Recently I came across a survey of small business owners done by Oracle that showed security at the bottom of small business owners’ list of worries/concerns, for their business, if it’s even on their radar at all. So I started […]
A while back a few members of the IT Freedom team went to a conference and one of the speakers started talking about the importance of network segmentation. For us, it’s a no brainer and something that we consider for each of our customers depending on their security posture and needs. But for small businesses outside of the tech industry the priority is usually to get the network online and users working versus having security built in from the start. So that’s what we are talking about today: network segmentation for your small business, why it’s important, and what to keep in mind when setting out to accomplish it.
What is Network Segmentation?
Well, it’s pretty much what it sounds like. Network segmentation is the process of splitting your network into different “segments” or “subnetworks”. This matters because, by default, when you connect a bunch of devices to the same network, they can all talk to each other and potentially listen in on each others’ network traffic without any sort of monitoring or rules in place. It’s just a part of how networks work, and if you trust or at least directly manage all of the devices on your company’s network, that’s probably OK. But once you start adding devices that might not trust so much—guests’ devices, older legacy computers or servers that you can’t replace for some reason, and even otherwise trusted employee’s personal phones and computers—that gets a lot more problematic.
So, that’s where network segmentation comes in. Segmenting your network allows you to put different people or sets of hardware on different network segments with rules about how one segment can talk to the others. Network segments are often designed around how much we trust the users or devices in question. Think about things like putting guest users on one segment, very sensitive data like accounting systems on another segment of its own, etc.
Depending on the size of your organization and the data you’re working to keep secure the way your network is segmented might look a little different. If you spend any time researching network segmentation there’s a good chance you’ll find article after article discussing how large, high-profile organizations have more network segments than small businesses have employees. But for your 20-person business that isn’t really necessary let alone feasible for you to manage and monitor.
What does a segmented network look like?
For the average small business you’ll generally find something like this:
Under this simple layout, there are basically two networks. The “Corporate Network” which is basically a simple network for all of your company-owned-and-managed devices. It has access to anything on that internal network itself as well as out to the internet through the firewall, which keeps people on the outside or on the “Guest” network from coming in and also, ideally, does some higher-end security monitoring via a built-in intrusion detection and prevention system. The “Guest” network is still secure in that it’s protected with a password for the purposes of Wi-Fi—we don’t want to provide internet access for the whole world—but it is a lower security network designed to just provide internet access to guests and personal devices. This is the real benefit of network segmentation: there’s no reason that those guests (or even your own employee’s personally owned phones and laptops) should be attached to the private company network, so we just put them on an entirely different network right from the start.
This is a very simple example of the basic network segmentation for the average small business. At IT Freedom, ours is a lot more complicated to support and secure all of our customers. A company handling extremely sensitive data (e.g., financial institutions or healthcare providers) might also look a little different and add segments to ensure that only people who need access to certain data and certain parts of the network can gain access to those segments.
The Benefits of Network Segmentation
As with any decision we make for our businesses we need to know all the benefits, or really all the reasons why we should take on yet another project.
- Security. This is really the biggest benefit to segmentation. It helps keep hackers away from your data and out of your network in general. The different segments can be protected with different levels of firewalls and software.
- Control. Segmented networks allow you to have more control over who has access to specific parts of your network. Depending on the size of your company, this might be essential to your security plan.
- Improved Performance. With fewer devices on your company’s internal network, it’s going to run faster and more efficiently. The network can be optimized to prioritize business-related traffic and intelligently separate guest or internet traffic.
What to Consider Before Segmenting
If you or your staff don’t have the IT experience to complete this, we do recommend consulting with an IT company that has experience getting this sort of thing done. But here are some things to think about first, and your IT company should be able to walk you through a lot of this as well:
- Determine your business’s network and data security requirements. Take into account things like the sensitivity of the data that you handle and the business impact of both downtime and the leaking of confidential data.
- Analyze the data you’re trying to keep safe, how many different systems it resides in, and how they could be effectively separated if at all.
- Determine who needs access to what on your network. If everyone in the company and all the company-owned devices need access to all of your corporate data, that’s a different setup than separating access by department or role.
- Determine who will be responsible for maintaining and monitoring the network. This is not something you can just set up and leave alone. You should always have someone in charge of monitoring your network.
Now that you’ve considered all of that, you can create your plan for how you want your network segmented, the implementation process, and future maintenance of your network.
If any of this sounds overwhelming or impossible, we promise it’s not! You might just need the help of a trusted team for advice, and depending on the size of your organization you might need someone to manage your network all together. If you have questions about what managing your network entails check out our network management page and if you have questions on segmenting your network or networks in general, please give us a call! We work with businesses all over Austin and would love to help yours!