Microsegmentation Policy as Code for DevOps

Cloud native has changed the way organizations develop, deploy, and run their applications. Businesses became more agile by adopting developer-led or devops-led practices such as CI/CD pipelines, automation and Infrastructure as Code (IaC). While enterprises have implemented DevOps processes to ensure the quality and speed of application development, traditional network security practices have fallen behind or offset the cloud native benefits. Microsegmentation, also known as Identity-Based Segmentation or Zero Trust Segmentation is a network security method proven to reduce risk by stopping lateral movement attacks and isolating applications and environments. However, many organizations are unable to operationalize segmentation within cloud native environments.

Most networks and security operations teams employ a centralized model, meaning one team retains all control and responsibility of network security policy management within the business.

A common workflow uses internal ticket-based systems. An operator opens a ticket request to open up network ports and services. The central policy team reviews the ticket and approves or denies the request. The policy team authors the policy change if approved.

While this system has worked for many years, the process is error-prone and change requests can take several days or weeks to complete. This inserts a bottleneck into application.

DevOps-led organizations are looking to operationalize microsegmentation the same way they deploy and run applications. This means relinquishing control to DevOps teams and implementing microsegmentation with policy as code.

Prisma Cloud Identity-Based Microsegmentation offers capabilities and workflows enabling DevOps teams to automate microsegmentation and secure application deployments. With Prisma Cloud, security teams can enforce coarse segmentation policy – also known as policy guardrails – based on environments, business units and cloud accounts. Security teams then delegate controls to application owners to work within guardrails and manage fine-grained application specific policy.

This decentralized approach enforces a healthy security posture without compromising the agility that DevOps teams require.

Microsegmentation policy as code is a Cloud Network Security capability in Palo Alto Networks Prisma Cloud. Read Alexandre Cezar’s full blog here or contact your local Exclusive Networks Account Manager to learn more about how Palo Alto Networks Prisma Cloud can automate microsementation and secure application deployments.