With the rise of cloud computing, remote work, and interconnected systems, the traditional model of trusting everything inside the network perimeter has become increasingly risky. In response, Zero Trust Architecture (ZTA) has emerged as a model where no user or device is inherently trusted, regardless of their location. Micro-segmentation, one of ZTA’s key mechanisms, aims to limit lateral movement and enforce fine-grained access control. However, implementing micro-segmentation in environments with legacy systems remains particularly challenging due to outdated technologies, rigid configurations, and limited visibility.

Although the literature offers many advanced segmentation models, these are often designed for cloud-native or modern infrastructures and fail to address the constraints inherent in legacy-heavy environments. This research investigates how organizations with legacy systems can identify and evaluate appropriate micro-segmentation strategies based on their network characteristics and technical constraints. The central research question is:

How can organizations choose and implement micro-segmentation strategies that align with their network architectures and the technical constraints posed by legacy systems?

To address this question, the study began with a structured literature review, which revealed a lack of detailed and context-aware guidance for applying micro-segmentation in constrained environments. To fill this gap, a series of semi-structured interviews were conducted with cybersecurity professionals experienced in industrial and legacy-heavy systems. The interview data were analysed using thematic coding to uncover recurring patterns, practical challenges, and the decision-making logic used in real-world settings.

The findings reveal three principal categories of micro-segmentation strategies: network-based, agent-based, and hybrid. The choice between these depends on technical factors such as system compatibility, network architecture, and the level of administrative control available. In addition to strategy selection, the study identifies a phased implementation approach typically followed by organizations. The study also defines key criteria for evaluating segmentation outcomes, including enforcement of access control, operational continuity, system performance, network visibility, and many more. These insights form the basis of a structured, step-by-step implementation guide and a decision-support framework. Together, they enable organizations to assess their technical constraints and select appropriate strategies. The main contribution of this research is the development of a practice-oriented framework that supports the secure integration of legacy systems into Zero Trust environments.