Segmentation as-asecurity-service
Segmentation as-asecurity-service
to create visibility ” of everything behind a facility ’ s firewall , something that “ the sheer size , complexity , and dynamic nature of computing ” makes for a fearsome challenge . As a result , Dearing explains , data centres often contain “ significant resources that go undocumented .”
As a result , adds Burke , it ’ s more apparent than ever that “ cyber security teams need to pivot quickly , adopting advanced technologies to restrict access and keep control of the data centre .” He notes that , while adoption of sophisticated security technology like biometric identification is
Illumio ’ s cybersecurity services rely heavily on an emerging technique that ’ s gaining some serious traction in the industry , as “ the past few years have seen a major shift in security strategies from looking outward for external threats to detecting and defending against adversaries that have already breached the network ,” Dearing explains . One of the biggest threats operators face is that “ a threat actor , having found a landing point , can gradually move laterally through the network , and escalate their access and privilege while staying under the radar .” As a result , attackers with a single set of login credentials can “ start an attack that may result in massive data theft or malware infection .” Network micro-segmentation plays a central role in the realisation of Zero Trust strategies by severely limiting the lateral movement of an attacker and obstructing their ability to navigate the data centre network . By dividing up environments within the network - separating customer data from backup power systems and DCIM platforms , for example - “ effectively shrinks the attack surface available to adversaries and provides granular control of data centre environments , down to being able to segregate individual workloads ,” Dearing adds . “ The more difficult it is for the threat actor to move around , the longer they will need to dwell in the data centre network before reaching their goal , ultimately increasing the likelihood of detection by the security team who can intervene before more damage is done .”
datacentremagazine . com 79