In times of identity-based security – is the network still necessary?

A few years ago, the answer to the question "How do we protect our company?" was still quite simple: You put a thick firewall around the network. Everything inside was trustworthy, everything outside was not. Done.

Then came the cloud. And mobile work. And SaaS applications. And suddenly... where did our perimeter actually go?

Today we talk about Zero Trust, identity-based security, "never trust, always verify." We authenticate users, not networks. We grant access rights based on identity and context, not IP addresses.

And then comes the question we at ODCUS hear more and more often: "Do we even need the network anymore?"

The short answer? Yes. Absolutely.

But... (and this is an important "but") not in the way you knew it before.

The Shift from Perimeter to Identity Security

Let's be honest. Traditional network security had its time. If you have a clear boundary between "inside" and "outside," the fortress concept works quite well. The problem? That boundary simply doesn't exist today.

Your employees work from home, from cafes, from airports. Your data resides in Azure, your applications in Microsoft 365, your backups with a cloud provider. Your partners access your systems via APIs. Where exactly should your "firewall" be?

The answer from modern cybersecurity: Everywhere and nowhere at the same time.

This is where identity-based security comes into play. Instead of asking "is this request coming from my trusted network?" we now ask:

• Who is this user really?

• Is the device they use compliant with our policies?

• Does the access match the normal behavior pattern?

• What is the risk score of this transaction?

This sounds like a complete replacement of the network concept, doesn't it? Here's where it gets interesting...

Why the Network Still Remains (Just Different)

Identity is fantastic. But identity alone is not enough.

Imagine: An employee successfully authenticates with all factors. Their identity is verified. Perfect... until their laptop is compromised by a sophisticated attack that strikes right when they access sensitive data.

Or: An attacker steals legitimate credentials (happens more often than we think) and logs in from a completely new location. The identity matches... but should we really trust?

This shows: Identity without context is blind.

And this context often comes from the network:

• Where is the connection coming from?

• Over which path does the traffic flow?

• Does the network behavior show anomalies?

• Which other systems are contacted simultaneously?

The modern network becomes an intelligent transport layer that not only moves packets but constantly evaluates, analyzes, and protects.

The Future: Identity-aware Networks

At ODCUS, we pursue a clear approach, which we call "Business Centric IT." This means: No either-or decisions, but intelligent integration of what truly adds business value.

In practice, this means for network and identity:

Zero Trust Network Access (ZTNA)

Your network becomes identity-aware. Each connection is evaluated based on user identity, device state, and context – regardless of whether the connection is internal or external.

Micro-Segmentation

Instead of one large "trusted" network, you create small, tightly defined zones. Even if an identity is compromised, lateral movement in the network is greatly limited.

Network Access Control with Identity Integration

Your network "knows" its users. It understands not just IP addresses, but who is behind them, with which device, and with what permissions.

Software-Defined Perimeter

The network becomes invisible to unauthenticated users. Only after successful identity verification do the necessary resources "become visible" – a concept that elegantly unifies identity and network.

Practical Considerations: Your Next Steps

"Okay, understood. But what does this mean practically for us?" – A question we hear daily.

Here's the reality: Most companies are somewhere between a "classic network" and a "full Zero Trust architecture." And that's perfectly fine.

Step 1: Understand Your Identity Architecture Before modernizing your network, you need to know: How strong is your identity management really? Do you use Multi-Factor Authentication consistently? Do you have a central identity platform like Microsoft Entra ID?

Step 2: Make Your Network Visible You can't protect what you can't see. Who accesses what and when? What data flows exist? Where are your most critical assets?

Step 3: Start with Conditional Access Connect identity with network context. Set up rules like: "Access to financial data only from managed devices and not from high-risk locations."

Step 4: Segment Intelligently Not everything at once. Start with your most sensitive areas. Create network segments based on identity and business roles, not just technical departments.

Step 5: Monitor Continuously This is where the connection between identity and network comes into play. A modern Security Operations Center (SOC) correlates identity events with network anomalies.

The Elephant in the Room: Costs and Complexity

"This all sounds nice, but we don't have the resources for a complete overhaul."

We absolutely understand.

And here's the good news: You don't have to do everything all at once. In fact, a step-by-step approach is often more successful than a big-bang project.

At ODCUS, we often work with companies that already have licenses like Microsoft 365 E5 but only use a fraction of the security features. You may already have Conditional Access, Intune, and Defender – but you don't use them together with your network architecture.

The first step doesn't cost much money... but instead requires strategic thinking and implementation.

What We Do Differently at ODCUS

Many IT service providers sell you tools. We sell you impact.

When a customer comes to us and says "We need a new firewall" or "We want to implement Zero Trust," we first ask: Why? What is the business goal?

• Are you looking to migrate to the cloud quickly and securely?

• Do you need compliance with NIS2 or ISO 27001?

• Are you trying to strengthen your defenses after a security incident?

• Do you want to reduce your IT costs while increasing security?

Depending on the answer, the solution looks completely different.

Sometimes the answer is: "Your network is not the problem at all – you have an identity problem."

Sometimes it is: "Your identity solution is strong, but your network is a blind spot."

And often it's: "You have both components, but they don't talk to each other."

The Honest Answer: Both Matter

Back to the initial question: Is the network still needed in times of identity-based security?

Yes. But not as a standalone fortress, rather as an intelligent layer that combines identity, context, and access control.

The modern network is:

• Identity-aware

• Context-sensitive

• Dynamic

• Invisible to unauthorized users

• Strongly segmented

• Continuously monitored

It is no longer the first line of defense, but an integral part of a multi-layered Zero Trust architecture.

Your Network Is Not Dead – It Is Being Reinvented

And that's what makes it so exciting.

We are at a point where the boundaries between network, identity, endpoint security, and application security are blurring. It can be confusing... or a huge opportunity.

At ODCUS, we help companies navigate this complexity – not with generic checklists, but with pragmatic, business-focused strategies that fit your specific situation.