As cyber threats grow more pronounced, an increasing number of companies are adopting three M’s as their security mantra: micro-segmentation, micro-virtualization and micro-privileges. All three of these approaches promise greater protection for safeguarding computer networks, defending data and providing more secure access to users. Instead of just making existing safety barriers stronger, these three IT strategies reimagine those barriers to make them smarter and more adaptive.
Here is an overview of the three M’s.
Traditionally, a network was treated like a castle and protection was envisioned as the high, stone walls and the moat. As threats became more common and more sophisticated, IT departments built taller, thicker walls and wider moats. Today, this type of thinking is considered outdated — what’s necessary isn’t just better protections, but more castles, each with their own defenses.
Micro-segmentation is an approach that breaks up networks into a collection of smaller but robust networks. It represents new thinking about the way networks are structured, and provides finely-grained security control over how information is processed and even stored in the data center. The network is highly adaptive, so threats can be identified and squashed rapidly.
Micro-virtualization puts walls between the different tasks handled on a personal computer, allowing each one access to the operating system while preventing one task from interfering with another. This level of virtualization is very finely controlled — for example, each tab in a window is processed as a separate task—which prevents a cyber attack in one area from affecting the entire computer or network. These computing instances are kept separate by a hypervisor, which monitors activity and controls the connection between tasks and the operating system and processor.
Today, privileges to access information or conduct tasks are usually assigned by function or employment level. Micro-privileges fine-tune that approach even further, so that privileges are provided to small groups or individuals. People can only see and use the information that pertains specifically to their job duties. This way, if a user account is compromised, the risk of damage by malicious parties is reduced.
Counterintuitively, people at the top of the organizational chart should have the least access to information in a micro-privileges environment. That’s because they are the people most likely to be targeted by cybercriminals, so providing them with unfettered access to all information opens up the possibility of large breaches and harmful activity.