Zero Trust is gaining traction all over the globe as a best practice approach for mitigating serious cyber risk. But as we discussed in the first part of this two-part blog series, a new report from analyst firm Enterprise Strategy Group (ESG) explains why Zero Trust, despite its many benefits, is no panacea. In fact, the type of segmentation technology on which a Zero Trust approach is built can, to a great degree, determine whether a security project succeeds or fails.
Given the wealth of Zero Trust solutions now available in the market, IT leaders must be clear about what they want. According to ESG, when it comes to segmentation, they should focus on consistent coverage, ease of deployment and management, and cross-team collaboration.
Five key segmentation attributes
Before you select a segmentation solution, take some advice from ESG’s poll of North American IT and security leaders. The poll uncovered five features any segmentation solution should have:
- Unified coverage for both cloud and on-premises: Tools should work across environments, focus on the application and workload, not the network or virtual private cloud (VPC) they reside on.
- Risk assessment capabilities: This could include the ability to analyze device attributes and understand the relationships among workloads and any vulnerability they may contain.
- Automation of policy creation and management: The sheer rate at which new workloads are generated makes automation essential. Policy should be automatically generated based on the type of application, dependencies, and other factors. Administrators must then be able to review and test a policy before switching it on.
- Ease of deployment: Streamlining deployment across on-premises and cloud environments can help to secure quick wins and get executive buy-in for Zero Trust projects.
- Support for legacy systems: Organizations support a variety of application architectures, so to streamline deployments, a consistent approach is needed across all systems.
How Illumio can help
Illumio’s flagship Illumio Core offering already provides hundreds of global enterprises with leading Zero Trust segmentation capabilities, protecting anywhere from 100 to 100,000+ workloads.
As ESG explains in its report, Illumio helps to meet the segmentation needs highlighted above and more by:
- Abstracting policy generation away from network and infrastructure. Illumio Core monitors workload data, maps application dependencies in real-time, and automatically generates policies that are then pushed to native firewalls as rules.
- Automating security enforcement via Enforcement Boundaries. This feature provides customers with the flexibility to deploy segmentation either broadly or through a phased approach, speeding time-to-value.
- Integrating with third-party threat intelligence tools. This enables Illumio’s map to flag vulnerability and exposure data, helping security teams identify at-risk workloads. This feature also automatically recommends and tests policies to mitigate risk.
- Integrating with cloud and technology partners to power Supercluster capabilities that can support 100,000 or more workloads.
- Using role-based access control (RBAC), which drives visibility into segmentation policies for application owners, DevOps teams and other stakeholders — improving collaboration across silos.
Zero Trust is a fast-maturing space, but still one where cost and complexity can derail projects. Illumio can help with intelligent visibility, simple deployment, and consistent protection enhanced by risk-based policy recommendations. With the right foundation of Zero Trust segmentation, organizations can differentiate on enhanced security, efficiency and business resilience.
To learn more: