• Zero Trust
  • Microsegmentation
  • Security Architecture
  • Agentic AI
  • ·
  • Jun 05, 2026

Integration is the Architecture: The Two Worlds of Microsegmentation

One camp secures the network you already have. The other decides the network should not exist unless you are allowed to see it. You would love to run both. Most enterprises will not.

Nikola Novoselec

Nikola Novoselec

Founder & CTO

Integration is the Architecture: The Two Worlds of Microsegmentation

Part 2 of a series. Part 1 covered North-South - the boundary between Swiss Post and the outside world. This part goes inside, to East-West: the traffic between systems we own. One honest difference up front - in Part 1 the architecture was decided, so I named the stack. East-West is still in evaluation. So this is the map, not the verdict. Deliberately vendor-neutral, because the architecture is true regardless of who you buy from.

Integration is the Architecture: Zero Trust at National Scale covered the boundary. This goes inside.

Most enterprises still run their domains in a tangle: North-South and East-West, users and systems, workplace and datacenter, all crammed through the same overloaded controls. A real Zero Trust architecture cuts that knot in two. North-South swallows everything you cannot declare in advance - users, partners, external systems, and now AI agents - the unpredictable crowd showing up from outside, where you verify every single time because you cannot write their rules ahead of them. Part 1 was about governing exactly that: access as a consensus of signals, not a single wall.

But nobody shows up for the lobby. They come to reach something inside. And the moment a request stops asking “who is allowed in” and starts asking “what may talk to what,” the players are known and policy can finally be written down.

Where the North-South fabric ends, the East-West fabric begins. Two sides of one coin - and one without the other is not half a Zero Trust architecture. It is none.

This is the inside half - server to server, service to service, workload to workload. It is also where the real damage happens. An intruder who makes it past the perimeter does not smash and grab; they move in. They look around. They take their time - and by the time anyone notices, the typical one has had the run of the place for over a week.

1. Inside Is a Different Problem

Perimeter thinking gets one thing wrong, and it is fatal: a firewall at the edge assumes the inside is friendly. So the day something slips past it - a phished password, a popped edge box, a poisoned dependency - the attacker lands in an open field. They move sideways using the tools already lying around on your hosts, and a flat network waves them through.

“But we have controls inside,” you will say - IDS, IPS, EDR, NAT gateways, proxies, a SOC drowning in alerts. Fair. But notice what most of that pile actually does: it watches and inspects. It does not contain. It swears you will know the moment something is wrong - then the dwell-time numbers land, and “we will know” becomes “we will find out eventually, often from someone outside the building.” All that gear, and not one box of it stops a compromised host from reaching the one beside it. The castle had one wall, they are already over it - and the cameras inside only recorded the tour.

Detection tells you the break-in happened. Containment decides how far it gets - and containment lives on the inside.

The standards saw this coming. NIST’s Zero Trust Architecture is built on one uncomfortable sentence: location is not trust. Being “inside” earns you nothing - every connection is verified, per session, least privilege, every time. CISA turned the same idea into a ladder, dragging the network from big trusted zones at the bottom to micro-perimeters with just-in-time, just-enough connectivity at the top. Every serious framework points the same way: shrink the trusted zone until it is the size of a single workload.

Goal agreed. The fight - the part nobody prints in the maturity model - is how you get there. And that is where the two worlds stop agreeing.

2. World One: Secure the Network You Have

Let me introduce the first world - the one most of you already live in.

World One leaves your network exactly where it is - VLANs, routing, subnets, all of it - and drops a thin agent onto every host. On virtualized estates it can ride the hypervisor’s virtual switch instead, no in-guest agent at all. A controller works out least-privilege policy and hands it to those agents. They do not sit in the traffic path - they use the firewall already built into every operating system, so each host polices itself, dropping any connection it is not allowed to make. No new appliance, no rerouting. The network keeps doing its day job; segmentation just moves up onto the workload.

World One changes nothing about your network and everything about what it is allowed to do.

Its superpower is eyesight. The agent lives on the host, so it sees what the wire never could: which process opened a connection, and to which service. It draws you a live map of how your estate actually talks to itself - usually surfacing a dozen flows nobody knew existed - and a few somebody swears they killed years ago. You author policy in labels - “this tier talks to that tier” - and the controller keeps mapping them onto the live hosts underneath, so your rules do not shatter every time an address changes.

Flip a segment to deny-by-default and everything you did not bless gets dropped. Ringfence an app, and the box next door becomes a dead end. The good platforms pile on detection too - decoys that lateral movement trips over, reputation feeds that surface the threats already sitting quiet.

Run a big brownfield estate - datacenters, VMs, server farms, the accumulated sediment of decades - and nothing beats an agent on every host for deep East-West visibility and containment. It enforces on the inside and tells you, process by process, what the inside is actually doing - and it will happily cover the legacy apps you will never get to rewrite.

It has exactly one assumption baked in. It assumes you can put an agent on the thing. Hold that thought.

3. Where World One Strains

Here is where it gets uncomfortable - and these cracks do not take a patch.

Underneath, it enforces on the network layer. The better network controls dress that up - they identify the application and map a username onto the traffic, real machinery doing real work. But the rule it produces is still glued to an IP address. Where that IP is shared without a special agent, or gets reassigned, the identity peels off it. Identity-flavored network security. Not identity.

On a flat network, fine. In a hybrid, multicloud one it falls apart: the moment traffic leaves the host it hits NAT, load balancers, and overlapping IP ranges - the same 10.x.x.x standing for ten different machines in ten different clouds.

So the address your rule points at usually is not the real destination - it is a gateway, a VIP, the next hop. You are policing a signpost, not a place. On the way out especially, the precision does not fade. It disappears.

Dress it up however you like - World One still resolves to an address. In a NAT’d, multicloud world, that is an address that points everywhere and pins down nothing.

It also wants ground that holds still, and Kubernetes never does. Workloads come and go by the second, and the cluster segments by identity at the platform layer - its network policy, the CNI, or a service mesh where one runs - not at the host firewall underneath. The traditional host agent there is left chasing churn, and where a mesh runs, ciphertext it cannot read. So it mostly stops enforcing and starts managing someone else’s controls.

And it cannot touch the machines that are not really computers. You will not be installing an agent on the sorting machines and industrial appliances running a Swiss Post parcel center, or on the cameras, printers, and badge readers in every building - they run firmware, and nobody halts a sorting line to patch one. For all of that, enforcement moves out into the network, agentless and coarser by definition.

So World One is not legacy. It is superb on flat networks full of machines that can hold an agent, and strained by everything hybrid, cloud-native, or sealed shut. The bridge for the sealed-shut world is an agentless gateway that fronts each device and boxes it into a segment of one - which, you will notice, is starting to sound a lot like the second world.

4. World Two: Replace Reachability with Identity

So what is the other answer? Stop guarding the network. Stop letting it be reachable in the first place.

World Two lives inside, on your own network: a fabric of its own, with an identity of its own. It runs on one rule - the one behind Zero Trust Network Access (ZTNA) and the Software-Defined Perimeter (SDP) - no identity, no connection. The machinery has flavors: some fabrics make identity the path itself; others pull traffic into an inspection fabric and enrich it with surrounding context before it continues - but the architectural move is the same: the underlay stops being the thing you trust.

If you have seen The Matrix, you already have the picture: a hidden corridor lined with doors, and a key - cut by the Keymaker - for every connection allowed to exist. Every system opens a door into that corridor: an outbound tunnel. The fabric accepts every door and opens none of its own; its one job is to connect two doors when a key exists for them. The key is policy. Two systems never meet on the underlay - they meet in the corridor, or not at all. Frankly, the best overlay-microsegmentation explainer I know is a Matrix rewatch.

A hallway of identical doors as a metaphor for identity-gated internal connectivity

And the network underneath nearly disappears. The only machines that still need the old plumbing are the handful that run the fabric - a few dozen, even at Swiss Post’s scale. Everything else just tunnels in, and thousands of rules and routes shrink to those few machines and a single policy on top.

A path that crossed fifteen hops and a dozen firewalls on the underlay crosses three on the overlay: on-ramp, fabric, off-ramp. The complexity is not managed. It is deleted.

And you do not rip anything out to get there. The overlay rides on top of what you already run: deploy it, shift traffic across while everything keeps working, then start switching off the underlay you no longer need - firewall rules, VLANs, whole appliances - one safe step at a time. Migration and simplification stop being two projects. They become the same motion.

The identity doing the stitching is not a user login - it is a certificate, from a CA or issued for an identity your IdP provisions over SCIM, that lets an endpoint open its tunnel and earns it the right to be stitched to another. Connectivity identity, not application identity. Every stitch is mutually authenticated, encrypted, deny-by-default. Microsegmentation is not a feature you switch on; it is the resting state.

In World One you connect, then restrict. In World Two there is nothing to restrict, because nothing connects until policy says so.

It even ships like World One - an agent, a connector - but does the opposite job: World One’s agent enforces, this one only connects - the on-ramp and off-ramp for the fabric. The SDK is the one to watch: compile it into an AI agent and the agent gets its own identity and a direct, port-less line to the Model Context Protocol (MCP) servers and APIs it is cleared to reach.

To anything unauthorized on the underlay, there is nothing to scan - no port, no silhouette. The attack surface is not zero - the fabric, its control plane, and the CA still need defending - but the attacker’s favorite first move is gone, and unauthorized lateral movement mostly evaporates: the reachability it needs never existed.

5. Where World Two Strains

Every word of that was the upside. The tradeoff now flips: World Two solves the reachability problem that strains World One, but it gives up some of the host-level eyesight World One was built for.

Start with the thing World One does best: seeing. World Two knows exactly who is talking to whom - identity, clean and certain. But it is young, and the deep observability that takes years to build is not there yet. World Two tells you who. World One tells you what they did, when, and whether it was normal.

And identity, by itself, is not risk. The overlay can prove who an identity is and still have no idea whether that laptop is patched, that workload is compromised, or that behavior just went sideways. To enforce on anything more than identity - to make access genuinely risk-based - World Two has to consume posture signals from its environment through integration: the Zero Trust Edge, device management, the IdP, EDR, threat feeds. It is a brilliant decider and a borrowed sensor. Starve it of those inputs and it falls back to a smarter on/off switch.

World Two knows who you are. Whether you can be trusted right now, it has to borrow from somewhere else.

Then the cost of admission. Every system you want on the overlay needs an on-ramp - drop in an agent or connector, or compile in the SDK for the code you own. It is non-disruptive, but across a large estate it is still a real rollout. Routing every flow through the fabric adds latency you plan around - negligible for most traffic, a real constraint for the latency-sensitive. And the legacy apps that lean on broadcast or layer-2 adjacency do not bend to an identity overlay - they break on it, by design.

And it hits the same wall World One did. You cannot compile an SDK into a PLC or drop an agent onto a badge reader - they cannot be overlay citizens. You front them with a connector and they ride in behind it: identity by proxy, the last mile left to the device’s own TLS - if it has any. The overlay’s clean per-workload model stops at that connector; behind it sits the same sealed device World One could not reach either.

And the complexity it deletes from the network can creep back into the policy. Over-entitled identities, stale service accounts, a connector that ends up fronting half the estate - get the model wrong and you have rebuilt the flat network, this time wearing an identity badge. It is only as good as the rules you keep honest, and it only protects what you put on it.

6. The Honest Tradeoff - and Why the Choice Will Not Wait

There is no winner here. There is a decision - harder than any vendor will admit. The two worlds answer different questions: World One, how to see and contain the network you run; World Two, how to make connectivity a privilege. You would love to run both - lovely on a slide, almost nobody will. Two parallel stacks - two policy models, two consoles, two skill sets - are the opposite of the cost and complexity everyone chases.

“Run both” is a slide, not a budget. You pick a center of gravity, or complexity picks one for you.

So which is the center of gravity for your interior? Lean World One for host-level visibility on agent-capable machines; lean World Two to escape a multicloud underlay you can no longer reason about, when you would rather run on identity than routes. You read where your estate actually lives, and you commit. The only forced exceptions: OT and IoT islands holding neither agent nor SDK, bridged by gateways into your chosen fabric.

Which is where the series title stops being a tagline: once you have chosen, the hard part is the integration, not the category. Treat either as a standalone tool and you have bought an expensive island; wire it into one policy intent, one identity fabric, one network design - and you have built architecture.

And the estate will not wait - hybrid sprawl, cloud-native workloads, a wave of AI agents, all more East-West, less of it human, none of it waiting for you to decide. Agents make it vivid: an agent’s reach is East-West, whether it entered North-South or was born inside. Call an internal service or MCP server and it is a workload talking to a workload inside your house - and a compromised one turns those calls into lateral movement. SaaS MCPs stay North-South. Plenty never touch the edge at all.

Whatever governs your interior governs everything inside it, agents included: make the fabric explicit and a compromised one stops at its policy edge; leave it implicit and it inherits every shortcut, exception, and flat path in the estate - no change window required.

MCP is just the loudest version of an old East-West problem: a portal proves the caller is allowed to ask - never what the call can reach once it is inside.

Entry is not reach. The portal governs the request; the interior fabric governs the blast radius.

The Bottom Line

So what does it come down to?

Microsegmentation was never a product you buy. It is a question about where trust lives - in the shape of the network, or in the identity of the endpoint.

One defends the ground you stand on; the other yanks the ground out from under everyone who was not invited. Both are right - about different estates, different constraints, different decades of accumulated reality.

The mature architecture admits it cannot run both. It reads where its estate actually lives, and commits.

And then it earns the result the only way that is left: through integration. The world you pick sets the ceiling. The integration decides whether you ever reach it.

The real shift is bigger than containment. East-West used to be plumbing: routes, addresses, ports, firewall tickets. Now it is becoming an operating model for how systems discover each other, prove intent, exchange context, and earn the right to communicate.

Different paths, same destination: the separation between “networking” and “security” starts to disappear.

Integration was always the architecture. The future of internal connectivity is not a network with security bolted on; it is connectivity and security becoming the same thing.


Loslegen

Bereit, Ihre Architektur zu transformieren?

Ob Sie ein Zero Trust Assessment, eine AI Governance Architektur, Beratung zur Einführung von Agentic Coding oder Hilfe bei der richtigen Technologieauswahl brauchen - lassen Sie uns Ihre spezifische Situation besprechen. Direktes Gespräch mit dem Architekten, der die Arbeit macht.

00 +

Jahre Erfahrung

Von Assessment über Architektur bis zur Implementierung

0

Branchen

Logistik, Transport, Finanzwesen, Öffentlicher Sektor

000 %

Technologieberatung

Empfehlungen basierend auf architektonischer Passung, Integrationsbedarf und Ihrem Betriebsmodell.