State Capital Magdeburg
Replacing legacy VPN to enable an efficient, modern hybrid workplace
A leading Non-Banking Financial Company (NBFC), L&T Financial Services is the brand name of L&T Finance Holdings Limited. With more than 24,000 employees and over 1700 locations, LTFS offers a diverse range of rural, retail, housing, investment management, and infrastructure financial products and services.
Eliminates 110 different types of threat management devices for a unified, streamlined environment
Achieves nearly 40% improvement in endpoint security
Reduces access-related support tickets to almost zero
Realizes significant savings on security hardware, software and management
Gains granular visibility, data, and reporting to remediate risks and adopt predictive analytics
Instead of deploying, updating and maintaining 110 different security appliances, we now have a unified solution that provides us with an intuitive centralized dashboard and granular, real-time insights.
Transforming from a paper-based company to a digital enterprise enabled L&T Financial Services to become a nimble lending leader, but created challenges with its traditional castle-and-mote data security approach.
“When the transition began, we had approximately 110 heterogeneous threat management appliances to secure our headquarters, branches and micro loan meeting centers,” explained Mohd Imran, Group Head of Information Security. “Managing, patching, updating and upgrading so many different devices, from different vendors, was becoming unsustainable and, with our workloads moving to the cloud, obsolete.”
With executive management at Mumbai-based LTFS keen to leverage cloud technologies for supplying work-from-anywhere (WFA) access to more than 24,000 employees spread across 198 branches and more than 1500 Micro Loan Meeting Centers, the LTFS infosec team started researching modern solutions for securing internet access.
“We needed the ability to enforce a single security policy for all employees and users,” Imran said. “We also required one centralized solution to eliminate appliances and multiple vendors, making our environment easier and more efficient to manage.”
Collaborating with its local partner Solutions Enterprise, LTFS evaluated multiple offerings and selected the Zscaler Zero Trust Exchange as the most comprehensive zero trust solution. “Other options were located partially on-premise, making them a hybrid,” said Imran. “Only Zscaler was fully cloud-enabled and cloud-delivered, meaning all traffic stayed in the cloud rather than routing through our corporate data center.”
We’ve improved endpoint security by almost 40 percent and nearly eliminated access-related tickets completely.
By initially implementing Zscaler Internet Access (ZIA), LTFS quickly supplied WFA access to SaaS applications and the Internet while centralizing access policies, implementing controls, and achieving visibility.
With ZIA providing a secure access layer, LTFS eliminated all appliances in the data center and at each of its branch locations. “We’re achieving significant savings on security hardware, software and management overhead,” Imran said.
In addition, LTFS gained visibility that was impossible to achieve before. “Rather than different vendors for firewalls, web proxies, URL filtering, etc., we now have a unified solution with a centralized dashboard and granular, real-time insights,” said Imran. “This enables us to establish policies, control traffic, and train users to reduce our risk profile.”
Other advantages of the Zero Trust Exchange include global data centers for localized connections to the platform, patient-zero attack mitigation, encrypted traffic inspection, and direct cloud platform peering.
With over 150 Zscaler points of presence (POP), LTFS users across its footprint experience reduced latency and enhanced performance because they connect to the closest POP.
Patient-zero-day mitigation can be accomplished by turning on ZIA’s AI-driven malware prevention engine, called the Advanced Cloud Sandbox. It stops patient-zero attacks with protections that are continuously updated, in real time, from over 300 trillion daily signals.
Whether on or off the LTFS network, user traffic is decrypted and inspected, enabling rapid identification of suspicious files to begin remediation steps. “Previously, our traffic management capability was mainly limited to blocking certain URLs,” Imran said. “Now, we have the visibility to detect suspicious encrypted SSL traffic and take action.”
Another ZIA feature LTFS appreciates is Zscaler’s direct peering with Google. As the company has embraced Google Cloud for Infrastructure-as-a-Service (IaaS), LTFS and its business users rely on Google Workspace as their primary productivity and collaboration application.
“We began our migration to Google a few years ago and now about 70 percent of our workload runs on Google Cloud,” said Imran. “Zscaler’s connection to Google, instead of routing traffic through the Internet and back into our systems, provides a direct data path that improves performance and optimizes user experiences.”
Simply put, Zscaler has helped us run our business securely.
When the COVID-19 pandemic struck, LTFS quickly added Zscaler Private Access (ZPA) to support the rapid transition to remote work. Using ZPA, the company furnished seamless, secure, VPN-free access for private applications running on public clouds, such as Google Cloud, and within the LTFS data center.
As ZPA ensures neither networks nor applications are ever exposed to the internet, LTFS infrastructure is completely invisible to unauthorized users, while still granting authorized users least-privileged access.
“Previously we’d relied on VPNs, which impacted user productivity and permitted broad access to corporate systems,” Imran said. “With ZPA, the user experience is significantly improved and we can limit access to only the applications an individual user requires, enhancing network and data security.”
Looking ahead, LTFS plans to continue expanding its Zero Trust Exchange deployment. This includes coordinating consistent cloud security posture management (CSPM) across all of its divisions and branches by adopting Zscaler Workload Posture.
With misconfigurations in cloud applications a known enterprise vulnerability, Workload Posture will enable LTFS to proactively identify and remediate such defects, as well as prevent them from occurring in the first place. Also, by receiving intuitive representations of vulnerabilities and their associated risk level, LTFS can tackle the most serious issues first.
In addition, Workload Posture will enable LTFS to identify compliance violations across a range of global standards such as GDPR (General Data Protection Regulation) and the Reserve Bank of India (RBI).
“We’re constantly examining ways to improve our compliance posture, automate mitigation, and proactively reduce risk,” said Imran. “Workload Posture is an attractive solution.”
A home loan previously required over a month from application to funding. Now, the same loan can be funded in less than a day.
No matter how the company continues to build out its zero trust strategy, LTFS credits its Zscaler partnership with enabling the company’s digital transformation and cloud adoption. “By supporting our company’s digital transformation we’ve not only reduced risk but also significantly improved time to market and enhanced experiences,” Imran said.
“For example, a home loan previously required over a month from application to funding,” he continued. “Now, with our app-based process, the same loan can be funded in less than a day.”
From an organizational perspective, LTFS has considerably boosted security and business user productivity. “Endpoint security is up by about 40%,” Imran said. “Productivity is also measurably advanced, as users no longer encounter access obstacles. This is also reflected in related support tickets, which have plummeted to nearly zero.”
Moving forward, LTFS expects to additional value from its Zero Trust Exchange deployment, such as using granular data and reporting generated by the platform to start implementing predictive analytics.
“We’ll be able to create multiple types of metrics, like determining who is actually using which applications and how often,” said Imran. “This will help us align access with those who need it, reconcile software utilization, and minimize application licensing costs.”
Meanwhile, LTFS will continue enjoying its substantially enhanced cybersecurity protections. “Simply put, Zscaler has helped us run our business securely,” Imran said. “With Zscaler, it’s like we’ve created a perimeter in the cloud.”
To achieve its vision of being an inspirational financial institution and spur economic development, Mumbai-based L&T Financial Services set out on a cloud-enabled digital transformation journey. It relies on a zero trust WFA security model for supplying customers with an app-based, self-service loan application process that puts needed funds into the hands of Indian citizens faster than ever before.