Some may think that it is a very big project to start working with cybersecurity and therefore buy a simpler solution instead, with the hope that it will be enough. But that is not what reality looks like – at least not if you want to be secure for real. In order to be sure that your most important information and systems are protected, you must work with network security from the ground up. We tell you how in our blog post!
What is network security?
Network security can be adopted in a number of ways to protect your network, in different parts of the network. As every organisation needs to use the internet and digital services, it is important to set boundaries and to make sure that no malicious content can enter your network – especially if you have sensitive or classified information. It can be physical security where physical components of the network can only be accessed by those who need to access it. Also, there is technical network security where the data and systems on the networks is protected. Lastly, there is administrative security which means that there are policies and processes for e.g. accessing the network.
What is network segmentation?
Network segmentation in data networks means dividing a data network into subnetworks, where each is a network segment. The benefits of such splitting are mainly to improve security and performance.
It is neither practical nor economically justifiable to protect all information in the same way. To safeguard critical information, strict network segmentation must be applied with a combination of physical and logical separation. Physical separation creates security zones deployed on physically different hardware appliances. Logical separation allows different zones or network traffic to be co-allocated on the same hardware or network cable – less obvious and with less confidence in the separation mechanism strength than physical separation.
Why is it important to work with network segmentation?
Why is it so important to divide your networks? The reality is that you cannot protect your entire business from attacks. There is much you can do to counter an attack and to reduce its effects, but there is no 100% protection. What you can do, however, is protect your most valuable assets.
This is where network segmentation becomes relevant. It is basic work that is important to do because it allows you to have different levels of security on different networks and systems. But it is not as complicated as it sounds. We have created a guide to make it as easy as possible:
1. Create a zone model
To structurise the segmentation project, you should create a zone model that defines what types of zones you have and what security and assurance requirements you have for the security functions that separate the zones.
2. Define what should be segmented
Define which system or systems that should be segmented and should thereby be included in the segmentation project. It is very important that the scope of the project is clearly defined and well communicated to everyone involved. Draw a high-level picture of the systems that should be segmented where boundaries to other systems are drawn. Also describe which data flows that will exist in and out of the systems.
3. Perform a security analysis of systems
The systems included in the segmentation project need to be classified according to its sensitivity and criticality. The classification should be performed on an ongoing basis by the organisation, but a security analysis can identify systems and information that have not been classified.
4. Arrange the systems according to the zone model
Place the systems according to the zone model. Placement is based on requirements for security, availability, functionality and operational responsibility. Understanding how the different systems communicate with each other at network level is central. Minimise communication between zones, i.e. across zone boundaries. Monitor information flows between the zones.
5. Implement, test, and put into operation
In order for the segmentation project to go from paper product to reality, various components (applications, firewalls, switches, etc.) will need to be reconfigured and in some cases networks will have to be partially rebuilt. The various security solutions will be configured, tested and put into operation. In this step, the segmentation project risks affecting the ongoing operations due to downtime.
Do you want to know more about how you build your security from the ground up? Do not hesitate to contact us!
