Network segmentation is a security strategy based around dividing a large network into smaller sections, each one isolated from the other.
These distinct network segments are there to limit damage during a breach. If one fails and the bad actors enter, the theory is that the remainder of the network will stand strong.
It’s a good strategy, but it may not be infallible. The segments are there to limit damage during a breach. If one is penetrated, the others remain afloat – unless the equivalent of a cyber-iceberg is unleashed.
At the moment, cybercriminals gaining entry to one segment can cause damage there. But they are learning ways to infiltrate the other segments once they have established a beachhead in the initial segment. Still, segmentation is an important safeguard and will at least slow the bad actors down considerably, perhaps giving security enough time to prevent further encroachment once the initial breach is uncovered.
Here are some of the top trends in network segmentation in 2022:
1. Network segmentation growth
Network segmentation in the cloud and the need for network segmentation tools to manage multicloud environments has been a growing trend since 2020, and possibly before, according to Davis McCarthy, Principal Security Researcher at valtixa Santa Clara, Calif.-based provider of cloud native network security services.
“Many organizations that began migrating their workloads to the cloud during the pandemic are now encountering stringent compliance standards and security risks that are commonly mitigated by adhering to defense in-depth best practices — like network segmentation,” McCarthy said.
“Software-defined networking solutions allow for flexible policy management, while removing the blind spots for network defenders operating in the cloud.”
2. Zero trust comes of age
As more companies adopt a zero-trust approach to security, they are realizing its value in implementing technology solutions, such as identity and access management (IAM) and behavioral analytics spheres, said Drew Simonis, CISO, Juniper Networks.
“People will begin to see zero trust as a business transformation, not a security program, and they will begin unlocking new technology delivery models because of that,” Simonis said.
3. SASE adoption accelerates
Secure access service edge (SASE) adoption is another area that Juniper Networks believes to be critical to enterprise security. Thus, its growth is expected to accelerate.
However, users are now more carefully assessing the solutions and the path that’s right for them. Teams are being more careful in calculating the operational costs of disparate policy formats. They are also considering the additional burden placed on the teams responsible for managing heritage on-site firewalls while adding the new service-based cloud offerings. Conclusion: existing data center investments and private applications aren’t going away anytime soon, according to Mike Spanbauer, senior director and technology evangelist, Juniper Networks.
“Format inconsistencies create fractures in policy and security efficacy, which actors look for,” Spanbauer said.
“All that’s needed is one foothold, and once the initial policy barrier is bypassed, a critical line of defense is disarmed.”
SASE is one way to limit the damage from incursions.
4. Microsegmentation
Network segmentation cuts the network into several slices.
Microsegmentation takes things a stage further by splitting it into scores of distinct elements, each one with some degree of separation.
This is in part being driven by cloud adoption and by the major cloud service providers.
According to Omdia research, 57% of virtual machines and 45% of software containers are expected tp be located in CSP-owned data centers by the end of 2022. This is giving rise to growing usage of container-as-a-service whereby the CSP engineers the features of the clouds they create for customers to eliminate the need for in-house skills. As CSPs are orchestrating the cloud and using more software containers, microsegmentation of application architectures has become increasingly necessary. Omdia notes that CSPs now offer services that include automated orchestration for software containers and OpenStack orchestrated clouds for virtualized as well as bare metal servers.
Looking ahead, expect CSPs to continue to enhance their as-a-service portfolios, such as PaaS and IaaS, via the introduction of innovative services, like deep learning, data analytics, and IoT solutions designed for the latest edge deployments. These services will require fine-tuned network segmentation and microsegmentation as an essential security feature.