With the increase in the use of applications, connected and mobile devices, enterprises are constantly facing a surge in cyber threats. The attackers, meanwhile, are using more sophisticated methods to hack into systems, penetrate networks and steal data. Data breaches can cost firms thousands if not millions in fines – let alone the costs associated with reputational damage and losing essential intellectual property. It’s no wonder that network security is one of the key areas of consideration for IT leaders.
With data and applications at the heart of everything enterprises do, IT leaders are contemplating how they can secure these using innovative network security products, while simultaneously modernising their datacentres.
In order to modernise, a number of enterprises have chosen to transition to software-defined networks (SDN), as part of a wider change to a software-defined datacentre (SDDC), and so one of the main areas they must contemplate is how this will change how they’re currently securing their networks.
The answer, quite simply, is to shift the way that the network is secured from physical to virtual.
No longer is securing the perimeter of a business enough; there is some data – sensitive, personal and confidential data – that may require more than just secure end points. Instead, businesses will want to control security within a datacentre, and ensure that if the business does suffer from a breach it can be completely isolated, while a total breach would be made impossible.
Micro-segmentation, can enable organisations to isolate and secure different data and applications. So, if we think of a hacker as if they were shoplifter breaking into a shop, they would only be able to shoplift from the bakery section, as all of the data is divided and protected in individually locked departments. It is a more granular form of segmentation that could stop attackers that are already in your system to move laterally to other systems. Without micro-segmentation, hackers can more seamlessly extract data from across the enterprise – a key concern for many businesses today.
With micro-segmentation, each security zone can have its own firewall rules that can be managed, while fine-grained policies can be placed on each datacentre application down to the workload level. Any application can be moved via the hybrid cloud and the policy will stay there. This means security models can be pushed deep inside a datacentre, which is the ultimate reassurance for customers that their data will remain safe and secure.
Micro-segmentation can enable security settings to be tailored to different types of traffic, meaning only network and application workloads that are permitted to flow across to each other do so. Overall, the key benefit of the technology is to minimise the risk and impact of datacentre security breaches by reducing the attack surface.
Understand the key benefits
There are numerous other reasons to use micro-segmentation too; not least because it does not require enterprises to have already made a transition to a full-scale SDDC. Enterprises can deploy micro-segmentation in their datacentres at a pace that suits them – meaning that they can leverage existing physical network and security infrastructure, and in many cases prolong the use of their existing infrastructure.
Operational efficiency can be streamlined because it is easier to fine-grain segments and reduce the number of firewall rules needed, all while reducing management overheads. Costs can also be cut because there isn’t the need to deploy additional physical firewalls to control the increasing volumes of east-west traffic inside a datacentre, or the need for numerous devices and effort to set up and manage the firewall rules. The level of effort can be reduced from hours to minutes.
There are a number of considerations that enterprises must make, ahead of deploying micro-segmentation, including: what to segment and how, understanding how network traffic flows, and whether a zero-trust approach should be taken all together or on a per-app basis. One thing is for sure – the technology is proving to be a leading solution to counter cyber security threats in an agile way. It’s now time for enterprises to ensure they have the right strategy in place to deploy it.
Micro-segmentation is a core feature of VMware’s NSX network virtualisation platform, which runs on existing network infrastructure. If you’re suffering from many of the same issues described in this blog and would like to find out more, please get in touch.