Maksim Kabakou - Fotolia
Segregation of IT environments is a conventional technique, but one that remains just as relevant in today’s context, as organisations seek to limit intruders’ ability to move across the network easily and reach their target information or system. As organisations move to the cloud and coexist within the same environment, proper segregation is vital – the tools and techniques to accomplish this will vary according to the cloud service model.
Yet many organisations still have a flat network, which can be of tremendous benefit to cyber attackers who have successfully gained access to a system, allowing them to move laterally at will and get to whatever they require to compromise and exploit information. A flat network does not just provide opportunities for malicious intruders, it can also enable accidental or negligent behaviour by insiders because it permits anyone to get to anything internally.
Segregation serves as an obstacle, which makes lateral movement difficult and isolates security issues. Whether it be a malicious attack or technical fault, proper segregation of IT environments can limit the spread to other internal areas, reducing the potential impact.
It also gives organisations greater control over what is happening on their network by providing a means to dictate what can occur within a given environment – for instance, controlling access to a given segment of the network or whitelisting to allow only trusted traffic to connect. A further advantage of segregation is that it allows logs to be gathered from more systems, enriching the data received by a security operations centre (SOC) to improve security monitoring.
As with most mechanisms that bring security benefits, segregation is a project that demands time, money and effort. The overhead of managing different environments can be high because of the number of components required to replicate environments or split up the network into segments. To add to the complexity, each segment must be controlled by an access control list and permissions, for example via firewalls, routers and switches.
For segregation to succeed, it must be approached in a coherent manner and implemented properly, so that segregation cannot be bypassed internally, such as by creating multiple rules to change a firewall configuration so it ceases to have the desired effect. This requires segregation to be supported by strict policies, procedures and processes.
There are several ways to segregate IT environments. At the bare minimum, organisations should have production and non-production/development environments, ideally supported by an internal testing environment and potentially also a user acceptance testing (UAT) environment. This segregation ensures that new systems are built correctly, and vulnerabilities are detected before a system goes live.
Read more from Computer Weekly’s Security Think Tank about the security benefits and challenges of segregating IT environments
Even at this basic level, the complexity is apparent, with up to four different environments requiring identical hardware with the same specifications, running the same level of software. Any slight variance, such as a single change in one chip on one board in a server, can introduce a potential vulnerability. Given the rate at which suppliers update or change their hardware, ensuring consistency across environments is no small task.
At the network level, segregation involves partitioning the network into smaller segments according to physical areas, business groups or systems – exactly how the network is split will depend on how complex and dynamic it is. Regardless of the how segmentation is accomplished, it requires careful management, informed by an understanding of how the business is set up, how systems perform and interact, and the access required by users. It can be difficult to retrofit existing infrastructure, so, ideally, segmentation should be set up correctly in the first place.
As organisations seek greater confidence in their security, segregating IT environments should be high on their agenda. By limiting communication across the network and denying access to segments for unauthorised users, segregation is as an effective means of limiting the movement of attackers who have gained a foothold into the network. The greater the level of segregation, the more complex it is to manage – but, equally, the more secure it is.