Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.
Our Advice
Critical Insight
The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.
Impact and Result
Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
10.0/10
Overall Impact
$11,699
Average $ Saved
9
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Daytona State College
Guided Implementation
10/10
$11,699
9
Scott was extremely knowledgeable about network infrastructure and gave us great advise on our new network refresh plan.
Enterprise Network Design Considerations
It is not just about connectivity.
Executive Summary
Info-Tech Insight
Connectivity and security are tightly coupled
Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.
Many services are no longer within the network
The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.
Users are demanding an anywhere, any device access model
Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.
Enterprise networks are changing
The new network reality
The enterprise network of 2020 and beyond is changing:
- Services are becoming more distributed.
- The number of services provided “off network” is growing.
- Users are more often remote.
- Security threats are rapidly escalating.
The above statements are all accurate for enterprise networks, though each potentially to differing levels depending on the business being supported by the network. Depending on how affected the network in question currently is and will be in the near future, there are different common network archetypes that are best able to address these concerns while delivering business value at an appropriate price point.
High-Level Design Considerations
- Understand Business Needs
- Define Your Trust Model
- Align With an Archetype
- Understand Available Tooling
Understand what the business needs are and where users and resources are located.
Trust is a spectrum and tied tightly to security.
How will the network be deployed?
What tools are in the market to help achieve design principles?
Understand business needs
Mission
Never ignore the basics. Start with revisiting the mission and vision of the business to address relevant needs.
Users
Identify where users will be accessing services from. Remote vs. “on net” is a design consideration now more than ever.
Resources
Identify required resources and their locations, on net vs. cloud.
Controls
Identify required controls in order to define control points and solutions.
Define a trust model
Trust is a spectrum
- There is a spectrum of trust, from fully trusted to not trusted at all. Each organization must decide for their network (or each area thereof) the appropriate level of trust to assign.
- The ease of network design and deployment is directly proportional to the trust spectrum.
- When resources and users are outside of direct IT control, the level of appropriate trust should be examined closely.
Implicit
Trust everything within the network. Security is perimeter based and designed to stop external actors from entering the large trusted zone.
Controlled
Multiple zones of trust within the network. Segmentation is a standard practice to separate areas of higher and lower trust.
Zero
Verify trust. The network is set up to recognize and support the principle of least privilege where only required access is supported.
Align with an archetype
Archetypes are a good guide
- Using a defined archetype as a guiding principle in network design can help clarify appropriate tools or network structures.
- Different aspects of a network can have different archetypes where appropriate (e.g. IT vs. OT [operational technology] networks).
Traditional
Services are provided from within the traditional network boundaries and security is provided at the network edge.
Hybrid
Services are provided both externally and from within the traditional network boundaries, and security is primarily at the network edge.
Inverted
Services are provided primarily externally, and security is cloud centric.