A security administrator will need to be sure enforcement of security persists even when there are changes in the network environment. This is crucial due to the constant change in data center topologies. Workloads are moved, server pools are expanded, networks are re-numbered, and so on. The constants in all this change are need for security and the workload.
The security protocols implemented when a workload was first deployed in a changing environment will no longer be enforceable after a short while. The situation is mostly common in scenarios where the policy relied on loose associations. Examples of loose associations with workloads include protocol, port, and IP address. The challenge of maintaining this persistent security is aggravated by workloads to the hybrid cloud, or even other data centers.
Administrators are given more useful ways to describe the workload through micro segmentation. They can describe inherent characteristics of a workload, instead of depending on IP addresses. The information is then tied back to the security policy. Once this is done, the policy can answer questions such as: what kind of data will this workload handle (personally identifiable information, financial, or low-sensitivity)?, or what will the workload be used for (production, staging, or development)? Additionally, administrators can combine these characteristics to describe inherited policy attributes. For instance, a production workload handling financial data may get a higher level of security than a workload handling financial data.
More: micro segmentation networking