Network segmentation in transition

Many companies have implemented a network segmentation project in the past 20 years. It is obvious to everyone that, for example, in a company network, not every old printer should have network access to the core applications. How strict or granular this segmentation is then mostly depends on the risk appetite of the company management.

Principle of least privilege

The idea of ​​the “principle of least privilege” has been known for a long time and is used in many areas. Various IT security topics have become better known under the Zero Trust hat in recent years:

  • Microsegmentation (network-related): Or even nano-segmentation, where the initiating process is also taken into account.
  • Least privilege access rights (identity-related): So not only where, but also who and what can be accessed.

Google also contributed to the above-mentioned topics with the BeyondCorp security model.
With regard to microsegmentation, different approaches have been established:

  • Infrastructure-based
  • Host-based

Focus on host-based micro-segmentation

The advantage of the host-based variant is that it is infrastructure agnostic. Host-based firewalling can support hybrid clouds (AWS, Azure, Nutanix, bare metal) with just one solution.
Segmentation from the infrastructure, on the other hand, is the more classic option, which is generally more trusted.

Some of our manufacturers and partners already offer Zero Trust products. In the following you will get an overview of the offer from our portfolio:


So today we are much further along in terms of Zero Trust technologies.

But when we turn the screw with network segmentation, automation of certain processes is required for a sustainable operational load.

We would be happy to advise you in order to find the best solution for your requirements.

Senior Security Engineer
Mario Gersbach

For further information please contact us at or +41 43 544 10 66.

Related Links: