Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

The Need for User Segmentation in the Data Center

Data Center Security

“I trust everyone. It’s the devil inside them I don’t trust.” – Stella, The Italian Job

Data Center Security

“I trust everyone. It’s the devil inside them I don’t trust.” – Stella, The Italian Job

In the world of cybersecurity, most breaches bear some resemblance to classic heist movies. The heist genre has a storied tradition: the plot lines explore the point and counterpoint of the intelligence and resources, respectively, of the attackers and the defenders. The inside man (insider knowledge) plays a critical role in designing the big caper. Re-watch Oceans 11 or The Italian Job and notice how this plays out.

Bank robberies, though, are petty crimes compared to cybercrime. Bank robberies have accounted for tens of millions of dollars of losses in recent years. Cybercrime accounts for hundreds of billions of annual losses. Indeed, the number of bank robberies dropped dramatically between the 1970s and the past five years, to the tune of over 2/3 in losses and over 50 percent in actual robberies. The stakes for cybercrime are unfortunately expected to rise to $2 trillion by 2020. $2 trillion.

In the cyber world, the playing field between defenders and attackers must change. In Oceans 11, the gang of thieves execute a careful plan including rehearsing the penetration of a casino vault with an actual vault. They execute an equally well-conceived scheme to remove the money through a ruse. Remember Danny Ocean and his gang simply slipping into the Las Vegas night at the conclusion? Easy peasy.

Increasingly, security teams must pay attention to both the infiltration and exfiltration of data center applications. And they have to look at the inside man. Perimeter technologies inspect inbound and outbound traffic to the data center vault but have no idea what is happening inside. They are the casino security at the front door.

Micro-segmentation approaches play an important role in reducing the attack surface, the points of infiltration in the heart of the data center. By governing the traffic among servers, they reduce the risk of bad actors.

Advertisement. Scroll to continue reading.

But what about the inside man?

For security professionals, the devices that connect into data center applications, including PCs and smartphones, represent the other half the cyber question—and one of the largest risk vectors to protecting computing assets. While identity and access capabilities such as Microsoft Active Directory can dictate the applications where are user can login, they do not dictate the applications to which you can connect (think should rather than can).

To illustrate, imagine a VDI desktop connecting to applications in a data center. The Group Policy might allow the user to log in to applications A, B and C. However, it does not govern them trying to connect to applications D, E and F. The VDI desktop is like a person on a hotel elevator. The elevator will take you to any floor in the hotel, even if your key card will only open your room on your floor. If you can get to any floor and any door, you can try to get in. So from a connectivity point of view, even a contractor (or worse, a stolen laptop) that only has the ability to log in to one application can see many others. A really good key card will only let you get off at your floor as well as only open your door.

To reduce the risk of the inside man, security professionals must add a new layer of segmentation to the security strategy: user segmentation. Rather than think about segmentation as a binary barrier governed by the infrastructure, think about it as an adaptive set of capabilities to protect different needs:

Macro-segmentation: Separating trusted and untrusted environments such as the Internet and your data center, or development and production environments

Micro-segmentation: “Ringfencing” or isolating application traffic to a specific set of servers

User segmentation: Governing which applications a user or group of users can physically connect to in the data center

The increasing segmentation and isolation of applications and application components deep inside the data center and the cloud is today’s most powerful defense against cyber incursions. It is what presents the greatest potential of reversing the ground game between defenders and attackers.

At the perimeter, the defender is totally at the mercy of the attacker: the attacker only has to foil the defender once and they are in.

In a well-segmented and protected data center interior, however, the attacker only has to slip up once to be caught. In building a data center or cloud security strategy, IT professionals must be equally vigilant protecting against the inside man as protecting the vaults.

Written By

Alan has been a successful entre­pre­neur, technology executive, and board member for over 25 years for a range of iconic companies, including DCVC-backed Illumio, Nicira (acquired by VMware), Airespace (acquired by Cisco), Cisco (where he led the $25 billion enterprise marketing and solutions orga­ni­za­tion), General Growth Properties, and IBM. He has authored over 200 articles, undertaken over 1,000 press interviews, and delivered over 100 keynotes at industry conferences. He received a bachelor’s degree in English from SUNY Buffalo, a master’s degree in English from the University of Vermont, a master’s degree in inter­na­tional affairs and economics from the American University School of Inter­na­tional Service, and an MBA from New York University.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.