Warren Cammack

On Friday ITNews sponsored an event that was aimed at executives in the banking and finance sector who were developing strategies around lowering costs using cloud computing and managing the introduction of employee-owned (BYO) devices.

Michael Harte (CIO, Commonwealth Bank of Australia) opened up his talk by calling out IT as providing competitive advantage and being a key differentiator particularly for financial services organisations. This is made even more important by the cliche that is the growing consumerisation of IT (he went on to apologise for the use of the phrase saying the only good “isation” is immunisation) which is driving two key demands – mobility and personalization. Looking outside of the immediate financial services players to Google and Apple it is the case that they operate at much lower costs than that of the Banks. They also have the clear advantage of access to and better analysis then utilization of customer data and technology to create better personalized and mobile experiences. These companies are leaner and not subject to the burden of legacy that financial institutions carry, as such they’re a competitive threat that will move quicker than the incumbents unless Banks accelerate their uptake of cloud services.

When cloud was re-envisaged four years ago the goal was to enable instant switching between providers and turn key provision of services enabling true contestability. Not much has changed in that time and unfortunately there are still very few suppliers set up to provide services in a way that organisations can consume them in line with the vision. IT must continue to drive the model and create more value in the organisation by enabling capital to be allocated more effectively through the use of cloud services. The Enterprise Cloud Leadership Council (ECLC) was setup in order to drive the buy side by establishing frameworks to standardize the way that oragnisations consume the services in order to create a market for providers. CBA has cut it’s storage costs by 40% by creating contestability among providers however there is still a long way to go in order to truly realise the potential of what is possible.

A key concern in particular for financial services organisations is that of data privacy – we have seen the issues around how Facebook, Google and others do this and specific incidents that impacted Sony and Path.
As a result the trust level of these organisations has been greatly reduced and Banks simply cannot afford to wear the risk of this happening to them. This is amplified by the growing realisation that data is the greatest asset a company can have, Michael used the phrase “Data is the new oil of the asset economy” which is very apt. Data and specifically the ability to derive insight from it enables greater understanding of your customers.

On the topic of Bring Your Own Device (BYOD) Michael made reference to the need for increased trust between employers and employees. This is the only way that the argument of convenience versus security will be resolved. If trust cannot be created with your current workforce then focus on recruiting people who have these skills.

David Pegrem (Head of IT Risk, Australian Prudential Regulation Authority) talked about how APRA is working towards standardising the regulations for both ADIs (Authorised Deposit-taking Institutions) and Insurance companies. He indicated that they are expecting to obtain power to regulate superannuation funds and would combine the rules for them as well. The reason for doing so is not one of work for work’s sake but rather to standardise across a number of industries to make activities such as outsourcing much easier. John Laker, CEO of APRA recently addressed the senate stating that boards and CEOs are under immense pressure to create greater ROI for shareholders and are doing so by taking greater risks around lowering costs. Whilst we have not seen a huge amount of risk taking in Australia it’s easy to see how without regulators working closely with organisations this could happen.

David also passed comment on the changes in reporting structures with several CIOs now reporting to COOs – he was however closed in terms of voicing an opinion on what this would mean for Cloud uptake. He did however call out the fact that there were somme significant outages in 2011 but said that a reason could not be derived from drawing a line across all industries. The common factor across all of the major incidents and something that is increasing pressure on organisations is the fact that they no longer have 24 hours + to resolve incidents. This is primarily due to the widespread use of platforms such as Twitter and the viral nature in which they spread news. Along with an ever increasing customer expectation of always on services means that any incident which impacts customers is a sev 1.

David and Michael then took questions from the MC and the audience. Michael stated that people should expect the financial services system to be like electricity – it just works. The incidents are something that every financial institution wants to avoid particularly when Banks don’t really make any money from the majority of transactions – they are simply the glue that enables financial products to operate. Organisations that have moved to real time settlement provide greater visibility of their business in addition to enabling their customers to have greater insight into how they themselves are going. David responded to a question on how APRA could punish banks if there are issues created from moving to the cloud by stating that they have worked closely with all of the Banks to ascertain the level of confidence and pro actively advise rather than punish. He conceded that if it ever came to it then APRA could increase the amount of capital that a financial institution would need to hold to cover any risk. Michael backed David by commenting that APRA had never stood in the way of CBA moving to the cloud. CBA already have a risk based approach to the introduction of new technology and as such they can be pragmatic. He went on to say that the real talent in IT is an ability to ensure that capital is allocated in the most effective way. Banks should be aiming to have better sales ability than Amazon and better analytics capabilities than Google however this is only possible through effective investment.

David was asked a great question about the powers that APRA have over Google Wallet and this sort of emerging service offering. David confirmed that they have no powers as Google is an overseas organisation. They do however have a specialist payment providers license of which only two have been issued – one of them to Paypal, I wonder who there other is? He said that organizations need to be of a certain size in the Australian market before it is worth them obtaining one. The license holder would need to meet specific capital requirements and be regulated in the same way as any domestic financial services organisation. A follow up question on whether this created an unfair playing field was directed to Michael. He said that this wasn’t the case – Australia is the best place to be to provide financial services at this point in time. We are ahead of the curve in terms of Basel 2/3 etc and regularly test scenarios to understand the resilience of the domestic banking system.
The fact that a number of Australian banks are in the top 10 globally reaffirms that we are a strong.

Michael steered the discussion towards businesses that provide information free of charge asking how this will affect financial services. The service provider who created the most convenient way of utilising services whilst maintaining privacy will win in the end. Michael pointed to the Electronic Frontier Foundation (EFF – https://www.eff.org/) and others who already thinking through problems of privacy in the digital age. Google and Apple are taking a more commercial path and thinking about how to share the data they have with other companies.

Robin Simpson (Executive Partner, Gartner) presented an insightful view on Bring Your Own Device (BYOD) leveraging a lot of the research that he had undertaken over the last few years. Back in 2011 Gartner predicted that by 2013 80% of businesses will support a workforce using tablets. Is this going to be the case? He’s not sure but it’s certainly looking that way and if they don’t then there will be a huge unmet demand from the workforce. Why are end users so interested in their mobile devices? He provided three main reasons:

Availability
Impromptu information needs
Demand for instant information availability
Collaboration assumed in both work and social activities

Accessibility
Instant on
Long battery life
Device must be ready when the user is

Convenience
Quickly usable by inspection and exploration
Expectation that tools will just work

The notion of a learning curve is dead, you can give an iPad to a 2 year old (or a board member) and in about two minutes they will know how to use it. The idea of putting someone on a course for a day to understand an operating system or an application is dead. This year more than 200 new tablets and more than 250 new smartphones will be announced globally, no platform or forms factor will win, many will however coexist. The only thing that will win is consumerisation as customers and employees alike will demand that your services will work with whatever they use.

Why plan a Byod Program?
Many people have better equipment that is more powerful than what is available at work
Maintain an attractive work environment for hiring
Increasingly using contractors etc where it is a hassle to provision short term laptops etc. The whole reason for using contractors is to save money
Can also shift cost to the users – not necessarily the case for hardware though, may be the same cost when considered in terms of TCO. A Clearer model is where someone is supplied with a blackberry and they go and buy their own iPhone anyway, user can happily provide the device and pay for it anyway.
What are the licensing implications though? What about covering virtual device access licenses? And most importantly – “Who pays for the apps?”

Ross Windsor (Chief Architect, Suncorp) was up last and discussed some of the progress that Suncorp has made in the areas of Cloud and BYOD. He talked about their ability to provision servers on demand and their flexible Citrix solution that allows staff to access their SOE on any device. Of particular note was how, when Brisbane CBD was closed down during last year’s floods Suncorp staff were sent home to work from there. They were able to access all of the systems and applications that they could from within the offices. This enabled the Bank’s executive team to understand just how powerful the technology is. He went further into the challenges of security in such an environment and emphasised the need to use a segmentation gateway approach leveraging next generation firewalls. This relegates any risks around the medium used to connect to the network. Finally he called out the detail that is the OH&S requirements for staff using their own devices – according to legislation staff cannot be allowed to work on a mobile device for more than 2 hours unless there is an appropriate keyboard and monitor supplied.

Robin and Ross then had a quick Q&A – the notable callouts were a discussion on what would happen if employees were given a stipend to buy their own machine and they then lost or broke it. In the US a stipend for this purpose is very common however Australian tax laws reduce the value to both the employer and employee through Fringe Benefit Tax (FBT). It would also be ludicrous for an employee to turn up to work without his/her laptop and expect to be able to work. Because of this Ross believes that Suncorp forsee a future of always having to supply a device to their employees. Robin however thought that employees need to take more responsibility and should tax laws change then we should expect a scenario where every employee brings his/her own tools in the same way that a plumber brings their own tools today.

For further details you can check out the website http://summit.itnews.com.au/sydney or search for the following hashtag on Twitter #financeit