Forrester’s best practices for zero-trust microsegmentation

by | Jul 20, 2022 | Technology

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Most microsegmentation projects fail for various reasons, including over-optimistic planning, improper execution, analysis paralysis, lack of a nontechnical business driver, and more. Forrester’s recent report, Best Practices For Zero Trust Microsegmentation [$], explains why most zero-trust microsegmentation projects are failing today and what CISOs, CIOs and their teams can do to improve their odds of success. 

Microsegmentation is one of the core components of zero trust, based on the NIST SP 800-207 Zero Trust Architecture. Network segmentation segregates and isolates segments in an enterprise network to reduce attack surfaces and limit the lateral movement of attackers on a corporate network.

Why many microsegmentation projects fail 

Of 14 microsegmentation vendors referenced in the report who tried to secure their private networks with limited segmentation, or by adopting a network access control (NAC) solution, 11 failed. 

The report explains why on-premises networks are the hardest operational domains to secure, and how implicit trust makes a typical greenfield IP network especially vulnerable to attack. And now, with more people in virtual workforces than ever before, the increased prevalence of dynamic host configuration protocol (DHCP) has made these networks even more insecure. 

Implicit trust also permeates many on-premises private networks, making them especially vulnerable to ransomware attacks. In addition, according to the Forrester study, IT and security teams are finding that taking a manual approach to advanced network segmentation is beyond their capability.  

As a result, most enterprises have a limited understanding and visibility of their network topology and rely on spreadsheets to track which assets are on the network. “The lack of visibility is a common theme for many organizations with an on-premises network. Most organizations don’t understand where their high-value data is and how it moves around. And the vast majority of organizations we talk to do not do sufficient data discovery and classification, both of which are needed to some extent for a proper microsegmentation project. Just knowing what data you have and where it lives is a hard problem to solve,” David Holmes, senior analyst at Forrester and author of the report, told VentureBeat. 

Because IT and secur …

Article Attribution | Read More at Article Source

Share This