How Marriott Vacations Safeguards Its Data and Global Operations with Illumio

A Commitment to Seamless Vacations and Trusted Security
Marriott Vacations Worldwide isn’t just a hospitality brand. It’s a global business built around real estate ownership, travel, and leisure. With more than 120 resorts across over 90 countries, the company serves more than 700,000 owner families and connects travelers to a network of 3,200 affiliated resorts. Its mission is clear: deliver secure, unforgettable vacations at scale — every time, everywhere.

Behind the scenes, a complex digital system supports every step — from booking and excursions to property sales and financing. That system has to be secure, always available, and compliant with regulations in every region where it operates.

“We want guests focused on the beach or the mountains — not on whether their data is safe. They should never have to think about it,” said Nestor Cabrera, VP of Global Information Security Architecture.

That commitment led Marriott Vacations to Illumio — and a Zero Trust approach that protects critical systems, contains threats, and delivers real-time visibility across every property and platform.

Unlike many hotel chains, Marriott Vacations owns and operates its resorts. That means it manages everything — lodging, ownership, financing, and third-party sales. Its tech stack includes legacy systems, cloud platforms, SaaS tools, mobile apps, and thousands of endpoints.

“It’s a global enterprise with localized complexity,” Cabrera explained. Every resort has its own setup. Each country brings its own compliance regulations. That makes cybersecurity both vast and complex — and visibility across it all was a challenge.

The complexity of Marriott's infrastructure made a Zero Trust approach not just ideal, but necessary. Instead of relying on assumptions or legacy trust models, the security team needed a framework that assumed breach and enforced strict access controls everywhere.

Before Illumio, the team relied on assumptions. It couldn’t always tell what was active, connected, or vulnerable.

A Security Strategy Rooted in Zero Trust

In 2019, Marriott Vacations began planning for Zero Trust. Microsegmentation became central to the plan. With Illumio, the team segmented its critical systems. Then, it added Illumio to gain visibility beyond the data center.

“We didn’t know what we know now… it was always a difficult question to answer,” Cabrera said. “‘What do we have? What don’t we have? What’s active, what’s inactive? What’s talking to what?’” Illumio gave Marriott the full picture while enabling them to prevent lateral movement through the environment

Visibility That Uncovered the Unexpected

When the team rolled out Illumio at a legacy resort in St. Kitts, it found more than it expected. One device was sending traffic to a suspicious external server. It turned out to be a crypto miner.

Illumio flagged the threat and blocked the activity. That visibility helped the team respond fast — and avoided a real-world security event. “We would never have caught it without Illumio,” Cabrera said. “It was a real-world example of visibility saving us from a threat.”

Simplicity and Value for the Entire Organization

Illumio strengthened and simplified Marriott’s security. It also helped teams outside of security. Infrastructure and operations teams began using Illumio to understand traffic, fix issues, and make better decisions. With more teams onboard, Marriott is building a security-first culture where security isn’t just an IT issue. It’s a business issue. “It’s not just segmentation — it’s intelligence,” Cabrera said. “We answer questions for leadership every day using Illumio.” And it all happened without friction. As Cabrera puts it: “It just works. It sits there quietly doing its job — exactly what good security should do.”

‍

Results and benefits

Real-time visibility across the global network
The team can now monitor system activity and traffic with pinpoint precision — and respond faster than ever.
‍

Zero Trust enforcement at scale
Illumio helps enforce segmentation policies across data centers, endpoints, and resort operations worldwide.
‍

Business resilience without compromise
Marriott Vacations strengthened its security posture while maintaining uptime and the guest experience.
‍
Enterprise-wide alignment
Other teams — from operations to infrastructure — now use Illumio’s insights to improve performance and planning.

‍