How Western Union Built Scalable Zero Trust with Illumio Segmentation

When you’re helping people move money across 200 countries and territories every day, cybersecurity is a business imperative.

At Western Union, cybersecurity is foundational to the mission of serving global communities and fighting financial crime. But legacy approaches couldn’t keep up with evolving regulations, rising threats, and the speed of M&A.

That’s why Western Union turned to a Zero Trust strategy grounded in microsegmentation.

With Illumio, the team built a scalable segmentation strategy that accelerated PCI compliance, reduced dwell time during acquisitions, and delivered the visibility needed to spot threats before they spread.

At this year’s Black Hat, we sat down with Western Union’s Rusty Perry, vice president of cybersecurity architecture strategy, and Bruce Godbout, lead cybersecurity solution architect, to learn how they’ve implemented a scalable microsegmentation strategy with Illumio and what it’s unlocking across their global enterprise.

Watch the full interview here:

Security that goes beyond compliance

Western Union’s global mission is bigger than just money transfer. It serves underserved communities, supports education, and fights fraud and human trafficking — all while navigating tight regulations and compliance demands.

“We serve a lot of parts of the world that don’t have access to traditional financial services,” Rusty said. “Our customers are often sending money to sustain families, send kids to college, or support small businesses. It’s critical that we protect those transactions and the people behind them.”

Bruce agrees, adding that the mission drives the company’s approach to cybersecurity.  

“Security has to be more than just a box-checking exercise,” he said. For Western Union, that means security must enable the business while helping them move faster and more safely.

We serve a lot of parts of the world that don’t have access to traditional financial services. Our customers are often sending money to sustain families, send kids to college, or support small businesses. It’s critical that we protect those transactions and the people behind them.

Zero Trust built on segmentation

Western Union has embraced a Zero Trust strategy not just for protection but for progress. Microsegmentation is foundational to its strategy.

Bruce calls Zero Trust an enabler. When Western Union acquires new companies, microsegmentation lets it bring new environments into the fold without exposing the whole enterprise to unnecessary risk.

With a Zero Trust approach powered by microsegmentation, the Western Union team can:

• Contain risk during mergers and acquisitions (M&A)
• Comply with evolving regulations like PCI DSS 4.0
• Isolate critical systems without slowing down the business
• Gain visibility into unknown assets and traffic patterns

“Zero Trust helps us connect new environments securely and surgically,” Rusty said. This allows the business to see value from M&A faster while still upholding security standards and reducing dwell time.

Compliance as a segmentation catalyst

One of the biggest accelerators for Western Union’s microsegmentation journey was moving from PCI DSS 3.2.1 compliance to PCI DSS 4.0. With PCI 4.0 requiring controls such as multi-factor authentication (MFA) across all systems in the cardholder data environment (CDE), segmentation became essential.

“Most companies start Zero Trust by replacing VPNs with ZTNA (Zero Trust network access), and think they’re done,” Rusty said. “They’re not. PCI gave us a reason to go further, faster.”

Without segmentation, Western Union would have had to bring its entire environment in compliance with PCI DSS, an expensive and risky move. But by segmenting, the company isolated its CDE and reduced the compliance footprint — and the effort required to achieve it.

From homegrown segmentation tools to Illumio

Western Union had done segmentation before — the hard way. Its team wrote internal tools to analyze logs and push host-based firewall rules. That approach worked in cloud environments. But on-premises it was slow, painful, and limited.

Now it needed speed and scalability. So it turned to Illumio. With Illumio, it didn’t need to ship and store logs or retrofit automation. And it got insights fast and could share policy recommendations in format other stakeholders could understand.

“That was huge,” Bruce said.

Scaling segmentation through cross-functional internal partnerships

One of the biggest challenges in any segmentation project is getting buy-in from application and infrastructure teams. That’s why partnership was key, Rusty says.

“We had the luxury of a looming PCI deadline, which helped get attention,” he explained. “But more importantly, we built cross-functional partnerships. We told teams what we were doing, why it mattered, and how it would impact them — and we gave them support.”

The result was tight collaboration and successful deployment across thousands of workloads. It wasn’t easy. But with leadership alignment and strong relationships, the team passed the audit.

What Western Union learned from segmenting thousands of workloads

Today, segmentation is helping Western Union do more than check compliance boxes. It’s empowering better business decisions and enabling faster, safer operations.

Bruce says that M&A continues to be a major use case for segmentation. With Illumio, the Western Union security team can onboard new companies without fully integrating them right away. That keeps the business moving without exposing the broader environment to security risk.

It is also using Illumio to enhance threat detection.

“Visibility is just the beginning,” Rusty said. With telemetry from Illumio, the IT team can see real traffic patterns, identify anomalies, and feed that into the cyber defense team. That helps the company spot issues faster and act before threats escalate.

Rusty and Bruce shared several key lessons learned from their microsegmentation implementation:

• Bring a project manager in early. Segmentation is a cross-functional effort, so it should be treated as one.
• ‍Get at least three months of traffic analysis. That’s the minimum to get reliable insights. ‍
• Communicate clearly with application owners. Share plans, policy outputs, and dates ahead of time. ‍
• Stick to your change window. If you keep pushing out deadlines, you’ll never finish. ‍
• Expect surprises. You’ll find systems and dependencies you didn’t know existed. Build in buffer time to react.

With telemetry from Illumio, we can see real traffic patterns, identify anomalies, and feed that into our cyber defense team. That helps us spot issues faster and act before threats escalate.

Looking ahead: the role of AI and automation in cybersecurity

So what’s next for Western Union’s Zero Trust journey? More segmentation, more automation, and more resilience.

“With the rise of AI-powered attacks, we have to assume that adversaries are smarter, faster, and always on,” Bruce said. “Microsegmentation is one of our strongest tools to limit blast radius and contain breaches.”

Western Union is also looking at integrating Illumio telemetry into broader threat exposure management (CTEM) strategies. It plans to harness Illumio AI observability to drive smarter risk reduction and faster detection.

“As threats evolve, we need observability that goes beyond logs,” Rusty said.

Illumio gives the company the context it needs to correlate traffic and spot what matters, so teams can act before it’s too late.

Illumio: microsegmentation at global scale

Western Union’s journey with Illumio proves that microsegmentation doesn’t have to be slow, painful, or theoretical. With the right tools, leadership, and cross-functional alignment, it can drive real results quickly — even at a large, global enterprise.

“Segmentation is no longer optional,” Bruce said. “It’s the foundation for Zero Trust, compliance, and cyber resilience.”

With Illumio, Rusty and Brian agreed that Western Union is no longer just reacting to threats. It’s building a smarter, stronger, and more secure future for a business that millions around the world rely on every day.

Want to make smarter security decisions faster? Start your Illumio Insights free trial today.