NetworkTigers discusses network segmentation.
To help maintain a robust degree of privacy and cybersecurity, many organizations are turning to network segmentation. With both pros and cons associated with it, network segmentation is not for everyone and should be carefully considered before implementation.
What is network segmentation?
Traditionally, a company’s network is singular, allowing anyone within it to access a wide range of files and data related to a variety of operations.
Network segmentation is the breaking up of an organization’s network into “sub-networks” that can be compartmentalized as an administrator sees fit.
A segmented network will contain smaller networks that are each associated with specific departments, operations and data accessibility. Unless given high level permissions, employees or contractors only have access to the sub-network they need to perform their tasks and are unable to poke around into files and data that are not required in their day to day work.
Network segmentation pros
Increased hacking protection
A segmented network means that if a sub-network is breached, the threat actor is now confined to that area and will have to work once again to force their way into another part of the system. This means that cyberattacks take longer to carry out and can be more easily contained.
Containing a threat to a single sub-network allows IT administrators the extra time they may need to bolster security elsewhere, fully understand the type of threat they are experiencing and therefore prevent it from accessing other parts of the organization.
Damage from a breach can also be isolated and addressed easier than if it were to spread to the entire network.
Additional security layers
Building walls between sub-networks makes it harder for unauthorized users to view, download or otherwise access information that they shouldn’t.
Even a seemingly innocent or accidental viewing of proprietary data or the private data related to clients or the company itself constitutes a “breach.” Making it challenging, or even impossible, to explore other parts of a network goes a long way to preventing human error or internal data compromises.
Less network congestion
Network segmentation can facilitate a better experience as it prevents sub-networks from being bogged down by web traffic that is not associated with it.
For example, a company can put their public wifi into its own sub-network, allowing the devices associated with actually doing business to not suffer from the burden of a congested network.
Network segmentation cons
Complex implementation
Segmenting a network, especially a large one that may be used by tens if not hundreds of employees, can pose a significant logistical challenge to administrators looking to compartmentalize their systems in a way that makes sense.
The various permissions, passwords and firewalls required to maintain segmentation quickly add up and may pose additional risks with regard to human error.
Segmenting an existing network that has already been in use for a number of years means that many old habits will need to die hard and entirely new workflows and processes will need to be designed, implemented and overseen in order to ensure that work can continue with little interruption.
Less flexibility
Modern workforces thrive on flexibility and the quick, easy exchange of information.
While this free workflow can allow for swift, holistic business operations, it also contains within it the specter of shadow IT and the risks associated with it.
A segmented network will contain a degree of rigidity that, while a benefit for security, may sometimes frustrate or obstruct collaboration.
Especially with hybrid workforces made up of remote employees and contractors, network segmentation can create hoops to jump through and red tape to cross in the form of permissions and access restrictions.
Cloud networks vs. traditional networks
Segmenting a traditional network that exists physically in a server room involves an investment in the hardware, wiring and infrastructure needed to literally break the system up into smaller portions.
A network that exists in the cloud requires different considerations in that it necessitates breaking the network up into virtual private clouds (VPCs).
Your organization’s current network arrangement will play a large part in determining whether or not an investment in the time and money needed to properly segment it makes sense.
Is segmentation right for your organization?
Given the pros and cons of network segmentation, it may not be the right path for businesses that are especially small or do not implement a hybrid workforce.
Most small to medium businesses might be better off using a single traditional network, especially if segment implementation will require a substantial investment in new hardware and additional staff.
Small companies may want to simply set up an additional network for employee devices and internet of things considerations that will provide at least a degree of separation between a widely trafficked wifi network and the machines and data used to conduct business.
Implementing a virtual private network (VPN) is also a major step when it comes to keeping your data safe from outsider access.
However, larger organizations that are already used to maintaining tight permissions and prioritize efficiently siloed workflows may find the transition to be less painful and worth the effort.
Maintain good cybersecurity
Regardless of which direction you opt for when it comes to your network, basic cybersecurity protocols should be in place. Most hacks and breaches occur not because of highly sophisticated criminal enterprises but because cybersecurity rules are either not in place or poorly enforced.
- Keep everything updated. Whether you’re hardware based or up in the cloud, ensuring that your operating systems, web browsers, firmware and antivirus protections are continually and regularly updated will help keep you defended against exploits and continually evolving malware.
- Educate your workforce. Phishing attacks are successful because criminals know that a certain percentage of people on the receiving end will fall for their tricks. Be sure to keep your staff fully aware of the tactics used by hackers. Consider sending out a weekly newsletter keeping them up to speed on the latest threats.
- Stay informed. A wealth of cybersecurity resources are available online that will keep you privy to the latest cybersecurity news. From state-sponsored hacks to the latest bugs, updates and phishing scams, keeping a finger on the pulse will help you stay safe.
- Maintain and enforce good password hygiene. Be sure that network passwords are impossible to guess and are not used across multiple accounts. Consider a policy in which passwords are regularly changed to help prevent old credentials from being used to create new problems.
Sources
- What Are the Benefits of Network Segmentation? By Eric Dosal, 26 Nov 2019, Compuquip
- What is Network Segmentation? by VMware
- What Is Network Segmentation? by Pal Alto Networks
- What is Network Segmentation? by Narendran Vaideeswaran, 15 Nov 2021, CrowdStrike
How Insufficient Network Segmentation Increases Your Security Risk by Paul Brandau, 16 Feb 2017, Delta Risk
The most extreme example of network segmentation would be a cross-domain solution wherein the Internet-facing network would be separated by a unidirectional optical diode from the internal operational network, allowing data only flow in to the operational network, and not out.