What are the benefits and challenges of microsegmentation? | #cloudsecurity



Microsegmentation has become a popular way to control horizontal access within a corporate network or cloud. This is important because it helps IT departments better secure workloads by using zero-trust philosophies. That said, while microsegmentation offers several benefits, it also comes with a number of challenges.

Pros of microsegmentation

When assessing microsegmentation benefits, one of the most compelling is strict access control of east-west traffic within private, public or hybrid data centers and clouds.

Microsegmentation also enables IT shops to place server-to-server management under zero trust’s “trust nothing or no one” approach.

Finally, once properly set up, microsegmentation policies can be largely automated and centrally pushed out to various data centers and clouds compatible with the microsegmentation platform in use.

Cons of microsegmentation

One of the biggest challenges is that implementing microsegmentation is complex. This is especially true within data centers and clouds that already exist. Administrators can take advantage of tools that discover traffic patterns and flows — thus enabling them to identify what east-west traffic should be permitted or denied. But this is a cumbersome process and one with the potential to interrupt business operations when microsegmentation is implemented in production environments.

Microsegmentation can also contribute to a degradation in application performance. With most microsegmentation platforms, security and access control are enabled through the use of software plugins or software installed directly on the hypervisor. These services consume CPU and memory resources. Thus, some data centers or clouds may require upgrades to handle the additional load.

Finally, consider cost when assessing microsegmentation benefits and challenges. It can play a major role. Expenses include the cost of microsegmentation licenses and support contracts, as well as the new hardware required to support the technique across all workloads and the labor involved to implement all these adds and changes.

This was last published in April 2022

Dig Deeper on Network security



Original Source link




Leave a Reply

Your email address will not be published.

thirty three − = twenty six