When designing a network for an organization, what are the key considerations that should be factored into the design? Why do you recommend those considerations? Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Rommel R. Miro says
When designing a network for an organization, what are the key considerations that should be factored into the design?
If I were to design a network for an organization, below is a list of key considerations:
– Connectivity and Security. Got to connect securely.
– Disaster Recovery. Something goes wrong big time.
– Redundancy. Got to keep things running.
– HW/SW consistency. No surprises as much as possible. Proven vendors.
– Scalability/expansion. Expect changes in size.
Why do you recommend those considerations?
It is almost impossible to not have connectivity go without security. One without the other is almost useless. The purpose of a network is to provide the connection between all the resources that an organization might need. Having just the connectivity without any security does not make for a very useful network. The key is finding the right balance between the two and it is easier said than done. Taking care of connectivity and security are big steps towards achieving or ensuring integrity and availability in a sense. A secure and connected network can mean the resources can be made available to those that should have access to them when needed. By securing the network, you are protecting the data that flows through it.
So, the network is up and secure. There are other threats out there that can totally knock down a portion or the entire network instead of just a quick outage or performance degradation. When this occurs, you should not be scrambling to figure out what to do. A DR plan is needed. DR plans should also be tested and updated on a regular basis. If the network is down over a prolonged period of time, the DR plan should include steps on how to get everything back up and data recovered.
Redundancy is important to have on a network because it is integral if you want things to stay running in case of unwanted or unforeseen events. Redundancy here means having a duplicate of every critical equipment in the network, a backup network so to say, that can kick in if the active one experiences a failure or goes down. The failover should occur in a seamless fashion or be transparent to the end user.
Keeping consistent and standardized network hardware and software help ensure that the
network runs smoothly. While it can be tempting to try the latest and greatest or try something else for the sake of change, it does not make any sense to do so when running a network. The recommendation is to stick and work with your proven vendors, choose mature and robust equipment and software with proven support. This should all translate into a smoother management and easier integration for expansion.
This expansion or scalability should be expected of any network. The size should not be static.
The network should grow with the organization that it was built and designed for. This goes hand in hand with the standardized network hardware and software and choosing the vendor wisely.
Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
Every department in an organization has a want-list. Not everything in that list can be fulfilled because the budget is not infinite. However, it is difficult to argue with protection or security.
One does not need to invest most of their funding in security, rather, it is recommended that security be considered in every step or area within the organization. Robust hardware, properly configured software, SEIM, hardened endpoints, IOT vetting process are just some of the examples that when combined should provide a decent starting point without breaking the bank.
Oby Okereke says
Hi Rommel:
Your comment certainly enumerates very vital considerations with regard to network design. I like how to wove the CIA-triad in describing your points especially the part about implementing a secure and connected network that will eventually assure users of the use of the network resources (availability).
Another point that I gleaned from your post speaks to a want-list. There is always going to be a want-list as you rightly stated but what I believe is most important is prioritizing the want-list according to the business mission and processes which will necessarily draw upon the Enterprise Architecture if one exists.
Jonathan Duani says
Mel.
Really good write up. Like Oby said, this really illustrates well how the CIA triad works seamlessly with this network design and how you can really work with the CIA triad with a lot of different things. I really like you mention of redundancy. When it comes to networks and especially down time a lot of that stuff can be mitigated by replication and making sure that everything has a proper back up procedure in place.
Elizabeth V Calise says
Rommel,
I did not mention scalability in my response and that is definitely something that needs to be considered in the design. Organization to 100% have the flexibility to scale their network as needed. As an organization grows, the network needs to expand with that growth. If the network is not able to scale then the organization runs the risk of not meeting market demands. As a company grows that usually means it is working with more customers, data and resources.
Dima Dabbas says
One of the important things to consider when designing a network for an organization is who are the users of the network and how will this network impact the organization in terms of its business processes and mission. Designing a network will open new doors of risks and introduce new vulnerabilities.
The key considerations that should be factored into the design of the network are the following:
– Security
– Backup
– Standardization
– Recovery
– Business Mission
Security is a key consideration when designing network as users needs to be able to connect to the network securely without any issues. User convenience is essential but security is more important which is the reason it should be one of the key considerations early on in the designing process. Another key consideration is having a backup of your network which ensures availability to users. Backups may be expensive to the organization but they confirm that there is something in place in case any event may occur. Standardization is another key consideration when designing networks as one of the concerns of designing a network is making sure that everything runs and functions properly. Having everything standardized helps in reducing costs that may be associated with maintenance, testing and repairs. Recovery is a significant factor to networks, and organizations should consider having a disaster recovery plan in place that confirms that the network of the organization is available at all times as well as ensuring the confidentiality and integrity of the data that is stored and transmitted within the network. Finally, an important aspect that organizations should focus on when designing their network is their business mission which includes how the organization will proceed in the future. The designing of the network should take the business mission, the rapid use and development of technology into consideration to design a network that will be beneficial to the organization for the future.
How you would address the inevitable situation of scarce resources; how would you prioritize?
Out of these key considerations, security would be the top priority. Security does not necessarily require the use of many resources but rather having the right equipment in place that can provide protection of the network as well as ensuring the confidentiality, integrity and availability of the data and network. If security is not prioritized, this will put the other key considerations at risk which will then require more resources to be involved to address all the issues.
Ahmed A. Alkaysi says
There are multiple considerations to make when designing a network. The first the comes to mind is securing the connection to the network. This includes making sure there are strong physical and logical access control to avoid having an unauthorized person gaining access to a wired and wireless connection to the intranet.
Another consideration to make is to evaluate how to segment the network based on department. An organization should make all applications, servers/systems, etc.. available to everyone that is connected to the intranet. This access should be restricted based on need. This way, there will be multiple security perimeters protecting the organization.
One of the most important considerations to make is selecting the firewalls, IDS, IPS, and DLP systems. Where and how many to place can significantly impact performance and the effectiveness of the system. Implementing these systems will enable the ‘defense-in-depth’ strategy, which is a fundamental aspect of network security.
Scarce resources can unfortunately hinder a network security strategy if not used correctly. In order to implement a strong network security plan, there needs to be a risk assessment conducted, scarce resources or not. By conducting this risk assessments, the organization will be able to identify the areas of risk, vulnerabilities, and controls gaps that exist within the network. Figuring out where the gaps and most critical risk are, will help guide the organization on where the priorities are. This way, the organization will be able to invest the scarce resource in critical areas of need, while risk accepting, after conducting proper qualitative/quantitative analysis, other functions/processes.
Scott Radaszkiewicz says
When designing a network, I think the most important thing to develop into the design is security and that entails a few pieces. First, access to the internal network from outside should be limited on an “as needed basis”. A firewall must be employed to keep the internal network safe from intrusion. Let’s say we have an art department that is responsible for graphic designs for the company. If those computers will never need access to the Internet, then they should not be allowed to access anything outside of the internal network. This limits the chance of any intrusion. Conversely, if a department requires access to the Internet, then they should only be given access to what they need. For instance, if they will only need access for web browsing, then they should only have HTTP(HTTPS) access. Things like FTP traffice, etc should be turned off.
Also, within the internal network, network traffic should be segmented. VLAN’s should be used to restrict traffic of computers and staff to those resources they only need access to. Network traffic should be configured so that users can’t access resources they have no need to access. For instance, the payroll servers should be on a separate VLAN that only the payroll department can access. A similar structure should be setup for all internal resources. And if the payroll server does not need to be accessed from the outside, then no Internet traffic should ever be directed to(or from) it.
In general, the principle of least privilege should be kept when designing a network. Turn everything off, and only grant access for what is needed. Why allow Remote Desktop Protocol (RDP) traffic over your network, when you don’t use it. Then it leaves an avenue of attack open.
If resources are scare, then you might have to prioritize what is important. First, you would have to analyse your business and what is the most important information to protect. What is the impact of losing the payroll server, or having it breached, versus having the server that stores office memos on it? Looking at all departments and resources and evaluating the CIA of each and the impact to the business, should it be compromised will enable you to develop a security plan to protect the organization assets.
Folake Stella Alabede says
Hi Scott,
Your comments on best practices in securing a network really drives the points home. I particularly enjoyed the described and the importance they play in network security like turning off non-essential services as part of enforcing baseline security, the use VLAN in enforcing segregation of duties and blocking external traffic with the use of firewall to enforce confidentiality.
The last piece on prioritizing based on business requirements drives home the point of using security to achieve business objectives.
Duy Nguyen says
Based on the guild, system architecture describes the major components of the system and how they interact with each other, with the users, and with other systems. The core goal of design should be to address the needs of the stakeholder and the overall business goals of the organization. In the past, the main concern of system designs and development were functionality, interoperability, connectivity, and performance to meet the needs of the organization, but with developing security threats, security must also be incorporated into these design and development cores. The network security branch has many aspects or leaves to its main goal, which is to protect the network and its components from unauthorized access and misused. This would include policies, practices, and technologies deployed to prevent unauthorized access, misuse, modification or denial of all network resources.
One of the most critical considerations that need to be addressed in designing a network is the organization’s security posture. It’s the overall goal or objective of the organization comprising of technical and non-technical controls to protect the organization from external as well as internal threats. A starting point for the organization is a risk assessment analysis and asset inventory of information. This would give the organization a clear understanding of what systems and information are most critical to the organization. Once this is completed, the organization can then correctly prioritize its limited resources to protect the most critical and properly manage its risks.
Steve Pote says
The primary concern must be a trajectory away from “the Box”.
So, “the Box” is any old physical server. Sys-admins name them and speak about them like pets. We took a step away with VM’s. “The Box” wasn’t important anymore, you had portable OS’s in containers. As we move into the ~*aaS~ list and Cloud services the OS falls to background. Lastly with services like Kubernetes, at least from an internal management perspective, containerized data is the only concern. The ~Security Posture~ should be away from “the Box”
What does that mean for network design?…Firstly traditional borders and networking considerations are a diminishing return on investment. – Why even ~have~ a “State of the Art” firewall if your business exists only in Cloud services and is accessed only from personal devices? Why segment your network or create VLANs if only servers talk on your 192.168.0.0/30 network?
It will be some time before many businesses make a full leap to virtualized or Cloud solutions but the perimeters have changed. Network design that resembles castle blueprints with moat and walls protecting the crown jewels are going the way of castles.
The new perimeter doesn’t exclude Network Access Control or physical wires yet but it ~does~ for the most part deprecate wired end user end points and suggests that personal VPNs will replace workstation logon to access resources alltogether.
Moving away from “the Box” is a resource prioritization. The virtualization step demonstrates how virtual servers can better balance load than a comparable count of physical devices, allowing idle time on one device to be a resource for another. Adding another VM or Cloud service is a significant savings compared to a new…box. In the case of each resource, bandwidth, storage, data mining, productivity software, redundancy and disaster recovery and email…the switch from an in house team to a provider who’s whole business is that service will save money and scale more easily. Martin Holste of Fireeye points out that not just the perimeter is effected, the whole threat surface has been largely removed as internal resources become trivial and it has been replaced by a coalition of protection companies (like Fireeye) who can better protect their clients than the clients ever could have done themselves and the resources are better positioned ~to be monitored~ and receive real time responses. There are simply fewer security boundaries in a network with fewer boxes.
Frederic D Rohrer says
When designing a network for an organization, what are the key considerations that should be factored into the design? Why do you recommend those considerations? Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
Networks should be designed with the following criteria:
* easily expandable
* fail-save
* secure
* simple (easy to troubleshoot)
When these criteria are met then any general network plan can easily be adapted to organizational requirements. These items are recommended to create a network which is adaptable to increasing demands, easy to modify and easy to fix. Designing a secure and available network also decreases the chance of intrusion or down-time. When planning a network with scarce resources then, instead of prioritizing one aspect, much of the topology can be laid out virtually. In that sense the network shrinks and grows as a whole, ideally without sacrificing any criteria. North-South perimeters can be bundled into one or two appliances while the endpoints themselves can be used to strengthen East-West security.
Personally I am not a fan of relying on network architecture for security. Instead the environment should be zero-trust expect where secure channels are necessary. With the rise in BYOD, secure perimeters are becoming increasingly harder to accomplish.
Ahmed A. Alkaysi says
Hi Fred, although I agree that zero-trust should be accepted in the network, there are definitely steps that can be taken to implement a defense-in-depth strategy within the network architecture. These include things multiple firewalls, IDS/IPS, and DLP systems. Obviously, security levels will be different depending on the segmentation of the network.
Frederic D Rohrer says
Ahmed, I agree that Defense in Depth can add to the overall network security even in an environment that uses zero trust. I wonder if one or the other would be negatively impacted. Perhaps an organization does not have to choose between them and instead can use both. This could be an interesting study!
Dima Dabbas says
Frederic,
Two things that caught my attention that you added in your post which were to design a network that is easily expandable and simple. These are very important especially the idea of it being easily expandable. There might be things that change within an organization that requires the network to be updated to reflect that business change. Having a network that is not easy to expand might bring up the idea of having to redesign the whole network which is a complex task especially if the network has existed for years and was operating with no issues. There is always the need to look ahead in the future and keep that in mind during the design phase as it will make changes and updates in the future much easier to apply and incorporate.
Jonathan Duani says
There are a couple of key consideration that I would look into when I am I am designing a network for an organization. These different things would include but not limited to security, back up or disaster recovery, scalability, standardization and finally make sure that the network falls into what the mission of the company is going for. The reason for these consideration would be as follows. When it comes to security it’s important to make sure that the network is secure from the inside out and the outside in. This is saying that no matter where you are if you are connecting in you are secure all the way through and there are no loop holes to bypass the security. Next when we disaster recovery, if something were to happen to the company either it being made my nature or maybe just some hardware failure, make sure that there is a plan in place to being critical systems back up with little to no downtime. Scalability is an important thing because when people look into a network, they thing of the now and not plan for the future. Since this is the case it is important to make sure that if the company grows and hopefully it does you can just scale the current set up to support more end points, more servers and more devices in general and it all still be just as secure. Then we look at standardization. This is important because if the company access the board is utilize the same set of hardware, software, and configurations then if something were to happen you can stand something new up fairly quickly. It also will help make troubleshooting much easier. Finally, to make sure the business mission is still intact. It is important to make sure that when you are building a network that it is conducive to the business. If you do not factor in work from home works or make the network to complex where users can’t use it and it start to impede day to day business it could hurt the company at the need of the day, not help.
Scott Radaszkiewicz says
Jonathan, I like that you mention standardization when designing a network. I think its an important part of any design. Too often I’ve seen issues where different hardware creeps into an organization over time and it causes many issues. Having a standard for everything you do helps you to mitigate issues and keeps consistency for IT support.
Jonathan Duani says
Scott,
I 100% see those same issues you were talking about. When you mix and match different pieces of hardware to do the same job you run into issues where a technician would need to know every piece of hardware and every configuration for that hardware. Since this is the case it will majorly slow down the recovery process than if there was one set standard and everything just was based off that., This way you can make anyone in the department can fix it if there is an issue and you could even mix and match parts to get a system back on line in the event that there is an emergency and you just need tot get something back up.
Sheena L. Thomas says
Scalability is another important factor when designing a network. Room to grow is essential factor when designing a network. As the business grow the network should have the same capability to expand.
Elizabeth V Calise says
When designing a network for an organization, what are the key considerations that should be factored into the design?
When it comes to designing a network for an organization, whether for 100 people or 1000, it is important to weigh the needs and desires of those who will be using the network and considering budget.
Some key considerations that should be factored into the design are:
• Security
• Redundancy
• Standardization
• Disaster Recovery
Why do you recommend those considerations?
Sometimes it can be challenge to balance security and providing easy access. Network connectivity today is more than Ethernet cables and wireless access points. People are more connected with their mobile phones and want to have the ability to access email a data while out of the office or on business travel. Trying to balance those needs while maintain security can create challenges that need to be addressed during the design phase. This can include where data is stored (in-house or off-site (cloud solution)), what types of data/information is to be accessible, who can access it and which types of devices are included. You have to include firewalls and access servers without slowing down operations.
Redundancy means having backup devices in place. As an example, a small organization should consider having two servers. Two identical servers can be configured with fail-safes so that one server can take over if the other server fails or needs maintenance.
Standardization of hardware and software used in network ensure the network to run smoothly. This reduces cost that is related to maintenance, updates or repairs.
A disaster recovery plan should be a part of any network design. This can include provisions for back-up power and procedures that should be followed if the network crashes. It should include when data is backed-up, how it is backed-up and where the copies are stored. Normally, important data should be backed-up daily. It will inform employees what to do when/if different types of disasters take place (floods, wildfires, illness).
Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
Top priority is security. I believe security does not utilize a lot of resources if done properly and included from the beginning. Recently, I have seen a lot of cyber security teams be trained on the agile methodology to help with this since most of the time security seems to be brought in either in the middle or at the end. If you do not prioritize security, then issues are going to arise immediately and now it will take more resources than originally planned since security was not include from the initial step. When issues arise, it takes more time, more heads…
Sheena L. Thomas says
I missed redundancy in my response to the questions. I think that is an important consideration for the network design that I didn’t think of. No matter how the network is designed or how new the products are, something is bound to fail and redundancy would be a necessary factor in this situation.
Oby Okereke says
Hi Elizabeth:
Your opening statement “it is important to weigh the needs and desires of those who will be using the network and considering budget” caught my attention. And you may wonder why – “User Convenience” stood out to me as I read that comment because balancing security and “User Convenience” is often an arduous task to accomplish when designing networks as the reality is always in a nutshell – the more secure the network, the more inconvenient the access becomes for end users. I’m glad your response picked up on this oft neglected aspect of network design which deals with striking a balance to lessen the frustration faced by end-users who will interact with the network.
Elizabeth V Calise says
Oby, appreciate you picking up on that. When having to think about key items for the design, my first initial thought was how the design.security of the network is going to impact the users. I have not experienced end-user complaints, but my peers have and I lost count of how many times they have mentioned the end-users complaining about the use due to security. This is where I think more security training needs to be implemented. I think employees need to understand better why we have the security in place. And yes, could make some things more difficult but in the long-run it will pay off.
Brock Donnelly says
The most important priority to apply when designing a network for an organization is to see if the design meets the organization’s business objectives. Does the design meet the business plan? Does the organization have or need a disaster plan created? Does the Organization have a scale for measuring risk? It would be best to have or design these plans first in order to build a network infrastructure that would best meet an organization’s immediate needs with heirloom success. Accessibility, standards, security, availability, integrity, confidentiality, redundancy or backups, scalability, and virtualization are highly considerable factors and needs of an organizations network. Their priority would be made clear with a concise business plan. Any network would require the proper hardware to make connections but the configuration protection level and financial decisions therein would be highly dependent upon the business plan and any risk assessment matrix.
Sheena L. Thomas says
Your comments were spot on. You definitely need to understand the organization’s business objectives before you can begin with developing a network design. Once you design the network, you will then have to determine if the design meet the business objectives. I also feel priority is based on the design and agreement between the business mgrs, IT and senior mgmt.
Folake Stella Alabede says
Security considerations for any system should be based on CIA Triad and designing network security for an organization shouldn’t be any different
The CIA Triad is explained below
• Confidentiality: Data should be only be accessed by those who require access
• Integrity: The accuracy of the data generated should be guaranteed and not subjected to any unauthorized external influence
• Availability: The systems should always be available whenever needed
The first step of designing the network is understanding business objectives and processes how data will flow across the systems. This means that you need to have an inventory of the systems and a network diagram that describes the connection across the systems
In enforcing the confidentiality of any network security, the network diagram should show that critical systems are appropriately segregated with the use of vlans, firewalls and Intrusion prevention systems. Encryption used across certain segments of the network to ensure confidentiality. Active directory or any other Identity and access management tool can also be used to enforce the access control policy of the firm.
The integrity of any data in a network can be protected with the use of firewall devices to prevent unauthorized access of data from external forces, anti-malware applications which scans workstations and malwares/virus on workstations and servers that may corrupt data in the systems. Other monitoring tools are also important to detect processing errors
I consider availability the most important security consideration when designing network security because if the system and data are not available, there is nothing more to protect which can impact the ability of the organization to continue business. In ensuring availability there are two major aspects; business continuity and disaster recovery. The Business continuity aspect you consider multiple connection points for network redundancy, storage solutions like RAID 5 should be considered daily storage, the systems should also be monitored for uptime and performance. The Disaster recovery aspect addresses the backup process and location for long term storage, and the process of recovery data from the backup location in case of a disaster.
Oby Okereke says
When discussing network design, some of the key considerations I would make include the following;
Security
Recovery (self-healing)
Redundancy
Back-up
Salability
Of course, there are several other considerations that matter but I chose these considerations chiefly based on their importance in the grand scheme of the network design.
Security should always be baked in from the get go and carefully planned to avoid any loopholes in the design process. A network that is self-healing allows network bottlenecks to resolved without human interaction.
Given the large expanse of intra and inter-network design that one might find, it is inherent that automation is baked in even though it may appear costly at first but will certainly promote user experience and have a positive ROI in the long run. The network should also be designed with a growth mindset thus scalable. Technology is ever-changing, thus organizations need to consider the changing needs and increasing demands of users and technologies.
The basic security triad must be met in all considerations thus any aspect of the network that deals with satisfying the CIA should be highly considered bearing in mind the particular business scenario of the organization. Thus while one organization may be interested securing in confidentiality and integrity of its communication network, another organization will be solely interested in building a network that will cater to and satisfy mostly the availability security objective.
Ahmed A. Alkaysi says
Hi Stella, I think when they refer to the CIA triad as they design the network, it will be a good opportunity to conduct a Risk Assessment. Much of the analysis they will be doing for designing this network can be fed into the RA action. Designing the network based on the business objectives can provide them will allow them to identify the risks that are associated with the processes. As they define the risks, they can implement controls that map to the CIA triad throughout the network architecture.
Sheena L. Thomas says
When designing a network for an organization, what are the key considerations that should be factored into the design? Why do you recommend those considerations? Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
When designing a network the first key consideration should be the business requirements, such as
How a process is completed
data needed for processing.
Any business aspects that governs that process and that data.
My next consideration would cover the following design topics such as
• Networking Requirements
o Switches
o Routers
o Firewalls
o IDS/IPS
Physical requirements
cables, hardware PBX systems, etc, Storage (hard drives, etc), server types (db, file, application, web)
Logical Requirements
o Storage
o Vlans
o Directories (Active Directory/LDAP)
Security Requirements
o Multifactor Authentication
o SIEM tool
o Remote Access/VPN
Sheena L. Thomas says
Additional Comments. .
Security requirements
End point protection
Backups
All of the considerations that was pointed out is necessary for the design and implementation of a network.
The business requirements are absolutely the first consideration. Once that is documented, I would tackle the low hanging fruit, I would have my resources focus their attention on those items first and for the bigger items we would setup projects. Small and steady sprints is how I would guide my resources.
Dima Dabbas says
Sheena,
All your points are important when designing a network. Everything needs to be protecting from one end to another and everything needs to be considered as it all can impact the security of the network. It is essential to know what your business process is and what data will be stored before you start designing the network as you need to know the critical points that need extra attention in making sure it is properly secured. It is better to start off by thinking of all these things before the actual design happens as it can have a huge impact down the road if not designed properly from the beginning.
Jonathan Duani says
Dima,
Knowing the business process I think is a great thing and is super important. When you are looking into building a network knowing how the business operates could be essential in designing a solid network. If the company is an eCommerce company and you are more focused on bringing up HR records than the front end websites and payment processing system it could greatly hurt your business and cause a major loss of revenue. It is important when looking at the business process to make sure you build in redundancy based off what is most important.
Jonathan Reid Kerr says
When designing a network for an organization, what are the key considerations that should be factored into the design?
When designing a network, the most important aspects are the needs of the business. This determines how large the network needs to be, what it will be used for, and will tell us how it might be used in the future. With this information the network can be designed to satisfy all business requirements.
Other key considerations are the CIA triad of Confidentiality, Integrity, and Availability. To that end, back-ups and recovery planning is essential. Making sure that there is redundancy in case of emergencies and evaluating the load on the network is important in making sure there as few interruptions as possible. Security is also important. Firewalls and network devices need to be properly configured, and discussions about utilizing VPNs are worth considering. Planning for the inclusion of intrusion detection/prevention systems is another aspect that needs to be evaluated before implementation.
Why do you recommend those considerations?
With these considerations in mind, the design of the network can satisfy all business requirements without sacrificing network components. Proper evaluation and consideration of all factors ensures organizational needs without compromising operations.
Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
First and foremost, I would prioritize security, which would be very closely followed by availability. In some cases, where there would be severe impacts otherwise, availability may need to be prioritized first.
Dima Dabbas says
Jonathan,
Great points, I think all of us mentioned that one of the first things to consider when designing a network is understanding who this network is for and the business needs behind it. I totally agree that when it comes to priority, the security of the network should be the top priority followed by the availability of it. These two concepts security and availability come with each other because if the network is not secure, this can lead to attacks that can bring the network down which in turn makes the network unavailable to its users.
Jonathan Duani says
Jonathan,
Like Dima said it is important to consider the business as a whole when designing a network. This will greatly reduce the nonsense that pops up where systems might not be as essential in one business than the other. I like how you incorporate the CIA triad into this response. I think when you are looking into design you should design with security in mind and if you are questioning you actions against the CIA triad and the importance of different attributes it could really help design a much more hardened network.