CISO’s Guide to Microsegmentation

Ratinder Ahuja

Ratinder Ahuja

February 03, 2020

ShieldX has assembled a set of guides for CISOs to help understand and deal with today’s security challenges.  They are designed to be ready quickly with a check list approach to help CISOs—and their teams—become more effective.  Next up? CISO’s Guide to Microsegmentation. (No reg required). 

In this guide, we explore how today’s data-driven, multicloud environment is an increasing target for hackers and micro-segmentation is increasingly regarded as a key defense mechanism against stealthy attacks and data breaches. It is the software-based extension of network segmentation but in a micro-segmented network, perimeters are fine-grained and applied at the workload level. Micro-segmentation is also based on the Principle of Least Privilege, which establishes that every module in the environment (such as a process, a user, or a program, depending on the subject) should only be able to access the information and resources necessary for legitimate purposes. It is the fine-grained control and the Principle of Least Privilege which make micro-segmentation far more effective as compared to traditional network segmentation. In a multicloud environment, this translates into each workload only being permitted to make connections necessary to accomplish its tasks and is typically implemented through basic ACLs (access control lists).