David Allen, chief technology officer at Inovant LLC, Visa International Inc.'s IT organization, has overseen the opening of a new 70,000-square-foot data center for payment processing and the rollout of an upgrade to the company's global antifraud system. Davis spoke with Computerworld Tuesday about the company's security initiatives and the IT challenges he faces.
What technology challenge keeps you up at night? The No. 1 technology challenge that keeps anyone up at night at Visa is continuing our unparalleled availability. As we introduce more and more change, and we are introducing change at an ever-increasing rate, keeping that going and developing systems architecture that are more permissive to change is what keeps me going.
Are you looking to open systems to help you with that? We use open systems very extensively. We have over 3,000 open-systems servers running as part of our production services. Any impression that we're just a mainframe shop would be an incorrect perception. All of our information-mining capabilities and data warehousing is 95 percent open systems. And most of our new development in terms of new capabilities is open-systems-based.
How are you bolstering encryption -- particularly when customers are more wary of identity theft and data theft? First of all, you have to look at the whole value chain, from the merchant through the issuer and back again. Visa's investing hundreds of millions of dollars a year along the entire stream of security and data-protection effort. Encryption is part of that, but it's not an answer all by itself. Today ... our messaging stream is unencrypted. And file exchange, that's almost always encrypted because those are the financial transactions.
We hear the cry out there, and we're not standing still. Where messaging on our private network is unencrypted today, I wouldn't expect it to stay that way. We're listening to the market.
When you say the "messaging," this is the same messaging you use to talk to merchants about, say, a tailored rewards program? This would be a [payment] authorization transaction.
Our private network, does it need to be encrypted? I don't know. Does it add to an overall improvement in the sense of security consumers and merchants feel? Probably. Has anyone ever heard of a private network being hacked that way? Not that I'm aware of.
Are you considering encrypting data at rest? Absolutely.
On disk and tape? Yep. We followed a lot of practices over time that separate key pieces of data that, even without encryption, tend to make them useless unless collated. Taking that aside, we've begun a program to encrypt our data at rest, and [we] expect to be rolling that out over the next couple of years.
Is the new operations center in Denver the largest you've built to date? Yes.
You have full redundancy in that data center. Do you plan to add that same type of redundancy to your other data centers? We do have a plan to upgrade our other centers. Exactly what they'll look like is still [to be determined]. We aren't beginning the next data center until we're finished with this particular operation. It's a big overhead to do.
What do you think the biggest challenge to the financial services industry is today? The consolidation that's gone on and payments in general ... I think poses some huge challenges. When you look at our industry specifically, the question of how to meet the needs of these megaplayers when you're a Visa and continue to serve the needs of vast number of others in the industry is the challenge. The top 10 merchants have 8 percent of PCE [personal consumer expenditure]. Clearly, the top 10 card-issuing banks have a huge percentage of the market. That's very different than the landscape was five years ago. The main challenge is to be able to continue to meet their needs and the needs of the smaller players in the market.
What technology is going to help you do that? I think the ability to provide low-cost, rapid customization. Obviously, we're going to have less customization for the smaller players than the big players. It's just a matter of scale. But they'll still require things that need customization.
Are smaller, start-up-type vendors helping you do that? Ultimately, they are. When we talk start-ups and Visa, we're very cautious about who we do business with and how with do business with them and how we introduce them into our technology base.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.