Bancolombia protects 23,000 devices in a highly secure environment using BitLocker

Founded in 1875 as one of the oldest banks in Colombia, Bancolombia Group has continually evolved to meet the needs of customers and employees. The bank has around 15 million customers in Colombia, Panama, Cayman Islands, Guatemala, El Salvador and Puerto Rico. In 2009, Colombia established new security standards where financial institutions were required to encrypt customer data and use strong authentication.

“We want to give our customers peace of mind that this is an earnest bank, that we're doing what's best for them, and that we're achieving the data security that they expect from us,” says Juan Diego Botero Pareja, IT Infrastructure Engineer at Bancolombia Group.

To modernize its environment and more easily keep pace with evolving requirements, the bank began migrating to the cloud seven years ago. It adopted VSTS and Office 365 and started using its security capabilities to tightly manage and authenticate identities. “We saw the need to migrate our email to Office 365 and gain all the functionality that came with it,” says Julio César Acosta Bedoya, IT Infrastructure Engineer at Bancolombia Group. “At the same time, we also adopted many useful Azure features, like Azure Active Directory.”

Resilience during big changes

In early 2020, the bank wanted to update its device encryption practices to improve general device security and more easily comply with government regulations regarding encryption. Bancolombia needed to ensure its 23,000 bank-issued devices were encrypted, and ultimately chose Microsoft BitLocker as the best solution for its encryption needs. As a data protection feature, BitLocker Drive Encryption helps safeguard devices’ operating systems and provide better management for lost or stolen devices.

“We decided to implement BitLocker because we knew it would help us comply with government requirements as a financial sector organization and boost overall cybersecurity,” says Botero Pareja.

The bank initially tried a different solution for the pilot launch of 1,500 devices, but it wasn't the right fit for the bank's needs. “Even though the product we used previously used to work, we couldn't easily scale to the full volume of devices that we had inside the bank,” says Botero Pareja. “And if we had tried to expand our initial solution for more devices, it would have cost the bank a lot of money while still being quite cumbersome.”

By 2019, around 3,000 bank employees were already working from home for part of the week. Then COVID-19 arose, and suddenly tens of thousands of employees had to work from home. The bank planned to continue its BitLocker implementation but needed to pause while it responded to the variety of security and remote management needs associated with COVID-19 and remote work. “The pandemic had a significant impact on the organization,” says Acosta Bedoya. “Although we already had some staff working from home, we had not anticipated 28,000 people needing to work outside of bank walls so suddenly, and scaling our solution to all bank devices.”

Embracing a comprehensive solution

Working closely with Microsoft, Bancolombia continued to explore how to boost security and device management agility, and by late 2020 put together a comprehensive proposal for scalable device configuration and testing. This proposal was approved by the bank’s leadership in early 2021. “Fortunately, Microsoft was there to help us implement the solutions that we had already been considering to support a smaller number of remote workers,” says Acosta Bedoya. “With our updated plan, we could provide an environment for all our employees to work from home with high security and reliability so that the bank could continue to offer its services effectively.”

As part of that plan, Bancolombia decided to adopt Microsoft Endpoint Manager, which brings together device management and endpoint security in the same platform with Microsoft Intune and Microsoft Endpoint Configuration Manager. Endpoint Manger offers co-management with the advantage of having both tools in one place. “Many employees are working from home, and we use Intune and Configuration Manager to help manage those devices,” says Gustavo Londoño Lopera, IT Infrastructure Engineer at Grupo Bancolombia. “Not only is this co-management approach cheaper than the previous solution we considered, but we have more flexibility to support employees in the cloud so that they don’t need to come to the office in person.”

Many employees needed new devices that were easier to take home than their desktop computers. The bank bought about 3,000 new laptops and other devices all running Windows 10 for its home-based employees and worked quickly to make sure all the devices were protected. “Within just four months in mid-2021, we encrypted about 75 percent of the computers with BitLocker and finished the rest of the devices by the end of the year,” says Botero Pareja. “We quickly rolled out BitLocker to 23,000 machines, but the best part was that it was invisible to employees—they didn’t notice any changes to their device or daily work, and we succeeded in protecting their data.”

Adds Acosta Bedoya, “By implementing BitLocker, we experienced a considerable savings of COP 10 billion [USD 2,512,562] compared to the previous tool that we used.”

So far, the bank has seen many benefits as a result of increasing its security posture and remote device management capabilities. First, employees appreciate the flexibility of working from home and not having to commute to work. “Employees get to avoid city traffic and spend more time with their families,” says Londoño Lopera. “They get outstanding remote support from engineers without needing to travel to headquarters.”

In addition, Jorge Andres Ochoa, Leader of IT Distributed Platforms and Collaboration at Grupo Bancolombia, points out that IT support and end users alike have gained peace of mind knowing that their data is highly secure. “Our technical team is very happy that we can provide proper device management in any geographical location, which was one of our biggest challenges during the pandemic,” he says. “By using this combination of Microsoft services, we can now ensure that devices adhere to the optimal security conditions, which also boosts productivity.”

Saved time and increased security

Bancolombia also adopted Windows Autopilot to support device deployment and has now streamlined and sped up how it issues devices to new employees or existing employees who receive new devices. “One of the best things about using Windows Autopilot is that we reduce device deployment time by 80 percent, from 500 minutes to 100 minutes,” says Londoño Lopera. “We have the tools to make our device implementation process clean and easy.”

Adds Santiago Santacruz Pareja, IT Infrastructure Engineer at Grupo Bancolombia, “Adapting to these technological changes gives us a competitive advantage. Not only because we use the latest tools on the market, but because we provide our partners, employees, and customers protection over all their information.”

These initial projects focused on employees in Colombia. In 2022, Bancolombia will roll out these products to subsidiaries in three other countries and 12,000 more devices. Concludes Andres Ochoa, “As a financial organization, we’re obligated to comply with strict security regulations. We must establish controls and implement tools to respond to cybersecurity, COVID-19, and changing employee needs. By using Endpoint Manager and the integration with other Microsoft security solutions like BitLocker, we’ve strengthened our systems, further safeguarded data, and protected employees in an innovative way.”

Find out more about Bancolombia Group on YouTube, Instagram, Twitter, Facebook, and LinkedIn.