Segmenting for security: Five steps to protect your network

security threat prevention

Relying on a DMZ to protect your network and data is like putting money in a bank that depends on one guard and a single gate to secure its deposits. Imagine how tempting all those piles of money would be to those who had access — and how keen everyone else would be to obtain access.

But banks do not keep cash out on tables in the lobby, they stash it in security boxes inside vaults, behind locked doors, inside a building patrolled by a guard and secured by a gate. Likewise, network segmentation offers similar security for an organization’s assets.

+ ALSO ON NETWORK WORLD Free security tools you should try +

The need for network segmentation has been widely discussed for years, but it remains one of the less commonly implemented security steps, and is seldom employed as a strategic defense. When a recent poll asked IT professionals to describe their network segmentation, a mere 30% of respondents said they strategically set segmentation around business drivers for the latest threats. Another third of respondents said they “set and forget” their segmentation, and an equal number reported they occasionally revisit it — typically around audit time. A brutally honest 6% said, “My network what?”

The string of recent security breaches should drive home the importance of having carefully implemented and well-maintained network segmentation. If properly set and maintained, network segmentation would have made the long road from procurement portal to cardholder data environment far more difficult to travel in the Target breach, which exposed 40 million credit card numbers, and could have significantly limited the damage in the recent Home Depot breach, which compromised 56 million credit cards. Proper segmentation could also have limited the impact of the Community Health Systems breach, in which 4.5 million patients’ personal health information and personal identifier information (PHI/PII) were stolen.

Effective network segmentation is a big undertaking, but it boils down to just five basic steps.

1 2 3 4 5 6 Page 1
Page 1 of 6