virtual desktops and applications to any corporate-owned or bring-your-own (BYO) device. Already the norm for many, this will be a culturally challenging move for those used to working in offices. But I and others predict, this new way of working may become the future of work.
Anyone interested in learning more about business continuity and the digital workspace might find these resources relevant and helpful:
- [Blog] What to Do If You Suddenly Have to Support 80% of Users Working Remotely
- [Web] Business Continuity Solutions
From a purely human perspective, we are talking with customers about in-branch strategies for sanitization and social distancing, and for call centers and trading floors about using multiple locations while keeping the required auditability and necessary walls.
Q: How is Operational Resilience different from business continuity?
A: Operational resilience has been a trending topic because of increasing cyber threats and high-profile outages. It is regulator-driven, but has been good practice among customers for a long time. Basically, it’s the banks’ responsibility to understand their full end-to-end processes for all critical services. This includes all dependencies on systems and third parties. It tries to identify single points of failure and looks for available mitigations to quickly recover a service, ideally without a customer ever knowing there was an issue.
As banks work through these processes, they have to understand the ramifications of decisions that have been made previously. They have to ensure these are protected and to continuously monitor and remediate for problems. It’s relevant now because our customers are working to understand and upgrade existing services while keeping them running. Going forward this capability is very much aligned to VMware’s zero-trust, intrinsic security model.
Q: As financial services organizations (re)evaluate work from home policies, or enable a new remote workforce, how are they securing endpoints accessing critical information such as customer data?
A: Like other organizations pivoting to new ways of working, banks are looking for more secure solutions, and appreciate the VMware model of intrinsic security where security is built in, not bolted on.
We help ensure the entire protection cycle: harden, prevent, detect, and response for endpoints and workloads spread across the globe. Security operations has direct access to all endpoints to remediate any vulnerability or risky system configuration, in real time. Plus, they gain layered prevention to stop known and unknown malware and never-before-seen attacks with machine learning and behavioral analytics. And cloud-native platforms and single, lightweight agents make it easy to secure endpoints even when both employees and security teams are operating remotely.
There are however some roles that require access to personal customer data, where the risk to data leakage (intentional or by accident) is unacceptable due to reputation risk or rule of law. For these roles, additional physical protection is already in place, such as locking away mobile phones before the shift starts so it will be difficult to make these work from outside of the bank’s offices. Even in times like now, a bank would prefer to give no service, than to knowingly expose customer data.
Q: What about optimizing performance? How are banks making applications work over many more remote connections, especially considering last-mile networking constraints.
A: Quality access from home ISPs is critical for empowering employees to deliver exceptional customer experiences always, but especially now. In rich-bandwidth environments, IT teams have more options for delivery. In other environments, they may need to consider factors impacting network utilization, such as increased number of neighbors at home during working hours and the use of bandwidth-intensive services such as video streaming—all of which can impact the last-mile from cabinet to premises.
As a quick fix, IT may want to deliver a best-practices guide to staff that highlight ideal times of day to connect to services. For example, modern capabilities like video conferencing can reduce feeling isolated so making sure they work when employees need them is critical. Medium to longer term, VMware helps IT solve connectivity issues with solutions such as SD-WAN from VeloCloud that deliver simple, reliable, better secured and optimized access to traditional and cloud applications.
Q: How is IT addressing change to capacity demands?
A: Every CIO knows that a systems change heightens IT failure risk, and this is pretty much true for any type of change. We are fast approaching the need for financial services to either rapidly expand to cloud providers or rebalance existing infrastructure to more predictably handle changing volume patterns.
Digital channels consume more, but different, infrastructure than branch automation and payment systems. As customers less frequently visit branches, the trend shows customers go online more often, especially if they’re nervous about transactions being applied correctly. Once they are comfortable, they still visit digitally more frequently to just check up on things. And this behavior happens pretty much any time of the day and night, with higher numbers of visitors during the working day.
One of the high-value use cases for cloud is elasticity—being able to rapidly deploy and grow workloads in the cloud, which can significantly reduce deployment times. However, this normally requires careful planning. Right now, there is less time for creating a new long-term strategy although we do have a very well-understood set of tasks to quickly and securely achieve this outcome. More immediately, there is also the option to use our VMware vRealize IT management solutions, and even our technical account management (TAM) services to assess existing estates and then using vMotion to move workloads to go between hosts to gain immediate capacity without waiting for hardware.
Q: Can any freed up capacity or cloud elasticity help firms to scale the financial advisors they have working remotely instantly and on demand?
A: Yes, kind of. Here’s why: Deploying VDI solutions definitely has capacity requirements and the steps mentioned can help in some ways. Similarly, cloud partners have great services, although as with all IT projects, deploying anything for the first time will require additional efforts in design and deployment.
Q: Is Tech for Bad really likely?
A: Unfortunately, yes. We are already seeing some cases of criminals targeting vulnerable people with fraudulent campaigns capitalizing on the current emergency. The banks have an obligation to protect customers, and will need to run more fraud detection to defeat the criminals. This is actually an area where we are all looking at how AI and ML technologies can model, predict, and intercept.
Q: What is your opinion about the end-of-cash projections?
A: People have predicted this for many years. And recently, some economies have made the leap to contactless payments and app-based payments, even for tiny purchases.
Now imagine if it’s true that the virus can live for hours on surfaces, that could include money, making it a transmission method. As we travel the world, we find many places that are still cash societies, others prefer cheques (or checks) or cards (swipe, chip, and contactless) and now, we have phones apps. Pundits have been amplifying these predictions, saying maybe this will be that tipping point event. Whether it is or not, this emergency will have consequences for banks, shops, society, and more. There will be a shift that further increases processing requirements, and I’m not sure society is ready for this one.
Q: Any closing thoughts for our financial services customers during these uncertain times?
A: Although I have deliberately steered clear of talking more about features and functions of our large portfolio of solutions, I would like to encourage VMware customers to get in touch, talk with their account teams, look at our website, perhaps even listen to my podcasts, but above all, be open to new ways of solving new, emerging (and even old) challenges now. We are in unprecedented times where the risks we thought were at the limits of plausible have already happened, and the plans we had for the future are needed now. We have assembled some pertinent links below which may be of some help, and please remember we are ready and willing to help. Take care.