Cloud Security , Governance & Risk Management , Security Operations

Is Microsegmentation for Zero Trust Defenses Worth It?

Forrester's David Holmes on Why CISOs Must Evaluate Microsegmentation in Cloud
David Holmes, principal research analyst, Forrester

Microsegmentation is a fundamental concept in zero trust security, but CISOs should assess its feasibility before diving in. This is particularly true in a public cloud environment where there is no real network policy and in many cases, organizations don't have a good handle on the high-value data that needs to be secured, said David Holmes, principal research analyst at Forrester.

See Also: Guiding Your Leadership Team Through the Zero Trust Mindset

"It is not clear to me yet what the best approach is in the public cloud. Now I have talked to clients who have the best developers in the world, and they're building a system in the public cloud. And they're building microsegmentation into it. That's a perfectly credible thing for them to say," Holmes said.

"But for your typical organization, they often will have a lean IT or even more common, a very lean approach to security. And they're looking for some kind of turnkey solution that's going to give them the microsegmentation. But those technologies are still being developed. What I am saying is, 'I've not seen a consensus on what's the right way to do microsegmentation in the public cloud.'"

In this video interview with Information Security Media Group, Holmes discussed:

  • Why some CISOs may not want to aim for microsegmentation;
  • The challenges of microsegmentation - on-premises and in the cloud;
  • Tools for implementing microsegmentation;

Holmes advises Forrester security and risk clients about strategy, architecture and zero trust. He helps security leaders plan zero trust implementations, select cybersecurity controls and understand new mitigation technologies.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.