HashiCorp Products Used

BCPCustomer Story

Accelerating the path to modern banking

Peru’s biggest bank uses HashiCorp Terraform and Vault to expedite delivery of digital banking solutions to historically underserved communities.

  • $39B in total assets
  • 96% reduction in provision time
  • Validated secrets in seconds instead of 1 hour
  • 2,400+ ATMs
  • Accelerated time to market by increasing provisioning velocity
  • Decreased costs by eliminating provisioning steps

BCP

Banco de Crédito del Perú (BCP), part of the Credicorp Group, is the largest bank and supplier of integrated financial services in Peru. BCP has been the country’s leading financial system for the past 130 years, making them Peru’s oldest and most valuable brand. They have contributed to the economic development of the country, transforming plans into reality. Offering a broad range of banking products and services to individual, small and medium-sized organizations, and corporate clients, as well as government entities, micro lenders, and international agencies.

Vault has completely reshaped our approach to secrets management by eliminating manual key entry and reducing our validation timelines from an hour to just a few seconds. That has a huge impact on our overall productivity and time-to-market for applications that have adopted it.

Erika León-Ravinez, DevSecOps Tribe Leader, BCP

Automation in the Andes

Banking isn’t what it used to be. The days of paper deposit slips, visits to the teller, and writing checks have long passed — for most people. In Peru, there’s still a significant segment of the population without access to modern banking services and solutions, and the Banco de Crédito del Perú (BCP) is undertaking a massive digital transformation in an effort to change that.

The country’s largest bank, a subsidiary of Forbes Global2000 member Credicorp, serves millions of customers domestically and internationally through more than 2,400 ATMs, 7,000 telebanking agents, over 400 physical branches, and its digital channels, including mobile banking and digital wallets. But delivering modern banking services like mobile or internet banking, credit services, and digital mortgage lending that many Peruvians haven’t previously had access to requires an expansive, agile, and high-performance IT infrastructure that the bank had never before committed to building.

“In today’s competitive landscape, delivering new applications and services that customers expect or even demand is a time-sensitive matter,” says Erika León-Ravinez, DevSecOps tribe leader at BCP. “Our legacy infrastructure required so many manual processes — for everything from spinning up new servers to managing secrets for securing systems and sensitive data to testing and deploying new services for internal and external users. We began a massive digital transformation initiative to make it all happen, but realized early on that we needed an efficient, flexible, and secure tech stack to make it a success.”

Manual processes aren’t transformative

Like many financial institutions, BCP’s legacy IT infrastructure had been designed and deployed for a different time and era. The on-premises, mainframe-centered infrastructure was perfect for securely executing financial transactions over the years, but as the bank embraced a DevOps mindset and adopted its best practices to fuel its digital transformation, BCP’s DevOps team — León-Ravinez and lead architect, Edwar Ponte — was under an executive directive to reduce infrastructure delivery and secrets management timelines to support accelerated time-to-market for new customer-facing applications and services.

A significant portion of that effort involved migrating much of its legacy infrastructure to the bank’s primary public cloud platform, along with other on-premises destinations. But deploying hybrid infrastructure in different environments, coordinating and connecting services, and establishing the secrets for every interconnected system proved much more work than anticipated.

“We used to have a mix of mostly manual processes and a smattering of automation across the various tools we used to stand up infrastructure for any new application we wanted to build in the cloud,” says Michael Garcia, owner of BCP’s public cloud platform.. “Each team presented a different technological need, which included infrastructure services, containers, data, and analytics in the cloud, and meant something as essential as provisioning could take days at a time.”

At the same time, secrets management — vital for authenticating access to sensitive cloud workspaces and sensitive customer data — presented even more significant challenges that increased the number of incidents and risk, and frequently put the BCP DevOps teams behind schedule and under pressure.

“Two years ago, we had three different credential management systems and anyone using them had to manually enter keys to authenticate users for the production environment,” says León-Ravinez. “In some instances, we even had to pass production before we could validate the secrets, which created errors and incurred a lot of extra time and labor costs to fix. It could take up to two hours to locate a security analyst who could help troubleshoot the issues, which just added more review cycles for an app and extended the time it wasn’t available for customers.”

Challenges

  • Streamlining cloud and hybrid services deployment
  • Eliminating manual secrets management
  • Accelerating digital transformation initiatives and delivery of customer-facing digital services

Why Terraform

With Terraform, we’re provisioning infrastructure that follows security and operations guidelines from the same corporate marketplace to better control implementation of different cloud instances and workspaces without being locked into a single cloud vendor.

Michael Garcia, Product Owner, Public Cloud Platform, BCP

Momentum, transformation, progress

BCP adopted HashiCorp Terraform and Vault to streamline and accelerate their infrastructure and secrets management operations. After a short proof of concept versus competing tools, the company chose HashiCorp solutions for their simplicity and security, as well as their extensive cross-platform capabilities in support of the bank’s move toward a multi-cloud and hybrid IT environment.

According to Michael Garcia, owner of BCP’s public cloud platform, one of BCP’s primary goals was to standardize its infrastructure provisioning processes across both on-premises and public cloud platforms to enable greater self-service for its development teams.

“With Terraform, we’re provisioning infrastructure that follows security and operations guidelines from the same corporate marketplace to better control implementation of different cloud instances and workspaces without being locked into a single cloud vendor,” says Michael Garcia, owner of BCP’s public cloud platform. “More importantly, it empowers every developer to deploy their own infrastructure, complete with the credentials and certificates for provisioning secrets all from the same place. What used to take two or three days, now takes less than an hour.”

Now, teams assigned to any top-level project — from digital wallets to remote agent chat platforms — can work independently, with greater speed and agility to advance the company’s projects aggressively forward. But the gains in infrastructure speed and simplicity aren’t the only benefits BCP is enjoying with their use of HashiCorp tools. Upgrading to the Vault Enterprise edition for a group of applications using the tools has virtually eliminated the complexities of secrets management that had previously plagued the team and added weeks to deploying customer-ready apps and services.

With Vault, the team found appropriate security controls for encrypting all secrets, a strong authentication mechanism, as well as providing a disaster recovery process. These are all fundamental pillars of security operations at BCP, and using Vault drastically improves their security posture.

“Vault has completely reshaped our approach to secrets management by eliminating manual key entry and reducing our validation timelines from an hour to just a few seconds. That has a huge impact on our overall productivity and time-to-market for applications that have adopted it,” León-Ravinez states. “It’s also key to protecting super-sensitive customer data wherever it lives. That helps us meet our compliance requirements, which is always a top priority.”

Though the bank is still in the early stages of its long-term transformation process, both León-Ravinez and Garcia — along with colleague Bryan León Aristando, cloud engineer on the public cloud platform team — are encouraged by the velocity of change and improvement that teams across the organization have experienced since adopting Terraform and Vault. “HashiCorp tools have helped us slash the time to deploy new services to production, the number of errors we’ve had to deal with, and the costs of fixing them,” Garcia says. “Every day we’re gaining momentum, moving closer to a fully digital and modern IT environment, and able to provide Peruvians across the country with the digital banking services they demand and deserve.”

Outcomes

  • 96% reduction in cloud infrastructure deployment times from 2 or 3 days to hours
  • Automated secrets management, cutting validation times from 1 hour to seconds
  • Eliminated costly and time consuming errors due to manual data management
  • Accelerated time to market of high priority customer services

Solution

Banco de Crédito del Perú (BCP) is using HashiCorp Terraform and Vault to accelerate cloud infrastructure deployment and protect sensitive data as part of a transformation effort designed to extend digital banking solutions to underserved markets that have traditionally not had access to modern banking services.

BCP Partners

  • Erika León-Ravinez DevSecOps tribe leader BCP

    Erika has over 16 years of experience in IT. As the DevSecops tribe leader at BCP she is responsible for leading the charge of all implementations of process, tools, change management and development related to DevSecOps at BCP. She is passionate about technology and finding disruptive ways to bring DevSecOps to the entire organization in a high quality and secure manner.

  • Edwar Ponte Lead architect, DevOps BCP

    Edwar is a DevSecOps architect at BCP and responsible for their CI/CD platform. With 15 years of IT experience, he has deepened knowledge of software engineering, solutions architecture, and open source solutions. Edwar is passionate about continuously searching for the best practices and tools to provide the best experience for the developers who use their platform.

  • Michael Garcia Product owner, public cloud platform BCP

    Michael Garcia is the product owner of BCP’s public cloud platform where he has been leading the cloud strategy and adoption efforts for the past four years. With 10 years of prior experience as a cloud engineer, Michael has led public cloud transformation projects with BCP and the technology industry.

  • Bryan León Aristondo Cloud engineer, public cloud platform BCP

    Bryan has been with BCP for almost two years helping with the adoption of the public cloud platform. He brings 5 years of previous experience as an IT consultant driving digital transformation in several companies, leading more than 50 technology solution implementation projects. He is currently responsible for handling several initiatives of operational stability, provisioning, and improvements of the public cloud infrastructure.

Technology Stack

Infrastructure
Microsoft Azure, on-premises, mainframe
Workload type
Linux (80%), Windows(20%)
Container Runtime
Azure AKS, Red Hat OpenShift
Orchestrator
XL Release, Jenkins
CI/CD
Jenkins
Version Control
Bitbucket
Provisioning
HashiCorp Terraform, IBM Cloud Orchestrator, manual
Security management
Azure Key Vault, HashiCorp Vault

Ready to get started?