Santander Group’s record profits of EUR 9,605 million in 2022, and the banking sector in general, have been in the news lately and this is due to multiple factors 👇.
The rise in interest rates 📈 after years of being frozen at tremendously low levels, even at zero, has a positive effect in the short term on the balance sheet, but there are many other elements that help to obtain profits. It is these elements that make the difference in terms of the competitiveness of different banks.
The optimization of costs and resources in the management of Information Technology (IT) services is one of these differential factors.
In this article, we present a real-life success story of cost and resource optimization in IT in a global environment and show how we have tackled the always problematic issue of data segregation.
Of course, respecting and complying with the complex and very different legislation in the different regions in which the Santander Group operates, thus avoiding possible fines, sometimes in the multi-millions of dollars.
IT Service Management
When any multinational company addresses the issue of managing the IT resources and activities that enable technology teams to perform their function, there are two different approaches, each with its associated advantages and disadvantages.
|Approach||Pros ✅||Cons ❌|
|Local 📍||Every region is organized independently and where the use of different tools and processes is feasible.||Enormous flexibility to address the specific needs of each region.||Difficult to carry out global reporting due to data being housed in different tools and from different technologies where, in fact, processes are not consolidated.|
|Global 🌎||Where global processes are defined and implemented in the same technology, in a homogeneous way in the multinational.||It allows to unify of processes in a more efficient way and generates potential savings in the development of the solution, in the configuration of the solution, and in the cost of licensing the single technology used.||New issues emerge, e.g. global governance of processes, global access to technology, global identity, etc.|
At Santander Group, we are committed to a global approach 🌏 in terms of the use of a single technology and a single technological platform on which to offer IT services, which is accessed by both end users to register their incidents and requests and by technical users to deal with them. In addition, changes that affect applications and technological infrastructure are registered, following the established processes.
We are also committed to offering a series of global services, allowing each region and country of the Group to implement their local services, adapted to their specific needs, achieving communication and IT homogenization among all the actors.
With this hybrid approach to IT service management, we exploit most of the advantages of both approaches, but we also address many of the challenges associated with each model. In the following, we will focus on one of them, the need to segregate data.
A big challenge in Santander’s IT management: Data Segregation
At Grupo Santander, we operate in a highly regulated sector with very strict cybersecurity standards to comply with in all regions and countries.
In addition, at Santander, we establish very strong service level requirements, which seek excellence, well above what is required by the regulatory controls that apply to us.
On the other hand, the organizational structure of the technology teams is not always as simple and stable as would be desirable on the part of those who maintain the global IT management platform.
All this, coupled with the hybrid model of local and global support and development teams, which has proven to be optimal from a cost and quality point of view, makes the issue of data segregation, i.e. defining who can see what, an extremely complex yet exciting challenge.
What the use of a private technology offers
In the world of IT management, it is most common to work with one of the many private technologies on the market that provide a framework for the different processes that each customer configures to meet their specific needs.
These technologies offer different functionalities to determine what visibility each user has over infrastructure elements, applications, and associated tickets.
These capabilities meet the needs of most businesses very well, but they have a number of limitations that prevent them from being used for our hybrid working model and in our complex context of different regulators.
For example, they usually offer functionalities that allow:
- Define different domains where users, infrastructure elements, applications, tickets, etc. are associated.
- Establish visibility rules between these domains.
This might seem like a good solution, but in our working model, we have many different cases that are not covered.
For example, a ticket that is opened locally in a domain is sometimes resolved within that domain, or by support groups working in a domain with visibility of the initial one, but it also happens that this ticket travels to a different domain, which should have visibility of that ticket and only of that ticket and not of the many others that were resolved locally in the original domain or the associated support domains.
Normally, these technologies allow other options for filtering the data that each user can see, but they never offer the flexibility that the Santander Group needs for efficiency and regulation.
What solution do we provide in Santander 🤩
The solution to these limitations, as on so many occasions, is the ingenuity, imagination, and high competence of our teams.
In this case, a tailor-made solution has been built on the platform and has evolved over time.
What our technical solution looks like
We started with a solution based on assigning “companies” both to the users of the system, based on the company and groups they belonged to, and to the tickets, based on their lifecycle, including, of course, resolving groups.
Subsequently, we forced a mandatory query for each database query where we added that there must be a “match” between the companies assigned to the user and those assigned to the ticket.
Then we extended the scope of the solution to cover other specific use cases that we were presented with:
- Provider companies have an additional restriction to display only tickets assigned to one of the provider’s groups.
- Audit tool-related tickets, which should only be visible to a limited set of groups that resolve them.
After some time working with this solution, we have recently developed a new version of the solution in which we have modified its core.
The operation, broadly speaking, is identical to the previous version, i.e. only those tickets and configuration items are shown to users where there is a “match” between what is registered in the user and what is registered in the ticket.
How and why have we modified the core of the solution?
- To improve performance: databases “suffer” more the more “OR” conditions are used. To perform these “matches”, the technology we use only allows us to build queries of the type:
companies_with_ticket_visibility_contains_company1_of_the_user OR companies_with_ticket_visibility_contains_company2_of_the_user OR …
These queries make performance worse as the user has visibility of more companies, as the number of ROs grows.
- To incorporate additional business requirements: we have already mentioned the complexity of internal structures in large organizations. Given this complexity, the “company” level of granularity fell short of fully satisfying all business requirements.
Sometimes, it is not necessary to provide visibility of all tickets in a company to certain users, but only to a subset of them associated with an overall tower or product.
✅ Advantages of the new version of Santander
To address both issues, we decided to change the concept by which the “match” is established, from “company” to “domain“, a domain is a much broader concept that includes the previous concept of the company, but also includes other meanings such as:
- Support type domain
- Tower or global product type domain*.
*Santander’s technology area is structured in towers and global products, which make it possible to provide services and products that cut across the organization.
Taking advantage of the change, we further refined the logic of assigning domains to users based on the groups to which they belong, bringing precision to the solution.
This new version, which will recently be deployed in the production environment, therefore brings with it 3 fundamental advantages:
- Coverage of new business needs.
- Substantial improvement in performance. Where before, for a user supporting multiple companies, numerous “ORs” were added, now, with the concept of support type domains, the number of “ORs” in database queries is substantially reduced.
- Extensible solution. We have moved from a model governed only by the concept of “company” to a model based on “domains”, where a domain initially has a meaning that encompasses 3 concepts, but is extensible to future new needs.
🙌 We are looking forward to the production date as soon as possible and are very confident that we will add value to the platform used for IT Service Management.
By reducing the risk of non-compliance with the increasingly strict controls and regulations in the sector and therefore avoiding the financial and reputational damage associated with this non-compliance for the Santander Group.
Another business case that we are proud of and that we have developed in Santander is the improvement of our App thanks to the UX. Do you want to know what improvements we have implemented? 👈👈
Santander Digital Services is a company belonging to Grupo Santander, which is based in Madrid and has more than 7,000 employees. We are working to move Santander towards a Digital Bank with branches.
Take a look at the current vacancies here and join this amazing team and Be Tech! with Santander 🚀
Follow us on LinkedIn and Instagram.