The Segmentation Playbook: 6 Blockers and How to Beat Them
You know segmentation matters. But in complex environments — cluttered with IoT, such as building management systems or medical devices — knowing isn’t the same as doing. Vendor sprawl. Flat networks. Tools that can’t keep up. Compliance checklists with no proof of control. The blockers are real — and they’re why so many segmentation projects slow down or never start. This playbook shows how to break through. Not with theory, but with practical steps. Not with a blank slate but using what you already have. Segmentation isn’t about doing everything. It’s about progress. And this is how you get started.
What you'll learn
- Visibility is not the same as security. Many teams stop after gaining device visibility, but flat networks remain fully exposed until policies are actually enforced — giving a false sense of progress while attackers can still move freely.
- IoT and unmanaged devices are both your biggest risk and hardest to segment. They hold 64% of mid-to-high enterprise risks, can't be patched or taken offline, and are frequently skipped — which is exactly why attackers pivot through them.
- You don't need a perfect plan to start. Waiting for complete inventories, infrastructure refreshes, or a single-vendor stack keeps high-risk devices exposed indefinitely. Targeted, phased segmentation of specific device groups (e.g., IP cameras, POS terminals) reduces real risk now.
- Segmentation is a continuous workflow, not a one-time project. Policies must adapt as devices, behaviors, and threats change — and should integrate with detection tools so segmentation can dynamically contain threats in real time, not just prevent them.
Access resource
The Segmentation Playbook: 6 Blockers and How to Beat Them
- Why do NAC deployments so often stall?
- Fear of misconfiguring NAC in environments with diverse IoT/OT devices — where one wrong rule can halt critical operations — leads teams to delay indefinitely. The fix is scoping NAC to targeted high-impact zones first, piloting on specific device groups, and treating it as one layer of a broader strategy rather than the whole solution.
- Aren't VLANs enough for segmentation?
- No — 85% of healthcare VLANs contain mixed assets, meaning critical and legacy devices share the same segment. VLANs provide logical separation but not true isolation or enforcement against lateral movement.
- How does segmentation help with compliance?
- Frameworks like HIPAA, PCI, NIST, and ISO require demonstrated enforcement, not just intent. Maintaining documented segmentation policies, baselines, and audit logs aligned to these frameworks turns segmentation work into audit evidence.
- Where should a team start if they're completely stuck?
- Identify a small, high-risk device group (badge readers, imaging systems, HVAC), isolate it, document the result, and use that win to build momentum and alignment — rather than waiting for environment-wide readiness.
This resource is published by ORDR, the connected asset security company. ORDR delivers AI-powered visibility, risk assessment, and automated protection for IoT, OT, and IoMT devices across healthcare, manufacturing, government, and financial environments. Browse all resources →