Now, segmentation is not just easier to manage — it’s also stronger. Where firewalls control inbound traffic to servers, Akamai Guardicore Segmentation can also control outbound traffic from servers — a protection called “egress blocking” — because it includes software that’s installed right on the servers.

“Egress rules are a nightmare to figure out on firewalls, so before we just didn’t do it,” the IT staff member says. “With Akamai it’s simple, and it’s another way to keep infections from spreading.”

The team also likes that Akamai helps them check that rules are working. With a glance at a visual map, they can see which connections are happening and which are blocked. Previously, they would have had to log into all 250 servers and look at firewall hit counters — which would’ve taken time they didn’t have.

The IT team is getting kudos for improving the user experience while tightening security. Say a prospective student logs into the Admissions application at 8:00 PM to check application status and financial aid eligibility, and AWS had moved the underlying database to a different server at 7:59 PM. When communications between the application and database depended on firewall rules, the student might have seen a message to try again later. With Akamai Guardicore Segmentation, the student sees up-to-date information regardless of all that IP address shuffling in the cloud and gets a great first impression of the university.