How to make micro segmentation work

Similar to conventional virtualization, there are many ways to implement network micro segmentation. In most scenarios, the existing protection mechanisms and legacy infrastructure are augmented systematically with new technologies, which include virtual firewalls and software defined networking. When it comes to adoption of micro segmentation technology, there are three major considerations involved.

Visibility is the first thing to be considered. 

Potential adopters need to thoroughly understand communication patterns and network traffic flow within, from, and to the data center. Next, use a zero-trust approach to implement security policies and rules. This is a complete lock down of communications. Throughout the deployment of micro segmentation, zero-trust policies should be followed. Across the network, communication should be only allowed carefully using the results of previous analysis. It is the best practice for anyone who wants to ensure application security and connectivity.

The process is to be repeated regularly. Distilling rules and analyzing traffic is not a deployment effort that is done once. It needs to be a continuous activity that has to be done often to make sure policies and workloads do not change suddenly and any current analytical results can be used to effectively tune micro segmentation rules. Current analytical results may come from changes in traffic patterns or new applications. All these are consideration putting an emphasis on the choice of tools and hypervisor used in micro segmentation facilitation.