Unified secure connectivity for a nationwide NBFC across 27 locations

  • Date Icon May 21, 2026
  • View Icon
    Views 6
  • Time Icon8 min read
Share Icon Share
Re-architecting Production Resilience for a Leading Tire Manufacturer with Airtel Cloud
Share

How one of India’s larger non-banking financial companies replaced a multi-vendor firewall estate with a single managed network security service built on Airtel Secure Internet.

The situation

A lending business that runs out of 27 offices has a network security problem that looks different from the one most people picture. It is not really about stopping one clever attack. It is about consistency. Across 27 sites, who is enforcing which rules, on which hardware, and does anyone have a single view of all of it at the same time.

Successfully
Thank you !

We’ve received your request. We will contact you within 1 business day.

duplicate
We’re Sorry

There is already an existing Lead with provided details. Please try after 24 hours.

oops
Oops!

Something went wrong.

Interested?

Fill the form and we will contact you within 1 business day.

Indian Flag

That was the position one of India’s larger NBFCs found itself in. The company lends across four lines of business: consumer finance, SME lending, commercial lending and wealth management. Those run out of 27 locations, with staff working from branches, from head office, and increasingly from wherever they needed to be on a given day. Each office had grown its own network and its own security setup over time. Individually they worked. Together they did not add up to one coherent posture.

For a regulated financial business, that gap matters. The network is where data moves between branches, where lending and wealth systems are reached, and where remote staff connect back in. If the security sitting on that network is inconsistent from site to site, the weakest location effectively sets the standard for the whole business.

Why a distributed lender’s network is hard to secure

The difficulty here is structural, not a sign that anyone did anything wrong. When a company expands quickly, security tends to get bought one problem at a time. A branch opens, so a firewall goes in. Remote access is needed, so a VPN is stood up. Another office joins through a new region, often with whatever hardware it already had. Over a few years you end up with a network secured by accumulation rather than by design.

Three things usually follow. First, the firewall estate ends up spread across more than one vendor, which means more than one way of writing rules, more than one console to manage, and more than one place for policy to drift out of sync. Second, the remote-access setup that was fine for a handful of users starts to strain once the workforce is partly remote and spread across the map. Third, keeping all of it patched, licensed and monitored needs skilled people close to every site, which almost no mid-size enterprise can actually staff. All three were in play for this NBFC.

What was actually broken

The firewall situation was the clearest example. Head office ran one firewall vendor; branches ran others. Keeping a consistent security policy across that mix was manual, repetitive work, and the kind of work that quietly slips when teams are busy. Some of the older firewalls were also running on legacy licenses that the team no longer had a clean way to keep supported, which meant parts of the perimeter were aging without a clear upgrade path.

Connectivity between offices was the second pressure point. The business needed secure links across geographically distributed sites, and as it grew the existing approach did not scale cleanly. VPN limitations showed up here directly: people working from multiple locations were connecting back over remote-access infrastructure that had not been built for that volume or spread.

Underneath both sat the staffing reality. The company did not have enough in-house L1, L2 and L3 network security expertise to properly cover 27 locations. You cannot place a capable security engineer at every branch, so coverage was uneven and the gaps were not always visible until something tested them. Pulling it together, the problems were:

  • A multi-vendor firewall estate that was hard to manage to a single standard
  • Legacy firewall licensing with no clean route to ongoing support
  • Secure connectivity needs across distributed offices that the existing setup could not scale to
  • VPN limitations for a workforce spread across many locations
  • Too little in-house L1, L2 and L3 expertise to cover every site

None of these is exotic, and that is the point. This is what a fast-growing distributed network looks like when security has had to keep up rather than lead.

What they deployed

The company moved to Airtel Secure Internet, with Unified Threat Management bundled into the service rather than added on top. The aim was straightforward: stop running 27 separate security postures and run one.

A single managed environment: Because connectivity and security came from the same provider, the multi-vendor firewall sprawl could collapse into one environment that Airtel managed end to end. Instead of reconciling rules across different platforms, the NBFC had one place where security policy lived and was enforced.

UTM for known and unknown threats: Unified Threat Management brings the core perimeter functions together in one place: firewalling, intrusion prevention and gateway-level inspection of traffic as it enters and leaves the network. For this customer that meant protection against both known attacks and zero-day network threats, covered under a single comprehensive license rather than a patchwork of separate products and renewals.

Integrated VPN: Secure branch and remote connectivity was handled through VPN integrated into the same service, so distributed offices and remote staff could connect securely without the older approach of maintaining access tunnel by tunnel.

Centralized policy and single-pane management: Security and policy management was centralized across all locations. A single pane of glass gave the team one view across every site, instead of logging into a different system per location to see what was happening or to make a change. For an organization that had been living with inconsistent branch-level enforcement, this was the part that turned 27 separate problems into one manageable one.

24×7 managed operations: The network and security operations ran on a 24×7 managed basis, handled by Airtel rather than the customer’s small internal team. That covered monitoring and the day-to-day L1, L2 and L3 work the NBFC could not realistically staff at every site.

How it was delivered and run

Two parts of the delivery model are worth drawing out, because they are where the network security and the commercial case meet.

The first is that the service was delivered over Airtel’s own network. Coverage across the customer’s geography used different last-mile options as needed, which matters for a business with offices in places where a single access type will not reach every site. When the provider carrying the traffic is also the one securing it, the security sits in the network path rather than as a separate overlay the customer has to bolt on and maintain.

The second is the commercial structure. The service was offered on a pay-per-use model, which moved security spend away from large upfront hardware purchases toward usage. For a business still expanding, that lined the cost up with actual footprint instead of forcing it to over-provision in advance. The whole thing was run as an end-to-end managed service, with 24×7 mail and phone support, so the operational load of keeping the security current stayed with Airtel.

What changed

All 27 locations were brought under one secure connectivity and security setup. The engagement was a three-year contract worth INR 20 million, one of the larger Secure Internet deals Airtel has signed.

At each site, four functions that used to need separate boxes now run on one. Routing, security, VPN and WiFi LAN access were consolidated onto a single peripheral per location. That consolidation is where much of the cost saving came from, and it cut the number of devices the team had to run and maintain at every office. The 24×7 managed L1/L2/L3 coverage closed the expertise gap directly: the NBFC no longer needed to find and keep network security engineers for every location, because that layer became Airtel’s responsibility.

Outcome Detail
Locations unified All 27 sites brought under one secure connectivity and network security setup
Device consolidation Routing, security, VPN and WiFi LAN combined onto a single peripheral per site (4-in-1)
Managed coverage 24×7 managed L1/L2/L3 network and security operations, removing the in-house expertise gap
Threat protection Bundled UTM covering both known attacks and zero-day network threats under one license
Commercial model Pay-per-use across a three-year contract; total engagement value INR 20 million

Beyond the headline numbers, the business saw four practical gains:

  • Improved agility from a single-vendor environment covering routing, security, VPN and WiFi LAN access
  • Cost savings from consolidating onto a single peripheral device per site
  • Consistent network coverage across the customer’s geography using different last-mile options
  • An end-to-end fully managed service with 24×7 mail and phone support

Why it matters

For a distributed lender, the value here is not a single feature. It is that the network and the security on it stopped being two separate things to manage. Consolidating onto one managed, network-delivered service gave the NBFC a consistent security standard across all 27 sites, predictable cost as it grows, and an operations model it does not have to staff itself. For a regulated financial business expanding across the country, having the same level of network security at every location, rather than only at the locations that happened to be set up well, is the part that holds up over a three-year term.

 

Airtel Business
Published by Airtel Business