A team of Baillie Gifford IT specialists led by Colin Lennox, Head of Technology and Service Delivery, embarked on a review of their need for granular assurance of client data protection on an ongoing basis. A further objective was to deliver a higher level of scrutiny than they could provide using traditional security segmentation methods. “We were looking for a solution that gave us a deep, insightful view of what’s traversing the network and enabled us to ringfence based on logic rather than subjective high-risk methods”
Re-architecting its network infrastructure was a non-starter. “We would be taking something that was working and potentially break it to secure the environment. We’d have to rework the routing and add lots of complex paths. There was a lot of risks involved, and we found it difficult to justify the expense of costs associated with doing that.”
Beyond the data centre, the firm may potentially leverage cloud for efficiencies and to avoid vendor lock-in – but governing the environments consistently was a concern. “We wanted to have a solution that worked across any datacentre and any cloud vendor so that we can treat them as transient services that we can easily move between.”
The Baillie Gifford team initially worked with Illumio Gold Partner Assure APM to run a proof of concept, deploying Illumio ASP over a defined subset of the Baillie Gifford environment. Following the PoC success, the Baillie Gifford team along with a team from Assure APM and Illumio deployed a solution that gained both visibility and agility for audit-ready segmentation. This was achieved without intrusion. “Illumio ASP allowed us to maintain the existing network flows and provided endpoint segmentation by managing existing Windows and Linux network tools from a central location.”
“The real-time application dependency map enables us to monitor the flows of traffic across our network, then react and provide insightful segmentation with low risk of impact. This gives us the confidence to say that critical areas of our estate are completely ring-fenced and protected. We can categorically identify operational services and the users that are utilising them. Illumio visualises this in a logical manner, led by evidence. This gives me and my security governance team confidence that our assets are well-protected at a very granular level.”
- Ease of deployment with a lightweight agent: “We’re always quite sceptical when another agent does come along. The Virtual Enforcement Node (VEN) didn’t add anything to the network throughput. It has a very small footprint, and we deployed it across all 600-700 servers.”
- Cross-environment visibility: “What’s most important is being good at the basics: keeping on top of the environment and keeping detailed knowledge of what the assets are – and that’s from a physical sense as well as the logic critical data that’s moving across the network. Illumio ASP gives us that microscope that oversees all elements in the map.”
- Audit-ready compliance posture: The team can quickly confirm granular segmentation with evidence of compliance for auditors, regulators, customers, and internal stakeholders.
- Baillie Gifford has enhanced the security of its critical data through the successful deployment of a Zero Trust network security solution provided by Illumio.