Thursday, September 19, 2019
Mistake #2: Attempting to Use VLANs as a Solution
When it comes to micro-segmentation for your networks, think of it this way:
“You can do this the easy way, or you can do it the hard way.”
Attempting to use Virtual Local Area Networks (VLAN) as your model for micro-segmentation is definitely the hard way, and the reason for that can be summed up in one word—complexity.
The Hard Way
VLANs can do an admirable job in sectioning off a flat network into segments. This would be a prime example of segmentation, which I explained in the first blog of this series: Confusing Segmentation with Micro-Segmentation.
Initially, this seems like a workable solution for many IT teams. After all, it’s easy enough to set up… once, twice, or even several times. The problem surfaces when systems administrators realize to create a properly secured environment, capable of counteracting the relentless pursuit of hackers worldwide, hundreds or even thousands of distributed physical and virtual switches will be required.
When that happens, IT professionals usually realize that their dreams of using a simple network construct—such as the VLAN—to effectively micro-segment their network has just become overwhelmingly complex and totally unmanageable. This is a perfect example of how a project with perfectly good intentions (and even initial positive results), can go horribly wrong.
One customer who attempted such a situation expressed it this way:
“All we did was transfer the VLAN problem from one domain to another. It was still too complex.” A better way to connect and protect a modern networking environment that meets the needs of today’s security standards, scalability, and performance is needed.
The Easy Way
IDN is networking based on identity, rather than IP address, which is a key differentiator. Addresses can be easily spoofed by anyone attempting to intrude on your network and steal data, cause downtime, or just be a big pain in the neck for your IT team to handle. Communication and access is no longer tethered and affected by changing IP addresses, so connecting, moving, or revoking a system's access with others in the same network or across many different networks is simple, fast, and radically secure.
This creates an environment that is not just segmented for security, it’s micro-segmented right down to the device level—with point-and-click ease.
The result from implementing our identity-based model is not only ironclad security, it also features supreme ease-of-use and unbridled mobility and flexibility. It’s the very antithesis of complexity because it eliminates the need to add countess switches, endless firewalls, and infinite policies and patches.
Think of the resources that can be saved by using “the easy way” to micro-segmentation. A well-tempered solution is cost-effective, scalable, and equally compatible with legacy systems as it is a state-of-the-art environment. Beyond that, there’s no need to add headcount in the form of IT experts to manage a network bursting with layers upon layers of headache-inducing rules and restrictions.
For more information on how Tempered Networks can help your company avoid this costly and time-consuming micro-segmentation mistake, request a fee demo today or call us at (206) 452-5500. We can set up an identity-defined solution to eliminate all the faults and failures of overwhelming VLAN complexity