Models used in micro-segmentation
There are many ways to implement network micro segmentation. In most scenarios, the existing protection mechanisms and legacy infrastructure are augmented systematically with new technologies, which include virtual firewalls and software defined networking. When it comes to adoption of micro segmentation technology, there are three major considerations involved.
Visibility is the first thing to be considered. Potential adopters need to thoroughly understand communication patterns and network traffic flow within, from, and to the data center. Next, use a zero-trust approach to implement security policies and rules. This is a complete lock down of communications. Throughout the deployment of micro segmentation, zero-trust policies should be followed. Across the network, communication should be only allowed carefully using the results of previous analysis. It is the best practice for anyone who wants to ensure application security and connectivity.
The process is to be repeated regularly. Distilling rules and analyzing traffic is not a deployment effort that is done once. It needs to be a continuous activity that has to be done often to make sure policies and workloads do not change suddenly and any current analytical results can be used to effectively tune micro segmentation rules. More: micro segmentation networking