You are responsible for securing traffic between branch offices, a datacenter, and cloud-hosted applications over a shared WAN. The environment carries customer records, internal admin access, and voice traffic, and the current design relies on broad network trust between sites. A recent review found that a compromised branch device could potentially reach sensitive internal services without strong identity checks.
How would you redesign this network so that only explicitly authorized traffic can move between sites, while preserving business continuity if a link, device, or policy engine fails? Explain the controls you would put in place and how you would prove they are working.