#United States #San Jose #Microsegmentation #Omdia Survey #Elisity

The Microsegmentation Challenge: Insights from a New Survey

In today's cybersecurity landscape, protecting critical systems has become paramount, yet a recent survey reveals a troubling disconnect between desire and execution. Elisity, in partnership with Omdia, surveyed 352 cybersecurity leaders in the healthcare and manufacturing sectors, revealing that 99% of them are eager to deploy microsegmentation. However, the reality is stark: over 90% of organizations have not sufficiently protected their crucial systems.

Key Survey Insights

The findings of the survey present a compelling narrative about the current state of microsegmentation:

• - Implementation vs. Reality: Although 99% of the respondents expressed a wish to implement microsegmentation, only 9% have protected more than 80% of their critical assets. This indicates that many organizations are falling far short of their security goals.
• - Experience with Cyber Attacks: Alarmingly, nearly half of the participants reported experiencing lateral movement attacks within the past year, even as 57% identified microsegmentation as their top initiative to mitigate such threats. This suggests that despite their intentions, organizations struggle to translate their goals into effective security measures.
• - Gaps in Capabilities: A notable 44% of respondents pointed out that lack of comprehensive device visibility is their most critical security gap. Furthermore, 69% demand identity-based controls, underlining a shift towards solutions that grant enhanced visibility and control over their environments.

A Legacy Architecture Dilemma

Despite the growing interest in microsegmentation, organizations are still heavily reliant on outdated methods such as VLANs and ACLs. 68% of the surveyed leaders are pursuing microsegmentation as part of a Zero Trust strategy, while 60% cite regulatory compliance as a major driver. The reliance on old tools that prioritize network location over identity hinders genuine progress toward effective segmentation.

Modern identity-based microsegmentation offers a streamlined approach by enforcing policy directly on existing network switches without requiring additional hardware or extensive reconfiguration. This new architectural paradigm allows organizations to respond faster, containing threats like ransomware and lateral movement across IT, IoT, OT, and IoMT environments in a matter of weeks.

Expert Perspectives

James Winebrenner, CEO of Elisity, observes, "Microsegmentation has matured, but many organizations still carry the scars from earlier, more complex methodologies. The fundamental change lies in the architecture, which has become more efficient. A focus on identity allows teams to enforce specific policies on their existing infrastructure, thus turning security into an enabler rather than a barrier."

Similarly, Hollie Hennessy, Principal Analyst at Omdia, highlights the shifting intentions of enterprises towards deploying microsegmentation solutions that they perceive as more straightforward and effective than previous options.

Sector-Specific Challenges

The survey sheds light on unique challenges encountered by different sectors:

• - Healthcare: Organizations face significant hurdles in integrating SIEM, EDR, and SOAR into their microsegmentation strategies. The need for targeted policies is crucial, notably for visiting clinicians (74%) and clinical staff (72%), due to the varied nature of devices in healthcare environments.
• - Manufacturing: The sector's unique demands for zero-downtime operations complicate traditional security approaches. With remote engineers ranking as a priority for segmentation (70%), integrating building management and industrial control systems remains a prevalent challenge.

Customer Voices

Clients of Elisity have shared positive experiences with microsegmentation. Nathan Phoenix, Information Security Officer at Southern Illinois Healthcare, stated, "We explored various NAC technologies for partial resolution, but it was Elisity that provided a comprehensive solution meeting all our needs." Max Everett, CISO of Shaw Industries, echoed this sentiment by underscoring the importance of having automated solutions to curtail lateral movements of threats quickly.

Conclusion

The survey results underscore a critical moment in the world of cybersecurity: while demand for microsegmentation is exceptionally high among organization decision-makers, actual deployment leaves much to be desired. To overcome these challenges, organizations must embrace modern, identity-aware microsegmentation practices now more than ever. As the landscape evolves, transforming security from a hindrance into a facilitator of business objectives will be vital for achieving comprehensive risk management.