Traditional network-based segmentation does not work for cloud-native applications, which require a dynamic, policy-driven approach for workload segmentation.
Cloud-native applications are distributed applications and their deployments generate a significantly greater percentage of east-west traffic. This architectural shift has created a larger attack surface area and greater potential for free lateral movement within these application infrastructures.
New microsegmentation technologies are emerging to address this change by automatically discovering endpoints, defining security policies, and applying them dynamically to constantly changing cloud-native application infrastructure.
This paper provides a step-by-step guide for implementing new microsegmentation techniques for modern cloud-native workloads, including:
- Workload segmentation
- Environmental segmentation
- Application-tier segmentation
- Process-based nano-segmentation
- User segmentation