Network Segmentation

Isolating workloads through zones, micro-segmentation, and zero trust

Why Network Segmentation?

Network segmentation divides a network into isolated zones, limiting the blast radius of a breach. An attacker who compromises one zone cannot easily move laterally to higher-security zones.

Segmentation Strategies

  • Zone-Based — Separate networks for different security levels (PUBLIC, NORMAL, HIGH, VERY HIGH).
  • Micro-Segmentation — Fine-grained isolation at the workload or container level.
  • Zero Trust — Never trust, always verify. Every request is authenticated and authorized.
  • PrivateLink — Private connectivity between zones without traversing the public internet.

Signando's Four-Zone Architecture

Signando implements a four-zone architecture with increasing isolation: PUBLIC (web frontends), NORMAL (APIs), HIGH (admin and internal APIs), and VERY HIGH (databases). Communication between zones uses AWS PrivateLink with Application Layer Gateways filtering every request.

Back to Know-How