Network Architect - Security Architect

Celebrate your success…then quickly move on to the next one.

From the “Top 10 Signs Your Network and Security Design Might Be Far Behind” Series

Completely Satisfied With What I Built (said no engineer ever)

Chances are, you didn’t build the network that you oversee now. It was built long ago and attribution as to who was the chief architect and designer is neither possible or even important. The reality is that it has just grown over time. Cable by cable. Switch by switch. Router by router. And in each case, the justification was at least loosely to build the “next generation network”.

Okay, fine. But would an outsider, especially a visionary, come in today and say that what you have is anywhere near a next generation network (including security, of course)? Again, the chances are slim, especially if the network design is still clinging with every last breath to the old hub-and-spoke model.

The reason: Both the network and security world have defined the true next generation platform as being direct to Internet/cloud, where the Internet itself is the new corporate network.

What Was Once Old Isn’t New Again — It’s Just Getting Older.

I have yet to hear a single customer who has redesigned their network and security around the cloud to say they want to go back. There are no cries for those old extra hops out the Internet. No talk over dinner or drinks about how great it used to be to overspend on security that was only marginally successful as long as we could just backhaul the traffic to it. And no one in their right minds putting legacy hub-and-spoke architecture design on their LinkedIn profile as their calling card of future success. It’s the cloud now. And that means it’s all about a huge shift away from the old.

Who’s Saying What About the Next Generation Network?

Focusing just on Office 365 for the time being, given that Microsoft runs the 3rd largest network in the world and knows a thing or two about cloud applications.

“Software as a Service offerings like Office 365 and Dynamics 365 have been built to be accessed securely and reliably via the Internet. Accordingly, we only recommend ExpressRoute (hub-and-spoke) for these applications in specific scenarios.” – Microsoft

“A well configured, direct Internet connection will, in most cases, be the optimal method to connect to Office 365, both in terms of performance and cost.” – Microsoft

“Wan Optimization is not a supported use case” – Microsoft

“Avoid centralized proxies which can increase latency” –  Microsoft

“Evaluate cloud proxies if the above isn’t possible” – Microsoft

Of course I could go on and on with what other application focused leaders have called out. But I’m sure you at least have your own mental list as well. Perhaps it’s all those articles about CIOs and CTOs are that moving to “cloud first” at full speed. Or maybe it’s some great success stories you can easily recall. In any case, the use cases are real, verifiable, and compelling.


Hopefully we, as a community, will get it right. It’s painful to hear anyone say that they just upgraded their network and won’t revisit that for years to come. Being tied to an old waterfall model when the world around us has gone agile and the business likely wants the change is troubling. It’s troubling because we know that our very best engineers will likely move on to greener pastures. It’s also troubling because we know that security, absent a cloud component that is ahead of cloud adoption, is increasingly likely to fail when it comes to both user experience and security.

To get moving in that direction, we should be asking ourselves:

  • What will it take to get the Internet off MPLS backhaul?
  • How low can we get our end-to-end latency numbers, even under peak daily load?
  • How can we make our network and security a true competitive differentiator?


%d bloggers like this: