Large organizations are dedicating security and IT resources to craft a micro-segmentation strategy for all workloads across internal networks and public clouds Micro-segmentation is nothing new. We starting talking about the concept a few years ago with the onset of software-defined networking (SDN) technologies such as OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation that organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs), etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research:68% of enterprise organizations use some type of software-based micro-segmentation technology66% of enterprise organizations use physical firewalls66% of enterprise organizations use virtual firewalls56% of enterprise organizations use ACLs on switches and routers56% of enterprise organizations use IP subnetting53% of enterprise organizations use VLANs/VXLANsNow, there’s nothing wrong with using multiple technologies for network segmentation, but this tactical approach does come with some baggage. There’s the obvious issue around network complexity with layers of network segmentation rules implemented across multiple technology layers. Then there’s the overhead of managing long lists of ACLs and firewall rules. Many network segmentation technologies are inflexible, so it takes time to translate business, compliance and security policies into actual enforcement rules. Oh, and there’s a financial issue, too—it costs a lot of money to purchase, deploy, operate and maintain an army of network segmentation devices.Finally, there’s a people issue here, as well. Large organizations employ specialists to manage all this network segmentation technology. Heck, I once had a meeting at a large Wall Street bank where I sat in a conference room with a team of people whose only job was to manage data center ACLs. 4 objectives of micro-segmentation projectsWith the rise and success of micro-segmentation technology, some large organizations realize that it is time to address their network segmentation morass head-on. Many firms have begun enterprise micro-segmentation projects, driven by four objectives:Propagate micro-segmentation far and wide to enforce the principle of least privilege. This is intended to create many more network segments in order to decrease the network attack surface and thus reduce overall business/IT cyber-risk. SDN/NFV software tools make this possible. Centralize network segmentation policy. This can help ease the complexity described above by aggregating firewall rules, ACLs, VLANs, etc. into a single policy engine.Support the need for IT agility. Security teams have used micro-segmentation to keep up with agile development processes and DevOps for public cloud workloads. They want to extend this model as their organization adopts hybrid clouds, heterogeneous public clouds and containers.Cut costs. Data center micro-segmentation projects often introduce the opportunity to rip out millions of dollars of network hardware, including racks of data center firewall appliances. Just who is responsible for these enterprise micro-segmentation projects? Large organizations usually dedicate a network security engineer to lead the effort. Smaller firms tend to delegate micro-segmentation projects to a collective team involving security and network operations. Micro-segmentation projects won’t change the world overnight. Not surprisingly, many organizations are playing around with multiple micro-segmentation technologies, and it will take them a while to pick the winners. It will also take time to sort through years of firewall rules and ACLs and then figure out how to migrate them to software-based micro-segmentation policy engines.Micro-segmentation represents a major networking and security technology shift, so care and time is certainly appropriate. Nevertheless, there are potential benefits across the board in terms of security efficacy, operational efficiency and business enablement. Given this, it is little wonder why so many organizations are looking toward new software tools for micro-segmentation consolidation. This trend will only gain momentum moving forward. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe