Segmentation is Great in Theory, but Who Has the Time?
Security is one of those, “pay a little now, or pay a lot later” concepts. Your data, your customer information, your intellectual property, your trade secrets, these are the lifeblood of your company. One bad hack could distract your team for months, set your product position back years or worse, put you out of business altogether. You need to protect your assets.
In 2014 alone, we were overwhelmed with headlines as network breaches affected stores like Home Depot and Target, but what you might have missed is that they also hit Dairy Queen, Acme Grocery, Sally Beauty Supply, PF Chang’s, Michaels Craft Stores, Goodwill, Jimmy John’s, Neiman Marcus, and JP Morgan Chase – all in less than 12 months. And these are just some of the ones that made the headlines. No enterprise is too large or too specialized to not be of interest.
Paying attention to protecting your network is important. We discussed segmentation and how to identify atomic segments in previous blogs. So where do you start?
First, you need the help of a good security engineer. They determine where to start (e.g., process, host and network), where to stop, where to establish enforcement points and how to set hierarchical lines of defense. If your organization is large enough, you can have these skills on staff. If not, you can bring in experts to help. Either way, we recommend working with a security vendor to help you through the process. If you are looking for help, you can find a local resource from a trusted source.
It is not as bad as it may sound. Just because your network has eight different atomic segments does not mean you need eight security gateway appliances. Depending on your business, you can consolidate multiple enforcement points into a single security gateway appliance at each site.
We might also recommend virtual security gateways on parts of your network. Security virtualization simplifies management by using a single appliance to manage multiple sites. A virtual system can support a single or multiple enforcement points and its controls can be deployed and managed jointly or independently.
Your company network has many options between co-located, distributed site, mobile and cloud-based resources. Similarly, there are also many security protection choices. We highly recommend talking to an expert to help you navigate through the options and select the best protection for your business.