What is network segmentation? According to the dictionary definition we all know, network segmentation or V-LANs is what divides a computer network into smaller parts to improve network performance and security.
Segmentation controls how traffic flows between parts, being able to choose to prevent all traffic from one part from reaching another or to limit the flow by type of traffic, source, and destination. We call how you decide to segment a network segmentation policy.
But do you know how segmentation works?
A few days ago, I heard an explanation that I found impressive. Imagine if a large bank with several branches had a security policy restricting employee access to the financial reporting system.
After all, you don’t want your customer service employees snooping around your business’s accounting and financial side.
You can enforce this security policy through network segmentation by preventing branch office traffic from reaching the financial system. By reducing overall network traffic, you can even improve the performance of the financial system for your company’s analysts who use it.
Some traditional technologies help enforce this segmentation policy, such as the famous internal firewalls, access control list (ACL), and virtual local area network (VLAN) configurations on network equipment.
The main benefits of network segmentation are that it improves operational performance by reducing network congestion, which could be highly beneficial for a hospital that would like to segment its visitor network to prevent medical devices from being affected by the web browsing of the patients’ families.
In addition, it can limit the damage of cyber-attacks by limiting how far an attack can spread, preventing malware that has infected one section from affecting the entire system; and it prevents harmful traffic from reaching unprotected devices, as well as reducing the scope of compliance by separating systems that process payments from those that do not.
Security is not the only reason you would want to segment a network, for example, if you have a reasonably large video surveillance system with several dozen cameras. Each one of these cameras will constantly be streaming between two and 12 megabytes per second. This would be the equivalent of everyone leaving the office at 5:00 PM and getting stuck in traffic. However, segmenting the network off and creating a segment for the cameras gives them a dedicated lane and allows you to take the express lane saving you time.
That is why network segmentation is so necessary for the growth of businesses without suffering significant congestion and vulnerabilities in their systems.
If you are having trouble with your network, please don’t hesitate to reach out. We’d be happy to run some site diagnostics and a plan to improve your network and security.