Overview
Direct Answer
Network segmentation is the architectural practice of dividing a single network into isolated logical or physical subnetworks, each functioning as its own perimeter. This isolation restricts lateral movement of threats and enables granular access control policies tailored to distinct organisational requirements.
How It Works
Segmentation is enforced through VLANs, firewalls, microsegmentation policies, or dedicated physical switches that enforce traffic rules between zones. Each segment operates with its own routing policies and security controls; traffic crossing segment boundaries is inspected and filtered according to predetermined allow/deny rules, preventing unauthorised lateral propagation.
Why It Matters
Organisations adopt segmentation to contain security breaches, reduce compliance audit scope, optimise bandwidth allocation for critical systems, and minimise blast radius when systems are compromised. Regulatory frameworks in healthcare, finance, and critical infrastructure increasingly mandate segmentation as a foundational security control.
Common Applications
Healthcare networks isolate patient records (PHI) from administrative systems; financial institutions separate customer-facing services from back-office infrastructure; manufacturing environments segregate operational technology (OT) from corporate IT networks to prevent production disruptions from cyber incidents.
Key Considerations
Segmentation increases operational complexity through management overhead and can introduce latency if poorly designed. Balancing security rigour with legitimate inter-system communication remains a persistent implementation challenge.
Cross-References(1)
More in Networking & Communications
Network Function Virtualisation
Cloud NetworkingReplacing dedicated network hardware with software running on commodity servers.
VPN
InfrastructureVirtual Private Network — a technology creating a secure, encrypted connection over a less secure network like the internet.
Mesh Network
Protocols & StandardsA network topology where each node relays data for the network, providing self-healing and redundant paths.
IP Address
Protocols & StandardsA unique numerical label assigned to each device connected to a computer network for identification and routing.
DHCP
Protocols & StandardsDynamic Host Configuration Protocol — automatically assigns IP addresses and network configuration to devices.
Bandwidth
Protocols & StandardsThe maximum rate of data transfer across a network path, typically measured in bits per second.
Network Latency
Protocols & StandardsThe time delay between sending and receiving data across a network, measured in milliseconds.
Proxy Server
InfrastructureAn intermediary server that forwards requests between clients and other servers, providing security and caching.