What is Microsegmentation?

The division of a network into small segments with individual access policies in order to enhance security.

Overview

What it is: In Microsegmentation, networking software divides a network into small units (i.e. micro-segments). These units are then given individual access policies, controlling communication between users, applications and services across that segment: data moving across the network is only visible to authorized endpoints. One simple example could be a policy allowing applications used by HR to access personal employee data but not company business strategy documents.

What it does: Based on the above, Microsegmentation allows security teams to create, and dynamically modify, policies based on how the network is used. This creates a more granular security environment, which can replace, or supplement, old network methodologies in which individual branches of a network each had individual firewalls. This makes it easier for security engineers to deliver on their goals, at the same time delivering more effective network security.

Why it matters: Today’s complex application environments can be difficult to secure, because their complexities open up possibilities for attack, such as, for example, traffic flows between in-house and cloud-based systems. By limiting unneeded lateral movement within a network for example, effective microsegmentation can minimize visibility of data across applications, and stop breaches from going out of control. As well, it can stop inside actors from accessing data they shouldn’t, unintentionally or otherwise.

What to do about it: Ask your security and IT team about current network security measures and the overheads of managing them. For example: can breaches spread unchecked once the network has been penetrated? Is it possible for a given user to access data they shouldn’t be able to? If so, consider Microsegmentation as an answer to these challenges.

Full content available to GigaOm Subscribers.

Sign Up For Free