/
Zero Trust Segmentation

Why Zero Trust and Segmentation Are Failing Some Organizations

Applications sit at the heart of any modern enterprise. They drive the creation of innovative customer experiences and support employee productivity. But as inter-app traffic has increased and environments have become more distributed, visibility, control and security have faltered. This is the new reality that segmentation-based Zero Trust approaches were made for. Yet not all segmentation is created equal.

A new report from analyst Enterprise Strategy Group (ESG) offers important learnings for enterprise IT security leaders. Here’s the bottom line: These tools should focus on the workload level, and, to avoid the limitations of traditional network-based segmentation, they should also decouple segmentation from the network infrastructure.

Why Zero Trust?

It’s been a decade since Marc Andreesen’s famous op-ed claimed “software is eating the world.” Today, scores of cloud-based applications power the typical organization, driving employee collaboration, customer loyalty and profits. According to ESG, 88% of organizations now support at least 100 business apps. But while cloud platforms have helped these businesses to develop their own software, they’ve also introduced complexity and potential cyber risk.

Traditional security tools focus on north-south traffic, or protection at the perimeter. Meanwhile, the volume of application-to-application, or east-west, traffic has soared, leading to dangerous gaps in protection. This is where Zero Trust comes in.

Zero Trust is fundamentally based around the principle of “never trust, always verify.” There are two basic and underlying assumptions: a network breach has already occurred, and users, resources and devices are not to be blindly trusted. Instead, they should be continuously authenticated, and their access to resources restricted via the principle of least privilege. When Zero Trust works as intended, it provides the foundation for a highly effective and adaptable cybersecurity fit for today’s app- and cloud-centric age.

However, as ESG’s research also reveals, many IT and security leaders mistakenly believe Zero Trust is expensive and complex to deploy from both organizational and technical perspectives. While many of these negative perceptions have their origins in market confusion and fuzzy vendor messaging, they contain a kernel of truth. ESG’s poll reveals that fully half of all who’ve had to pause or abandon a Zero Trust project in the past cite “organizational issues” as the cause.

The path to true segmentation

As ESG further explains, segmentation must be a “foundational element” of any Zero Trust project. That’s because Zero Trust is essentially about isolating networked entities so they can communicate with others only when policy allows.

The problem is, not all segmentation approaches deliver the attributes needed by today’s organizations. For example, static methods such as access control lists (ACLs) and VLANs typically lack the scalability required by a cloud-based environment. They don’t provide a user-friendly way to program and manage the thousands of ACL rules that live on network devices. They may also require networks to be re-architected—a potentially major undertaking.

According to ESG, the bottom line is this: Organizations should choose solutions that abstract segmentation from the network and are focused on the workload level. Why? Because in doing so, they can overcome these legacy challenges and ensure segmentation is as dynamic and scalable as the environment it protects.

You can read the full ESG report here.

In the second part of this two-part series, we’ll look at the five key attributes organizations are demanding from their segmentation providers, and how Illumio’s offering stacks up.

Related topics

No items found.

Related articles

5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham
Zero Trust Segmentation

5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham

Chase Cunningham, also known as Dr. Zero Trust, shares his thoughts in this Zero Trust Leadership Podcast episode.

9 Reasons Why Manufacturers Should Implement Zero Trust Segmentation
Zero Trust Segmentation

9 Reasons Why Manufacturers Should Implement Zero Trust Segmentation

Learn how Illumio can help manufacturers protect operations from the threat of ransomware or breaches.

How to Plan Your Roadmap for Zero Trust Success
Zero Trust Segmentation

How to Plan Your Roadmap for Zero Trust Success

What should your organization's roadmap to Zero Trust implementation include? Learn from the experts in this blog post, with insights and key considerations from Forrester and Illumio.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?