Commentary|JENNIFER NAPPER AND TOM PATTERSON
JENNIFER NAPPER is group vice president for the Department of Defense and Intelligence group at Unisys Federal. TOM PATTERSON is chief trust officer at Unisys.
Dispelling the myth of ‘perfect’ security
A new approach called micro-segmentation is easy to deploy, requires fewer security resources and could be the key to streamlining risk management
Because governments are the most- attacked organizations in the world, there has been broad recognition that the old approaches to security, based on the impossible premise that security must be perfect, aren’t working, and a new approach, based on the premise that security doesn’t have to be perfect to still be successful, is needed.
The Defense Department in par- ticular has depended on physical segmentation to protect itself. DOD workers often have multiple work- stations on their desks — one for each level of sensitivity of data they access. A workstation for highly sensitive data is physically isolated from networks used by a broader base of users. Although such an approach was useful in the past,
it has become cumbersome and expensive. And it blocks the use of efficient new technologies such as mobile and cloud.
Enter micro-segmentation, a new approach to security that uses soft- ware to create a series of crypto- graphically smaller networks much as we used to do by housing them in separate buildings or boxes.
The identity-driven solution allows administrators to create smaller and smaller “communities of interest” — groups of people who need to access and share specific types of information for short or extended periods of time.
For instance, a segment of
users established to access human resources data could be further seg- mented to restrict access to data on
U.S-based employees. It could then be further segmented for access only to information on employees based in a particular U.S. state. And so on.
By enforcing segmentation with encryption at the packet level, we can ensure that those outside a given micro-segment cannot access it or even see that it exists.
If adversaries are able to infiltrate a micro-segment — as they inevi-
When bad actors find their way in, their access is limited to a small segment of the organization’s data.
tably will — the damage would be contained to that small part of the organization. Adversaries would
be unable to move laterally and attack other segments. That breaks the “kill chain” and could mean the difference between a manageable incident and a national catastrophe.
The micro-segmentation approach offers numerous advan- tages for DOD agencies, which must respond to constantly chang- ing mission requirements and conditions.
Think about the following scenar- io, for example: The White House authorizes a joint military opera- tion with Russia in Syria. Military
leaders are told only hours ahead of time that they must have the capa- bility to share critical data with Rus- sian forces, but only for the one-day duration of the mission.
A software-based micro-segmen- tation approach would allow them to set up identity-based communi- ties of interest quickly and effi- ciently, and then just as easily pull the plug when the mission has been completed.
And the benefits extend beyond DOD. In the case of a natural disas- ter, an agency could create a micro- segment that includes its own first responders and those from civilian rescue agencies, local governments and medical facilities. When the operation is over, the community of interest can be terminated.
Aside from the security benefits, the approach saves money by elimi- nating the need for separate net- works, infrastructure and hardware. It can also mitigate insider threats by ensuring that employees’ access to data and systems is restricted
to the communities of interest to which they belong.
Micro-segmentation will not eliminate the threat of cyberat- tacks, but it will ensure that when bad actors find their way in, their access is limited to a small segment of the organization’s data. And that can keep a problematic incident from becoming a headline-grabbing catastrophe.
In other words, micro-segmen- tation is built for today’s environ- ments — and tomorrow’s. n
12 August 15, 2016 FCW.COM