70cc710850b21f2cd1027a96d266b2e7aaf4081a

Building Data Center’s Security with Micro-Segmentation

Advertisement

Lighted Ways Tech
Shop Your Best Moments here. The easiest way to find your things!- CHECK EVERYTHING ON AMAZON

Micro-segmentation with VMware NSX
While cloud technologies and network virtualization overshadow the data center, (effectively accelerating the speed upon which network, servers, and storage resources are provisioned), IT administrators are under pressure to ensure workloads capacities faster.

v

Figure 1. VMware NSX enables the three key functions of micro-segmentation: 1) isolation (no communication across unrelated networks), 2) segmentation (controlled communication within a network), and 3) security with advanced services (tight integration with leading third-party security solutions). 
Source: www.vmware.com/

Overview

An enabled Micro-segmentation is by far the best leap-forward model for data security. It is a known fact that network security strategies are imposed by firewall controls incorporated into the hypervisors that are already dispensed all the way through the data center. This enables security to be both granular and omnipresent. Security policies can also be easily altered, even automatically, when VMs (Virtual machines) move and adapt to modifications in workloads. Most IT professionals concur with the fact that securing the network only at the perimeter is insufficient for the present data centers once malware has succeeded to go through at the back of the firewall by attaching itself to an authorized user (or by any other methods). It can shift facilely between workloads. This will possibly cause flank movement owing to a lack of adequate internal system controls regulating east-to-west or server-to-server network traffic.

Micro-segmentation secures traffic amongst VMs or amongst VMs and physical hosts. It can also make and apply security strategies down to the level of replicated network interface cards. All strategies will instinctively move together with the workload, even if the physical IP address changes. Even with micro-segmentation in place, it is still easier to integrate other types of security products into the data center than with physical security.

The micro-segmentation model is not about “building up” but “infusing into.” Much like bio-engineering plants’ DNA to be more resistant to disease, micro-segmentation also changes the DNA composition of data center security apparatus to be impervious to threats at an exceptionally granular level. The model works beyond the aortic idea of plugging up fissures in border security or even attempting to influence physical security within the data center to be more effective. Strategies can be generated and updated with agility to thwart the most resolute attacker.

The Cost of Data Breach

Cost of Data Breach
Source: IBM Newsroom

According to IBM Security’s “The Cost of a Data Breach Report”, the global average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 - the highest in the history of the data breach. The report, conducted by Ponemon Institute which is now in its 17th year, studied 550 organizations impacted by data breaches between March 2021 and March 2022. The breaches happened across 17 countries and regions and in 17 different industries.

The costs of successful security breaches in the stealing of valuable customer or employee data are virtually incalculable. Other than that, data breaches can easily reach millions or hundreds of millions of dollars when factoring in in-house investigations, forensic experts, loss of customers, lower customer acquisition rates, and for providing free credit or identity monitoring subscriptions in bolstering trust. The following are just some of the points telling us that the present model for data center security is not holding up with threats.

› Organizations still continue to invest heavily in security. In the U.S. alone, businesses are collectively expending billions of dollars on security annually and extensively increasing annual security spending.

› Incidents of attacks continue to be successful. Attacks continue to flourish with an average of two attacks on average each week, according to a global survey conducted by Price Waterhouse Coopers.

› Attacks are taking a heavier toll. The cost caused by data breaches to organizations continues to shoot up, according to Ponemon Institute.

Firewalls and Intrusion Prevention Systems Are Not Sufficient

It is not that physical security devices are not sophisticated enough given the purpose for which they were intended…they are intelligent and formidable enough for the purpose, but they are just simply insufficient to protect today’s data center environment. Here are a few reasons why:

Multi-faceted security systems such as physical firewalls are administratively exhaustive to update and maintain. It is tough for CIOs to justify this mounting overhead when they are under incessant pressure to cut back on expenditure.

● Physical appliances can’t be in all places at once, or even in too many places at once. It’s just too difficult and costly to place firewalls in every alcove and locale of the data center. If that’s not possible, also try to imagine the arduous task of reconfiguring physical security system policies within minutes to get used to a new workflow or to restrict a dynamic attack.

● The border-centric security model is designed to work from client to the server or north to south in contrast to the design handling the east-west traffic which is how communications among servers pass through.

Source: VMware

A standard data center may well have a couple of firewalls at the border and perhaps a few inside the data center itself, which match up to hundreds and hundreds of workloads. Protecting all of this east-west traffic is a gargantuan task that would certainly require a firewall with incredible power to withstand any attacks. However, even with such a thing were possible, which at present it is not, there will still be a problem of directing all traffic through this monster of a firewall, and the impact on its performance would be terrifying. Since physical security is enabled and optimized literally in one direction, a need for a better model requires a different methodology, and that is network virtualization-enabled micro-segmentation. Micro-segmentation could verywell help organizations deal with all the following issues:

    ● Stop malware from spreading within the data center.

    ● Enable quicker delivery of networking security services.

    ● Generating more flexibility and automated adaption to ever-changing demands and security environments.

Easy Implementation of Most Complex or Fast-Changing Security Scenarios

Micro-segmentation could make security more granular without adding complexity and also simplifies security for virtual desktop deployments. Take as an example which IT department concluded to virtualize the desktops of the entire HR (Human Resources). Per typical hardware-based border security, securing all the virtual desktops in the data center could add up yet a new level of intricacy to the matrix of security strategies, because the strategies would have to be charted back to the network location of the virtual desktops.

Creating and applying security policies with micro-segmentation is likely based on the agile qualities of the desktops: such as the type of the operating system, the appliances’ names, or the user group, in this case, the HR. In this case, implementing security for HR’s virtual desktops takes just a couple of minutes. It is also not disrupting the security policies that are already in place for the other departments and applications. Moreover, there are no added expenditures necessary for the new appliances.

Pre-VMware NSX, micro-segmentation for data center security was not possible, not even achievable, unlike today, it is not only feasible but is also streamlined and economical to deploy and managed.

Conclusion

Micro-segmentation is just like fortifying the system of the data center: malware cannot get it, or if something does get it, the system can shut down or limits its movements from spreading. Micro-segmentation is centered on the presumption that threats can come anywhere from within the data center, thus a micro-segmentation model causes security omnipresent all over the data center. This will not only give ubiquitous coverage; however, it also has the ability to make and modify security systems with suppleness and quickness that harmonizes the active workloads they aim to protect.

­­­­­­­­­­­­­­­­­­____________________________________________________________________

 

References:

1. IBM Security | Cost of Data Breach 2022

2. Cisco | Whatis Micro-Segmentation?

3. Hubspot | TheComplete Guide to Customer Micro-Segmentation


This site is reader-supported. Hence, it may earn a small commission from affiliated partners for qualifying purchases should you choose to buy through our links.


Previous Post Next Post

Ads