BBMC Mortgage based in Chicago, is one of the top mortgage banks in the Midwest. With branches throughout the continental United States they have grown by leaps and bounds since 2009. To onboard employees in the most efficient way possible BBMC turned to Access Business Technologies in Folsom, CA. Founded in 1999, ABT has been helping mortgage companies, banks and credit unions utilize the cloud to streamline IT infrastructure, reduce costs and improve security.
Like other well-known mortgage companies BBMC is a popular target for hackers. Therefore, BBMC has very deliberately done all it can to prevent data leakage and maintain the integrity of their systems. As new branches are brought into the organization new users must be given access to some of the most sensitive information in the company. Allowing employees to work remotely can leave the company susceptible to a security breach. BBMC wanted to give employees the flexibility to work from home without having to lug a laptop back and forth from the office.
With ABT’s MortgageWorkSpace™ BBMC found an elegant solution that provides a high-level security even when employees are accessing data from unknown machines. With MortgageWorkSpace BBMC has enabled a secure BYOD (Bring your own device) policy that meets and exceeds banking security guidelines. Security experts know that in a BYOD scenario one must assume that an employee’s personal device has already been compromised and is more than likely infected with malware.
When an employee is connecting to ABT’s remote desktop MortgageWorkSpace™ the only thing that's traversing that network is bitmap cache changes of the display, on the one hand, and keyboard and mouse movements on the other. That's it. It's a very light footprint, and it's a convenient way to work, especially at a distance.
As a secondary benefit, it is also very secure. In MortgageWorkSpace™, code existing on the remote computer is never transmitted to the client computer in any way except as images for the human user to see. Images, however, are things humans interpret and understand but computers typically do not.
With ABT’s solution, there is a natural delineation between what's personal and what's work related because it's like having two separate computers with very structured and highly monitored communication back and forth. So, an infected computer at home cannot propagate whatever it is that is infected with into Rakuten’s internal environment.
MortgageWorkSpace™ also happens to be very fast compared to other solutions such as using a VPN connection. In a typical VPN scenario, roaming road warriors would set up a connection back to their network drives. Generally, they will open up documents that are potentially halfway across the country and begin working on them, a process that often can be slow – especially when dealing with large documents. Because MortgageWorkSpace™ involves compact messaging between the client and the host machine, never attempting to transmit a document across the VPN, it provides a much faster, as well as more secure, way to work remotely.
According to Justin Kirsch of ABT, “Real security comes through network segregation. What makes MortgageWorkSpace such a great solution is malware doesn’t propagate through the RDP protocol. When you add a 2nd authentication layer MortgageWorkSpace becomes the ideal solution for mortgage companies who need scale up or down on a regular basis and meet strict compliance rules.”
MortgageWorkSpace™ enabled BBMC to grow from a single branch to over 700 employees with a very small support staff. ABT’s cloud engineers perform all software updates for programs like Encompass 360, Warehouse Loan System (WLS), Windows and Adobe saving BBMC hundreds of manpower hours each year. Before deploying MortgageWorkSpace™ support staff struggled supporting industry specific applications on a wide range of devices with different versions of operating systems and different hardware architecture.
ABT has been hosting mortgage specific applications like Encompass 360, PointCentral and BytePro in the cloud for over a decade. With the experience gained from hosting software in the cloud for over 1000 mortgage companies, banks and credit unions ABT knows how to configure mortgage software for optimal performance. With MortgageWorkSpace™ software updates can be rolled out to hundreds or thousands of users without ever having to touch their machines.
MortgageWorkSpace™ uses an advanced Web filtering system that enables company administrators to block users from accessing certain websites. According to ABT’s Hugo Gonzalez, “It’s about protecting your network from malicious activity, it’s about recouping lost productivity, and it’s about maximizing your bandwidth. Websites that are known to be harmful are blocked by default. BBMC administrators can “whitelist” or “blacklist” websites as they see fit.
Hugo is a big proponent of cloud security and sees Microsoft headed in the right direction in that regard. Due to high profile hacks of governmental systems over the past year, network security is once again receiving due attention. For this reason, Hugo tends to disagree with those who are concerned with putting their data in the cloud as being high risk. “Quite frankly I don't know how any company that's not the size of Microsoft can do a better job than Microsoft at securing that environment in the cloud.”
Hugo is able to reel off several key indicators of Microsoft’s particular attention to cloud security. For instance, while Windows Server 2012 allowed you to remove the GUI, decreasing the exploit vectors, Windows Server 2016 goes a step further and allows you to run it as a Nano Server, a lean mode for private clouds and datacenters administered remotely and with no local logon capability. Less code in the operating system, as Mark points out, means dramatically fewer attack vectors and a more secure operating system.