APAC organisations warm to microsegmentation

Nearly two-thirds of organisations in the Asia-Pacific (APAC) region see microsegmentation as a way to protect their IT assets, but just over a third have done so for more than two business critical areas, underscoring the challenges with deploying the technology.

That is according to Akamai’s The state of segmentation 2023 report, which noted that 43% of organisations in the region lacked the skills and experience needed to deploy microsegmentation – the highest among all regions surveyed.

This was followed by compliance requirements (42%) and increased performance bottlenecks (40%). Almost all of those surveyed, no matter the sector, industry, or country, reported the same obstacles to slightly different extents.

Microsegmentation is an emerging security practice that breaks up networks into parts and implements granular security policies and controls for individual workloads, applications, and tasks.

Unlike network segmentation, which requires hardware and is geared towards securing north-south traffic between datacentres, microsegmentation relies on software and is aimed at securing data flows between applications and restricting a threat actor’s lateral movement within a network.

According to Akamai’s report, organisations that implemented a microsegmentation strategy across six mission-critical areas reported recovering from an attack in an average of only four hours. This was 11 hours faster than those that had only segmented across one critical area.

Noting that cyber criminals in APAC are always shifting tactics and improving their tools to breach organisations, Dean Houari, director of security technology and strategy at Akamai for the region, said microsegmentation – and a broader zero-trust strategy – is the only effective way to mitigate cyber threats such as ransomware.

A separate study by Illumio also found that global organisations with dedicated microsegmentation technology were less likely to have suffered a cloud breach in the past year. In Australia, 98% of IT and security decision makers believe that segmentation of critical assets is a necessary step to secure cloud-based projects.

John Kindervag, chief evangelist at Illumio, said because cloud environments are dynamic and interconnected, they are increasingly challenging for security teams to navigate with legacy solutions.

“Organisations need modern security approaches that offer them real-time visibility and containment by default to mitigate risk and optimise opportunities afforded by the cloud,” he said, adding that he was optimistic that security teams are prioritising improving cloud security and viewing segmentation as an essential piece of their zero-trust journey.