The InfoSec Blog

Network Segmentation is Common Sense

Posted by Anton Aylward

On one of the professional forums I subscribe to there was a request for "references" to justify the separation of development and production networks and facilities.  It seems some managers "don't get it" when it comes to things like change control and undocumented and unplanned changes.  Many guidelines discuss this, but its seems that some key ones like NIST and ISO-27001 do not explicitly mandate it, and some managers use this as a reason to not do it.

Some of us security droids find this frightening.

My colleague Miriam Britt managed to sum up the reasons why one should have separation quite sussinctly and forcefully.  With her permission I have copied her reasoning here and I hope many people will either reference this or copy it to their own blogs.  This kind of straight forward statement needs a wide exposure.