Segmentation Fundamentals (for Cloud/Cyber Security Engineers)

Andre Camillo, CISSP
5 min readJan 4, 2022
Segmentation done right, by nature.

As part of my journey to a container-based POC I asked myself — what is the best way to segment a container?

Then I stumbled upon the concept of “nano-segmentation”, something interesting, but here’s a write-up about the importance of segmentation and the kinds of segmentation that are brought up in discussions.

./Segmentation

Segmentation is an important concept within a Security Architecture.

There are guidelines and best practices made public by vendors and analysts.

These concepts apply to multiple layers of an environment, including on-premises and cloud-hosted. This an evolution of past segmentation concepts that applied only to the network layer of an environment.

Therefore, nowadays, there are different types of segmentation, each with different terms that were coined by vendors and analysts (discussed further below)

And the Segmentation laws that should apply to an organization are defined from a strategy perspective.

Regarding Segmentation Strategy, according to Microsoft:

An effective segmentation strategy will guide all technical teams (IT, security, applications) to consistently isolate access using networking, applications, identity, and any other access controls. The strategy should aim to:

- Minimize operational friction by aligning to business practices and applications

- Contain risk by adding cost to attackers. This is done by:

- Isolating sensitive workloads from compromise by other assets.

- Isolating high-exposure systems from being used as a pivot to other systems.

- Monitor operations that might lead to potential violation of the integrity of the segments (account usage, unexpected traffic).

In the same document above, Microsoft also makes available a Reference model of segmentation to follow within Azure. Really handy, check out below:

--

--

Andre Camillo, CISSP

Cloud and Security technologies, Career, Growth Mindset. Follow: https://linktr.ee/acamillo . Technical Specialist @Microsoft. Opinions are my own.