Bank Of America is slowly moving into the cloud

Bank Of America is slowly moving into the cloud

Image Credit: Mike Mozart

Just imagine if you were David Rilly, chief technology officer at Bank of America. There you are, in charge of the IT infrastructure for one of the biggest banks around when all of a sudden the IT world starts to undergo yet another one of its transformations. What would you do – stand by and stick with the tried and true solution that you have in place or would you dare to change things up? It turns out that David is willing to make changes, but he’s got to move carefully.

Why Change Now?

Let’s face it, if you were the person with the CIO job at a major American bank, then you would have a lot going on. A modern bank has many different moving parts: commercial banking, loans, investment management, and consumer services. In order to keep everything operating as it should, and to track everything for the regulators, you are going to need to have an extensive IT infrastructure. You didn’t just build this infrastructure overnight, instead you’ve been building it up for years.

What this means is that you are currently sitting on a number of older technologies that are being used to run your business. Yesterday’s client / server infrastructure is what most of your major applications were built to use. What this means for you is that a great number of your IT support staff are spending their time keeping both your hardware and your software versions up-to-date.

If you were to take a look inside the data centers that Bank of America is currently operating, you’d discover that the hardware that they are using has been segmented. Right now hardware is typically allocated for each line of business. This approach has led to a great deal of waste and inefficiency in the data center. The mortgage arm of the bank may only need a lot of processing during the main home buying seasons and that capacity will go unused for the rest of the year.

What Bank of America Wants From The Cloud

Bank of America has been carefully watching what has been going on in the rest of the IT industry. As Facebook and Google have opened up new data centers in order to support their growing need for more and more computing capacity, the bank has studied how they have gone about doing this. What Bank of America really wants is a way to grow their IT infrastructure while at the same time lowering their cost of providing it.

The goal that Bank of America has is to create a shared IT infrastructure for all of its different banking units can use. The thinking is that the shared infrastructure will allow the bank to do more computing using less hardware. Bank of America also thinks that they are going to be able to replace their legacy hardware with cheaper computers that are based on the x86 architecture and which run more modern software. This new architecture will allow the bank to re purpose servers when they turn off an application.

One big issue that Bank of America needs to work out is how they are going to be able to prove to their auditors that they are securely handling sensitive data. In their new architecture their data will no longer be located in one place and will instead be spread out over the entire infrastructure. Another goal that the bank has is to make better use of its staff. They currently use one system administrator to manage roughly 300 servers. They want to become more like Facebook which uses one system administrator to manage 20,000 servers.

What All Of This Means For You

The CIO at Bank of America finds himself in a unique position. He has created an IT infrastructure that is serving the bank well. However, the handwriting is on the wall – the world of IT is changing and if the bank wants to keep up, they are going to have to be willing to make some dramatic changes. The goal is to find ways to allow the bank to do more at a lower cost.

The way that the Bank of America’s data center IT infrastructure is currently designed, hardware is allocated to specific bank functions. This does not allow hardware to be shared between different parts of the bank. The bank wants to create a new shared infrastructure that will allow them to better utilize their hardware. They hope to use new, cheaper hardware that will allow them to replace their legacy systems.

The good news is that the bank is moving in the right direction. It is not going to be an easy task to replace their working IT infrastructure with a brand new shared infrastructure. However, if the bank is willing to invest both the time and the money to do this now, then they will be well prepared for whatever happens in the future.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that Bank of America should switch to a new infrastructure all at once or do it bit by bit?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

One of the most important parts of your job is communicating with the people who are looking to you for guidance. Just exactly how to go about doing this in an effective way is a big challenge that every CIO faces every day. The great thing about living and working in the 21st Century is that we have a number of different ways to accomplish this task: email, phone calls, text messages, and making presentations. Of all of these different techniques, making a presentation is the technique that has been shown to be the most effective.

{ 0 comments }

Windows software can be a gateway for bad people to gain access to your company

Windows software can be a gateway for bad people to gain access to your company
Image Credit: Alexander Popov

How much Microsoft windows software is being used at your company? If you are like most of us, the answer to this question is “a lot”. Microsoft not only does a very good job with most of their software (think Office), but they have also been doing it for a long time – they are a key part of the importance of information technology at most firms. What this means is that over time we’ve all collected a great deal of their software and we’ve built it into our company’s IT infrastructure. However, the bad guys out there know this and they are using Microsoft software to gain access to our company.

What’s Wrong With Microsoft Software?

The first thing that we all have to understand is that Microsoft is everywhere. This is what makes it such an attractive target for hackers. They just keep attacking it over and over. What is starting to be realized by the person with the CIO job and security experts everywhere is that there is a reason for these repeated attacks. There is a fundamental weakness in the architecture of the Windows platform, which seems to make it particularly vulnerable to malware.

The really smart people who have taken a close look at the software that Microsoft has created over the years have made a discovery. What they have learned is that the fundamental weakness in Microsoft software that is attracting the hackers lies in its application programming interfaces (APIs). These are interfaces to pre-existing Microsoft software that lets a developer write an application and then simply make a function call to open a file instead of having to write new code to perform this task. It is also provides the set of tools that lets users take data from an Excel spreadsheet and insert it into a Word document. These Microsoft APIs are everywhere in their software products, operating systems, and tools. They are critical to the functioning of the connected world. The problem that the experts have discovered with the collection of core Microsoft APIs known as Windows API has to do with their age.

It turns out that some of these APIs were created before modern digital security practices were put in place. This makes them particularly vulnerable to abuse in today’s world by hackers. This is not an easy problem to solve. The APIs in Microsoft products are critical to how their software works and critical to the way that our companies use them. The simple solution of just turning them all off is not an option – too many other things would all of a sudden just stop working. The alternative to doing this is that Microsoft keeps issuing one software patch after another, fixing bugs and vulnerabilities as they arise.

Data breeches at Target and Home Depot have all had their origins in flaws in the Microsoft software that these firms were using. What this means for all of us is that we know that we are using insecure software. It’s really not a question of if another security hole in Microsoft software will be found, but rather when it will be found. There is no question that we need to continue to use Microsoft software. It’s too valuable to walk away from and in a number of cases, there is no strong competitor. However, we would be remiss as the person in the CIO position if we didn’t take steps to protect ourselves from threats that we know will be coming.

What Can CIOs Do About Microsoft Software?

The good news here is that we are not alone. Microsoft realizes that they have a problem on their hands and they are actively taking steps to address it. Each time that they release a new version of the Windows operating system they attempt to locate and strengthen APIs that might be used by the bad guys. Microsoft has said that Windows’ security feature will help to protect both your existing and your legacy code. Their spokesman has been quoted as saying “We are strengthening everything from identity and information protection to access control and threat resistance.” In all honesty, the challenges that Microsoft is currently facing are the evolving cybersecurity threats that the entire software industry faces.

Just to understand the scope of the problem that Microsoft is facing, back in 1985 when Microsoft released the first version of Windows, it supported fewer than 450 APIs. As each version of Windows has been released, the number of APIs has grown and so now the number of APIs is in the thousands. Microsoft releases security patches for its software on a regular basis. These are usually to fix a new found vulnerability that exists in the Windows API, which is the company’s core set of application programming interfaces. Microsoft has to be careful to not change or remove APIs that developers have built solutions on. The issue of backwards compatibility becomes a huge security vulnerability …

We have to acknowledge that Microsoft has a rigorous security program that has improved over the years and they recognize the magnitude of the challenge that the company faces. The success of Microsoft means that their platforms are particularly vulnerable to cyberattack because of the sheer number of products that have been created over the decades.

CIOs believe that as long as Microsoft provides the fixes, we will devote administrative hours to patching. We need to conduct regular maintenance windows for the company’s data centers to make sure they get latest patches. We also have to do monthly vulnerability assessments and annual penetration tests to find flaws.

What All Of This Means For You

Let’s face it: a great deal of our company’s application infrastructure has been built on top of Microsoft products. While these are fine products, the simple fact that they are so very popular has attracted the attention of hackers. Each Microsoft product has a large number of APIs and this is where the bad guys attack.

One of the challenges that the Microsoft products are facing is that much of this code was developed a long time ago. That means that many of the secure coding standards that we now use were not implemented and this ends up leaving a door open for attackers. Microsoft is aware of the problem and they are constantly releasing updated versions of their products. As CIOs we need to make sure that we quickly deploy security patches as they arrive.

The battle to secure our company will never be over. Microsoft enables us as CIOs to deliver the applications that the rest of the company needs in order to accomplish their work. We need to make sure that we keep a constant eye open for problems that using popular software can cause for us. You would think that some day all of the APIs will eventually be fixed and we can move on to dealing with other issues.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Because of the attacks on their software, should you stop buying Microsoft software?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Just imagine if you were David Rilly, chief technology officer at Bank of America. There you are, in charge of the IT infrastructure for one of the biggest banks around when all of a sudden the IT world starts to undergo yet another one of its transformations. What would you do – stand by and stick with the tried and true solution that you have in place or would you dare to change things up? It turns out that David is willing to make changes, but he’s got to move carefully.

{ 0 comments }

Does Your Company Need A Chief Safety Officer?

January 27, 2016

As more and more companies create online communities for our customers to interact with us and each other in, CIOs are starting to see a need for a new type of employee. In any online community, there are a lot of things that can happen. I can’t quite explain why some people behave like they […]

Read the full article →

How A Gold Mine CIO Is Preparing For The Internet Of Things

January 20, 2016

As the person with the CIO job, you have a challenging job. It is your responsibility to understand that importance of information technology and to keep watch over your IT department as it works to service the rest of the company. If there is an issue, then you deal with it. You visit the people […]

Read the full article →

Finding The Time To Be Strategic

January 13, 2016

Pick up any IT trade journal and you’ll probably find an article that is telling CIOs that because of the importance of information technology they need to get a seat at the company’s planning table. In order to do this, they need to become more strategic. I think that we can all agree with this […]

Read the full article →

What CIOs Need To Know About Software Defined Networking

January 6, 2016

Guess what CIO: there is a revolution that is just starting in the world of computer networking. Sure, you know about the importance of information technology but are you going to be ready for this? For the longest time, we’ve all been building our networks in pretty much the same way: we go to a […]

Read the full article →

Do We Really Need To Encrypt Our Customer Data?

December 16, 2015

Guess what: there’s been another hacker break in. This time it happened at the big U.S. healthcare provider Anthem. Nobody’s quite sure how big of a breech it was, but initial guesses are saying that tens of millions of customer records may have been copied by hackers. What makes this break-in even worse is that […]

Read the full article →

What 3 Questions Should CIOs Be Asking?

December 9, 2015

As a CIO we are always searching for ways that we can better communicate the importance of information technology in order to improve ourselves, our IT shop, and, of course, our company. Exactly how go about doing this is one of life’s greatest mysteries. It turns out that each and every one of us has […]

Read the full article →

The HSBC CIO And The Money Laundering Problem

December 2, 2015

The person with the CIO job has a lot to do in the best of circumstances. When your company has been accused of aiding in aiding in the laundering of US$881M and has had to pay a US$1.9B fine, things just got a whole lot tougher and the importance of information technology doesn’t matter as […]

Read the full article →

Is Embedding IT Staff The New Way For CIO’s To Organize IT?

November 18, 2015

The person with the CIO job understands that the because of the importance of information technology, the role of the IT department is to support the rest of the company. The challenge for the longest time has been how exactly to go about doing this. Over the past few years, the interactions between the IT […]

Read the full article →