HRM is a traditional retail mortgage shop headquartered in Dallas, Texas. We’re a privately-owned organization. Relatively speaking we are small — roughly 240 employees — but growing rapidly. Part of my charter as a CIO is getting our technology up to speed and where our salespeople want it to be. We are also working on improving our project management process, business intelligence, and process improvement since we live in a highly-regulated environment. Anytime we can create efficiencies within our process; that helps to cut costs because originating a mortgage these days is a very expensive endeavor.
The cloud naturally suggests itself as a way to manage costs, especially because we’re starting off so small as an organization. There are also a lot of capabilities we just don’t have today because of very little investment in the current solutions. This allows us to plan and design our future without the capital expenditure of on-premise technology.
A hybrid approach
We are moving to a hybrid cloud, a hybrid between private and public. Most of our assets today are in a private cloud. We host our loan origination software by a third party, and we also have a replication of that software and want to keep that as a private cloud. Other general technologies like our HR system are in the cloud as well. We are also moving our business productivity applications, our operating systems and domain network services to a private cloud/data center. This will all be entirely hosted from a hardware perspective, software perspective, and with all the security tools that surround them.
What’s refreshing for me is that our leadership is on board with everything I’ve described. There are obviously concerns around the vendors and how well we can manage them from an information security standpoint as well as contractual agreements. Ironing out the legal points on who owns and protects the data can be challenging. As far as whether or not we need to go to the cloud, they completely agree that we should keep the internal team small, keep our capital expenditure low, and start to push towards the operational expense. Making our environment something that’s a little bit more predictable and more elastic. In this way, if we want to install a new app or some additional storage, I’m not going to have to go out and procure something, and then weeks or months later I’ll have that available to me.
Security in the cloud
Our security situation is, to most degrees, already decided for us because the greatest data and documents risk is already in a private cloud. We manage that provider through our vendor management process, through vendor due diligence that we do every year, and of course, they’re going through all the necessary audits and information security testing. From our perspective, I don’t have to worry about it as much as if I had a bunch of data and I was trying to determine where it is and where to put it. But if I were in that situation, I am a firm believer that I would procure all of the different types of security that I need and keep it in-house. The struggle is the same: It would be great to have those tools, but I already have a team that is monitoring it 24/7.
Let’s face it, hackers these days are getting much more sophisticated, so you have to continually evolve that technology. I’ve seen it where, within a six-month timeframe, you’ve just brought in some new security tool, and it’s obsolete; hackers already have figured out how to penetrate it, and there’s no reason to have it anymore. So if you’re a cloud provider, the beauty of that is it’s up to them and, again, to your contracts and due diligence. Ultimately they are making sure that they’re evolving that technology, spending the money and bringing in those new toolsets as quickly as they can, to keep ahead of the next hack.
The other component of the cloud that has matured is the stability aspect of it. Early iterations of cloud providers tried to span you across multiple servers and multiple data centers, and you ended up having to write your applications so that they could scale across them. If a particular component of your cloud infrastructure were to go down in one data center, the whole thing would go down; it wouldn’t fail over properly. Most of those concerns are resolved, and that’s another reason we are moving to the cloud with confidence. I think a lot of other companies are joining us as well.