Overview
Direct Answer
Network segmentation is the architectural practice of dividing a single network into isolated logical or physical subnetworks, each functioning as its own perimeter. This isolation restricts lateral movement of threats and enables granular access control policies tailored to distinct organisational requirements.
How It Works
Segmentation is enforced through VLANs, firewalls, microsegmentation policies, or dedicated physical switches that enforce traffic rules between zones. Each segment operates with its own routing policies and security controls; traffic crossing segment boundaries is inspected and filtered according to predetermined allow/deny rules, preventing unauthorised lateral propagation.
Why It Matters
Organisations adopt segmentation to contain security breaches, reduce compliance audit scope, optimise bandwidth allocation for critical systems, and minimise blast radius when systems are compromised. Regulatory frameworks in healthcare, finance, and critical infrastructure increasingly mandate segmentation as a foundational security control.
Common Applications
Healthcare networks isolate patient records (PHI) from administrative systems; financial institutions separate customer-facing services from back-office infrastructure; manufacturing environments segregate operational technology (OT) from corporate IT networks to prevent production disruptions from cyber incidents.
Key Considerations
Segmentation increases operational complexity through management overhead and can introduce latency if poorly designed. Balancing security rigour with legitimate inter-system communication remains a persistent implementation challenge.
Cross-References(1)
More in Networking & Communications
Packet Sniffing
Protocols & StandardsThe process of capturing and analysing data packets travelling across a network for monitoring or troubleshooting.
Subnet
Protocols & StandardsA logical subdivision of an IP network that improves security and performance by segmenting traffic.
Network Orchestration
Protocols & StandardsThe automated coordination and management of network resources, services, and policies across infrastructure.
DHCP
Protocols & StandardsDynamic Host Configuration Protocol — automatically assigns IP addresses and network configuration to devices.
Routing Protocol
Protocols & StandardsA protocol that determines the optimal path for data packets to travel across interconnected networks.
Network Function Virtualisation
Cloud NetworkingReplacing dedicated network hardware with software running on commodity servers.
Network Latency
Protocols & StandardsThe time delay between sending and receiving data across a network, measured in milliseconds.
BGP
Protocols & StandardsBorder Gateway Protocol — the routing protocol that manages how packets are routed across the internet between autonomous systems.