Network segmentation is one of many things an organization can do to improve their security posture – and those that resist investment in the right security could be exposed to more expenses or breaches.

That's according to ForeScout, which notes that the scope and reach of networks is expanding, which means network segmentation should be considered as part of any security arsenal.

ForeScout says that network segmentation splits networks into specific zones, which can then enact barriers against infiltrators. Those infiltrators then have difficulty compromising an entire network.

The company argues that while non-segmented networks are generally protected by a firewall, hackers can still break through and access an organization's network and data.

Network segmentation can prevent these types of compromises.

According to ForeScout senior director for Asia Pacific and Japan, Steve Hunter, segmentation can reduce the scope of a breach, and also allows organizations to group assets with similar data protection requirements.

“For example, this can help healthcare companies apply more stringent and expensive protections on critical patient data, or retailers complying with PCI to use less expensive protections for less important services,” Hunter explains. “Security challenges continue to challenge a company's capacity to respond. Network-connected devices and the resulting IP traffic will continue to increase. This ongoing growth in our networks will require insight, visibility and control.

ForeScout says there are three reasons why managers should adopt network segmentation:

1. It is a core security practice that is necessary:

Network segmentation lets organizations protect data more effectively. Dysfunctional security measures can knock services and applications offline, bringing business to a halt.

Additionally, in a political environment where company data practice is highly scrutinised, given the General Data Protection Regulation (GDPR)* in Europe, and the Notifiable Data Breaches (NDB) scheme in Australia, organizations must demonstrate they're conscientious custodians of confidential information. A data breach could spell costly fines and cause severe reputational damage.

2. Security measures sensibly applied can save organizations money: 

Security breaches often turn customers away and impact an organization's profit. Organizations also need to spend large amounts of money cleaning up messes caused by cyberattacks.

This includes reaching out to customers, addressing the public, restoring data, fixing software, catering to staff needs and paying for immediate (expensive) security damage control. Organizations should adopt recommended security measures, so they can save money in the long run. Secure, segmented networks are a foundation for effective data asset protection.

3. Building a segmented network can be straightforward: 

Many companies resist segmentation because they think it's expensive and cumbersome. The industry hasn't helped with a focus on new approaches that require whole new networks.

However, it needn't break the bank, nor require a complete redesign of an existing network. Segmentation can easily integrate with existing software and connected devices. The techniques for segmentation in a newer network may differ from an ageing network or in a cloud network, but segmentation is needed in all of them.

“Managers should open their minds to new security practices, learn how their networks operate and understand how segmentation can protect their organization,” Hunter says.

“This type of digital transformation can help keep businesses afloat, even in the face of a significant cyberattack. Organizations that fail to embrace visibility and network segmentation will fall behind and open themselves up to increased risks of cyberattack, along with major financial and business implications.