The Honey Baked Ham Company is a leading American food producer and retailer, providing high quality products for families nationwide since 1957. Honey Baked Ham needed to improve the security posture of 45 critical applications that access sensitive customer information. The organization wanted to prevent unauthorized access to these systems and take more proactive steps to minimize the impact of potential breach incidents. Simultaneously, it was important that new protective measures not disrupt key business workflows.
PCI-DSS compliance
Honey Baked Ham is also subject to PCI-DSS compliance, which mandates (among other things) isolating specific assets storing, processing, or trans-mitting cardholder data. The company needed a segmentation approach that would ensure its compliance, reduce its risk levels, and protect its brand reputation if breached by preventing lateral movement of bad actors.
Environmental factors
The business needed to secure a mix of application servers and SQL databases running on both bare-metal server clusters and VMware virtual machines. Isolating individual applications in this heterogeneous environment using traditional techniques would require a substantial investment in new firewall appliances, as well as require many months of work.
Firewall failure
Initially, the business attempted segmentation with legacy firewalls. Unfortunately, the legacy firewalls fell short in terms of visibility and insight into activity in the environment, including communication flows between servers and applications.
“With traditional tools, segmentation is extremely difficult,” noted David E. Stennett, Senior Infrastructure Engineer on the security team at the Honey Baked Ham Company. “How do you even organize what you’re going to divide into different segments? How do you know what needs to go with what, what’s talking with what, or if it needs other things talking to it?”
The firewalls also did not provide adequate security controls or the granular segmentation that Honey Baked Ham needed. Moreover, the organization wanted a solution that offered threat detection and response capabilities to stop unauthorized activity, and this was not in the scope of what the legacy firewalls provided.
Cost and time losses
Another major factor in the organization’s change of approach was the fact that the legacy firewalls were expensive and required too much downtime to implement. In addition, the implementation process would consume three full-time resources.
“The cost of using traditional firewalls was going to be outrageous and the time was going to be more than the business wanted us to commit to,” said Stennett. In fact, the company’s effort to secure its applications was completely stalled by an untenable $1 million total price tag, two-year timeline, and downtime requirements.
Microsegmentation saves the day
InterDev, a partner, introduced the microsegmentation solution to Honey Baked Ham as an alternative to physical segmentation.
Honey Baked Ham deployed Akamai Guardicore Segmentation software agents both on-prem and in the cloud. The granular visibility and application dependency mapping Akamai Guardicore Segmentation provided quickly showed how Honey Baked Ham’s applications communicated with other IT assets at the process level. The team was then able to use this data to map application dependencies and create software-defined boundaries around the business’ most sensitive applications.
"I get real visibility and can actually see who’s connecting to what applications and servers,” said Stennett. “I have better and more control to segment, AND it’s cheaper? This is a no brainer.”
Huge cost reduction
With Akamai Guardicore Segmentation, Honey Baked Ham was delighted to reduce upfront costs by 50% by avoiding new firewall appliance purchases. Honey Baked Ham estimated that using software-based segmentation instead of legacy firewall appliances reduced the total cost of their application security initiative by 85%, from over $1 million to less than $160,000.
Ease of use
The simplicity of a software-based segmentation approach made it possible for one security architect to complete the entire segmentation project in a mere six weeks without any application downtime, a significant change from the previously estimated two years with the firewall approach.
Since Akamai Guardicore Segmentation doesn’t require hardware and is independent from the underlying infrastructure, it was simple to manage. Honey Baked Ham easily developed and deployed policies that crossed all environments, on and off premises. As Stennett said, “With Akamai Guardicore Segmentation, I can see all that traffic in one place. I can see all my rules in one place. I can manage everything from one place.”
Massive time savings
“With Akamai Guardicore Segmentation, we were not only able to secure 45 applications without interruption in just six weeks, we also got a more agile, cost-effective, and secure solution than our legacy firewall provider,” said Stennett. Ultimately, Honey Baked Ham was able to accelerate implementation timeline by over 15x — without system downtime, infrastructure changes, or business disruption.
With Akamai Guardicore Segmentation, we were not only able to secure 45 applications without interruption in just six weeks, we also got a more agile, cost- effective, and secure solution than our legacy firewall provider.
David E. Stennett, Sr. Infrastructure Engineer, The Honey Baked Ham Company
Protection and compliance
The ability to create and enforce segmentation policies at the process-level significantly improved Honey Baked Ham’s security posture, as well as ability to meet PCI-DSS technical requirements. Honey Baked Ham also utilizes Guardicore’s robust threat detection and hunting capabilities, strengthening its security posture across the board.
“What I’ve been most impressed with is the information I can get out of the system. I can see all the traffic,” continued Stennet. “I can see all blocked traffic if I want to. I can see traffic that’s unusual. I can see traffic that’s trying to go between two locations where it shouldn’t, so I can pick up potential outbreaks just from things that aren’t succeeding, instead of having to wait until they succeed and then trying to figure out where they started.”
Confidence in security success
All in all, the stakeholders across Honey Baked Ham are very happy with the revamped security program. Stennett feels confident that they will be able to keep risk at a minimum and easily manage policy changes moving forward.
“Our cross-traffic exposure is hugely reduced, IT management is ecstatic, and our Board of Directors is amazed,” concluded Stennett. “With Akamai Guardicore Segmentation in place, I sleep much better at night. MUCH better. It’s made a world of difference in our environment.”
About The Honey Baked Ham Company
Founded in 1957, The Honey Baked Ham Company, LLC is a premium food retailer with over 450 locations nationwide, as well as an e-commerce site. Over the years, HoneyBaked has effortlessly marked the moments that matter for families across the country. Best known for its signature spiral-sliced Honey Baked Ham® with a sweet and crunchy glaze, The Honey Baked Ham Company offers delicious, fully-cooked hams and turkey breasts sourced exclusively from American farmers. They also offer, heat-and-serve sides, lunch, catering and desserts.
About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world’s most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai’s security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.
