TTI | Network Security Insights

From Segmentation to Microsegmentation: Navigating the Transition

Written by Craig Badrick | Oct 12, 2017 11:03:00 AM

As enterprise IT becomes increasingly defined by virtualization and cloud computing, network microsegmentation will be the only way to ensure proper information security.

When the lion’s share of digital activity occurs over a network hosted on a company’s on-premises servers, network segmentation is fairly effective. IT teams can use virtual local area networks (VLANs) to create separate artificially constructed IP-based subnetworks, guaranteeing that a breach of one subnetwork won’t automatically lead to a breach of the entire company network.

But for better or worse, this kind of IT landscape is quickly becoming a thing of the past. Virtualization — of servers, operating systems, and networks — has gone mainstream. 85% of enterprises are currently hosting at least some of their IT operations on multiple clouds at once. Traditional methods of segmentation no longer guarantee the level of security they once did, as today’s workloads are constantly floating in and out of firewall-protected subnetworks as they are shifted between different virtual machines (VMs) and software-defined networks.

That’s why forward-looking IT professionals have turned to microsegmentation, a strategy that delivers security that is both powerful and flexible enough to keep up with workloads running across increasingly diffuse virtualized infrastructures.

Adopting Workload-Specific Security Measures

In a traditionally-segmented physical network environment, security is often handled by a hardware-based firewall that regulates access according to a predefined list of IP addresses, policies, and authentication credentials. Such security measures cause problems when a workload is redirected or a device is reconfigured, which can make it difficult to balance persistent security and ease of access.

In 2009, Forrester Research introduced what it called a “zero-trust model” of information security in which security rules and policies are assigned to specific workloads, VMs, or network connections. This highly granular approach to security was the inspiration for what has since come to be known as microsegmentation.

By delegating security responsibilities to individual hypervisors — that is, by microsegmenting their network — an IT team can achieve a virtualized security solution capable of matching the demands of a virtualized network. This ultimately enables network administrators to define security protocols based on the inherent characteristics of a particular workload, including its type (web, application, or database), use (development, staging, or production), and sensitivity level (personally identifiable information, financial information, low-sensitivity, and so on).

These workload-specific security measures enabled by microsegmentation guarantee that shifting data center and network topologies have a minimal effect on the security and functionality of a company’s daily IT operations. Things like network renumbering and server pool expansion are common occurrences in our increasingly virtualized IT environment, and a company’s digital security measures need to continue uninterrupted even in the face of such changes. This is only possible when the security measures are tied to individual workloads, which is why microsegmentation is absolutely essential in the modern IT landscape.

Finding the Right Partner

Though granular, workload-specific security is the most obvious benefit of network microsegmentation, this approach to IT management also improves the end-to-end visibility and control IT administrators have over the devices and workloads running on their networks.

When every unique network access point becomes its own segment, an administrator has the ability to afford preferential treatment to mission-critical workloads, segregate guest users’ activity from employees’ activity, and add supplementary layers of security to keep every workload compliant with ever-shifting external regulations.

Doing this requires extensive knowledge of, and experience with, microsegmented networks. That goes double for companies still in the process of migrating their IT operations to a cloud-based infrastructure, as they will almost certainly need outside assistance in order to design, deploy, support, monitor, and troubleshoot their microsegmented networks.

As the broader IT world continues to gravitate toward virtualization and cloud computing, microsegmentation will increasingly become the only way to achieve the high level of information security that clients demand. At Turn-key Technologies, we are committed to making sure your company doesn’t fall behind your competition on account of an outdated, insufficiently secure network. We provide a host of end-to-end networking solutions, including a free network assessment tool, and have the expertise necessary to help any company navigate the transition from traditional segmentation to microsegmentation.