Baillie Gifford Maintains Audit-Ready Status Through
Micro-Segmentation

UK asset management firm ringfences client data across the data center and multi-cloud without re-architecting the network

baillie_gifford_logo

Summary

Industry: Financial Services

Environment: A central data center with 600-700 servers and multi-cloud

Challenge: Due diligence in client audits of segmentation – without re-architecting the network

Solution: Gaining audit-ready network visibility and reporting with Illumio Core

Results: Network insight to build client confidence that data is securely locked down

Customer Overview & Challenge

Ongoing client audits of micro-segmentation at UK asset management firm Baillie Gifford led its IT team of Colin Lennox and Bill Frater to review their options. They needed granular assurance of client data protection on an ongoing basis and a higher level of scrutiny than they could provide using traditional segmentation methods. “We were looking for a solution that gave us a deep, insightful view of what’s traversing the network and enabled us to ringfence based on logic rather than just us taking pot luck.”

Re-architecting its network infrastructure was a non-starter. “We would be taking something that was working and potentially break it to secure the environment. We’d have to rework the routing and add lots of complex paths. There was quite a lot of risk involved, and we found it difficult to justify the expense of costs associated with doing that.”

Beyond the data center, the firm leverages multi-cloud for efficiencies and to avoid vendor lock-in – but governing the environments consistently was a concern. “We wanted to have a solution that worked across any data center and any cloud vendor so that we can treat them as a transient species that we can move between.”

Illumio Solution

The Baillie Gifford team initially worked with Illumio Gold Partner Assure APM to run a proof of concept, deploying Illumio Core over a defined subset of the Baillie Gifford environment. Following the PoC success, the Baillie Gifford team along with a team from Assure APM and Illumio deployed a solution that gained both visibility and agility for audit-ready segmentation. This was achieved without intrusion. “Illumio Core allowed us to maintain the existing network flows and provided endpoint segmentation by managing existing Windows and Linux network tools from a central location.”

“The real-time application dependency map enables us to monitor the flows of traffic across our network, then react and provide insightful segmentation with low risk of impact. This gives us the confidence to say that critical areas of our estate are completely ringfenced and protected. We can categorically identify operational services and the users that are utilising them. Illumio visualises this in a logical manner, led by evidence. This gives me and my security governance team confidence that our assets are well protected at a very granular level.”

Customer Benefits

Ease of deployment with a lightweight agent

“We’re always quite skeptical when another agent does come along. The Virtual Enforcement Node (VEN) didn’t add anything to the network throughput. It has a very small footprint, and we quickly deployed it across all 600-700 servers.”

Cross-environment visibility

“What’s most important is being good at the basics: keeping on top of the environment and keeping detailed knowledge of what the assets are – and that’s from a physical sense as well as the logic data that’s moving across the network. Illumio Core gives us that microscope that oversees all elements in the map.”

Audit-ready compliance posture

The team can quickly confirm granular segmentation with evidence of compliance for auditors, regulators, customers, and internal stakeholders.

Baillie Gifford has enhanced the security of its critical data through the successful deployment of a Zero Trust network security solution provided by Illumio.

quote

Assure APM in partnership with Illumio provides us with our exacting requirements for visibility, control, and enforcement whilst providing a strategic safeguard against ‘east-west’ attacks.

Colin Lennox, Head of Technology and Service Delivery