Case Study

Major FinTech Shifts From Yearly Change Windows to On-Demand Network Security

How a major FinTech saved 2,313 hours and closed the security exposure that came with patching its multi-vendor network only once a year.

Challenge

Frequent vendor patches and security updates were essential – but the network team could only execute upgrades inside a single yearly change window. Devices sat out of date, creating security exposure the business could not accept.

Solution

Itential turned manual, multi-vendor software upgrades and configuration changes into end-to-end orchestrated workflows – with pre-checks, post-checks, and systems of record integrated into a single execution.

Why Itential

Workflow building was fast enough to translate SME knowledge into reusable assets in days. Out-of-the-box integrations and Golden Configuration gave the team multi-vendor standardization without writing per-device scripts.

The Challenge

Escalating Security Requirements in a High-Stakes Industry

Operating in financial services means a constantly rising security bar. Vendor patches and software updates arrive more frequently than they used to, and the consequences of falling behind grow with every cycle.

The network team faced that bar armed only with scattered task automation and mostly manual change processes. At the scale of their multi-vendor network, that meant upgrades happened once per year inside a designated change window – leaving devices out of date and creating security exposure the business could not accept.

Their infrastructure spanned multiple domains and vendors, with diverse toolsets and systems. Existing Python automation worked for small tasks but fell short of end-to-end orchestration. The manual effort, time, and specialized skills required for upgrades placed growing strain on team capacity.

Three Constraints Behind the Yearly Change Window

Each one made it harder to keep a multi-vendor network patched, compliant, and audit-ready.

Scripts That Stopped Short of Orchestration

Existing Python scripts handled small-scale tasks but did not deliver end-to-end orchestration across the multi-vendor infrastructure. Each upgrade still required manual coordination, custom validation, and engineer-intensive handoffs.

Specialist Capacity, Not Specialist Volume

The effort, time, and specialized skills needed to manage updates placed growing strain on team capacity. Senior engineers spent cycles on repeatable upgrade work instead of higher-value initiatives.

Yearly Windows, Year-Round Risk

A single change window per year meant most devices spent most of the year out of date. With stringent security standards and a fast-moving threat landscape, that exposure was no longer tolerable.

The yearly change windows just were not working. But there was nothing else we could do with what we had. Because we have some pretty stringent security standards, we really just had to try something different.

Network Engineer

Major FinTech

The team did not need more scripts. They needed an orchestration platform that could move multi-vendor change off the yearly change calendar entirely.

Why Itential

Why They Chose Itential

During the evaluation, the organization worked through use cases in Itential workshops and demos – SD-WAN deployment, Panorama security rule management, CI/CD pipeline integration. The team built working workflows for those use cases in days, translating business logic and SME knowledge into repeatable, scalable assets. Several capabilities anchored the decision.

One Platform for Multi-Vendor Standardization

Five capabilities sat at the center of the decision – together giving the team a foundation for end-to-end orchestration with governance and compliance built in.

Explore the Platform

End-to-End Orchestration

Seamless integration across the multi-vendor, multi-domain infrastructure, incorporating existing Python scripts rather than forcing a rewrite. The team kept what worked and orchestrated above it.

User-Friendly Workflow Builder

Drag-and-drop functionality abstracted the underlying network complexity, letting engineers build modular, reusable, scalable workflows quickly – and giving SMEs a way to translate their knowledge into shared assets.

Out-of-the-Box Integrations

Open source integrations for ServiceNow, Palo Alto Panorama, and other common systems reduced time-to-value. Rapid API generation handled everything else, so the team did not write new integration code for every controller.

Golden Configuration

Hierarchical Golden Configuration templates automated compliance management across multiple device types, vendors, and network domains – providing the configuration consistency multi-vendor environments rarely achieve.

Compliance Reporting

Reports across both CLI and API devices, with Compliance Plans that deliver key compliance insights directly to the applications and teams that need them.

The Solution

Multi-Domain Workflows Built Once, Run On-Demand

With Itential, the network team turned software upgrades and configuration changes from once-a-year manual processes into orchestrated, repeatable workflows – running whenever the business needed them.

Software Upgrades, On-Demand

Upgrade workflows decoupled from a yearly change window. Pre-checks, the config push, post-checks, and systems of record updates all run as one end-to-end execution – letting the team patch when patches arrive, not when the calendar allows.

Firewall Policy Automation

Standardized firewall rule management across multiple network and cloud domains, including Palo Alto Panorama and Zscaler whitelisting – giving security and network operations a shared, governed execution path.

Golden Config & Compliance Reporting

Hierarchical Golden Configuration templates plus compliance reporting across CLI and API devices – keeping multi-vendor infrastructure consistent and audit-ready without manual reconciliation.

Change Management Integration

Network workflows integrated with the team’s existing change control systems, so every orchestrated change carried the same approval, audit, and record-keeping standards the business already required.

Itential let us build out workflows that account for all our requirements. Not just the config push, but things like pre-checks, post-checks, systems of record took up a lot of engineers’ time. It lets us decouple our software upgrades from a preset change window so we can ensure everything is always up to date across the network.

Director, Network & Cloud Infrastructure

Major FinTech

The Outcome

Reducing Risk & Delivering Business Impact with Orchestration

Moving from once-a-year change windows to on-demand orchestrated execution produced measurable returns in hours, capacity, and security posture.

2,313

Hours Saved

By automating software upgrade and configuration management use cases across the multi-vendor infrastructure.

1.11

FTE Freed Up

Equivalent engineering capacity returned to higher-value work after upgrade and configuration automation went live.

5

Use Case Domains Automated

Firewall policy, software upgrades, SilverPeak routes, Zscaler whitelisting, and device onboarding – all orchestrated through one platform.

5+

Vendor Domains Unified

Multi-vendor, multi-domain workflows spanning network, cloud, security, load balancers, and change management systems – orchestrated through a single platform.

Decoupled from the Yearly Change Window

Software upgrades and configuration changes no longer wait for an annual change calendar. The team now patches when patches arrive – closing the security exposure that came with devices sitting out of date.