For decades, the dominant model for network security has been the perimeter-based approach. The idea was to build a strong digital fortress around the organization’s network, with firewalls, intrusion detection systems, and other security controls at the perimeter. But in today’s world of cloud computing, mobile devices, and distributed AI systems, the perimeter has all but disappeared. The traditional, monolithic network is a major security risk. Once an attacker breaches the perimeter, they often have free rein to move laterally across the network, accessing sensitive data and systems at will.

Network Segmentation

Network segmentation takes a different approach. It is an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This creates a series of internal walls within the castle, limiting the blast radius of a security breach. If one segment is compromised, the attacker will not be able to move laterally to other segments of the network. This is a key principle of a Zero Trust security architecture, which assumes that the network has already been compromised and that you cannot trust any user or device, whether they are inside or outside the network.

Microsegmentation:

Microsegmentation takes the concept of network segmentation a step further. As explained by Zscaler, it is a security best practice that isolates workloads, applications, and devices into small, secure units within a network. This provides an even more granular level of control, as it can prevent an attacker from moving laterally between different applications, even if they are running on the same server. For AI systems, which are often composed of a complex and distributed set of microservices, microsegmentation is an essential security control.

When designing a network segmentation strategy for an AI environment, it is important to think about the different stages of the AI workflow and the different levels of security that are required for each stage. A typical AI workflow can be divided into four key stages, each of which should be its own secure segment:

‍

1. The Data Ingestion Segment

This is where you ingest data from a wide range of internal and external sources. This segment should be treated as a “demilitarized zone” (DMZ), with strict security controls to prevent unauthorized data from entering your AI environment. All data should be scanned for malware and other threats before it is allowed to enter the next segment.

‍

2. The Data Preparation and Training Segment

This is where you clean, transform, and label your data, and where you train your AI models. This is one of the most sensitive parts of your AI environment, as it contains both your raw data and your trained models. Access to this segment should be strictly controlled, and all data should be encrypted both at rest and in transit.

‍

3. The Model Validation and Testing Segment

This is where you test and validate your trained models to ensure that they are accurate, fair, and robust. This segment should be isolated from both the training environment and the production environment to prevent any potential data leakage or model tampering.

‍

4. The Model Deployment and Serving Segment

This is where you deploy your trained models into your production applications. This segment should be protected by a web application firewall (WAF) and other security controls to prevent unauthorized access to your models. All requests to the model should be logged and monitored for suspicious activity.