2020 Outlook Series:
What’s New in Cloud Adoption and Cybersecurity
On this episode of the 2020 Outlook podcast series, Host Craig Jeffery meets with Mark Tirschwell, Chief Information Officer of ION Treasury, to discuss what’s new in cloud adoption and cybersecurity. Topics of discussion include the major opportunities and challenges emerging with cloud adoption, cybersecurity trends that are driving companies to use the cloud, how treasury solutions are being leveraged and more. Listen into the discussion to find out what organizations are facing in the year ahead.
Craig Jeffery, Strategic Treasurer
Mark Tirschwell, ION Treasury
Episode Transcription - What’s New in Cloud Adoption and Cybersecurity (2020 Outlook Series)
Welcome to the Treasury Update Podcast presented by Strategic Treasurer, your source for interesting treasury news, analysis and insights in your car at the gym or wherever you decide to tune in. On this episode of the 2020 Outlook podcast series host Craig Jeffery meets with Mark Tirschwell, Chief Information Officer of ION Treasury to discuss what’s new in cloud adoption and cybersecurity. Topics of discussion include the major opportunities and challenges emerging with cloud adoption, cybersecurity trends that are driving companies to use the cloud, how treasury solutions are being leveraged and more. Listen in to the discussion to find out what organizations are facing in the year ahead.
Welcome to the Treasury Update Podcast. This is Craig Jeffery. I’m the Managing Partner of Strategic Treasurer and today’s episode is what’s new in cloud adoption and cybersecurity. I’m here with Mark Tirschwell. He’s the CIO of the ION Group responsible for cloud across over 1,200 customers. Mark, welcome to the Treasury Update Podcast.
Thank you Craig.
So Mark, with that title and that topic, I think as background, we would definitely say that the cloud seems to be what so many people have been talking about for a number of years now, particularly the last couple of years across all application types and finance and certainly treasury. Maybe you could give a little background about your experience with regard to cloud adoption. As someone who runs a number of products, how are you seeing the growth and the change in this space?
Our journey with cloud started about 13 years ago with Procter & Gamble on the treasury side of the business and they were an innovator and an early adopter in the cloud space. And since then a lot’s transpired in the world. Cloud has certainly become mainstream. We see pretty much 100% of all new customers adopting our cloud. So it’s really a testament to not just what we’ve done, but really the way the industry has changed with respect to their view of outsourcing in general, which has really fundamentally shifted as more and more big publicly held corporations and very well-known names like Netflix and salesforce.com talked about and executed cloud adoption. So we’ve seen a massive amount of growth, especially over the last five years. The acceleration has been phenomenal.
With some of that change, I mean obviously there’s the aspect of moving things to the cloud and like you said, you’re seeing almost 100% simpler systems move to near 100% in 2004 to 2006 or so. All new systems are moving that way in the cash space. As you move up in complexity with risk, etc. you’ve seen the adoption grow. But I wanted to ask you a question on cloud and security, especially because you have a number of products that cover the full range of treasury requirements, but in particular, what else is going on in the cloud and with security in the cloud? What’s going on there? I know that’s impacted everything from how you respond to RFPs, to questions about security, but maybe you can just highlight a few of those items.
So I would say that the first stone that’s cast when it comes to clients looking at our cloud as an option for deploying their treasury solution is fundamentally around security. It is the number one area which is scrutinized more than anything else. And the reason for that is, we deploy on Amazon and Azure and that’s a well known quantity in the world and people feel generally comfortable with that model today. Security on the other hand with Amazon and Azure is a shared model, a shared responsibility model where the cloud provider has some responsibility and then the vendor.
In this case ION has some responsibility as well. And so our ability to satisfy client needs around security is imperative. So we’ve seen every type of questionnaire that can possibly be issued out there from standard organizations to customized and bespoke security types of questionnaires. So clients really do their due diligence around the security that we offer around our products. Of course, treasury is not just about cash management, it’s fundamentally about potentially moving money, making payments and things like that. So from that perspective, the fact that you can actually move money with our software and our systems means that there’s an extra level of rigor that clients tend to drill into when it comes to security.
Certainly that’s the case. People try to steal resources, data and ultimately money because they’re trading those other things for money. But as you think about this, not only the move to the cloud, the new questions about that, but it’s a different environment in some ways and that creates some benefits and some challenges. And certainly as we’ve talked and thought about this, there’s some unintended consequences. So what are some of those unintended consequences and what are some of the major issues that are emerging as part of this move to the cloud and the increased threat of a fraud? Because that’s scaling up, whether someone’s in the cloud or not, that threats increasing, but that has to be addressed in this environment.
So let’s just continue on the security topic for a minute and then I’ll go into the unintended consequences. Around the security it’s not just around perimeter security, so protecting bad actors from getting in. It’s about encryption at every level of data, whether in transit, at rest, etc. It’s about who holds the keys, the encryption keys, but it’s also about how information flows, which is really, really important and can information flow outside an organization that has confidential or sensitive information in it. That’s fundamentally called data loss prevention and it’s something that ION is doing a lot of research and investing in on how we can actually watch the data flows, what defines confidential data and how we can monitor and alert on sensitive information potentially being transmitted outside the walls of let’s say you what the organization would allow. So DLP is quite important right now as we look towards these things.
But security monitoring is also a key aspect that we’ve invested heavily in and we layer on top of our solutions now as a standard part of our business. And what that is, is that’s monitoring the environments, the network, everything in real time with a security operation center to ensure that if there is an alert, if there is a usage pattern, which suddenly seems not normal, we get alerts, we’re able to trap it, we’re able to investigate it. Many times it’s just a false positive, but we’re looking for the one case where it’s not a false positive where you have to take action immediately.
Moving to the unexpected consequences, it’s actually quite interesting. Now that we have a huge amount of clients that are in our cloud, our ability to watch usage patterns in terms of our clients, on how they use the system. It’s not about what they’re doing, it’s about how they’re using the system. So what screens, what types of activities did they do during what timeframes around the clock. And looking at those patterns, we can more accurately predict and maximize the efficient use of cloud resources and help our clients actually lower their costs. So, that’s one of the unexpected consequences that we kind of knew was there but our ability to actually leverage that and use that to actually drive down costs is one of the most interesting and unexpected consequences.
How does that usage pattern drive down cost? Is that because there’s shared hardware and distributed over others or what?
It’s because we’re able to scale up and scale down. So take advantage of the true elasticity of what Azure or Amazon offers us. So the ability to, instead of having servers up all the time, we have the ability to scale up as needed and then scale back down, which keeps costs low and maximizes the use of infrastructure.
So Mark, how are organizations looking at or determining or defining the benefit of moving to the cloud? When I say organizations, maybe you could take it in two ways. One is the corporate users of the cloud who is saying, hey, we’re going to move there. We don’t want to support the hardware, or we want to stay current on the systems, which are some of the traditional methods. But maybe you could also then move to as a service provider delivering this in the cloud, what are some of the benefits that you’re seeing on the flip side as well, but maybe you could start with the corporate users.
On the corporate side, when our clients really look at what are the benefits of implementing our solutions in the cloud, there are quite a number of factors that are considered. Number one is cost. Everybody of course looks at cost. The lure of going into the cloud is that it’s just automatically going to reduce your costs. Now that may well be the case, but you need to have proper governance, which we have layered onto our service to be able to keep the costs low. So cost is a factor. Performance is really important. So when you implement the solution in the cloud, whether you’re migrating from an on premise solution into the ION cloud or whether you’re a new customer going into the cloud, you need to be able to rely on the cloud to provide the performance that you need to drive your solution.
Typically, our clients that currently run their systems on premise, when they move to the cloud, they’ll gain anywhere from two to four times the performance. So their performance will double or triple when they move into the cloud. And there are a number of factors for that. One of them is that you’re moving from your potentially legacy infrastructure in your own data center onto contemporary state-of-the-art technology in the cloud. But it’s also the optimization that we leverage onto our deployments and we have a very robust and fine-tuned model for each one of our products in terms of how they perform on the cloud and how we need to deploy them based on the client’s characteristics, whether that’s number of users, number of trades, whatever the case might be. They also look at operational complexity. So at ION we obviously have a range of treasury products that run from simple to very complex.
As you go up the scale to the complex, the concept of operational complexity reduction is really, really important for these larger clients. And when you move to the cloud ION takes all responsibility for all of the operations, all of the services that we layer around it. So all of the management and the complexity around their operations is reduced on the IT side and then clients really just have to worry about their business and their workflow and not have to pay attention to the back end. The last piece is really around cloud native features, which we’re enhancing all of our products to support and the concept there is that we’re enhancing our products to take advantage of specific low level features of the cloud to enable us to take advantage of what the cloud offers in terms of elasticity, performance, other types of things that help our clients grow with their volumes, with their number of users and over time with their additional workflows and complexity.
Now, I know as you talk about the providers of the services in the cloud, what are some of those benefits? Maybe, some of those are more mirrored as I heard you describe those, but maybe you could start with the benefits of the cloud. Because you talked about security earlier and doing things at scale, monitoring some of the best in class type of functions. Being able to look at patterns of how users act on the system and leveraging that. So maybe you could talk about the providers of services and maybe start on the security side.
So on the vendor side, so on our side it’s really a mutual type of arrangement when you deploy a solution in our cloud and we talk to our clients about the fact that it is a mutual and symbiotic relationship when it’s in our cloud. Things that we’ve seen over many, many years with our customers, both small and large, is that number one, we have a closer and tighter relationship. And we see that because we have many different touch points when we’re running our client systems in the cloud. So we have service reviews on a monthly basis. We talk to our clients potentially at different levels than an account manager would normally talk with the folks in our customer base. Also, we see more frequent upgrades, which is super helpful to both the customers and to ION. So in terms of keeping contemporary with the product upgrades are faster and more seamless because we’re doing all the heavy lifting on the back end and the clients are really just responsible for testing features.
And that’s with our non SaaS products. We have a range of products in our offering. We have two products that are true SaaS products, so multi-tenant Reval and Treasura fit that model. But then the rest of our products run in a single tenant type of instance where each client has their own version of the application, their own instance of the database so keeping things private. And for those customers we’ve simplified their upgrade and deployment cycles considerably. And then it allows us to really deliver features and functions to our customers. Again, as I mentioned before, that you can’t get when you’re running the software locally on premise. I talked about those cloud native features and those are very important for us to be able to scale our business, etc. In addition, we find that from a support perspective, we are obviously we’re tapped into the infrastructure 24 seven. We’re monitoring the application, we’re monitoring the infrastructure and so our responsiveness to our customers goes up and we’ve seen the metrics and the evidence over many, many years on how much faster we’re able to respond and help our clients through particularly thorny types of issues.
Thanks for stepping through some of the benefits of the cloud from the provider side and then earlier from the user side, but maybe we can look at it from a categorical perspective and maybe with some specific examples, but at least describe the categories or the concepts. So how are treasury solutions leveraging the cloud? Maybe with hardware and software, not exactly what you described before about ability to scale, but to that, those types of points. What can people who are listening take away from this at a category level?
Well, I think there’s a couple of things. Number one is keeping up with technology changes. So when you move to the cloud, you fundamentally eliminate the need to worry about infrastructure. You don’t have to worry about replacing your infrastructure every four years. Those types of costs. You move your costs from a capital expense to an operational expense, which works well for many organizations. And then lastly, when you look at some of the things that you get or can get when you move to the cloud, there are myriad of products around security that are pretty much plug and play. There’s a whole marketplace both on Azure and Amazon that we take advantage of on our client’s behalf. But clients can take advantage of on their own for other types of solutions they might deploy themselves in the cloud that are just again plug and play types of security models that really can help them fine tune their requirements around their audits and compliance activities.
I want as we move towards the end of our dialogue, I wanted to talk about another factor that impacts you whether you’re in the cloud or not, but specifically ask you the question related to the cloud. I mean data’s growing rapidly. It’s doubling every couple of years, 40% growth rate and treasuries charged or tasked with doing more analysis, better information, cleaner reporting. So given the growth of data and the concerns about accessing that data, keeping it encrypted or safe, there’s both the challenge and opportunity side of the coin. What do you see as the biggest opportunity coming from the fact that more and more data is moving into the cloud or could move into the cloud?
Interesting question. Thanks for asking it because it’s worthy of discussing. So the first thing is data growth, as you noted is massive and to that end you don’t want to have to deal with that data growth internally. Enterprise storage is really expensive. On the flip side, storage in the cloud is cost efficient in a variety of ways. As you may know, irrespective of which cloud provider you use, there are different tiers of storage available at different price points. So if you have data that you just want to archive, you can buy really cheap storage and put it off on the side and only use it infrequently and the latency of getting the data back and forth is high but you’re not using it that often. Then you can move up in terms of storage classes so you get better performance and faster access and things like that.
So that’s one thing you can archive data and put it aside and you can do a lot with your data and it’s much more cost effective to manage your data in the cloud than try and pay for it on premise using an enterprise class SAN or things like that. The second thing that we at ION are looking at from an opportunity is around artificial intelligence and machine learning. So we have all this data centralized in our cloud that we’re looking at how we can leverage machine learning for our solutions. You may have seen that we’ve recently launched a machine learning around cash management and cash forecasting, but that’s one of the tools where we’ve actually launched a product where we can take our data or our customers’ data and look at patterns and things like that, and then start helping the clients forecast their cash where they need it, when they need it, etc. using those tools.
As the volume of data grows over time, the ability to have all this data centralized and for ION to be able to analyze patterns, we don’t really care about the data itself. We look at the usage patterns, etc., how our clients use the data. We’re going to be leveraging more around AI and machine learning going forward, and the ability to have all of that information high-speed available in one local place is really the only way you can actually do that.
That sort of sounds like the power of a network. Now that it’s on the cloud you would have access to look at multiple clients and leverage it. Obviously anonymized, you’re not doing it but it’s a bigger data set that you can leverage. That’s quite powerful and quite interesting. Mark, I really appreciate you taking the time to talk with me about what’s new in cloud adoption, cybersecurity and just before we sign off, what are any final thoughts that you want to leave or final statements to the audience?
So I would say as a final point to wrap up that there’s a big opportunity for customers when they look at implementing a solution in the cloud. And it’s not just about security. There are so many advantages to putting your applications and systems in the cloud. There are even more advantages to leveraging your application provider, ION in this case to leveraging what they offer because they’re the experts around their application and the services that vendors and partners are able to provide around the applications really facilitates the efficient use of the product that you’re buying. And so the cloud really is able to deliver different types of efficiencies, economies of scale, services and security that are harder typically to implement within an organization.
Excellent. Mark, thank you so much for your time on the Treasury Update Podcast.
You’ve reached the end of another episode of the Treasury Update Podcast. Be sure to follow Strategic Treasurer on LinkedIn. Just search for Strategic Treasurer. This podcast is provided for informational purposes only and statements made by Strategic Treasurer, LLC on this podcast are not intended as legal, business, consulting or tax advice. For more information, visit and bookmark strategictreasurer.com.
This series within The Treasury Update Podcast features interviews with treasury experts about their expectations, projections, and predictions for the year ahead.
#78 – Preparing for LIBOR Replacement
Host Craig Jeffery kicks off the new year interviewing Jacqui Drew, Head of Sales and Account Management of ION Treasury on preparing for LIBOR replacement. They take an in-depth look at LIBOR and explore the background and situation that led to it. They also discuss replacement rates, the global impact on the market and more. Listen into the discussion to know what organizations should be thinking about and how to successfully prepare.