Microsegmentation has become a popular way to control horizontal access within a corporate network or cloud. This is important because it helps IT departments better secure workloads by using zero-trust philosophies. That said, while microsegmentation offers several benefits, it also comes with a number of challenges.
Pros of microsegmentation
When assessing microsegmentation benefits, one of the most compelling is strict access control of east-west traffic within private, public or hybrid data centers and clouds.
Microsegmentation also enables IT shops to place server-to-server management under zero trust's "trust nothing or no one" approach.
Finally, once properly set up, microsegmentation policies can be largely automated and centrally pushed out to various data centers and clouds compatible with the microsegmentation platform in use.
Cons of microsegmentation
One of the biggest challenges is that implementing microsegmentation is complex. This is especially true within data centers and clouds that already exist. Administrators can take advantage of tools that discover traffic patterns and flows -- thus enabling them to identify what east-west traffic should be permitted or denied. But this is a cumbersome process and one with the potential to interrupt business operations when microsegmentation is implemented in production environments.
Microsegmentation can also contribute to a degradation in application performance. With most microsegmentation platforms, security and access control are enabled through the use of software plugins or software installed directly on the hypervisor. These services consume CPU and memory resources. Thus, some data centers or clouds may require upgrades to handle the additional load.
Finally, consider cost when assessing microsegmentation benefits and challenges. It can play a major role. Expenses include the cost of microsegmentation licenses and support contracts, as well as the new hardware required to support the technique across all workloads and the labor involved to implement all these adds and changes.
Dig Deeper on Network security
Related Q&A from Andrew Froehlich
Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies. Continue Reading
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure ... Continue Reading
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks ... Continue Reading