Governance & Risk Management , Video , Zero Trust
Know Your Business Context Before Trying Microsegmentation
Hudl's CISO on Why Microsegmentation Isn't for Everyone on the Path to Zero TrustMicrosegmentation is a fundamental approach to achieving a mature zero-trust-guided strategy. But before tackling the complex job of microsegmenting infrastructure, IT teams must understand the business context and criticality of the data, said Robert LaMagna-Reiter, vice president of information security and compliance and CISO at sports software firm Hudl.
See Also: Cloud Security and Developers: Role of Zero Standing Privilege
"Microsegmentation is aimed at supporting zero trust by limiting what assets, data, services, machines and accounts can and should be accessed with other portions of your business," said LaMagna-Reiter.
It is a complex process, he said, and organizations need to decide whether it is worth the complexity.
"Without that business context or that data criticality context, you're not 100% sure how far down the microsegmentation path you should go."
"The flip side is: Once you determine how granular you want to get, you need to have a good process or policy for writing the technical policies or the enforcement policies that are going to be allowing that communication in your network," he said.
In this video interview with Information Security Media Group, LaMagna-Reiter discussed:
- How to know when to move forward with microsegmentation;
- The technical challenges of microsegmentation;
- Recommendations for best practices;
LaMagna-Reiter leads information security strategies and risk management, architecture and engineering, operations and compliance, privacy and IT governance at Hudl. He has more than 18 years of experience in the transportation, government communications, retail, e-commerce, managed services and SaaS industries. He also serves as zero trust initiative leader for the CyberTheory Institute and is a member of the CyberEdBoard.