Network segmentation is essential for OT security, yet many organizations struggle with practical implementation beyond basic VLAN configurations. Effective segmentation requires a multi-dimensional approach that balances security requirements with operational realities and ongoing maintenance demands.

In this session, Andy Kraft, director of OT at Loudoun Water, shares practical insights from implementing comprehensive segmentation across utility infrastructure, covering:

• Three-layer segmentation approach: Physical separation of networks, logical VLAN and subnet management, and identity-based access controls with separate OT domains and credential management;
• Operational realities: Addressing the "elusive air gap" myth, managing data flows between IT and OT environments, and balancing security with performance optimization;
• Advanced implementation strategies: Leveraging segmentation to enable privileged access management, behavioral analytics and secure remote access while maintaining continuous review processes for dynamic environments.