Shulou(Shulou.com)06/02 Report--

Today, many enterprises are rapidly migrating their data center operations from on-premises deployments to more scalable, virtualized, and hybrid cloud infrastructures. Its security experts are trying to secure their business and find solutions to protect mission-critical applications and workloads running in these dynamic, heterogeneous environments.

When the boundary is constantly changing, the traditional network-based boundary security is no longer effective. Judging from daily news reports, cyber attackers seem to be breaking through peripheral defenses at will. After entering the network, they will integrate into east-west traffic, spread horizontally, and look for loopholes. Unprotected applications span a variety of bare metal servers, virtual machines, and containers, are targets of attackers, and together constitute a huge attack surface.

Turning differential segment

Security experts and analysts are increasingly using microsegmentation as a best practice solution for protecting data center assets and implementing a "zero trust" security model. Microsegmentation involves setting granular security policies around individual or logically grouped applications. These policies specify which applications can and cannot communicate with each other. Any unauthorized communication attempt will not only be blocked, but will also trigger an alarm about the possible presence of the intruder.

Analyst firm Gartner has identified microsegmentation as one of its top 10 security priorities, especially for organizations that want to be able to view and control traffic in the data center, further pointing out that its goal is to stop the horizontal spread of data center attacks.

In view of people's attention to microsegmentation, why has it not been more widely used? Some misunderstandings made security personnel hesitant. One reason is that large enterprises can only invest a large number of security professionals to implement and manage microsegmented projects. Another reason is that this is an all-or-nothing proposition that requires the protection of the last asset in a single large project, a task that is almost impossible in a DevOps environment with continuous application deployment.

It is important to put aside these misunderstandings and learn from companies that have successfully incorporated microsegmentation into their IT operations. These organizations have adopted a phased approach, initially focusing on manageable projects that are easy to define goals. Common challenges that can be solved through microsegmentation include:

Compliance. Key drivers of differential segments, regulations and standards such as SWIFT, PCI, GDPR, HIPAA, and so on, often specify that certain processes must be separated from general network traffic.

DevOps . Applications in a development, test, or quality assurance environment need to be separated from those in a production environment.

Restrict access to data center assets or services from external users or Internet of things devices.

Separate systems that run highly sensitive equipment (such as medical equipment in hospitals) from general enterprise systems.

Separate the most critical applications from the less critical ones.

By establishing a hierarchy of priorities and starting on a small scale, companies can get some "quick wins" and begin to see tangible results in a relatively short period of time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.