Segmentation: The Next Frontier for Cybersecurity

With National Cyber Security Awareness Month coming to a close, it’s a good time to look ahead to the future. At Forcepoint™, we firmly believe that the future is now, with network segmentation leading the way.

Simply stated, network segmentation is described as the act of physically separating computer networks, so that each network is visible only to users who have the appropriate access rights and is not visible to unauthorized users. In stark contrast to their experiences with easy-to-penetrate flat networks, adversaries who compromise segmented enterprises find themselves running into a series of “locked doors” that present increasingly more secure barriers, with the most sensitive and/or valuable data benefiting from the most vigilant defense tools. This doesn’t disrupt business operations either; when multi-level, cross domain and virtual desktop infrastructure solutions are used, authorized users can work with role-relevant information and securely transfer data as their job requires.

The approach is gaining ground, but more so as a concept than a practice: three-quarters of IT professionals strongly agree that end-to-end segmentation has emerged as an essential security measure, according to recent survey research from VeraQuest. Only 23 percent, however, said their organization is actually implementing end-to-end segmentation.

What’s stopping them? More than one-third of IT professionals feel that network segmentation is too complex, while 29 percent said they don’t have the resources to implement it. Meanwhile, 22 percent of survey respondents said they didn’t realize that network segmentation was possible.

The latter finding surprises us the most: not only is network segmentation possible – it is happening. We should know, because Forcepoint has worked closely with members of the Department of Defense (DoD) and the Intelligence Community (IC), as well as those managing critical infrastructures, to adopt it. We are helping them physically separate networks and data without disrupting user productivity. As a result, private companies within industries such as finance, retail, manufacturing, healthcare, education, etc. do not have to “reinvent the wheel” to take advantage of ongoing innovations in segmentation. The solutions already exist. They are available – right now. They are also accredited, widely deployed and proven at the highest levels of DoD, IC and Civilian agencies.

Network segmentation once amounted to an onerous task. The need for separate physical endpoints to access separate networks required a significant amount of hardware and maintenance overhead. In addition, users found it burdensome.

Fortunately for our customers, this is no longer the case. Thanks to continuing advancements in virtualization and secure redisplay technologies, cross domain solutions eliminate the heavy lifting here. Our cross domain solutions allow for the secure simultaneous access to multiple networks from a single endpoint, for example, if a user is authorized to access 5 networks, without a cross domain access solution in place 5 separate endpoint devices are required; with a cross domain solution in use only one endpoint device is needed. Users of different clearances can immediately and safely retrieve and share documents, videos and other files between networks, with seamless integration from a single endpoint. Their agencies no longer need to acquire multiple machines or switching mechanisms to permit users from a wide range of clearances to access information and securely collaborate.

The National Institute of Standards and Technology’s Commission on Enhancing National Cybersecurity recently issued a Request for Information (RFI) in the interest of bolstering a partnership between the public and commercial sectors, to encourage the development and adoption of emerging cybersecurity innovations for governments, critical infrastructures and private companies. Upon reviewing this RFI, our government team was quick to respond on the topic area of Critical Infrastructure Cybersecurity. It was an excellent opportunity to demonstrate that Forcepoint is already forging such a partnership, by showing how we are helping our customers implement network segmentation today and that it isn’t some kind of ideal or unobtainable concept. In fact, network segmentation should become a security best practice.

It is a reality – and a badly needed one in an age when every organization should expect to suffer from a cyber attack. By effectively separating networks, and the data that resides on those networks, you dramatically reduce the potential for damage. Hackers will find themselves confined to one place without the freedom to roam unencumbered like they do in flat networks. The future is, indeed, now and if you’re not investing in these solutions, you’ll risk getting left behind.