What is the purpose of network segmentation in cloud security?

Network segmentation aims to isolate workloads and limit lateral movement within a cloud environment. By dividing the network into smaller, controlled segments and applying strict access policies between them, you reduce the blast radius if a component is compromised and make it harder for an attacker to move sideways. In practice, this is implemented with virtual networks, subnets, security groups or firewall rules, micro-segmentation, and zero-trust policies that verify each request before allowing it to cross segment boundaries. This approach also improves monitoring and enforcement because traffic can be inspected and logged per segment. The other options miss the mark: broadening cross-service access increases exposure; turning off logs removes visibility essential for detecting breaches; and duplicating data is a separate concern that doesn't address how traffic is controlled within the network.