Subscribe to the Non-Human & AI Identity Journal
Home Glossary Governance, Ownership & Risk Access segmentation
Governance, Ownership & Risk

Access segmentation

← Back to Glossary
By NHI Mgmt Group Updated July 11, 2026 Domain: Governance, Ownership & Risk

The practice of limiting a user or system to only the specific resources required for a task. In DORA-aligned environments, segmentation is what makes third-party access auditable, containable, and easier to revoke without affecting unrelated systems.

Expanded Definition

Access segmentation is the deliberate separation of permissions, paths, and reachable resources so an identity can interact only with the systems needed for a specific task. In NHI and IAM programs, it is not just network isolation; it is a control pattern that limits the blast radius of service accounts, API keys, agents, and delegated third-party access.

Definitions vary across vendors, but the practical meaning is consistent: segmentation should make access auditable, time-bounded, and easy to revoke without disrupting unrelated workloads. That aligns closely with OWASP Non-Human Identity Top 10 guidance on reducing overprivilege and with boundary controls in NIST SP 800-53 Rev 5 Security and Privacy Controls.

In practice, access segmentation often combines scoped credentials, segmented trust zones, separate roles for read and write operations, and explicit policy checks for each tool call. The most common misapplication is treating a single broad role as “segmented” because the resource sits inside a separate subnet, which occurs when permission boundaries are not enforced at the identity and authorization layers.

Examples and Use Cases

Implementing access segmentation rigorously often introduces operational overhead, requiring organisations to weigh tighter containment against more complex policy design and change management.

  • A deployment bot can read build artifacts in one environment but cannot modify production databases, even if both systems are reachable on the same network.
  • A third-party support identity is limited to one tenant, one application cluster, and a short access window, improving revocation discipline and auditability. This is a recurring theme in the Ultimate Guide to NHIs.
  • An AI agent can call only the tool APIs required for its task, while higher-risk actions such as deletion or export remain in a separate approval segment.
  • A secrets retrieval path is segmented so a service account can fetch only one application’s credentials, reducing lateral movement if the token is compromised, which is consistent with lessons surfaced in the 52 NHI Breaches Analysis.
  • A privileged maintenance account is split into read-only observability access and a separate break-glass path for remediation, with both monitored under OWASP Non-Human Identity Top 10 controls.

Segmentation is especially valuable where machine identities outnumber human identities by 25x to 50x, because broad access quickly becomes unmanageable across ephemeral workloads and delegated integrations.

Why It Matters in NHI Security

Access segmentation is one of the most effective ways to contain compromise because NHIs are frequently overprivileged and difficult to monitor at scale. NHI Mgmt Group reports that 97% of NHIs carry excessive privileges, and only 5.7% of organisations have full visibility into their service accounts, which means unsegmented access can spread quietly across environments until a credential is abused. That is why segmentation is central to reducing blast radius, limiting tool sprawl, and making revocation meaningful after incidents.

The issue is not only theft. Poor segmentation also obscures accountability: if one token can touch many systems, investigators cannot easily tell what was accessed, what must be rotated, or which downstream services need containment. This matters under DORA-oriented governance because third-party and agentic access must remain auditable and containable throughout its lifecycle, not only at onboarding. The NHI Mgmt Group Ultimate Guide to NHIs highlights these lifecycle gaps as a recurring control weakness.

Organisations typically encounter the true cost of weak segmentation only after a service account, API key, or agent token is abused for lateral movement, at which point access segmentation becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack surface, NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST SP 800-63 set the technical controls, and DORA define the regulatory obligations.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-02Access segmentation reduces overprivileged NHI exposure and blast radius.
NIST CSF 2.0PR.AC-4Least-privilege access management directly supports segmented access patterns.
NIST Zero Trust (SP 800-207)SC-7Zero Trust relies on network and policy boundaries that contain identity-driven access.
NIST SP 800-63AAL2Assurance levels help constrain how strongly a segmented identity is authenticated.
DORAOperational resilience depends on third-party access being containable and revocable.

Design segmented third-party access so incidents can be isolated without disrupting core services.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org