Network is a group of two or more IT equipment that can communicate. On premises is simply a network infrastructure that exists at business workplace while cloud network leverages the internet to access infrastructure that is owned and managed by a third party. Think of it as a privately owned vehicle versus uber. There is also hybrid network that is mixture of both. Each have their own pros and cons, but as a network analyst, you should be aware how different networks are interconnected, designed, and configured. While cloud is more affordable, quicker, scalable, and provides great redundancy, it is less customizable and potentially more vulnerable.
Due to security concerns, networks are usually separated through network segmentation approach. Network segmentation is a term used to refer to a network that is divided into multiple segments or subnets. This is a network security technique that divides a network into smaller, individual network with its own security controls and services. This makes managing a network easier, without it, it requires a lot of work, especially in a company that has dynamic work environment.
Even with network segmentation, we run into security problems. This is why we have created a zero trust model that leverages identity, credential, and access management (ICAM) database to verify individual entities like a person or a device trying to access specific resources. While network segmentation protects group of assets within the network by creating a boundary, zero trust approach creates boundary at individual endpoint level. A network is like a building with a single security guard while zero trust model is having security guard at individual rooms within the building for different resources within it. Zero trust is a security model that is based on trust no one/nothing.
We also have secure access service edge network architecture that combines numerous solutions into one like SD-WAN (software defined wide area network) and zero trust security solutions into a converted cloud delivered platform. Security isn’t based on individual endpoints like a firewall or a router and is based on real-time context.
HansITAcademy 