Upending traditional ideas about securing financial data brings a wealth of possibility. Bryson Koehler, Chief Technology Officer at Equifax, explains why.
For the sake of making our customers’ lives better, it’s time for financial services to rethink our fears about the cloud and recognize that it may in fact be the safest bet for our data.
getty
When I think of my career journey—and even my upbringing and time as an Eagle Scout—I’ve always had a passion for leaving things better than I found them. This has served me well in my career, but it reached a new poignancy when I joined Equifax after the data breach in 2017. A data breach is an awful event for any organization, not to mention the end users or customers impacted by it. After an event like this, you have to make fundamental changes to be better than any threat. And what we at Equifax discovered is that the cornerstone of this shift is built on the cloud.
Rethinking how the financial services industry sees the cloud
Table of Contents
Far too many in the financial services industry believe that the only way to secure data is to lock it down, and that private, self-controlled servers will protect their data. This is a misconception—especially in complex enterprise IT environments. It is a challenge to drive consistent governance and tooling in these traditional environments, even more so at enterprise scale. The cloud lays the foundation to overcome these challenges and help companies more easily apply new technologies to further enhance security.
Leveraging the cloud and the work done by the large-scale cloud service providers allows IT to build governance into its deployment model, and treat infrastructure and basic services as commodities. Cloud services and storage subsystems are highly observable and enable governance out of the box. At Equifax, our technology and security teams have been able to implement security and governance policies much more rapidly because many of them are built in, not bolted on later. As a result, we are able to provide the business with a state-of-the-art and industry-standard implementation of our security and governance policies.
The cloud makes it easy to provide teams with the tools to provide and monitor access to new environments in a consistent way. This lowers the skills barrier and reduces the overall time needed to develop, test, and deploy new products and features. The repeatability of the cloud allows us to achieve this speed with a consistent implementation of security controls.
We’re continuously deploying new capabilities to the cloud. This not only helps product innovation, but it also helps us drive innovation to continuously enhance security. For example, many IT teams have started using machine learning to automatically detect threats by finding inconsistencies. This means that they are prepared not just for the threats that they know exist, but they have the tools to start combatting new, unknown threats before real damage can be done.
Building a culture that encourages innovation, not ownership
As far as data security is concerned, one of the biggest cultural shifts today is the move away from data silos, changing the concept of “who in the organization possesses the data and where” into “who can build and innovate the next products and solutions.” The cloud’s baked-in separation, governance, and security measures facilitate data access controls for specific individuals in permitted use cases. This allows us to create a singular source of truth with proper controls, so we can enable teams to innovate and enhance outcomes.
Once a decision is made, it’s imperative that everyone gets on the same page.
Financial services as an industry has not always been on the forefront in terms of processes around deploying and managing technology. That applied to Equifax too. We’d bring in new talent to keep up with changing needs. That worked great on the project level, but we needed more uniformity: Teams would run on the processes that they had brought in, and these processes often weren’t compatible across teams.
As CTO, it was my responsibility to bring everyone together into one process, rather than trying to make various ones work together. We’re always open to hearing new ideas and discussing their merits, and we are committed to evolving—but once a decision is made, it’s imperative that everyone gets on the same page. A lack of uniformity can introduce new vulnerabilities and slow productivity, so my job has been made easier by team leads who work with me to evangelize for changes. This combination of modern technology and cultural shifts means we can focus on innovation that serves our customers.
How we can build a stronger industry
We’ve come a long way as a company in the last few years. And, thanks to the cloud, this is just the beginning of what’s possible. For example, the cloud offers the financial services industry the capacity to band together to greatly improve fraud mitigation. Working together to stop fraud benefits the whole industry, enhancing productivity and usefulness.
The cloud has the tools to make that type of data sharing and analysis quicker, easier, and safer, while still providing the inherent, deliberate ability to protect and anonymize the data. The cloud is built for security with the flexibility to change as quickly as the threats. For the sake of making our customers’ lives better, it’s time for financial services to rethink our fears about the cloud and recognize that it may in fact be the safest bet for our data.
Keep reading: Learn more about how financial services organizations are taking advantage of cloud technology.
