Building the cloud-ready enterprise network

by Ritesh Agarwal, Ashish Gupta, Pankaj Sachdeva, and Jill Sharabura

The contemporary business landscape is defined by a confluence of technology trends. Cloud migration, cybersecurity concerns, the emergence of software-defined networks, exponential data expansion, the proliferation of connected devices, and the remote-work revolution are forcing organizations to rethink how they operate and how to do so securely.

Networks form the backbone of enterprise operations. So as companies grapple with the above trends, they must consider how their networks are serving them. This post offers a perspective of the challenges of modernizing network architecture and how organizations might make the shift to a cloud-native approach that allows them to bolster security and harness the full potential of digital evolution.

The challenges of transitioning to cloud-native networks

Several pressing challenges have emerged that organizations must address to ensure they can successfully modernize their networks and adapt to the changing technological and operational landscape.

Securing the borderless network. The shift to cloud-native architectures and remote work has obliterated traditional network perimeters. Organizations grapple with securing data and applications across diverse endpoints while adhering to stringent regulatory compliance.

Integrating and managing complex technologies. Hybrid-cloud environments intertwine on-premises and cloud-based resources, introducing complexities in network management. The challenge lies in integrating diverse networking technologies such as software-defined wide area networking (SD-WAN) and intent-based networking, ensuring seamless communication and optimal performance.

Optimizing performance and scalability. Supporting a variety of applications and devices strains performance and scalability. It’s crucial to design elastic network architectures that are capable of scaling resources dynamically while maintaining low latency and high throughput.

Ensuring network visibility and observability. Dynamic network architectures obscure visibility into traffic, complicating anomaly identification. Organizations must implement effective monitoring solutions to ensure network health and security, grappling with the challenge of maintaining constant observability.

Bridging the skill gap and adopting emerging technologies. Transitioning demands expertise in advanced networking technologies and emerging domains such as 5G and the Internet of Things. Bridging the skills gap through training and strategic hiring poses a significant challenge for organizations.

Key shifts for comprehensive network modernization

Addressing all of these challenges requires a comprehensive and strategic approach to network modernization. Organizations need to consider their unique requirements and collaborate closely with experts to develop and implement effective solutions that align with their business goals and the evolving technology landscape. Several shifts in particular underpin a successful network modernization effort.

Elevate user experience and mobility

Modernizing networks to elevate user experience and provide seamless connectivity from any location requires a strategic fusion of secure access service edge (SASE) architecture and SD-WAN. This synergy enhances both security and performance, addressing the unique challenges of today’s distributed work landscape.

A few actions can help organizations fuse these elements for a successful user experience. For one, organizations can embrace context-aware policies within SASE that consider user identity, device attributes, location, and security posture. By tailoring access controls based on granular context, organizations can ensure secure yet seamless connectivity, promoting a frictionless user experience. Organizations can also leverage SD-WAN’s capabilities to optimize application delivery across distributed environments. With dynamic path selection, real-time traffic prioritization, and traffic shaping, organizations can ensure swift and efficient access to critical applications, regardless of user location. Finally, by integrating SASE’s comprehensive security stack with SD-WAN’s agility, organizations can implement unified threat prevention, data loss prevention, and secure web gateways to safeguard user sessions and data. This unified approach minimizes latency while maintaining robust security.

Enable microservices to power modular innovation

The advent of microservices heralds a paradigm shift away from monolithic applications to a decentralized architecture. To harness the rapid innovation this shift can bring, a few actions will be critical.

As microservices scale and migrate dynamically, traditional, static IP-based routing will fall short.1 Dynamic routing mechanisms coupled with service discovery will become essential and can enable microservices to communicate seamlessly, even as instances come and go. The traditional load-balancing model is also transformed in a microservices environment. Cloud-native load balancers, combined with SD-WAN capabilities, ensure that traffic is evenly distributed across microservices instances. Moreover, SD-WAN’s intelligent path selection optimizes traffic flow between microservices, considering latency, bandwidth, and network conditions.

In addition, the microservices architecture demands a shift from broad network segments to fine-grained policies. Microsegmentation, a central tenet of network modernization, involves the creation of distinct network segments for individual microservices. These segments are controlled by network policies that allow or restrict communication based on service type, user role, and data sensitivity. Embracing the principles of zero trust, in which every interaction is treated as potentially unauthorized until verified, mitigates security risks associated with microservices-based communication.

Seamlessly manage container ecosystems

The rise of containerization brings about consistency and portability, revolutionizing application deployment. However, network modernization in this context demands careful attention to a couple items, including efficient pod-to-pod communication. Within a pod, containers should communicate securely and efficiently. They do so through network plugins in container orchestration tools, which ensure that container-to-container traffic remains isolated from external communication. Integrating SD-LAN technology further enhances this communication, providing an optimized and secure environment for intrapod traffic.

Load-balancing optimization and SD-WAN integration will also be important. Containerized applications introduce new challenges to load balancing because traditional load balancers need to adapt to the dynamic nature of container instances. Integration with SD-WAN technology ensures that load balancers distribute traffic optimally, accounting for fluctuations in container instances and network conditions. This integration allows for seamless, high-performance communication within the container ecosystem.

Strengthen cloud-native security defenses

Security is a cornerstone of network modernization and assumes even greater significance in the cloud-native landscape. Microservices operate in a decentralized manner, demanding a fresh approach to authentication and authorization. SASE solutions offer a cohesive security framework that encompasses microservices communication. They also integrate seamlessly with microservices-based architectures, ensuring that every communication between services is authenticated and authorized, regardless of their location or scale.

The distributed nature of microservices also necessitates robust encryption mechanisms. Mutual transport layer security (mTLS) encryption ensures that all communication between microservices remains confidential and tamperproof. The integration of SD-LAN technology fortifies security within the local network context, ensuring that microservices interactions within a localized environment are safeguarded.

Adapt to fluctuating demands

Elastic scalability, a hallmark of cloud-native applications, necessitates an agile network infrastructure. A couple approaches can help achieve this agility. First, auto-scaling groups dynamically adjust the number of instances based on demand. In tandem with SD-WAN technology, these groups can optimize network paths to ensure that scaling instances remain accessible, properly configured, and seamlessly integrated into the broader network fabric. Second, load balancers, integral to scaling and distributing traffic, require synchronization with the dynamic scaling process. In conjunction with SD-LAN, load balancers can intelligently manage traffic, adding or removing instances from the load-balancing pool in real time. This synergy ensures that scaling operations occur smoothly, enhancing application performance even under varying workloads.

Elevate performance through application awareness

Optimizing network performance to cater to diverse application requirements is central to network modernization. Quality of service (QoS) mechanisms are critical to ensuring that important application traffic receives priority. Integrating SD-WAN technology further refines this process, dynamically routing traffic based on QoS policies and real-time performance metrics. The symbiotic relationship between QoS and SD-WAN ensures that network resources are allocated judiciously, aligning with application needs.

Dynamic routing mechanisms also play a pivotal role in optimizing application performance. In conjunction with SASE integration, dynamic routing algorithms make intelligent decisions about data path selection, considering factors such as latency, bandwidth, and network conditions.2 This integration ensures that application traffic takes the most efficient route, minimizing delays and optimizing overall user experiences.

Bridge cloud diversity

In a landscape characterized by diverse cloud environments, achieving seamless connectivity is paramount. The need to bridge different cloud providers demands robust intercloud networking solutions. Virtual private cloud (VPC) peering, enhanced by SASE technology, enables secure and efficient communication between disparate cloud environments. SASE’s comprehensive security framework ensures that intercloud traffic remains protected across the entire communication spectrum.

And integrating on-premises data centers with cloud resources requires a cohesive hybrid-cloud strategy. Here, SD-WAN technology plays a pivotal role by establishing virtual private network (VPN) connections that seamlessly bridge on-premises and cloud environments. The harmonious synergy between hybrid-cloud integration and SD-WAN technology ensures that data and application flows occur seamlessly, irrespective of the location of resources.

Enhance operational efficiency through hyperautomation and observability

Hyperautomation and observability are essential to enhance network management, ensure scalability and security, and optimize performance through reduced downtime and disruptions and increased visibility and control over network resources. Hyperautomation automates repetitive and mundane tasks, freeing up IT resource capacity to focus on more-strategic initiatives. Observability provides real-time insights into network performance, enabling proactive anomaly detection and incident response.

Organizations should conduct a comprehensive network assessment to identify areas for automation and observability improvement and implement tools that align with their specific needs. Solutions should provide a unified view of network performance and health and enable proactive issue resolution.

Navigate the network crossroads of adopting a proprietary network versus dedicated internet access

As business demands evolve, the choice between a proprietary network and dedicated internet access emerges as a critical strategic decision. Organizations should carefully analyze their needs by quantifying bandwidth requirements, assessing data security standards, and determining their desired level of control. Next, they can meticulously calculate costs by comparing up-front investments and ongoing maintenance for each option and consider potential cost savings and necessary security measures. Prioritize scalability by choosing a solution that accommodates anticipated growth and offers flexibility to integrate new technologies. And security is paramount: organizations should identify vulnerabilities and implement robust data-protection measures, continuously monitoring and updating their posture.

Modernizing an organization’s network is no small feat. Any transformation of this scale is fraught with challenges. But with a clear understanding of the most important shifts and how to make them, organizations can pave the way to improved security and compliance, reduced costs, better customer experience, and overall smoother operations.

Ritesh Agarwal is a partner in McKinsey’s New York office, Ashish Gupta is a senior expert in the Mumbai office, Pankaj Sachdeva is a senior partner in the Philadelphia office, and Jill Sharabura is a solution leader for cloud delivery in the Atlanta office.

1 Chris Richardson, “Service discovery in a microservices architecture,” NGINX, October 12, 2015.
2 For more on dynamic routing mechanisms, see Aminul Islam, “Dynamic search algorithm for intelligent message routing?,” LinkedIn, November 1, 2023.