Roundtable to Discuss – Reducing Costs and Recession Proofing Your IT Spending

April 14, 2009

It was very exciting last week. Last week, on the 8th and the 9th, the ITCUstrategy group and the CUCTO groups met at Apple Federal Credit Union and NIHFCU to discuss the following agenda topics. The discussions were engaging and many of the attendees left with actionable steps for themselves moving forward.

 

Topic/ Agenda

  • Roundtable Discussion Topic – What are local credit union IT Leaders in the area doing in today’s economic environment to help drive costs down or increase value to members?
  • RedZone Presentation – Recession Proof your Credit Union’s IT Spending Using Fixed Cost MSP Programs for IT Plumbing and Day to Day Compliance Needs
  • ITCUStrategy.com – Discuss the May 2009 launch and functionality of the local Forum, Blog, and user Library

 The following are ideas, comments, and views that flowed from the meeting. Enjoy!

 

The following is a composite list of the items that were discussed as a part of Cost Savings Measures that we currently underway and planned for many of the attendees.

 

  • On a case by case basis credit lines are being revoked by attendees for those members demonstrating higher than acceptable risk.
  • Some have used this opportunity to eliminate risky members as an opportunity to reach out to members versus the obvious initial approach of just cancelling the card and terminating the member. In one case a family member offered to use their cash as collateral to get the other family member caught up thus averting a negative situation for the CU and the family member with the obligation.
  • Hiring freezes are in place and if an employee leaves they are not being replaced.
  • There is a move toward more of a web based approach to member service versus brick and mortar.
  • Modifying member behavior is the goal to lighten and reducing lobby traffic which helps with labor savings.
  • There is an increasing interest in ‘tellerless’ and remote kiosk approaches to member services.
  • There was an interesting Call Center and workflow strategy being pursued by Arlington FCU that was interesting from the perspective of combining Call Center and Cross Selling opportunities.
  • Reviewing e-statement approaches and incentives for members via electronic delivery has been a big costs savings for some. Apple FCU in particular had a great story here.             
  • There is certainly a more vigorous approach to vendor negotiation to obtain better pricing
  • Mergers as a general rule were seen as not being successful, however there are models emerging in which smaller credit unions can combine forces and purchasing power while keeping there own unique identity in the process (emerging examples of this are Partnership FCU).
  • Server virtualization was discussed and several members have taken aggressive steps to embrace server virtualization and create a portable infrastructure that drives down costs in the following areas: Power management reduction, power consumption reduction, reduction of server needs, smaller rack space footprint. (NIHFCU and Tower FCU) shared stories here. Also NIHFCU is pushing the envelope in effort to deploy more of a ‘branch office in a box strategy’ using Virtual Desktops VDI. John Szeglin, the IT Director is actively testing the approach and integrating peripherals into the solution so that he can drive down costs at the periphery of his network.
  • Some even expressed that they are not following regular upgrade schedules on PCs that were normally an every 3 year 33% of PCs followed a refresh cycle. Instead they were experimenting with throwing more RAM into machines to breathe more life into them. Since most of the core systems have a “Fred Flinstone” approach to building internet friendly web based applications, this may be a simple way to put a band aid on problems caused by incompetent coding development. It never ceases to amaze me in days of the ‘thin client’ how core processors still want a heavy footprint on the desktop.
  • SaaS – Software as a Service approaches were discussed. This is definitely an approach that needs to be explored further in further group meetings since alternative ways of buying and deploying software would reduce costs and deployment lifecycles.
  • Managed Services (MSP) approaches were discussed as well. The question of how can a credit union can purchase specialized talent to complement existing staff levels was the focus of the Managed Services discussion. As a strategy to do more with less it was a definite approach to consider.
  • Although many attendees are using Monitoring Services to provide monitoring services, there was a lively conversation discussing the differences between Management Services MSP versus Monitoring Services.  

 Thanks for everyone’s time and energy of these two meetings combining ITCUstrategy and the CUCTO groups of the MidAtlantic.


Credit Union Mergers – Mitigate Technical Risk

March 18, 2009

From my point of view a credit union merger is a ‘non-trivial’ event, however I am excited about the opportunity that this provides both entities from a technology perspective. A small credit union can come out of a merger stronger, leaner, and more efficient than before. This is an opportunity to streamline, achieve economies of scale, and combine the best of each entity while discarding the unworkable elements. The following are a list of good questions to ponder with your teams. Here is a short list of what I would consider to be the ‘tough stuff’ from a voting and discussion perspective between teams.

Technical Systems Integration Planning Steps

  • What is the plan for the coexistence of two (separate) LAN and WAN networks and what is the end state goal?
    •  IP Scheme – bridged/ routed network
    • Are the Credit Unions using disparate core systems? Different Versions? Do they have conflicting IP Scheme requirement?
  • What are the deadlines that need to be hit so that they details can be coordinated?
    •   IP Scheme
    •  Printing (Sharing, Services, Drivers)
    • Bandwidth
    •  Routers
  • What is the plan for the convergence of credit union peripheral hardware convergence?
    • Signature pads
    • Receipt Printers
    • Scanners
    • Check printers 
  • How will imaging be merged, including the old that may need to be kept for 7 years? What is the plan for current and historical images? What is the final imaging goal?
  • How will old core system records be kept (Core historicals, etc.)?

Internal Questions

  • What is the end network design?
    • WAN Architecture
    • Integration
    • POP Diversity
    • Redundancy
    • Encryption
    • QoS – quality of services to protect VoIP integrity
  • Can the credit unions use each other for DR?
  • What services will be shared?
    • Active Directory
    • Email
    • Files
    • SQL Databases
    • Domain Controller Authority
    • Imaging
    • Domain Trust
      • Is Microsoft SBS involved? If yes, there are important trust planning considerations.
  • Will Microsoft licensing be audited to take advantage of consolidation? Use a merger to negotiate and consolidate licensing.
  • What is the plan for enterprise back-ups long term?
  • How will the phone system be consolidated and converged?

So here is the summary of my merger material. I have collaborated with a couple of team mates to put this 2 part series together for everyone. I hope you like it and that it was useful to you.  

 


Considering a Merger? Is the Time Finally Right?

March 5, 2009

With the economy shifting south, coupled with the NCUA assessment fee to bail out the Corporate Credit Unions, small credit unions can combine forces to compete better and provide more value to their membership. I am observing a trend toward small credit unions merging on a much more rapid scale than I have seen in the past. The merging of credit unions is not noteworthy in and of itself, however I do believe that mergers that combine to reach the $100 million plus range are going to increase.

 

When considering a merger, it is critical to establish relationships with experts you can turn to if you go forward. These experts should span all operations in the credit union, and be able to weigh in on questions such as:

 

· What are the best practices in merging a credit union?

· How do you merge IT departments without adding risk?

·  How to plan for and cut waste during a merger?

·  How can risk be mitigated?

·  What is the best way to leverage the opportunity to build in efficiencies?

· What functions can be strategically outsourced?

· What processes can be integrated?

· How should IT integration be handled?

 

Credit Union Merger Questionnaire – Information Technology

The following questionnaire pertains to the last point, and represents the starting point for planning and implementing effective IT integration for a credit union merger. These questions are intended to bring up important issues that must be planned for in the IT space, and to start discussions that will lead to effective decision making.

 

High Level Objectives/ Co-Existence Plan

  • Is the objective for the merger:  To attain one united front or identity with the leveraged strength of a partnership……
  • or is the goal of the merger to  maintain dual identities with the leveraged strength of a partnership?  
  • What is the plan for the existing domain names and the new domain name? Is there a timeline set for the old.org sites to disappear and one new.org to replace them, or will the old sites remain in place?
  • What is the plan for the email utility in the new entity? What is the timeline for implementation? Will there be coexistence of emails between domains?
  • How will home banking be presented to the members? What is the timeline for the change?
  • What SSL Certificates can be merged, deleted and/or re-used (web sites, ssl vpns, etc.)?
  • Is there a common encryption policy for sending information to third parties ( e.g. credit card processing via PGP, or does one of the entities have ZIx email encryption)?
  • What is the encryption goal? Are there any vendors that require specific encryption technology?
  • What is the end goal for the phone system and call center/ member services? Is there a timeline set for the convergence of the systems?

o        PRI analysis – what is the call routing plan?

o        Are you launching with core phone system functionality first and then integrating Call Center functionality after the merger?

 

  • What is the goal for integration and collapse of the networks (WAN – MPLS)? Applications  (like imaging, etc.)? Data bases? Other elements?

o        Has a cost analysis been completed for the infrastructure WAN collapse of the two entitities? Data, Voice (long distance/local)

o        What questions does one need to ask when integrating carriers – Sprint, ATT, Qwest, Verizon, and Paetech for example? (This blog link is an overview of questions to ask. http://itcustrategy.com/category/mpls/)

 

  • How are third parties (PSCU, FedLine, DI, etc. ) being addressed? Which third parties will remain? Are there redundancies? Which ones are going away? 

 

On my next post I will examine most technical questions that I have to ask myself when helping a credit union during a merger. 

 

 


Drive IT Costs Down with Server and Desktop Virtualization

February 13, 2009

The more I visit with my clients I see the effect that server virtualization is having with credit unions. 4 years ago when I started recommending virtualization strategies all I heard was crickets. Now the tide has changed and literally the only question to ask oneself is, “Why am I not virtualizing?” In today’s environment the reality is, that questions are being asked, “can I do more with less?” VMware and Microsoft Hyper V give credit unions this flexibility.  I have a few items that I list below which I believe need to be brought to the table prior to implementing virtualization. I am going to be writing more on this subject over the next few weeks. Virtualization is analogous to a carpenter buying a ¼ inch drill bit. A carpenter doesn’t want a ¼ inch drill bit; what he wants is a ¼ inch hole. No one wants virtualization. What people want the benefits of virtualization. Here are a few of them and some planning questions to ask.

  • What actual hard costs are you looking to save? For example, I have a client who was adamant about not doing virtualization until midway througha data center upgrade project shesaid to me, “how canIsave onsome rack space? I don’t want to buy another rack ifI don’tneed to.” I replied by pointing to 4 servers and saying, “those 4 servers can all be virtualized into one.” These were very old Microsoft 2000 and 2003 servers that she has no intention of upgrading on the short term. Walla – she saves on rack space, cooling costs, server hardware costs, etc.
  • Snapshot VMs – consider if this is one of your goals.
  • If HA (high availability) and snapshot’ing of VMs is important you will need to look at iSCSI SANs as a backend to the Virtual Servers in order to enable this functionality.
  • Consider HA with virtualization on your LAN. I have several credit unions that love this. They have long term goals of growing the environment to support FR needs,etc., but on the short term all they want to be able to do is server consolidation and have a more stable and reliable server infrastructure.
  • They want to be able to do server upgrades and patches and have instant recovery to application failures

I have worked with Joe Fletcher with Johns Hopkins Federal Credit Union for several years and I think one of the ways to review the value of a technology and a strategic path chosen is to see it in action. Joe is a strong IT credit union leader in the mid atlantic area and has experienced the following benefits from VMware virtualization and iSCSI SANs. Here is a listing of his successes:

  • Budget, he has been able to cut costs significantly because of the recent increase in web servers. His core processor is requiring the CU’s to provide more hardware for web based applications than ever before. My client has been able to virtualize all of these applications. He also upgraded many of his older servers to new version of Windows without the expense of buying physical hardware. Finally, he was able to build this environment in one budget cycle by adding the hardware costs for the core required web servers and reaching the same total as purchasing two LeftHand SAN’s, VMware enterprise licensing and HP Procurve Gig Switches.
  • He is thrilled with performance of the machines and the ease of setup, both on the VM and LeftHand side of the fence. VM to VM performance has been great; and he is upgrading core switching to increase the other performance. He has also been working with his core providers to virtualize other applications to improve performance.
  • Consolidation. With old core systems having to remain up for 6 years and a lack of space in general the ability to get rid of 15 servers has opened up the datacenter, making airflow better, making the DC cleaner and giving them room manage the servers without stepping over machines.
  • Disaster Recovery. This meets his overall goal of portability and recoverability. Eventually the branch office will have a replicated SAN and ESX hosts for recovery in the event of a disaster or more likely a small issue like power failure or hardware issues.

Drive IT Costs Down with Desktop Virtualization VDI

February 7, 2009

I almost forgot to mention that I have been excited about this concept of desktop virtualization for a long time. I have only 2 customers out of 40 credit unions who are fully deployed on thin clients using Citrix. The client side requirements for Citrix have usually made the technology a show stopper due to the raw horsepower needed from internal credit union IT staff and consultants to get all the mapped drives, printers, scanners, etc to work properly. Don’t get me wrong, I love Citrix. I have been a huge supporter of Citrix since back in the Winframe days. However, credit unions integration with Citrix has been definately flagged with a warning sign that says warning ‘jump dont dive’. 

The Vision has always been ooo sooo sweeet…..to have all clients cenrally managed like a Unix host. The concept of running a Credit Union on a Windows mainframe has always been appealing. Since most credit union have limited IT budgets and staffing possibilities; then the possibility of centrally managing workstation session has never ending appeal.

Recently I have personally witnessed the power of VDI – Microsoft Virtual Desktop Infrastructure with a CUSO client. I have had high hopes for VDI since I know that the ability to control client side devices is a world apart from Citrix and Terminal Services. This client of mine has integrated Symitar and VDI over a VPN connection to a remote office working multiple session and printing worked like a charm.

In addition to desktop virtualization mentioned above I have another client who is running Citrix servers in a full virtual server environment! This is exciting as well because most people will snuff at this idea. It is real and they are running 150 users in this environment on virtual Citrix servers with a LeftHand iSCSCI SAN.


The Myth of Managed Services (Full MSP vs Partial)

January 15, 2009

I talk a lot about Managed Services for credit unions. This should be no surprise. I want to be clear about what I mean when I talk about Managed Services. 

Sometimes I can hear people say, “Oh, I use Managed Services for security. …..Someone manages my firewalls and someone does my pen testing……… Someone does this and someone does that……..” 

I am not referring to this type of service at all. 

I am not suggesting that these services aren’t appropriate or warranted. In fact these services are critical as a part of one’s information security program. These are services are Partial MSPs and not Full.

With Full MSPs, I am referring to providers who are actually accountable for the security of your credit union. I am referring to an MSP that is responsible for the day to day operations of IT in addition to the compliance needs of the credit union. These are MSPs that actually can ‘stand in’ on behalf of the CU and answer questions for the auditors.

I hope this clarifies my meaning, and that if you have not been thinking of Managed Services in the context now you can.


Device-Focused MSPs Fail to Deliver Comprehensive IT Solutions to Credit Unions

January 1, 2009

I have had it with big companies attempting to monitor and manage small to medium business. Dell, HP, Ingram, and the list goes on, are now offering programs that only local businesses can deliver in a quality manner. And now Sonicwall has rolled out a managed security service. 

I am disheartened to see big vendors getting into Managed Services Programs (MSP). Big companies that stand up NOCs (somewhere) and try to deliver quality MSP services are not the route to success for a credit union. 

Credit Unions need to consider the following when selecting a good MSP:                                                                                     

  • How is third party due diligence  (covering insurance coverage, hiring, security controls, financials, etc.) handled? If your hard working IT manager has to rattle around to his vendors for this information then you have the wrong vendor.
  • What is the Disaster Recovery plan of the MSP? How can they help you?
  • How do they cover compliance and infrastructure?
  • Who owns them? Are they absent or involved?
  • Are they focused on growth for growth’s sake? Is there a reason for growing? What are their plans to handle growth?
  • Is the MSP focused on device management or is the MSP focused on being a trusted partner that will support the credit union from Architecture and Design all the way to Tier 1,2,3 IT operations support? 

I own a local MSP business that supports credit unions, and I strongly believe a credit union must partner with an MSP provider who has a vested local interest in the industry, the market, compliance needs, and all the other details and complexities that tend to escape large companies attempting to shoehorn “one size fits all” into the market. 

In my humble opinion, manufacturers of IT products like HP, Dell, Ingram and Sonicwall, should focus on building great products and less on delivering Managed Services.