Corporate Technology Rebuild

Develop and implement technology strategy for Auto Loan origination and servicing company. Replace end-of-life and end-of-support systems and applications and deliver robust, scalable, highly available and secure platforms to drive business efficiency and compliance readiness. This included rebuilding all business and corporate systems.

Inherited environment:

Business systems:

Loan Management System: Hosted on server software that was 3 revisions behind current and End-of-Life. Application access controls were insecure allowing majority of users full admin level access. Application version was 3 major releases behind and could only be upgraded one version due to OS level restrictions. Limited automation, security vulnerabilities and improper access control provisions.

Accounting system was 4 major releases out of date at the OS level and 6 at the application level. Application upgrades were not possible until OS was upgraded. Limited automation, security vulnerabilities and improper access control provisions.

Contact-center dialer - Application was 3 major releases out of date and OS was as well. Required OS upgrade to resolve application upgrade path restrictions. Limited automation, security vulnerabilities and improper access control provisions.

Document Management System: Again, 3 OS versions out of date and restricted on application upgrades until resolved. Limited automation, security vulnerabilities and improper access control provisions.

Loan Origination platform: Was a SaaS product, but no access control policies or reviews. Unencrypted integration into on-premise Loan Management system. No document level integration to store/maintain contract details.

Corporate systems:

Active Directory: Domain controllers were 3 major releases out of date at OS level, end-of-life and had major security vulnerabilities that were not resolvable until upgraded.

File server\ User share drive: Frankenstein's monster. Apparently at one point there were 3 separate file servers, but they had all been consolidated to one improperly. The old servers' drives were improperly repointed to the new server (virtual) and not consistently recognized by the OS, causing access interruptions and data loss.

Unified communications: Did not exist. Phone system was out of date, not cost effective, standalone with no integration into other communication channels and restricted remote work support. Average device to user cost was over $225.

Data pipeline: There were three ISP data lines, but only 1 was active and it was 40% of the speed of the primary line.

Server racks: No labeling of network cables, server names had not been updated, unused equipment still in racks with power and network cables still active.

Access control badging system: Not updated, no role-based provisioning, no account management, no visitor ID management and no documentation.

3rd party hosted/external sites: Access controls were left to the Business units and no policies for provisioning or deprovisioning existed. Admin accounts were still named/affiliated with employees that left the company, often non-voluntarily, several years prior and systems had PII data including full SSN, First and Last names, addresses and other customer details. No role-based access controls either. Requests for access could be email, verbal or anything basically.

Virus and threat detection software: Did not exist

Data protection monitoring/enforcement: Did not exist

Modernization project end results:

Business systems -

Loan Management System: Migrated to SaaS product that improved access controls, whitelisted and integrated to MFA/SSO solution to restrict external accesses. Introduced workflow automations and controls to deliver consistent and regulatory compliant results and eliminate human errors and risks. Improved scalability and delivered 99.999% uptime.

Accounting system: Migrated to SaaS product native to Azure. Improved security and access controls, eliminated 3rd party vendor management team responsible for managing previous on-premise solution to reduce costs as well as aged equipment and software. Introduced workflow automation and controls to improve accuracy and efficiency of accounting processes.

Contact-center dialer - Migrated to SaaS product that allowed more robust integration with Loan Management solution, improve security and introduced improved automations and reporting capabilities. Improved management of accounts, resources and campaigns to deliver better operational results to clients and more cost savings. Improved access controls and delivered PCI-DSS and SOC2 compliant solution to the business.

Document Management System: Company had an account with a SaaS solution, just were not using it. Migrated all regulatory required data to the solution. Redesigned the organizational structure of the data to align with new organizational structure of the company. Implemented Role-based access controls, integrated to MFA/SSO solution, IP Whitelisting and conducted access review for external users to align with Cybersecurity policy. Introduced workflow automation to reduce delays in new account onboarding, cross department approvals and data visibility to customers.

Loan Origination platform: Migrated to new SaaS solution with IP Whitelisting and MFA access controls. Securely integrated with Loan Management platform to improve data privacy and controls. Integrated with Document Management system to automate customer loan document management and align with regulatory retention requirements.

Corporate systems:

Active Directory: Migrated to Azure AD and inactivated all dormant users and groups. Implemented role-based provisioning of users and improved security posture through updated policies and controls.

File server\ User share drive: Migrated to SaaS solution with improved security controls, MFA/SSO integration and IP Whitelisting restrictions to reduce cyber risks. Leveraged native backup solution to secure data in alternate locations. Implemented automation controls to align with retention requirements from regulatory agencies.

Unified communications: Leveraged Microsoft Teams as back-office phone solution. Fully integrated and true Unified Communications solution to better position company for Remote work and integrate VM to email. Reduced average cost of phone/user from $225 to $15 monthly.

Data pipeline: Redesigned network to include all data ingress points and improve speed by 250% to end users. Established redundant paths to improve Business Continuity and eliminate single point of failure. Eventually eliminated 3rd data line, upgraded secondary to match speed of primary and reduced overall costs by 20%.

Server racks: Eliminated servers entirely and eliminated heating/cooling requirements, generator and UPS requirements and enabled business to migrate to a new building and save over 60% per month in lease costs and a total of 80% of monthly facilities costs.

Access control badging system: Implemented new system and integrated into Access Controls to provide more security, reporting and role-based accesses to secure areas. SaaS based platform that provided built in DR/BCP options.

3rd party hosted/external sites: Transferred access controls to IT. Established formal request processes, built role-based policies and controls, provisioning/deprovisioning policies. Updated Admin accounts to corporate level accounts centrally controlled and protected in password vault. Resulted in SOC2 compliant solution.

Virus and threat detection software: Implemented AV and device protection solution integrated with 3rd party MSSP processes and vulnerability management processes.

Data protection monitoring/enforcement: Implemented data controls and policies to identify and restrict accesses, movement and deletion of data and provide reporting of all file level actions.