Comfortable work despite strict network separation

The recommendation to isolate critical networks, systems and applications is an important component in almost all security-related standards (ISO 2700x, BSI IT-Grundschutz, IEC 62443, B3S water sector, etc.). The solution concepts are diverse and the options depend on technical conditions and compliance requirements. The challenge often lies in organising the separation rules on a physical, network and system-related level and assigning appropriately strong mechanisms.

Security zones – reality and claim?

The concept of zone architectures for the security-oriented segmentation of functional areas creates controlled conditions. But in the age of digitisation, physical boundaries are becoming increasingly divergent. Isolated solutions merge into large IT networks, and older technologies are upgraded for IP communication. The incorporation of current technologies enables the development of cross-divisional digitalised value-added chains with a high degree of automation.

Uncontrolled access to security zones with high protection requirements (plant control systems, control centres, etc.) from networks (office IT) with lower protection requirements can be a problem. Insufficiently protected client systems and perimeters represent a gateway for malicious software and thus system attacks, sabotage or espionage in functional areas that were previously strictly isolated.