Micro-Segmentation: A Better Way to Defend the Data Center

 
 
By Chris Preimesberger  |  Posted 2015-07-28
 
 
 
 
 
 
 
 
 
  • Previous
    1 - Micro-Segmentation: A Better Way to Defend the Data Center
    Next

    Micro-Segmentation: A Better Way to Defend the Data Center

    eWEEK examines the top 10 reasons why micro-segmentation can provide greater security than conventional approaches within the data center.
  • Previous
    2 - New Security for East-West Traffic
    Next

    New Security for East-West Traffic

    The legacy security model is hard on the outside but soft on the inside. Once attackers get through perimeter security, they have easy access to internal infrastructure, workloads and data, exfiltrating sensitive and valuable data without check. Micro-segmentation combats this access by securing workloads, data and data access at the source, providing deep internal security of corporate and consumer data where it resides.
  • Previous
    3 - Zero Trust Security
    Next

    Zero Trust Security

    In the micro-segmentation model, there is no default trust for any entity—users, devices, applications and network—regardless of placement or location. The entire mechanism is based on denying all communication until explicitly allowed (via explicit policies) and permitting only what is necessary from trusted sources. This ensures protection from lateral or horizontal infiltration.
  • Previous
    4 - Application-Aware Security
    Next

    Application-Aware Security

    Micro-segmentation policy groups are generally created based on application tiers, workload profiles, placement zones and other factors. They are not based on rigid IP addresses or subnets. Policies also are enforced right at the virtual machines or containers hosting the application tiers. Workloads and data access are secured at the source as an application-centric security model.
  • Previous
    5 - Fine-Grained Network Control
    Next

    Fine-Grained Network Control

    Perimeter security is a heavy hammer approach. If a certain asset or group of virtual machines is deemed more vulnerable than others, micro-segmentation allows for fine-grained firewalls and security policies to be deployed, ensuring a greater level of security on the most important data center assets while allowing flexibility for others.
  • Previous
    6 - Deep Protection by Isolation
    Next

    Deep Protection by Isolation

    In the event of a breach, micro-segmentation promises to isolate and quarantine the infected machines and devices, thus containing the breach to a smaller fault domain and preventing unfettered lateral access to uncompromised systems and data. IT can focus its efforts on the compromised assets to identify the vulnerability while the remaining network continues to work unabated. All this happens seamlessly in real time.
  • Previous
    7 - Define Once, Deploy Multiple Times
    Next

    Define Once, Deploy Multiple Times

    With proper micro-segmentation planning, security groups, their membership, their hierarchy and inheritance can all be specified centrally and pre-provisioned. At runtime, virtual machines and workloads simply inherit the proper membership and policies, regardless of when and where they come to life within the data center.
  • Previous
    8 - Enhanced Mobility of Workloads
    Next

    Enhanced Mobility of Workloads

    Micro-segmentation enables greater mobility of workloads, within the data center and into the cloud. Firewall rules move alongside the virtual machines as they run from host to host and between clouds, ensuring consistent protection at all times. This enables operators to better eliminate vulnerabilities and enact preventative measures ahead of the hackers.
  • Previous
    9 - Improved and Automated Firewall Management
    Next

    Improved and Automated Firewall Management

    Coupled with the right monitoring and operational model, micro-segmentation provides data center operators with deeper visibility into security posture and helps automate maintenance. If a particular virtual machine gets deleted, the firewall rules associated with that VM get deleted as well. This in turn ensures that the firewall rule base is kept up to date and uncluttered with unused, unwanted rules and updates that become increasingly hard to decipher.
  • Previous
    10 - DevOps Alignment
    Next

    DevOps Alignment

    Micro-segmentation allows application owners to be responsible for their own app's security while allowing them to see only what they are entitled to see. This allows operators to analyze and manage applications more effectively and efficiently, without being granted universal control. These specific security clearances can prevent insider attacks and interference by barring actors from moving beyond individual purview.
  • Previous
    11 - High Agility and OPEX Efficiency
    Next

    High Agility and OPEX Efficiency

    Breaches in data centers can remain undetected for extended periods of time. Micro-segmentation enables the data center to be far more agile and quick to react with the ability to identify the breach almost immediately and to contain it within a narrow fault domain. At the same time, its multiple layers of security help to slow the attack's spread and enable operators to lock down the hacker and secure uncompromised data at a faster rate. It's a more agile, cost-effective approach to security.
 

East-west (machine-to-machine) data movement is increasing in volume as workloads become movable and thus more demanding on their infrastructures. At the same time, perimeter-only, firewall-based security has proved weak in a world of advanced cyber-attacks. Evolving security models, such as software-defined and distributed firewalls, are beneficial, but they also create new management complexities. In these environments, IT teams are finding it difficult to deploy a tight approach to security. To improve security profiles, organizations are now turning to techniques such as micro-segmentation to amplify and distribute current defenses. Micro-segmentation divides a network into smaller zones and provides protection by making security adaptive and multilayered. It provisions services closer to the applications, between application tiers and even to the machines within tiers. In this slide show, citing resources from eWEEK archives, a whitepaper from VMware and industry perspective from Arkin's Mahesh Kumar, we examine the top 10 reasons why micro-segmentation can provide greater security than conventional approaches within the data center.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel