"Microsegmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually."
This Network Segmentation is not a new idea however, industries have implemented Virtual Local Area Networks (VLAN), Firewalls, Access Control Lists (ACL), etc. Individual separations lead to individual processes leading to a greater resistance to cyber attack. What makes Microsegmentation different is that is breaks it down even more. "Microsegmentation lets you do more fine-grained segmentation".
What are the benefits? What are the security challenges, if any?
Microsegmentation allows for IT pros to program communication from a certain type of device to another, that way security policies apply to those and move with those devices. As for challenges, Kerravala says “One of the big challenges with segmentation is you have to know what to segment. My research shows that 50% of companies have little or no confidence that they know what IT devices are on the network. If you don’t even know what devices are on the network, how do you know what kind of segments to create? There’s a lack of visibility into data center flows".