TL;DR: EMA’s survey of 145 IT and security leaders found 95% rate microsegmentation as extremely or very important for cyber defence, while automated discovery, policy creation, and MFA integration are emerging as the features needed to overcome deployment friction and improve containment, according to Zero Networks. The market is moving from niche control to operational requirement, and that changes how teams should think about lateral movement risk.
NHIMG editorial — based on content published by Zero Networks: The Maturing Microsegmentation Market
By the numbers:
- 95% of respondents rate microsegmentation as extremely important or very important for cyber defense.
- Based on survey data from 145 IT professionals, information security practitioners, and technology business leaders, this report provides research-backed insights.
Questions worth separating out
Q: What breaks when microsegmentation is not built around real trust boundaries?
A: When segmentation zones are drawn from static network layouts instead of application relationships and workload identity, the controls become too coarse to stop lateral movement.
Q: Why does microsegmentation matter when organisations already use MFA and least privilege?
A: MFA and least privilege reduce the chance and scope of initial access, but they do not stop movement after compromise.
Q: How do security teams know whether microsegmentation is actually working?
A: They test for containment, not just deployment.
Practitioner guidance
- Define segmentation zones around real trust boundaries Base zones on application dependencies, workload identity, and business criticality rather than subnet convenience.
- Automate discovery before enforcing policy Require current asset discovery and tagging as a prerequisite for policy generation.
- Pair segmentation with privileged access controls Use MFA, just-in-time elevation, and tight administrative reach to reduce the value of any credential that lands inside the environment.
What's in the full report
Zero Networks' full report covers the operational detail this post intentionally leaves for the source:
- Survey breakdowns on why 95% of respondents rate microsegmentation as highly important.
- Capability priorities such as automated asset discovery, automated policy creation, and MFA integration.
- Practitioner views on deployment simplicity, scalability, compliance, and breach containment.
- Quoted field experience on how segmentation changes attack surface and lateral movement outcomes.
👉 Read Zero Networks' report on the maturing microsegmentation market →
Microsegmentation market maturity: what security teams should re-evaluate?
Explore further
Microsegmentation is becoming a control-plane issue, not just a network design choice. The report’s findings show that buyers now expect segmentation to reduce attack surface and contain breach spread, which means the control must operate alongside identity and access governance. When attack paths are shaped by credentials, privilege, and workload reach, segmentation becomes part of the identity enforcement stack. Practitioners should treat it as a policy governance capability rather than a point product.
A question worth separating out:
Q: Who should own microsegmentation decisions when IAM and network controls overlap?
A: Ownership should be shared between network security, IAM, platform and application teams because segmentation policy depends on workload identity, device posture and application criticality. The governance question is not which team owns every rule, but who is accountable for keeping the trust model aligned to current risk.
👉 Read our full editorial: Microsegmentation is maturing into mainstream breach containment