Administrators are given more useful ways to describe the workload through micro segmentation. They can describe inherent characteristics of a workload, instead of depending on IP addresses. The information is then tied back to the security policy. Once this is done, the policy can answer questions such as: what kind of data will this workload handle (personally identifiable information, financial, or low-sensitivity)?, or what will the workload be used for (production, staging, or development)? Additionally, administrators can combine these characteristics to describe inherited policy attributes. For instance, a production workload handling financial data may get a higher level of security than a workload handling financial data.

The process is to be repeated regularly. Distilling rules and analyzing traffic is not a deployment effort that is done once. It needs to be a continuous activity that has to be done often to make sure policies and workloads do not change suddenly and any current analytical results can be used to effectively tune micro segmentation rules. Current analytical results may come from changes in traffic patterns or new applications. All these are consideration putting an emphasis on the choice of tools and hypervisor used in micro segmentation facilitation.

For example, a security administrator may start with an effective firewall distributed in the data center. They may then add IPS and stateful firewalling for visibility of deeper traffic. Alternatively, the administrator may develop better server security using agentless anti-malware.

All the same, administrators need all functions to cooperate to have more effective security. For this to happen, micro segmentation ensures sharing of intelligence between security functions is enabled. The end result is a security infrastructure working concertedly to design response to different situations.

More: Micro segmentation networking 


Be the first person to like this