Republic Bank Discusses SD-WAN, Equipment Life Cycle Management and Cybersecurity - ComSpark Podcast
Sean O'Mahoney - Louisville Tech Power Player Honoree
SVP and Managing Director of Technology Services
Republic Bank and Trust Company
Founder and Director
To listen to the podcast, click here!
SVP and Managing Director of Technology Services for Republic Bank, Sean O'Mahoney, discusses SD-WAN, equipment life cycle management and cybersecurity.
Hello, and welcome to the comSpark podcast, where you will get to meet today's technology thought leaders. To learn more, visit comspark.tech.
LF: We're here today with Sean O'Mahoney, Senior Vice President and Managing Director of Technology Services at Republic Bank and Trust Company. It's an organization based here in Louisville with over 1,100 employees. Sean, thanks for being on the podcast today.
SO: Oh, thank you. Thank you for having me.
LF: Awesome. Sean, in your opinion, what is one of the most exciting disruptive technologies that has been, uh, that is beginning to impact our work or lives?
SO: So, there's plenty of answers to that. Uh, you know, the first thing that pops to mind for me is, um, consumerization – the consumerization of technology. And it sounds kind of cliché to say, and by that I don't mean, um, people trying to use iPhones for, uh, to do their work. Um, for us, uh, the, and for me, especially the…what I'm referring to about consumerization is more about the way that people interact with technology. Um, they, uh- a lot around interface design, uh, and that type of stuff, you know. Our, our associates, our employees, our users expect their interaction with technology to be as easy, as straightforward, as intuitive as possible, and that is not necessarily the way that corporate type apps have been designed. Um, business apps. Um, user facing, customer facing apps – a company spends lots and lots of time, uh, on interface design specifically.
Um, and I don't want to short change, you know, the, the companies that, that, uh, the organizations that sell applications and services and platforms to businesses as well because they spend plenty of time on interface design, the way that users interact with apps and so on and so forth. Some do it better than others, but the, the ‘make it simple,’ ‘make it easy,’ ‘make it intuitive’ type thought process is, is deriving a, a huge change in the way that we, the, business community, business users use business apps. Um, you know, the, there's very little that you run into in the business world that's not complex in some way or shape or form. And, um, the- trying to make the complex easy and intuitive and attractive for users is a difficult thing. And it's something that, um, application designers have struggled with for quite some time.
So, um, you know, we- that, that's driving a lot of the apps – when we look at different applications to answer problems, uh, provide services for the bank – that drives a lot of our thought process. Um, and it drives a lot of our internal work, you know? Trying to help our users remain secure, keep their, their credentials secure, not give their credentials out to a website that's masquerading as some application that we use, is hideously important. Um, and so we spend a lot of time, a lot of cycles, a lot of engineering time, development time, uh, integration time, trying to make user authentication – something as simple, as straightforward as user authentication – um, as a seamless, as frictionless as possible, um, so that the users understand what they are providing their credentials for, um, and so, so that they don't have 15 sets of user credentials, 15 usernames and passwords for 15 different applications.
So, um, that, that's, uh, has, has helped us make our world better, has helped us make the, the, our users experience better. Um, but has, is, has been disruptive over the last several years.
LS: Okay. We all want to know, tell us about your home network.
SO: Okay. Um, we, uh, I use, uh, I happen to use some equipment from Meraki, a company that Cisco bought several years ago. Um, the, the typical use case from Meraki is not the home user, right? It's business user, but Meraki has a great promotion where when you attend a, a, um, a Meraki Webinar, they, they send you a free Meraki access point. And over time, you know, uh, I went to a few different Meraki events and stuff like that and ended up with a, an access point and a firewall. And, so I ended up using that at home because, uh, uh, you know, I got them free and it's a subscription-based service for the management and stuff.
But, um, and that kind of came along with the giveaway, but it works out really well for me. Um, and uh, interestingly enough, it gives me a lot of the tools that I have at work to monitor internet traffic control, internet traffic control, malware, that, watch for malware, that type of stuff. It gives me a lot of those tools at home without having to roll my own at home. Which, you know, by the time I get home at the end of the day. I'm not really interested in, in, um, spending a lot of time managing my home network and my home firewall as well so that my kids can get to Netflix and stuff. So, uh, that has worked out well for me.
LF: SD-WAN – is, is that for everyone?
SO: That's a great question. Uh, I know that there's plenty of SD-WAN vendors who would love me to for me to say “Yes, absolutely. It's for everyone.” I don't know that that's necessarily the answer for every organization. We have recently, Republic has recently begun using an SD-WAN product, uh, and it is working very well for us. Um, the, you know, one of the things that's interesting about the SD-WAN product and world in general is, um, the, the SD-WAN vendors would, would have you believe that you can…well, I don't want to put words in their mouth, but the, kind of the prevailing wisdom would say that you put this magic box at a WAN site and connect it up to a couple of internet connections and ‘wham bam,’ you know, everything, you have really nice cheap, dependable WAN. And to some extent, that, that is, in fact, true.
But the, that's definitely a place where details matter. Um, and the, uh, the performance of those connections, um, can catch you in odd, unexpected ways. We use SD-WAN and um, we, uh, we have, uh, a normal MPLS connection at each one of our banking centers as well as a, uh, an internet connection from the local broadband internet provider. In a lot of our markets it's Spectrum, but not in every market. And, uh, in some cases it's cable modem, and in some cases it's a business-class, a fiber-based Internet connection. In locations where we have fiber, everything generally works really well. You know, in the locations where we had broadband, everything works very well with a few notable exceptions.
Um, the, the, when we, when we try, you know, when, when the people at that banking center are browsing our intranet, then that's great. You know, the internet connections at the banking centers, run at internet speed and that's fine. Um, for some of our applications? Also works great. But as soon as we try to make a voice call across that, uh, sometimes we run into problems – not because the broadband connections at the banking centers are low quality, uh, but because their latency is higher than we would ordinarily expect across MPLS or across, uh, business-class internet connections and in some cases even across the business guys, internet connections. And, uh, latency in a voice call, um, causes problems. So, uh, the, you know, circling back around – the details matter when we're talking about SD-WAN and what we're doing with that matters, because it's not a panacea. Um, at least not yet.
Um, not because the products are terrible. Um, everybody seems to have pretty competitive products. They're all competing with each other. So, I mean, they all have the same marks to hit. But the connectivity, um, you know, part of the, the financial use case, the financial model for SD-WAN is, “Hey, replace high cost, low bandwidth MPLS connections or WAN connections with these awesome, low cost broadband internet connections!” Um, and that works to a point. But you, you, you know, in order to run a business across that we have to, we still have to have reliability. Um, and we still have to have, uh, performance for the use cases that we are specifically using. And, so the details matter in those cases.
LF: Can you tell us about your equipment lifecycle management plan?
SO: We, you know, I've been at the bank for a little over 10 years and when I came to the bank, I was, I was fortunate that they had, um – within a couple of years before I got there, they realized that they had fallen prey to, um, the, uh, the mindset of, “Well, you know, the equipment's still working. Why would we replace it?” And, uh, so by the time I got to the bank, they had begun to adopt a fairly strict, fairly rigid lifecycle, uh, for equipment. Uh, and we have continued that and it has, it has, there's no question – it has benefited the bank from a stability and reliability standpoint.
We typically, um, our life cycles are typically three years for servers and workstations, uh, and five years for infrastructure type equipment – routers, firewalls, switches, so on and so forth. Um, and, uh, we're, you know, over the last couple years we've, uh, we've been able to stretch – because of the increase in computing power, um, uh, because of the technologies we've adopted like virtualization – um, we have, uh, started to stretch server lifetimes more towards four years. Um, but we're keeping in mind that as far as the business was concerned, we, you know, we target three years for replacement of server equipment and we depreciated as such. We do treat, treat it for an accounting that way.
Um, and that has made a huge difference in the stability of the bank's equipment, the stability of the services that we provide (really more importantly), um, and has really stood us well, even though, at the end of three years, at the end of three and a half years, we're, we're pulling out desktops and servers that are not end of life, still supported and still functional, uh, equipment. Uh, but that's what it, fortunately for us as, as technology guys, that's the, the thought process, the mindset that the business has gone forward with and it, it stood us in good stead with the business and with, uh, technology because we're able to keep up with the pace of technology. We're able to keep up with performance. Um, and we, we have relatively…I mean, knock on wood, but we have relatively few equipment failures because we're able to keep all of our gear fairly current.
You know, the other thing – interesting side benefit – it also helps us with asset inventory. When we're changing equipment over, uh, at a fairly controlled and fairly aggressive pace like that, it becomes fairly obvious when an old piece of equipment is sitting around, um, because we've been looking at it for several years or, or, you know – it gets dusty or more just looks, looks old. And so, you know, if we're walking through a banking center, walking through, um, a floor and see something like that, you know, I can point it out and say what, what's, uh, what's the story with that over there? Um, and fortunately it doesn't happen very often, but you know, the pace with which we turn equipment over, uh, helps us avoid having stuff that's seven, eight, nine years, 10 years old, sitting around, still connected, still in the network. Um, because those, especially in this day and age, those become, uh, not only become risks to our stability, they become risks to our security posture.
LF: There is so much news these days around companies being hacked and critical data being stolen. I think that's a good lead off from where we just were. So, how worried should we really be?
SO: Everything in moderation, right? Uh, we, um, it is necessary to be vigilant, right? Um, uh, but at the same time we- it's damaging to us as humans, to our ability to work, to our ability to do business, to just be completely paranoid about security. So, um, so we pay people to do that. We, um, so I, I think it's worth doing the best that we can. Um, you know, as I was thinking about questions that you might ask, uh, on the way over here, I was thinking about the- our biggest vulnerability, right? I get asked that quite a bit. What's, what's the biggest security vulnerability?
I think a lot of technology people would probably have the same answer, which is our users. Um, or maybe not, I don't know. Non-technology people – that surprises them a lot for some reason. I don't know why. Our biggest vulnerability, our biggest security problem is not, in many cases, the technology or connectivity, it's users. Because, you know, users, for all the things that we love about them and everything that they do that we enjoy, they do dumb stuff. And I choose to believe that the vast majority of the time, it's by mistake, not on purpose. Um, but it-
LF: Like sharing account numbers and stuff like that? Over email?
SO: Right! We’ve been fortunate. We've been very fortunate not to have any significant breaches or anything like that at the bank – since I've been there anyway – but that does happen. And it's unfortunate and everybody usually feels bad about it.
So, a lot of the, you know, one of the things we were talking about earlier is, uh, disruptive consumerization of technology and how much time we, we work on, um, interface design and, and the, the interaction between the user and application. One of the things that we strive to do every day is configure our systems, adopt systems that help us to help the users help themselves. If we can avoid giving the user an opportunity to send a big list of social security numbers somewhere over email or accidentally copy and paste that into a webpage, then that's great, because, uh, that's, that's the gift that keeps on giving. And you know, it, uh, it helps us prevent, uh, it helps us stay out of the newspapers for the wrong reasons, um, uh, without us having to actively watch and do something to, to accomplish that every day.
Um, so you know, it's uh, it's not that hacking malware, um, malicious activity is not going to get better. Um, it will continue to increase in volume and we will continue to spend stupendous amounts of money trying to keep everybody safe – um, both our internal associates as well as our clients. You know, we absolutely- it surprises me sometimes the things that our, um, our fraud department knows about what our users do and what, how, how we are being, um, targeted and assessed by, um, criminal activity, criminal organizations. We spend, uh – as a financial institution, you know, I think you would expect that (or hopefully you would) or at least trust that we are, we spend a, an inordinate amount of time and money trying to, uh, do the things that we – we try to be responsible to do the things that we, um, feel like we need to do to keep our users safe, to keep our clients and their information safe. Um, it, it is, you know, malicious activity is something to be concerned about. But, um, we- there's entire industries have of people trying to help answer those questions.
LF: Awesome. Well, it looks like you're spending a lot of time and resources and protecting the interests of your customers, uh, at Republic Bank. And uh, Sean, I just want to thank you for your time. This is Les Fultz, and I'm with Sean O’Mahoney with Republic Bank and Trust Company. To learn more about us, visit comspark.tech and goodbye, until next time.
To learn more about sponsorship opportunities for 2019, contact Michelle Ziegler at firstname.lastname@example.org