Adaptive Segmentationmicro-segmentation March 4, 2019

Peace of Mind About PCI Compliance: Customer Q&A

Heather Bates, Sr. Content Marketing Manager

Director of IT, Joe Stoughtenger, discusses how Illumio's real-time application dependency map and "test before you enforce" capabilities have given Wilderness Resort peace of mind when it comes to PCI compliance.

Illumio ASP was easy to set up and has proven its ease of use over time, giving us peace of mind knowing that we can log in, get that visual feedback, and take care of any issues 24/7. 

Joe Stoughtenger is the Director of Information Technology at Wilderness Resort, responsible for all facets of IT across the resort ecosystem. The views, opinions, and positions expressed herein are his alone, and do not reflect the views, opinions, or positions of Wilderness Resort or any other employee thereof.

What are some of Wilderness Resort’s biggest initiatives, operationally and in security?

First and foremost is PCI compliance with all the credit cards that we deal with, whether it be our front desk web reservations or the 95 MICROS workstations that we have throughout the resort.

Our other focus is doing anything and everything to keep every department happy by keeping everything running smoothly so they can focus on doing their job without disruption.

Why did you choose Illumio?

From the beginning, the Illumio attitude was ‘whatever we can do to help’ and ‘feel free to call us.’ I appreciated the honesty and the integrity. And our environment was such that I felt that only Illumio could help address all our needs. With our compliance focus, I was looking for a way to (1) not spend a million dollars, and (2) not have to re-architect our entire network.

The cloud-based approach is also great because, you know what, I don't want to have to worry about one more piece of equipment that I have to update. That's worth a million dollars to me.

What was the specific problem you were looking to solve?

Peace of mind about PCI – it is my greatest responsibility and worrying about someone getting in and being able to do something with that data is what gives me gray hair.

With Illumio, we gained an internal firewall and visibility into our PCI environment that is critical for peace of mind and security.

How do describe Illumio’s application dependency mapping and micro-segmentation to your peers?

IT people are generally so focused on traditional firewalls and keeping people out, but we’re at a point where we need a way to view the traffic that flows behind the firewall – inside our environments – and to understand what’s connected and communicating. Why does this need to talk to that? Why is this front desk workstation going to our web server? Illumio makes a big difference in allowing you to see what apps and systems actually talk to each other and to make a change in an instant if you see something strange occurring.

Has your experience of Illumio ASP evolved over time?

When I first started, I thought, "Okay, I'm going to be able to see my traffic and get that visibility I need." But the ability to test policy changes before we enforce them – having that built into the product – is huge because I can't afford downtime, and my upper management would not be happy with me if we have downtime. I sent a screenshot of what we have set up and they were pretty blown away by it.

Illumio ASP was easy to set up and has proven its ease of use over time, giving us peace of mind knowing that we can log in, get that visual feedback, and take care of any issues 24/7.

How do you see organizations changing the way they approach data center and cloud security in the future?

For smaller organizations like ours, I just believe this is the way to go and software is the best route. You don't want to invest in cabling and switching, the time it takes to set up the other switches, VLANing, etc. Now and increasingly so, you need a product where you can log in, see everything that you need to see, and add or make changes within a matter of seconds or minutes.

What are some of your top security tips?

Keep everything updated. Whether it be through Windows or whatever software product that you’re running, update constantly. And keep yourself up-to-date. Whether it be through blogs, emails, YouTube. I'm constantly looking for ways to keep on track and then share that knowledge with my team and stakeholders. Security wise, credit card wise especially, always look to stay ahead of the curve.

What are your go-to sources for IT and security-related information?

I'm definitely a Reddit guy. Security wise, I’m on Krebs on Security a lot, and I'm subscribed to probably 15 to 20 different websites; CIO, anything Microsoft-based, etc. I’m also a huge fan of Steve Gibson’s Security Now podcast.


Adaptive Segmentationmicro-segmentation
Share this post: