Within a world where cyber threats pose greater commercial and reputational risk than ever before, remaining resilient is one of the greatest challenges organisations face today. The problem is that this conversation too often sits narrowly in the realm of IT and technology, when it needs to be registering with the board and the most senior leaders of businesses.
Take micro-segmentation, perhaps the most important development in enterprise security of our time. It’s the most sophisticated approach to data center security out there; one that assumes threats can be anywhere and everywhere, and acts accordingly.
But how can we, as an industry, elevate this debate to business decision makers less involved (and less interested) in the tech side of things?
Given how interesting a technology this is for the modern organization, we’ve used the spirit of the movies to cut through the tech-talk, to discuss the concept of micro-segmentation (and modern enterprise security).
So, without further ado: lights, camera, action!
The Traditional Movie Challenge: Breaking into the “Unbreakable”
A classic trope of the movies; a completely secure and unbreakable security system is cracked. From Ocean’s Eleven to the Mission Impossible franchise, heroes of the silver screen have a knack for getting into the most resilient of facilities. In reality, the same is often true of the traditional data center. The problem is that, if a cyber-criminal manages to exploit a crack in this defense, they can enter the system and run riot with complete freedom – moving onto any and all servers as they like.
Think of the IT system in Jurassic Park: a seemingly secure network, from the outside at least, that is crippled thanks to the corrupt insider Dennis Nedry, who single-handedly deactivates the park’s entire security system, gains access to whichever room he likes and cuts the park’s power (deactivating the park’s security fences and tour vehicles).
Micro-segmentation aims to prevent this type of scenario, offering a new solution for a new generation of security challenges. And it does so in the following ways…
Rather than relying on a perimeter defense only, micro-segmentation allows organisations to secure individual workloads. Unauthorised lateral movement between servers is restricted with micro-segmentation, meaning that even if attackers breach the hard perimeter they can’t move freely among the server stacks.
Take each vault in Gringotts Wizarding bank, as featured in Harry Potter and the Deathly Hallows Part II. Even when Harry Potter and his allies infiltrate the bank building itself and pass initial security, each individual vault is individually locked for greater resilience.
Containing Any Threats
Micro-segmentation also allows networks to be kept in isolation, even within a single server or hypervisor. So, if a threat is detected in a specific workload it can be shut down before it spreads – significantly limiting the total impact for the broader IT system and business.
The 2008 horror film Quarantine is a fitting movie parallel. It follows a TV reporter and her camera crew, who follow firefighters into an apartment block to investigate an emergency call. It transpires that the inhabitants of the block are infected by a virulent disease that causes them to become savages, and a fight for survival ensues as authorities quarantine the building to (effectively, but arguably cruelly) contain and limit the spread of infection.
Relying on Automation
Within the dystopian future of Minority Report, personalized automation is one of the many iconic visions of technology advancement. As Tom Cruise’s John Anderton walks through a hallway, advertising billboards sense his eyes, determine his identity and tailor their displays accordingly.
Within the world of micro-segmentation, meanwhile, security policies are created as the workload is created and follow the workload throughout the data center. These policies can be automated, meaning that the rules and governance being applied to each workload can be changed in just a couple of clicks. Everything from load balancing to firewalls and compliance issues can be addressed once and then rolled out instantly to the entire network, delivering a more comprehensive and correlated security capability inside the data center.
Visibility and Control
Traffic inside the data center can account for as much as 80% of all network traffic, yet perimeter-centric defenses offer little or no control for these network communications. The growth of east-west traffic (otherwise known as ‘server to server’) in this environment is a challenge for organisations – since the majority of it does not pass through a firewall it’s not inspected. So, the IT team might know there’s a network issue but they won’t have any context or visibility as to what the problem is.
Compare this to the software-defined world of micro-segmentation, which offers a view of virtually all traffic in the data center. Greater visibility and context enables micro-segmentation based on the attributes of each workload, enabling more intelligent network and security policy decisions.
Think of The Truman Show, our final movie comparison. Peter Weir’s classic movies sees Ed Harris’ Christof exert near-total control of the world of Truman Burbank – through hidden cameras, actors pretending to be his friends and a series of escalating preventative measures (Truman’s fear of water materialises into a full-blown storm at sea) designed to maintain the status quo. It might not be the most positive comparison but it mirrors how IT has complete visibility and control over security in the world of micro-segmentation.
So what’s the takeaway from all of this? Well, there’s a real need for IT professionals to promote micro-segmentation in a language that resonates and truly delivers a punch, so that its value (and necessity) is felt throughout the organisation. It’s not about discussing the nuances of why east-west traffic poses a threat for traditional perimeter-centric defences and it doesn’t matter whether a comparison’s drawn to a Tom Cruise blockbuster or a Harry Potter movie. What does matter is the awareness of business leaders that there’s a proven option to traditional and new security threats alike, and that this will be vital to mitigating both commercial and reputational risk for organisations within today’s world of escalating and changing security threats.