What Is Network Segmentation?
Businesses that offer WiFi to their customers or have sensitive data needs should consider network segmentation as a necessary component of their IT solution.
With network segmentation, your wireless services are separated into different parts, allowing you to better control access and data flow.
Network segmentation splits your wireless services into different segments or subnetworks. By establishing separate networks, you significantly reduce your company’s security risks.
Instead of putting all your corporate and guest traffic on the same WiFi network, segment the activity to keep sensitive data apart from visitors, reduce risk.
When devices are connected to the same network, by default they can “talk” to other devices on the same network. That increases the potential for devices to listen to network traffic without any rules or monitoring in place.
The risk is lower if all the devices on your network are trusted and managed by your company. However, you could have a problem when less trustworthy devices are connected, such as guest and visitor smartphones, legacy computers and servers, or employee personal devices.
How Does Network Segmentation Work?
Network segments are designed with their own hardware and only allow credentialed users to access the services. Rules are built into network configurations to determine how devices on subnetworks can connect with each other.
Network segmentation limits the impact if there is a system intrusion by containing the threat within a subnetwork.
What Does a Typical Segmented Network Look Like?
For many small- and medium-sized businesses, there is only a need for a simple, two-subnetwork structure. A corporate subnetwork would be used for company-owned and -managed devices, providing access to the internal company subnetwork and, through a firewall, to the internet.
A guest subnetwork would be built to provide access to the internet only, also through a firewall. It keeps those guest devices disconnected from the corporate subnetwork from the start. Employee-owned devices can also be connected to a guest subnetwork.
Your business, whether it’s a medical practice, retail operation, auto dealership or professional services firm, may want visitors and guests to have WiFi access. It’s an appreciated service for those who need connectivity and do not want to use up their allotted data. If that service is the expectation or norm, you want to make sure it’s done carefully.
What Are the Security Benefits of Network Segmentation?
Security is the primary reason to choose network segmentation. The benefits are considerable
- Stronger Security Standards. Segmentation allows you to better protect your most sensitive data. With layers of separation among your segmented networks, you’re putting up additional barriers to all users — whether well-intended or not.
- Slowed Access for Attackers. If there is a breach to one segment of your network, it will be more difficult and take more time for the attacker to reach other parts of your system.
- Minimized Threat from Outside Devices. Outside devices may have been hacked for the sole purpose of accessing corporate networks when connected. Often hackers install programs that lie dormant until connected to a wireless network. If compromised guest devices are contained within a subnetwork, the impact is minimal.
- Better Policy Development. Strong network segmentation means your company can better restrict user access. Using a policy of least privilege lets you limit user access to files and systems to only what’s necessary.
- Limited Damage. Network segmentation lets you reduce any damage inflicted by successful attacks. A breach to a single device within a subnetwork will mean less time and money to repair the damage of a widespread, system-wide assault.
- Improved Performance. An added benefit of having segmented networks are the performance gains. With fewer devices on each subnetwork, local traffic is minimized and broadcast traffic can be isolated and prioritized.
What’s Needed to Start Network Segmentation?
If your internal IT staff does not have experience with network configuration, it’s a smart move to work with a local managed services provider to complete the project. Your business should do the following in preparation for a segmentation project:
- Identify your network and data security needs, including the sensitivity of data you use and the business impact of compromised data and system downtime
- Know where the data you want to keep safe is stored and how they could be separated
- Determine who needs access to information on your network and limit access to only what is necessary by department or role
- Identify those who will be responsible for monitoring and maintaining your network. A managed IT services company can do both remotely with net-generation firewall solutions
Network segmentation is a strategic move to keep data protected and accessible only by those who need it.
Mike Bowe | Published on August 28, 2019