Share This Article
When work happens everywhere and on every device, the old ways of thinking about security are obsolete. The traditional model of building a hard perimeter around your network is no longer effective. Instead, we must adopt a new mindset—one that assumes compromise and focuses on resilience, not just prevention.
This is the core philosophy that JumpCloud CISO Bob Phan and Superbet CISO Jay Balan explore in a recent episode of the Make Work Happen podcast. They argue that a modern security architecture is not an incremental update to your existing defenses; it’s a fundamental shift in how IT leaders approach security. It’s about simplifying complexity and empowering your organization to operate securely, no matter where your users or data are located.
Why the Old Model Fails 🧱
The traditional security model is built on the false promise of a perfect perimeter. It’s like building an impenetrable castle wall and then assuming everything inside is safe. This approach worked when all your IT resources were on-premises, but it falls apart in a world of cloud applications, remote work, and personal devices.
The podcast highlights three key failures of this outdated model:
- Complexity and Tool Sprawl: IT leaders often buy a different security tool for every perceived threat—one for endpoints, another for networks, and a third for identity. This creates a fragmented security stack with a tangled web of systems that don’t communicate. The result is operational friction, security blind spots, and a reactive, firefighting mentality.
- The Illusion of a “Trusted Network”: Organizations often believe their private network is secure simply because it’s “private.” This leads to a false sense of security where unpatched systems and vulnerable applications are left exposed to lateral movement by an attacker who has already breached the perimeter. Jay Balan’s principle of “assume compromise” flips this on its head, forcing teams to build security controls as if every device and network is already compromised.
- Hiding, Not Fixing: Relying on a perimeter to “hide” vulnerabilities on a private network only delays the inevitable. This approach allows security debt to accumulate, creating a larger, more impactful attack surface for bad actors who will eventually find a way in. A modern approach demands that we fix, not hide.
What a Modern Security Architecture Looks Like 🛠️
So, if the old way is broken, what’s the new way? A modern security architecture is not about adding more tools; it’s about building a solid foundation based on a few core principles.
An Internet-First Philosophy
Jay Balan describes a vision where there is no private office network.
All devices and applications are connected directly to the internet, and every access request is treated as if it comes from an untrusted source. This approach is counterintuitive but forces IT teams to build strong, identity-based security controls that are scalable and resilient. It’s a key component of a Zero Trust model.
Identity as the New Perimeter
In a perimeter-less world, identity becomes the single source of truth for all access decisions.
Instead of relying on a user’s location on a “private” network, you verify who they are and whether they have the proper permissions for a given resource.
This is powered by a robust identity provider (IdP) that manages access through a single sign-on (SSO) and multi-factor authentication (MFA).
Resilience through Violence
This bold principle suggests that a security team must constantly attack its own defenses to find weaknesses before a real attacker does. This means running frequent, unannounced red-team engagements and phishing simulations.
By proactively testing the organization’s resilience, you can train employees and fortify systems to become “inconsequential” to real-world threats.
The Call to Action for IT Leaders 📣
Embracing a modern security architecture requires courage.
It can feel daunting to move away from legacy systems and ingrained practices. But the rewards—simplified operations, reduced costs, and a truly resilient security posture—are worth the effort.
By focusing on a strong, identity-centric foundation, you can move your organization from a reactive, vulnerable state to a proactive, secure one.
To hear more about how to make this fundamental shift, watch the full Make Work Happen episode featuring Bob Phan and Jay Balan.
