Micro-segmentation and the Zero Trust Model

Traditional Perimeter Methods Are Not Enough

For organisations with perimeter-based security, a breach gives malicious actors access to your entire network, enabling them to move laterally to wherever they want as soon as they breach defences.  This security model sees all applications and data equally and therefore security and access is the same for everything.  Because of this many organizations are looking to a Zero Trust model to solve this problem.

What is Zero Trust?

Essentially Zero Trust is a ‘least privilege’ approach, allowing each user or process access only to the information they need and no more – access on a ‘need to know’ basis.  Whilst that seems like a great idea in theory many organizations are concerned that the implementation of this could be very complex.  However micro-segmentation is the perfect tool for this.

What Does Micro-segmentation do?

Micro-segmentation allows you to create secure zones in data centers and cloud deployments.  IT departments can isolate environments, applications and data, providing the ability to monitor and protect them individually.

What About Compliance?

The need for greater security around certain sets of data is often driven by regulations within the finance, legal or healthcare sectors.  This means that these sectors will benefit most from implementing a Zero Trust model.

Ash Hussain, Sales Director for activereach, adds
“Zero Trust is focused on addressing lateral threat movement within the network.  Micro-segmentation can help you get there faster – enabling granular enforcement, based on user context, data access controls, location, app and the device posture.”

How Everyone Can Get The Most From Micro-Segmentation

Micro-segmentation does not have to be all or nothing, in fact a common approach is to start by focusing on projects that are manageable, fairly easy to complete, and can deliver tangible results. Prioritize systems that hold PII or other critical data.  The most common first projects are usually one of these types:

Environment – choose the most at-risk environments, such as development, and separate this from other environments.

Application – protection business critical applications and reduce traffic flow.

Service – Restrict which services are available and therefore reduce the attack surface, for example reducing DNS servers to only those that need it.

Compliance – environments or applications can be individually protected based on regulatory standards such as SWIFT, PCI or HIPAA.

Still not sure where to start.  Projects where you are using terms like isolation, restriction, ring-fencing, segmenting, white-listing, are all projects that might be suitable for micro-segmentation.

Moving to a Zero Trust model can be intimidating, but as we have already mentioned, you can phase in at the pace you want. Pick the user groups and applications that will give you most value and go from there. You don’t have to rip out any infrastructure or install any new hardware. Start simply, but get started.

Contact us or give us a call on 0845 625 9025 to discuss how you can start your Zero Trust journey.