UBS Customer Story
In an average month, employees of the multinational financial services provider, UBS, receive more than 130 million emails in total. A good 70 percent of these, i.e. more than 90 million emails, are spam.
Along with his team, Markus Lickert, the Managing Director and Head of End User Services at UBS, is responsible for ensuring that the wheat is well and truly separated from the chaff.
Mr. Lickert, you and your team at UBS are responsible for end user services worldwide. What exactly does that entail?
Markus Lickert: We make sure that the roughly 90,000 users of the UBS Group’s IT infrastructure in over 55 countries around the world are able to work productively while also complying with the technological parameters defined by the Group.
Our team has a broad portfolio that includes delivering the strategy, implementation and support for all technologies needed by users within the bank in their day-to-day work. These range from the end user devices with their various operating systems, to applications in the area of unified communications and collaboration, right through to printers and the necessary infrastructure, such as video conferencing in meeting rooms.
How many end user devices are we talking about at UBS globally?
Lickert: There are more than 100,000 desktop PCs and laptops currently in use. On top of which there are more than 30,000 mobile devices – at present mainly company BlackBerrys, but increasingly also «bring your own» iOS end user devices.
A global bank with strong Swiss roots. 63,000 employees in more than 55 countries − that is the impressive global presence of the Swiss financial institution, UBS. The global bank with strong Swiss roots draws on its 150-year heritage to serve private, institutional and corporate clients worldwide, as well as retail clients in Switzerland.
How has the use of IT within the bank developed in recent years?
Lickert: It’s fair to say that the users are much more savvy in handling technology today than they were a few years ago. They know what the technology enables them to do, appreciate the possibilities and make active use of them. That naturally makes our job a lot easier, as users are already used to working with the tools that we offer them. But at the same time it also makes our job that bit harder.
What do you mean?
Lickert: Users have massive expectations of IT within the company because they compare the infrastructure available to them at the office with their setup at home. That’s entirely understandable, but not quite fair when you consider the additional challenges we need to face in a business environment.
"We join forces with the Security Engineers at Open Systems in constantly seeking to improve our filter methods and to introduce new processes and mechanisms so that we can improve our success rate − along with the user experience − even further."
Markus Lickert, Managing Director and Head of End User Services
Are you referring to the regulatory framework?
Lickert: Partly, but not just that. First and foremost it’s a case of being true to our own principles. For example, UBS demands the highest standards of reliability and confidentiality. Satisfying these in the global day-to-day business environment is a demanding task for IT.
Let us take a closer look at reliability and confidentiality…
Lickert: Reliability and confidentiality are key factors that underpin our business model. The workplace culture within a financial group is highly intellectual in nature and based on information which nowadays is practically only available digitally. If it is not possible to access some or all of this information, or if there are delays in accessing it, our ability to act is massively restricted.
When it comes to information security, UBS follows the highest professional standards to guarantee client confidentiality and to protect client data. That’s why we invest a lot of time and energy in defining, implementing and controlling data security standards and processes that are supposed to prevent unauthorized persons from seeing, using, changing or destroying this information.
And the requirements of the supervisory authorities?
Lickert: The regulatory requirements are highly complex and vary from country to country. However, in simple terms, we can say that the role of the regulators in the individual countries is to monitor that our activities are documented over several years and can be audited. This is another requirement that we naturally have to be sure to comply with ITwise at all times.
To satisfy both our own requirements and the regulatory ones, within our technology environment the data systems on which client data is stored are strictly segregated physically and geographically. Only the employees with the corresponding authorization actually have access to them.
And how do you raise awareness of this topic among users?
Lickert: We communicate the reasons for our setup and the defined processes transparently and comprehensibly, thus increasing understanding among users. We define our goal in relation to the users not in terms of «global happiness», but rather as «fit for purpose». In other words, we regularly ask users whether the technology available to them supports them in performing their tasks and achieving their performance objectives.
Your group is also globally responsible for email. What position does email occupy within the company?
Lickert: Email is the most important form of communication in our firm – worldwide. The fact that we are distributed geographically across a number of different time zones makes the efficient exchange of information by email a matter of great significance for all users.
Email communication certainly has great advantages and is very simple for people to use. Nevertheless, we are naturally aware that this form of communication also entails risks. As we see it, for example, email has no absolutely formal status as a legal medium. In other words, we assume that an email may not even reach the recipient or − if it has been sent unencrypted − that it is not absolutely confidential.
Our Code of Conduct sets out how we communicate internally and externally by email. For example, we are not permitted to exchange client data through the email system without encrypting it and we should not disclose any client-related issues in our emails. But it’s not just a matter of content: We sensitize employees to the fact that someone could be looking over their shoulder at the screen when they are writing an email or that they should not leave printouts of emails lying around on the printer.
In an average month, UBS employees receive more than 130 million emails in total. How do you ensure that you comply with all the requirements in this respect?
Lickert: Here too, it’s a question of strictly separating the data both geographically and physically and of having clear, country-specific rules governing user access.
How does that work exactly?
Lickert: The architecture of our global model is organized so that there are physically segregated zones. For example, we make a distinction between a red zone and a green zone. These are the zones in which we have established the highest possible security standards.
Where are incoming emails filtered?
Lickert: Emails are filtered before they are delivered to the user mailbox. This is a central function through which all unwanted emails, and also those infected with virus signatures, are eliminated and filtered out accordingly. We are talking about more than 70 percent spam. In an average month that equals just over 90 million emails.
How do you ensure that the distribution list is up to date?
Lickert: Management of email user data is performed directly via our central Identity Management System, which is linked to our HR system. It also records who is based where geographically within the company, which functions individual users have, and what authorizations they need to do their job. This additionally serves to regulate the access rights to IT systems, data and information.
You have been using the email filtering services of Open Systems for over 18 months now. The verdict?
Lickert: The services are highly reliable and stable and are ideally integrated into our email operations from a process point of view. We still have full control over the activities, enabling us to react really quickly if need be. From an operations viewpoint, I know from my colleagues that our 24×7 operational organization enjoys a lively exchange with the Open Systems Mission Control Center. I consider that a good sign.
In conceptual terms, we now have a strong foundation thanks to the Mission Control Email Shield. But it’s in the nature of things that a service of this kind will continually go on developing. It’s a «never ending story». That’s why we join forces with the Security Engineers at Open Systems in constantly seeking to refine our filter methods and to introduce new processes and mechanisms so that we can improve our success rate − along with the user experience − even further. During this collaboration, we find the Security Engineers at Open Systems to be genuine partners, who are both highly competent and open to continuously optimizing the existing service.
The evaluation of the deployment of Mission Control Security Services took just under two years. What ultimately led to you using Open Systems?
Lickert: It’s important to understand that we had managed over several years to raise the workflows with the previous filter system, Postini, to a very high maturity level. When it became clear to us that we would need to replace it with a new solution, it was important to maintain or even improve the quality for the users. What’s more, for the reasons previously mentioned regarding reliability and confidentiality and from a regulatory point of view, it was crucial that we find a Swiss-based solution.
Mission Control Security Services occupied a very good position in the quantitative evaluation catalogue right from the start. The second step was to get to know the company and its management better. We then spent several months monitoring how Open Systems is organized and how it moves in the market.
In addition, we spoke with existing clients to find out how they use the services and what they think of them.
These deliberations and references convinced us: Open Systems is a sound partner, with a profound understanding and mastery of the business, and which – as a Swiss company – is naturally also conscientious and has the culture required to do a top quality job
"Open Systems is a sound partner, with a profound understanding and mastery of the business, that is also conscientious and has the culture required to do a top quality job."
Markus Lickert, Managing Director and Head of End User Services