Microsegmentation (network security)

Microsegmentation is a network security approach for separating and securing workloads in data centres and cloud deployments per machine.

Types of microsegmentation

There are three main types of microsegmentation:

Challenges

Despite its useful features, implementing and maintaining microsegmentation can be difficult. The first deployment is always the most challenging. Some applications may not be able to support microsegmentation, and the process of implementing microsegmentation may cause other problems.^[1]

Defining policies that meet the requirements of every internal system is another potential roadblock. Internal conflicts may occur as policies and their ramifications are considered and defined, making this a difficult and time-consuming process for certain adopters.^[2]

Network connection between high- and low-sensitivity assets inside the same security boundary requires knowledge of which ports and protocols must be open and in which direction. Inadvertent network disruptions are a risk of sloppy implementation.^[3]

Microsegmentation is widely compatible with environments running common OSes including Linux, Windows, and MacOS. However, this is not the case for companies that rely on mainframes or other outdated forms of technology.^[4]

References

[1] ttps://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html

[2] ttps://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html

[3] ttps://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html

[4] ttps://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html

[1]

[2]

[3]

[4]