When a thriving community bank aspires to a faster growth path, security can be a highly effective accelerator. Georgia Banking Company’s growth from a $600 million bank to a $1.5 billion phenomenon in only two years exemplifies the success that’s possible with a tightly connected security tool set. It completed its cloud transformation within 13 months, gaining scalable security and efficiency with Microsoft Azure, rolling out Microsoft 365 productivity apps, and replacing a collection of disconnected products from multiple vendors with Microsoft Security solutions. The highly bankable result? Substantial savings, best-in-class user experience for employees and customers, and heightened security draw rave reviews from IT and other employees.
"Rebuilding enterprise-grade datacenters would have cost us $1.6 million. Migrating to Azure costs $12,000 per month, and after five years, our total cloud spend would be around $720,000. For half the cost of datacenter refresh, we have better usability, scalability, and visibility."
Neil Natic: Chief Information Officer
Georgia Banking Company
Opening the pathway to exponential growth
While some financial institutions adopt a conservative attitude toward IT, Georgia Banking Company (GBC) regards technology as a backbone for delivering exceptional customer service and driving impressive growth. Founded in 1998, the boutique bank now serves customers in six Metro Atlanta locations. Its customers demand all the same services offered by large national banks, but with the personalized attention of a community bank.
GBC set an ambitious goal to transition from a $600 million bank focused on mortgage warehouse lending to a $5 billion community bank focused on consumer and commercial services. But Neil Natic, Chief Information Officer at Georgia Banking Company, knew that this aspiration would depend on crucial IT initiatives: dealing with two aging datacenters, an accumulation of unstable technologies that caused frequent system outages, and disconnected security solutions from different vendors that complicated management without increasing security. “The user experience didn’t meet our standards,” he says. "We couldn’t meet our growth goals with the platforms we had in place.”
The bank’s ambitions called for the enhanced security, scalability, and efficiency of the cloud. Natic responded with a unified IT strategy to fully migrate to Microsoft Azure, improve GBC’s internal productivity solutions with Microsoft 365, and protect everything with Microsoft Security solutions.
Recalling the 13-month Azure migration journey
The bank operated with two aging datacenters that needed major upgrades. “Rebuilding enterprise-grade datacenters would have cost us $1.6 million,” explains Natic. “Migrating to Azure costs $12,000 per month, and after five years, our total cloud spend would be around $720,000. For half the cost of datacenter refresh, we have better usability, scalability, and visibility. Azure was an easy decision.”
The IT team built GBC’s cloud environment in the first six months and then spent another six migrating its on-premises servers to Azure. The bank consolidated its data to 30 virtual machines (VMs), and it was fully cloud-based by the end of the thirteenth month. Natic offers advice for companies that are considering a cloud migration. “Leave the on-premises infrastructure as is, stand up an Azure environment, and then migrate data to Azure in phases,” he says. “The process is much less complicated than you might think—we don’t worry about maintaining, managing, and updating our infrastructure. Tripling in size won’t be an issue, which is scalability we never had before.”
Adding resilience with Privileged Identity Management and Microsoft Intune
With an infrastructure no longer bounded by physical perimeters, identity was GBC’s top priority. “The attack surface is much greater than ever before because malicious actors can strike from anywhere in the world,” muses Natic. “I honestly believe that the visibility possible with Microsoft 365 E5 is a must for any organization, regardless of size.”
With Privileged Identity Management in Microsoft Entra, the bank can provide access to resources based on role and take access management well beyond the standard username and password. It can set policies that allow user groups to make changes but not make deletions, or it can elevate those users to groups with deletion capabilities but require multifactor authentication coupled with approvals from other GBC IT team members. ”The additional layer that we implemented both prevents accidental deletion and stops malicious actors from deleting backups in order to install ransomware,” explains Natic.
GBC’s IT team has visibility into who is accessing company resources like Microsoft Dynamics 365, SharePoint, Outlook, and OneDrive. The team can quickly optimize security, especially for Global and Azure admins, who hold the keys to the GBC information kingdom. And the bank’s identity-based security net extends to devices with Microsoft Intune. The IT team applies conditional access policies to ensure that all devices used to access GBC’s sensitive data are enrolled and marked compliant in Intune, including non-Microsoft, single sign-on applications. Intune assesses device health and transmits that intelligence to Azure Active Directory (Azure AD), part of Microsoft Entra. Conditional access policies defined within Azure AD then grant or deny access. The GBC team also configured risk-based authentication through Azure.
When an employee fell victim to a phishing attempt, “We were saved by our policy that access to GBC resources could only happen from an Intune-registered, compliant device,” says Natic. “Although the attackers had a fully multifactor, authenticated sign-in, we stopped them before they could cause any harm.”
Natic applauds the expeditious deployment. “A smaller organization like ours can roll out Privileged Identity Management in three to five days,” he says. Laying the groundwork for his Zero Trust vision was similarly swift. “With conditional access policies to mandate that devices are enrolled in Azure AD, Intune, Privileged Identity Management, and multifactor authentication, creating a consolidated basis for Zero Trust is a straightforward process.” It’s also vital to keeping customer faith. “Our customers won’t do business with us if they can’t trust us with their data. Every GBC initiative must be evaluated from a cybersecurity mindset and our Zero Trust perspective.”
Assuming the work of seven vendors with only the Microsoft stack
With multiple vendors for different parts of its on-premises environment, obtaining a cohesive picture of GBC’s IT ecosystem was difficult. The bank addressed its vendor sprawl with Microsoft 365 E5. “There’s no reason to pay multiple vendors for functionality we can have with the Microsoft stack,” insists Natic, citing how vendor costs are only the first layer of expense for a disparate vendor landscape. “We’d have to hunt for expertise for all those technologies. Finding Microsoft experts is much easier, and because all our Microsoft solutions talk to each other, we don’t have to hire developers to unravel complicated multisystem interactions.”
When the bank fully adopted the cloud, it removed Citrix Hypervisor, a virtualization solution for connecting virtual desktops to on-premises datacenters, and it replaced Citrix VDI workstations with Azure Virtual Desktop. The bank also replaced its Mitel phone system with Microsoft Teams Phone, and it installed Azure Backup in place of its Symantec backup solution.
GBC proactively implemented Microsoft Defender for Cloud, a unified cloud-native application protection platform that proactively reduces the bank’s attack surfaces in the cloud. “The three things that keep me up at night are phishing, ransomware, and cloud misconfigurations,” says Natic. ”We have Defender for Cloud to point out configuration weaknesses and suggest changes.” He values Microsoft Secure Score, which provides security recommendations, like suggestions for how to best configure private access to a storage account or encrypt an Azure VM disk. Defender for Cloud isn’t just a reliable, intuitive cloud security posture management (CSPM) solution that the team can use to monitor and improve security. It’s also a vital strategic tool that Natic brings to the bank’s IT Steering Committee to recommend improvements and next steps to support GBC’s continued growth. He’s been gratified by the bank’s 33 percent Secure Score improvement, from 60 to 80.
The bank’s IT team also installed Microsoft 365 Defender, a coordinated umbrella of defense solutions that deliver XDR (extended detection and response) capabilities across endpoints, applications, email, and identities. GBC no longer needed Mimecast for email protection, Zix for email encryption, and its Secureworks XDR solution. Microsoft 365 Defender provided visibility across 400 endpoints and automated protection against phishing attempts in email and other applications used by GBC, thus creating additional layers of cohesive security that it didn’t have before.
GBC replaced its SolarWinds security information and events management (SIEM) solution with Microsoft Sentinel. The bank sees its XDR-generated events in the main incident queue in Microsoft Sentinel, thanks to the built-in coordination between that solution and Microsoft 365 Defender. And incidents handled through Microsoft 365 Defender are then automatically updated in Microsoft Sentinel, so that busy analysts no longer have to manage duplicate alerts. GBC’s ability to automatically correlate events and detect threats across system-wide events and platforms extends to even non-Microsoft systems like its Cisco Meraki networking solution and its Palo Alto Networks firewall. The team simply needed to select checkboxes to set up data ingestion from Defender for Cloud, Microsoft 365, and Azure AD to Microsoft Sentinel. That simplified incident management reduces the incident queue and thus the time needed to resolve threats. “Microsoft Sentinel is a great SIEM for us,” says Natic. “Having all of our logs in our Microsoft portal provides visibility that we’ve never had before, and it bubbles critical events up for our attention.”
Finally, GBC extends that protection down to the data level with data loss prevention (DLP) policies in Microsoft Purview Data Loss Prevention. “Our team members need to send sensitive personal data outside of our organization in a highly secure manner while keeping visibility over data travel,” says Natic. The bank configured its DLP policies to automatically encrypt emails to external parties and prevent them from landing in the wrong hands. The thresholds it set also redirect emails to the sender’s manager if they contain a certain amount or type of sensitive information. “That’s incredibly important for reducing data leakage risk,” adds Natic.
Empowering employees, even while heightening security
In stark contrast to the previous limited collaboration model, GBC employees can now work from anywhere. Authenticating biometrically with Windows Hello for Business, they can seamlessly and automatically connect in a highly secure manner via Azure VPN Gateway from Intune-managed devices. When an employee recently lost his Surface laptop at an airport, the safety net kicked in. Initially panicked, the employee arrived at the office to a replacement device, with all his files and applications intact thanks to the Known Folder Move feature in OneDrive. “He didn’t miss a beat at work,” says Natic. “We spoil our employees with so many capabilities and a seamless experience, which helps support our high employee retention.”
That satisfaction carries over to GBC’s IT staff. Help desk calls are now rare, and the consolidated, cloud-based infrastructure helps IT staff be effective in ways they had never imagined. When the bank’s growth required onboarding 38 new employees in one day—at the time, almost doubling GBC’s workforce—the then four-person IT team performed flawlessly. “Our new hires had everything they needed on the first day, and signing in on their new devices was a seamless experience provided by a very lean IT team,” says Natic.
GBC’s infrastructure transformation has not only been key to meeting impressive goals—it has been the path to reshaping itself into the kind of bank that leadership envisioned. “Thanks to our modernization journey with Microsoft, we can serve our customers with the same products as the national megabanks, but with higher visibility, better service, and greater flexibility,” concludes Natic. “We’re empowering GBC employees to serve our customers in the personalized way they deserve.”
Find out more about Georgia Banking Company on Instagram, Facebook, and LinkedIn.
"Malicious actors can strike from anywhere in the world. I honestly believe that the visibility possible with Microsoft 365 E5 is a must for any organization, regardless of size."
Neil Natic: Chief Information Officer
Georgia Banking Company