{"id":16375,"date":"2025-12-08T12:12:16","date_gmt":"2025-12-08T12:12:16","guid":{"rendered":"https:\/\/dmsretail.com\/RetailNews\/segmentation-remains-a-foundational-security-concept\/"},"modified":"2025-12-08T12:12:16","modified_gmt":"2025-12-08T12:12:16","slug":"segmentation-remains-a-foundational-security-concept","status":"publish","type":"post","link":"https:\/\/dmsretail.com\/RetailNews\/segmentation-remains-a-foundational-security-concept\/","title":{"rendered":"Segmentation Remains a Foundational Security Concept"},"content":{"rendered":"<p> <p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/>\n<\/p>\n<div>\n<p>The 2025 Cisco Segmentation Report, with 1,000 respondents, was released last month and has prompted me to think more deeply about the evolution of the decades-old cybersecurity concept and how it continues to adapt to meet the needs of modern enterprises. I previously wrote that while 79% of respondents consider segmentation a top priority, only 33% implement it fully. The survey results also revealed interesting insights into why segmentation remains a foundational concept.<\/p>\n<p>The evolution of segmentation and the development of different segmentation approaches make the concept ideal for implementing a proactive approach to enterprise cybersecurity today. For years, organizations have utilized macro-segmentation to divide networks into smaller sections, which helps limit the spread of successful attacks while enhancing overall resilience. And now, augmenting macro-segmentation with micro-segmentation implementations allows security teams to split environments into separate networks AND isolate specific workloads based on behavior or identity. This dual segmentation approach is well-suited to protect today\u2019s distributed, cloud-first network infrastructure and the applications, data, and users that rely on these critical networks.<\/p>\n<p>This is the first part of a three-part series that delves deeper into the survey results and what they reveal about the current state of segmentation.<\/p>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-c9b07fab31f5a2868063c1eadf90ad68\" id=\"h-macro-segmentation-on-it-s-own-is-not-enough-to-meet-today-s-cybersecurity-challenges\" style=\"font-style:normal;font-weight:400\">Macro-Segmentation (On It\u2019s Own) Is Not Enough to Meet Today\u2019s Cybersecurity Challenges<\/h2>\n<p>Macro-segmentation alone is insufficient due to recent changes in modern application architecture. Modern applications are no longer monolithic, and they are no longer constrained by a subnet or VLAN. As a result, these applications are decentralized and composed of multiple workloads. This new decentralized architecture has boosted application performance, scalability, maintainability, and reliability; however, it has made it challenging to understand what\u2019s happening at the workload level.<\/p>\n<p>However, the lack of visibility and control at the workload level makes traditional security approaches (including macro-segmentation) challenging. It\u2019s no wonder that cybersecurity teams are struggling to protect today\u2019s highly distributed, cloud-first digital infrastructures.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2488\" height=\"1200\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/segmentation_report_organization_implementation_statistics.webp\" alt=\"Graph showing how many organizations have progressed with implementation micro-segmentation\" class=\"lazy lazy-hidden wp-image-482658\" style=\"width:800px\"\/><noscript><img loading=\"lazy\" decoding=\"async\" width=\"2488\" height=\"1200\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/segmentation_report_organization_implementation_statistics.webp\" alt=\"Graph showing how many organizations have progressed with implementation micro-segmentation\" class=\"wp-image-482658\" style=\"width:800px\"\/><\/noscript><figcaption class=\"wp-element-caption\"><strong>Question:<\/strong> How would you rate your organization\u2019s current progress with implementing micro-segmentation? Base: 1,000 respondents<\/figcaption><\/figure>\n<\/div>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-3ea60d1367cc1d1f9ca38943e660a0f9\" id=\"h-organizations-need-to-implement-macro-segmentation-and-micro-segmentation-in-tandem\" style=\"font-style:normal;font-weight:400\">Organizations Need to Implement Macro-Segmentation and Micro-Segmentation in Tandem<\/h2>\n<p>Augmenting macro-segmentation with micro-segmentation implementations enables security teams to separate IT environments into sections while isolating individual workloads based on their behavior or identity. This enables a proactive approach to cybersecurity, resulting in faster recovery times, improved operations, and consistent enforcement of segmentation policies.<\/p>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-f11c6a49e35428a712fdaab612edd366\" id=\"h-1-quicker-recovery-times\" style=\"font-style:normal;font-weight:400\">1. Quicker Recovery Times<\/h3>\n<p>Respondents from organizations that have fully implemented both macro- and micro-segmentation report that breach containment and recovery take an average of 20 days to complete. In contrast, respondents from organizations that have not fully implemented both macro- and micro-segmentation report that recovery takes them an average of 29 days.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2488\" height=\"770\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/segmentation_reportrecovery_time_graph.webp\" alt=\"Graph showing the time it takes organizations to contain and fully recover from most recent breach\" class=\"lazy lazy-hidden wp-image-482659\" style=\"width:800px\"\/><noscript><img loading=\"lazy\" decoding=\"async\" width=\"2488\" height=\"770\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/segmentation_reportrecovery_time_graph.webp\" alt=\"Graph showing the time it takes organizations to contain and fully recover from most recent breach\" class=\"wp-image-482659\" style=\"width:800px\"\/><\/noscript><figcaption class=\"wp-element-caption\">Average time it takes organizations to contain and fully recover from their most recent breach. Base: 1,000 respondents. Data split by organizations with full implementation of both macro- and micro-segmentation (327 respondents), and organizations who have not fully implemented either (667)<\/figcaption><\/figure>\n<\/div>\n<p>This is a big, big deal. Cutting recovery time by one-third limits the breach\u2019s impact and prevents its future spread. Just imagine the damage that threat actors can inflict in those additional nine days. The combination of macro- and micro-segmentation slows down attackers. It also provides defenders with more visibility and control over individual workloads, offering insights into the attack chain that enable them to quickly identify which assets need to be quarantined, taken offline, and recovered.<\/p>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-beba070a6fc7482109bc444fb5727b91\" id=\"h-2-an-opportunity-to-align-teams\" style=\"font-style:normal;font-weight:400\">2. An Opportunity to Align Teams<\/h3>\n<p>Segmentation projects require coordination across multiple teams with multiple layers of responsibility, necessitating full alignment throughout the organization. For example, a development team knows who created an application, but it may not have visibility into who is using the application or how the application is being used. A failure to coordinate across teams can lead to over-permissioning\u2014a common mistake that creates significant risks for organizations.<\/p>\n<p>According to the survey, organizations (often) rely on three separate teams for implementing and managing segmentation\u2014IT infrastructure or network (87%), Security\/ SecOps (77%), and DevOps\/ Cloud Engineering (71%). The process of implementing both macro- and micro-segmentation can improve alignment between these teams and eliminate much of the risk associated with over-permissioning. Continuing with our development team example, the drive toward segmentation can bring the development team closer to those managing and securing the network by establishing a common vocabulary and shared objectives.<\/p>\n<p>Among survey respondents at organizations that have fully implemented both macro- and micro-segmentation, 87% report that their teams are fully aligned, compared with 52% of those at organizations without full implementation.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1151\" height=\"513\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/microsegmentation_report_team_alignment_charts.webp\" alt=\"Chart showing how aligned different teams are on implementing segmentation\" class=\"lazy lazy-hidden wp-image-482660\" style=\"width:800px\"\/><noscript><img loading=\"lazy\" decoding=\"async\" width=\"1151\" height=\"513\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/microsegmentation_report_team_alignment_charts.webp\" alt=\"Chart showing how aligned different teams are on implementing segmentation\" class=\"wp-image-482660\" style=\"width:800px\"\/><\/noscript><figcaption class=\"wp-element-caption\"><strong>Question:<\/strong> When thinking about the teams involved in implementing or managing segmentation at your organization, how would you rate how aligned they are? Base: If respondent uses two or more teams (994 respondents). Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).<\/figcaption><\/figure>\n<\/div>\n<h3 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-a512eac12adc00cc668cfefff18b51c3\" id=\"h-3-consistent-enforcement\" style=\"font-style:normal;font-weight:400\">3. Consistent Enforcement<\/h3>\n<p>According to the report, two-thirds (63%) of respondents at organizations with full implementation strongly agree that automation is key to scaling and maturing segmentation projects, versus 50% without full implementation of both. Automation enables organizations to scale their segmentation policies across the entire organization (or at least where it makes sense), resulting in more comprehensive and consistent enforcement, and ultimately, stronger security controls. Organizations that do not employ adequate automation must manually create and maintain policies, which can easily fall behind security requirements over time.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1210\" height=\"491\" data-lazy-type=\"image\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/microsegmentation_report_chart_essential_automation_perception.webp\" alt=\"Chart showing whether respondents perceive automation to be essential\" class=\"lazy lazy-hidden wp-image-482661\" style=\"width:800px\"\/><noscript><img loading=\"lazy\" decoding=\"async\" width=\"1210\" height=\"491\" src=\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2025\/12\/microsegmentation_report_chart_essential_automation_perception.webp\" alt=\"Chart showing whether respondents perceive automation to be essential\" class=\"wp-image-482661\" style=\"width:800px\"\/><\/noscript><figcaption class=\"wp-element-caption\"><strong>Question:<\/strong> To what extent do you agree with the following statement? \u201cAutomation is key to scaling and achieving maturity in segmentation projects.\u201d Base: 1,000 respondents. Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).<\/figcaption><\/figure>\n<\/div>\n<h2 class=\"wp-block-heading has-cisco-green-color has-text-color has-link-color wp-elements-72e082b778553403fe5a43f93a15ff43\" id=\"h-a-dual-approach-enables-a-proactive-cybersecurity-strategy\" style=\"font-style:normal;font-weight:400\">A Dual Approach Enables a Proactive Cybersecurity Strategy<\/h2>\n<p>The ability to implement micro-segmentation at scale in conjunction with macro-segmentation has become foundational to modern enterprise security strategies and the zero-trust security model. This enables organizations to recover more quickly, better align their teams, and enforce segmentation more consistently\u2014in combination, allowing for a proactive approach to cybersecurity. Although segmentation is an old concept (from an IT perspective, of course), it remains a critical component of a proactive enterprise security approach\u2014mainly due to its adaptation for modern environments.<\/p>\n<p>In my next blog, I\u2019ll outline the challenges organizations are facing today when implementing segmentation projects. In the meantime, download the 2025 Cisco Segmentation Report to better understand the state of segmentation today.<\/p>\n<hr class=\"wp-block-separator aligncenter has-text-color has-light-gray-color has-alpha-channel-opacity has-light-gray-background-color has-background is-style-wide\"\/>\n<p class=\"has-text-align-center\"><em>We\u2019d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.<\/em><\/p>\n<p class=\"has-text-align-center\"><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-cisco-green-color\">Cisco Security Social Media<\/mark><\/strong><\/p>\n<p class=\"has-text-align-center\">LinkedIn<br \/>Facebook<br \/>Instagram<br \/><a href=\"https:\/\/twitter.com\/CiscoSecure\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a><\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script async defer src=\"https:\/\/platform.instagram.com\/en_US\/embeds.js\"><\/script><br \/>\n<br \/><p><a href=\"https:\/\/dmsretail.com\/online-workshops-list\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-496\" src=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\" alt=\"Retail Online Training\" width=\"729\" height=\"91\" srcset=\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png 729w, https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90-300x37.png 300w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\" \/><\/a><\/p><br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The 2025 Cisco Segmentation Report, with 1,000 respondents, was released last month and has prompted me to think more deeply about the evolution of the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16376,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-16375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/16375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=16375"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/16375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/16376"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=16375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=16375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=16375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}