ZDNet Australia meets with Michael Harte, CIO of the Commonwealth Bank to find out his views on security and sourcing (both out- and open-).
ZDNet Australia: Welcome to the CIO Vision Series, where we have with us as our guest Michael Harte of Commonwealth Bank. Thank you Michael, for joining us today.
What technologies are you particularly excited about?
Harte: We're a very diversified financial services group, and we cover the gamut of asset management, brokerage, retail and financial in terms of retail banking, and business and institutional banking. In common, across all of those, there are technologies that increase the interaction between us and the customers, whether those customers are retail customers or institutional customers.
And in those interactions, more insight is generated, so we can up-sell and cross-sell and develop new products and services for those customers so that we can be increasingly relevant in their financial lives and ensure that we are the place of choice for their banking, insurance, asset management, and brokerage needs.
What areas of investment are you looking at?
Harte: The main areas of investment are online technologies and data analysis capabilities. As business models change, as customers' needs become more sophisticated, we're finding that the technologies that make our logic and our data more accessible and more granular have greater value. They have greater value for the business and greater value for our relevance with the customer.
Can you give me any specific examples of technologies you've invested in?
Harte: It's common knowledge that the Commonwealth and Colonial Group has invested significant amounts in the last few years to create CommSee, which is a customer support capability that aggregates all the information and relationship details about the customer for a branch teller, for a service centre representative.
So increasingly we want to make that convenience and utility available to the customer directly so they can self-serve more, or give that access, utility and convenience to a third-party financial planner who can help one of our customers with their needs.
So there's a combination of presentation tools, workflow tools, analytical algorithms, and the database tool. Many of those we'll buy off-the-shelf solutions, and the work for the IT team is really about integrating those and making them more sensible and relevant for customers.
What was your budget for 2007, and how is that expected to change?
Harte: We're always forced to do more with less. That's the natural law of economics for IT. We've, in fact, got more. But we're only able to grow as our corporation grows. The expense line always stays in relation to the revenue line. We're, like most IT organisations, striving to be more efficient as a key priority.
So where last year we were at about 19 percent of total expenses, we're actually aiming to be around 17 percent and eventually closer to 15 percent of total expenses. This would put us in the top quarter in terms of efficient spenders -- or efficient performers -- in IT. And we don't just do that through belt-tightening and shutting off projects. We actually look at taking the top-line cost out of IT operations, and look to free up much of that cash to put into value-adding projects.
We've stated publicly that our IT organisation looks to save around 10 percent of its IT expenses every year. We've gone after AU$100 million last year, and we'll do that in the '08 financial year. That's really our way of showing the business that we can be cost effective.
Looking over the past year, is there a specific project that you can point to that's resulted in significant savings?
Harte: There're several. The main area we have been focusing on is demand-driven consumption. And that's everything from the issuance and usage of communication tools and personal communication tools, whether they are PDAs or laptops. We want those tools to be of productive use. That also includes peripherals, around printers and faxes and other device issuance and consumption. And that really leads to good practice.
But where we get the massive cost savings is in fact more efficient use of storage technologies. We've moved to storage area networks and other storage capabilities such as providing new fabric, providing new mainframe backup, and new distributed server or mid-tier server storage capability. And it's in better and more rational management of those storage resources that has taken an enormous bite out of expenses.
Better educating users on the consumption around storage, around messaging, and around processing cycles so that we can in fact bring down the cost per unit and better manage demand.
Security issues are obviously a big concern to your business. What percentage of your budget would be directed towards security?
Harte: Security is now a pervasive issue, and the risks associated with digital and information security are pretty well popularised. We have internal fraud issues. We have external fraud issues. We have cyber-threats and the type, vector, or intensity of those threats changes every day.
We would invest somewhere around 10 percent of our total expenditure. That includes providing the hardware and software and the human resources for proactively monitoring, proactively detecting, and then taking some or other action in the event we find fraudulent or other types of security threats.
The main efforts are around controls at the perimeter. And we work with other financial institutions -- we work with the ISPs and other broader agencies and technology providers to help us protect the perimeter. And then as we go through into authorisation and authentication and provisioning capabilities -- we have layers of protections within the firewall.
And so there are several layers, if you like, of investment and of intense security monitoring and scrutiny.
Harte: I think it's fair to say that consumers are still reluctant to engage in as much online activity as they might. With the appropriate protections and the appropriate controls, online transactions can be very safe.
And so what we have to do is provide awareness and help, and in some cases the tools for our consumers to protect themselves at home or when they're on the road, and want to enjoy the convenience of online banking or some other transaction, be it brokerage or asset management or insurance. And do that in the knowledge there is a safe and sound set of protections around them.
But in some cases that will depend on their own configuration of their own device at home or on the road. And they'll have to make sure they've put in place good antivirus protection, good anti-spam to prevent phishing attacks or prevent other untoward intrusions into their home or mobile device.
Tell me more about how you work with other institutions. How does that work?
Harte: There are banks and non-banks; there are government and non-government agencies -- all of whom are in our network. The strength of any one node or agent is dependent upon their ability to collaborate. And that's the strength of a robust and self-healing network.
Our collaborating banks may in fact be competitors from a market and service point of view, but we're all trying to protect one and another from external threats. And so whilst we'll independently be in touch with the government agencies here and other parts of the worlds and we'll work with private agencies as well as private software providers, when we confront an attack and find out where it is coming from, we'll obviously inform the authorities and inform our colleagues in other financial insinuations. All to let them know so they're not affected by some type of virus or worm or threat that's trying to penetrate our firewall.
You once said that there are a lot of Web technologies that are alluring but are difficult to work into your Web operations. How do you feel about that now?
Harte: Part of being an online institution means that we have content, and we have to compete for the eyeballs and attention of our customers. Part of being alluring is that we have relevant content and associate ourselves to exciting related content so that our Web sites are places where people not only come to do business, but also come to find out information. And perhaps they are then able to get linkages to things that they're interested in or become part of a broader network, or a community, online.
How is that affecting what you do online?
Harte: We have two things. We have one significant online program at work, and there'll be tens of millions of dollars invested this year in making our sites more coherent, more convenient, easier to interact with, and we'll be able provide more content to our customers.
Especially in the local business banking area, we have adopted the online community aspect to offer small to medium local business the ability to come in and talk to one and another and share insights on what it's like to run businesses. We'll create places where they can go to get resources on how to do certain things -- places where they might want to find people who are available on the job market, where they might want to find suppliers for their businesses.
So we're creating a networked environment which customers can use to get advice or to transact, but they're also able to talk to other like-minded people, or people confronting similar business situations.
What about outsourcing?
Harte: Commonwealth Bank -- in 1997 -- lead the world bravely in the largest outsourcing of it's type. It was a 10-year, $5 billion deal with EDS. And that was state of the art at that time. And now as we've seen different generations of outsourcing contracts come to life and new participants in that market, we've got different options and more flexibility to enter into new arrangements.
And so over the last year or so, we've been opening up that master agreement and we've been breaking it down into more relevant business chunks. In fact, we turned over the requirements and governance of those arrangements to bring about business outcomes and have specific measures that are related to business goals.
We've opened up storage. We've opened mainframe and distributed computing. We've opened up the service desk and the desktop components, and opened those up to a multitude of bidders.
In the event that there are more parties than just EDS involved in the value chain, we've looked to bring our business users closer to that consortium of companies, and have them directly describe their needs rather than have that translated through two groups of IT people.
We have regular monthly reviews of how those services are being performed, and what new or better services could be put in their place.
So we've evolved from this big bang, one-size-fits-all plan into a very specific set of services against which business outcomes are measured and continued to be driven for better results.
How much as this enabled you to save?
Harte: We've probably saved around 35 percent, over the original outsourcing arrangements.
You've mentioned before that you were concerned about Australia's ability to develop a strong local services industry. How do you feel about that now??
Harte: No, my point still remains valid. Just to summarise that: Australia has been very good at consuming technologies and in that consumption of technologies has become very productive in macro terms. So in macroeconomic terms, the labour technology substitution has worked very much in favour of the macroeconomic outlook.
Our companies themselves on a micro level have become much more productive given the adoption and deployment of technology. What I think is interesting is whilst they've been good consumers of technology and have become productive for it, they have not -- in the main -- been great producers of technology. And if you measure that by new patents or total patents resident in the Australian marketplace versus other developed countries, we rank lowest in the Western world, or the OECD.
And that's particularly concerning because I think the wonderful economic conditions that have prevailed in the last 10 or 15 years can't be expected to extrapolate out the next 10 to 15. In a benign economic environment, we may not be investing as much as we should into technologies that might advance us as better risk managers, that might advance us as being greater liquidity and insurance providers. Software has a big role to play in developing what I'm calling -- along with others -- "dark matter" in the economy.
With IT on a micro level, productivity is easy to measure, but the investment returns are not that easy to measure. So we almost think it's self-evident that we've made all these productivity gains, but it's very hard to measure that within the firm and across the economy in a consistent way -- in a way that shows that for a dollar invested in IT there's been a satisfactory long-term return on that.
What about open sources technologies?
Harte: I'm a firm believer in all things being open. Open networks, open architectures, open source code, and open source logic assets. And the reason for that is, in that free market the value is ascribed to that code very quickly by virtue of its usefulness and accessibly.
So a very useful and accessible piece of logic will become very valuable if it's applied across many domains. And it can be, in fact, improved upon and kept current. So if you think of those principals as holding true, then they can hold true within an enterprise as a subset of a market.
And when business conditions change, business models change, business requirements change, the more granular and componentised those logic assets are, the easier it is to change the computing environment to adapt to those changing business needs.
Thank you, Michael, for your time.
Harte: I hope your viewers and readers find it interesting, and they know where to email me should they have any questions.