Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Microsegmentation and asset visibility: what IAM teams should notice


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Microsegmentation projects often fail because organisations cannot accurately discover devices, redesign networks without downtime, or sustain identity-based policy enforcement, according to Elisity. The governance problem is not just segmentation mechanics, but the operational gap between asset visibility, business continuity, and enforceable access boundaries.

NHIMG editorial — based on content published by Elisity: Why I Joined Elisity as Field CTO, Making Microsegmentation Actually Work

By the numbers:

Questions worth separating out

Q: How should security teams implement microsegmentation without disrupting operations?

A: Security teams should phase microsegmentation around high-value zones first, use existing network infrastructure where possible, and validate each policy change against business workflows before expanding scope.

Q: Why do unmanaged devices make segmentation harder to govern?

A: Unmanaged devices make segmentation harder because policy cannot be trusted when ownership, classification, and expected behaviour are unclear.

Q: What breaks when identity-based segmentation is built on incomplete asset data?

A: When asset data is incomplete, segmentation tends to over-permit to avoid outages or under-permit and break business services.

Practitioner guidance

  • Build segmentation from a complete asset inventory Start by reconciling IT, OT, IoT, and IoMT assets into one classification model before you define enforcement zones.
  • Tie microsegmentation to identity governance Map device and workload policies to accountable identity sources, including service accounts and privileged access paths, so segmentation decisions can be reviewed and audited.
  • Prioritise non-disruptive enforcement paths Use implementation approaches that avoid full network redesigns and production downtime, especially in operational and clinical environments.

What's in the full article

Elisity's full post covers the operational detail this post intentionally leaves for the source:

  • How the platform discovers and classifies unmanaged IoT, OT, and IoMT devices in live environments
  • The implementation claim that segmentation can be applied in days rather than months using existing infrastructure
  • The reported containment and cost outcomes that support the field CTO's argument
  • The vendor's view of how identity-based policy is applied across the network without redesigning VLANs

👉 Read Elisity's perspective on making microsegmentation work in production environments →

Microsegmentation and asset visibility: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Microsegmentation fails most often as a governance problem, not a packet-filtering problem. The article describes implementation friction, but the deeper issue is that security teams cannot govern what they cannot accurately map to business context. Identity-based policy only works when asset discovery, ownership, and lifecycle data are reliable. For practitioners, the real question is whether segmentation can be audited as a control, not merely demonstrated as a tool.

A question worth separating out:

Q: Who should be accountable for microsegmentation outcomes?

A: Accountability should sit jointly with network security, the operational owners of the systems being segmented, and the risk function that validates business impact. If the control is tied to identity sources and operational dependencies, then accountability must also cover the data used to define policy. That is what makes segmentation auditable and sustainable.

👉 Read our full editorial: Microsegmentation fails when asset visibility and identity policies lag



   
ReplyQuote
Share: