When I speak with security architects they are often in agreement the best way to prevent security incidents in the data center is to try and put as much friction in the data center to stop the spread of malware or prevent lateral movement. The one thing they don't realize is that they don't need to do this via a network transformation. Another key point we discuss is when they have the visibility they need to make policy simple and safe to implement, they then have the desire to revisit segmentation.
I find it interesting how many companies have been implementing segmentation and struggle to do it for so long because they are using conventional methods like hardware firewalls, switches, routers and hypervisors. All of these at a small scale can do policy enforcement somewhat effectively, however when you start to scale segmentation their lack of a map and an abstracted policy model makes it very difficult to develop and apply security policy without causing an outage.
The article discusses segmentation as a means to make it much harder for ransomware to spread laterally. I suggest limiting protocols like ssh and RDP to a small number of jump hosts using segmentation. It's a fast simple policy you can implement in a very safe manner.
Ransomware gangs are increasingly looking for the biggest possible payday. Encrypting the data on one PC isn't going to make them rich, so they are likely to gain access to a network and then explore widely in order to spread their malware as far as possible before pulling the trigger and encrypting everything. Make this harder by segmenting networks, and also by limiting and securing the number of administrator accounts, which have wide-ranging access.