Healthcare · Academic Health System
Seeing the whole cloud — then segmenting what matters
One of the nation's largest academic health systems needed three things in sequence: complete visibility into a sprawling cloud footprint (including the shadow IT nobody had registered), a mapped and hardened DMZ architecture, and measurably better ransomware resilience through microsegmentation.
Six-figure engagement spanning every department and cloud account
Application-by-application, measured against a ransomware score
Firewalls, ingress/egress flows, and the assets behind each zone
The challenge
Where things stood
Years of departmental autonomy had produced a cloud estate nobody could fully enumerate — sanctioned deployments, research workloads, and unregistered SaaS all coexisting with regulated patient data. You cannot protect what you cannot list.
At the network layer, DMZ configurations had accreted across generations of architecture. Which zones existed, what each protected, and how traffic actually flowed between them was tribal knowledge at best.
And with healthcare's ransomware exposure, flat internal segments meant a single foothold could reach far too much.
What we did
The engagement
Act 1 — Cloud footprint & security inventory
A structured ten-week discovery: stakeholder interviews across departments, API-based cloud posture tooling deployed for automated discovery, and shadow-IT identification. Output: a complete inventory of cloud deployments with security posture, utilization efficiency, and compliance alignment per asset — plus a PKI architecture review feeding the same roadmap.
Act 2 — DMZ inventory & assessment
Every DMZ identified and mapped: the firewalls and load balancers composing each zone, the servers and services behind them, and full ingress/egress traffic-flow architecture documented in network diagrams. Assessment against DMZ best practices produced prioritized hardening recommendations.
Act 3 — Ransomware-score microsegmentation
An embedded engineering seat (pooled resources for continuous coverage) executed application and server segmentation in Illumio — reviewing existing applications for full segmentation, driving selective segmentation projects, troubleshooting policy at scale, and providing architectural guidance. Progress was measured against the platform's ransomware exposure score: a number leadership could watch move.
The outcome
Where things landed
- The health system gained a defensible, complete map of its cloud estate — the prerequisite for every subsequent security decision — and eliminated the unknown-unknowns of shadow IT.
- DMZ architecture went from tribal knowledge to documented diagrams with a hardening roadmap.
- Segmentation progress became quantifiable: a rising ransomware score replaced 'we think we're better' with a metric.
Client identity withheld by design — the same confidentiality we extend to every engagement. Scope, figures, and outcomes are drawn directly from the delivered statements of work.
Want an outcome like this one?
Every engagement starts with a 45-minute scoping call. Straight questions, no pitch deck.
Explore