Microsegmentation has become a popular way to control horizontal access within a corporate network or cloud. This is important because it helps IT departments better secure workloads by using zero-trust philosophies. That said, while microsegmentation offers several benefits, it also comes with a number of challenges.
Pros of microsegmentation
When assessing microsegmentation benefits, one of the most compelling is strict access control of east-west traffic within private, public or hybrid data centers and clouds.
Microsegmentation also enables IT shops to place server-to-server management under zero trust’s “trust nothing or no one” approach.
Finally, once properly set up, microsegmentation policies can be largely automated and centrally pushed out to various data centers and clouds compatible with the microsegmentation platform in use.
Cons of microsegmentation
One of the biggest challenges is that implementing microsegmentation is complex. This is especially true within data centers and clouds that already exist. Administrators can take advantage of tools that discover traffic patterns and flows — thus enabling them to identify what east-west traffic should be permitted or denied. But this is a cumbersome process and one with the potential to interrupt business operations when microsegmentation is implemented in production environments.
Microsegmentation can also contribute to a degradation in application performance. With most microsegmentation platforms, security and access control are enabled through the use of software plugins or software installed directly on the hypervisor. These services consume CPU and memory resources. Thus, some data centers or clouds may require upgrades to handle the additional load.
Finally, consider cost when assessing microsegmentation benefits and challenges. It can play a major role. Expenses include the cost of microsegmentation licenses and support contracts, as well as the new hardware required to support the technique across all workloads and the labor involved to implement all these adds and changes.
This was last published in April 2022
Dig Deeper on Network security
Related Q&A from Andrew Froehlich
Comparing network segmentation vs. microsegmentation
Network segmentation and microsegmentation both control access but vary in how they do it, as well as how granular their approach is. Learn the …
How does a NetOps strategy affect enterprise network teams?
A NetOps approach uses DevOps frameworks to help network teams enable virtualization, automation and AI to create Agile networks and deploy …
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company’s system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral…