Research Segmentation: Objectives & Justification
Objective
Implement zero-trust network segmentation for all research endpoints:
-
Move all research devices to Untrusted VLAN by default
-
Policy-based access to required resources only
-
Eliminate lateral movement within research network
-
Micro-segmentation via ISE + TrustSec (if available)
Business Justification
Current State (Risk)
-
Research endpoints on shared VLANs
-
Lateral movement possible between devices
-
Flat network topology in some areas
-
Compliance gaps for sensitive research data
Target State (Zero Trust)
-
All research endpoints default to Untrusted VLAN
-
Access granted based on identity + posture
-
East-west traffic controlled via policy
-
Audit trail for all access decisions