Some 60 percent of Western Union employees are millennials who fit the mold of individuals who will find the tools they need to perform their work most efficiently. By providing access to Box, Bartholomy says he is helping IT avoid the risk. "If you don't have an enterprise solution in a space, and you try to block everything, people will find a way," to consume the technologies they need, Bartholomy says. "Security is taking a seat at the table and trying to drive innovation through these projects."
Box competes in a broad market with Microsoft, Dropbox, Google and dozens of other vendors. Bartholomy says Box’ adherence to PCI, the payment card protocol, was a big selling point in the deal. Also crucial was Box’ automated retention capabilities, a big improvement over the company’s traditional approach of manually classifying records as those that can be shared externally versus kept in-house. Another reason: Box’ APIs integrate well with Okta, Jive and other cloud tools.
Now Bartholomy is trying to phase out the large pockets of existing file-synch technologies, including LAN-sharing and SharePoint sites. He says Western Union has a multi-year roadmap with which to migrate data to Box from those legacy tools. Ultimately, he expects Box to become the company’s de facto enterprise content management system.
Tracking unsanctioned cloud apps
Despite Western Union's proactive approach to enable end-user computing, shadow IT remains a concern for the company. Although it does not plan to block all unsanctioned software, it knows exactly what is being used at all times with the help of Skyhigh Networks, a cloud security platform companies license to track what SaaS tools employees are consuming as well as how much data they are generating. Bartholomy won't name how many cloud apps employees are using but noted the number is high. “It’s eye opening but also very valuable,” he says.
Bartholomy says the end-user technology unit also works with the broader IT unit on corporate technology strategy, including implementing other cloud solutions, such as Workday. While the company consumes a lot of cloud software for a financial services firm, it doesn’t adopt cloud casually. Like any other vendor Western Union works with, SaaS providers go through a risk assessment process to ensure that they meet the company’s rigorous security standards.
"Because we are in a financial services organization, compliance is a big part of what we do so making sure that those vendors are doing all of the right things to make sure that we feel good about using them,” Bartholomy says.
Sign up for CIO Asia eNewsletters.