In his session, Raja Ukul of ColorTokens unpacked what organisations should prioritise when evaluating micro-segmentation solutions. Far from a sales pitch, his talk centered on the realities of implementation and the common pitfalls he has observed across various industries.
Ukul’s first message was clear: speed matters. Too many organisations embark on micro-segmentation projects that take years — sometimes even outlasting their own contracts. Effective solutions should deliver value in weeks or months, not years or decades.
He also emphasised the importance of granularity, explaining that the more tightly organisations can segment applications, workloads, and devices, the smaller the blast radius during an attack. Even “a segment of one,” he said, is sometimes necessary for environments like utilities and IoT.
AI emerged as a major concern. “There’s no such thing as safe AI,” Ukul said, warning that non-human identities like APIs and microservices pose growing risks. Strong identity-based controls are essential.
He advised organisations to avoid adding yet another agent to already cluttered devices, instead favouring solutions that leverage existing security investments.
Finally, Ukul highlighted the operational benefits of micro-segmentation: the ability to isolate only the compromised portion of the network, rather than shutting down the entire enterprise. This preserves continuity, prevents reputational damage, and simplifies recovery.
Recommendations
GIW Federal 2025: Emerging cyber threats and strategic responses for Australia's Federal Government
GIW Federal 2025: Policy Development of Horizon 2 of the Government Cyber Security Strategy with Ash Bell
EntraGoat is a deliberately vulnerable lab that simulates real-world identity misconfigurations in Microsoft Entra ID.
GIW Queensland - Honourable Steven Minnikin MP
