While cloud technologies and network virtualization overshadow the data center, (effectively accelerating the speed upon which network, servers, and storage resources are provisioned), IT administrators are under pressure to ensure workloads capacities faster.
Overview
An enabled Micro-segmentation
is by far the best leap-forward model for data security. It is a known fact
that network security strategies are imposed by firewall controls incorporated
into the hypervisors that are already dispensed all the way through the data
center. This enables security to be both granular and omnipresent. Security
policies can also be easily altered, even automatically, when VMs (Virtual
machines) move and adapt to modifications in workloads. Most IT professionals
concur with the fact that securing the network only at the perimeter is insufficient
for the present data centers once malware has succeeded to go through at the
back of the firewall by attaching itself to an authorized user (or by any
other methods). It can shift facilely between workloads. This will possibly
cause flank movement owing to a lack of adequate internal system controls
regulating east-to-west or server-to-server network traffic.
Micro-segmentation
secures traffic amongst VMs or amongst VMs and physical hosts. It can also make
and apply security strategies down to the level of replicated network interface
cards. All strategies will instinctively move together with the workload, even
if the physical IP address changes. Even with micro-segmentation in place, it
is still easier to integrate other types of security products into the data
center than with physical security.
The micro-segmentation model is not about “building up” but “infusing into.” Much like bio-engineering plants’ DNA to be more resistant to disease, micro-segmentation also changes the DNA composition of data center security apparatus to be impervious to threats at an exceptionally granular level. The model works beyond the aortic idea of plugging up fissures in border security or even attempting to influence physical security within the data center to be more effective. Strategies can be generated and updated with agility to thwart the most resolute attacker.
The Cost of Data Breach
Source: IBM Newsroom |
According to IBM
Security’s “The Cost of a Data Breach Report”, the global average cost of a
data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 -
the highest in the history of the data breach. The report, conducted by Ponemon
Institute which is now in its 17th year, studied 550 organizations impacted by
data breaches between March 2021 and March 2022. The breaches happened across
17 countries and regions and in 17 different industries.
The costs of
successful security breaches
in the stealing of valuable customer or employee data are virtually
incalculable. Other than that, data breaches can easily reach millions or
hundreds of millions of dollars when factoring in in-house investigations,
forensic experts, loss of customers, lower customer acquisition rates, and for
providing free credit or identity monitoring subscriptions in bolstering trust.
The following are just some of the points telling us that the present model for
data center security is not holding up with threats.
› Organizations
still continue to invest heavily in security. In the U.S. alone, businesses
are collectively expending billions of dollars on security annually and
extensively increasing annual security spending.
› Incidents of
attacks continue to be successful. Attacks continue to flourish with an
average of two attacks on average each week, according to a global survey
conducted by Price Waterhouse Coopers.
› Attacks are
taking a heavier toll. The cost caused by data breaches to organizations
continues to shoot up, according to Ponemon Institute.
Firewalls and Intrusion Prevention
Systems Are Not Sufficient
It is not that physical
security devices are not sophisticated enough given the purpose for which they
were intended…they are intelligent and formidable enough for the purpose, but
they are just simply insufficient to protect today’s data center
environment. Here are a few reasons why:
● Multi-faceted security systems such as physical firewalls are
administratively exhaustive to update and maintain. It is tough for CIOs to justify this mounting overhead when they are under incessant pressure to cut
back on expenditure.
● Physical
appliances can’t be in all places at once, or even in too many places at once.
It’s just too difficult and costly to place firewalls in every alcove and
locale of the data center. If that’s not possible, also try to imagine the
arduous task of reconfiguring physical security system policies within minutes to get
used to a new workflow or to restrict a dynamic attack.
● The
border-centric security model is designed to work from client to the server or
north to south in contrast to the design handling the east-west traffic which
is how communications among servers pass through.
Source: VMware |
● Stop malware from spreading within
the data center.
● Enable quicker delivery of networking security services.
● Generating more flexibility and automated
adaption to ever-changing demands and security environments.
Easy Implementation of Most Complex or
Fast-Changing Security Scenarios
Micro-segmentation
could make security more granular without adding complexity and also simplifies
security for virtual desktop deployments. Take as an example which IT
department concluded to virtualize the desktops of the entire HR (Human
Resources). Per typical hardware-based border security, securing all the
virtual desktops in the data center could add up yet a new level of intricacy
to the matrix of security strategies, because the strategies would have to be
charted back to the network location of the virtual desktops.
Creating and
applying security policies with micro-segmentation is likely based on the agile
qualities of the desktops: such as the type of the operating system, the appliances’
names, or the user group, in this case, the HR. In this case, implementing security
for HR’s virtual desktops takes just a couple of minutes. It is also not
disrupting the security policies that are already in place for the other
departments and applications. Moreover, there are no added expenditures
necessary for the new appliances.
Pre-VMware NSX,
micro-segmentation for data center security was not possible, not even achievable,
unlike today, it is not only feasible but is also streamlined and economical to
deploy and managed.
Conclusion
Micro-segmentation
is just like fortifying the system of the data center: malware cannot get it,
or if something does get it, the system can shut down or limits its movements
from spreading. Micro-segmentation is centered on the presumption that threats
can come anywhere from within the data center, thus a micro-segmentation model
causes security omnipresent all over the data center. This will not only give ubiquitous
coverage; however, it also has the ability to make and modify security systems
with suppleness and quickness that harmonizes the active workloads they aim to
protect.
____________________________________________________________________
References:
1. IBM Security | Cost of Data Breach 2022
2. Cisco | Whatis Micro-Segmentation?
3. Hubspot | TheComplete Guide to Customer Micro-Segmentation
This site is reader-supported. Hence, it may earn
a small commission from affiliated partners for qualifying purchases should you
choose to buy through our links.