As cyber-attacks become more and more sophisticated and frequent, security practitioners are realizing the value of network segmentation as a key defense-in-depth security strategy. In fact, they are even beginning to go a step further and are contemplating the pros and cons of micro-segmentation within the data center.
With its flexibility and cost savings cloud computing is now here, and whether you know it or not, you’re most likely using it one way or another. At least some of your data, whether personal or business, sensitive or public, is likely being stored, processed and consumed via this mystical all-encompassing cloud in some way.
As a security professional, you’ve no doubt heard about Service Organizational Control (SOC) Reports in security conversations. When the need arises for determining how “secure” prospective vendors’ and business partners’ data centers are, simply ask for their SOC 1 or SOC 2 report. That is, if it hasn’t already been shoved in your face.
For years, organizations have focused most of their network security efforts on the perimeter. First there were firewalls, then intrusion prevention systems came along followed by web proxies, and recently advanced malware detection (AKA sandboxing) solutions. This perimeter-focused approach is often referred to as the M&M Strategy – a hard crunchy outside and soft chewy inside. The problem of course, is once hackers successfully penetrate the perimeter of the network or the data center, (and let’s face it, this has not been a rare occurrence in recent years) there is very little restriction of lateral movement between servers in the data centers.
Your personal data is your own and it should stay that way. Enabling other people, organizations, or for that matter systems, to peek into our data is a serious problem which we should all be aware of and concerned about. Following on from my recent blog post ‘Who’s Watching Me? Tips to Protect Your Privacy in the Digital World’, I’d like to expand upon the importance of encryption to help protect personal data.
Bombarded by an onslaught of changes resulting from new applications, emerging threats and network re-architectures, security professionals struggle with manual processes as they sift through hundreds and often thousands of firewall rules and access lists. The result: slow response to business requests, and costly mistakes that cause outages and introduce risk.