The rise in hybrid-cloud data centers, SaaS and IaaS, and virtualization has led to a complex IT infrastructure which is difficult to secure. In response, micro-segmentation is fast becoming security best practice for businesses working in these kinds of dynamic environments. The value this technology provides is varied, from zone segmentation, to application isolation or service restriction.
One important point to consider is whether to choose an approach that is network-centric or application-centric.. While a network-centric approach manages traffic by network choke points, third party controls or network enforcement, an application-centric approach deploys agents onto the workload itself. The latter approach gives advantages such as better visibility, increased opportunity to scale, and is an entirely infrastructure agnostic technology. In order to be future-ready, the right choice will provide coverage for any environment, from legacy systems, bare metal servers and virtualized environments, to containers and the public cloud.
The unparalleled visibility you gain with an application-centric model is what will ensure that you don’t fall into the most common trap when it comes to micro-segmentation – over-segmenting your applications. Best practice is to start with what we call ‘early wins’. These will have obvious business need at their core, and be simple segmentation policies that can be put into place and create immediate value. Examples could be as simple as separating environments such as production and development, or meeting compliance regulations by securing critical data or applications.
Lastly, best practice involves looking outside of micro-segmentation alone to see where complementary controls can strengthen your security posture overall. Breach detection and incident response are two great examples that can work seamlessly with micro-segmentation and are powerful to utilize in an all-in-one package. Without these, your business is left attempting to force third-party solutions to work in harmony without gaps or increased risk – a truly tall order, and an administrative hassle that you don’t need to settle for.
Thinking about these micro-segmentation best practices at the outset of your project can lighten the load of implementing this game-changing technology, ensuring that the common stumbling blocks are taken care of from the beginning.