Gartner Research

Decision Point for Network Security Zones

Published: 10 July 2012

ID: G00235646

Analyst(s): Daniel Blum , Eric Maiwald

Summary

Organizations can use network security zones to standardize network protections for their IT resources. The network perimeters that define these zones provide protection based on security requirements and business communications needs. Organizations must examine their business security and communication needs to determine how to define the zones into which they will group their systems, sites, and network resources.

Table Of Contents

Decision Point

Decision Context

  • Business Scenario
  • Architectural Context
  • Related Decisions

Evaluation Criteria

  • Requirements and Constraints
    • Group Resources with Common Communication and Protection Requirements into Network Security Zones
    • Balance Business Needs vs. Risk
    • Separate Systems and Information in Accordance with Policy
    • Set Perimeter Requirements for Network Security Zones
    • Include Geographically Distributed or Mobile Systems in a Network Security Zone
  • Principles

Alternatives

  • Single or Multiple Network Security Architecture Scopes for Zoning
  • Open, Closed, or Layered Architecture
    • Open Architecture
  • Control and Audit
    • Control Zone
    • Audit Zone

Future Developments

  • Network Security Zones Finally Become More Logical
  • Zoning in Virtual and Multi-Tenant Data Centers and Clouds
  • The Introduction of Hybrid Clouds

Decision Tool

  • Scope Position
    • Create a Separate Network Security Zoning Architecture for Each Portion of the Organization or Subsidiary
    • Use One Network Security Zoning Architecture for the Entire Organization
  • Open, Closed, or Layered Zone Architecture Position
    • Use a Closed Architecture
    • Use an Open Architecture
    • Use a Layered Architecture
  • Layered Security Zones Position
    • DMZ Position
    • Trusted Zone Position
    • Restricted Zone Position
    • Limited Access Zone Position
    • Subzones Position
    • Create Subzones
    • Do Not Create Subzones
  • Control and Audit Zones Position
    • Control Zone Position
    • Control Zone Internal Structure Position
    • Audit Zone Position
    • Audit Zone Internal Structure Position
    • Divide the Audit Zone into Subzones
    • Do Not Divide the Audit Zone

Recommended Reading

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.