Micro-segmentation creates secure zones across cloud and data center environments to isolate application workloads from one another and secure them individually. With micro-segmentation, firewall policies limit east-west traffic between workloads based on a zero-trust security approach to reduce attack surfaces, prevent the lateral movement of threats to contain breaches, and strengthen regulatory compliance. Micro-segmentation is also referred to as application segmentation or east-west segmentation in a multi-cloud data center.
How does micro-segmentation work?
Micro-segmentation secures applications by expressly allowing particular application traffic and, by default, denying all other traffic. Micro-segmentation is the foundation for implementing a zero-trust security model for application workloads in the data center and cloud.
What are the primary challenges with implementing micro-segmentation?
Micro-segmentation is the implementation of granular firewall policy controls using the host workload firewall as the enforcement point across any workload type (virtual machines, bare metal servers, containers). Policy lifecycle management is the most challenging part of implementing an effective micro-segmentation policy that adapts to support changes to your applications and your business. You begin at the macro level and continually refine through policy automation, leveraging application and workload context and behavior.
What can micro-segmentation do that a firewall cannot?
Micro-segmentation is implemented as granular firewall policies at the application workload level. Granular east-west policy control provides a scalable way to create a secure perimeter zone around each workload with consistency across different workload types and environments. This enhances and extends the visibility and control from network or zone-based firewalls.