As point-of-sale breaches, ransomware attacks and various other customer data breaches continue to make local and national headlines, IT professionals agree that network segmentation – the ability to create secure, network-wide “swim lanes” for applications or services – is an essential measure to mitigate security risks. However, new research from VeraQuest Research, indicates that few companies actually employ an end-to-end segmentation strategy with only one in four respondents believing they do.
Ongoing security breach headlines serve as perpetual wakeup calls for businesses to implement effective strategies to reduce their exposure.
One strategy in particular – end-to-end network segmentation – was cited by 400 IT professionals in the U.S. as an essential security measure. Yet, only 23% of respondents said they believe they currently deploy such a strategy, and nearly as many (22%) didn’t even know it was possible.
The top reasons cited for not having a network segmenting strategy were: too complex (35%), too resource intensive (29%), and too risky to deploy (22%).
The dilemma that most companies face is that while a majority of security spending is directed towards a rigid network perimeter, this traditional perimeter has morphed into an “everywhere perimeter” due to cloud computing, outsourcing, and BYOD technology.
Without proper controls, a breach of one device could provide a hacker with the virtual keys to the castle. As such, all entry points are of some concern to the IT professionals surveyed in the study, but three areas are perceived to be the greatest entry-point threats into their organization: employee email (50%), wireless connections (50%), and employee devices (46%).
A proper end-to-end network segmentation deployment is a foundational measure to address the fluid characteristics of an everywhere perimeter. Unlike traditional technologies that may not extend network wide and are onerous to deploy, end-to-end segmentation natively extends from the data center to the desktop while reducing complexity and operational burden.
Network-wide segments are seamless and are created with simplified configuration commands on an edge device, which enables organizations to add new services or make changes to existing services in minutes rather than days, weeks, or months.
“End-to-end network segmentation has been possible for some time; however, the likely reason that most organizations have not implemented is that its arduous nature made it impractical,” says Mike Fratto, Research Director, Business Technology and Software, Current Analysis.