Problems at school

Juan Antonio Merino Cantos

(Chief Data Manager en BBVA-TyO)

Lunes, 31 octubre, 2011

Hello.

Everyone who has school-age children knows how “dangerous” the hour before leaving for school can be every morning.

Usually the problems are simple (“I can’t find the trousers to my uniform”, “Where is my judo backpack?” etc.), but the other day I experienced an even greater fright: ‘Dad, I need to bring in a project on Mozart to school… today’; going on to add, more seriously” … and they told us that we can’t just copy the Wikipedia page.”

It is a problem that, although not apparent at first, has much to do with what we encounter each day in the IT world:

We need information right away. Much of the information that we currently generate on a monthly basis (for example, liquidity risk), will very likely have to be generated daily, or even in real time, very soon. On this subject, Ramón Laguna recently explained to us (in an article on this blog) the importance of having information “in time“.
Not just any information will do. A brainy university study, for example, is no good for us, because the information we need must be “personalised” for a school project. Perhaps searching for “Mozart children” on Google could help us. The problem is, there is also a stimulation mechanism for children based on Mozart’s music, which does us no good in our current dilemma.
The information must be relevant. From the vast amount of information available on the internet, we need to be able to select what matters and what we currently need. Just ten years ago, BBVA was run with less than 5 TB of information. Today we need 70 and, in 2015 we’ll need more than 200. But that’s not much in our world… Facebook users upload 40 TB of information every day! The processing of large amounts of data (Big Data) and of unstructured information is one of our fast approaching challenges. Teradata and other tools will allow us to handle these high volumes of data.
The information must be high-quality. If we find two different dates for the birth of Mozart, then we’re in a jam. At the bank we have hundreds of people dedicated to reconciling information, wasting the opportunity to have them analysing it. The Informatica and Master Data Management tools will help us have a “single source of truth.”
Lastly, we need an operating and presentation tool that is comprehensive and user-friendly, because projects must be built from several sources, adding photos…At the bank, this facet of data management is addressed by MicroStrategy.

In the end, we pick up our backpacks and leave the house, with our homework done and convinced that at school (and at the bank), we’ll earn high marks…

Best wishes. Juan Antonio

(No Ratings Yet)

Loading ...

Deja un comentario Cancelar respuesta

Water, clouds and e-working

Paco Barranco

(BBVA-TyO Comunicación)

Lunes, 24 octubre, 2011

Water is essential for life and is the only element which can be found naturally in its liquid, solid and gaseous states. It takes very different forms in each of the three states: salt water, fresh water, icebergs, glaciers, rivers, underground aquifers, rain, snow, hail, dew, fog, clouds…

Moreover, as Bruce Lee pointed out in the famous BMW commercial, ‘…be formless, shapeless, like water. If you put water into a bottle it becomes the bottle; you put in a teapot and it becomes the teapot. Water can flow, or it can crush. Be water, my friend.’

And “being water“, which frees us from forms, routines and the “it’s always been done that way“, is what we do in BBVA’s Technology and Operations area (BBVA-T&O) in our customer relationships: we adapt and we put ourselves in their place, to try to be them, to think like them, to understand their needs and thus be effective in our work, looking for technological solutions that make their work easier, faster and more efficient.

I think this is what Zygmunt Bauman refers to when he speaks about the liquid society, about the society that can adapt to constant change; thus opening the company up to modernisation: flow, transform, adapt, internationalise, communicate in all directions inside and out … saving costs and innovating constantly.

And all this while thinking in technological terms and solutions, leads us inescapably to consider “cloud computing“, due to the undeniable advantages of hosting data and services on the servers of specialised companies and accessing them via the Internet, thus achieving data independence and permanent data accessibility from any place regardless of the technological device that we use (with a browser, and from a computer – desktop or laptop, PC or Mac – a smartphone, a tablet, etc.).

From the point of view of an organization (company, institution, association, etc.) the user benefits of this migration to “the cloud” may be both individual and collective. The individual advantages take the form of an improvement in the tools that users manage in their daily work; for example, increasing individual storage capacity, permanent access to all information and independence of the device used to access it. The collective benefits are much more valuable from a business standpoint, allowing a new way of working “in groups“.

But computing is not alone “in the cloud“; it is joined by an intensive process of digitising documents (which involves incorporating some 200 million images into this “cloud” every year) and by the virtualisation referred to by Pedro Suja in another recent post on this blog.

And, of course, all the issues of security and technological risk management that Santiago Moral mentioned in the interview that we recently published here remain very present (albeit invisible).

So, with all these technological solutions already in place, it is possible to speak seriously of e-working and of labour mobility, because the men and women of BBVA, the professionals who make up the staff of this company, are no longer tied to a physical workstation. For example, sales managers can develop relationships with each of their customers, completely regardless of where this occurs, thanks to the technological devices available, or even using their customer’s own computer.

Ultimately, the company-wide implementation of the continuous and rapid technological innovations that have been taking place in recent years open a wide range of opportunities to successfully increase our core objective: making people’s lives easier.

Oops. I’m running out of space. I generally recommended to the authors who contribute to this blog that their posts be between 600 and 650 words in length. And I’ve gone over.

Although, on second thought, that’s better. Because I have touched on different subjects, but none of them in depth or comprehensively. So I’ll be able to develop them more in the comments and in the conversation that we can have, if you’d like…

(1 votes, average: 4,00 out of 5)

Loading ...

Deja un comentario Cancelar respuesta

One layer, two layers… three layers

Miguel Ángel Arranz Benítez

(Director de Atención a Clientes – BBVA Operaciones - OyP- TyO)

Lunes, 17 octubre, 2011

Last February in this very blog, Josemari published an article entitled ‘Operations and Production = + x –’ in which in addition to outlining the four main functions of the unit he manages, he published an explanatory video of our ‘three layer operating model’.

In this article, I am going to talk to you about a specific example of this model that we have implemented in Technology and Operations (T&O) to provide operational support to the whole BBVA office network, with maximum efficiency and the highest quality possible at all times.

Firstly I should point out that (in global terms) the entire support operations for BBVA’s business areas are undergoing an ambitious transformation process, towards a model that will allow them to combine effectiveness with efficiency, which will force all of us to change the way we do things.

One example of this (a ‘local’ example of the application of our ‘global’ model) is the plan to improve the quality of the service that the Operations Support and Service Centre (internally known as ‘CAS’) used to provide to our network of offices in Spain and Portugal, which was launched at the end of 2009.

This plan, in its day, represented the first step in the consolidation of this ‘three layer operating model’ that I mentioned at the beginning; while also serving as a ‘reference for success’ to the rest of the Group’s operations services.

The basis of the plan was to identify all those known areas for improvement and to incorporate solutions that could be applied on both sides of the organisational structure (technology and the office network). Today we can say that it has had a very satisfactory outcome, although we are not resting on our laurels and we continue to work to provide flexible and speedy responses to our internal clients: the office network.

The operations support services are not only a help desk for the three thousand daily enquiries that are logged by our offices in the sales network, on average. They are also the driving force for resolving design problems in applications that, because of the addition of new functionality or due to improvements/changes in existing functions, need to be analysed by experts (these may be ‘business partners’ or technical design and development specialists), or that need better communication and training when looking for the solution.

The quality and efficiency that our internal client perceives about the service we provide, extends to each and every person in the Technology and Operations area. It is therefore important to all of us.

However, in BBVA we understand that the best telephone help desk is the one that’s not needed and for this reason (although what we have provided is hugely significant and very positive) we will continue working towards providing our teams around the world with the best service models available.

We are looking ahead and we plan to significantly improve several aspects. For example, providing the office network with advanced technological solutions to allow them to resolve a large number of their doubts through more flexible and economical means, with the objective of minimising errors and in all cases correcting them as quickly as possible.

In short, we will carry on working towards continuous improvement, because all of us at BBVA have the clients’ interests at the heart of our work and we therefore have only one mission: “To make people’s lives easier”; in this case, the men and women in BBVA’s office network in Spain and Portugal, so that they in turn may help and support the bank’s clients with their financial requirements.

Best wishes, Miguel Ángel

(1 votes, average: 4,00 out of 5)

Loading ...

Deja un comentario Cancelar respuesta

Transparent security

Santiago Moral Rubio

(CISO del Grupo BBVA)

Lunes, 10 octubre, 2011

A few days ago, we had a chat with Santiago Moral (CISO of Grupo BBVA) about various issues related to security and technological risk management.

We hope you find the results interesting and, as always, we’d be delighted to receive your comments.

What value does BBVA attach to security?

Security in Grupo BBVA, as a concept within the financial business (which is based entirely on trust), is not an attribute that can be measured or quantified, because there is no other option: Banks have to be secure by their very definition; BBVA is no exception.

What’s more, at BBVA we don’t conceive security as a value we want to be competitive in, because we understand that the whole financial sector has to be secure.

In light of this, it is our job to add value from an engineering perspective, so that security enables us to make progress on two fronts: On the one hand, to make the cost of running the institution competitive within the market, and to make important strides in a technologically globalised world on the other.

So, given this ‘non-competition’ in terms of security, is there collaboration?

In the financial sector, you don’t win because somebody else has a security incident. In this field there is a fairly modest direct collaboration between security managers in different institutions: we know each other, we share forums and it’s a fairly small world.

Where we do have a little friendly competition is in seeing how each of us manages to make security cheaper to operate, simpler, more efficient and less expensive for our respective companies; thereby contributing towards a more competitive position. However, this is competitiveness in engineering, not as a business function.

When we talk about Logical Security, we usually think about the purely technological aspect, forgetting the human factor. How does BBVA approach this factor, both in terms of the (internal and external) workforce and with a view to its customers?

The whole financial sector is working hard so that what can be done with information systems, is done in a more natural and user-friendly way, improving the usability of security.

This is not usability in the classical sense of the term, that something is easy to use, because this should be the case by definition. What should be easy is the integration of the different platform security mechanisms; meaning that within a uniform environment there can be elements with different security levels.

For example, the site where I swap photos with my friends and where I store my payslips. I need to have both things on hand, but with different levels of security.

At present there are some very interesting trends that will become a reality before too long. One of these is “Bring Your Own PC“. This basically consists of you using your own computer, smartphone, etc. (tools on which people are increasingly storing much of their productive capacity) as corporate tools, for which your respective company/organisation pays for part of the annual cost. In this case, we are entering a different world and a different strategy; it doesn’t matter where you are, you always log on using the same means and with the same applications as your work environment. Security is clearly an essential lever if this is to work properly.

What are the most typical threats at the moment?

As a society we are undergoing a radical change in worldwide infrastructures that allow us to become technologically globalised. In this new world we are unaware of the risks we must assume and manage. Citizens, businesses and governments are all working to ensure that this new playground of global networks and their platforms can be a comfortable place to live and to share.

Regarding the issue of critical infrastructure protection, do you think we are progressing fast enough, or has this also been affected by the financial crisis?

In serious countries, we find serious institutions and corporations, for example, in the case of Spain, when they request what is essential for a critical infrastructure in the country, I already have it.

Serious companies are already making sure they have adequate levels of availability. It may be that at certain times there will be a request that is a little more demanding, but in general terms, Spanish corporations have a good starting level when it comes to complying with critical infrastructure regulations.

As to the speed of adaptation, I believe that the administrations are doing this well, as an organisation and as a sector in general, I think it’s going fast enough, insofar as this is possible. There are ideas that have to come down to earth a little.

What is your opinion regarding integral security?

In the financial sector, security departments have to work as one, because there is a continuum in the security problems that we have to manage.

One security problem might begin in the physical world and then move to the virtual world before going back to the physical, being the same problem and the same action, so you have to work in a very co-ordinated manner. Nevertheless, the corporate security department and the information security department require different levels of specialisation.

All corporate security technology is based on information security. This enables us to have single processes and technologies, so that there is no technological dispersion with regard to identity management. However, on the level of departmental management, we are different; because the things they manage and the things we manage (even sharing a common area), are radically different. We have organised ourselves in such a way as to have the benefits of integration and the benefits of non-integration both at the same time.

Smartphones are spreading, which means a world full of possibilities, more functionality and more power in the online mobile channel. But from a security point of view, what recommendations can you make to users?

Well, I would basically say to any user of mobile services that the important thing is who you do business with, not what you use to do it; for example, doing business with BBVA will always be a sure thing, because you are dealing with BBVA regardless of the means you use.

The medium doesn’t have to be something we are scared of; BBVA is positioning itself so that all possible devices and channels can be a gateway for customers to connect with and do business with the bank. As a company we have a vocation for cutting-edge technology, and the challenge is to make this happen without diminishing the level of security.

What we really need is to be good risk analysts from a security perspective. To achieve this the main problem is that we need to have a very good knowledge of is really going on in order to adjust the risks effectively. If you set about placing more controls than you should, you end up out of the market because other competitors will analyse the risk better and you fall behind, then you’ll have problems that will eventually have an impact on your image.

Speaking of risk analysis, in recent years this has almost become a structural element of more and more organisations, especially financial institutions. How does BBVA handle risk analysis from the perspective of Logical Security?

At BBVA, we have the CISO (Chief Information Security Officer) model, which is an enlarged security model, in which all responsibility in the area of technological risk management, i.e. what is security and what isn’t, falls under the umbrella of the CISO. The risk management part of all IT governance is assumed by the CISO.

At BBVA we understand that our most volatile risk is always related to security and to the continued maintenance of this security level, and that we as Information Security, depending on the area concerned, are responsible for between 40% and 60% of the total risk that has to be managed in the IT area. That’s why it doesn’t seem exaggerated for a financial institution to see itself as a leveraged figure in information security, but one which is moving towards technological risk management, as one of the mainstays of good governance.

Cloud computing is a fashionable subject at present. In a few words, what is your opinion of cloud computing and security?

We are a bank, and as such we are a highly regulated institution in everything involving our financial business. This brings with it a certain level of security; however, we also do many other things and we have many other business applications due to the simple fact of being a company. This is something that has a different level of security.

In this second case, we are open to everything that appears in this globalised world that enables us to reduce costs and improve processes. However, in terms of our regulated business and everything that goes with it, we want to have the utmost guarantees and control, not only for our customers but also for the bodies that regulate us.

BBVA is making a substantial commitment to technology and innovation. What issues would you like to highlight in terms of security?

On this point, I should talk about the agreement that we have with the Universidad Rey Juan Carlos, by which we created the Technological Risk Management Research Centre, where we are working on various lines of research.

The first of these is the search for new algorithms that will enable us to search for anomalies; i.e. to find unusual data within enormous volumes of data, so as to improve our effectiveness by trying to anticipate what might happen in the bank (attacks from the Internet, on cards, etc.).

We are also investigating the natural mechanisms for identifying people, so that information systems can offer an increasingly natural relationship with customers. That’s why we’re working in the area of biometrics, in an attempt to facilitate the recognition of individuals through their behaviour.

The third research line is on specific risk-analysis methodologies (whether to assume risks or not). One interesting area is the analysis of intentional behaviour based on game theory, and its application to the behaviour of organised criminal groups.

Finally, could you give us any tips on a professional career in the field of security?

There’s no better advice than to work hard, be passionate, and never stop training. Of all the IT disciplines, the world of Information Security is especially fascinating. Here, there is an added point of interest: You have an adversary, which makes it extremely appealing intellectually. On the downside, it’s a job that is demanding as regards dedication, not just in terms of the hours, but because incidents can happen at any time and not just when it’s convenient for you.

Last of all, I’d like to mention the topic of continuous training and development. Information security professionals are among the top experts in all kinds of new technologies that are appearing. One of the keys to success in training (and in professional activity in general) is to surround yourself with people who are smarter than you, and that way you’ll be lucky enough to be learning all the time.

Many thanks, Santiago. Now we wait for our readers to send us their opinions.

(No Ratings Yet)

Loading ...

Deja un comentario Cancelar respuesta

Digital, virtual and durable. This is what our den is going to be like

Pedro Suja Goffin

(Director de Infraestructura Europa. BBVA-TyO)

Lunes, 3 octubre, 2011

All animals need a den, a nest or a cave to shelter from the weather and protect themselves from predators. Life outside this lair is difficult and dangerous, but inside they can eat, raise their young, store food, etc.

Man has always had a similar need: for a personal space that is safe and can be arranged to provide refuge and rest, a place of comfort where, instead of focusing just on survival, we could think, have fun and spend time with others.

Over the course of history, our dens have evolved. At the dawn of time we lived in trees. Later, we occupied caves and painted their walls to document our memories.

Caves were a place where we could make fire, eat and sleep – but they had certain problems. The main problem was that they tied us down to a particular place, and limited our mobility.

If, in the search for food, our ancestors strayed far away in the heat of a hunt, they would have to sleep out in the open, which presented two dangers: being attacked in the night by wild beasts, or finding that, on returning to the cave, it had been occupied by animals or another family.

After this, we started to build houses (dens that could be truly customised), and many of them were real forts. However, the migratory movement of people towards large cities resulted in many houses being squeezed into small spaces, and population density grew at breakneck speed.

Our dens were occupied by many people. Suddenly, people found they had no comfort zone.

However, in our minds we still had the need, from time to time, for a place that we felt was our own. And that’s when the PC appeared.

The PC was the perfect substitute for our lost den: it was personal, it could be configured to suit our needs, it allowed us to store information, and no other people or animals invaded it… it was ours.

Man took a giant step and moved his den to a non-physical space made up of photos, spread sheets and other digital objects. Man could rest in this microcosm, writing, reading, playing or simply organising files in a world that belonged to him, and where he could be alone.

This is where man’s attachment to the PC (a true personal lair) started to go over the top. The local storage capacity grew and grew, and the amount of personal data being stored grew endlessly; but we were responsible for making sure our data were not lost.

How many hours did we spend trying to recover the data on a personal computer after a catastrophe!!

How often were we annoyed to find a virus making our den uninhabitable!!

What an unpleasant surprise to find that we had not understood how to use the backup software, and that we had lost everything!!

Two new technologies have recently revolutionised our world: communications and virtualisation. Both of them have enabled us to take a leap that we could not even have imagined 10 years ago: a PC can be ‘virtual’.

A ‘virtual PC’ is one that exists in a specialised data processing centre of which we only see the screen when we connect. And this connection can be made from any part of the world.

The organisation supplying virtual PCs is responsible for making them virus-proof, guaranteeing data will not be lost and ensuring that we can connect to them easily. Responsibility for ensuring our data are not lost is now in the hands of companies with many more resources available to them than we have.

Now it is time to take another step, and one that is just as important as the last: to move our den from the real PC to a virtual PC. This will allow us to access our den from anywhere, using any kind of device. And this will be our comfort zone, which will be constantly accessible, personalised and safe… our refuge. It’s going to be the age of the virtual den.

Gone will be the day when a problem with our PC led to us losing our digital belongings. Nobody will have access to our data or be able to steal our computer. Replacing our PC will no longer involve long hours spent recreating our digital comfort zone. It will be much easier to change.

We will also be replacing our physical PCs for virtual PCs at work; and these will have the same properties as our den. The difference will be in the way we individually tailor them:

At home, we will have virtual computers set up for image processing, to connect with our friends on social networks, compose music, etc….

At work, they will be focused on productive tasks and work flows.

At BBVA, we started to take the leap to virtualisation a couple of years ago, and we now have 60,000 members of staff working on virtual computers. We will continue to migrate ‘physical comfort zones’ to ‘virtual comfort zones’.

We are doing this, for example, by creating ‘virtual desks’ for central banking services. This, in turn, will make it much easier for us to take on telework and mobility projects, or further along the line to transfer human teams to our new corporate offices in Mexico and Spain.

Until next time,

Pedro.

(1 votes, average: 5,00 out of 5)

Loading ...