An enterprise network privately connects branch offices, internal data centers, and employee devices. Today, enterprise networking is rapidly evolving.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
A network is a group of connected computers, and an enterprise network is such a group constructed to serve the needs of a large business. Enterprise networks are composed of local area networks (LANs) that in turn connect to wide area networks (WANs) and the cloud.
In an enterprise setting, data centers, branch offices, public and private clouds, Internet of Things (IoT) devices, and the individual employees of an organization all need reliable network connections. These connections enable enterprises to exchange data, run business processes, and analyze what happens on the network — essentially, the network makes running the business possible.
Unlike the Internet, enterprise networks are not open to anyone who wants to connect. Enterprise networks limit connectivity to specific users, devices, and facilities. They often encrypt the data that passes over them by using virtual private networks (VPNs) or Transport Layer Security (TLS) encryption.
Enterprise networking is also distinct from other types of networking because of its scale. The average person may have access to a home LAN that connects a few devices to the Internet via a single router. But enterprises run internal networks that connect thousands of devices to each other and to the Internet. (Some enterprise networks are large enough and connected enough to be assigned an autonomous system number, or ASN — learn more about ASNs.)
For many years, the main focus for enterprise networks was connecting everyone and everything to the on-premise, self-hosted centralized data centers where data was saved and applications ran. This access was provided by connecting users and devices to the LAN in the corporate office. Each office's LAN was connected to the other offices via a large enterprise WAN, usually constructed via dedicated multiprotocol label switching (MPLS) routes.
Enterprise networking infrastructure was comprised of physical appliances, connected to each other and to personal computers, printers, and IoT devices through a combination of Ethernet cables and WiFi signals. The networking appliances used included:
Often, connecting to the enterprise network required connecting to a VPN. The VPN encrypted traffic between the user and the VPN server, at which point the user could access the internal LAN.
Enterprise networking today is very different from how enterprise networking worked just a few years ago. A combination of cloud migration and new security challenges has made the enterprise networking model described above ill-suited to the needs of a modern business, even though it is still in use by many organizations.
Employees are now likely to connect to the network from both inside and outside the office. They connect to the cloud and on-premise data centers (a hybrid cloud model), or exclusively to the cloud. This makes centralized networking infrastructure inefficient, because the network becomes a bottleneck for traffic flowing to and from the cloud.
In addition, many of the hardware appliances described above are now available as software or as virtualized cloud services. Scaling up a network using hardware-based infrastructure requires purchasing and activating more hardware. But scaling up a network using software-based infrastructure (like an SD-WAN) is possible with inexpensive commodity hardware instead of vendor-specific hardware. And scaling up using cloud infrastructure (for example, if NaaS is used — see below) is as simple as purchasing more services from the cloud vendor.
With all these ongoing trends, an efficient, modern enterprise network architecture might look more like this:
Gartner, a global research and advisory firm, coined the term secure access service edge (SASE) to describe this new networking model. In SASE, networking services are tightly integrated with security services, and network access is no longer centralized in a handful of physical locations.
SASE incorporates several technologies and services into one platform:
Together, these technologies make effective contemporary enterprise networking possible. However, most enterprises today are still caught between the old model and the new one, so full SASE adoption by the market will take some time.
Since many enterprises still rely partially on legacy on-premise infrastructure, they need to make sure they implement a SASE platform that can work with both traditional data centers and the cloud.
Network-as-a-service (NaaS) is a cloud service model in which enterprises rent networking services from a cloud provider instead of constructing their own networks. NaaS can help enterprises replace on-premise hardware, MPLS network connections, and other legacy configurations with virtualized infrastructure.
Enterprise network security is the process of defending networks and the data within them from external attacks and internal compromise. Traditionally, this involved defending the network perimeter via firewalls, intrusion prevention systems (IPS), and other security products. However, the network perimeter is far less clearly defined because of cloud migration and the rise of remote work, and defending the network perimeter alone is no longer sufficient for stopping attacks.
Today, enterprise network security incorporates identity and access management (IAM), data loss prevention (DLP), ZTNA, and other technologies. Learn about network security in more depth.
Enterprises need a way to quickly move to a SASE networking model. Cloudflare One provides network connectivity with built-in Zero Trust security. It is infrastructure-agnostic, integrating easily with any cloud provider and with on-premise infrastructure. Learn more about Cloudflare One.