Author: Rose de Fremery
Date published: September 9, 2024
As enterprises transform their IT portfolios to digital and cloud-based architectures, they need to build and manage networks that are both increasingly complex and highly distributed, covering large numbers of endpoints in far-flung locations. At the same time, they cannot afford to compromise on protecting their businesses from cyber threats. Network infrastructure designs that incorporate security best practices, such as zero trust and SD WAN, can help balance these twin goals.
A zero trust network infrastructure design grants the least amount of access privileges needed—no more, no less. Zero trust network access (ZTNA) is based on the assumption that every asset attempting to connect to the network could be compromised. Given the rise of hybrid working arrangements and the rapidly expanding constellation of endpoints that enterprises now must secure, it has become imperative to take such a strict stance for granting access to network resources. As the Verizon 2023 Data Breach Investigations Report has found, 74% of breaches involved the human element, including social engineering attacks, errors or misuse.
The zero trust model is radically different from the traditional perimeter security approach, where an enterprise relies on strong defenses to block out external threats at the network perimeter but largely grants devices, applications and systems unfettered access to move laterally within the corporate network once inside. A zero trust approach, by contrast, applies the same exacting scrutiny to potential network connections regardless of whether they originate from within or beyond the formal network perimeter.
Enterprises that put zero trust network access in place use advanced networking and authentication technologies as well as strong security policies and governance mechanisms to help defend the company against cyber threats. They also commonly isolate specific applications, devices and systems into network segments, shielding the internal network from the internet. As discussed at the Gartner® Security & Risk Management Summit in Sydney, “60% of organizations will embrace Zero Trust as a starting point for security by 2025.”1
Software-defined wide area networking (SD WAN) is a modern approach to network infrastructure design that effectively virtualizes an enterprise's wide area network, abstracting it away from the underlying hardware. This approach gives IT and security teams far greater flexibility and streamlined administrative control over the corporate network than was possible with a traditional approach.
Enterprises often take advantage of SD WAN's ability to balance traffic across multiple internet connections, implementing intelligent routing to ensure reliable connectivity, and setting quality of service (QoS) parameters that optimize application performance based on preconfigured policies to maximize the value of their network investments. SD WAN also makes it possible to create a hybrid cloud network that includes both on-premises and cloud-based elements.
Although SD WAN is better thought of as an advanced network technology than a security model per se, enterprises are able to use it to create secure network infrastructure. SD WAN enables end-to-end encryption for all of the network connections it manages, providing a strong default level of protection against potential surveillance, interception and tampering. SD WAN can also provide enhanced visibility into the network, allowing security professionals to quickly identify potential threats. Security teams can also use the centralized dashboard common to SD WAN solutions to ensure standardized endpoint policy deployment and configuration management across an entire corporate network.
Enterprises looking for best practices in secure network infrastructure design have several options to choose from, including zero trust and SD WAN. These two essential modern networking concepts, while distinct from one another, do work well in tandem to secure a corporate network from the increasingly sophisticated and dangerous threats it faces. Enterprises that deploy them both will be in a stronger position to pursue their goals and continue their current trajectory of growth.
According to Buffer's State of Remote Work 2023 Report, 71% of companies are permanently allowing some form of remote work. Any enterprise that supports a hybrid or remote workforce should use both zero trust network access and SD WAN to guarantee more secure access for its employees and protect critical business data from a potential breach. Although SD WAN solutions provide some security features by default, such as encryption and greater network visibility, an enterprise's security team will still need to ensure that zero trust network access policies and governance are in place throughout the entire organization.
SD WAN is particularly attractive to enterprises that manage a distributed network architecture, for example, global firms with operations in multiple countries. SD WAN can deftly handle multiple internet connections at once, optimizing performance and ensuring reliable connectivity in the process. Because SD WAN is agnostic as to the type of connectivity it supports, enterprises can use it to cost-effectively extend their network into locations where it would be otherwise difficult to do so. However, SD WAN alone is often not sufficient to properly secure these network connections. By adopting a zero trust network access model that continuously verifies applications, users, and devices instead of automatically trusting them, enterprises can make sure their network infrastructure design is secure.
As enterprises look for smart strategies to reduce complexity and make their networks more resilient, they are also looking for network infrastructure design best practices that will help them bolster their security. Zero trust network access and SD WAN are two excellent options that, when paired, can help enterprises transform their networks while also making them more secure. By adopting these two best practices, enterprises will be in a far better position to confront and manage the risks present in today's digital landscape.
Learn how Verizon's network and cloud security solutions reduce complexity, control costs and fortify your network infrastructure.
The author of this content is a paid contributor for Verizon.
1 Gartner Press Release, Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23, June 2022. https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-predictio
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.