Customer Overview & Challenge
Being the IT organization at a top healthcare career school offering online education to a user body of 15,000 students and faculty is no small task. All users provide Personally Identifiable Information (PII) protected under regulation and subject to security compliance – at cloud scale.
To comply with standard regulations on securing PII, the school’s Senior Security Director sought to tighten up ringfencing of protected systems beyond perimeter firewalling to comply with standard regulations on securing PII. A dynamic user population demands dynamic user segmentation to databases. But the degree of granularity needed was not possible to maintain when bound to firewalls on the infrastructure. Also, the change management and operational burden of using firewalls didn’t scale to the needs of the business.
“Being able to efficiently and safely enforce policy rules was paramount because we have so many people and systems. With firewalls, it could take months,” he explained. “You have to use change control. If hardware goes down, you jeopardize the whole data center. It creates points of failure and complexity, and puts a strain on the network staff. Every new database requires coordination.”
Security on the network with internal firewalling couldn’t keep up with cloud-based demand.
Illumio Solution
The tall order of finding the right segmentation solution that the team would be able to operationalize landed in the hands of their Advisory Systems Engineer who would ultimately operate it. He chose a software-based approach with Illumio.
“I was interested in micro-segmentation but did not want to use ACLs on network infrastructure, which would require a testing environment and outage windows. At the same time, our security team wanted to start using the native security capabilities of our Windows servers. Illumio ASP checked all of the boxes for both implementations – it was my first and final choice. It allows us to see all of the communication flows in our live production environment and to test firewall rules without facing outages.”
Using Illumio ASP’s orchestration of the Windows Filtering Platform at the server level for enforcement prevents any network disruption – versus the outage risk of rules breaking applications introduced by using production firewalls.
Within the same day of deploying Illumio’s real-time application dependency map, the team could visualize traffic flows across their data estate. Illumio allows them to create logical policies, test them before enforcement, secure their systems from breach – at cloud scale and without re-architecting the network.
Customer Benefits
No re-architecting
Illumio’s host-based solution allows the team to test and enforce policy with no impact on the network and no downtime.
Total visibility
From visualizing traffic flowing across their data estate with the application dependency map, the team discovered “unknown unknowns” on day one of deployment.
Proven segmentation
They gained the dynamic visibility and control needed to secure PII with granular, compliance-grade segmentation.
Flexible granularity
Beyond user segmentation, the team is working towards environmental separation to prevent developers from working in a production environment – a risk no web-scale business can take.
Illumio ASP checked all of the boxes for both implementations – it was my first and final choice. It allows us to see all of the communication flows in our live production environment and to test firewall rules without facing outages.
Advisory Systems Engineer
Related Resources
Illumio, Inc. 920 De Guigne Drive, Sunnyvale, CA 94085, Tel (669) 800-5000, www.illumio.com. Copyright © 2020 Illumio, Inc. All rights reserved. This document is protected by U.S. and international copyright and intellectual property laws. Illumio’s products and services are protected by one or more U.S. and international patents listed at https://www.illumio.com/patents. Illumio® is a trademark or registered trademark of Illumio, Inc. or its affiliates in the U.S. and other countries. To review a list of Illumio’s trademarks. Third-party trademarks mentioned in this document are the property of their respective owners.
