Labeling of assets is critical along with a comprehensive understanding of the applications relationships and dependencies.
In HP Enterprise's article on microsegmentation they said:
The smaller the segments, the more likely that security policies and controls can break normal interactions. So it's crucial to first get a lay of the land through a robust discovery process that uncovers what devices and applications are running on the network and then maps their data and traffic flows.
At a recent lunch with a network architect, he related how they had bought and implemented all the hardware for microsegmentation. But nobody would step up to the "robust discovery process" necessary. The microsegmentation capabilities of the equipment were never implemented. Eventually their hardware's capacity was exceeded and they were replaced.
What a shame.
Make sure that your microsegmentation project has not only the financial capital but the political capital to succeed.
No comments:
Post a Comment