Segmentation is a well-established security idea - 'don't put all your eggs in one basket!' It is common sense in cyber-security, CPTED, personal protection and asymmetric warfare. In whole-of-business cyber-security we apply segmentation to all aspects of a business, as appropriate. Segmentation of business assets is guided by Information Risk Assessment.
Segmentation provides a basis for layering of cyber-protection to reduce business risks and increase difficulty for cyber-attackers. Segmentation is a powerful, management-based cyber-security method...
The use of segmentation in cyber security is recent. It became more widely adopted last year in IT with a primarily network-based security focus. In October 2016 Stacey Winn commented, '...the future is now, with network segmentation leading the way... physically separating computer networks, so that each network is visible only to users who have the appropriate access rights... In stark contrast to ... easy-to-penetrate flat networks.' This network-based idea of segmentation can be seen in terms of castle security as having a secure outside wall and then rules about which streets particular groups can walk inside the castle.
In 'whole of business' cyber security we apply segmentation to any relevant business assets important or critical to the business in order to arrange appropriate cyber-protection. Typically, business process changes are enablers of segmentation for layering of cyber-protection, to reduce risk and improve security outcomes.
In many cases, business process changes for segmentation can resolve, simplify or even remove cyber-security problems.
"Appropriate business process changes can mean ... IT security problems resolved..."