Decoupling Security from the Network: The Evolution of Segmentation

Decoupling Security from the Network: The Evolution of Segmentation

Free

Company Name : Illumio

Topic : Networks, software-defined networking, SDN, Security segmentation, decoupling security

Goals of this white paper:

  • Explain the evolution of networks, SDN and host-based “security segmentation”
  • Describe core competencies and trade-offs of segmenting on each
  • Build a case for decoupling security from the network based on design logic and efficacy

Description

Segmentation has been around as long as we’ve been connecting networks, beginning from the earliest TCP/IP protocols designed to reliably deliver packets. But networks are about connecting things with utility-like reliability – whereas segmentation is about reliably isolating things.

Segmentation understands what can connect to what and enacts enforcement rules to limit everything else – like a bouncer at the club, if you’re not on the guest list, you won’t get in. These two objectives are diametrically opposed. Yet, we try to do both with the same equipment.

This holds true even for software-defined networking (SDN). Similar to traditional networks, SDN is designed for reliable packet delivery – not for enforcing the security of what should and shouldn’t be allowed between two points on the network (aka segmentation).

And even if you can make segmentation work with your network, the IT environment has grown beyond the data center to include public clouds, third party services and API’s. Our environments are not only on the corporate network. The agile infrastructure necessary for DevOps means that workloads are dynamic, and certain application components are not inside the datacenter.

Endpoints are dynamic, too. What’s needed is to secure closest to what’s being protected. This requires us to decouple security segmentation from the network.

Enterprises are steadily moving to host-based segmentation to address these issues with traditional approaches. Before we can understand why they are turning to host-based segmentation, let’s discuss how they got there, and why they’re decoupling security segmentation from the network.

You may also like…

  • How to secure your crown jewel applications

    Free

  • How to Build a Micro-Segmentation Strategy

    Free

Featured Products

  • Crystal Eye UTM Series 10+ Gateway

    Enterprise to SMB/Home Office Solutions - Crystal Eye Series 10 - 200