Editor’s note (September 2019): We updated this post with additional resources/links about multicloud networking.
One of the most hyped use cases of software-defined networking (SDN) is micro-segmentation — and for a good reason. With solutions such as VMware NSX, micro-segmentation promises several high-value business outcomes. These include modern security, seamless operations and optimized user experience.
Learn the key three reasons why you should consider micro-segmentation for your organization:
1. Modern cybersecurity requires modern approaches
Traditional cybersecurity relies heavily on maintaining a robust, perimeter-level defense. This leverages firewalls to keep unwanted visitors out of the data center. But just like a medieval castle, this “castle and moat” approach is only effective so long as it isn’t breached.
Once a bad actor gets in, firewalls do little to stop them from moving laterally across databases and applications. Security professionals call this internal traffic “east-west.” “North-south” traffic is anything coming from outside your firewall.
Modern day threats, such as the Wannacry ransomware attack, prove that lateral, “east-west” vulnerabilities can be catastrophic. The problem is that too many businesses overlook this lateral security flaw, or just don’t know it exists. Generally, up to 80 percent of IT security budgets goes to north-south perimeter security. Meanwhile, up to 70 percent of all data center traffic goes to lateral, or east-west security.
While facing growing security threats, organizations see micro-segmentation as a solution to close this dangerous gap.
Unlike castles, micro-segmentation solutions, such as NSX, are more like modern hotel security. A robust firewall is still necessary, just such as a hotel often employs a front-line security guard. However, even with a prepared staff, the hotel is still vulnerable to attacks. For example, if intruders slip past the security guard in the lobby, they still need a key card to access the rooms and valuables items inside.
Just like our hotel key card analogy, micro-segmentation uses software-defined networking and virtualization to wrap each application, workload and database with its own virtual firewall. In order to move laterally, workloads must receive explicit permission, which can pre-defined and configured by the virtual network administrator. As a result, micro-segmentation greatly reduces your surface of attack and disarms intruders – even if they get through the front door.
2. Operationalizing modern security
Micro-segmentation also gives network administrators the tools to move quickly and efficiently. It helps them enact security policies on an enterprise scale and across intricate cloud and virtualized environments.
This is how it works: instead of manually configuring access policies for each individual workload and user, micro-segmentation lets you group, scale and automate policies. Admins are now able to gather workloads, applications and user profiles in an easier and simpler fashion. Each can have a pre-determined, role-specific set of rights and restrictions. For example, users in human resources only need to access a small set of applications. In the meantime, users in finance, marketing and sales will have distinct requirements.
These policies are automatically enforced whenever a new user is created, moved or deleted. Admins are also able to combine multiple groups, enacting broad, umbrella policies across a set of groups – a method VMware likens to a “3D firewall.”
The bottom line is that micro-segmentation removes inefficient and manual processes. In exchange, it provides a speedier way to automate network security management.
3. Improving user and employee experience
Last but not least, micro-segmentation helps IT deliver better end-user experiences in the workplace.
Not only does NSX give admins powerful tools to monitor and manage access, it also allows end users to get the right information, at the right time. This is because policies can be automated to follow users as their roles evolve within the business. Thus, there is no downtime waiting on IT to deliver access to critical apps and information.
From employees to contractors to third-party collaborators, micro-segmentation eliminates the friction for workers in a cloud-enabled, mobile world.
How to get started with micro-segmentation?
How much of your traffic is flowing east-west versus north-south? How do you get insight on your virtual machines, users and behaviors? How would you prevent a bad actor from doing damage, if they could get past your “castle walls”?
Start building your technology roadmap and identify vulnerabilities. Our upfront virtualization and networking assessments provide the data-driven insights to develop an effective plan.