arxiv: 2604.08632 · v2 · submitted 2026-04-09 · 💻 cs.CR · cs.NI· stat.AP

Recognition: no theorem link

Why Network Segmentation Projects Fail

Rohit Dube

Authors on Pith no claims yet

Pith reviewed 2026-05-10 17:18 UTC · model grok-4.3

classification 💻 cs.CR cs.NIstat.AP

keywords network segmentationproject failurecybersecurityempirical surveyclustering analysisIT project managementsecurity controlsfailure archetypes

0 comments

The pith

Failed network segmentation projects fall into four distinct archetypes, with practitioners favoring general IT fixes equally across all types.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper investigates why network segmentation initiatives, a core security control, commonly fail to deliver expected results. It draws on a survey of 400 U.S. network security practitioners using a framework that separates everyday IT project problems from segmentation-specific technical and operational barriers. Clustering the collected responses identifies four recurring failure archetypes. Across every archetype, the ratio of recommended general project management solutions to segmentation-specific solutions stays the same.

Core claim

The central claim is that survey responses analyzed through clustering yield four distinct archetypes of failed network segmentation projects. Practitioners in all four archetypes propose general IT project management fixes over segmentation-specific fixes in the same ratio.

What carries the argument

A two-part failure framework that separately measures general IT project failure factors and segmentation-specific technical and operational barriers, then applies clustering analysis to surface archetypes.

If this is right

Failed projects can be mapped to one of four archetypes to guide diagnosis.
Remediation efforts should emphasize general IT project management practices in every archetype.
Segmentation-specific technical barriers appear secondary to broader project execution issues.
Standard project management training could improve outcomes for future segmentation work.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Organizations might gain more from strengthening overall project discipline than from specialized segmentation training alone.
The consistent preference for general fixes suggests segmentation knowledge is not the main bottleneck in these failures.
The archetypes could function as a practical checklist for teams starting new segmentation efforts.
Testing whether improved project management methods raise segmentation success rates would be a direct next step.

Load-bearing premise

Self-reported survey responses from 400 U.S.-based practitioners accurately and representatively capture the primary causes of segmentation project failures without significant bias or omission.

What would settle it

A follow-up survey using the same framework but with a substantially different practitioner sample that produces more, fewer, or differently distributed archetypes, or that shows unequal ratios of general versus specific fix recommendations.

Figures

Figures reproduced from arXiv: 2604.08632 by Rohit Dube.

**Figure 1.** Figure 1: Radar plot of medians for LCA clusters. Another component is tooling maturity and automation limitations. Effective segmentation requires tooling that supports discovery, policy management, enforcement, and validation at scale. Limitations in tooling maturity or integration increase operational overhead and constrain deployment scope [10]. Finally, the framework includes risk of business disruption. Se… view at source ↗

**Figure 2.** Figure 2: Network Environments in Scope by Cluster (Archetype). [PITH_FULL_IMAGE:figures/full_fig_p008_2.png] view at source ↗

**Figure 3.** Figure 3: Network Segmentation Model Type by Cluster (Archetype). [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗

**Figure 4.** Figure 4: Network Segmentation Approach Type by Cluster (Archetype). [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗

**Figure 5.** Figure 5: Proposed Fix Category by Failure Archetype. [PITH_FULL_IMAGE:figures/full_fig_p010_5.png] view at source ↗

**Figure 6.** Figure 6: Role Distribution of Respondents on Failed Segmentation Project. [PITH_FULL_IMAGE:figures/full_fig_p012_6.png] view at source ↗

**Figure 7.** Figure 7: Segmentation Projects Undertaken by Respondents over Career. [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗

read the original abstract

Network segmentation is a foundational enterprise security control. Despite its recognized benefits, segmentation initiatives frequently fail in practice, and the field lacks a systematic empirical explanation for why these projects do not achieve their intended outcomes. This paper presents an empirical study of failed segmentation projects based on a survey of 400 U.S.-based\ network security practitioners. The survey was grounded in a two-part failure framework that separately measures general IT project failure factors and segmentation-specific technical and operational barriers. Clustering analysis of the responses reveals four distinct failure archetypes. Surprisingly, practitioners across all four archetypes propose general IT project management fixes over segmentation-specific fixes in the same ratio.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This survey maps four failure archetypes in network segmentation projects from 400 practitioners but the clustering and uniform-fix claim rest on unreported methods.

read the letter

The paper's core contribution is an empirical survey of why enterprise network segmentation projects fail. It uses a two-part framework to separate general IT issues from segmentation-specific ones, then clusters the 400 U.S. practitioner responses into four archetypes. The notable observation is that respondents in every archetype favor broad IT project management remedies over targeted technical fixes at roughly the same rate. That uniformity is the part that could actually shift how security teams approach these initiatives, moving emphasis from tools to process discipline. The work is grounded in practitioner input rather than theory or lab experiments, which gives it direct relevance for people running these projects today. It also correctly notes the absence of prior systematic data on the topic. That said, the analysis steps are not described. There is no information on survey distribution, response rate, how the four clusters were chosen, or any check on cluster stability. The claim that the fix ratios are identical across archetypes is presented without a statistical test, so it is impossible to tell whether the sameness is real or just an impression from the data. Self-report bias is also unaddressed. These gaps make the archetypes and the uniformity finding hard to evaluate or replicate. The paper is aimed at security architects and IT leaders who need practical guidance on segmentation rollouts. A reader who wants data-driven patterns rather than vendor advice will find something useful here, even if the methods need tightening. It deserves peer review because the topic matters and the raw survey approach is a reasonable starting point; referees can push for the missing validation details and bias checks without discarding the overall framing.

Referee Report

3 major / 2 minor

Summary. The paper presents an empirical study of failed network segmentation projects based on a survey of 400 U.S.-based network security practitioners. Grounded in a two-part failure framework that separately measures general IT project failure factors and segmentation-specific technical and operational barriers, the authors apply clustering analysis to the responses and identify four distinct failure archetypes. They further report that practitioners across all four archetypes propose general IT project management fixes over segmentation-specific fixes in the same ratio.

Significance. If the clustering and ratio findings are statistically validated, the work would provide a systematic empirical account of segmentation project failures in enterprise security, highlighting four archetypes and a counterintuitive uniformity in recommended remedies. This could inform both research on security project management and practical guidance, moving beyond anecdotal explanations. The empirical survey approach itself is a strength in a field often dominated by technical descriptions.

major comments (3)

[Clustering Analysis] Clustering Analysis section: The identification of four distinct failure archetypes is presented without any description of the clustering algorithm, the procedure for selecting k=4, or internal validation metrics (silhouette score, Davies-Bouldin index, or bootstrap stability). This is load-bearing because the archetypes are the primary output and the basis for all subsequent claims about fix proposals.
[Analysis of Proposed Fixes] Analysis of Proposed Fixes section: The central observation that the ratio of general IT project management fixes to segmentation-specific fixes is identical across the four archetypes is stated without a formal statistical test (chi-square test for homogeneity, permutation test, or multinomial logistic regression) to assess whether the ratios differ significantly between clusters. This leaves the 'surprisingly same ratio' claim as an untested visual impression rather than a supported result.
[Survey Methodology] Survey Methodology section: No details are provided on survey design, sampling frame, response rate, or mitigation of self-report bias for the 400 responses. These omissions directly affect the reliability of the data used for both clustering and the fix-ratio analysis, which are the paper's core contributions.

minor comments (2)

[Introduction] The two-part failure framework would benefit from an explicit table or diagram showing the measured factors in each part to improve readability.
[Abstract] The abstract states the sample size and key findings but could more precisely indicate that the uniform ratio is an observational claim pending statistical confirmation.

Simulated Author's Rebuttal

3 responses · 0 unresolved

Thank you for the opportunity to revise our manuscript in response to the referee's comments. We have carefully considered each point and will make the necessary revisions to address the concerns regarding methodological transparency and statistical rigor.

read point-by-point responses

Referee: [Clustering Analysis] Clustering Analysis section: The identification of four distinct failure archetypes is presented without any description of the clustering algorithm, the procedure for selecting k=4, or internal validation metrics (silhouette score, Davies-Bouldin index, or bootstrap stability). This is load-bearing because the archetypes are the primary output and the basis for all subsequent claims about fix proposals.

Authors: We agree with the referee that additional details on the clustering procedure are essential for transparency and reproducibility. In the revised version, we will describe the clustering algorithm employed, the criteria used to determine the number of clusters (k=4), and include relevant validation metrics such as the silhouette score and Davies-Bouldin index to support the choice of four archetypes. revision: yes
Referee: [Analysis of Proposed Fixes] Analysis of Proposed Fixes section: The central observation that the ratio of general IT project management fixes to segmentation-specific fixes is identical across the four archetypes is stated without a formal statistical test (chi-square test for homogeneity, permutation test, or multinomial logistic regression) to assess whether the ratios differ significantly between clusters. This leaves the 'surprisingly same ratio' claim as an untested visual impression rather than a supported result.

Authors: The referee is correct that a formal statistical test would strengthen the claim of uniformity in the proposed fixes across archetypes. We will conduct a chi-square test of homogeneity on the proportions of fix types across the four clusters and report the results in the revised manuscript. This will either confirm the lack of significant differences or lead to a more nuanced interpretation. revision: yes
Referee: [Survey Methodology] Survey Methodology section: No details are provided on survey design, sampling frame, response rate, or mitigation of self-report bias for the 400 responses. These omissions directly affect the reliability of the data used for both clustering and the fix-ratio analysis, which are the paper's core contributions.

Authors: We recognize the importance of providing comprehensive survey methodology details. The revised manuscript will include an expanded section detailing the survey design process, the sampling approach used to recruit the 400 U.S.-based practitioners, the achieved response rate, and the measures implemented to address potential self-report biases, such as ensuring respondent anonymity and including attention checks. revision: yes

Circularity Check

0 steps flagged

No circularity: purely empirical survey with independent data collection and analysis

full rationale

The paper is an empirical study based on a survey of 400 practitioners using a two-part failure framework, followed by clustering to identify archetypes and observation of fix ratios. No equations, derivations, fitted parameters, or self-citations are load-bearing in the central claims. The clustering and ratio observations are presented as direct outputs of the survey data without reduction to prior inputs or self-referential definitions. This matches the default expectation for non-circular empirical work; the skeptic concerns address statistical validation rather than circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim depends on the untested validity of the two-part failure framework and on the assumption that practitioner self-reports faithfully reflect project outcomes.

axioms (1)

domain assumption The two-part failure framework separately and comprehensively measures general IT project failure factors and segmentation-specific technical and operational barriers.
Survey design and clustering rest directly on this framework.

pith-pipeline@v0.9.0 · 5386 in / 1313 out tokens · 88614 ms · 2026-05-10T17:18:52.036302+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

29 extracted references · 19 canonical work pages

[1]

Network segmentation security with the implementation of threats,

R. Bredesen and S. Mujeye, “Network segmentation security with the implementation of threats,” inProc. 8th Int. Conf. Softw. Eng. Inf. Manag. (ICSIM). ACM, 2025, pp. 137–141, doi: https://doi.or g/10.1145/3725899.3725920

work page doi:10.1145/3725899.3725920 2025
[2]

Network segmentation as a defense mechanism for securing enterprise networks,

N. R. Kotha, “Network segmentation as a defense mechanism for securing enterprise networks,”Turk. J. Comput. Math. Educ., vol. 11, no. 3, pp. 3023–3030, 2020, doi: https://doi.org/10.61841/turcomat. v11i3.14942

work page doi:10.61841/turcomat 2020
[3]

Towards automated cyber decision support: A case study on network segmentation for security,

N. Wagner, C. S ¸. S ¸ahin, M. Winterrose, J. Riordan, J. Pena, D. Han- son, and W. W. Streilein, “Towards automated cyber decision support: A case study on network segmentation for security,” inProc. IEEE Symp. Ser. Comput. Intell. (SSCI). Lexington, MA, USA: IEEE, 2016, pp. 1–10, doi: https://doi.org/10.1109/SSCI.2016.7849908

work page doi:10.1109/ssci.2016.7849908 2016
[4]

The causes of project failure,

J. K. Pinto and S. J. Mantel, “The causes of project failure,”IEEE Trans. Eng. Manag., vol. 37, no. 4, pp. 269–276, 1990, doi: https: //doi.org/10.1109/17.62322

work page doi:10.1109/17.62322 1990
[5]

Overspend? late? failure? what the data say about IT project risk in the public sector,

A. Budzier and B. Flyvbjerg, “Overspend? late? failure? what the data say about IT project risk in the public sector,” arXiv preprint, 2013, arXiv:1304.4525, https://arxiv.org/abs/1304.4525

work page arXiv 2013
[6]

Perceived causes of software project failures—an analysis of their relationships,

T. O. A. Lehtinen, M. V . M ¨antyl¨a, J. Vanhanen, J. Itkonen, and C. Lassenius, “Perceived causes of software project failures—an analysis of their relationships,”Inf. Softw. Technol., vol. 56, no. 6, pp. 623–643, 2014, doi: https://doi.org/10.1016/j.infsof.2014.01.015

work page doi:10.1016/j.infsof.2014.01.015 2014
[7]

IT project failures, causes and cures,

S. Lauesen, “IT project failures, causes and cures,”IEEE Access, vol. 8, pp. 72 059–72 067, 2020, doi: https://doi.org/10.1109/ACCE SS.2020.2986545

work page doi:10.1109/acce 2020
[8]

Mitigating risk of failure in information technology projects: Causes and mechanisms,

J. Schmidt, “Mitigating risk of failure in information technology projects: Causes and mechanisms,”Proj. Leadersh. Soc., vol. 4, p. 100097, 2023, doi: https://doi.org/10.1016/j.plas.2023.100097

work page doi:10.1016/j.plas.2023.100097 2023
[9]

Exploring project complex- ity through project failure factors: Analysis of cluster patterns using self-organizing maps,

V . Rodr ´ıguez Montequ ´ın, J. Villanueva Balsera, S. M. Cousil- las Fern´andez, and F. Ortega Fern´andez, “Exploring project complex- ity through project failure factors: Analysis of cluster patterns using self-organizing maps,”Complexity, vol. 2018, no. 1, pp. 1–17, 2018, doi: https://doi.org/10.1155/2018/9496731

work page doi:10.1155/2018/9496731 2018
[10]

The segmentation report,

Cisco Systems Inc., “The segmentation report,” White paper, Oct. 2025, [Online]. Available: https://www.cisco.com/c/en/us/products/c ollateral/security/hypershield/segmentation-report.pdf

2025
[11]

Segmentation impact study,

Akamai Technologies, “Segmentation impact study,” White paper, Sep. 2025, [Online]. Available: https://www.akamai.com/site/en/d ocuments/research-paper/segmentation-impact-study-2025.pdf

2025
[12]

The state of segmentation 2023,

——, “The state of segmentation 2023,” White paper, Oct. 2023, [Online]. Accessed: Feb. 2025

2023
[13]

A taxonomy of segmentation in network security,

R. Dube, “A taxonomy of segmentation in network security,”IEEE Access, vol. 14, pp. 16 921–16 935, 2026, doi: https://doi.org/10.110 9/ACCESS.2026.3658250

work page arXiv 2026
[14]

A formal approach to network segmentation,

N. Mhaskar, M. Alabbad, and R. Khedri, “A formal approach to network segmentation,”Comput. Secur., vol. 103, p. 102162, 2021, doi: https://doi.org/10.1016/j.cose.2020.102162

work page doi:10.1016/j.cose.2020.102162 2021
[15]

A technique for the measurement of attitudes,

R. Likert, “A technique for the measurement of attitudes,”Arch. Psychol., vol. 22, no. 140, pp. 1–55, 1932

1932
[16]

Maximum likelihood from incomplete data via the EM algorithm,

A. P. Dempster, N. M. Laird, and D. B. Rubin, “Maximum likelihood from incomplete data via the EM algorithm,”J. Roy. Statist. Soc. Ser. B, vol. 39, no. 1, pp. 1–38, 1977

1977
[17]

L. M. Collins and S. T. Lanza,Latent Class and Latent Transition Analysis: With Applications in the Social, Behavioral, and Health Sciences. Hoboken, NJ, USA: Wiley, 2010, ISBN: 978-0470228395

2010
[18]

Latent class cluster analysis,

J. K. Vermunt and J. Magidson, “Latent class cluster analysis,” inAp- plied Latent Class Analysis, J. A. Hagenaars and A. L. McCutcheon, Eds. Cambridge, U.K.: Cambridge Univ. Press, 2002, pp. 89–106, doi: https://doi.org/10.1017/CBO9780511499531.004. TABLE 14. CODEBOOK FOR FREE-FORM RESPONSE CODING. Code Name Definition Examples B1 Clear Goals Define goal...

work page doi:10.1017/cbo9780511499531.004 2002
[19]

Deciding on the number of classes in latent class analysis and growth mixture modeling: A Monte Carlo simulation study,

K. L. Nylund, T. Asparouhov, and B. O. Muth ´en, “Deciding on the number of classes in latent class analysis and growth mixture modeling: A Monte Carlo simulation study,”Struct. Equ. Model., vol. 14, no. 4, pp. 535–569, 2007, doi: https://doi.org/10.1080/1070 5510701575396

work page doi:10.1080/1070 2007
[20]

Ten frequently asked questions about latent class analysis,

K. Nylund-Gibson and A. Y . Choi, “Ten frequently asked questions about latent class analysis,”Transl. Issues Psychol. Sci., vol. 4, no. 4, pp. 440–461, 2018, doi: https://doi.org/10.1037/tps0000176

work page doi:10.1037/tps0000176 2018
[21]

K. P. Burnham and D. R. Anderson,Model Selection and Multimodel Inference: A Practical Information-Theoretic Approach, 2nd ed. New York, NY , USA: Springer, 2002, ISBN: 978-0387953649

2002
[22]

An entropy criterion for assessing the number of clusters in a mixture model,

G. Celeux and G. Soromenho, “An entropy criterion for assessing the number of clusters in a mixture model,”J. Classif., vol. 13, no. 2, pp. 195–212, 1996, doi: https://doi.org/10.1007/BF01246098

work page doi:10.1007/bf01246098 1996
[23]

An empirical pooling approach for estimating marketing mix elas- ticities with PIMS data,

V . Ramaswamy, W. S. DeSarbo, D. J. Reibstein, and W. T. Robinson, “An empirical pooling approach for estimating marketing mix elas- ticities with PIMS data,”Market. Sci., vol. 12, no. 1, pp. 103–124, 1993, doi: https://doi.org/10.1287/mksc.12.1.103

work page doi:10.1287/mksc.12.1.103 1993
[24]

Joanna Depledge.The Organization of Global Negotiations: Constructing the Climate Change Regime

K. E. Masyn, “Latent class analysis and finite mixture modeling,” inThe Oxford Handbook of Quantitative Methods: Vol. 2. Statistical Analysis, T. D. Little, Ed. New York, NY , USA: Oxford Univ. Press, 2013, pp. 551–611, doi: https://doi.org/10.1093/oxfordhb/978019993 4898.013.0025

work page doi:10.1093/oxfordhb/978019993 2013
[25]

Agresti,An Introduction to Categorical Data Analysis, 2nd ed

A. Agresti,An Introduction to Categorical Data Analysis, 2nd ed. Hoboken, NJ, USA: Wiley, 2007, ISBN: 978-0471226185

2007
[26]

Three approaches to qualitative content analysis,

H.-F. Hsieh and S. E. Shannon, “Three approaches to qualitative content analysis,”Qual. Health Res., vol. 15, no. 9, pp. 1277–1288, 2005, doi: https://doi.org/10.1177/1049732305276687

work page doi:10.1177/1049732305276687 2005
[27]

Washington, DC, USA: National Academies Press, 2025, ISBN: 978- 0-309-73489-9

National Academies of Sciences, Engineering, and Medicine,Cyber Hard Problems: Focused Steps Toward a Resilient Digital Future. Washington, DC, USA: National Academies Press, 2025, ISBN: 978- 0-309-73489-9

2025
[28]

Journal of Classification2(1), 193–218 (1985) https://doi.org/10.1007/BF01908075

L. Hubert and P. Arabie, “Comparing partitions,”J. Classif., vol. 2, no. 1, pp. 193–218, 1985, doi: https://doi.org/10.1007/BF01908075

work page doi:10.1007/bf01908075 1985
[29]

G. J. McLachlan and D. Peel,Finite Mixture Models. New York, NY , USA: Wiley, 2000, ISBN: 978-0471006268

2000