Zero trust vs microsegmentation: where IAM teams still struggle

TL;DR: Zero trust and microsegmentation are often paired to reduce trust by default and contain lateral movement, but they solve different problems and can be misapplied when identity controls are unclear, according to Axiad. The real governance issue is not the network pattern itself, but whether IAM, access scope, and segmentation are aligned to the assets and identities they are meant to protect.

NHIMG editorial — based on content published by Axiad: Zero Trust and Microsegmentation: An Explainer

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.

Questions worth separating out

Q: How should security teams combine zero trust and microsegmentation in practice?

A: Treat zero trust as the policy for deciding who or what can access a resource, and microsegmentation as the containment layer that limits movement after access is granted.

Q: Why do NHIs complicate zero-trust programmes?

A: NHIs complicate zero-trust programmes because their access often spans systems, APIs, and workloads that are not visible in the same way as human accounts.

Q: What breaks when microsegmentation is used without strong IAM controls?

A: Microsegmentation alone cannot fix over-privileged identities, weak credential hygiene, or missing offboarding.

Practitioner guidance

• Separate admission from containment Define zero-trust policy as the control that decides whether an identity may authenticate and what it may request, then define microsegmentation as the control that limits east-west movement after access is granted.
• Map segments to identity classes Group users, service accounts, workload identities, and administrative paths into distinct enforcement zones.
• Measure blast radius, not just access success Test whether a compromised account can reach adjacent systems, sensitive data stores, or admin planes.

What's in the full article

Axiad's full blog post covers the operational detail this post intentionally leaves for the source:

• How the vendor frames zero trust and microsegmentation in authentication-centric environments
• Practical examples of applying segmentation controls to specific access paths and network layouts
• The article's own explanation of where application controls, SDN, and firewalling fit in the comparison
• Context on how the vendor positions passwordless authentication alongside segmented environments

👉 Read Axiad's explainer on zero trust and microsegmentation →

Zero trust vs microsegmentation: where IAM teams still struggle?

Explore further

View Full Forum →  |  NHI Foundation Course →