Is Your Corporate Network Holding Innovation Hostage?

For years, the death of the corporate perimeter-based network has been predicted. Discussions on networking and security convergence to address limitations are abundant , and COVID has forced many, including governments, to realize their exposure . The writing on the wall for perimeter-based networks has been clear since at least 2015 .

I recently wrote about why business leaders must drive better end-user technology. Today, I want to build upon those concepts and explain why, in order to modernize your end-user workplace, you need to also rethink your corporate network. In short, the center of your end-user workplace network needs to be the cloud, not your data center. Let’s explore:

Most corporate networks are flat , perimeter-based networks. Think of this as a moat built with expensive networking equipment around your corporate infrastructure castle. It makes access hard, but once inside, you can go anywhere. This raises the stakes on any security compromise, turning it into a high-stakes game of whack-a-mole with aging equipment, cost pressures, and constant demand for new capabilities. As the castle grows more complex, changes occur at a snail's pace, not ideal for business leaders facing exponential technological change that can disrupt their business model. To stay agile, leaders need capabilities that enable rapid response to dynamic market needs.

For End Users:

How This Impacts You: Simplifying the network isn’t just a back-office improvement—it means a faster, more reliable experience for you. Whether you're collaborating on M365, accessing cloud apps, or working remotely, these changes are designed to reduce lag and downtime, making your daily tasks smoother and more efficient.

Step back and ask: why are you hanging your hat on the corporate network alone? Are you even aware you’re doing that? What are you protecting that really needs to be guarded? Are there better ways? Can you innovate at an acceptable velocity with this design? Let’s consider a few end-user examples:

Example 1: M365 and Co-pilot

Many enterprise organizations are implementing M365 as their foundation for modern collaboration. If you’re investing in a new car, would you put the wrong fuel type in just because you’re used to driving a diesel engine today? Clearly not, unless you want black smoke coming out of your car. Similarly, your network fuels your end-user experience. You must understand Microsoft’s network connectivity principles .

Microsoft effectively states that for M365 to run well, you need:

• Direct and Local Egress: Route Microsoft 365 traffic directly to the internet near the user's location, avoiding backhauling through central corporate networks, which introduces unnecessary latency and reduces user experience quality.
• Avoid Network Hairpins: Minimize intermediate network devices like proxies and VPNs for Microsoft 365 traffic. These can cause "hairpinning," which redirects traffic unnecessarily and increases latency impacting user experience. Instead ensure direct paths from users to the nearest Microsoft 365 endpoints.
• Leverage Built-in Security: Use Microsoft 365’s integrated security features, reducing the need for additional network security devices that can impact performance. I could argue this one but for now I’ll say it depends, but the macro point is correct, simplify.

These requirements likely don’t align with the classic perimeter-based network design, which was never intended for modern use cases like M365.

Is your organization considering Microsoft Co-pilot for AI ? If so, similar networking requirements apply. Stubbornness won’t help your investment in M365 or Co-Pilot. You have no choice if you want an optimized user experience. Arguments like "the car runs good enough on diesel" don’t make sense—you must adapt to the new reality.

For the more technically inclined, Microsoft requires various access to your corporate network to make updates efficiently . Lots of things can go wrong .

Example 2: Virtual Desktop Infrastructure

I previously wrote about what’s wrong with VDI , but there’s one big benefit I didn’t discuss: the misconception that VDI is more secure because it centralizes desktops in your data center. Now, you have a large concentrated attack surface in the middle of your castle, with numerous ways to bypass or legitimately access your moat. Is VDI really as secure as it’s made out to be on your corporate network? The perimeter model, while it made sense 20 years ago, is largely security pageantry today and can’t meet modern enterprise demands, increasing risk.

To make matters worse, many clients on your corporate network connect to your hosted VDI, creating another massive attack surface for exploitation. Of course, non-Windows client solutions like IGEL exist to reduce operating system risk, but you’re still in the castle unless you decide to move your client outside your corporate network. What about your media rooms? Why are they on your corporate network, and what’s blocked as a result? What about other SaaS apps? What benefit do you gain by having them on your corporate network and what user experience friction is that causing today? Why not move them out?

For Business Executives:

Strategic and Financial Benefits: Modernizing your network infrastructure isn’t just about keeping up with technology—it’s a strategic move to enhance your agility, security, and productivity. By adopting a cloud-centric approach, you can anticipate significant efficiencies from reduced maintenance and increased uptime, alongside improved customer satisfaction and a stronger competitive edge. I assure you rapidly evolving AI requirements will disrupt your static network infrastructure, I urge you to think ahead.

When you point out these needs and gaps, expect resistance. You may encounter “don’t call my baby ugly” emotions or luddite attitudes from so-called leaders who want to maintain the status quo. Networking folks might throw technology at the problem without asking fundamental questions, suggesting more expensive equipment to build moats within moats. They won’t tell you, understand, or care that this approach is outdated and slow to change. Ask them how long it takes to implement a firewall rule change at scale. You’ll likely be sucked into debates about microsegmentation for more granular control. For those inclined to learn more, you can compare Network Isolation vs. Microsegmentation here .

Why bother? Why add more complexity to your castle and moat approach, playing security whack-a-mole? Business leaders and many IT leaders often don’t know the right questions to ask and thus never push back on the ever-increasing corporate network budget to determine value. Simplify and improve outcomes and experiences by creating different homes for different experiences optimized for end-user needs with modern technology.

For Network Engineers:

Sense of Urgency Implementation Approach:

Transitioning from a traditional perimeter-based network to a modern, cloud-centric architecture is undeniably complex. However, can you afford to delay or risk falling further behind? Growth and innovation are essential. Adopt a phased approach to migration, balancing speed and caution to minimize disruption while accelerating learning. Start now with pilot programs for things that matter to your organization and are time bound, greenfield deployments, and continuous monitoring to address challenges as they arise. Time is of the essence.

Hybrid Solutions for Specific Scenarios:

While a complete shift to cloud-based networks is ideal, hybrid solutions may be essential for specific applications and offer a practical bridge to modernization. Seamlessly integrating new technologies with existing systems is crucial. Don’t let edge cases or unfounded 'cloud is not secure' arguments paralyze progress. These are often excuses to avoid innovation. Develop strategies to navigate constraints and keep moving forward and begin by identifying important projects like enabling SaaS or moving VDI to DaaS to generate momentum and mindshare. Non-critical applications can continue in parallel, but they won’t generate mindshare, confidence and experience will grow when things people care about happen.

You Need Multiple Networks That Are Fit for Purpose:

A corporate network as a one-size-fits-all central infrastructure service is a dated view. It’s more secure to move things to purpose-built and optimized networking stacks that meet user experience needs. Drive a vertical alignment, anything else results in bad compromises.

• Workplace Network: An internet-first network where the cloud is the center. Move your VDI/DaaS/SaaS/client infrastructure out of your corporate network to improve security and leverage modern SaaS with expected connectivity principles. This allows greater flexibility to optimize user experience and simplifies branch office design. Symmetry of user experience—same at home and in the office—drives simplicity and user satisfaction. Let end-user teams drive this need.
• Cloud Network: Multi-cloud, multi-region solutions independent from your corporate network enable high velocity and acceptable security. Connect back to needed resources on the classic corporate network via secure means but optimize for cloud use cases.
• Building Network: Most have an OT network . Services like physical security, monitoring, occupancy sensors, and employee facilities apps enhance the end-user experience in harmony with workplace solutions. This separation of concerns also helps keep you safe. Do you want a ransomware attack on your IT network to freeze your CEO in an elevator? Thoughtful design avoids such scenarios.
• Data Center Network: The term “corporate network” should go away as it implies a one-size-fits-all approach. It’s nothing more than a private cloud protecting some crown jewels. Move things out that don’t belong, and connect to the data center network as you would with other cloud services. Only give access to what’s needed, avoiding exposing the entire flat network once inside the moat.

Choosing the best technologies for the experience leaves your data center network teams to manage specific legacy application needs while you investigate fresh ideas with the cloud as the network center. Examples include Nilesecure and Dispersive .?

Be Informed, Develop, and Execute a Vision:

If you want to successfully modernize your end-user workplace experience, you have to reimagine networking and change it from a single back-end operations team to multiple purpose-built experiences. Take inspiration from the brilliant Simon Wardley , draw a map of your evolution journey anchored around user needs, and keep situational awareness top of mind. Don’t be led by the enterprise IT adoption cycle ... Innovation shouldn’t be held hostage by visionless networking exposing you to more risk than you realize. If you want modern productivity, you need modern connectivity.

?