Info-Tech Research Group has published a research-backed blueprint, Enterprise Network Design Considerations that could help security and IT leaders develop a network design that considers more than just connectivity to address the concerns of increased remote users, security threats and services provided “off-network.”
Security, risk and trust models are factors IT teams need to consider when designing and deploying an enterprise network. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls. Many enterprises use traditional networks, which commonly include comprehensive firewalls and dedicated hardware devices such as switches and routers to control data traffic but have limited security.
With the increasing amount of work that the business is completing remotely, not all devices and data paths will be under the control of IT. However, this shift does not allow IT to abdicate from the responsibility to provide a secure network.
Info-Tech’s research indicates the cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into cloud-based services such as inverted perimeter or hybrid networks for better security and connectivity.
An inverted perimeter network is one in which security and control points cover the entire workflow, on or off-net, from users to the services, with a zero-trust principle. Since the control plane is designed to encompass the workflow in a secure manner, much of the underlying connectivity can be abstracted.
The firm’s research also suggests that an inverted perimeter network model is attractive for organizations that primarily consume cloud services and have a large remote workforce.
A hybrid network combines elements of a traditional network with cloud resources. As some of these resources are not entirely under the control of IT and may be completely off-net or loosely coupled to the on-premises network, the security boundaries and control points are less likely to be centralized. Hybrid networks allow the flexibility and speed of cloud deployment without leaving behind traditional network constructs but are generally more costly to secure and maintain.
“A network archetype needs to be defined to understand what tools are appropriate for consideration in a network build or refresh,” explained Scott Young, principal research advisor in Info-Tech’s Infrastructure Research Practice. “These tools, which are purpose-built and generally designed to solve specific problems, must be chosen appropriately to align with the organization’s challenge.”
Info-Tech recommends security and IT leaders understand the needs of the business before choosing a network design for the organization. The blueprint highlights the factors that should be considered when trying to understand business needs, which include:
- Mission: Consider the mission and vision of the business to address relevant needs.
- Users: Identify where users will be accessing services; Remote vs. “on net” is a design consideration now more than ever.
- Resources: Identify the required resources and their locations: on net vs. cloud.
- Controls: Identify the required controls to define control points and solutions.
The blueprint also contains insights and direction for IT leaders on other topics, such as archetypes and tooling, hybrid and inverted networks, and cloud access security brokers (CASB) and secure access service edge (SASE).
The complete Enterprise Network Design Considerations blueprint can be downloaded and viewed now.
To learn more about Info-Tech Research Group and to download the latest research, visit www.infotech.com.