Only allow traffic between VLANs that is specifically needed - **Microsegmentation** — Within VLANs, further restrict communication between individual systems - **Zero Trust** — Assume any network segment could be compromised; authenticate and authorize every connection - **East-West inspection** —