IT leaders should start by first understanding their company’s risk portfolio and determine how risk averse their business is. Their crown jewel apps may be SOC-1 or ISO 27001 compliant and require additional layers of security. These are considered critical infrastructure. There may be certain countries, like China, that must be isolated from other countries. With legacy infrastructure one missed FW configuration could mean big problems for the business.