Infrastructure Redesign
In this episode, I talk about infrastructure redesign for a modern digital workplace. You’re probably familiar with VPN connections into a “secure” corporate network and having lots of on-premise servers providing your IT services. Well I’m going to throw all that out of the window, you don’t need it and it’s holding your organisation back. Through this episode I tell you how you can flatten your network infrastructure, embrace a zero trust architecture that allows you to keep it all secure and save big when it comes to your budget.
This episode of the Digital Workplace Podcast is sponsored by Virtco Consulting.
Transcript
Beatrix:
Welcome to the Digital Workplace Podcast. Here to help you work smarter and get more done! Unbelievably, he cycled around Lake Como in Northern Italy in a single day. In 37-degree heat! Here is your host, our resident digital workplace expert, Grant Crawley.
Grant Crawley:
Thanks Beatrix!
In this episode I’m going to talk about cloud storage. What cloud storage is, what the benefits are, and what features to look for. There are lots of options and you may already have some storage available to you that you weren’t aware of.
Beatrix:
When working remotely, we recommend you always use a Virtual Private Network. A VPN secures your data, protects you when using public wifi and enables you to mask your location. Our VPN service of choice is Nord VPN. To try it today click on our affiliate link in the show notes.
Grant Crawley:
Now for some news from Microsoft. Internet Explorer is retiring on 15th June 2022. It seems like this controversial browser has been around forever, but it’s just not up to the grade anymore, having been overtaken by much more modern web browsers. My first SaaS product relied on technology that was only available in Internet Explorer at the time, it enabled us to capture video and scan documents directly from a web page way back in 1997. Thank you Microsoft, and goodbye Internet Explorer.
Beatrix:
This episode of the Digital Workplace Podcast is sponsored by Virtco Consulting.
Their proven digital accelerators help to contain costs and limit disruption, reducing risk and ensuring return on investment is optimised.
Visit virtco.com, today!
Grant Crawley:
So what do I mean by flattening your infrastructure? I’ll come to that later, first I’m going to describe a typical modern corporate network infrastructure.
From the perimeter of the head office, you’ll have a network router, then a firewall, probably some form of network cache, a VPN concentrator, then a managed network stack, wireless controller, wireless access points dotted around the building, maybe more network stacks also dotted around the site with maybe fibre backbones connecting them into the main stack in the comms room. Then you’ll have a raft of servers, a file server, print server, sql database server, a backup server, possibly some applications servers and undoubtedly a few more servers for various miscellaneous services you run internally. Then each satellite office will have a similar setup, with an encrypted VPN tunnel back to the HQ.
Sound familiar?
No doubt you have to visit an office from time to time to make sure your computer picks up all its updates, group policies, anti-virus software updates, updated security certificates and the like. Then to connect to company resources you’ll need a VPN client that connects to your corporate VPN concentrator just so you can get your email and access your teams files.
This is not digital, it’s old and introduces a huge amount of risk to your organisation. Risk from hackers, viruses, malware, ransomeware and phishing.
Not only that, with modern security architecture and cloud-based services, you don’t need it.
You can almost literally throw it all out of the window.
So, what do I mean by flattening your infrastructure? Well, if you think of all those boxes I described before, router, firewall, cache, wifi-controller, network switches etc, all stacked up it’s probably at least 4 layers thick.
It doesn’t need to be, all you need is a single network address translation firewall /router and the fastest network connection you can afford.
You can flatten all those layers out, optimise your network connectivity and give your users the same kind of performance they are used to when working from home, in the office. All without sacrificing security, and reducing risk.
A zero-trust architecture assumes that nothing can be trusted. Under this philosophy, no device, user or application attempting to interact with your architecture can be considered to be secure.
Conventional security models assumed that all internal network activities can be trusted. But malware such as viruses and ransomware, phishing, and employee data theft have proven that assumption to be fundamentally wrong.
So why is the traditional perimeter security model so flawed? Put simply, if anyone inside your perimeter makes a mistake and opens a ransomware payload it has implicit trust within your perimeter to infect and encrypt anything the user has access to, and potentially to elevate by infecting devices with admin access putting even your most critical systems and data at risk.
Instead a “never trust, always verify” principle should be employed ensuring every user, device, and connection is authenticated ahead of being granted access to your data.
Ensure your devices are compliant with your security requirements, or they can’t connect other than to become compliant. Employ multi-factor authentication, encryption and digital certificates wherever possible, and implement next-generation security and anti-malware tools. Use data-loss prevention technology wherever you can, and enforce device integrity and authorisation before data can be accessed.
When you couple the zero trust methodology with advanced data protection, retention and version history you create an environment where users who need access to data have it, and nobody else does.
So, by employing zero trust you remove the need for a perimeter and the plethora of network hardware, server hardware, software and services that are needed to support that model. When you put all your business systems into the cloud you are no longer have to make holes into your internal network and significantly simplify your firewall requirements to the point where only a simple network address translation is required, effectively blocking all unknown incoming traffic.
By removing all the legacy network and firewall technology, outdated servers, backup routines, and the many other various technologies that have been randomly implemented over the years you save a small fortune in maintenance, support, space and power consumption. Freeing up your budget for more productive technologies such as process automation, collaboration tools and higher-performance network connections.