Knowledge on a Need-To-Know Basis
MSP security uses the term “microsegmentation” or “zero-trust model” to describe that which the military called “compartmentalization” decades ago. If you’re unfamiliar with the concept, consider the phrase “on a need to know basis.” What this means is that unless a given individual has a requisite security clearance, information is restricted from them. If you worked for HR in the CIA, the information you had clearance for likely wouldn’t be available for someone working in payroll, even though both of you had dealt with the same employees.
Certainly, this is a bit of a generalization, but you get the idea. When it comes to microsegmentation, the same kind of thinking is applied to servers. Imagine one server as the NSA and another as the CIA. Or imagine one is payroll and the other HR. Microsegmentation puts a barrier between these servers such that information can’t be freely exchanged unless authorization protocols have been activated. This ensures that malware or cybercriminal elements resident on a single device with access to the network can’t compromise the entire network. At worst, one server is compromised and requires a reboot.
This may seem like overkill if you are not familiar with today’s MSP security issues. Consider this, however: cybercrime is already an industry worth half a trillion annually. It is expected that by 2019, cybercrime will have been responsible for businesses losing over $2 trillion. Those kind of numbers are compelling enough to recommend security, and in the most expansive, applicable quantities.
Doing It Righ
With all these things in mind, if you have decided it’s time for your business to adopt microsegmentation policy, you want to ensure you do it right. With technology, there are many different ways to go about accomplishing the same thing— you likely have heard the aphorism about skinning cats. If you set your microsegmentation security solution up wrong, however, you’re just going to make operations more complicated and actually increase your network’s vulnerabilities. It’s like leaving a live cat with half its coat still intact. When that feline awakes, Pandora’s box will be opened.
The right way to segment your servers involves segmentation which goes down to the application/workload. Otherwise, attackers will still likely be able to move from a compromised workload or application to another one elsewhere in the system. Switches, firewalls, routers— these aren’t going to work as they would in a protective capacity in a non-segmented network. If you go this route, you’ll have rules in the millions based on IP addresses.
Defining Security Priority
One surprising positive that derives from microsegmentation is the ability to more accurately define attributes of policy. As an example, say you’ve got a certain workload primarily concerned with data revolving around your business’s financial situation. Now, say you’ve got a system which is involved in marketing workloads. The financial data will likely have a higher level of security through a microsegmentation solution; network administrators can more cohesively structure security protocols around those aspects of operation which require greater protection.
The next thing to consider is the cloud component. Businesses are moving to the cloud en masse and it makes sense: cloud computing saves time and money in an almost natural, organic kind of way. On-site costs are reduced, management costs are reduced, and emergency protocols can more securely conserve data. However, with the cloud, microsegmentation is downright imperative.
Imagine multi-tenants on a cloud network sharing servers. If they aren’t under microsegmentation at the workload level, a single malware program could infect the entire system. Granted, modern security tech pertaining to the cloud is increasingly effective and continuously on the cutting edge— but it would be wise to ask a given cloud provider about their microsegmentation policy before signing on with them.
Enhancing Your Network’s Security
With all these in mind, MSP security solutions today would be wise to include microsegmentation policy in their security operations. Microsegmentation allows businesses to:
- Contain data interchange based on workload
- Reduce afflicted systems in the event of a penetration
- Secure cloud-based networks
- Identify areas requiring greater security
Applying microsegmentation protocols to your IT situation is a sound means of increasing your network’s security.