Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Microsegmentation and the governance gap teams are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Omdia’s 2025 survey of 352 security decision-makers found that 99% of organisations are implementing or planning microsegmentation, but only 9% say more than 80% of critical systems are protected, while nearly half experienced lateral movement in the last 12 months. The real constraint is architectural: policies tied to network location do not scale to identity-driven, heterogeneous environments.

NHIMG editorial — based on content published by Elisity: The Microsegmentation Say-Do Gap and why lateral movement keeps winning

By the numbers:

Questions worth separating out

Q: What breaks when microsegmentation is not based on identity?

A: Network-based microsegmentation breaks when assets move, readdress, or span heterogeneous environments because the policy is tied to location rather than durable identity.

Q: Why do segmentation projects stall in large enterprises?

A: They stall because the control burden grows faster than the team can author, test, troubleshoot, and change policy.

Q: How do teams know whether microsegmentation is actually working?

A: Teams should look for completed coverage of critical systems, stable enforcement across device moves, and a falling number of exception rules created to preserve business continuity.

Practitioner guidance

  • Define segmentation policy in identity terms Replace subnet and VLAN centric rules with policies expressed in device identity, workload identity, or user role where those signals are durable enough to survive network movement.
  • Audit coverage gaps across unmanaged assets Map which OT, IoT, and IoMT devices cannot host agents and verify whether your current segmentation design can still enforce policy on those assets.
  • Measure completion, not just deployment Track the percentage of critical systems actually protected, the time required for each policy change, and the number of exceptions created to keep production running.

What's in the full report

Elisity's full blog covers the operational detail this post intentionally leaves for the source:

  • The survey’s full breakdown of deployment stall points across manufacturing and healthcare environments.
  • The detailed comparison of legacy segmentation methods, including where VLANs, ACLs, NAC, and overlays break down operationally.
  • The rollout pattern for identity-based microsegmentation across heterogeneous IT, OT, IoT, and IoMT estates.
  • The article’s deployment examples and product-specific implementation context for teams past the strategy stage.

👉 Read Elisity’s analysis of the microsegmentation say-do gap and identity-based policy →

Microsegmentation and the governance gap teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Microsegmentation has become an identity governance problem, not just a network design problem. The article’s core evidence is that policy tied to network location stalls when devices move and identities remain the only stable control point. For IAM and PAM teams, that means segmentation should be evaluated as part of access governance, not as an isolated infrastructure project. The practitioner conclusion is that identity must become the policy primitive if lateral movement is to be reduced in real environments.

A question worth separating out:

Q: Who should own microsegmentation when identity is part of the policy model?

A: Ownership should be shared across network, IAM, and security architecture teams because the policy now depends on identity sources as much as on enforcement points. Network teams can implement the control, but IAM and identity governance teams are needed to keep the identity data trustworthy and the access model consistent.

👉 Read our full editorial: Microsegmentation still stalls because identity is missing from policy



   
ReplyQuote
Share: