In September 2017, data and analytics company Equifax made news because of a huge data preach. Data of close to 150 million customers, almost all in America, was exposed. This led not surprisingly to considerable controversy and criticism. Around June 2018, Bryson Koehler joined the company with the task amongst others to fix the problem and in restore trust and security. So how far he has come and what’s the way ahead ?
Govindraj Ethiraj: Tell us about the challenges you identified and have been working on since the time you joined Equifax and are newer technologies like artificial intelligence and cloud helping you to do all of that?
Bryson Koehler: Right! Well, cloud is the base of our next generation focus and the work we have been doing at Equifax began long before I arrived. The works ensured that we are the world’s most trusted place for data. You know, began and has been our main focus of the company for a long time now.
But the journey of the cloud really is going to help us accelerate us achieving that. The cloud enables us to provide consistent repeatability around how we build our technology, how we deploy it and security comes best when you have that repeatability. When you remove opportunities for human error, for differences to creep into the environment, the cloud helps us. To make sure we are really focused on repeatability and automation.
We have come a long way. We have launched a lot of technology already in the cloud. In fact here in India, we are running our Equifax Ignite analytics platform, our inner connect data exchange in decisioning platform, on the Cloud. We are well on our way with the new technology capabilities and restoring that trust. And really now focusing on the migration for our customers, in the applications that they use to make better decisions every day to the cloud environment.
What are the key lessons, just so that, for readers here who may not know the background ? What are the key lessons and takeaways from the breach that happened in September 2017 ? And how have you converted that into technology responses ?
So if you locate any time, somebody is gone through a problem with technology that has created a security issue. The story is very similar. You have to maintain your environment and you need to continuously invest, making sure that environment is up to the latest standards.
Those that are out to do harm against any technology environment, wake up every day and try to figure out - what can I do today to cause harm to whatever the system is, whatever the government is, whatever the company is ? They are trying to act against it. And anybody that runs technology should just recognise that. That job is never done. The job of maintaining a world-class environment certainly doesn’t end.
And the way I kind of talk about it is, in technology, we have to stop thinking about projects. We have to start thinking more about products. Projects start and end in a kind of legacy way of thinking about tech.
You start and end a project and then you take that team and you move on to the next thing but somebody has got to continuously maintain that project that you launched. But, if you think about a product, the product lives on and you add features to it. You add a new release to it. It grows and it grows. So, I would just say, that the biggest lesson that I can provide is do not launch projects.
When it comes to cyber-security and defence..?
You have to think about these products and those products constantly need care, they need feeding. They need upgrades. They need, you know, the latest capabilities around, whether its cyber-defence, security items or just looking at basic DDOS (denial of service projections. Those are not static. They change every day.
You said someone gets up in the morning wanting to cause you harm and you have to get up every morning, thinking of how you are you going to defend that? What trends are you seeing ? Are attacks going to get more sophisticated ? Are people getting more smart about it? And, therefore, how are you defending it, you or anyone in the space, let’s say a bank ?
Absolutely. I mean, we are pushing the envelope at Equifax around security, around our defence and around our measures that we have in place to detect and respond to things that are being attempted. All companies around the world are, you know, at various states of maturity, around how they do that. I think it will continuously get more complicated. The attackers are finding new ways to, you know, solve old problems.
The technologies in the past have been very focused on protecting the environment that they were installed on. I think, what has to change is, and we are seeing some of this already happened, especially in network defences. But I think we have to find a way to continuously share more data. If you think of the business Equifax is in, we are data exchange company. We operate exchanges around the world, where people can contribute information and if they contribute, they can then use that information to help people make better decisions. And, the same really goes to security.
If you think about, what a bank might learn on an average day, if you think about what Equifax learn on an average day, if you think about what an oil and gas company learns on an average day. How do we share that information, so that we can all learn from it ? Because what somebody sees on a Monday, the next company may see on a Tuesday. I think we are still too slow as a technology industry in sharing that information so that we can stay one step ahead of the hackers, of the bad guys, that are constantly out there to get us.
And are you able to better predict the attacks and behaviour? And are you able to better predict or understand anomalies’ behaviour on your own system?
We are. We have got incredible tooling insight that we have put in place and we continue to upgrade and add capabilities to. Machine learning is a part of that so that we continuously learn from it. We leverage a lot of third-party capabilities, where they are adding their expertise to the max. And, we have an incredible insight into what’s going on around the world.
We operate in 24 countries around the world. So we have a very complicated environment that requires a constant intelligence and it requires us to use the latest technologies, which is more and more machine learning infused. We have to leverage the power of the machines, of AI engines, to help us to detect and see what’s happening. What’s a real threat? What looks like a threat that isn’t? And, then leverage that technology to help us.
Because, there’s just simply too much data for humans to look at alone. So, our security teams leverage a lot of technology. It helps them sieve through that first layer, so that they are only really looking at the things that could be, you know, a true threat.
You do credit scoring for consumers and that’s a product that’s available in India as well. What’s on the horizon there, to me as a consumer who may access your dashboard or let’s say, a bank who may access the dashboard to know about me? What are the kinds of insights that are likely to come in future and can I as a consumer benefit from it and use it better to my advantage?
I think that’s a great question. There are two sides to it. One, how do we make sure that we help consumers really learn and understand what their financial situation is ? What is their credit? What are the items that we have been tracking, whether they have credit, whether they applied for credit?
How are those things impacting the score, how could they improve their scores? What are the things that we can do to help them? I think there is a huge education on the work we are focused on. One of the main goals of the year at Equifax is to make sure we become a very, very consumer-friendly, credit-reporting agency. We want to help.
So we are taking this opportunity with our technology refresh to put in all kinds of new applications, new systems, new tools that are going to be aimed specifically at putting the power of the information into the consumer’s hand and then letting that consumer to learn from it. The other thing people should expect is, we need to continuously find new sources of data, signals that would help us make smarter decisions.
If you take India, as an example, it’s only a very small percentage of the population will present enough information, enough history on purchasing or financial background to be able to have a credit score.
There’s a tremendous amount of upside that remains months and years ahead. We also have to figure out what do we do to make up for the fact, that in some cases, we don’t have history. So we don’t, we are not going to wait 7 or 10 years to create history on someone.
We have to find other synthetic opportunities to find new data sources and new signals that can help accelerate the time to market for those that are either unbanked or don’t have access to credit or the credit environment isn’t actually working for them. We need to help that improve. We are focused on what data sources we can find and use with the consumer’s consent, to help them improve their credit.
And that’s a specific effort in countries like India...?
It is a specific effort. Right.
Last question. So, you were CTO at IBM, IBM Watson & IBM Cloud earlier. Tell us what are some of the cool or exciting things that you think of when it comes to computing as an overall space? What it can do in the coming years or at least in the near future?
The excitement is just unbelievable right now. I mean, we are living in such an amazing time and really the only limitation is the speed of life. Everything else on earth is almost a solvable problem and its just exciting to see how data can be used in new ways?
How we can leverage the power of computational analytics, machine learning and deep learning, not to replace but to augment human intelligence ? And that’s really driving all kinds of new ways of thinking about how technology helps me make a better decision, have a better day, have a better life and be safer, be smarter and it is just absolutely an exciting time.
What I think from a technology perspective of really coming years is that we are gonna continue to see a migration of workloads to the clouds. I think, we will see countries and regulations continue to realise that cloud is actually a safer place for data. Its actually a safer place for computational analysis and workloads to run. The cloud is gonna really remove a lot of the barriers that we have in terms of growth of new ideas and acceleration of innovation.
Because today only about 20% of the world’s workloads are running in a complete cloud infrastructure. So we are still in a very early stage of the adoption of, what I believe is a truly, transformational, you know, foundation. And as we see other 80% of the workloads migrate over the next, say 10 years, I am absolutely excited to see what those companies that used to have constraints and now they don’t. They used to be focused on kind of maintaining the old and now they can focus on building the new.
There’s going to be so much of innovation and we are going to see that a few years into our lives in ways we have not even imagined yet.
That’s a wonderful note to end on. Thank you so much for speaking with me.