The phone rings. A quick look at the caller ID reveals that the Social Security Administration is calling. The conversation goes something like this:
“Hello, I’m calling from the Social Security Administration. How can we help you today?”
“I don’t know, you called me.”
“Why don’t you just give me your social security number and we can take a look.”
This, obviously, is where the conversation should end.
These kinds of exchanges happen every day, where more and more people are subject to phishing scams, fraudulent requests for passwords or other identifying details, malware and ransomware. Businesses face the same threats, but the repercussions are on a much larger scale.
Michael Kolbrener, chief technology officer at PromonTech, recently received a similar call. Although threats are real and common, he said that businesses have been slow to recognize the true risk and possible solutions.
“For small and mid-sized companies, sometimes there’s still a false impression about how you secure data—even for large companies, sometimes—but they’re starting to realize how to adopt technologies that’ll improve the security of their data.”
One of those ways is by using cloud-based solutions, such as a virtual desktop.
Virtial desktops are accessible through client software installed directly on an endpoint, which presents the desktop to the user and allows them to interact with it using a keyboard, mouse, touchscreen, and peripherals. Virtual desktop clients are available for a wide variety of devices, including PCs, thin client hardware, tablets, smartphones, and Raspberry Pi.
With this kind of setup, the device that sits in an office connects to cloud-based infrastructure that presents a desktop experience. The actual processing power occurs offsite at a host, not on the local device, and images of that activity are sent back to the user via their desktop device. The virtial desktop can be accessed from anywhere with internet connecttivitiy, and can be done securely. This is also the idea behind browser-based software; all the processing power and ownership exists at the data center, and the local machine is just presenting a visualization of it. This desktop virtualization is also referred to as desktop as a service (DaaS).
Why is this useful to a mortgage originator?
While these choices may be out of the hands of originators who work at larger companies, managers who are in charge of smaller shops have a real responsibility to determine the best way to store client data. Using desktop as a service also enhances the ability to roll out software users and permissions much easier, Kolbrener said.
“It’s a good way of maintaining identity access and permissions for users, but also, the data never leaves the data center. It’s not on the local machine. And that’s really why we like it, because now, you’re relying on the security of the data center, which is likely way more secure than somebody’s office.”
This is of particular importance to smaller broker shops and lenders; their technology budget—if one does, in fact, exist—might not include security at all, and there’s just no way that the safeguards in place locally are in any way comparable to those of a large data center. There are not only virtual safeguards, firewalls and so on, but also physical security, such as armed guards.
Kolbrener said that the current marketplace has a very broad range of diverse company types, and that the size and amount of investment has a lot to do with financial ability and available resources.
“If they’re non-bank and they’re not really audited that much, then they probably don’t have an appreciation for the things that would improve the security of their environments. It’s probably only after they have experienced a problem that they start to think about what they could be doing in order to improve the security and efficiency of their technology environments,” he said.
Vic Pepe, managing partner at D&M Enterprise Group adds that they have mortgage clients with 100% of their desktop and server infrastructire in the cloud.
"They are gaining a competitive edge by allowing for faster expansion and contraction, while achieving maximum security and flexibility."
Changing the way a mortgage company stores data also requires a change in the way people think about business and security, and in the past decade, remote storage has been much more readily adopted. Companies like Ellie Mae, Kolbrener said, have done a good job moving their data to the cloud, and other lenders are moving to more browser-based solutions to avoid data being stored locally.
Of course, the caveat is that just because data is more secure doesn’t mean that it’s completely secure.
“People ask me . . . if I can guarantee their security. I don’t think anybody should talk using that language,” Kolbrener said. “We should say, ‘this requires an active engagement to ensure that we’re constantly making an effort to handle people’s data with caution.’”