Telhio Secures Its Growth With Illumio

Who likes mergers and acquisitions? Not technology managers. For them, these big deals create significant IT challenges from the rapid introduction of new networks and new applications.

Take Telhio Credit Union. Formed in 1934, this financial institution based in Columbus, Ohio provides banking, loans, wealth management and other services to residents and businesses in the region.

Over the last five years, Telhio has grown rapidly from mergers. These deals raised Telhio’s asset base from approximately $700 million to $1.3 billion and elevated the company to Ohio’s fourth largest credit union.

The mergers, though good for growth, created IT complexity. By adding in new computing systems from acquired companies, Telhio’s security exposure also increased significantly.

With an IT team of only 15, Telhio has to be strategic (read “efficient”) in how it invests in technology and manages staff time, says David Ault, Telhio’s vice president of information security.

From a security standpoint, stopping the spread of ransomware and other cyberattacks across the networks and devices of its acquired companies became a clear priority.

“We needed a way to safeguard our back-office operations and retail banking applications in case of a breach,” Ault says. “Most organizations are able to defend the network perimeter, but I found it was extremely difficult to use traditional network firewalls to secure individual servers and workstations at scale.”

Ault recognized that protecting Telhio’s more than 120 data center servers and 500 employee workstations (physical and virtual) would be nearly impossible with his current stack of antivirus software, networking tools, application monitoring consoles, and other security staples.

To effectively enforce Zero Trust, Ault needed an easy way to implement microsegmentation across the credit union’s IT environment, something that historically has been difficult to build and manage.

In his search for a better way to stop breaches from spreading through Telhio’s IT systems, Ault conducted an initial test of Illumio Core on 20 servers and Illumio Endpoint on 70 workstations. The results were very convincing, Ault says.

“In the 23 years I’ve been in the IT industry, I’ve seen only three products that lived up to the marketing hype,” he says. “Illumio is one of them.”

That initial experience convinced Ault to roll out Illumio full scale.

“If we have just a few assets to protect, it’s not a big deal,” Ault says. “But as we grew, the number of application workloads to protect quickly became unmanageable. With Illumio, we can set specific policies, then easily expand those out to each type of workload on our network.”

Ault also wanted a product that wouldn’t interfere with his network stack. Again, Illumio fit the bill. Its agent essentially monitors from the side, independent and out of the way of network traffic.

Now that Illumio is almost fully deployed at Telhio, Ault has been impressed by the speed and ease of the platform.

“It’s been amazing to see what Illumio can do,” Ault says.

Illumio, for example, lets him test the impact a new policy on his applications and network operations before those policies are actually implemented.

“That’s what really differentiates Illumio from other products,” Ault explains. “Being able to test Zero Trust policies before deploying is huge. It helps us ensure application owners that nothing bad will happen when we turn on segmentation controls.”

Thanks to Illumio’s real-time visibility into application traffic, Ault can also easily see which servers and workstations are connected, which ports are being used, and if there is any unauthorized communications going on.

“Before Illumio, we had only a slim idea of what kind of communications were running across our network,” says Ault. “But with Illumio, we clearly see exactly what’s connecting to individual endpoints.”

“Thanks to Illumio, we’ve been able to grow as a business without also increasing our security exposure,” Ault adds. “That’s all I could ask for.”