ESP - Compliance Scope

Reduce compliance scope through micro-segmentation

Why worry about compliance scope?

The ability to meet IT security compliance requirements provides your company with many critical business advantages. But those advantages also come with the increased operational costs and complexity. Not being able to continuously maintain and demonstrate proper levels of compliance increases the risk of liability in case of a breach. But can these compliance goals be met while keeping the costs and liability risks at the absolute minimum?

Yes, and one of the best way to achieve that is "scope reduction".

Compliance Scope is those parts of your IT environment that must meet the control objectives outlined in the compliance standards. If your network does not have clear and strong boundaries separating various network environments, your entire network may be in-scope, and therefore must meet all control objectives, including (potentially) ancillary requirements such as application security testing, penetration testing, etc. This is not desirable, but it can be remedied.

Managing compliance scope with Elemental

ESP’s adaptive segmentation capabililes can help network administrators to create logical boundaries between endpoint systems holding specific data that is subject to governmental or industry-mandated regulations and all other systems on the network.

In the example below, network administrators define which groups of machines within the same subnet come in contact with the documents subject to Sarbanes Oxley (SOX) requirements. Appropriate security controls are then deployed to all machines in the SOX security group, limiting access between in-scope machines and all other host groups on the network. As a result, the SOX IT audit can now be limited to only the machines in the SOX security group.


ESP segmentation


Of course, the same strategy could be used for meeting any compliance scope reduction requirements driven by other mandates like: NIST, PCI, HIPAA, HITRUST, FISMA, etc.

Using micro-segmentation, network administrators can not only lower the cost of the compliance assessment to fewer endpoints, but also deploy much more stringent security policies to the systems in high-security zones without having to subject out-of-scope machines to the same policies.

Learn more >>>