Network Segmentation

What Does Network Segmentation Mean?

Network segmentation is a strategy for limiting the potential impace of a security exploit by dividing a large network into smaller physical or virtual networks called subnetworks or subnets.


The goal of network segmentation is to limit unauthorized access to devices, data, and applications by restricting communication between subnetworks. Network segmentation plays an important role in Zero Trust because it limits opportunities for unauthorized lateral movement within a network.

When a network is segmented, each subnet functions as a virtual local area network (VLAN). Security policies are used to determine which users, services or devices can interconnect subnets. The most valuable resources will have the strictest access controls.

Techopedia Explains Network Segmentation

One example of network segmentation involves placing an internal firewall inside a network. Network engineers can segment the two different sides of that firewall into specific sub-network areas. For example, data can go into the first sub-network environment and be scanned for malicious code before it progresses through the firewall to the other side of the network.

Another big use for network segmentation is to route data in the most efficient and effective way. In order to optimize workflows, engineers may only send certain kinds of data through a particular network segment, either to improve security, or to cut out unnecessary traffic that puts pressure on network hardware or requires more resources.


Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.