Microsegmentation solutions can be a market differentiator, helping data centers limit damage in a breach.
For operators of multitenant data centers, the segmentation (or isolation, separation) of computing environments isn’t just important, it’s fundamental to their operating model. If done right, service providers will experience lower costs, operational efficiencies and reduced risk. Additionally, with cutting-edge, software-defined segmentation technology (microsegmentation), there’s an opportunity to drive more core data center services while becoming stickier with customers and establishing new services capabilities and revenue streams. It seems too good to be true . . . but it is. Here’s how.
Let’s start with the essential segmentation requirements, which are often operationally difficult and expensive to achieve. Looking into data center providers’ operational networks, here are a few scenarios where segmentation is needed and, if achieved efficiently, can significantly reduce costs while improving security for themselves and their customers:
The question is how to achieve segmentation most effectively, efficiently and economically. Historically, operators have relied on traditional firewalling or VLANs to separate environments within a multitenant architecture. Implementing and maintaining such measures, however, is arduous, highly manual, time-consuming and costly. Moreover, these techniques are by no means airtight and can leave a substantial amount of attack surface exposed. The efficacy of solutions designed for perimeter defense is particularly problematic within the data center, especially since most of these environments include a variety of virtual machines, hypervisors, containers, and even cloud components, and new workloads dynamically spin up and down automatically.
Internal firewalls are expensive to acquire and complex to set up. They also interfere with the normal flow of traffic, altering patterns and creating circuitous “hairpins” that ultimately impede systems performance. As the industry is learning, firewalls aren’t intended for segmentation within the data center.
One of the most painful challenges when trying to introduce segmentation to an existing, running production environment is that traditional methods require downtime of an application. Downtime for a business-critical application is costly, can only happen at specific-time windows, and oftentimes isn’t possible at all.
An additional challenge worth noting is that creating any internal segmentation requires good knowledge of east-west application dependencies. This insight is usually nonexistent. Without a simple way to map application dependencies it is extremely hard to separate a brownfield environment and it is also very risky.
For all these reasons, operators of shared environments are taking a closer look at …
New Pure Storage EMEA Channel Leader Details Jump from Veritas
Qumulo Confirms Layoffs, Citing Economic Conditions, Reaching Profitability
Images: HPE Discover 2022 Expo Hall Featuring Microsoft, Ingram Micro, VMware
How to Make Embracing Change Part of Your Company Culture
Tetra Defense: Unpatched Systems Behind Costliest Cyberattacks in Q1
HPE Recognizes Partners’ Transformation and Growth with Awards
Veeam Co-Founders Launch Startup Object First with S3-Compatible Storage
Avaya Reshapes Partner Landscape with New Cloud Products for a Hybrid World
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.