Why Application Dependency Mapping is a Key First Step for Segmentation
Knowing how your applications communicate is central to limiting the lateral movement of unauthorized users through segmentation.
In this article
Ask business owners about their number one security concern and, more often than not, it's the ability to protect critical business applications. For that reason, enterprise segmentation strategy has become a key security objective for businesses.
Why? Segmentation groups application assets within security perimeters to limit a user's lateral movement across the infrastructure. Restricting movement through authorized access creates an additional security layer that, by design, effectively contains unauthorized users to a much smaller environment.
Prior to implementing security controls, an important first step in restricting lateral movement is to identify how critical business applications communicate. This practice, called Application Dependency Mapping (ADM), is essential for every segmentation effort.
ADM provides important technical and non-technical data that must be thoroughly analyzed to ensure applications function properly in a segmented environment. Without first completing this step, an organization can face major issues ranging from unwanted access denials to malfunctioning systems.
When planning a network segmentation program — whether it's an ACI, NSX, NGFW or host-based solution — IT leaders must incorporate into their planning activities the needs of business applications. Information about technical and business requirements is spread across multiple systems and often lacks the "desired state" context leaders need to project and plan appropriately.
These challenges add substantial risk and cost to complex transformational programs.
What are the needs of your critical business applications?
ADM seeks to identify and analyze interactivity between business and IT applications and the infrastructure supporting them. ADM also validates and/or documents relationships between applications, often referred to as "east/west" dependencies.
The goal of ADM is to understand how a planned segmentation, when applied to the underlying infrastructure, will impact the enterprise. This information is then used to shape the transformation program in a way that allows the business to reduce risk and avoid re-work costs that would otherwise result from a lack of visibility into the dependencies between applications and infrastructure.
ADM offers other high-value benefits and insights into application behaviors. For example, it lets organizations fully depict legacy system attributes, validate data management parameters within a business application, gain insight into a variety of technical metrics, and obtain essential visibility that can help them understand usage and make downstream investment decisions.