Cloud Computing - Assignment.

8/2/2019 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?course_id=_109247_1&includeDeleted=true&attem… 1/2

SafeAssign Originality Report Summer 2019 - Cloud Computing (ITS-532-06) - Second Bi-Term • Week 5 - Assignment • Submitted on Fri, Aug 02, 2019, 8:55 AM

Sai Kumar Baruri View Report Summary

View Originality Report - Old Design

INCLUDED SOURCES

Sources

Institutional database (8) %92

Student paper

Student paper

Student paper

Student paper

Student paper

Student paper

Student paper

Student paper

Top sources

Attachment 1 Week_5_Assignment_Microseg…

%92

4

8

1

5

7

6

2

3

Running head: MICROSEGMENTATION AND ZERO TRUST SECURITY 1

MICROSEGMENTATION AND ZERO TRUST SECURITY 2

Microsegmentation and Zero Trust Security

Week 5 - Assignment

by Sai Kumar Baruri

Professor D. Barrett

University of Cumberland’s

ITS 532 - 06

08/02/2019

Microsegmentation and Zero Trust Security

Introduction

The 21st century is much characterized by increased technology, access to the internet and the adoption of information systems. Due to the adoption of technologies, there is an increase in the realization of the

benefits that come with IT value. However, technological advancements have negatively affected society and brought about security threats. This has resulted in the implementation of security mechanisms

that enhance the security of IT assets. Such mechanisms include physical network segmentation, micro- segmentation and zero-trust security. Physical network segmentation

The physical network segmentation in the cloud includes the segmentation of IT components that are based on the logic outlines the endpoints to be on each network. The physical network segmentation seeks to group some of the logical components into specific groups according to their functions and in turn, access, the privileges assigned (Mammela et al., 2016). The physical network segmentation concerning cloud computing implies the logical division of the network into minor segments that share the same access permissions and characteristics. For instance, the cloud computing network is physically segmented as a private cloud computing. Micro-segmentation

The micro-segmentation comprises of security-enhancing technology that is used in breaking down a given data Centre which is a cloud-based into logical elements. This facilitates s the implementation of high-level information technology security policies on the logical elements to aid in their control (Baum & Chang, 2014). The micro-segmentation in cloud computing seeks to break down the applications and the

various network segments into workloads. This implies that the communication and access of applications are restricted according to the IT policies definition to build on security. Moreover, the micro-segmentation in cloud computing implies narrowing down of control access and specific workloads which bars unauthorized access and implements zero-trust policy. Difference between physical network

segmentation and micro-segmentation

The physical network segmentation is different from micro-segmentation in that; the physical network

segmentation divides systems according to their defined end-points. Through this, it implies some form of network access restriction based on the access rights grouped into several components. On the other hand, micro-segmentation implies a division of the organization systems into workloads which are strictly defined and high-level policies for security enhancement. Therefore, the physical network segmentation is a more generalized security policy that is less secure. However, micro-segmentation narrows down into specific workloads that restrict access and integration, thus becoming more secure. Nonetheless, the micro- segmentation can be implemented on physical network segmentation to secure workloads. At the same time, physical network segmentation has high-level security mechanism hence being less useful. The

concept of zero security

Massive data breaches in databases have characterized the 21 centuries. Due to this, security has become a crucial aspect to consider because the use of information systems in the current world is full of threats. Due to the increased security threats in the information systems, it has led to the implementation and initiation of zero-trust security. The zero-trust security implies a security-enhancing model for both insider and outsider access is limited to no-automatic access until verified before granting access right (Kindervag, 2016). This model treats anything that is either within its parameter or beyond as a suspect with the potential of compromising security, which means verification comes first. Zero security models are

1

2

1

1

3

1

4

4

4

5

4

4

6

8/2/2019 Originality Report

https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?course_id=_109247_1&includeDeleted=true&attem… 2/2

different from conventional security model in that; zero trust security introduces system latency

where verification is done on anything either inside or outside trying to gain access. Therefore, the automatic access grating is disabled until the user is verified. The conventional security model relies on a security mitigation procedure implemented to promote security that verifies the identity of the user. However, this model supports ubiquitous security, particularly in a cloud environment by enabling a unified approach to security where identity must be verified regardless of the privileges assigned before access grants. Nonetheless, this reduces the overreliance on security mitigation techniques such as the use of SIEM tools, which are at times compromised. Micro-segmentation for zero-trust security The micro- segmentation comprises of variable security technology which builds the security of a given organizations’ information systems. The micro-segmentation topology could potentially be used to implement zero-

trust security in the following ways.

4

4

Through developing tighter IT security policies and implementing the same on the system workloads

(logical segments) which disables automatic access granting to anything both within and without the facilitate parameter until identity proved and user verified. The non-tolerance to access the unverified users tends to implement zero-trust security. Anything seeking access is treated as a success regardless of the identified privileges assigned to each. Implementing zero trust model

Modern organizations should consider the implementation of a zero-trust security approach. This is because the zero-trust security approach is the most efficient and it implements access control capabilities that secure the systems. The approach is based on the principle of verification before access grants. However, the approach tends to be more effective in barring unauthorized access. Additionally, a zero-trust security approach declines the over-reliant on implemented security mitigation procedures like the use of SIEM tools which have been compromised severally. This approach treats anything as a suspect and thus causes effective scrutiny before access grants.

References

Baum, G., & Chang, W. (2014). U.S. Patent No. 8,630,902. Washington, DC: U.S. Patent and Trademark

Office. Kindervag, J. (2016). No more chewy centers: the zero-trust model of information security.

Forrester Research, Inc., dated Mar, 23. Mämmelä, O., Hiltunen, J., Suomalainen, J., Ahola, K.,

Mannersalo, P., & Vehkaperä, J. (2016, June). Towards micro-segmentation in 5G network security. In

European Conference on Networks and Communications (EuCNC 2016) Workshop on Network Management, Quality of Service and Security for 5G Networks.

4

4

7

8

8

Word Count: Submitted on: Submission UUID: Attachment UUID: 1,004 08/02/19 19162e98-9286-b696-108e-09c1d120e1eb 1fa458d7-c991-e0d0-0b74-44db2fdb235c