Industry: Financial Services

Environment: A central data centre with 600-700 servers

Challenge: Adoption of standards thus increasing client confidence – without re-architecting the network

Solution: Gaining audit-ready network visibility and reporting with Illumio’s Adaptive Security Platform® (ASP)

Benefits: Adopting standards to build client confidence that data is securely locked down and compliant with legislations

Customer Overview & Challenge

A team of Baillie Gifford IT specialists led by Colin Lennox, Head of Technology and Service Delivery, embarked on a review of their need for granular assurance of client data protection on an ongoing basis. A further objective was to deliver a higher level of scrutiny than they could provide using traditional segmentation methods. “We were looking for a solution that gave us a deep, insightful view of what’s traversing the network and enabled us to ringfence based on logic rather than subjective high-risk methods”

Re-architecting its network infrastructure was a non-starter. “We would be taking something that was working and potentially break it to secure the environment. We’d have to rework the routing and add lots of complex paths. There was a lot of risk involved, and we found it difficult to justify the expense of costs associated with doing that.”

Beyond the data center, the firm may potentially leverage cloud for efficiencies and to avoid vendor lock-in – but governing the environments consistently was a concern. “We wanted to have a solution that worked across any datacentre and any cloud vendor so that we can treat them as transient services that we can easily move between.”

Illumio Solution

The Baillie Gifford team initially worked with Illumio Gold Partner Assure APM to run a proof of concept, deploying Illumio ASP over a defined subset of the Baillie Gifford environment. Following the PoC success, the Baillie Gifford team along with a team from Assure APM and Illumio deployed a solution that gained both visibility and agility for audit-ready segmentation. This was achieved without intrusion. “Illumio ASP allowed us to maintain the existing network flows and provided end point segmentation by managing existing Windows and Linux network tools from   a central location.”

 “The real-time application dependency map enables us to monitor the flows of traffic across our network, then react and provide insightful segmentation with low risk of impact. This gives us the confidence to say that critical areas of our estate are completely ring-fenced and protected. We can categorically identify operational services and the users that are utilising them. Illumio visualises this in a logical

manner, led by evidence. This gives me and my security governance team confidence that our assets are well protected at a very granular level.”

Customer Benefits

  • Ease of deployment with a lightweight agent: “We’re always quite sceptical when another agent does come along. The Virtual Enforcement Node (VEN) didn’t add anything to the network throughput. It has a very small footprint, and we deployed it across all 600-700 workloads”
  • Cross-environment visibility: “What’s most important is being good at the basics: keeping on top of the environment and keeping detailed knowledge of what the assets are – and that’s from a physical sense as well as the logic critical data that’s moving across the network. Illumio ASP gives us that microscope that oversees all elements in the ”
  • Audit-ready compliance posture: The team can quickly confirm granular segmentation with evidence of compliance for auditors, regulators, customers, and internal
  • Baillie Gifford has enhanced the security of its critical data through the successful deployment of a Zero Trust network security solution provided by Illumio.

Assure APM in partnership with Illumio provides us with our exacting requirements for visibility, control, and enforcement whilst providing a strategic safeguard against ‘east-west’ attacks.

– Colin Lennox
Head of Technology and Service Delivery, Baillie Gifford