In our last blog, I shared what secure micro-segmentation is and how it not only protects your data center and cloud, but also saves you a bunch of money – win, win for any organization. As promised, today we will go into detail on the first cost saving benefit of micro-segmentation: eliminating under-utilized zones and choke points that often come with security siloes broken up by data center firewalls.
Challenges of zones
To meet the demands of auditors and their risk teams, security and infrastructure operators must separate regulated versus non-regulated workloads. For example, in retailers and banks, this means PCI vs. non-PCI cannot co-mingle or in healthcare organizations, HIPAA vs. non-HIPAA data. Traditionally, network security teams have accomplished this by constructing many different data center siloes with individual security appliances at the edge of each zone. To actually protect all the traffic and meet compliance standards, operators must architect their data center to push all internal traffic through that single choke point for inspection and enforcement… an outdated perimeter model that is difficult to scale.
Up until recently, zones separated by firewalls were their only option, as they did not have a way to provide separation for workloads with their own set of unique needs. This means that, with the ongoing adoption of virtualization, operators are unable to dynamically share virtualized and cloud resources across separate zones for workloads of differing security levels – one of the primary benefits of cloud computing. Instead, these “choke points” slow down performance and increase the amount of resources needed to operate data center zones, which are built for peak demand, but often end up dramatically under-utilized. So, operators had to sacrifice efficiency and OpEx to please auditors… and avoid potential fines.
Real world example: Online retailer during holiday season
For example, online retailers with PCI audit requirements must build zones separated by security appliances for their in-scope vs. non-scope PCI assets. This requires high-performance hardware that can support peaks in traffic volume over the crazed holiday season – with retail website visits topping about 700 million visits on Black Friday and Cyber Monday vs. 450 million visits on normal days*. Preparing for these peaks results in wasted resources the rest of the days of the year that cannot be reallocated to clusters in another zone, without risking non-compliance.
Solution? Use secure micro-segmentation instead
Instead of being reliant on physical appliances, secure micro-segmentation uses software to abstract security from underlying infrastructure, enforcing policies independent from physical location. Workloads are separated using security policy groups and are protected with advanced, application-layer controls… no hardware separation required.
By consolidating these individual zones and creating a single, secure shared resource pool that uses software to separate assets, operators – and their entire organization – will gain:
- Increased consolidation: Single resource pool means no more under-utilized data center clusters separated by DMZs for security or compliance – sharing (resources) is caring!
- Reduced OpEx: Use resources more efficiently AND lower data center operations costs (i.e. management, heating, cooling).
- Reduced CapEx: Flatten network architectures and remove the need for expensive, high-performance firewalls to manage traffic peaks.
- Improved performance: Security processing is distributed locally, eliminating choke points that slow your network down… and get your end users complaining about network speeds.
Not sold yet on the cost benefits of secure micro-segmentation? Come back to read next week’s blog on how it can help you avoid the expensive hardware refresh cycles every security and infrastructure team looks forward to every 3-5 years…
But, if you’re ready to learn all 5 right now, download our eBook: 5 Ways Secure Micro-Segmentation Saves You Money.
*comScore, Customer Solutions Data, December 2015