Mistake #4: Underestimating the Scope of Your Segmentation Needs


The world’s leading technology research and advisory company, Gartner, Inc. recently reported a rise of 31 percent in connected “things” worldwide from 2016 to 2017, which amounts to nearly 8.4 billion connected things last year.

Expansion isn’t slowing down either, as demonstrated by another report from online statistics and business intelligence portal, Statista that says the number of connected things will reach 31 billion worldwide by 2020. At that rate, it seems as if the Internet of Things (IoT) is accelerating faster than an Olympic skeleton racer on a gold medal run (usually clocked somewhere in the range of 85 m.p.h.)

Here’s another thing IoT has in common with Olympic skeleton racing: They’re both tremendously exposed!

Sure, Olympic skeleton competitors go flying out of a shoot made of solid ice with nothing more than a helmet on, at speeds that humans weren’t meant to travel without the safety benefit of seat belts and multiple air-bags. Truthfully, it makes drag racing during rush hour in Los Angeles look like getting on the merry-go-round with your three-year-old at the zoo.

However, leaving various IoT end-points unprotected as part of your business network is just as dangerous in a different way. Rather than risking severe bodily injury … or worse (that helmet isn’t going help if you go careening out of control off a corner of ice), you risk network intrusion and potentially catastrophic downtime.

Given its current rate of expansion, it’s only natural to realize that most organizations underestimate the scope of their segmentation needs, falsely assuming that the largest attack vectors are virtual machines, and forgetting the need to include other such networked things like:

  • HVAC systems
  • IP cameras
  • IoT nodes
  • ICS and SCADA systems
  • POS systems
  • End-user devices
  • Vending machines

As you can see, there’s so much more that needs to be considered when evaluating a segmentation solution. If all networked things aren’t considered, you’ll achieve nothing more than a false sense of security with an abundance of exposed loopholes that will continue to cost exponential resources in time, money, and lost productivity.

How to avoid this mistake

Avoiding the mistake of underestimating the scope of segmentation needs isn’t going to be easy. A good place to start is a simple audit of all the potential things that could be connected to your network and what mediums they use to make those connections. Conduct your audit with the following questions:

  • What categories of things need to be segmented on the corporate network?
  • What environments need to be supported?
  • What mediums (e.g., Cellular, Wi-Fi, Radio, Ethernet, etc.) need to be supported?
  • What virtual environments (e.g., VMware, Microsoft, KVM/OpenStack, etc.) need to be supported?
  • What end-user systems (e.g., Windows, Mac, Android, iOS, etc.) need to be supported?
  • What servers (e.g., CentOS, Windows, RHEL, Ubuntu, etc.) need to be supported?
  • What public clouds (e.g., AWS, Azure, Google, etc.) need to be supported?

Getting answers to those questions should give you an accurate idea for the real scope of your organization’s segmentation needs. Then, you’ll be ready to begin the process of finding potential solutions that meet those needs for your project.

A well-Tempered solution

To match the speed of exponential growth in IoT, you need a segmentation solution that comprehensively addresses the entire architecture of your network including all devices, networks, and environments.

Identity Defined Networking (IDN) with the revolutionary Host Identity Protocol (HIP) can provide the well-Tempered solution to micro-segmentation you’re looking for. Our version of micro-segmentation offers unprecedented security, connectivity, and mobility you can’t find anywhere else.

Read our Guide “5 Common Micro-Segmentation Mistakes and How to Avoid Them” for starters, or Contact us at Tempered Networks today for a no obligation consultation and a demo. Don’t leave your network and ‘things’ exposed to the cold, harsh elements and potentially catastrophic results of a security breach.

Continue reading...

Wednesday, February 28, 2018 By Erik Giesa