Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type of failure a team experiences depends heavily on the kind of environment and approach they attempted.
The research, conducted in early 2026, applied latent class analysis to survey responses measuring both general IT project failure factors and segmentation-specific technical barriers.
Four failure archetypes
Half of respondents (50.2%) fell into the category the paper calls Perfect Storm. In these projects, general IT project management problems and segmentation-specific technical challenges occurred simultaneously across the board. Goals were unclear, leadership sponsorship was weak, scope crept, timelines were unrealistic, and the environment itself was complex, poorly understood, and difficult to segment without disrupting production systems. Every factor contributed.
The second-largest group (33.5%) is labeled Diffuse Friction. These projects did not collapse under any single failure. Goal clarity and sponsorship were somewhat better than in Perfect Storm, and moderate friction accumulated across multiple dimensions, both organizational and technical, until the project stalled. Roughly two-thirds of respondents in this group rated technical factors higher than project management factors on average. The remaining two archetypes are smaller and more specific in their failure signatures.
Operational Drag (8.5% of respondents) describes projects where leadership sponsorship and goal definition were adequate. Executives were on board and the project had a mandate. What brought it down was the ongoing operational burden of building and maintaining segmentation policies, compounded by reluctance to enforce segments aggressively due to concerns about application outages. Almost no one in this group blamed weak leadership or unclear goals. The majority pointed to excessive manual policy burden and outage risk.
Scope and Visibility Trap (7.8%) is the most technically specific archetype. Every respondent in this group endorsed scope creep. Nearly all reported insufficient visibility into assets. The environment was complex, the timeline was unrealistic, and teams were unwilling to risk disrupting production systems.
What the environment tells you about likely failure type
The archetypes are not distributed randomly across project types. Campus networks and Layer-2 macro-segmentation with VLANs and VXLANs are both statistically associated with the more severe archetypes. Projects with campus networks in scope were significantly more likely to land in Perfect Storm or Scope and Visibility Trap. Projects using Layer-2 macro-segmentation were disproportionately represented in Scope and Visibility Trap, the archetype where asset visibility was almost universally reported as insufficient. That connection makes sense: Layer-2 zone design depends heavily on knowing what assets exist and where they sit.
Workload type showed no significant association with any archetype. Whether the environment ran bare metal, virtualized, containerized, or serverless workloads, the failure pattern was consistent. The variables that matter are the ones describing approach and network scope, not what the workloads are.
The gap between diagnosis and remedy
The most consequential finding has nothing to do with the archetypes themselves. When respondents were asked what single change they would make if they could repeat the project, all four groups gave nearly identical answers: approximately 70% proposed a general IT project management fix, and 30% proposed a segmentation-specific fix.
That ratio held even in Operational Drag, where respondents had explicitly rejected project management failures as a cause and identified policy maintenance burden and outage risk as the primary barriers. It held in Scope and Visibility Trap, where insufficient asset visibility and environmental complexity were the dominant attributed causes. In both groups, roughly three-quarters of respondents still proposed general IT management fixes.
The paper offers two explanations. One is that working inside a poorly governed project leaves a lasting impression on practitioners, such that their proposed remedies reflect a general sense that the project was mishandled, even when the proximate cause was technical. The other is that general project management failures are genuinely upstream causes. A project scoped realistically, resourced adequately, and governed with decision authority might have encountered the same technical barriers earlier and resolved them before they became fatal.
Project governance is a necessary baseline. A project without it is unlikely to succeed regardless of technical approach. When the failure is primarily technical, as in Operational Drag or Scope and Visibility Trap, the technical problem requires a direct technical response. Better governance alone will not resolve excessive manual policy burden or insufficient asset visibility.
What practitioners can do with this
The archetype framework gives teams a way to diagnose their situation before a project fails. A team planning campus segmentation using Layer-2 macro-segmentation is at elevated risk of landing in either Perfect Storm or Scope and Visibility Trap. Pre-project investment in asset discovery and environmental scoping addresses the Scope and Visibility Trap profile directly. A team with adequate executive sponsorship and defined goals that is experiencing growing policy maintenance burden is likely in Operational Drag territory. That calls for policy automation investment and a deliberate conversation about acceptable disruption risk.
Organizations running micro-segmentation projects were distributed more evenly across archetypes, and neither workload type nor most network environments were associated with specific failure patterns. The associations that matter are the ones describing the approach: Layer-2 or Layer-3, macro or micro, and whether the campus is in scope.
Guide: Breach and Attack Simulation & Automated Penetration Testing
