Network Segmentation

Network segmentation is the division of an entire network into smaller segments or sub-networks (subnets). For example, if a business has a computer network, segmentation could mean limiting traffic to a database with customer information to only those employees who explicitly need that access.

How does network segmentation work?

There are multiple ways to segment a computer network:

  • Organizations use multiple virtual local area networks (VLANs) within their larger company network so that each segment receives its own network, prohibiting traffic from jumping between two VLANs.
  • IT personnel can configure hardware to filter specific traffic, often IP addresses, between segments of the network. Only users or devices with permitted IP addresses can enter that part of the network, such as a database with sensitive customer information.
  • Software-defined networking allows users to manage segmentation with applications or software rather than hardware.
  • Deploying firewalls at each network segment filters traffic between databases, accounts, and applications rather than allowing anyone who makes it past the perimeter firewall to enter company accounts. Using firewalls for each network segment is expensive and can be difficult to configure.

Why is network segmentation important?

Businesses have discovered that a single firewall at the perimeter of a computer network doesn’t always protect the applications within it. If an attacker passes the firewall, and the firewall is the network’s only protection, the attacker then has opportunities to move between different applications, even high-level access ones. Network segmentation makes it more difficult for attackers to move laterally through the network. If IP traffic is constantly filtered or applications require credentials to enter, attackers are less likely to continue moving within the network.

Segmentation also makes it easier to track a breach. If each subnet or segment has its own filtering procedures, and if security software is implemented with each, organizations can more readily locate an unauthorized visitor.

Network segmentation helps traffic to flow more efficiently. If traffic is limited for each segment, it will be less likely to clog and slow that part of the network. The database mentioned above will only have traffic from the users allowed access, which better uses bandwidth.

Lastly, segmentation helps organizations comply with data protection regulations. Any business bound by rules like GDPR must be able to document who accesses customer data. Segmentation makes it easier for businesses to track which employees have accessed accounts, applications, and databases. It’s also an important practice for better protecting sensitive customer information.

Difference between network segmentation and microsegmentation

They’re very similar concepts, but microsegmentation refers specifically to limiting user access to applications through authentication protocols. Microsegmentation is user-facing, managing traffic through entry points that users must pass through by presenting the correct credentials. It’s a form of network segmentation, but traditionally network segmentation referred more to hardware-configured segments and firewalls, while microsegmentation occurs at application access points. They’re helpful additional tools, but many security professionals argue that microsegmentation is the best way to control lateral traffic in computer networks and data centers. It uses the principle of zero trust to strictly limit network traffic to those who can provide legitimate credentials.


Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

DarkSide Ransomware

DarkSide ransomware, first discovered in August 2020, is used to perform sensitive data...

Contact Center CRM

Contact center CRM tools, or call center CRM tools, help businesses with call...

LogMeIn Rescue

LogMeIn Rescue is a software-as-a-service (SaaS) solution that offers remote desktop software and...