Sep 10 2020

Nutanix .NEXT 2020: Why Microsegmentation Is Key to Zero-Trust Security

Nutanix Flow automates the deployment of security policies at the application and virtual machine levels.

With the growing recognition that perimeter-based security is becoming obsolete, more businesses are striving to deploy zero-trust security models, in which user-identity management is key. But that requires organizations to rethink their entire approach to security and raises questions about whether they need to start from scratch with a entirely new security stack, or whether existing solutions can be adapted to a zero-trust framework.

At its annual user conference, Nutanix security experts described how to use its application security solution, Flow, to implement virtual machine (VM) microsegmentation, a critical element of any zero-trust approach.

Why is zero trust becoming the gold standard? Because the nature of threats is changing — and so is the nature of business, argued Mike Wronski, a Nutanix product marketing director.

More threats than ever are coming from within organizations, Wronski noted. The Ponemon Institute found earlier this year that insider threats have increased by 50 percent. A zero-trust model ensures that individuals, including full-time employees, gain access only to the  applications they need.

Moreover, network infrastructures become more complicated as businesses grow, leading to increasing configuration errors. “It turns out that a lot of mistakes get made — they’re innocent mistakes, but they increase risk, and it’s out of this complexity that these errors occur,” Wronski said.

Misconfigurations are shockingly common, according to research. Palo Alto Networks discovered that 60 percent of cloud storage services have logging disabled, meaning that threat actors can enter systems without anyone inside an organization ever knowing. And most misconfigurations go unnoticed: When McAfee surveyed more than 1,000 IT professionals, they found that most misconfigurations are unreported.

Finally, Wronski said, too many companies seem to be focused more on breach detection than on prevention, when both should be central to any comprehensive security strategy.

WATCH: Learn how to improve security for the remote workforce, from the experts.

What Is Zero-Trust Security?

All this suggests that a new security model is required. With a zero-trust model, instead of relying on perimeter devices to detect and stop intrusions, policy becomes the perimeter. “Zero trust says, ‘Trust nothing, and assume that something malicious is going to get in, and make sure we have the security controls in place to deal with it,’” Wronski said.

A critical step for deploying zero trust is the expansion of microsegmentation: the practice of segregating different parts of a network from one another so that a malicious actor doesn’t have free rein within a network merely by gaining access to one part of it. Microsegmentation is not new, but businesses must apply granular policy between users and virtual machines when striving for zero-trust security within a hybrid cloud environment.

“So if we no longer have this perimeter defining what’s the data center and what’s not the data center, and everything’s out there in the cloud, and we have all these users and all these VMs talking to each other back and forth, adding in microsegmentation and security policy gives me detailed control over all those areas,” Wronski said.

Automation Is Critical to Zero-Trust Deployments

That’s easy to understand at a high level. But deploying security policies at the individual VM level is no easy trick. Nutanix Flow simplifies the implementation of network segmentation, allowing organizations to easily deploy software-defined virtual network security by enabling the attachment of policies directly to VMs and applications, rather than specific network segments, such as a virtual LANs.

Flow also automates policy updates, Wronski said. “That’s important because I don’t want to have to manually change my policies every time something changes. I don’t want to be working with enumerated lists of IP addresses. So if I’m provisioning new VMs, I want them categorized and policies applied automatically, so a new database gets a database policy and an application tier gets an application tier policy.”

Flow makes that easy because it works with businesses’ existing networks without requiring any new infrastructure, said Nutanix Product Management Director Abhishek Tiwari. “You don’t have to change your underlying infrastructure one bit to start your microsegmentation deployment.”

Whether or not you’re attending Nutanix . NEXT 2020 on Sept. 9 and 10, follow us on Twitter at @BizTechMagazine, or the official conference Twitter account, #NextConf. And keep this page bookmarked for all the coverage from the BizTech team.

Getty Images/Gordenkoff