Packet Protector PP079: Rethinking the Architecture of Microsegmentation
Sep 23, 2025
Philip Griffiths, Head of Strategic Sales at NetFoundry and a prominent voice in Cloud Security Alliance, dives deep into the intricacies of microsegmentation. He defines it as isolating workloads for enhanced security and links it to Zero Trust principles like continuous authentication and identity enforcement. Philip discusses the importance of starting with protect surfaces for implementing microsegmentation effectively. He also explores the potential of eBPF for real-time visibility and shares visions of identity-embedded applications for the future.
AI Snips
Chapters
Transcript
Episode notes
Microsegmentation Must Target Services
- Micro-segmentation isolates workloads, processes, and users into smaller zones while enforcing least privilege around identity context.
- It must target services/processes, not just create new IP-based network segments to be meaningful.
Start With Strong Identity
- Start micro-segmentation with strong cryptographic identity and continuous authentication tied to services and policies.
- Build policies around identities and services instead of IP addresses to achieve true least-privilege enforcement.
Protect Your Critical Workflows First
- Identify your protect surface and pick a small critical use case as a minimum viable workflow to secure first.
- Tie micro-segmentation projects to business outcomes like protecting billing or critical OT workflows to get executive buy-in.