Building a bridge to flexible, mobile security at Tri Counties Bank
Tri Counties Bank, established in 1975, is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ:TCBK). Headquartered in Chico, California, the bank prides itself on providing a unique brand of customer “Service with Solutions” in communities throughout Northern and Central California.
In 2018, Tri Counties Bank entered the Bay Area market through its acquisition of First National Bank of Northern California, creating Northern California’s largest community bank network with 79 branches, 1200+ employees, and assets of $6.3 billion.
The bank primarily uses Windows across its entire footprint; the exception is its branches, which use a Citrix environment. The bank’s device fleet consists of approximately 1200 desktops, 500 Citrix virtual desktops, and 450 laptops used by traveling and remote employees.
According to Paul Musler, IT Support Supervisor at Tri Counties Bank, Citrix is at the heart of Tri Counties’ technology strategy for the next few years. Musler explained that the bank’s vision can be summarized relatively simply: “When new hires come on, what application or what tools do they need, and can we put them in this environment? And for those already on a Windows desktop, who can we migrate over to the Citrix kiosk environment and get that Windows machine out of production and onto a Citrix environment?”
A small complication to that strategy has to do with the bank’s continued growth. As the bank has grown, particularly with its recent expansion into San Francisco, flexibility has become essential for specific workers and departments, including the bank’s commercial loans department. With more workers now spread out geographically and a focus on expanding loans for new construction, employees need the flexibility to work remotely via laptops in order to travel to customers instead of asking customers to come to them.
Upgrading laptops from Windows to Citrix with CloudReady
While upgrading laptops to Windows 10 and purchasing new hardware, the bank realized that it had an excess of 4 year-old laptops that it hoped to repurpose to use in its Citrix environment.
“We’re really trying to identify some of our users who are mobile who require a laptop and can use our Citrix environment, which makes it more secure for them and more secure for us,” explained Musler. “As a financial institution, the more locked down we can make these laptops, the easier for us on audits and audit findings, and the less work we have to do justifying some of the applications we have installed on the machines.”
“We were trying to find that perfect Citrix solution and we stumbled across CloudReady.”
According to Musler, the goal was to prevent the laptop end users from being able to access anything on the local drive, whether that was saving anything locally or printing anything locally. “We were hoping to use the laptops in a Citrix environment that would not allow the end users to really access anything on them locally—just one purpose: connect to Citrix, do your job, and sign out,” he explained. “We were trying to find that perfect Citrix solution and we stumbled across CloudReady.”
The benefits of CloudReady & Chrome Enterprise
Musler explained that migrating the mobile users’ laptops from Windows 10 to running CloudReady in a full kiosk environment was attractive to the bank for a number of reasons, including security, cost savings, access to Citrix, and ease of management.
“It’s saving a lot of money, and security-wise, it’s definitely saving a lot,” Musler said. “It’s cost-effective because we already own the hardware, so it’s something we can repurpose and reuse. We don’t have to secure them with McAfee and encrypt it, and then of course there’s all the Windows patching that comes with it.”
“It’s saving a lot of money, and security-wise, it’s definitely saving a lot. It’s cost-effective because we already own the hardware, so it’s something we can repurpose and reuse. We don’t have to secure them with McAfee and encrypt it, and then of course there’s all the Windows patching that comes with it.”
The ability to use Google’s Chrome Enterprise Upgrade to manage the CloudReady laptops and configure them to launch in a kiosk mode was also important. In fact, the capabilities unlocked by using Chrome Enterprise Upgrade and the Google Admin console became one of the bank’s deciding factors in making the shift to CloudReady.
“I think that was the key part for our Information Security group, that we could still manage a device even though it’s not here—or on our network, for that matter,” Musler said. “Having the Google Admin console where we could manage these devices, where we had access to lock them down, to push policy to them, to make configuration changes, to remote to them if they couldn’t get into Citrix. It’s something that we have as a department or as a company to manage it when it’s not onsite.”
A bridge from CloudReady to Citrix by way of the Google Admin console
As Musler tells it, the Neverware team was instrumental in working with the Tri Counties Bank team, including Senior Technician Kevin Frazier, to use the Google Admin console to configure, build, and test the style and look the bank wanted to bridge from the CloudReady laptops to Citrix, assisting in everything from launching into kiosk mode to spanning monitors and managing printing.
“That was a key help,” Musler said. “It was a huge bridge, and I’m not saying we couldn’t have crossed it, but we definitely had the support and the tools we needed to get the bridge built.”
The final piece of the puzzle: Citrix Beacon Points
“For us, ‘How can we leverage these laptops to connect to the Citrix environment?’ was the key part—whether it be internal or external,” Musler stated. “We really needed a platform where if users were internal, they would hit our internal netscalers for Citrix. If they were external—off our network somewhere—it would go to our external Citrix netscalers.”
The Neverware team helped Tri Counties solve that challenge by customizing Citrix beacons and adding it to their policy in the Google Admin console.
“It’s kind of still mind boggling to me how it works, but it definitely works,” Musler enthused. “If the end user is at work, they hit our internal; if they’re at home or at Starbucks or a hotel, they hit our external and they remote in, like via a VPN, into Citrix. It just works flawlessly. Once we put that in place into our policy in the Admin console, it just flew. It was a great find and was the key point to us going forward.”
With those policies in place, remote employees using the CloudReady laptops now have access to the apps they need, all accessed either via a full Windows Desktop using Citrix Virtual Desktop or as individual apps served via Citrix Workspace app. And, perhaps most importantly for Musler and his team, all application-related settings, configurations, and user data are stored server-side leveraging Citrix's Profile Management tooling. Nothing is stored locally on the laptops, achieving the level of security they had originally specified.
Adapting to the growing demand for mobility
In the end, as Musler pointed out, the shift toward more employee computing flexibility requires a change in philosophy.
“In the last five years, we’ve gone from 100 laptops to almost 500. I think we have to grow the technology department as well as the company,” Musler concluded. “If the need and the demand is to be more remote, then we’re going to have to adapt to that and figure out what is the best, secure solution that we can use to manage the devices remotely but still give people the flexibility to be remote.”
Tri Counties’ implementation of CloudReady, Chrome Enterprise Upgrade, and Citrix proves that organizations in highly regulated industries can deliver the mobility and user experience to accommodate employee needs on any device or network while continuing to prioritize security and manageability requirements.
Try CloudReady for freeReady to try CloudReady for yourself? We'll give you 5 free trial licenses that you can install and test on hardware you already have.
Get up and running in less than 30 minutes.
No commitment. And no credit card!
- Windows 7 & 10