At The Water's Edge: De-Risking Data Center Operations
bankingciooutlook

At the Water's Edge: De-risking Data Center Operations

By Stacey Goodman, EVP & CIO, CIT [NYSE:CIT]

Stacey Goodman, EVP & CIO, CIT [NYSE:CIT]

Inertia is a powerful force, but it has nothing on Mother Nature.

A few years ago, a series of powerful storms demonstrated the potential impact of disruptions at CIT’s office building in suburban Livingston, New Jersey. This office housed hundreds of employees, as well as the company’s primary data center. The Livingston technology hub was critical to CIT’s operations. When I joined the company in the aftermath of one of these episodes, it was evident that the response plan we had in place worked, but it wasn’t state of the art and didn’t address many of CIT’s goals. There was an opportunity to strengthen our data center platform and develop a strategy to provide more reliable and cost-effective support to our partners in the business.

"Often, a fresh pair of eyes can bring a new perspective and challenge traditional problem solving approaches"

The business case for making substantive and transformational changes to our IT infrastructure had received a jolt as a result of these storms. CIT, like many financial services companies, had seen its reliance on data infrastructure increase in recent years, owing to the digitalization of commerce and stricter requirements for protecting customer information. The legacy environment we had in place was still meeting our basic needs. At the same time, our IT team was already working at full capacity to manage their day-to-day responsibilities. Taking the time to develop and implement a business case for changing our data center strategy would be a significant commitment.

The change in the data center strategy was a starting point for a larger discussion about enhancing our technology platform to support CIT’s business objectives. In order to do this, we needed to reduce our cost base, have a more current architecture with better resiliency and be more nimble so we could easily meet emerging business demands without worrying about capacity or resource constraints.

After careful planning, we embarked on a migration of our data centers. When this process is complete, CIT’s data needs will be met by two co-located sites that are more than 250 miles apart and managed by two separate third-party providers. These providers will support our technology goals at a fraction of the cost that we would have spent had we kept our data infrastructure in-house. This solution also strengthens our defenses against all manner of disruptions.

Throughout the migration process, five principles have dictated our data center strategy:

1—Get Out of the Real Estate Business

A big part of our business case for moving to a co-location model revolved around the costs we were absorbing by owning and managing our own data center. In addition to rent, data center ownership entailed managing the facility and facility related investments, ensuring we had the staff to keep the servers up and running day and night, and maintaining physical security and controls. Data centers are huge fixed costs with a long tail; it’s more effective to deploy your resources where they can better provide business value.

Just as CIT didn’t want to be in the real estate business, we also didn’t want to be in the IT equipment integration business. The industry is offering integrated solutions (converged and hyper-converged solutions) that allow us to redeploy resources toward our automation efforts.

2—Head to the Cloud, but Keep it Private

Cloud offers us true market pricing at competitive rates and elastic compute in order to flex with the demand of the business. Of course, being in a heavily regulated industry, such as financial services, means strict policies and security around our sensitive information. While a litany of providers are rolling out attractive services on public clouds, we felt building a private cloud environment was safer and would enable us to move to a hybrid/public environment in the future. Over time, as the industry remedies liability issues related to information breaches, we may become more comfortable with public or hybrid clouds. Indeed, some banks are heading to public clouds to take bigger bites out of their technology budgets. But at this stage, we felt the tradeoffs between cost and security pointed to a private cloud solution for us.

3—Engage Multiple Providers

When we conducted our due diligence for service providers, we identified a global partner with offerings that suited our needs. But we didn’t stop there. Why? Because we felt that having two providers would give us additional flexibility. Diversity was important to us because we aren’t large enough from an IT standpoint to create significant leverage at the negotiating table. Having two providers grants us the ability to expand our contract with either or both providers depending on how they respond to our growing needs. Tomorrow, if CIT decides to expand its presence in a certain geographic area, we can go to both providers and ask what services they provide in that region. It also protects us in the event one provider exits the market.

4—Embrace New Perspectives

In CIT’s case, it wasn’t just the storms that enabled transformational change—it was also the fact that we made a commitment as a team not to be locked into a particular way of doing things. Often, a fresh pair of eyes can bring a new perspective and challenge traditional problem-solving approaches. We brought in some experienced resources familiar with other models for managing data centers which helped the team consider alternatives to our previous approach.

Sometimes, just asking about how current practices evolved can lead to revealing answers that explain the status quo—and help upend it. These kinds of conversations are tougher to have at larger companies that already made significant technology investments, but even at big organizations, they can inspire incremental changes that eventually add up.

5—Ensure Strong IT Governance and Business Alignment

I was fortunate that CIT already had a well developed governance structure, with strong engagement at the top of the organization and across the enterprise. Involving a wide range of people from across your business units in IT decisions and programs not only helps a CIO to mitigate risks, but also to anticipate problems before they surface. Migrating from an ownership to a colocation model had its risks, but the transition was made seamless through the steady involvement of the company’s senior executives across a multitude of functions, as well as a dedicated steering committee.

Of course, every business is different, and banks come in all sizes. I’ve worked for big and small companies with different needs and favored solutions. You have to figure out what’s right for your organization, and that requires careful analysis and planning. Execution is key. However, you don’t want to get to the end of an implementation and find yourself with a low-cost, inefficient data center that simply doesn’t suit your business’s needs. In the end, having an effective data center solution isn’t the primary objective of your company—rather, it’s a tool to help your company achieve and exceed its business goals.

Top 10 Risk and Compliance Solution Providers 2016

Risk and compliance Special

  S&P Global Market Intelligence: Unrivalled Insights Into Risk Management