Airwallex used data-driven approach to justify high-spec hardware

Airwallex's IT team has used a data-driven approach to re-evaluate the company's hardware choices for engineers, helping it justify the purchase of higher-grade gear. 

Vice President of Information Security and IT Elliot Colquhoun told the iTnews Podcast that the work was initiated after engineers reported development environments were running slowly on local machines. 

“We didn't have a lot of data to go on to actually understand why that was the case,” Colquhoun said. 

“I think the normal IT reactionary response would be to just go and buy devices that have slightly more memory, so let's order 32GB RAM machines instead of our 16GB ones. 

“But we wanted to actually more deeply understand the problem.” 

Colquhoun’s team set up device performance monitoring on the endpoints to track CPU, memory and disk usage, as well as device age and other metrics. 

“What we found when we looked at the data was that buying 32GB RAM machines probably actually wasn't going to be sufficient, and that instead, it was worthwhile for us to pay the extra to actually go for 64GB RAM machines,” he said. 

“We had this data that showed what the productivity impact was of having machines that just didn't have enough memory versus actually spending the extra to increase the memory. 

“It was quite nice being able to have that conversation with our finance team as well. They're obviously a stakeholder, we needed to spend more money, but we were able to actually prove with data that this was a worthwhile investment for the company.” 

Local machine upgrades are just one area of IT and security where Airwallex has made investments in the past couple of years. 

Colquhoun said that the company reached a point two years ago where it was collectively unhappy with its tooling. 

“We basically threw everything away and started rebuilding,” he said.  

“We ended up going down the path of buying and implementing Okta [for identity and single sign-on]. 

“We use Jamf and [Microsoft] InTune for our device management, Slack, Google Workspace and Atlassian for a lot of our collaboration tools, and Zoom for voice communication, and we're trying to make sure that all of those are nicely integrated.” 

The company’s 1300 employees globally are 50-50 split between Mac and Windows machines. 

When selecting the current batch of software tools, Colquhoun said a key consideration in the procurement was buying platforms that could be built on and that could evolve over time. 

“The way that we've structured our corporate IT environment is that we wanted to have the most modern tools possible that would allow us to constantly be on the cutting edge of the security controls and the features that we can provide our employees,” Colquhoun said. 

“We ended up going with Okta when we replaced our identity provider a few years ago, for example, because we felt that their integration with other tools was in a really good place, it had like a nice little automation engine built in, and we also really loved their APIs. 

“When we look at procuring new products or replacing core parts of our corporate IT infrastructure, we always look to see whether or not it's a tool that we're able to build on rather than just trusting whatever that tool is today.  

“We do this across the board.” 

A joint approach 

Colquhoun said Airwallex’s approach to having corporate IT and security under one executive and broad team structure meant being able to have “consistent goals across both of these departments.” 

It also meant both sides were more aware of what the other was trying to achieve, and open to alignment and close collaboration. 

“Our IT and infosec teams are effectively one broader team, so we have a pretty consistent set of strategies across both,” Colquhoun said. 

“The thing that's really nice about having IT and infosec effectively under one big umbrella is that you have an infosec team that actually really cares about user experience and employee impact, and you kind of get an almost osmosis of what IT really cares about. 

“The flipside to that, obviously, is that IT starts to care about security a lot more. They're working day -to-day with our security team and they're really focused on ensuring that we have really consistent security controls that we trust.”