The last decade has seen a seismic shift toward digital banking. At Bank of America, the number of mobile banking customers has grown from 5 million to 30 million in that time. But to Brian Moynihan, the bank’s CEO, it still feels like the early days of digital adoption. And COVID-19, which has forced consumers to find online replacements for in-person tasks, is one reason.
Digital banking is now a lifeline for millions of people who rely on it to deposit checks, make payments and otherwise manage their finances from afar. At BofA, some $3 trillion in consumer payments now flow through its digital platforms each year. In the last quarter alone, says Moynihan, the bank saw some 5 billion logins through its mobile apps and website. To maintain a seamless experience, he says, BofA spends billions of dollars a year on its digital banking tools.
Moynihan recently sat down for a virtual fireside chat with Tanium co-founder and CEO Orion Hindawi and Maggie Wilderotter, the former CEO of telecom giant Frontier Communications, to talk about how consumers and businesses have adapted to the rapid shift to digital-first services, and how businesses are securing those services across countless digital contact points.
Below is an edited and condensed excerpt from their conversation. You can watch a recording of the webcast here.
A decade of digital change
Maggie Wilderotter (MW): Brian, you’ve been at the helm of Bank of America for a decade. Can you share some of the most important changes you’ve seen over the years?
Brian Moynihan (BM): When I became CEO, we had 305,000 people. We now have about 212,000 people. In all that change, the company’s gotten bigger, it has more transactions, it has more activity. That change has been enabled by a constant digitization of both internal processes and capabilities, and our customer interactions. Nowhere was that proven more than in the recent crisis, where we had to shut down a number of our branches for the safety of our teammates.
MW: Speaking of digitization, can you talk a little bit about the importance of security best practices and how you talk about that?
BM: We have almost 40 million digital customers. Then you go on the commercial side with our 500,000 cash pro users, which is a digital user interface to make payments. If your capabilities aren’t secure, users lose confidence.
And so we start from the top saying, we will be secure, we will have certain systems which are never down, whether it’s by intrusion or whether it’s by just a cable getting struck by a backhoe. If you lose that security either datawise, or operationally-wise, people quit using it.
Securing remote work
MW: Managing exponential growth of devices and the ability to have a trusted environment has accelerated with COVID. Orion, can you talk about your perspective on your customers’ remote work, and how they can keep their environment safe and secure?
Orion Hindawi (OH): Digitization has driven an explosion in the number of assets companies have to manage. A lot of customers have been able to pivot in COVID, recognizing they have a widely expanded set of problems. They were forced to do things in weeks that they could have otherwise taken years to do. What we’re seeing is a recognition that there really isn’t a lot of space for failure. Definitely not in security, in operations as well.
If you look at our average customer we walk into, they may have 30 or 40 tools on their endpoint, and most of them have no idea how many endpoints they have, where they are, what they’re doing, what vulnerabilities they have with the resolution that they need. We give them visibility and control, remove many point solutions and give them a simpler environment.
BM: Orion, just think about what you said and the reality of a company like ours. We deployed 100,000 laptops in four weeks to remote teammates. There were people who you would have never contemplated working with those devices at home. Then we gave them phones and stuff to enhance their functionality. So you start adding that all up. It was exponential. And by the way, the bad guys don’t take a back seat when there’s disruption. They’re at work too.
The environment we’re in today, the digital transformation, you need to be prepared for that. Think about the sheer amount of nodes, as Orion was saying. What happened in COVID is you saw that transactional switch move. People changed their behavior.
MW: Customer adoption has sped up, too, because of necessity.
BM: What we found is a lot of people tried things they never tried before. Twenty-five percent of all our new depositors are submitting checks through the mobile app, and they do it by just taking a picture. That’s important because as you start to change behavior it accelerates transformational change.
Zero trust has arrived
MW: Orion, you’ve said once companies learn you can move all workers to remote in days rather than years, you start thinking what might we do next. What are you seeing?
OH: One example is zero trust. That’s where no user or device, even a user or device known to your system, is allowed access to your network until it’s verified. Zero trust is something that we as an industry have been looking at for a long time. Endpoint enforcement is a principal way to get control of the security of the environment. A lot of people, if they’re going to be honest, thought enacting zero trust would take a decade. They thought that it was too much change.
Most people would say we’re doing it. With working from home and the shift there to VPN [virtual private network], there’s a shift toward being able to not necessarily trust the devices within a network. And that control is already driving a lot of IT and user behavior.
So I think the completion of zero trust is going to be a big one.
How to talk to your board about security
MW: During this pandemic CEOs, IT leaders and boards are all looking at enterprise risk and cybersecurity. Brian, what advice would you give to CSOs, CIOs, CTOs about communicating with their CEO and board of directors?
BM: CIOs, CISOs and CTOs already have tremendous discipline and processes around running technology operations. You have to have that same discipline and process in how you relate to your CEO and your board. You have to have dashboards, routines, coming at it every six months or every quarter or whatever, but planning that and keeping the board informed.
The reason you need this is you’re going to be asking for tremendous resources and capabilities. You’re going to ask to restrict activities that would go on in the company to make sure that they are completely secure. What they need to know is that you could show our process. It can’t be a mystery. It can’t be something people don’t understand. You have to be able to describe it simply. Because it’s all a business process. You have to give the board a sense of comfort and control.
Frankly, you’ll get your money faster than you will by trying to say the world could come to an end tomorrow. We all know that. That’s not additive. You’re going to make it not happen.
The challenges of 5G
MW: Orion, as we go to 5G and edge computing, as we start to distribute data, how do you think about that? What are the tools and capabilities you’re going to need to deliver to Brian’s team in order to make sure that responses are instantaneous and secure?
OH: It’s very interesting. We talked to a lot of our partners and customers about where they see the next 10 years going. And when we started talking to people about chips in clothing and chips in people, sensor dust, all these little chips flying around that are minuscule and they all need to be managed. We need to be able to provide manageability and security that keeps up with that.
It’s funny. When we started this company 13 years ago, the concept that anyone would be managing a million devices in one place was an incredible concept. If you extrapolate what we’re already seeing with 5G, with IoT, companies that used to manage hundreds of things are going to be managing millions of things soon.
Think about a car dealership or small company that used to have a hundred computers that now potentially will be managing millions of chips. And we think about companies like BofA that are used to managing hundreds of thousands of things or millions of things, potentially getting to hundreds of billions of things that they need to manage.
If security is not there, the entire thing just falls apart. And so, if you want to synthesize the mission of our company down to one thing, it’s giving our customers the headroom so that they can make those technological leaps and know that we’re there to catch them.