Segment your data center network to protect sensitive
systems and to prevent lateral movement of malware.
A flat, unsegmented network is difficult to defend because
if an attacker gains access to the network, the attacker can move
laterally and compromise critical systems. This is especially true
inside the data center, where companies keep their most valuable
assets. Old segmentation methods such as VLANs don’t scale well,
are difficult to automate, and don’t take into account users, content,
or applications, so they provide little control over or visibility
Create a segmentation strategy that provides more granular access
control to data center resources, which gives you better visibility
into traffic. The more granular your segmentation strategy, the
more visibility into traffic you gain because traffic must traverse
a firewall (segmentation gateway) as it flows between segments.
Segmentation also makes compliance and compliance audits easier
because you can prevent all but the necessary access to personal
information, which protects the data and reduces the scope of audits.
Your data center segmentation strategy depends on your architecture
and your business goals, so there is no “one size fits all” implementation.
However, learning common guidelines enables you to design and implement
a segmentation strategy to protect your data center network.