The Right IT Segmentation Can Save Your Network


It’s not uncommon for an organization’s IT network’s topography to be relatively flat. By this, I mean a company’s data infrastructure has many ways for someone to access it from the outside.

At first glance, it would appear that such configurations would be clean, efficient and easy to manage. The opposite is true. These types of systems are easily infiltrated, hard to maintain and a great risk to business operations.

Hackers will find that there are plenty of opportunities to trick an employee into providing them a conduit to their company’s mission critical data in a flat IT architecture environment. They are sophisticated in their outreach and effective in making the team member believe their request for personal and corporate information is a legitimate one. Before you know it, your network is breached and a large operational, legal and financial headache is on your shoulders.

If the network I described sounds remarkably similar to yours, it might be a good idea to develop a plan to segment duties across multiple networks. Should a hacker infiltrate one area, it is far less likely their disruption will spread across your entire landscape. Believe it or not, segmenting the network can also make it easier to maintain your IT infrastructure. You’ll detect abnormalities, such as an unusually high level of activity or traffic at odd hours, faster and create fixes for them in quicker fashion.

As important, though, is how your organization segments its IT assets. Don’t arbitrarily decide what equipment and data are housed in one area versus the other. Keep servers and workstations separate. Doing otherwise defeats the purpose of segmentation. Otherwise, a user who takes a phishing bait will allow the perpetrator to bypass all protective firewalls and access to the entire server farm in short order.

Be sure to also set up processes to upgrade equipment systematically. Don’t “blanket” accept updates or set your gear to download modifications automatically. Formalize stated policies and procedures that look at the updates and their potential impacts to your network. Prioritize which ones are necessary as opposed to “nice to haves.” Set up a “proof of concept,” or test environment, before going live with any updates. It will be important to ensure no downtime occurs when upgrading your network.

Segmenting your IT infrastructure is becoming a more common practice, as it should be. For a network to be as secure as it can be, it’s vital to have the right segmentation scheme. In this day and age where employees have access to critical company data 24/7 and from multiple devices, there is no other recourse. The time period of granting access only through a desktop computer during normal working hours is long gone. Businesses fully appreciate that employees, customers, partners and other stakeholders need access to information around the clock and through many different ways. Properly segmenting your network is no longer a nice to have, but a “must do.”

About the Author: Efrem Gonzales is the Founder and CEO of Tec-Refresh, a nationwide provider of IT infrastructure, cyber security, data and networking solutions and support services. He can be reached at