When state employees work from home, it is critical to simplify the operations of the state network and gain as much visibility as possible into network traffic, Schell says. Segmentation is a vital part of that process.
“When your staff is telecommuting or working from home, there are new challenges that are introduced surrounding general management of devices, support and security perspectives,” he says. “However, if your network segmentation strategy aligns with your remote access strategy, all of the benefits and associated recommendations relating to network segmentation continue to apply and, one could argue, are even more important.”
READ MORE: Find out how network segmentation can help defend smart cities.
Network Segmentation Is One Part of Vermont’s Strategy
In Vermont, network segmentation is one aspect of a comprehensive “defense in depth” strategy, says CIO and Secretary of Digital Services John Quinn.
“Segmentation brings additional visibility, organization and security to the network,” he says. “When we can segment resources off, we have a better chance of controlling outbreaks of malware and keeping it contained.”
Vermont’s network infrastructure is primarily built on Cisco and Palo Alto Networks technologies, with the state mixing functionality from each platform and other best-of-breed tools for segmentation and monitoring, Quinn says.
Monitoring across all segments and maintaining a holistic view of the network is essential as the organization partitions off more of its resources, he says. One struggle for public sector IT is finding funds in the budget for the tools that monitor and orchestrate the workings of the entire network.
Documentation of systems, ports and protocols becomes particularly important as organizations partition and modernize their networks, Quinn says. Like Duane Schell in North Dakota, he emphasizes the need to understand every user, device and application on the network, and how they all interact, particularly when roughly 9,100 state employees work from home.
“As we’ve gone through the process of segmenting the network, we’ve tried to create complete documentation on each piece, but that can be difficult when you’re dealing with hard-coded legacy systems,” Quinn says. “It’s those portions of the network that trouble generally comes from.”
Network segmentation is part of a comprehensive modernization push for Vermont’s IT infrastructure. The way the network is partitioned has to reflect and support the future needs and aspirations of the organization, so it’s important that segmentation is part of long-term planning, Quinn says.
“This is a major project, and in order to invest wisely, you need to look ahead,” he says. “As much as possible, you have to know what you might need from your network in five or even 10 years.”