Fortune 100 Bank Averts Audit Crisis Through Environmental Separation with Illumio

When failure was not an option – and neither was shifting infrastructure or re-architecting its network – this global bank turned to host-based segmentation.


Industry: Financial Services

Environment: Nearly 17,000 non-production workloads within a global trading bank

Challenge: Executing high-stakes environmental separation under a compliance mandate without re-architecting the global network

Solution: Separating development from production with Illumio’s host-based segmentation, intuitive interface, and simplified reporting

Results: Meeting business and compliance requirements under deadline with a sustainable operations model – and no network intervention

Customer Overview & Challenge

A Fortune 100 bank faced compliance violations for its inadequate ability to prove separation of development and production environments. Potential penalties included heavy fines and cessation of its ability to trade on the Nikkei exchange. The bank’s business, credibility, and reputation were at stake.

They failed an audit after executing millions of dollars worth of trades and were under pressure to deliver by a specific timeline. The risk of repeated audit failure was everyone’s problem, but the bank didn’t have a clear solution. Network-based solutions meant reconfiguring a major portion of the network and involved a heavy burden of infrastructure upgrades and re-IPing. The significant fiscal and operational expenses of this approach were untenable – as was the service outage to the business.

Illumio Solution

Aside from financial and operational impacts of re-architecting the network, the mechanics of segmenting development from production wouldn’t work. With a large number of multi-tenant hosts running multiple instances of the same process, VLANs were ineffective. Software-defined networking solutions could not be deployed successfully. The last option was moving development, but no one could explicitly define what development was, and the risk of breaking production was too great.

The bank’s infrastructure team saw the need for a host-based solution leveraging native application firewalls that follow the workload regardless of where it runs. But when they attempted a homegrown solution leveraging iptable batching, they struggled to scale it in the Windows portion of their environment.

The bank chose Illumio Core™ (formerly ASP) for its ability to segment development from production environments without requiring network changes. It is now fully automated and operated overseas by less than one full-time equivalent employee.

Customer Benefits

Avoid re-architecting the network

Host-based segmentation delivered consistent security that follows the workloads wherever they run – with no impact on the bank’s network.

Meet compliance mandates quickly

Illumio Core was deployed reliably and just in time for the bank to meet compliance deadlines and prove their security posture to auditors.

Promote sustainable operations

Illumio Core's intuitive design supports ongoing lean operations, with automation that helps reduce the risk of manual error.

Improve IT efficacy

With new visibility from Illumio’s application dependency map, Illumination, IT was able to clean up their CMDB to be far more accurate.