Secure Architecture Design – Network Segmentation

Network segmentation is a fundamental defense-in-depth strategy to limit communications across network boundaries and protect assets from unauthorized access. However, a commonly identified weakness during risk assessments is often a lack of appropriate network segmentation.

A recent post at the AT&T Cybersecurity Blog complements #3 – Minimize Control System Exposure from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, by highlighting best practices and requirements for network segmentation. The article explains network segmentation, how it compares to micro segmentation, and how it complements zero trust. Some best practices for implementing network segmentation are discussed, including resisting the urge to over segment, the importance of regular audits, and appropriately managing third party access. Read more at AT&T.