Zero Trust Segmentation

How West Bend Mutual Insurance Overcame Cloud Migration Challenges With Illumio

When it comes to cybersecurity, West Bend Mutual Insurance wants to make sure its business and its members are protected. The IT team is resilience focused, with a "not if but when" mindset about breaches. That means the principle of least privilege underpins its security approach.

The company recognized perimeter firewalls would not sufficiently protect the internal network, so West Bend decided to implement microsegmentation.

"Microsegmentation is a key control for protecting company assets and limiting the blast radius of a breach or ransomware attacks," explains Ryan Dove, assistant vice president of it, security and technology. "It put the business in a much better place from a risk perspective."

Not all microsegmentation solutions are created equal

The West Bend team opted to use an existing vendor’s hypervisor solution to perform microsegmentation. But when the insurance company began to migrate workloads to the public cloud platform Microsoft Azure, complexity ensued.

That complexity included major production outages that took a long time to resolve, ultimately putting a hold on the migration progress.

"We couldn't move workloads until we could guarantee the same security position in the cloud as we had on-premises," says Mike Laak, a senior infrastructure engineer at West Bend.

The native segmentation features of Azure also had limits. West Bend had multiple Azure subscriptions to separate its environments across regions, each with its own virtual network, which made it impossible to enforce centralized policies across regions and virtual networks.

Built-in visibility was another must. West Bend’s existing microsegmentation solution had a separate product for visibility, with a hefty $300,000 price tag.

As a result, West Bend recognized it needed a centralized platform for policy management with inherent support for cloud environments and legacy operating systems.

Hard lessons with a silver lining

Trying to solve its cloud migration challenges led West Bend to Illumio.

"Illumio met all our security and visibility requirements," Laak comments. "Plus it's SaaS hosted, supports multiple operating systems, and is less complex than similar solutions."

West Bend initially rolled out Illumio Core on top of the hypervisor-based solution it was replacing with no issue, since Illumio doesn’t interfere with the network interface on virtual machines. For about a month, the team used Illumio’s real-time map in “visibility mode” to ensure they understood traffic flows before rewriting rules.

This approach allowed West Bend to see the impact of draft policies and clear out“potentially blocked” traffic for which a rule didn’t exist. Integrated visualization and policy creation workflow ensures safe and efficient enforcement — a capability the insurance company did not have previously.

Simple labeling eliminates “tag sprawl”

West Bend also found tremendous relief in Illumio's simple labeling method compared to the tag sprawl headache of its first microsegmentation solution.

Streamlined labels make it easier to properly scope policies, eliminating the chance of errors and resulting in far fewer labels to manage.

After monitoring and thoroughly testing Illumio Core, the team executed a big-bang cutover — in just 10 minutes, with no downtime.

"We were in a precarious situation until we got Illumio working, giving us security, velocity and stability," says Perry Whelan, West Bend’s manager of IT architecture.

No muss, no fuss — just results

The cloud migration with Illumio’s help went remarkably well, with no outage events or disruptions. West Bend now continues to rely on Illumio Core for unified visibility and security for on-premises and cloud workloads.

"Illumio can go largely unnoticed in a good way," Laak shares. "It’s never adversely impacted my day. It just does exactly what it’s supposed to do."

The real-time map and historical view of its application environment reduces time spent troubleshooting issues and simplifies audits and segmentation efforts.

Finally, security doesn’t depend on underlying infrastructure while label-based rules streamline policy creation. That makes deployment and maintenance much easier.

Download the story and learn more about how Illumio helps customers reduce risk and strengthen their Cyber Resilience.

Related topics

Related articles

U.S. Cybersecurity Strategy, Healthcare Breaches, and Illumio Market Momentum
Zero Trust Segmentation

U.S. Cybersecurity Strategy, Healthcare Breaches, and Illumio Market Momentum

Get a summary of Illumio's news coverage from March 2023.

Can You Measure the Efficacy of Microsegmentation?
Zero Trust Segmentation

Can You Measure the Efficacy of Microsegmentation?

Illumio and Bishop Fox conducted and documented an industry-first blueprint on how to measure the efficacy of micro-segmentation.

Network vs. Security Segmentation
Zero Trust Segmentation

Network vs. Security Segmentation

In this episode of The Tailgating Security Podcast, Alan Cohen and Matt Glenn discuss the world of difference between network and security segmentation.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?