Zero trust and microsegmentation: are your identity controls aligned?

TL;DR: Zero trust restricts access by default while microsegmentation limits lateral movement inside the network, and Axiad’s explainer argues the two work best when identity controls, authentication, and segment-level permissions are aligned. The real issue is that perimeter thinking and broad trust assumptions still leave room for unauthorized access and spread.

NHIMG editorial — based on content published by Axiad: Zero Trust and Microsegmentation: An Explainer

By the numbers:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• Only 5.7% of organisations have full visibility into their service accounts.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

Questions worth separating out

Q: How should security teams use microsegmentation with zero trust?

A: Security teams should use zero trust to control whether an identity can access a resource and microsegmentation to control how far that identity can move after access is granted.

Q: Why do NHIs complicate zero trust programmes?

A: NHIs complicate zero trust because many of them authenticate successfully but then operate with persistent, excessive, or poorly reviewed access.

Q: What breaks when microsegmentation is implemented without identity governance?

A: Microsegmentation without identity governance often leaves the root problem untouched: identities still have too much legitimate access.

Practitioner guidance

• Map identity scope to network zones Document which human and non-human identities can reach which segments, then remove broad east-west access that has no current business justification.
• Reduce standing privilege before tuning segmentation Review service accounts, API keys, and privileged accounts for excess access, then shrink entitlements before relying on microsegmentation to contain misuse.
• Tie zero trust policy to identity lifecycle events Link provisioning, role changes, offboarding, and secret rotation to the same access policy logic so stale identity rights do not outlive the purpose they were granted for.

What's in the full article

Axiad's full blog post covers the operational detail this post intentionally leaves for the source:

• The article walks through the distinction between zero trust and microsegmentation with implementation examples.
• It compares network segmentation, microsegmentation, SDN, and application-level controls for different environments.
• It outlines adoption considerations such as resource impact, troubleshooting trade-offs, and integration with authentication services.
• It frames passwordless authentication as part of the broader zero-trust and microsegmentation stack.

👉 Read Axiad's explainer on zero trust and microsegmentation →

Zero trust and microsegmentation: are your identity controls aligned?

Explore further

View Full Forum →  |  NHI Foundation Course →