Create a Data Center Segmentation Strategy

Segment your data center network to protect sensitive systems and to prevent lateral movement of malware.
A flat, unsegmented network is difficult to defend because if an attacker gains access to the network, the attacker can move laterally and compromise critical systems. This is especially true inside the data center, where companies keep their most valuable assets. Old segmentation methods such as VLANs don’t scale well, are difficult to automate, and don’t take into account users, content, or applications, so they provide little control over or visibility into traffic.
Create a segmentation strategy that provides more granular access control to data center resources, which gives you better visibility into traffic. The more granular your segmentation strategy, the more visibility into traffic you gain because traffic must traverse a firewall (segmentation gateway) as it flows between segments. Segmentation also makes compliance and compliance audits easier because you can prevent all but the necessary access to personal information, which protects the data and reduces the scope of audits.
Your data center segmentation strategy depends on your architecture and your business goals, so there is no “one size fits all” implementation. However, learning common guidelines enables you to design and implement a segmentation strategy to protect your data center network.

Related Documentation