Why Network Segmentation Projects Fail
This addresses a critical issue for enterprise security practitioners by providing systematic empirical insights into segmentation project failures, though it is incremental as it builds on existing failure frameworks.
The paper tackles the problem of why network segmentation projects frequently fail by conducting an empirical survey of 400 U.S. network security practitioners, revealing four distinct failure archetypes and finding that practitioners prioritize general IT project management fixes over segmentation-specific solutions.
Network segmentation is a foundational enterprise security control. Despite its recognized benefits, segmentation initiatives frequently fail in practice, and the field lacks a systematic empirical explanation for why these projects do not achieve their intended outcomes. This paper presents an empirical study of failed segmentation projects based on a survey of 400 U.S.-based\ network security practitioners. The survey was grounded in a two-part failure framework that separately measures general IT project failure factors and segmentation-specific technical and operational barriers. Clustering analysis of the responses reveals four distinct failure archetypes. Surprisingly, practitioners across all four archetypes propose general IT project management fixes over segmentation-specific fixes in the same ratio.