It is possible that the principal vulnerability in a network is the way it has been designed. This is often an issue when a company has grown through the acquisition of other organisations, meaning that different networks have been plugged together without any coordinated policies or central oversight. One issue which creates problems is the number of Internet gateways on the network. While multiple gateways in multiple countries may make budgetary sense, this also makes it considerably harder to monitor and control them and gives an attacker more options to exfiltrate data from the network.
However, it is not always necessary to redesign an entire network to safeguard specific data. The key here is to know exactly what requires protection; it is not possible to protect all of the data in an organisation. The business must decide what constitutes the highest value data, critical to the success of the business and segregate it in such a way that it is still possible to access and process, but that it is secure.Context can assist in the design of a secure network which will make monitoring and controlling access and data much more straightforward, thereby helping to reduce risk.
It is not possible to protect all of the data in an organisation. The business must decide what constitutes the highest value data, critical to the success of the business, then segregate it, using a method that means can still be accessed and processed by legitimate users, but is kept as secure as possible.