Few Deploy Network Segmentation
Monday, September 12, 2016 @ 05:09 PM gHale
When an application is a solid defense against attacks, but yet no one applies the technology, sometimes you have to shake your head and wonder.
That is the case when it comes to network segmentation. It is an essential measure to mitigate security risks, but few companies actually use it as a strategy, according to new research from VeraQuest Research, commissioned by Avaya.
Few companies actually employ an end-to-end segmentation strategy with one in four respondents thinking they do, researchers said in the report.
There is no lack of headlines talking about the latest breach, so it would go to show more companies would want a strategy to reduce their exposure.
In today’s digital world, almost any corporation, large or small, can end up devastated in an instant by a network breach. The focus of this research is to: Quantify the perceived importance of end-to-end segmentation in protecting medium-to-large corporations; assess how widespread end-to-end segmentation actually is, and identify barriers to the implementation of end-to-end segmentation.
From an IT perspective, end-to-end network segmentation ended up cited by 400 IT professionals in the U.S. as an essential security measure. Yet, 23 percent of respondents said they believe they currently deploy such a strategy, and nearly as many (22 percent) didn’t even know it was possible.
The top reasons cited for not having a network segmenting strategy were: Too complex (35 percent), too resource intensive (29 percent), and too risky to deploy (22 percent).
The issue most companies face is while a majority of security spending is directed toward a rigid network perimeter, this traditional perimeter has morphed into an “everywhere perimeter” due to cloud computing, outsourcing, and BYOD technology.
Without proper controls, a breach of one device could provide a hacker with surplus of attack opportunities. Entry points are of concern to the IT professionals surveyed in the study, but the top three areas perceived to be the greatest entry-point threats into their organization: Employee email (50 percent), wireless connections (50 percent), and employee devices (46 percent).
A proper end-to-end network segmentation deployment is a foundational measure to address the fluid characteristics of an everywhere perimeter. Unlike traditional technologies that may not extend network wide and are onerous to deploy, end-to-end segmentation natively extends from the data center to the desktop while reducing complexity and operational burden.
Network-wide segments are seamless and created with simplified configuration commands on an edge device, which enables organizations to add new services or make changes to existing services in minutes rather than days, weeks, or months.