1. Introduction Secure network design or architecture begins with the understanding that most business processes require network communication to traverse untrustworthy networks. Certainly the Internet qualifies, but even the business’s own internal networks may be unsafe. Insider threats, hackers in the network, and unintended data leaks are constant threats an organization must anticipate and prepare for. As the world becomes more connected business risk will increase, “a huge online population means that even attacks with very low success rates will have significant pools of victims” (Herley, 2014, p. 70). A 2011 survey by the Ponemon Institute found that 80% of the 583 survey responders believed their organization’s network security had suffered at least one breach in the last twelve months. IT security professionals from all sizes of companies, both the private and public sector, and a variety of different industries illustrates that the problem is widespread (Ponemon Institute, 2011). The costs of cyber-crime to business are also high. Determining the exact cost of cyber-crime is tricky, considering the numerous factors involved and the lack of information. McAfee and the Center for Strategic & International Studies, in 2014, estimated the annual cost at over $400 billion globally (McAfee, 2014). With the cost, surface area, and volume of attacks so high, it is more critical than ever to protect the organization’s interests with a secure network design focused around micro segmentation. Micro segmentation, also known as protected enclaves, protect the network by breaking it into smaller chunks. This is accomplished through the use of network firewalls, host firewalls, VLANs, VPNs, and Network Admissions or Access control (Northcutt, 2007). These techniques add complexity and cost to managing a network. Fortunately, new technology is emerging that can ease the burden and cost of these implementations.