Microsegmentation and Zero Trust - a match made in security heaven

Security at the edge

ZTNA only deals with security at the edge for traffic into and out of a network. We call this North-South traffic. However, East-West network traffic, which includes all the communication between internal systems, can make up over 80% of a business’ total network data flows. In a true Zero Trust architecture, this traffic should also be governed by the principles of Zero Trust since it can’t be assumed that an attacker has not already breached the perimeter defences. In fact, the concept of Zero Trust was originally devised to move away from the habit of only thinking about perimeter security when, in reality, attackers are routinely gaining access to the internal network where they can roam around freely in search of valuable data and systems to compromise.

A best practice commonly used in the past has been to break the internal network into segments using VLANs, switches and/or firewalls to restrict what communications can happen between these zones and limit any lateral movement of attackers. In modern, highly virtualised, and dynamic network environments, this approach can have limited benefits as well as being very difficult to manage and monitor.

And so, to apply the principles of Zero Trust to East-West traffic, the concept of microsegmentation was conceived (you could say that microsegmentation is the architectural design that helps facilitate zero trust). As the name would suggest, this concept allows the network to be segmented into much smaller zones and ultimately right down to individual hosts or virtual machines (in the case of traditional IT systems), and down to individual containers or micro-services (in the case of cloud architectures). With microsegmentation, individual components within the network are only allowed to communicate with each other after being properly authenticated and only according to specific policies.

Combining zero-trust and microsegmentation

Adopting microsegmentation as a foundational element in a Zero Trust strategy helps to deal with one of the significant challenges facing today's enterprise-level businesses today - securing workloads in dynamic environments. By adopting the Zero Trust model, organisations can move away from traditional perimeter-based network security which is far from ideal when faced with the challenge of an increasing number of remote workers and cloud environments. Micro-segmentation supports the model by splitting the network into smaller zones, building a micro perimeter around each resource ensuring individual security and by offering upgraded network visibility and more robust access controls.

With the adoption of Zero Trust principles being included in the requirements for “Basic Cyber Hygiene” in the soon-to-be enforced EU-wide NIS2 Directive, Zero Trust should no longer be a long-term goal for organisations. It should be adopted as a matter of urgency. And where ZTNA is the best approach for controlling access from external users, microsegmentation should be adopted as the foundation for applying Zero Trust principles to all other network traffic in an organisation.

If you would like to get in touch with to find out more about how our technologies and solutions – including any questions you have on Zero Trust and Microsegmentation  – you can contact Francis O’Haire directly via email on fohaire@datasolutions.ie or reach out to him by connecting on LinkedIn

You can also check out some Francis’ recent articles on our blog below.