VersaBank is a “branchless” commercial bank that makes full use of innovative, digital technologies, and provides two primary services — deposits and financing.
Originally founded as a trust company in 1980, VersaBank adopted an electronic branchless model in 1993, becoming the world’s first branchless financial institution. In 2002, VersaBank was granted a Schedule I Canadian chartered bank license by the Canadian federal government, becoming one of just nine Canadian financial institutions with such a license, and the first bank in approximately 18 years to be approved for a Schedule I license. In 2013, VersaBank was recognized as one of Canada’s top ten banks and became publicly traded on the Toronto Stock Exchange. In 2021, VersaBank was also listed on the Nasdaq.
Today, VersaBank continues to develop and launch innovative, high value-add offerings to meet unmet demand, including a customized banking solution for insolvency professionals that integrates with that industry’s most commonly used administrative software as well as a technology-based solution that provides efficient access to capital for point-of-sale loan and lease partners, allowing them to drive the growth of their own businesses.
The Team and the Legacy VPN Challenge
Being the first to innovate to address market changes and new opportunities has been a pillar of VersaBank’s long track record of success. While the bank prides itself on innovative in-house developed technologies which have worked well, VersaBank does leverage off-the-shelf technical solutions when these solutions complement the bank’s strategy.
Eduardo Kienetz is Director, IT Infrastructure & Security at VersaBank, and Wooi Koay is Chief Information Officer (CIO). As Director of IT Infrastructure & Security and CIO, part of Eduardo and Wooi’s responsibilities include making sure that any third-party technology solutions that the bank is utilizing continue to evolve to meet the bank’s changing needs.
In 2019, Eduardo and Wooi reviewed VersaBank’s aging VPN solution to proactively investigate options for its replacement. The legacy VPN solution needed a vendor-dependent device in order for VPN clients to be configured to access the bank’s network. There were also issues with support, difficulty configuring two-factor authentication, and updating network access control lists (ACLs) was painful.
Eduardo and Wooi’s investigation of secure, easy to set up, and easy to maintain VPN solutions led them to Tailscale.
VersaBank contacted the Tailscale team, who worked closely with VersaBank to understand the bank’s needs. The challenge was to simplify secure access to these systems and improve performance, without changing or otherwise disrupting the bank’s own software, while also adding modern two-factor authentication.
VersaBank needed a new VPN that:
- is highly secure;
- provides two-factor authentication (2FA);
- is easy to update the ACLs to segment network access for internal users;
- works with remote control and screensharing tools that VersaBank’s IT department uses;
- feels transparent to its users with a seamless login capability and also consistently delivering “in the office” responsiveness and reliability; and
- is backed by a vendor who is consistently able to provide timely and effective responses to requests for technical support
The Tailscale Solution
The IT team at VersaBank decided that its staff would remain on a VPN. However, going forward, Tailscale’s software-only solution would replace its legacy VPN hardware and software solution. They chose Tailscale because:
- Tailscale is built on proven open-source WireGuard technology, which IT security experts regard as the world’s most secure and efficient protocol for encrypting VPN traffic.
- Tailscale works with the bank’s existing SSO provider to enable two-factor authentication to the bank’s network.
- Tailscale bases ACLs on groups of users and groups of devices rather than IP addresses and subnets. This makes establishing and maintaining secure network access much more effective and efficient for the bank’s IT administration and security team.
- Tailscale operates at a low-level, and works with any protocol, such as RDP and other remote-control and screensharing tools.
- Tailscale works with the bank’s existing SSO provider, remote users log in as they normally do and have access to the same resources they do when they are physically in a VersaBank office without any of the additional login software or hardware. Tailscale VPNs are fully meshed, point-to-point networks so the “bottleneck” slowdowns that they used to periodically experience do not occur on the Tailscale network.
- Whenever Eduardo, Wooi, or anyone else on the bank’s IT Security team has a question or needs help, the Tailscale technical support team responds quickly and with the guidance they need.
The Tailscale Rollout
At VersaBank, their Tailscale rollout began in 2019, approximately a year before the COVID-19 pandemic took hold in Canada. When Canadian businesses needed to change the way they worked in order to protect their employees and do their part to prevent the spread of COVID, VersaBank was able to send all their employees home to work, with substantially less disruption than if Eduardo and Wooi had not chosen to proactively modernize the bank’s VPN solution with Tailscale.
Today, most VersaBank employees are working from home, and they connect to Tailscale to access files and services on VersaBank’s network, just like they did when most VersaBank employees worked in the office.
“VersaBank prides itself on its track record of innovation and technological leadership in the Canadian financial services industry and it is critical that our computer networking infrastructure be able to scale quickly without sacrificing security,” said David Taylor, President & CEO at VersaBank. “We were pleased to leverage our own internally-developed software with Tailscale’s VPN security to deploy a pure software solution that enables our employees to connect seamlessly and securely to all of the bank’s servers across multiple offices and cloud providers. Tailscale’s VPN has become a key part of our business continuity plan. Our entire team can now work and execute their responsibilities from remote locations, avoiding any interruption in service, which is proving to be especially valuable in managing our business through the COVID-19 pandemic.”