Hongkong Electric Company Secures Critical Infrastructure With Illumio

Business goals

The Hongkong Electric Company (HK Electric) is one of the industry’s oldest electrical utilities, operating since 1890 to light Hong Kong’s iconic skyline and power one of the world’s most important financial centers.

HK Electric’s ongoing mission is to provide safe, reliable, affordable and environmentally friendly electricity for a smarter and more sustainable city.

Critical to this, the venerable company wants to ensure its reputation as a world-class power company. Since 1997, it has maintained a 99.999% reliability record of delivering power to its customers.

But the growing threat of cyberattacks on electrical grids and other critical infrastructure has put utility companies like HK Electric on high alert. The company knows that cybersecurity is now paramount to ensuring its essential electrical services remain continuously available to the people and businesses of Hong Kong.

Technology challenges

To address growing cyber threats from ransomware and international hackers, HK Electric knew it needed to further evolve its digital defenses.

In particular, it wanted to get better control of the traffic among its servers and applications through the use of Zero Trust host-based firewall rules, says Mullar Wan, General Manager of Information Technology for HK Electric.

The utility company wanted to have better visibility into its interior, “east-west” traffic that moves across its data center. Without a better level of visibility, it was extremely difficult for the security and IT teams to fully understand the company’s cyber risks and build the most effective access rules, Mullar says.

At the same time, the security team at HK Electric had to spend substantial effort to create, manage and maintain host-based firewall rules using traditional networking tools. This created additional costs and complexities. Critically, the team had no way to automate the management of these firewalls at scale.

How Illumio helped

After earning the highest scores from the network, infrastructure and application teams in a proof-of-concept test, HK Electric purchased Illumio Core almost two years ago. It is now in full enforcement with Illumio agents on more than 150 servers and other devices to protect the utility’s high-value applications.

With the Illumio platform, it is very straightforward to build, manage and automatically update host-based firewall rules across our data center. Mullar Wan General Manager of Information Technology Hongkong Electric

With Illumio in place, HK Electric has been able to establish a real-time application dependency map that visualizes the traffic flows across its data center servers (Windows, Linux OS).

Most importantly, the Illumio platform has provided the security team a practical way to design, build and automatically update host-based firewalls at scale to limit application traffic to only authorized sources, Mullar says.

With this combination of visibility into traffic flows and host-level control for protecting servers, applications and data, HK Electric has been able to establish extensive Zero Trust security within the interior of its data center to prevent cyber breaches from spreading across its IT environment.

Results and benefits

Mullar says Illumio has dramatically reduced the time and effort required by HK Electric to implement “least privilege” Zero Trust security.

This has helped the utility company greatly increase its server security and data protection by blocking breaches at the point of entry — while also driving down costs.

Malware and hackers can no longer travel freely within the data center if they find an initial entry point into the network.

With Illumio, we now have unprecedented visibility into our server and application traffic. It is making all the difference in our ability to protect our data center. Mullar Wan General Manager of Information Technology Hongkong Electric

And with Illumio, HK Electric has gained “x-ray vision” into the traffic flows among its servers, applications and endpoint devices, Mullar says.

The security, application and infrastructure teams now know exactly what is talking to what, making it far easier to set up the right policies to protect high-value assets, as well as helping detect any open paths of attack or suspicious traffic.

Critically, HK Electric doesn’t have to worry about updating its security policies as its IT infrastructure changes. All policies can be applied efficiently and swiftly as new servers and applications come online.