Have you travelled internationally recently?

If so, when you returned to the United States, you may have noticed that there were two lines for immigration — one for U.S. citizens and one for everybody else.

The reason is simple: US citizens are subject to fewer limitations and restrictions. As such, the two groups are processed differently; separating them is more efficient than flowing everyone through the same access point.

When it comes to your business network, the same principle applies — different types of traffic should be kept separate from each other. Here, the reasons relate to security, throughput, and continuity.

Security

If you’ve ever logged into a network as a “guest” — in a hotel, a coffee shop, or while visiting a business — you may have also encountered two options: one network for visitors and one for employees.

This distinction allows the business in question to offer different degrees of access depending on who is “knocking at the door.”Employees and other key people have access to everything — the office network, internal resources, and the Internet — whereas visitors (typically) can only reach the Internet.

This two-track approach protects company resources from the prying eyes (and hands) of outsiders. But it also reduces the likelihood of exposing the network to devices that may have been compromised in some way.

Even a trusted consultant (for example), whose laptop was not issued and is not maintained by you, can unintentionally introduce malware or viruses into your organization. By restricting outsiders to a separate network, this type of threat is reduced.

Throughput

Since network traffic is shared by definition, high volume users can negatively impact others who may be slowed down or squeezed out entirely.

For example, we have a client that operates a large drug rehabilitation facility. Each of its 200 patients is issued a tablet upon arrival which can be used for watching Netflix and other streaming services. Needless to say, 200 people watching movies at the same time uses a lot of bandwidth!

So, we installed an additional Internet connection to be used exclusively for this purpose. Now, regardless of how many streaming viewers there may be at one time, the organization’s business network is not impacted.

Other examples where throughput could be negatively affected if only one network is in use include companies that rely on cloud-based backup of local servers, and organizations that make heavy use of VoIP, Teams, or Zoom. All of these depend on having a sufficient amount of bandwidth when needed and two (or more) distinct Internet connections allow for segmenting traffic accordingly.

Continuity

For many of our clients, part of the reason for having more than one Internet connection is continuity — ensuring that their business is not interrupted in the event of a provider outage or a physical disruption such as a fiber cut out in the street.

In these cases, physically distinct connections (e.g., one from Verizon, one from Comcast) are provisioned so that full redundancy is in place.

Business Class Equipment Is a Requirement

Overall, “one network for everything” is rarely the best solution for all but the smallest businesses.

It’s important to note, however, that the ability to configure multiple networks and multiple Internet connections requires business class Wi-Fi and a business class router/firewall — it’s not the kind of thing you pick up at Staples and set up in an afternoon.

Once provisioned, this type of equipment allows for all of the scenarios described above, including the ability to apply a concept called ‘bandwidth management” in which one can specify which types of network traffic are given priority.