fleet/articles/scaling-financial-security-with-gitops.md

Scaling financial security with GitOps and RBAC

A leading digital payments provider focused on making international money transfers faster and more transparent, operating in the highly regulated financial services industry, required a management solution that could match the rigor of their security and compliance standards.

At a glance

• Endpoints: 662 (macOS and Windows).
• Primary requirement: GitOps workflows and granular RBAC.
• Key integrations: Windows Autopilot, Okta, and Fleet Cloud.
• Previous solution: Workspace ONE and self-managed osquery.

The challenge: restrictive "magic" systems

Their previous experience with Workspace ONE was defined by high restrictions and a lack of granular Role-Based Access Control (RBAC). This made it impossible to safely delegate tasks to the help desk. Additionally, running a self-managed, on-premise osquery instance led to fragmented deployments and operational silos.

The solution: Fleet Cloud and configuration-as-code

They are unifying fragmented deployments into a single Fleet Cloud environment. This transition focuses on a GitOps-first approach, treating physical hardware like cloud infrastructure. By using Fleet’s granular RBAC, they can finally grant specific, limited access to support staff without compromising the entire management stack.

The results: professionalized deployment controls

• GitOps adoption: All configurations are now version-controlled and peer-reviewed, replacing "magic" backend changes with predictable, code-driven workflows.
• Automated labeling: The team uses the Fleet API for dynamic device grouping and bulk operations, replacing what was previously a manual, error-prone process.
• Unified compliance: Integrating Windows Autopilot and Okta into a single API has removed the technical debt of managing disconnected silos, providing instant data for financial audits.