The decade between 2015 and 2025 has arguably been the most disruptive period in network security history. Let’s walk through what changed, why it matters, and what it means for the decisions you’re making today.
Most organizations operated within a clearly defined network perimeter: employees worked from office locations, applications were hosted in private data centers or on local area networks (LANs), and all internet traffic was routed through a centralized firewall. The prevailing security model focused on protecting the “inside” from the “outside.” This approach, widely known as the “castle-and-moat” model, has long been a foundational concept taught to new information security professionals. In this framework, enterprise defenses were concentrated at the perimeter, with the assumption that assets and users within the network could be trusted, while threats primarily originated from external sources.
CTO, AnexGATE
Founder and CEO, NetSense CyberSecurity
The change over the last 10 years did not come from one particular event. It was a convergence of organizations migrating to the cloud, smartphones becoming ERP/enterprise application front ends, the growth of SaaS, and eventually COVID-19 pushing hundreds of millions of employees out of offices and into work-from-home almost overnight. Few IT departments had a plan to change things that drastically. The endpoints of the network became distributed in weeks.
This gave rise to new architectures—SD-WAN, SASE, and the Zero Trust model—in some combination. You had to break out local traffic from the endpoint directly to the internet and bring only critical traffic back to the cloud, data center, or head office (HO). Security had to move closer to the user. In SaaS-heavy environments, access control moved from IP address-based rules to application-based rules.
On the security front, threat sophistication crossed a threshold. The threat landscape learned from the SaaS landscape: phishing, malware, ransomware, and remote access trojans were all available as turnkey services. The barrier to running a cybercriminal campaign became very small. You just needed a business plan; the software stack could be purchased. I spent a lot of time writing and publishing papers on these topics in the early 2010s. What seemed academic then became an unprecedented security risk profile by the time the 2020s arrived. COVID altered human behavior, and cybercriminals took advantage of the human; the weakest link in IT security.
Three more aspects that often go overlooked are the rise of encryption, compliance/logging requirements, and context awareness. All three increased computational needs at the edge. Encryption made observing traffic difficult: for SSL/TLS traffic you had to rely on SNI and metadata (port numbers, etc.). The complete visibility that HTTP offered was gone. We got better security at an individual level, but at the level of the enterprise, especially if you needed lawful interception, you now needed far more compute power to process the same amount of traffic. Logging and compliance requirements further increased the load. If you dial back to 2014, most firewall appliances were MIPS/ARM-based; today, even a modest firewall often needs ASICs or x86-based platforms to process everything. Context awareness also required you to know which application was in use, not just a single website. Being able to identify an application is crucial since modern apps use multiple domains, IPs, and services.
Security and networking technologies started intertwining at that stage, you couldn’t do one without the other. I strongly believe the roles of the CISO and CTO are no longer strictly distinct; they need to operate as a joint command inside an organization.
The last decade has also brought operational complexity. Enterprises now manage firewalls, routers, wireless networks, cloud security tools, endpoint agents, identity systems, SIEM platforms, and SaaS applications. This has created a strong need for centralized management and automation. Zero-touch deployment, policy templates, single-pane-of-glass monitoring, automated updates, and API-driven integrations are now expected, not luxuries.
Looking ahead, network security will become even more context driven. Artificial intelligence will help classify threats, detect anomalies, analyze files, and prioritize incidents. But the fundamentals will remain the same: strong architecture, clean policy design, reliable visibility, secure connectivity, and disciplined operations. The right question to ask is: “How do we enforce the right access decisions everywhere, all the time, with full logging?” Not “what product” or “what framework”. That question, more than any single product or framework, defines modern network security.
–Authored by Hitesh Dharmdasani, CTO, AnexGATE & Founder And CEO, NetSense CyberSecurity