Create a Data Center Segmentation Strategy
Segment your data center network to protect sensitive
systems and to prevent lateral movement of malware.
A flat, unsegmented network is difficult to defend because if an attacker gains access to
the network, the attacker can move laterally throughout the network and compromise
critical systems. This is especially true inside the data center, where enterprises
store their most valuable assets. Old segmentation methods such as VLANs and ACLs don’t
scale well, are difficult to automate, and don’t take into account users, content, or
applications, so they provide little control over traffic and little visibility into
traffic.
Create a segmentation strategy that results in more granular access control to data
center resources, which gives you better visibility into traffic. The more granular your
segmentation strategy, the more visibility into traffic you gain because traffic must
traverse a firewall (segmentation gateway) as it flows between segments. Segmentation
also makes compliance and compliance audits easier because you can control access to
sensitive, personal, and mission-critical data at a very granular level and allow only
necessary access to that data. This protects the data and reduces the scope of
audits.
Your data center segmentation strategy depends on your architecture and your business
goals, so there is no “one size fits all” implementation. However, learning common
guidelines enables you to design and implement a segmentation strategy to protect your
data center network and its valuable information.