Are we missing the macro view on microsegmentation?

Are we missing the macro view on microsegmentation?

December 14, 2020 - Microsegmentation is not new. However, with the growth of data centers and cloud environments, its focus on securing workloads is a new development growing in significance. This market enjoyed growth in spite of relatively low vendor marketing investment, driven initially by Forrester’s push for a Zero Trust posture, and subsequently by Cisco and VMware for software-based network security. Inevitably, this has also resulted in the dilution of market awareness of its core value proposition today and potential disruption in the cyber value chain.

The problem that’s critical, urgent and complex
The perennial problem is you can’t protect what you can’t see and with cloud migration, enterprise assets and their consumption are no longer visible to cyber solutions built for static locations behind fixed and known perimeters. Workloads have become mobile and dynamic, residing in multi-locations from on premise to multi and hybrid cloud environments. With the widening threat surface from cloud’s hyper growth, the critical gap of protecting an enterprise’s crown jewels has drawn increasing regulatory attention for stronger risk management measures. The complexity of managing this presents itself on a few fronts. Enterprises which have reacted to the tyranny of the urgent have adopted multiple point solutions (firewall appliances, VLANs, ACLs, cloud security groups) which adds time and cost in vendor management that impedes business scale. In spite of technology adoption, the processes to implement, change and enforce policies remain inordinately labour intensive across traditionally polarising business stakeholders (IT vs Security), further crippling business agility.

The solution that addresses critical capabilities, complexities and cost
Microsegmentation presents an unencumbered solution with critical capabilities needed to enforce policies in real time for highly granular and dynamic workloads from virtually any location at scale. It’s an OS agnostic, software layer built on top of data centers and cloud, that tracks workloads across bare metals, virtual servers, containers and cloud. Because it’s decoupled from the underling infrastructure with no downtime or changes to applications and network, it eradicates policy implementation and enforcement complexities to offer continuous monitoring in real time and historical views. Built on granular and context aware rules, it creates powerful policies on a single platform to reduce cost of external vendor and internal labour management. But more importantly, it unlocks a competitive advantage with automated, actionable insights that power decision making and business agility to advance needed incident detection and remediation that contain the true cost of a cyber breach in the loss of business and reputation capital.

Point solution to a platform in the cyber defence matrix
Yet, it would be overly simplistic to label microsegmentation’s capabilities to mere asset and workload tagging for visibility and monitoring. Used strategically, it can become a CISO’s Siri to uncover what needs to be protected, what to protect against and what tools to use. Microsegmentation already answers the first as a cornerstone in the cyber defence matrix offering intelligence on enterprise assets that matter (device, network, users, applications and to a less extent, data). This provides telemetry to augment context of upstream threat intelligence solutions to an enterprise and sharpen insights of what it needs to protect against. Similarly, microsegmentation can eventually move downstream to extend contextual insights to protect, detect and respond to cyber incidents, providing CISOs with ROI validation for what tools to use.

What customers will pay for today – disrupting the largest cyber market
What has not gone unnoticed is microsegmentation’s relevance and potential disruptive play across multiple growth market segments from cloud workload protection platform (CWPP), cloud access security brokage (CASB) to untapped big markets like SaaS security, with SaaS spend projected double that of IaaS in 2020 to become the largest public cloud market spend. But what should not go unnoticed is its increasing disruption today into a traditional space which comprises the biggest recurring enterprise cyber spend of $14.7b on firewalls. The market understands firewalls and all CISOs have a budget for firewalls. It may take more investments in marketing and education on software based microsegmentation as a replacement of firewalls but some forward looking startups (with abundant “chutzpah”) have already emerged with intent and capabilities to seize and accelerate this market inflexion point. The next cyber unicorn could very well be a microsegmentation innovation from the startup nation of Israel.

List of companies researched for this article: Guardicore (Israel), Alcide (Israel), Illumino (U.S), Edgework (U.S), ZShield (China), Cloudvisory, acquired by FireEye (U.S), Cisco (U.S), VMWare (U.S).