Large Medical Group Enables Healthcare Compliance With Illumio
Overview and challenge
When the initial scope of its network segmentation project became unmanageable in time, expense, and ongoing maintenance, the IT team for one of the country’s largest medical groups was forced to focus on its core objectives: segmenting applications and segmenting people from servers and environments.
“There are a whole gambit of tools to help mitigate issues on the perimeter,” said the medical group’s IT Director. “When you tie those with policies, you could probably prevent 95 percent of attacks. But it’s that 5 percent that you don’t know about where somebody comes in and sits in your network for a long time learning your environment. If we do have an employee or someone who wants to be malicious, we need to be able to limit their access from day one. A desktop shouldn’t be able to ping a server. They don’t even need to know it exists.”
How Illumio helped
The customer chose Illumio for an initiative to exercise internal controls to prevent lateral movement — specifically, to identify personal health information (PHI) for 400,000 patients in its environment, control what can and can’t be transmitted, and get alerts and automated lockdowns on actions that are outside of normal behavior.
A gradual transition to the cloud was another driver: potential compliance penalties mean that no provider can entrust third parties to secure their data.
In the words of the group’s IT Director: “Illumio looks at your network and your infrastructure as an application and then baselines who really needs to see or access the backend layer of that infrastructure — and how and by what means. Then it basically takes a picture of that, and you can confirm who needs to see it. It takes the visual footprint away from everyone and every device that doesn’t need to see it and allows us to easily lock down communications at the server layer and even the process layer. If anything tries to go outside of what is the approved realm, then it will alert you and you can go investigate.”
Illumio Core is superiorly designed to do a specific task. It doesn’t have all the overhead, management, and additional training needs that come with larger vendors. IT Director Large Medical Group
Results and benefits
Ensuring robust protection for a large body of healthcare records already means balancing information overload from multiple security solutions with the need to receive actionable insights.
The primary driver for choosing Illumio was ease of use.
“We didn’t want a solution that was going to be overly taxing on our admins,” the group’s IT Director said. “We needed something that is plug-and-play out of the box — that we could get going quickly and not have to worry about too many hassles keeping it running in the field. Illumio Core is superiorly designed to do a specific task. It doesn’t have all the overhead, management, and additional training needs that come with larger vendors.”
Cathay Pacific Security Takes Flight With Illumio
The airliner gained an "easy, pragmatic" approach to Zero Trust Segmentation.
Top Healthcare Education Institution Secures PII From Breach With Illumio
Find out how a top healthcare career school secured PII of 15,000 users with compliance-grade Zero Trust Segmentation from Illumio.
QBE Insurance Strengthens Its Zero Trust Security With Illumio
For QBE, microsegmentation reduces complexity and risk across a globally distributed infrastructure.