Combining Cloud and Culture Change for Company Sustainability
A conversation with Bryson Koehler, Chief Technology Officer at Equifax
After a data breach in 2017, the multinational credit-reporting and data analytics company Equifax started a total cultural and technological transformation toward becoming cloud-native. Once the transition is complete, the company will have moved all its data and applications to the cloud and closed 25 massive data centers worldwide. As CTO, Bryson Koehler is overseeing the journey.
In this conversation with AWS Enterprise Strategist Miriam McLemore, Koehler, who joined the company in 2018, emphasizes that Equifax’s decision to go cloud-native was not only a technical change but a cultural one. He discusses “baking security in” rather than “bolting it on at the end” of the process, building trust with customers and working with them to leverage the changes, and the incredible increase in the speed of innovation and launching of new products the cloud has enabled.
Miriam McLemore: Bryson, can you tell us about your background and your role at Equifax?
Bryson Koehler: I’m a geek at heart. I have loved technology since I was eight years old, and I’ve spent my career helping companies leverage technology to achieve better outcomes and transform who they are and how they work. My role as CTO is to look after all the things we’re doing with technology and our products globally to help Equifax continue its journey.
Miriam McLemore: You joined Equifax in 2018 at a tough time for the company. Tell us about that.
Bryson Koehler: I love hard problems, as good engineers do; the harder the problem, the more exciting. I joined shortly after Mark Begor, our CEO. I signed up to help reinvent Equifax and bring back trust to our customers and consumers so that they would continue to share their most precious data with us. We are a data and decision-intelligence company, so if we don’t have trust in how we collect, store, and use data, then we can’t continue to solve problems and make better decisions with our customers. So that’s why I joined, to help put Equifax on that track using technology.
Miriam McLemore: Can you share what happened?
Bryson Koehler: In the summer of 2017, Equifax experienced a data security breach by a state actor. It was a very sophisticated attack on the company that galvanized a transformation in how Equifax operated and how we thought about not just technology but also our culture, people, and products.
Miriam McLemore: Equifax could have just holed up and invested internally, but instead, you’ve gone aggressively toward cloud.
Bryson Koehler: Yes. When I arrived, we had a stated course of patching the current systems and getting them to the right level of maintenance. And my opinion, working with Mark and the rest of the senior leadership team, was that we were missing an opportunity to set Equifax up for a sustainable future. It’s one thing to invest in where you need to be, but another to set the company up for sustainability. The cloud really enables an evergreen mindset of staying current, and it requires changing the culture to embrace a destroy-and-deploy approach so that you’re always using the latest systems.
It’s one thing to invest in where you need to be, but another to make sure you’re setting the company up for sustainability. The cloud really enables an evergreen mindset of always being current.”
Miriam McLemore: How did going cloud-native help move you toward your goal of becoming a leader in security?
Bryson Koehler: To be a leader in security, you have to bake it into engineering practices, process discipline, repeatable software engineering, and deployment. You can’t bolt it on at the end.
Leveraging the infinite horizontal scalability of the cloud lets us rethink our data and use best-of-breed encryption and cloud computing to provide an end-to-end view of data governance and solve problems we couldn’t solve the old way.
That cloud-native mindset is not a lift-and-shift. It’s not just moving the hosting location from on-prem to cloud. It’s a mindset that says, “We need to think about who we are and rebuild.” And we’ve done that. On average, we’ve decommissioned two applications for every one we’ve rebuilt, which has let us close 12 data centers so far. That helps us not just to move the old, but get rid of it.
That cloud-native mindset is not a lift-and-shift. It’s not just moving the hosting location from on-prem to cloud. It’s a mindset that says, ‘We need to think about who we are and rebuild’.”
Miriam McLemore: I saw a quote in one description of the Equifax cloud that said, “Putting a car on a race track does not make it a race car. And putting an application in a cloud provider does not make it cloud-native.”
Bryson Koehler: That’s a real trap. The benefit of the cloud is to always be on—to leverage multi-availability zones and multiple regions, build in engineering that expects failure, and bake that into how you work. Old legacy applications aren’t built for that. If you just lift and shift, you usually end up with a lower-performing application and higher costs. You have to take the time to do that cloud-native work.
You hear us talk about our cloud journey because there’s a difference between going to the cloud and investing the time and attention into a cloud-native journey.
Miriam McLemore: I hear you describe Equifax as a data analytics and technology company. That’s also a transformation.
Bryson Koehler: It is. We thought of ourselves as a data and analytics company, and I wanted to add technology to that mindset. It wasn’t to change who we were. We always had technology. It was mostly about the culture. Technology companies have a different culture—they’re constantly thinking about continuous integration and continuous deployment. It’s an iterative, fast-paced culture. Going to the cloud is as much about people as it is about the technology, probably more so, and being able to think like a technology company was as important internally as it was externally. Our people don’t think about releasing a new product once a quarter; they think about releasing once a day or once an hour in a continuous, iterative fashion.
Miriam McLemore: And to your point, if you’re not a technology company, there is a tendency to bolt security on at the end versus thinking about it every day in what you’re developing. And for Equifax, that was core to earning back trust.
Bryson Koehler: Absolutely, because it’s way more than just encrypting data. It’s about using data and encryption keys, and whether those keys are managed by you or the customer, and who’s trusting you with the data, and whether customers trust how you’ll use the data, and making sure that flows all the way through, whether it’s a machine-learning model running in production or a data scientist interrogating that element of the data. Did they have the right data? Are they using it the right way? Are they combining it with the right things?
Regulation is changing every day and getting more complicated around data use and data rights. We needed to build a system where regulation was a configuration, not a rebuild every time something changed.
Most executives need to be somewhat technical…You can't be successful today and say, "I'm not technical." You don't get that pass.”
Miriam McLemore: There's a lot of ways to adopt cloud, and Equifax chose to go cloud-native. Can you talk about the decision process you went through?
Bryson Koehler: I think it's a really important topic because there's so much talk about cloud but what does that really mean? You could certainly leverage cloud as a different place to host your applications, or you could adopt cloud as a mindset, as a way of life. When you think about the companies that we're competing with, especially in the FinTech space – the startup, the agile, nimble players – they're building from the ground up as cloud-native.
They don't have legacy baggage. They're not stuck in an old and new world. They're just in the new. So if we want to be nimble, if we want to embrace and then receive all of the benefits that cloud provides, we can't half do it. The cloud provides the concept of availability zones or regions, infinite horizontal scalability, consistency of infrastructure, the ability for me to treat infrastructure as code, the ability for me to spin up and spin down environments without having to worry about utilization. I'm paying somebody else to worry about all of that. If I'm in a legacy hybrid world, I don't have consistency of infrastructure. I have a lot of different generations of equipment that I'm dealing with and I'm not really going to optimize on anything. I'm going to spend all of my time trying to get it to work.
And so, for Equifax, going into a full cloud-native rebuild, that was an opportunity for us to leapfrog the competition. That was an opportunity for us to really put to rest all of our legacy infrastructure.
Miriam McLemore: You and I as technologists understand that, but not all of your leadership peers maybe have the depth of understanding of some of those benefits. How do you talk to your peers about technology transformation?
Bryson Koehler: Most companies today are technology companies, or they need to at least think of themselves as technology companies. That means that most executives need to be somewhat technical. So I view part of my job as making sure that there's a level of technical understanding across the entire senior leadership team and across all of our teams. You can't be successful today and say, "I'm not technical." You don't get that pass. Nobody gets that pass. Not everybody needs to know how to code, but we need to have some level of technical knowledge. Some of that is on the CIO or the CTO to do – to spend time and whiteboard it out and explain it in a common language that business leaders can understand. We all need to work together.
I need my finance partners to understand unit cost management. You have to realize that, if the village comes along, the technology investments are going to have a greater ROI than if technology is just off doing it by themselves. So, I really believe that the CTO or the CIO's role is to make sure that the entire C-suite is understanding what cloud-native really is and why it is a better solution.
Miriam McLemore: What is Equifax doing to help customers access and leverage the new products it’s delivering?
Bryson Koehler: We built trust through a lot of very technical, detailed, architectural conversations—lots of show and tell, then prove. And in some cases, disbelief turned into invitations to come back to help. That was really inspiring for the team because we went from feeling like we were behind to being respected by our customers as leaders. I think now we’re the most advanced regulated data company on the public cloud.
Many great companies leverage the cloud, but I think Equifax is in a different league because we’re a global company that works with highly regulated data sets, and that’s a different bar. We operate in 26 countries, and in each, we are highly regulated, which is a technical challenge. But as we have met that challenge, we’ve built confidence, in the financial services industry and beyond, that the cloud is the place to solve their most difficult technical challenges.
Miriam McLemore: What can you do for customers now that was challenging before?
Bryson Koehler: We still have some last-mile work to do, like migrating the rest of our customer base and decommissioning the legacy estate. Building something new is difficult, but in some ways, it’s easier than turning off something old. But we have to stay focused on that, because the benefits we want in velocity and pace of innovation are going to come when we can free the team from having to mind the legacy store. And we launched more new products last year, even with everything going on in the world, than at any other point in Equifax’s history; ever.
We launched more new products last year, even with everything going on in the world, than at any other point in Equifax’s history. That’s testament to the speed of innovation the cloud enables.”
Miriam McLemore: Tell us more about that.
Bryson Koehler: Now we can innovate. We’re doing 160 to 165 production builds a day across Equifax, up from maybe one a week. So our CICD (continuous integration, continuous delivery) pipeline provides massive velocity improvements. That helps us lower risk, improve customer satisfaction, and stay safer. Every time we deploy the latest build instead of bolting on later helps increase security.
Miriam McLemore: That was not only a massive technology change but also a cultural change because I’m sure some people were used to getting a report a certain way or having something work a certain way. How did you go about effecting the cultural transformation?
Bryson Koehler: This is more of a people journey than a technology one. With partners like Amazon, we’re not inventing technology. We’re inventing ways to use the technology and leverage its capabilities. We are unique in how we’ve stitched things together and how we’ve deployed the technology in a highly automated, secure way. But not having to invent the technology let us pay attention to the people side. We had more than 8,500 FTEs and contractors around the world at the peak of our transformation. That’s a lot of people to align on where we’re going, so we wrote an engineering handbook, which is the bible for technology and process.
And all our people read it. We take a test on it and make sure we’re living by it. We grade ourselves on how well teams are living by it. We’ve got more than 750 cloud-certified engineers at Equifax now. And we’ve refreshed a good portion of the team; people who’ve done this before teach those who haven’t.
As a leader, I look to do three things. One, I want you to love what you do. Two, I want to set you up for success. And three, I want to make you more employable. Part of making you more employable is teaching you the skills, and the skills of cloud are not just the technical skills; they include the way of working.
This is more of a people journey than a technology one. With partners like Amazon, we’re not inventing technology. We’re inventing ways to use the technology and leverage its capabilities.”