This article is part of our series on Zero Trust. For more information on Zero Trust, check out Zero Trust, Explained.

 

Modern enterprise applications run in an increasingly complex environment. Applications and data have increasingly moved beyond the traditional corporate perimeter into the public cloud. Add to that an increasingly mobile workforce, increasing requirements for ecosystem collaboration, and multi-cloud initiatives – it's clear IT and OT teams have their work cut out for them. An Application Network can help; read on to find out how.

In an IP network, access between machines is defined by the network topology (IP addressing and subnetting scheme) and the configuration of all of the routers and firewalls along the path.  

The tried-and-true tools in IT’s arsenal to manage the IP network – switches, firewalls, VPNs and VLANs – are now several decades old. When they were designed, networks didn't change much, so static configuration made a lot of sense. This makes it a struggle to support the complex and dynamic requirements of today's enterprise.

Consider the connection shown below, between a cloud and resources in a factory environment.

 

image of a factory connecting to cloud using complex legacy tools

Connecting a cloud application to an asset deep inside a company is a complex task that can expand the attack surface and be difficult to debug.

 

The policy allowing the cloud server to connect to machines on the factory floor is controlled by the configuration of as many as 6-12 different routers, switches, and firewalls along the path, each potentially managed by a different team. Usually that the best way to validate that the connectivity is to try it – with a ping. It’s significantly more difficult to prove that the policy doesn't expose too much!

An Application Network can dramatically simplify this problem. An Application Network is a private network that connects application servers within or across network domains. The Application Network overlays the existing networks with a mesh that does not interfere with access to each server's physical network.

The Application Network is built with outbound TLS tunnels, and may be built and managed without physical network infrastructure changes. From the server's perspective, the Application Network appears as a new interface, through which all other servers are just one hop away.

The Application Network reframes the distributed network problem into a single policy: who can access what.  For the example above, a Zero Trust architecture can allow you to dramatically simplify the cross-border connectivity, with just one place to check to configure policies and verify access:

 

a factory connecting to cloud with ZTNA

The Application Network stitches together .

 

CoIP Platform's AppLink™ feature implements an Application Network. AppLink can also be combined with Application Chambers, enabling admins to build a "virtual VLAN" comprising servers and devices spanning multiple physical network domains, yet segmented from each of those domains.