Three Advanced Approaches to Microsegmentation
Here are three advanced approaches to microsegmentation that IT leaders should consider:
- Dynamic Adaptive Segmentation: This approach adjusts security policies based on real-time changes in the network environment, according to Pearce. “Device behavior, threat intelligence, and network conditions are the kinds of inputs that drive dynamic changes to segmentation rules,” he says.
For example, if an application experiences a sudden increase in traffic, the application-level segmentation policy can dynamically accommodate the additional traffic at the application level while maintaining security, according to Pearce. “This ensures that the network remains resilient and responsive to changing conditions without compromising on security,” he says.
- Identity-Centric Segmentation: This strategy refers to grouping and segmentation based on what the device is, Moyle says. This can be driven by user population, role or data type processed, he says: “Basically, what a workload is defines how it is segmented and controlled.”
A common element of this approach is role-based access control (RBAC), which “ensures that each user has the minimum necessary privileges to perform a job, thereby reducing the risk of unauthorized access and limiting the potential negative impact of a compromised account,” Pearce says. It also supports compliance efforts and is the segmentation strategy most often used in identity and access management (IAM).
- Cloud-Native Segmentation: This strategy leverages the scalable nature of cloud services, Pearce notes, involving segmentation strategies for cloud-based applications and services. “By segmenting microservices within a cloud-native application, organizations can control communication between services, preventing unauthorized access and limiting the blast radius in the case of a security incident,” he adds.
READ MORE: See how businesses are keeping their endpoints secure.
Use Cases for Microsegmentation
Moyle says that any segmentation (micro or otherwise) can be “part of a security strategy based on use case, architecture and other factors.” He notes that microsegmentation itself isn’t an end goal for security, and that IT leaders should instead see it as “a mechanism that’s part of a broader holistic strategy.”
That said, many factors go into a successful microsegmentation implementation, namely careful planning.
Microsegmentation goes hand in hand with setting up granular security policies. It also relies on continuous monitoring, evaluation and user education awareness, Pearce says.
Successful microsegmentation also requires automation, incident response orchestration and cross-team collaboration.
None of that is sustainable without a solid, well-maintained network architecture map. “Last, but not least, strong audits and policy reviews are critical to ensure that the segments actually work as intended,” Pearce says.
UP NEXT: Enhance security across your enterprise.
How Does Microsegmentation Relate to Zero Trust?
In some cases, microsegmentation can work against zero trust, Moyle says.
For example, defining zones that have different levels of trust works against zero-trust foundational principles. “This is because a core tenet of zero trust is to assume that all zones are potentially already compromised,” he says.
However, in other contexts, microsegmentation can support zero-trust architectures. One example is when an organization uses identity-based segmentation to separate out workloads or devices based on their function, Moyle says: “Under this model, you could require more or fewer levels of assurance based on what the workload is for.
“In conjunction with RBAC, an account may therefore be trusted in one segment but not trusted in any other segment, thereby maintaining the zero-trust principle,” Pearce adds.
