miniature figures assembling a keyboard
PHOTO: shutterstock

According to a survey by LogicMonitor, 66 percent of IT professionals say security is their biggest concern when it comes to an enterprise embracing cloud computing. And what’s even more alarming, a study by Crowd Research Partners reported that a staggering 84 percent of organizations say traditional cloud security solutions do not work in a cloud environment.

So, how can brands take full advantage of the cloud while not having to worry so much about their security matters? In a word, microsegmentation.

What is Microsegmentation? And How Does it Work?

Microsegmentation refers to a method that is used to enhance the efficiency or security of either an on-premises or cloud-based network. It involves creating controlled segments of isolated workloads within a data center or cloud deployment which enables the network to become more granular.

Marcus Johnson, product manager of Hosted Private Cloud at Sungard Availability Services, explained how microsegmentation can control traffic, which minimizes risk. “Microsegmentation policies are set at the workload level and define the amount of east-west traffic that is allowed through. By controlling this traffic, you can minimize the risk of land and expand security threats and create a zero-trust security model,” Johnson explained.

Ian McClarty, president & CEO of PhoenixNAP Global IT Services, mentioned that microsegmentation was the latest step in the “evolution of traditional firewalls” in an “era” of cloud-native containerized environments. 

“Conceptually, microsegmentation expands on the notion of traditional firewall DMZ (demilitarized zone), by establishing fine-grained segments, that are isolated using multiple firewalls,” McClarty said. “A well managed, well-implemented microsegmentation creates a workload level perimeter, regardless of whether it involves a virtual machine, container or function.”  

Given that microsegmentation can be utilized in a cloud-based environment like containers, virtual machines, microservices and serverless architecture, you can see why this method does appeal to security-conscious brands looking to adopt a cloud-based solution.

With regards to implementation, microsegmentation is usually deployed as an agent or side-car where it intercepts all microservices, inbound and outbound traffic and enforces network policy rules.

“A good microsegmentation solution must be accompanied by an efficient and easy-to-use policy management and automation solution. Microsegmentation is implemented by agents that enforce policies which establish application level perimeter,” explained Gadi Naor, CTO and co-founder of Alcide.

Related Article: 6 Security Issues That Will Dominate IoT in 2019

How is Microsegmentation Different from Firewalls, VLANs and ACLs?

The concept of network segmentation isn’t new. For a number of years, organizations have utilized firewalls, virtual LANs (VLANs), and access control lists (ACLs) for the purpose of network segmentation. But with microsegmentation, as according Naor, the difference lies in its level of granularity which allows you to integrate it into your microservice environment.

“Microsegmentation, as opposed to standard firewalls, VLANs and ACLs, is natively integrated into your microservice environments,” Naor said. “Policy rules and traffic enforcement are done based on microservices identities rather than static subnets and IP addresses.”

From an operational perspective, according to McClarty, microsegmentation enables a more streamline communication between the network segments and incurs lower overhead costs in comparison to the other three methods.

“With traditional firewalls, VLANs and ACLs the environments would be segmented into blocks of resources. Network operators and security engineers would then have to establish flows of communication between these segments through multiple management devices,” McClarty said. “This, of course, created a management nightmare and was very hard to maintain. With software-defined networking, microsegmentation can be achieved through centralized management and can be applied to individual machines providing a more secure environment without the additional overhead of host-specific configuration.”

Related Article: Top 7 User-Rated WordPress Security Plugins

Advantages and Disadvantages of Microsegmentation?

“Microsegmentation is the natural solution for cloud microservices environment and is quickly becoming the standard practice for DevSecOps. The advantage you get is fine-grained control over all the moving parts and contain threats to a very limited perimeter,” Noar said.

This “fine-grained control” also allow for better management and auditing, explained McClarty. “Microsegmentation provides greater security for [any network]. It also allows for centralized management of the flows and better auditing of the rules that are applied to the [network] environment,” McClarty said.

However, the one limitation that organizations must be aware of is the steep learning curve as microsegmentation is completely different from firewalls, VLANs, and ACLs. “The challenge [with microsegmentation] is that [an organization’s] network must first be ready to participate in this level of configuration,” McClarty said. “[There is] a learning curve for organizations because those who are implementing need to understand how microsegmentation works and how it differs from traditional network segmentation.”