Leading up to this year's RSA Conference, we conducted four Twitter polls to gather real-time data about the current needs and issues involving segmentation. In total, we received close to 40,000 answers from around the globe and learned a lot along the way.
Interestingly, nearly 24% of respondents have already implemented micro-segmentation or are planning to implement this year.
If (and when) an attacker finds a way into an enterprise, be it through an orchestrated ransomware attack, a sophisticated phishing campaign, unpatched software, or otherwise, an unsegmented environment makes it easy for them to quickly move laterally within the organization, stealing sensitive information and planting backdoors. If there’s no guaranteed approach to preventing attacks from taking place in the first place, it’s imperative to mitigate impact by implementing segmentation and we’re pleased to see that respondents recognize this as well.
Zero Trust is another topic we asked about. Over 60% of respondents stated that Zero Trust is very important or important to their organization in 2020.
I'm not surprised! Zero Trust, the philosophy that organizations should verify anything that’s trying to connect to the network before giving it access, is gaining steam in public discourse. In fact, Forrester recently concluded that organizations implementing Zero Trust strategies can mitigate risk by 37% and reduce security costs by more than 31%. Everyone gets that protecting just the perimeter is an outdated mindset, but it’s encouraging that lots of people now understand that they also need to control communication inside the perimeter.
For those using or looking at micro-segmentation, the most important capability according to the poll was application ringfencing, followed closely by an increase in east-west visibility.
We’re not surprised, as ringfencing your high-value applications is the first thing that our customers deploy with Illumio (and one that aligns well with the principles of Zero Trust). From a visibility perspective, organizations are recognizing the important role that context plays in developing cyber resiliency, so an understanding of how applications communicate with one another is not just necessary for compliance, it is a foundational step in understanding your organization’s security posture.
Lastly, we asked about what metric organizations use to measure the value of a segmentation solution. This one surprised me. Nearly 35% stated vulnerability scoring was their top metric for measuring the value of segmentation, 26% said number of apps protected, 23% said anomalous activity, and 17% said number of workloads protected. This mix shows that those using segmentation solutions find a wide range of value, and measure its success based on a variety of parameters. A takeaway for us at Illumio is to partner more closely with the vulnerability exposure vendors like Qualys, Tenable, and Rapid7.
Illumio will have a big presence at RSA Conference 2020 and we'd love to show you how segmentation can actually be made easy. Visit us at booth N-5459 for a live demo and don't miss our session: More Powerful Segmentation for More Powerful Threats with Neil Patel at 10:30 a.m. on Thursday, February 27. Get all the details about Illumio at RSA here: https://www.illumio.com/rsac2020