How IT Works: Microsegmentation

 

December 18, 2016

Whether protecting sensitive information, intellectual property, or just safeguarding against attacks, every IT department must devote some resources to data security. Traditionally, this takes the form of a sophisticated firewall which operates as a gatekeeper to the environment. Any data that wants to enter or leave the network must pass through this screening process to receive clearance. If the firewall deems the file to be malicious or untrustworthy, it is stopped.

Firewalls are an effective way to regulate traffic coming and going from the network, but they are hardly foolproof. There is a saying in data security; security systems need to be right 100% of the time, but a hacker only needs to be right once. Inevitably, a firewall is going to have holes in it, and inevitably, a hacker will find a way through those holes. What is left to stop them once they are inside? For some environments, the answer is unfortunately nothing.

One strategy for providing security to the interior of the network is microsegmentation, and it can be achieved with software defined networking (SDN) products like VMware NSX.

 

What is Microsegmentation?

Segmentation is the practice of dividing the network into different tiers and installing a physical firewall or router designed to allow or forbid access to specific segments. Common segmentation strategies include an application segment, a web segment, and a database segment. Segmentation is a useful strategy and leads to a more robust security system, but there is still room to improve.

 

The Zero Trust Model and Microsegmentation

Forrester Research developed a concept known as the “zero trust” model of data security. It states that security policies should not simply be applied to the environment as a whole or large segment groupings but to everything. Every workload, every application, everything in the network must be protected. Without this strategy, a network is on some level “trusting” their network traffic to be innocent and benign. Microsegmentation is the process by which this “zero trust” model is achieved, and it drastically increases the number of segments in play in the network.

Microsegmentation effectively makes each virtual machine (VM) on the hypervisor their own individual segment. Therefore, each and every virtual machine is protected by their own firewall. If a malicious file did manage a way through the environment firewall and onto a virtual machine, the file can get no further without having to once more pass through a firewall.

Trying to create microsegmentation manually by dedicating specific physical firewalls and routers to virtual machines or bare-metal servers would be a time consuming and expensive process. However, with software defined networking solutions like VMware NSX, the environment is virtualized. This enables a network administrator to establish microsegmentation by creating “security policies” tied to each VM.

 

Escalation and Data Security

Microsegmentation is a powerful strategy for protecting the network, but it is important to remember why security administrators developed it in the first place. There is an ongoing arms race between data security professionals and hackers, and their back and forth competition has led us here. Microsegmentation is effective now and will one day become as commonplace as the standard firewall but it will never be truly enough. It is only a matter of time before malicious agents find reliable work arounds. For this reason, network administrators must always be fortifying their network security with the latest solutions, and that is not likely to ever change.

 

Download Our FREE White Paper

Microsegmentation should not be ignored as a compelling use case for SDN solutions, but it is only one component of a much larger concept. Learn more about software defined networking and all the ways in which it can improve your IT environment in our FREE white paper, Modernizing Your IT Environment with Software Defined Networking.”

Like what you read? 

SUBSCRIBE

About Mindsight

Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.

Contact us at GoMindsight.com.

For Further Reading

SDN, ACI, and Micro-segmentation, Oh My!





Related Articles

View All Blog Posts

Contact Us
close slider

GET IN TOUCH WITH US

Fill out the form below to get the answers you need from one of Mindsight's experts.