/
Zero Trust Segmentation

Why Zero Trust and Segmentation Are Failing Some Organizations

Applications sit at the heart of any modern enterprise. They drive the creation of innovative customer experiences and support employee productivity. But as inter-app traffic has increased and environments have become more distributed, visibility, control and security have faltered. This is the new reality that segmentation-based Zero Trust approaches were made for. Yet not all segmentation is created equal.

A new report from analyst Enterprise Strategy Group (ESG) offers important learnings for enterprise IT security leaders. Here’s the bottom line: These tools should focus on the workload level, and, to avoid the limitations of traditional network-based segmentation, they should also decouple segmentation from the network infrastructure.

Why Zero Trust?

It’s been a decade since Marc Andreesen’s famous op-ed claimed “software is eating the world.” Today, scores of cloud-based applications power the typical organization, driving employee collaboration, customer loyalty and profits. According to ESG, 88% of organizations now support at least 100 business apps. But while cloud platforms have helped these businesses to develop their own software, they’ve also introduced complexity and potential cyber risk.

Traditional security tools focus on north-south traffic, or protection at the perimeter. Meanwhile, the volume of application-to-application, or east-west, traffic has soared, leading to dangerous gaps in protection. This is where Zero Trust comes in.

Zero Trust is fundamentally based around the principle of “never trust, always verify.” There are two basic and underlying assumptions: a network breach has already occurred, and users, resources and devices are not to be blindly trusted. Instead, they should be continuously authenticated, and their access to resources restricted via the principle of least privilege. When Zero Trust works as intended, it provides the foundation for a highly effective and adaptable cybersecurity fit for today’s app- and cloud-centric age.

However, as ESG’s research also reveals, many IT and security leaders mistakenly believe Zero Trust is expensive and complex to deploy from both organizational and technical perspectives. While many of these negative perceptions have their origins in market confusion and fuzzy vendor messaging, they contain a kernel of truth. ESG’s poll reveals that fully half of all who’ve had to pause or abandon a Zero Trust project in the past cite “organizational issues” as the cause.

The path to true segmentation

As ESG further explains, segmentation must be a “foundational element” of any Zero Trust project. That’s because Zero Trust is essentially about isolating networked entities so they can communicate with others only when policy allows.

The problem is, not all segmentation approaches deliver the attributes needed by today’s organizations. For example, static methods such as access control lists (ACLs) and VLANs typically lack the scalability required by a cloud-based environment. They don’t provide a user-friendly way to program and manage the thousands of ACL rules that live on network devices. They may also require networks to be re-architected—a potentially major undertaking.

According to ESG, the bottom line is this: Organizations should choose solutions that abstract segmentation from the network and are focused on the workload level. Why? Because in doing so, they can overcome these legacy challenges and ensure segmentation is as dynamic and scalable as the environment it protects.

You can read the full ESG report here.

In the second part of this two-part series, we’ll look at the five key attributes organizations are demanding from their segmentation providers, and how Illumio’s offering stacks up.

Related topics

No items found.

Related articles

Why There's No Zero Trust Without Microsegmentation
Zero Trust Segmentation

Why There's No Zero Trust Without Microsegmentation

Get insights from the creator of Zero Trust, John Kindervag, on why microsegmentation is essential to your Zero Trust project.

The Driving Cause of Microsegmentation Initiatives in the Pharmaceutical Industry
Zero Trust Segmentation

The Driving Cause of Microsegmentation Initiatives in the Pharmaceutical Industry

According to Deloitte, the pharmaceutical industry is increasingly the most targeted sector by cybercriminals globally, due to the massive value attributed to associated intellectual property and the increased digitisation of the market.

5 Practices You Need to Adopt Now for Cloud Security Maturity
Zero Trust Segmentation

5 Practices You Need to Adopt Now for Cloud Security Maturity

Tips for achieving a cloud security maturity model, in order to support and defend a cloud native maturity model.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?