As E-Business Evolves, Boundaries Will Give Way To Virtual Enterprise Networks

As Internet connectivity has become a baseline assumption in enterprise network design, the term "boundary" has become a convenient handle for describing perimeter security systems. For example, many companies have surrounded their networks with firewalls, creating a boundary that protects internal systems from intrusion while allowing employees to access the Internet.

As basic Internet access has evolved into e-business, many companies have hosted applications and services in the "demilitarized zone," or DMZ, between internal and external firewalls. The DMZ is another boundary, constituting a neutral zone between public and private, where applications and services can live.

As useful as these current boundaries are, however, they will change dramatically in the coming years. To conduct e-business, companies must build relationships using network technology. In that light, large-grained boundaries such as "public" and "private" aren't adequate. E-business is not just about relationships with external parties. It involves both external and internal processes. Thus, e-business will cause further change in enterprise network architectures, creating new boundaries that both protect and share information with increasing granularity. In short, enterprise intranets and extranets will converge to create a dynamic, relationship-driven system that we at The Burton Group call the Virtual Enterprise Network.

No, private networks will not disappear. But "private" enterprise networks will no longer live in isolation from all that's "public." E-business networks must support connections to the people, groups, organizations and communities with which an organization does business. Thus, the enterprise network must establish more dynamic boundaries around information. These boundaries must be more flexible in how they allow organizations to grant (and deny) access to applications and information. A poor design that makes it too hard for customers and partners to access data will have a negative impact on the business. A poor design that allows unauthorized access to the network can have an equally devastating effect.

The Virtual Enterprise Network will surround internal systems with new types of boundaries that allow customers, suppliers and partners to enter and leave the network. The level of network access a given user, group or organization has will depend not on where it is, but on who it is, and on the type of relationship it has with the enterprise. That relationship will define the boundaries that enterprises create around information and applications. The primary goal of boundaries is not to simply accommodate but to encourage the relationships that will drive e-business. Instead of "public" or "private," boundaries like "employee" or "premium customer" will determine access levels, regardless of where the person physically resides.

These boundaries will be both logical and physical constructs, providing different classes of network access according to the sensitivity of the information exchange and the identity of the parties involved. In today's nomenclature, boundaries will constitute multiple DMZs, each providing access portals for different classes of people, groups and organizations. Each boundary will consist of increasingly graduated levels of access, requiring higher security clearances as the entrant gets closer to the center. And each boundary will provide different levels of access to the systems.

Today's network infrastructures don't support such flexible and secure boundaries. Today, many enterprise networks still consist of application-specific infrastructures, which don't have the flexibility and adaptability necessary to create the Virtual Enterprise Network. To get there, customers need a network infrastructure consisting of general purpose services, such as directory and security. Intrusion detection, next-generation firewalls and other monitoring services will provide improvements over today's typical firewall designs. Within the physical boundaries that these products create, companies will create logical boundaries that enable bidirectional information flows, into and out of the corporation.

Enterprise network managers must start to think of network infrastructure as an enabler of relationship management, if they want to succeed in e-business. Those that succeed in using network infrastructure to build and maintain business relationships will have a substantial competitive advantage, and that means planning for the future today.