BLOG / Illumio

4 Common Objections to Zero Trust Segmentation — And How to Overcome Them

authorKelvin Franklin, Field CTO, US West
authorOctober 1, 2021

Zero Trust segmentation can stop cyberattacks and ransomware from spreading across your organization. So why does it seem so difficult to implement?

Here are four common objections we’ve heard from IT leaders, especially at midsize organizations — those with 100 to 1,000 employees. And for each objection, a way to overcome it.

Objection #1: 'We Have Too Few Technical Staff'

To a very real extent, this objection is valid. Cybersecurity teams worldwide are currently understaffed by some 3.1 million people, estimates (ISC)², a nonprofit information-security association.

The issue is even more serious at midsize organizations. There, IT staffs are small enough that just keeping the lights on can be a challenge. A midsize organization’s IT team may not even include a cybersecurity specialist at all. As a result, the task of fighting ransomware can sink dangerously low on the team’s priorities list.

How to overcome

First, it helps to understand that implementing Zero Trust segmentation does not require high levels of technical sophistication. Instead, by providing greater visibility, segmentation tools can actually raise your staff’s level of technical sophistication. They show you which devices sit on your network, which applications they are running, and what processes and protocols they are communicating with.

With that information, you can step up your security game. For example, you could decide that Device A should never communicate with Device B. Or that certain protocols should never communicate between certain devices. That’s sophisticated — yet without requiring either sophisticated new skills from your employees or hiring new staff.

Objection #2: 'We Don’t Know Who Should Own It'

Here’s a question we hear a lot: If we decide to implement segmentation, who will own responsibility for it? The network or security teams? The business unit? The application owner?

How to overcome

This one is simple: Assign segmentation to security. After all, Zero Trust is a security issue. So it should be owned by security people. They’re the people responsible for defining firewall policies, and the people who understand the need to segment your network.

Of course you still will need the involvement of the relevant business units and application owners. They must approve the addition of new software agents to their servers. They also should understand how and why the organization is now using an agent to essentially control the firewall.

Objection #3: 'We're Afraid It Will Be Too Complex and Slow'

One concern we hear from prospective customers is their belief that Zero Trust segmentation will deliver value too slowly. In fact, they worry, it could take years, by which time they may have changed jobs.

These customers have heard that segmentation is complex and time-consuming. But they need quick wins that demonstrate value and produce a compelling ROI quickly.

How to overcome

Start small. Don’t boil the proverbial ocean.

First, understand that segmentation essentially takes the firewall concept down to the level of a server or host. You needn’t segment everything. The agent gives you granular control.

It’s like the difference between the front door to an apartment building and the front door to an individual apartment. Both are locked. But where the main door lets any resident into the building, the apartment door admits only its tenant. That’s control at a granular level.

Objection #4: 'We're Worried About Noncompliance'

Your organization may be among the many that need to comply with both government and industry regulations. If you’re in healthcare, for example, you must comply with US-based HIPAA guidelines. In finance, you must comply with PCI directives. Online retailers must follow Europe’s GDPR privacy rules.

However, the way you configure your network can affect your ability to become or stay compliant. That’s why some customers worry that segmentation could prevent them from either complying with important regulations or making them newly noncompliant.

How to overcome

Know that segmentation can actually bolster and strengthen your regulatory compliance. Segmentation can help you meet your important compliance requirements — and without the need to re-architect your network.

For example, healthcare providers can benefit from the way segmentation helps them ensure that only those ports and protocols that actually need to communicate are in fact able to do so. That’s a big improvement over what many of these providers have today, which is usually just a firewall at the network level.

Segmentation gives them control at the level of individual machines, subnets and the like. They gain visibility into every port on the firewall and can then decide what does and does not get through.


Get past the objections. Start protecting your most valuable IT assets with Zero Trust segmentation from Illumio.

Related articles

What Organizations Want From Their Zero Trust Segmentation Providers

Learn about the five features any segmentation solution should have, along with other insights from a poll by analyst Enterprise Strategy Group (ESG).
Read More

Assume breach.
Minimize impact.
Increase resilience.

Ready to learn more about Zero Trust Segmentation?