When it comes to cybersecurity, West Bend Mutual Insurance wants to make sure its business and its members are protected. The IT team is resilience focused, with a "not if but when" mindset about breaches. That means the principle of least privilege underpins its security approach.
The company recognized perimeter firewalls would not sufficiently protect the internal network, so West Bend decided to implement micro-segmentation.
"Micro-segmentation is a key control for protecting company assets and limiting the blast radius of a breach or ransomware attacks," explains Ryan Dove, assistant vice president of it, security and technology. "It put the business in a much better place from a risk perspective."
Not all micro-segmentation solutions are created equal
The West Bend team opted to use an existing vendor’s hypervisor solution to perform micro-segmentation. But when the insurance company began to migrate workloads to the public cloud platform Microsoft Azure, complexity ensued.
That complexity included major production outages that took a long time to resolve, ultimately putting a hold on the migration progress.
"We couldn't move workloads until we could guarantee the same security position in the cloud as we had on-premises," says Mike Laak, a senior infrastructure engineer at West Bend.
The native segmentation features of Azure also had limits. West Bend had multiple Azure subscriptions to separate its environments across regions, each with its own virtual network, which made it impossible to enforce centralized policies across regions and virtual networks.
Built-in visibility was another must. West Bend’s existing micro-segmentation solution had a separate product for visibility, with a hefty $300,000 price tag.
As a result, West Bend recognized it needed a centralized platform for policy management with inherent support for cloud environments and legacy operating systems.
Hard lessons with a silver lining
Trying to solve its cloud migration challenges led West Bend to Illumio.
"Illumio met all our security and visibility requirements," Laak comments. "Plus it's SaaS hosted, supports multiple operating systems, and is less complex than similar solutions."
West Bend initially rolled out Illumio Core on top of the hypervisor-based solution it was replacing with no issue, since Illumio doesn’t interfere with the network interface on virtual machines. For about a month, the team used Illumio’s real-time map in “visibility mode” to ensure they understood traffic flows before rewriting rules.
This approach allowed West Bend to see the impact of draft policies and clear out“potentially blocked” traffic for which a rule didn’t exist. Integrated visualization and policy creation workflow ensures safe and efficient enforcement — a capability the insurance company did not have previously.
Simple labeling eliminates “tag sprawl”
West Bend also found tremendous relief in Illumio's simple labeling method compared to the tag sprawl headache of its first micro-segmentation solution.
Streamlined labels make it easier to properly scope policies, eliminating the chance of errors and resulting in far fewer labels to manage.
After monitoring and thoroughly testing Illumio Core, the team executed a big-bang cutover — in just 10 minutes, with no downtime.
"We were in a precarious situation until we got Illumio working, giving us security, velocity and stability," says Perry Whelan, West Bend’s manager of IT architecture.
No muss, no fuss — just results
The cloud migration with Illumio’s help went remarkably well, with no outage events or disruptions. West Bend now continues to rely on Illumio Core for unified visibility and security for on-premises and cloud workloads.
"Illumio can go largely unnoticed in a good way," Laak shares. "It’s never adversely impacted my day. It just does exactly what it’s supposed to do."
The real-time map and historical view of its application environment reduces time spent troubleshooting issues and simplifies audits and segmentation efforts.
Finally, security doesn’t depend on underlying infrastructure while label-based rules streamline policy creation. That makes deployment and maintenance much easier.