Metro Bank is the UK’s first new High Street bank in over 100 years. With a focus on the customer, Metro Bank provides unparalleled levels of service and convenience to its customers. Launched in July 2010, Metro Bank now has 27 stores across London and the South East and has plans to open up to 200 by 2020. Metro Bank is an innovator with regard to IT, enabling its 1400 colleagues across the UK to communicate and collaborate effectively. Metro Bank puts the latest Microsoft software and services to work, including the complete Office 365 Suite for email, office productivity and business applications, Dynamics CRM and Yammer. Metro Bank manages its 500 corporate Windows and Apple mobile phones using AirWatch Mobile Device Management (MDM). Due to the vital importance of protecting bank and customer data, colleague access to Office 365 was limited solely to users accessing the Microsoft applications from the corporate network.
Metro Bank wanted to improve employee productivity by enabling off-network access to Office 365 and Yammer, but found the move too risky, even with MDM in place. Yammer is vital to Metro Bank’s internal collaboration process – allowing knowledge sharing to occur among colleagues easily and efficiently via social media. Metro Bank needed a solution that would enable them to fully leverage their investment in cloud applications without increasing the risk of company data and confidential information falling into the wrong hands. As a first step, the Infrastructure Delivery Team’s goal was to provide full access to Office 365 for corporate-owned device users—on or off network—and to extend access to Yammer for personal device users as well. As a second phase, specific colleagues were to be given off-site access to the more-sensitive information within Dynamics CRM.
“We needed a solution that would provide secure, off-site access to our Microsoft cloud applications. It was important the solution was simple, straightforward and transparent for colleagues, while giving the IT team full control over access and complete visibility into usage. Thorough visibility and reporting was essential to demonstrating the banks’ compliance with PCI DSS.”
— Luis Aguiar, Infrastructure Delivery Team Leader, Metro Bank
Enhancing mobile endpoint management was another key requirement. Metro Bank wanted to limit off-network access to the corporate devices already managed by AirWatch MDM, and there was no straightforward way to enforce this policy with their existing tools.
Metro Bank was introduced to the Forcepoint CASB at the Infosecurity Conference in London and immediately saw the potential to resolve their Office 365 access control and security challenges. The team began an ultimately successful proof of concept (POC) and subsequently made the decision to deploy the solution to protect their entire mobile workforce. The deployment was completed within several days. In keeping with their cloud-based approach to IT, Metro Bank deployed Forcepoint CASB as a cloud-based in-line proxy. No on-premise hardware or software was required.
First, the team wanted to define a policy for Office 365 to restricts access to only managed corporate laptops and Windows mobile devices. A self-service enrollment was decided upon, enabling users to sign up for remote cloud access the first time they used Office 365. By leveraging AirWatch’s capability to send a certificate to selected devices, Forcepoint CASB was able to automatically determine which users were qualified to enroll for full Office 365 access and which users and devices could only access Yammer.
Metro Bank implemented Forcepoint CASB to provide visibility into cloud application usage, including what data has been accessed, when and by whom. They are also using the security and protection features of Forcepoint CASB to detect behavioral anomalies with app usage and to alert or block suspicious events in real-time. Going forward, Metro Bank can implement custom policies for any user from any endpoint, as needed.
“With Forcepoint CASB, Metro Bank colleagues can now securely access Office 365 and Yammer off-site. Forcepoint CASB has given us the visibility and control that we need in order to fully leverage the potential of cloud applications to increase productivity and collaboration across all of our stores,” explained Aguiar.
To enable secure, compliant off-site access to Office 365, Metro Bank needed access control that went beyond MDM. With Forcepoint CASB, they found an effective solution that was transparent to users yet provided IT with granular visibility into cloud application usage, as well as the ability to flag and even block suspicious behavior. Forcepoint CASB worked seamlessly with Metro Bank’s AirWatch MDM deployment to provide broad access to corporate devices, while enabling personal-device users to safely access Yammer and collaborate with colleagues from outside of the office
As part of their commitment to providing amazing levels of customer service and convenience, Metro Bank is rolling out tablets to support colleagues in store, as well as additional corporate mobile devices. The bank will use Forcepoint CASB to control access to Office 365 and other cloud assets from these devices.